awskms

package
v2.0.0-rc.17 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 11, 2021 License: Apache-2.0 Imports: 7 Imported by: 51

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Alias_IsConstruct

func Alias_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func Alias_IsResource

func Alias_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func CfnAlias_CFN_RESOURCE_TYPE_NAME

func CfnAlias_CFN_RESOURCE_TYPE_NAME() *string

func CfnAlias_IsCfnElement

func CfnAlias_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnAlias_IsCfnResource

func CfnAlias_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnAlias_IsConstruct

func CfnAlias_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func CfnKey_CFN_RESOURCE_TYPE_NAME

func CfnKey_CFN_RESOURCE_TYPE_NAME() *string

func CfnKey_IsCfnElement

func CfnKey_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnKey_IsCfnResource

func CfnKey_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnKey_IsConstruct

func CfnKey_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func CfnReplicaKey_CFN_RESOURCE_TYPE_NAME

func CfnReplicaKey_CFN_RESOURCE_TYPE_NAME() *string

func CfnReplicaKey_IsCfnElement

func CfnReplicaKey_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnReplicaKey_IsCfnResource

func CfnReplicaKey_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnReplicaKey_IsConstruct

func CfnReplicaKey_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func Key_IsConstruct

func Key_IsConstruct(x interface{}) *bool

Checks if `x` is a construct.

Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead

func Key_IsResource

func Key_IsResource(construct constructs.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func NewAlias_Override

func NewAlias_Override(a Alias, scope constructs.Construct, id *string, props *AliasProps)

Experimental.

func NewCfnAlias_Override

func NewCfnAlias_Override(c CfnAlias, scope constructs.Construct, id *string, props *CfnAliasProps)

Create a new `AWS::KMS::Alias`.

func NewCfnKey_Override

func NewCfnKey_Override(c CfnKey, scope constructs.Construct, id *string, props *CfnKeyProps)

Create a new `AWS::KMS::Key`.

func NewCfnReplicaKey_Override

func NewCfnReplicaKey_Override(c CfnReplicaKey, scope constructs.Construct, id *string, props *CfnReplicaKeyProps)

Create a new `AWS::KMS::ReplicaKey`.

func NewKey_Override

func NewKey_Override(k Key, scope constructs.Construct, id *string, props *KeyProps)

Experimental.

func NewViaServicePrincipal_Override

func NewViaServicePrincipal_Override(v ViaServicePrincipal, serviceName *string, basePrincipal awsiam.IPrincipal)

Experimental.

Types

type Alias

type Alias interface {
	awscdk.Resource
	IAlias
	AliasName() *string
	AliasTargetKey() IKey
	Env() *awscdk.ResourceEnvironment
	KeyArn() *string
	KeyId() *string
	Node() constructs.Node
	PhysicalName() *string
	Stack() awscdk.Stack
	AddAlias(alias *string) Alias
	AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant
	GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	ToString() *string
}

Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).

Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.

You can also add an alias for a key by calling `key.addAlias(alias)`. Experimental.

func NewAlias

func NewAlias(scope constructs.Construct, id *string, props *AliasProps) Alias

Experimental.

type AliasAttributes

type AliasAttributes struct {
	// Specifies the alias name.
	//
	// This value must begin with alias/ followed by a name (i.e. alias/ExampleAlias)
	// Experimental.
	AliasName *string `json:"aliasName"`
	// The customer master key (CMK) to which the Alias refers.
	// Experimental.
	AliasTargetKey IKey `json:"aliasTargetKey"`
}

Properties of a reference to an existing KMS Alias. Experimental.

type AliasProps

type AliasProps struct {
	// The name of the alias.
	//
	// The name must start with alias followed by a
	// forward slash, such as alias/. You can't specify aliases that begin with
	// alias/AWS. These aliases are reserved.
	// Experimental.
	AliasName *string `json:"aliasName"`
	// The ID of the key for which you are creating the alias.
	//
	// Specify the key's
	// globally unique identifier or Amazon Resource Name (ARN). You can't
	// specify another alias.
	// Experimental.
	TargetKey IKey `json:"targetKey"`
	// Policy to apply when the alias is removed from this stack.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
}

Construction properties for a KMS Key Alias object. Experimental.

type CfnAlias

type CfnAlias interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AliasName() *string
	SetAliasName(val *string)
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CreationStack() *[]*string
	LogicalId() *string
	Node() constructs.Node
	Ref() *string
	Stack() awscdk.Stack
	TargetKeyId() *string
	SetTargetKeyId(val *string)
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OverrideLogicalId(newLogicalId *string)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	ToString() *string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::KMS::Alias`.

func NewCfnAlias

func NewCfnAlias(scope constructs.Construct, id *string, props *CfnAliasProps) CfnAlias

Create a new `AWS::KMS::Alias`.

type CfnAliasProps

type CfnAliasProps struct {
	// `AWS::KMS::Alias.AliasName`.
	AliasName *string `json:"aliasName"`
	// `AWS::KMS::Alias.TargetKeyId`.
	TargetKeyId *string `json:"targetKeyId"`
}

Properties for defining a `AWS::KMS::Alias`.

type CfnKey

type CfnKey interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AttrArn() *string
	AttrKeyId() *string
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CreationStack() *[]*string
	Description() *string
	SetDescription(val *string)
	Enabled() interface{}
	SetEnabled(val interface{})
	EnableKeyRotation() interface{}
	SetEnableKeyRotation(val interface{})
	KeyPolicy() interface{}
	SetKeyPolicy(val interface{})
	KeySpec() *string
	SetKeySpec(val *string)
	KeyUsage() *string
	SetKeyUsage(val *string)
	LogicalId() *string
	MultiRegion() interface{}
	SetMultiRegion(val interface{})
	Node() constructs.Node
	PendingWindowInDays() *float64
	SetPendingWindowInDays(val *float64)
	Ref() *string
	Stack() awscdk.Stack
	Tags() awscdk.TagManager
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OverrideLogicalId(newLogicalId *string)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	ToString() *string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::KMS::Key`.

func NewCfnKey

func NewCfnKey(scope constructs.Construct, id *string, props *CfnKeyProps) CfnKey

Create a new `AWS::KMS::Key`.

type CfnKeyProps

type CfnKeyProps struct {
	// `AWS::KMS::Key.KeyPolicy`.
	KeyPolicy interface{} `json:"keyPolicy"`
	// `AWS::KMS::Key.Description`.
	Description *string `json:"description"`
	// `AWS::KMS::Key.Enabled`.
	Enabled interface{} `json:"enabled"`
	// `AWS::KMS::Key.EnableKeyRotation`.
	EnableKeyRotation interface{} `json:"enableKeyRotation"`
	// `AWS::KMS::Key.KeySpec`.
	KeySpec *string `json:"keySpec"`
	// `AWS::KMS::Key.KeyUsage`.
	KeyUsage *string `json:"keyUsage"`
	// `AWS::KMS::Key.MultiRegion`.
	MultiRegion interface{} `json:"multiRegion"`
	// `AWS::KMS::Key.PendingWindowInDays`.
	PendingWindowInDays *float64 `json:"pendingWindowInDays"`
	// `AWS::KMS::Key.Tags`.
	Tags *[]*awscdk.CfnTag `json:"tags"`
}

Properties for defining a `AWS::KMS::Key`.

type CfnReplicaKey

type CfnReplicaKey interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AttrArn() *string
	AttrKeyId() *string
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CreationStack() *[]*string
	Description() *string
	SetDescription(val *string)
	Enabled() interface{}
	SetEnabled(val interface{})
	KeyPolicy() interface{}
	SetKeyPolicy(val interface{})
	LogicalId() *string
	Node() constructs.Node
	PendingWindowInDays() *float64
	SetPendingWindowInDays(val *float64)
	PrimaryKeyArn() *string
	SetPrimaryKeyArn(val *string)
	Ref() *string
	Stack() awscdk.Stack
	Tags() awscdk.TagManager
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OverrideLogicalId(newLogicalId *string)
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	ToString() *string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::KMS::ReplicaKey`.

func NewCfnReplicaKey

func NewCfnReplicaKey(scope constructs.Construct, id *string, props *CfnReplicaKeyProps) CfnReplicaKey

Create a new `AWS::KMS::ReplicaKey`.

type CfnReplicaKeyProps

type CfnReplicaKeyProps struct {
	// `AWS::KMS::ReplicaKey.KeyPolicy`.
	KeyPolicy interface{} `json:"keyPolicy"`
	// `AWS::KMS::ReplicaKey.PrimaryKeyArn`.
	PrimaryKeyArn *string `json:"primaryKeyArn"`
	// `AWS::KMS::ReplicaKey.Description`.
	Description *string `json:"description"`
	// `AWS::KMS::ReplicaKey.Enabled`.
	Enabled interface{} `json:"enabled"`
	// `AWS::KMS::ReplicaKey.PendingWindowInDays`.
	PendingWindowInDays *float64 `json:"pendingWindowInDays"`
	// `AWS::KMS::ReplicaKey.Tags`.
	Tags *[]*awscdk.CfnTag `json:"tags"`
}

Properties for defining a `AWS::KMS::ReplicaKey`.

type IAlias

type IAlias interface {
	IKey
	// The name of the alias.
	// Experimental.
	AliasName() *string
	// The Key to which the Alias refers.
	// Experimental.
	AliasTargetKey() IKey
}

A KMS Key alias.

An alias can be used in all places that expect a key. Experimental.

func Alias_FromAliasAttributes

func Alias_FromAliasAttributes(scope constructs.Construct, id *string, attrs *AliasAttributes) IAlias

Import an existing KMS Alias defined outside the CDK app. Experimental.

func Alias_FromAliasName

func Alias_FromAliasName(scope constructs.Construct, id *string, aliasName *string) IAlias

Import an existing KMS Alias defined outside the CDK app, by the alias name.

This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported. Experimental.

type IKey

type IKey interface {
	awscdk.IResource
	// Defines a new alias for the key.
	// Experimental.
	AddAlias(alias *string) Alias
	// Adds a statement to the KMS key resource policy.
	// Experimental.
	AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult
	// Grant the indicated permissions on this key to the given principal.
	// Experimental.
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	// Grant decryption permissions using this key to the given principal.
	// Experimental.
	GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	// Grant encryption permissions using this key to the given principal.
	// Experimental.
	GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant
	// Grant encryption and decryption permissions using this key to the given principal.
	// Experimental.
	GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	// The ARN of the key.
	// Experimental.
	KeyArn() *string
	// The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
	// Experimental.
	KeyId() *string
}

A KMS Key, either managed by this CDK app, or imported. Experimental.

func Key_FromCfnKey

func Key_FromCfnKey(cfnKey CfnKey) IKey

Create a mutable {@link IKey} based on a low-level {@link CfnKey}.

This is most useful when combined with the cloudformation-include module. This method is different than {@link fromKeyArn()} because the {@link IKey} returned from this method is mutable; meaning, calling any mutating methods on it, like {@link IKey.addToResourcePolicy()}, will actually be reflected in the resulting template, as opposed to the object returned from {@link fromKeyArn()}, on which calling those methods would have no effect. Experimental.

func Key_FromKeyArn

func Key_FromKeyArn(scope constructs.Construct, id *string, keyArn *string) IKey

Import an externally defined KMS Key using its ARN. Experimental.

type Key

type Key interface {
	awscdk.Resource
	IKey
	Env() *awscdk.ResourceEnvironment
	KeyArn() *string
	KeyId() *string
	Node() constructs.Node
	PhysicalName() *string
	Policy() awsiam.PolicyDocument
	Stack() awscdk.Stack
	TrustAccountIdentities() *bool
	AddAlias(aliasName *string) Alias
	AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	GrantAdmin(grantee awsiam.IGrantable) awsiam.Grant
	GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant
	GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	ToString() *string
}

Defines a KMS key. Experimental.

func NewKey

func NewKey(scope constructs.Construct, id *string, props *KeyProps) Key

Experimental.

type KeyProps

type KeyProps struct {
	// A list of principals to add as key administrators to the key policy.
	//
	// Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions
	// to use the key in cryptographic operations (e.g., encrypt, decrypt).
	//
	// These principals will be added to the default key policy (if none specified), or to the specified policy (if provided).
	// Experimental.
	Admins *[]awsiam.IPrincipal `json:"admins"`
	// Initial alias to add to the key.
	//
	// More aliases can be added later by calling `addAlias`.
	// Experimental.
	Alias *string `json:"alias"`
	// A description of the key.
	//
	// Use a description that helps your users decide
	// whether the key is appropriate for a particular task.
	// Experimental.
	Description *string `json:"description"`
	// Indicates whether the key is available for use.
	// Experimental.
	Enabled *bool `json:"enabled"`
	// Indicates whether AWS KMS rotates the key.
	// Experimental.
	EnableKeyRotation *bool `json:"enableKeyRotation"`
	// The cryptographic configuration of the key. The valid value depends on usage of the key.
	//
	// IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion
	// and a new key is created with the specified value.
	// Experimental.
	KeySpec KeySpec `json:"keySpec"`
	// The cryptographic operations for which the key can be used.
	//
	// IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion
	// and a new key is created with the specified value.
	// Experimental.
	KeyUsage KeyUsage `json:"keyUsage"`
	// Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.
	//
	// When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion
	// and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period.
	// During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in
	// cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK.
	//
	// Enter a value between 7 and 30 days.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-pendingwindowindays
	//
	// Experimental.
	PendingWindow awscdk.Duration `json:"pendingWindow"`
	// Custom policy document to attach to the KMS key.
	//
	// NOTE - If the `@aws-cdk/aws-kms:defaultKeyPolicies` feature flag is set (the default for new projects),
	// this policy will *override* the default key policy and become the only key policy for the key. If the
	// feature flag is not set, this policy will be appended to the default key policy.
	// Experimental.
	Policy awsiam.PolicyDocument `json:"policy"`
	// Whether the encryption key should be retained when it is removed from the Stack.
	//
	// This is useful when one wants to
	// retain access to data that was encrypted with a key that is being retired.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
}

Construction properties for a KMS Key object. Experimental.

type KeySpec

type KeySpec string

The key spec, represents the cryptographic configuration of keys. Experimental.

const (
	KeySpec_SYMMETRIC_DEFAULT KeySpec = "SYMMETRIC_DEFAULT"
	KeySpec_RSA_2048          KeySpec = "RSA_2048"
	KeySpec_RSA_3072          KeySpec = "RSA_3072"
	KeySpec_RSA_4096          KeySpec = "RSA_4096"
	KeySpec_ECC_NIST_P256     KeySpec = "ECC_NIST_P256"
	KeySpec_ECC_NIST_P384     KeySpec = "ECC_NIST_P384"
	KeySpec_ECC_NIST_P521     KeySpec = "ECC_NIST_P521"
	KeySpec_ECC_SECG_P256K1   KeySpec = "ECC_SECG_P256K1"
)

type KeyUsage

type KeyUsage string

The key usage, represents the cryptographic operations of keys. Experimental.

const (
	KeyUsage_ENCRYPT_DECRYPT KeyUsage = "ENCRYPT_DECRYPT"
	KeyUsage_SIGN_VERIFY     KeyUsage = "SIGN_VERIFY"
)

type ViaServicePrincipal

type ViaServicePrincipal interface {
	awsiam.PrincipalBase
	AssumeRoleAction() *string
	GrantPrincipal() awsiam.IPrincipal
	PolicyFragment() awsiam.PrincipalPolicyFragment
	PrincipalAccount() *string
	AddToPolicy(statement awsiam.PolicyStatement) *bool
	AddToPrincipalPolicy(_statement awsiam.PolicyStatement) *awsiam.AddToPrincipalPolicyResult
	ToJSON() *map[string]*[]*string
	ToString() *string
	WithConditions(conditions *map[string]interface{}) awsiam.IPrincipal
}

A principal to allow access to a key if it's being used through another AWS service. Experimental.

func NewViaServicePrincipal

func NewViaServicePrincipal(serviceName *string, basePrincipal awsiam.IPrincipal) ViaServicePrincipal

Experimental.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL