Documentation ¶
Index ¶
- func Alias_IsConstruct(x interface{}) *bool
- func Alias_IsResource(construct awscdk.IConstruct) *bool
- func CfnAlias_CFN_RESOURCE_TYPE_NAME() *string
- func CfnAlias_IsCfnElement(x interface{}) *bool
- func CfnAlias_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnAlias_IsConstruct(x interface{}) *bool
- func CfnKey_CFN_RESOURCE_TYPE_NAME() *string
- func CfnKey_IsCfnElement(x interface{}) *bool
- func CfnKey_IsCfnResource(construct constructs.IConstruct) *bool
- func CfnKey_IsConstruct(x interface{}) *bool
- func Key_IsConstruct(x interface{}) *bool
- func Key_IsResource(construct awscdk.IConstruct) *bool
- func NewAlias_Override(a Alias, scope constructs.Construct, id *string, props *AliasProps)
- func NewCfnAlias_Override(c CfnAlias, scope awscdk.Construct, id *string, props *CfnAliasProps)
- func NewCfnKey_Override(c CfnKey, scope awscdk.Construct, id *string, props *CfnKeyProps)
- func NewKey_Override(k Key, scope constructs.Construct, id *string, props *KeyProps)
- func NewViaServicePrincipal_Override(v ViaServicePrincipal, serviceName *string, basePrincipal awsiam.IPrincipal)
- type Alias
- type AliasAttributes
- type AliasProps
- type CfnAlias
- type CfnAliasProps
- type CfnKey
- type CfnKeyProps
- type IAlias
- type IKey
- type Key
- type KeyProps
- type ViaServicePrincipal
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Alias_IsConstruct ¶
func Alias_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func Alias_IsResource ¶
func Alias_IsResource(construct awscdk.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func CfnAlias_CFN_RESOURCE_TYPE_NAME ¶
func CfnAlias_CFN_RESOURCE_TYPE_NAME() *string
func CfnAlias_IsCfnElement ¶
func CfnAlias_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnAlias_IsCfnResource ¶
func CfnAlias_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnAlias_IsConstruct ¶
func CfnAlias_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func CfnKey_CFN_RESOURCE_TYPE_NAME ¶
func CfnKey_CFN_RESOURCE_TYPE_NAME() *string
func CfnKey_IsCfnElement ¶
func CfnKey_IsCfnElement(x interface{}) *bool
Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).
Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.
Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.
func CfnKey_IsCfnResource ¶
func CfnKey_IsCfnResource(construct constructs.IConstruct) *bool
Check whether the given construct is a CfnResource. Experimental.
func CfnKey_IsConstruct ¶
func CfnKey_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func Key_IsConstruct ¶
func Key_IsConstruct(x interface{}) *bool
Return whether the given object is a Construct. Experimental.
func Key_IsResource ¶
func Key_IsResource(construct awscdk.IConstruct) *bool
Check whether the given construct is a Resource. Experimental.
func NewAlias_Override ¶
func NewAlias_Override(a Alias, scope constructs.Construct, id *string, props *AliasProps)
Experimental.
func NewCfnAlias_Override ¶
func NewCfnAlias_Override(c CfnAlias, scope awscdk.Construct, id *string, props *CfnAliasProps)
Create a new `AWS::KMS::Alias`.
func NewCfnKey_Override ¶
func NewCfnKey_Override(c CfnKey, scope awscdk.Construct, id *string, props *CfnKeyProps)
Create a new `AWS::KMS::Key`.
func NewKey_Override ¶
Experimental.
func NewViaServicePrincipal_Override ¶
func NewViaServicePrincipal_Override(v ViaServicePrincipal, serviceName *string, basePrincipal awsiam.IPrincipal)
Experimental.
Types ¶
type Alias ¶
type Alias interface { awscdk.Resource IAlias AliasName() *string AliasTargetKey() IKey Env() *awscdk.ResourceEnvironment KeyArn() *string KeyId() *string Node() awscdk.ConstructNode PhysicalName() *string Stack() awscdk.Stack AddAlias(alias *string) Alias AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant OnPrepare() OnSynthesize(session constructs.ISynthesisSession) OnValidate() *[]*string Prepare() Synthesize(session awscdk.ISynthesisSession) ToString() *string Validate() *[]*string }
Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling `key.addAlias(alias)`. Experimental.
func NewAlias ¶
func NewAlias(scope constructs.Construct, id *string, props *AliasProps) Alias
Experimental.
type AliasAttributes ¶
type AliasAttributes struct { // Specifies the alias name. // // This value must begin with alias/ followed by a name (i.e. alias/ExampleAlias) // Experimental. AliasName *string `json:"aliasName"` // The customer master key (CMK) to which the Alias refers. // Experimental. AliasTargetKey IKey `json:"aliasTargetKey"` }
Properties of a reference to an existing KMS Alias. Experimental.
type AliasProps ¶
type AliasProps struct { // The name of the alias. // // The name must start with alias followed by a // forward slash, such as alias/. You can't specify aliases that begin with // alias/AWS. These aliases are reserved. // Experimental. AliasName *string `json:"aliasName"` // The ID of the key for which you are creating the alias. // // Specify the key's // globally unique identifier or Amazon Resource Name (ARN). You can't // specify another alias. // Experimental. TargetKey IKey `json:"targetKey"` // Policy to apply when the alias is removed from this stack. // Experimental. RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"` }
Construction properties for a KMS Key Alias object. Experimental.
type CfnAlias ¶
type CfnAlias interface { awscdk.CfnResource awscdk.IInspectable AliasName() *string SetAliasName(val *string) CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string LogicalId() *string Node() awscdk.ConstructNode Ref() *string Stack() awscdk.Stack TargetKeyId() *string SetTargetKeyId(val *string) UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OnPrepare() OnSynthesize(session constructs.ISynthesisSession) OnValidate() *[]*string OverrideLogicalId(newLogicalId *string) Prepare() RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool Synthesize(session awscdk.ISynthesisSession) ToString() *string Validate() *[]*string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::KMS::Alias`.
func NewCfnAlias ¶
func NewCfnAlias(scope awscdk.Construct, id *string, props *CfnAliasProps) CfnAlias
Create a new `AWS::KMS::Alias`.
type CfnAliasProps ¶
type CfnAliasProps struct { // `AWS::KMS::Alias.AliasName`. AliasName *string `json:"aliasName"` // `AWS::KMS::Alias.TargetKeyId`. TargetKeyId *string `json:"targetKeyId"` }
Properties for defining a `AWS::KMS::Alias`.
type CfnKey ¶
type CfnKey interface { awscdk.CfnResource awscdk.IInspectable AttrArn() *string AttrKeyId() *string CfnOptions() awscdk.ICfnResourceOptions CfnProperties() *map[string]interface{} CfnResourceType() *string CreationStack() *[]*string Description() *string SetDescription(val *string) Enabled() interface{} SetEnabled(val interface{}) EnableKeyRotation() interface{} SetEnableKeyRotation(val interface{}) KeyPolicy() interface{} SetKeyPolicy(val interface{}) KeySpec() *string SetKeySpec(val *string) KeyUsage() *string SetKeyUsage(val *string) LogicalId() *string Node() awscdk.ConstructNode PendingWindowInDays() *float64 SetPendingWindowInDays(val *float64) Ref() *string Stack() awscdk.Stack Tags() awscdk.TagManager UpdatedProperites() *map[string]interface{} AddDeletionOverride(path *string) AddDependsOn(target awscdk.CfnResource) AddMetadata(key *string, value interface{}) AddOverride(path *string, value interface{}) AddPropertyDeletionOverride(propertyPath *string) AddPropertyOverride(propertyPath *string, value interface{}) ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions) GetAtt(attributeName *string) awscdk.Reference GetMetadata(key *string) interface{} Inspect(inspector awscdk.TreeInspector) OnPrepare() OnSynthesize(session constructs.ISynthesisSession) OnValidate() *[]*string OverrideLogicalId(newLogicalId *string) Prepare() RenderProperties(props *map[string]interface{}) *map[string]interface{} ShouldSynthesize() *bool Synthesize(session awscdk.ISynthesisSession) ToString() *string Validate() *[]*string ValidateProperties(_properties interface{}) }
A CloudFormation `AWS::KMS::Key`.
type CfnKeyProps ¶
type CfnKeyProps struct { // `AWS::KMS::Key.KeyPolicy`. KeyPolicy interface{} `json:"keyPolicy"` // `AWS::KMS::Key.Description`. Description *string `json:"description"` // `AWS::KMS::Key.Enabled`. Enabled interface{} `json:"enabled"` // `AWS::KMS::Key.EnableKeyRotation`. EnableKeyRotation interface{} `json:"enableKeyRotation"` // `AWS::KMS::Key.KeySpec`. KeySpec *string `json:"keySpec"` // `AWS::KMS::Key.KeyUsage`. KeyUsage *string `json:"keyUsage"` // `AWS::KMS::Key.PendingWindowInDays`. PendingWindowInDays *float64 `json:"pendingWindowInDays"` // `AWS::KMS::Key.Tags`. Tags *[]*awscdk.CfnTag `json:"tags"` }
Properties for defining a `AWS::KMS::Key`.
type IAlias ¶
type IAlias interface { IKey // The name of the alias. // Experimental. AliasName() *string // The Key to which the Alias refers. // Experimental. AliasTargetKey() IKey }
A KMS Key alias.
An alias can be used in all places that expect a key. Experimental.
func Alias_FromAliasAttributes ¶
func Alias_FromAliasAttributes(scope constructs.Construct, id *string, attrs *AliasAttributes) IAlias
Import an existing KMS Alias defined outside the CDK app. Experimental.
func Alias_FromAliasName ¶
Import an existing KMS Alias defined outside the CDK app, by the alias name.
This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported. Experimental.
type IKey ¶
type IKey interface { awscdk.IResource // Defines a new alias for the key. // Experimental. AddAlias(alias *string) Alias // Adds a statement to the KMS key resource policy. // Experimental. AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult // Grant the indicated permissions on this key to the given principal. // Experimental. Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant // Grant decryption permissions using this key to the given principal. // Experimental. GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant // Grant encryption permissions using this key to the given principal. // Experimental. GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant // Grant encryption and decryption permissions using this key to the given principal. // Experimental. GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant // The ARN of the key. // Experimental. KeyArn() *string // The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab). // Experimental. KeyId() *string }
A KMS Key, either managed by this CDK app, or imported. Experimental.
func Key_FromKeyArn ¶
Import an externally defined KMS Key using its ARN. Experimental.
type Key ¶
type Key interface { awscdk.Resource IKey Env() *awscdk.ResourceEnvironment KeyArn() *string KeyId() *string Node() awscdk.ConstructNode PhysicalName() *string Policy() awsiam.PolicyDocument Stack() awscdk.Stack TrustAccountIdentities() *bool AddAlias(aliasName *string) Alias AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult ApplyRemovalPolicy(policy awscdk.RemovalPolicy) GeneratePhysicalName() *string GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string GetResourceNameAttribute(nameAttr *string) *string Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant GrantAdmin(grantee awsiam.IGrantable) awsiam.Grant GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant OnPrepare() OnSynthesize(session constructs.ISynthesisSession) OnValidate() *[]*string Prepare() Synthesize(session awscdk.ISynthesisSession) ToString() *string Validate() *[]*string }
Defines a KMS key. Experimental.
type KeyProps ¶
type KeyProps struct { // A list of principals to add as key administrators to the key policy. // // Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions // to use the key in cryptographic operations (e.g., encrypt, decrypt). // // These principals will be added to the default key policy (if none specified), or to the specified policy (if provided). // Experimental. Admins *[]awsiam.IPrincipal `json:"admins"` // Initial alias to add to the key. // // More aliases can be added later by calling `addAlias`. // Experimental. Alias *string `json:"alias"` // A description of the key. // // Use a description that helps your users decide // whether the key is appropriate for a particular task. // Experimental. Description *string `json:"description"` // Indicates whether the key is available for use. // Experimental. Enabled *bool `json:"enabled"` // Indicates whether AWS KMS rotates the key. // Experimental. EnableKeyRotation *bool `json:"enableKeyRotation"` // Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack. // // When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion // and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period. // During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in // cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK. // // Enter a value between 7 and 30 days. // See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-pendingwindowindays // // Experimental. PendingWindow awscdk.Duration `json:"pendingWindow"` // Custom policy document to attach to the KMS key. // // NOTE - If the `@aws-cdk/aws-kms:defaultKeyPolicies` feature flag is set (the default for new projects), // this policy will *override* the default key policy and become the only key policy for the key. If the // feature flag is not set, this policy will be appended to the default key policy. // Experimental. Policy awsiam.PolicyDocument `json:"policy"` // Whether the encryption key should be retained when it is removed from the Stack. // // This is useful when one wants to // retain access to data that was encrypted with a key that is being retired. // Experimental. RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"` // Whether the key usage can be granted by IAM policies. // // Setting this to true adds a default statement which delegates key // access control completely to the identity's IAM policy (similar // to how it works for other AWS resources). This matches the default behavior // when creating KMS keys via the API or console. // // If the `@aws-cdk/aws-kms:defaultKeyPolicies` feature flag is set (the default for new projects), // this flag will always be treated as 'true' and does not need to be explicitly set. // See: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam // // Deprecated: redundant with the `@aws-cdk/aws-kms:defaultKeyPolicies` feature flag TrustAccountIdentities *bool `json:"trustAccountIdentities"` }
Construction properties for a KMS Key object. Experimental.
type ViaServicePrincipal ¶
type ViaServicePrincipal interface { awsiam.PrincipalBase AssumeRoleAction() *string GrantPrincipal() awsiam.IPrincipal PolicyFragment() awsiam.PrincipalPolicyFragment PrincipalAccount() *string AddToPolicy(statement awsiam.PolicyStatement) *bool AddToPrincipalPolicy(_statement awsiam.PolicyStatement) *awsiam.AddToPrincipalPolicyResult ToJSON() *map[string]*[]*string ToString() *string WithConditions(conditions *map[string]interface{}) awsiam.IPrincipal }
A principal to allow access to a key if it's being used through another AWS service. Experimental.
func NewViaServicePrincipal ¶
func NewViaServicePrincipal(serviceName *string, basePrincipal awsiam.IPrincipal) ViaServicePrincipal
Experimental.