Documentation ¶
Index ¶
- func Alias_IsConstruct(x interface{}) *bool
- func Alias_IsResource(construct constructs.IConstruct) *bool
- func CfnAlias_CFN_RESOURCE_TYPE_NAME() *string
- func CfnAlias_IsCfnElement(x interface{}) *bool
- func CfnAlias_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnAlias_IsConstruct(x interface{}) *bool
- func CfnKey_CFN_RESOURCE_TYPE_NAME() *string
- func CfnKey_IsCfnElement(x interface{}) *bool
- func CfnKey_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnKey_IsConstruct(x interface{}) *bool
- func Key_IsConstruct(x interface{}) *bool
- func Key_IsResource(construct constructs.IConstruct) *bool
- func NewAlias_Override(a Alias, scope constructs.Construct, id *string, props *AliasProps)
- func NewCfnAlias_Override(c CfnAlias, scope constructs.Construct, id *string, props *CfnAliasProps)
- func NewCfnKey_Override(c CfnKey, scope constructs.Construct, id *string, props *CfnKeyProps)
- func NewKey_Override(k Key, scope constructs.Construct, id *string, props *KeyProps)
- func NewViaServicePrincipal_Override(v ViaServicePrincipal, serviceName *string, basePrincipal awsiam.IPrincipal)
- type Alias
- type AliasAttributes
- type AliasProps
- type CfnAlias
- type CfnAliasProps
- type CfnKey
- type CfnKeyProps
- type IAlias
- type IKey
- type Key
- type KeyProps
- type KeySpec
- type KeyUsage
- type ViaServicePrincipal
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Alias_IsConstruct ¶
func Alias_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Alias_IsResource ¶
func Alias_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func CfnAlias_CFN_RESOURCE_TYPE_NAME ¶
func CfnAlias_CFN_RESOURCE_TYPE_NAME() *string
func CfnAlias_IsCfnElement ¶
func CfnAlias_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnAlias_IsCfnResource ¶
func CfnAlias_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnAlias_IsConstruct ¶
func CfnAlias_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func CfnKey_CFN_RESOURCE_TYPE_NAME ¶
func CfnKey_CFN_RESOURCE_TYPE_NAME() *string
func CfnKey_IsCfnElement ¶
func CfnKey_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnKey_IsCfnResource ¶
func CfnKey_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnKey_IsConstruct ¶
func CfnKey_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Key_IsConstruct ¶
func Key_IsConstruct(x interface{}) *bool
Checks if `x` is a construct.
Returns: true if `x` is an object created from a class which extends `Construct`. Deprecated: use `x instanceof Construct` instead
func Key_IsResource ¶
func Key_IsResource(construct constructs.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func NewAlias_Override ¶
func NewAlias_Override(a Alias, scope constructs.Construct, id *string, props *AliasProps)
Experimental.
func NewCfnAlias_Override ¶
func NewCfnAlias_Override(c CfnAlias, scope constructs.Construct, id *string, props *CfnAliasProps)
Create a new `AWS::KMS::Alias`.
func NewCfnKey_Override ¶
func NewCfnKey_Override(c CfnKey, scope constructs.Construct, id *string, props *CfnKeyProps)
Create a new `AWS::KMS::Key`.
func NewKey_Override ¶
Experimental.
func NewViaServicePrincipal_Override ¶
func NewViaServicePrincipal_Override(v ViaServicePrincipal, serviceName *string, basePrincipal awsiam.IPrincipal)
Experimental.
Types ¶
type Alias ¶
type Alias interface { awscdk.Resource IAlias AliasName() *string AliasTargetKey() IKey Env() *awscdk.ResourceEnvironment KeyArn() *string KeyId() *string Node() constructs.Node PhysicalName() *string Stack() awscdk.Stack AddAlias(alias *string) Alias AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant ToString() *string }
Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling `key.addAlias(alias)`. Experimental.
func NewAlias ¶
func NewAlias(scope constructs.Construct, id *string, props *AliasProps) Alias
Experimental.
type AliasAttributes ¶
type AliasAttributes struct { // Specifies the alias name. // // This value must begin with alias/ followed by a name (i.e. alias/ExampleAlias) // Experimental. AliasName *string `json:"aliasName"` // The customer master key (CMK) to which the Alias refers. // Experimental. AliasTargetKey IKey `json:"aliasTargetKey"` }
Properties of a reference to an existing KMS Alias. Experimental.
type AliasProps ¶
type AliasProps struct { // The name of the alias. // // The name must start with alias followed by a // forward slash, such as alias/. You can't specify aliases that begin with // alias/AWS. These aliases are reserved. // Experimental. AliasName *string `json:"aliasName"` // The ID of the key for which you are creating the alias. // // Specify the key's // globally unique identifier or Amazon Resource Name (ARN). You can't // specify another alias. // Experimental. TargetKey IKey `json:"targetKey"` // Policy to apply when the alias is removed from this stack. // Experimental. RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"` }
Construction properties for a KMS Key Alias object. Experimental.
type CfnAlias ¶
type CfnAlias interface { awscdk.CfnResource awscdk.IInspectable AliasName() *string SetAliasName(val *string) CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string LogicalId() *string Node() constructs.Node Ref() *string Stack() awscdk.Stack TargetKeyId() *string SetTargetKeyId(val *string) UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::KMS::Alias`.
func NewCfnAlias ¶
func NewCfnAlias(scope constructs.Construct, id *string, props *CfnAliasProps) CfnAlias
Create a new `AWS::KMS::Alias`.
type CfnAliasProps ¶
type CfnAliasProps struct { // `AWS::KMS::Alias.AliasName`. AliasName *string `json:"aliasName"` // `AWS::KMS::Alias.TargetKeyId`. TargetKeyId *string `json:"targetKeyId"` }
Properties for defining a `AWS::KMS::Alias`.
type CfnKey ¶
type CfnKey interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string AttrKeyId() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string Description() *string SetDescription(val *string) Enabled() interface{} SetEnabled(val interface{}) EnableKeyRotation() interface{} SetEnableKeyRotation(val interface{}) KeyPolicy() interface{} SetKeyPolicy(val interface{}) KeySpec() *string SetKeySpec(val *string) KeyUsage() *string SetKeyUsage(val *string) LogicalId() *string Node() constructs.Node PendingWindowInDays() *float64 SetPendingWindowInDays(val *float64) Ref() *string Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OverrideLogicalId(newLogicalId *string) RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool ToString() *string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::KMS::Key`.
func NewCfnKey ¶
func NewCfnKey(scope constructs.Construct, id *string, props *CfnKeyProps) CfnKey
Create a new `AWS::KMS::Key`.
type CfnKeyProps ¶
type CfnKeyProps struct { // `AWS::KMS::Key.KeyPolicy`. KeyPolicy interface{} `json:"keyPolicy"` // `AWS::KMS::Key.Description`. Description *string `json:"description"` // `AWS::KMS::Key.Enabled`. Enabled interface{} `json:"enabled"` // `AWS::KMS::Key.EnableKeyRotation`. EnableKeyRotation interface{} `json:"enableKeyRotation"` // `AWS::KMS::Key.KeySpec`. KeySpec *string `json:"keySpec"` // `AWS::KMS::Key.KeyUsage`. KeyUsage *string `json:"keyUsage"` // `AWS::KMS::Key.PendingWindowInDays`. PendingWindowInDays *float64 `json:"pendingWindowInDays"` // `AWS::KMS::Key.Tags`. Tags *[]*awscdk.CfnTag `json:"tags"` }
Properties for defining a `AWS::KMS::Key`.
type IAlias ¶
type IAlias interface { IKey // The name of the alias. // Experimental. AliasName() *string // The Key to which the Alias refers. // Experimental. AliasTargetKey() IKey }
A KMS Key alias.
An alias can be used in all places that expect a key. Experimental.
func Alias_FromAliasAttributes ¶
func Alias_FromAliasAttributes(scope constructs.Construct, id *string, attrs *AliasAttributes) IAlias
Import an existing KMS Alias defined outside the CDK app. Experimental.
func Alias_FromAliasName ¶
Import an existing KMS Alias defined outside the CDK app, by the alias name.
This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported. Experimental.
type IKey ¶
type IKey interface { awscdk.IResource // Defines a new alias for the key. // Experimental. AddAlias(alias *string) Alias // Adds a statement to the KMS key resource policy. // Experimental. AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult // Grant the indicated permissions on this key to the given principal. // Experimental. Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant // Grant decryption permissions using this key to the given principal. // Experimental. GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant // Grant encryption permissions using this key to the given principal. // Experimental. GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant // Grant encryption and decryption permissions using this key to the given principal. // Experimental. GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant // The ARN of the key. // Experimental. KeyArn() *string // The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab). // Experimental. KeyId() *string }
A KMS Key, either managed by this CDK app, or imported. Experimental.
func Key_FromCfnKey ¶
Create a mutable {@link IKey} based on a low-level {@link CfnKey}.
This is most useful when combined with the cloudformation-include module. This method is different than {@link fromKeyArn()} because the {@link IKey} returned from this method is mutable; meaning, calling any mutating methods on it, like {@link IKey.addToResourcePolicy()}, will actually be reflected in the resulting template, as opposed to the object returned from {@link fromKeyArn()}, on which calling those methods would have no effect. Experimental.
func Key_FromKeyArn ¶
Import an externally defined KMS Key using its ARN. Experimental.
type Key ¶
type Key interface { awscdk.Resource IKey Env() *awscdk.ResourceEnvironment KeyArn() *string KeyId() *string Node() constructs.Node PhysicalName() *string Policy() awsiam.PolicyDocument Stack() awscdk.Stack TrustAccountIdentities() *bool AddAlias(aliasName *string) Alias AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant GrantAdmin(grantee awsiam.IGrantable) awsiam.Grant GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant ToString() *string }
Defines a KMS key. Experimental.
type KeyProps ¶
type KeyProps struct { // A list of principals to add as key administrators to the key policy. // // Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions // to use the key in cryptographic operations (e.g., encrypt, decrypt). // // These principals will be added to the default key policy (if none specified), or to the specified policy (if provided). // Experimental. Admins *[]awsiam.IPrincipal `json:"admins"` // Initial alias to add to the key. // // More aliases can be added later by calling `addAlias`. // Experimental. Alias *string `json:"alias"` // A description of the key. // // Use a description that helps your users decide // whether the key is appropriate for a particular task. // Experimental. Description *string `json:"description"` // Indicates whether the key is available for use. // Experimental. Enabled *bool `json:"enabled"` // Indicates whether AWS KMS rotates the key. // Experimental. EnableKeyRotation *bool `json:"enableKeyRotation"` // The cryptographic configuration of the key. The valid value depends on usage of the key. // // IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion // and a new key is created with the specified value. // Experimental. KeySpec KeySpec `json:"keySpec"` // The cryptographic operations for which the key can be used. // // IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion // and a new key is created with the specified value. // Experimental. KeyUsage KeyUsage `json:"keyUsage"` // Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack. // // When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion // and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period. // During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in // cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK. // // Enter a value between 7 and 30 days. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-pendingwindowindays // // Experimental. PendingWindow awscdk.Duration `json:"pendingWindow"` // Custom policy document to attach to the KMS key. // // NOTE - If the `@aws-cdk/aws-kms:defaultKeyPolicies` feature flag is set (the default for new projects), // this policy will *override* the default key policy and become the only key policy for the key. If the // feature flag is not set, this policy will be appended to the default key policy. // Experimental. Policy awsiam.PolicyDocument `json:"policy"` // Whether the encryption key should be retained when it is removed from the Stack. // // This is useful when one wants to // retain access to data that was encrypted with a key that is being retired. // Experimental. RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"` }
Construction properties for a KMS Key object. Experimental.
type KeySpec ¶
type KeySpec string
The key spec, represents the cryptographic configuration of keys. Experimental.
const ( KeySpec_SYMMETRIC_DEFAULT KeySpec = "SYMMETRIC_DEFAULT" KeySpec_RSA_2048 KeySpec = "RSA_2048" KeySpec_RSA_3072 KeySpec = "RSA_3072" KeySpec_RSA_4096 KeySpec = "RSA_4096" KeySpec_ECC_NIST_P256 KeySpec = "ECC_NIST_P256" KeySpec_ECC_NIST_P384 KeySpec = "ECC_NIST_P384" KeySpec_ECC_NIST_P521 KeySpec = "ECC_NIST_P521" KeySpec_ECC_SECG_P256K1 KeySpec = "ECC_SECG_P256K1" )
type KeyUsage ¶
type KeyUsage string
The key usage, represents the cryptographic operations of keys. Experimental.
type ViaServicePrincipal ¶
type ViaServicePrincipal interface { awsiam.PrincipalBase AssumeRoleAction() *string GrantPrincipal() awsiam.IPrincipal PolicyFragment() awsiam.PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement awsiam.PolicyStatement) *bool AddToPrincipalPolicy(_statement awsiam.PolicyStatement) *awsiam.AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) awsiam.IPrincipal }
A principal to allow access to a key if it's being used through another AWS service. Experimental.
func NewViaServicePrincipal ¶
func NewViaServicePrincipal(serviceName *string, basePrincipal awsiam.IPrincipal) ViaServicePrincipal
Experimental.