software.amazon.awscdk.services.kms

Interface KeyProps

All Superinterfaces:

software.amazon.jsii.JsiiSerializable

All Known Implementing Classes:

KeyProps.Jsii$Proxy

@Generated(value="jsii-pacmak/1.67.0 (build 2c027f5)",
           date="2022-09-19T20:26:40.343Z")
 @Stability(value=Stable)
public interface KeyProps
extends software.amazon.jsii.JsiiSerializable

Construction properties for a KMS Key object.

Example:

 import software.amazon.awscdk.services.kms.*;
 Key encryptionKey = Key.Builder.create(this, "Key")
         .enableKeyRotation(true)
         .build();
 Table table = Table.Builder.create(this, "MyTable")
         .partitionKey(Attribute.builder().name("id").type(AttributeType.STRING).build())
         .encryption(TableEncryption.CUSTOMER_MANAGED)
         .encryptionKey(encryptionKey)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Interface and Description
static class	KeyProps.Builder A builder for KeyProps
static class	KeyProps.Jsii$Proxy An implementation for KeyProps

Method Summary

Modifier and Type	Method and Description
static KeyProps.Builder	builder()
default List<IPrincipal>	getAdmins() A list of principals to add as key administrators to the key policy.
default String	getAlias() Initial alias to add to the key.
default String	getDescription() A description of the key.
default Boolean	getEnabled() Indicates whether the key is available for use.
default Boolean	getEnableKeyRotation() Indicates whether AWS KMS rotates the key.
default KeySpec	getKeySpec() The cryptographic configuration of the key.
default KeyUsage	getKeyUsage() The cryptographic operations for which the key can be used.
default Duration	getPendingWindow() Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.
default PolicyDocument	getPolicy() Custom policy document to attach to the KMS key.
default RemovalPolicy	getRemovalPolicy() Whether the encryption key should be retained when it is removed from the Stack.

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Method Detail

getAdmins

@Stability(value=Stable)
 @Nullable
default List<IPrincipal> getAdmins()

A list of principals to add as key administrators to the key policy.

Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions to use the key in cryptographic operations (e.g., encrypt, decrypt).

These principals will be added to the default key policy (if none specified), or to the specified policy (if provided).

Default: []

getAlias

@Stability(value=Stable)
 @Nullable
default String getAlias()

Initial alias to add to the key.

More aliases can be added later by calling addAlias.

Default: - No alias is added for the key.

getDescription

@Stability(value=Stable)
 @Nullable
default String getDescription()

A description of the key.

Use a description that helps your users decide whether the key is appropriate for a particular task.

Default: - No description.

getEnabled

@Stability(value=Stable)
 @Nullable
default Boolean getEnabled()

Indicates whether the key is available for use.

Default: - Key is enabled.

getEnableKeyRotation

@Stability(value=Stable)
 @Nullable
default Boolean getEnableKeyRotation()

Indicates whether AWS KMS rotates the key.

Default: false

getKeySpec

@Stability(value=Stable)
 @Nullable
default KeySpec getKeySpec()

The cryptographic configuration of the key. The valid value depends on usage of the key.

IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion and a new key is created with the specified value.

Default: KeySpec.SYMMETRIC_DEFAULT

getKeyUsage

@Stability(value=Stable)
 @Nullable
default KeyUsage getKeyUsage()

The cryptographic operations for which the key can be used.

IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion and a new key is created with the specified value.

Default: KeyUsage.ENCRYPT_DECRYPT

getPendingWindow

@Stability(value=Stable)
 @Nullable
default Duration getPendingWindow()

Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.

When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period. During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK.

Enter a value between 7 and 30 days.

Default: - 30 days

See Also:

https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-pendingwindowindays

getPolicy

@Stability(value=Stable)
 @Nullable
default PolicyDocument getPolicy()

Custom policy document to attach to the KMS key.

NOTE - If the @aws-cdk/aws-kms:defaultKeyPolicies feature flag is set (the default for new projects), this policy will override the default key policy and become the only key policy for the key. If the feature flag is not set, this policy will be appended to the default key policy.

Default: - A policy document with permissions for the account root to administer the key will be created.

getRemovalPolicy

@Stability(value=Stable)
 @Nullable
default RemovalPolicy getRemovalPolicy()

Whether the encryption key should be retained when it is removed from the Stack.

This is useful when one wants to retain access to data that was encrypted with a key that is being retired.

Default: RemovalPolicy.Retain

builder

@Stability(value=Stable)
static KeyProps.Builder builder()

Returns:

a KeyProps.Builder of KeyProps