replica_key
Gets an individual replica_key resource
Overview
| Name | replica_key |
| Type | Resource |
| Description | replica_key |
| Id | awscc.kms.replica_key |
Fields
| Name | Datatype | Description |
|---|---|---|
description | string | A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use. |
pending_window_in_days | integer | Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days. |
key_policy | object | The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules. |
primary_key_arn | string | Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide. |
enabled | boolean | Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations. |
key_id | string | |
arn | string | |
tags | array | An array of key-value pairs to apply to this resource. |
region | string | AWS region. |
Methods
Currently only SELECT is supported for this resource resource.
Example
SELECT
region,
description,
pending_window_in_days,
key_policy,
primary_key_arn,
enabled,
key_id,
arn,
tags
FROM awscc.kms.replica_key
WHERE data__Identifier = '<KeyId>';
Permissions
To operate on the replica_key resource, the following permissions are required:
Read
kms:DescribeKey,
kms:GetKeyPolicy,
kms:ListResourceTags
Update
kms:DescribeKey,
kms:DisableKey,
kms:EnableKey,
kms:PutKeyPolicy,
kms:TagResource,
kms:UntagResource,
kms:UpdateKeyDescription
Delete
kms:DescribeKey,
kms:ScheduleKeyDeletion