AwsKmsKeyDetails - AWS Security Hub

AwsKmsKeyDetails

Contains metadata about an AWS KMS key.

Contents

AWSAccountId

The twelve-digit account ID of the AWS account that owns the KMS key.

Type: String

Pattern: .*\S.*

Required: No

CreationDate

Indicates when the KMS key was created.

Uses the date-time format specified in RFC 3339 section 5.6, Internet Date/Time Format. The value cannot contain spaces. For example, 2020-03-22T13:22:13.933Z.

Type: Double

Required: No

Description

A description of the key.

Type: String

Pattern: .*\S.*

Required: No

KeyId

The globally unique identifier for the KMS key.

Type: String

Pattern: .*\S.*

Required: No

KeyManager

The manager of the KMS key. KMS keys in your AWS account are either customer managed or AWS managed.

Type: String

Pattern: .*\S.*

Required: No

KeyRotationStatus

Whether the key has key rotation enabled.

Type: Boolean

Required: No

KeyState

The state of the KMS key.

Type: String

Pattern: .*\S.*

Required: No

Origin

The source of the KMS key material.

When this value is AWS_KMS, AWS KMS created the key material.

When this value is EXTERNAL, the key material was imported from your existing key management infrastructure or the KMS key lacks key material.

When this value is AWS_CLOUDHSM, the key material was created in the AWS CloudHSM cluster associated with a custom key store.

Type: String

Pattern: .*\S.*

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: