CfnKeyPropsMixin

class aws_cdk.mixins_preview.aws_kms.mixins.CfnKeyPropsMixin(props, *, strategy=None)

Bases: Mixin

The AWS::KMS::Key resource specifies an KMS key in AWS Key Management Service . You can use this resource to create symmetric encryption KMS keys, asymmetric KMS keys for encryption or signing, and symmetric HMAC KMS keys. You can use AWS::KMS::Key to create multi-Region primary keys of all supported types. To replicate a multi-Region key, use the AWS::KMS::ReplicaKey resource.

If you change the value of the KeySpec , KeyUsage , Origin , or MultiRegion properties of an existing KMS key, the update request fails, regardless of the value of the `UpdateReplacePolicy attribute <https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html>`_ . This prevents you from accidentally deleting a KMS key by changing any of its immutable property values. > AWS replaced the term customer master key (CMK) with AWS KMS key and KMS key . The concept has not changed. To prevent breaking changes, AWS is keeping some variations of this term.

You can use symmetric encryption KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use a symmetric encryption KMS key to encrypt data stored in AWS services that are integrated with AWS . For more information, see Symmetric encryption KMS keys in the AWS Key Management Service Developer Guide .

You can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric KeySpec value and a KeyUsage value. For details, see Asymmetric keys in AWS in the AWS Key Management Service Developer Guide .

You can use HMAC KMS keys (which are also symmetric keys) to generate and verify hash-based message authentication codes. To create an HMAC key, you must specify an HMAC KeySpec value and a KeyUsage value of GENERATE_VERIFY_MAC . For details, see HMAC keys in AWS in the AWS Key Management Service Developer Guide .

You can also create symmetric encryption, asymmetric, and HMAC multi-Region primary keys. To create a multi-Region primary key, set the MultiRegion property to true . For information about multi-Region keys, see Multi-Region keys in AWS in the AWS Key Management Service Developer Guide .

You cannot use the AWS::KMS::Key resource to specify a KMS key with imported key material or a KMS key in a custom key store .

Regions

AWS CloudFormation resources are available in all Regions in which AWS and CloudFormation are supported. You can use the AWS::KMS::Key resource to create and manage all KMS key types that are supported in a Region.

See:

http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html

CloudformationResource:

AWS::KMS::Key

Mixin:

true

ExampleMetadata:

fixture=_generated

Example:

from aws_cdk import CfnTag
# The code below shows an example of how to instantiate this type.
# The values are placeholders you should change.
from aws_cdk.mixins_preview import mixins
from aws_cdk.mixins_preview.aws_kms import mixins as kms_mixins

# key_policy: Any

cfn_key_props_mixin = kms_mixins.CfnKeyPropsMixin(kms_mixins.CfnKeyMixinProps(
    bypass_policy_lockout_safety_check=False,
    description="description",
    enabled=False,
    enable_key_rotation=False,
    key_policy=key_policy,
    key_spec="keySpec",
    key_usage="keyUsage",
    multi_region=False,
    origin="origin",
    pending_window_in_days=123,
    rotation_period_in_days=123,
    tags=[CfnTag(
        key="key",
        value="value"
    )]
),
    strategy=mixins.PropertyMergeStrategy.OVERRIDE
)

Create a mixin to apply properties to AWS::KMS::Key.

Parameters:

  • props (Union[CfnKeyMixinProps, Dict[str, Any]]) – L1 properties to apply.

  • strategy (Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE

Methods

apply_to(construct)

Apply the mixin properties to the construct.

Parameters:

construct (IConstruct)

Return type:

IConstruct

supports(construct)

Check if this mixin supports the given construct.

Parameters:

construct (IConstruct)

Return type:

bool

Attributes

CFN_PROPERTY_KEYS = ['bypassPolicyLockoutSafetyCheck', 'description', 'enabled', 'enableKeyRotation', 'keyPolicy', 'keySpec', 'keyUsage', 'multiRegion', 'origin', 'pendingWindowInDays', 'rotationPeriodInDays', 'tags']

Static Methods

classmethod is_mixin(x)

(experimental) Checks if x is a Mixin.

Parameters:

x (Any) – Any object.

Return type:

bool

Returns:

true if x is an object created from a class which extends Mixin.

Stability:

experimental