Class ExternalKey

Manages a KMS Customer Master Key that uses external key material. To instead manage a KMS Customer Master Key where AWS automatically generates and potentially rotates key material, see the aws.kms.Key resource.

Note: All arguments including the key material will be stored in the raw state as plain-text. Read more about sensitive data in state.

Example Usage

using Pulumi;
using Aws = Pulumi.Aws;

class MyStack : Stack
{
public MyStack()
{
    var example = new Aws.Kms.ExternalKey("example", new Aws.Kms.ExternalKeyArgs
    {
        Description = "KMS EXTERNAL for AMI encryption",
    });
}

}
Inheritance
System.Object
Resource
CustomResource
ExternalKey
Inherited Members
System.Object.Equals(System.Object)
System.Object.Equals(System.Object, System.Object)
System.Object.GetHashCode()
System.Object.GetType()
System.Object.MemberwiseClone()
System.Object.ReferenceEquals(System.Object, System.Object)
System.Object.ToString()
Namespace: Pulumi.Aws.Kms
Assembly: Pulumi.Aws.dll
Syntax
public class ExternalKey : CustomResource

Constructors

View Source

ExternalKey(String, ExternalKeyArgs, CustomResourceOptions)

Create a ExternalKey resource with the given unique name, arguments, and options.

Declaration
public ExternalKey(string name, ExternalKeyArgs args = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resource
ExternalKeyArgs args

The arguments used to populate this resource's properties
CustomResourceOptions options

A bag of options that control this resource's behavior

Properties

View Source

Arn

The Amazon Resource Name (ARN) of the key.

Declaration
public Output<string> Arn { get; }
Property Value
Type Description
Output<System.String>
View Source

DeletionWindowInDays

Duration in days after which the key is deleted after destruction of the resource. Must be between 7 and 30 days. Defaults to 30.

Declaration
public Output<int?> DeletionWindowInDays { get; }
Property Value
Type Description
Output<System.Nullable<System.Int32>>
View Source

Description

Description of the key.

Declaration
public Output<string> Description { get; }
Property Value
Type Description
Output<System.String>
View Source

Enabled

Specifies whether the key is enabled. Keys pending import can only be false. Imported keys default to true unless expired.

Declaration
public Output<bool> Enabled { get; }
Property Value
Type Description
Output<System.Boolean>
View Source

ExpirationModel

Whether the key material expires. Empty when pending key material import, otherwise KEY_MATERIAL_EXPIRES or KEY_MATERIAL_DOES_NOT_EXPIRE.

Declaration
public Output<string> ExpirationModel { get; }
Property Value
Type Description
Output<System.String>
View Source

KeyMaterialBase64

Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.

Declaration
public Output<string> KeyMaterialBase64 { get; }
Property Value
Type Description
Output<System.String>
View Source

KeyState

The state of the CMK.

Declaration
public Output<string> KeyState { get; }
Property Value
Type Description
Output<System.String>
View Source

KeyUsage

The cryptographic operations for which you can use the CMK.

Declaration
public Output<string> KeyUsage { get; }
Property Value
Type Description
Output<System.String>
View Source

Policy

A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.

Declaration
public Output<string> Policy { get; }
Property Value
Type Description
Output<System.String>
View Source

Tags

A key-value map of tags to assign to the key.

Declaration
public Output<ImmutableDictionary<string, object>> Tags { get; }
Property Value
Type Description
Output<System.Collections.Immutable.ImmutableDictionary<System.String, System.Object>>
View Source

ValidTo

Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: RFC3339 time string (YYYY-MM-DDTHH:MM:SSZ)

Declaration
public Output<string> ValidTo { get; }
Property Value
Type Description
Output<System.String>

Methods

View Source

Get(String, Input<String>, ExternalKeyState, CustomResourceOptions)

Get an existing ExternalKey resource's state with the given name, ID, and optional extra properties used to qualify the lookup.

Declaration
public static ExternalKey Get(string name, Input<string> id, ExternalKeyState state = null, CustomResourceOptions options = null)
Parameters
Type Name Description
System.String name

The unique name of the resulting resource.
Input<System.String> id

The unique provider ID of the resource to lookup.
ExternalKeyState state

Any extra arguments used during the lookup.
CustomResourceOptions options

A bag of options that control this resource's behavior
Returns
Type Description
ExternalKey