awskms

package
v1.98.1-devpreview Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Apr 12, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Alias_IsConstruct

func Alias_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func Alias_IsResource

func Alias_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func CfnAlias_CFN_RESOURCE_TYPE_NAME

func CfnAlias_CFN_RESOURCE_TYPE_NAME() *string

func CfnAlias_IsCfnElement

func CfnAlias_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnAlias_IsCfnResource

func CfnAlias_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnAlias_IsConstruct

func CfnAlias_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func CfnKey_CFN_RESOURCE_TYPE_NAME

func CfnKey_CFN_RESOURCE_TYPE_NAME() *string

func CfnKey_IsCfnElement

func CfnKey_IsCfnElement(x interface{}) *bool

Returns `true` if a construct is a stack element (i.e. part of the synthesized cloudformation template).

Uses duck-typing instead of `instanceof` to allow stack elements from different versions of this library to be included in the same stack.

Returns: The construct as a stack element or undefined if it is not a stack element. Experimental.

func CfnKey_IsCfnResource

func CfnKey_IsCfnResource(construct constructs.IConstruct) *bool

Check whether the given construct is a CfnResource. Experimental.

func CfnKey_IsConstruct

func CfnKey_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func Key_IsConstruct

func Key_IsConstruct(x interface{}) *bool

Return whether the given object is a Construct. Experimental.

func Key_IsResource

func Key_IsResource(construct awscdk.IConstruct) *bool

Check whether the given construct is a Resource. Experimental.

func NewAlias_Override

func NewAlias_Override(a Alias, scope constructs.Construct, id *string, props *AliasProps)

Experimental.

func NewCfnAlias_Override

func NewCfnAlias_Override(c CfnAlias, scope awscdk.Construct, id *string, props *CfnAliasProps)

Create a new `AWS::KMS::Alias`.

func NewCfnKey_Override

func NewCfnKey_Override(c CfnKey, scope awscdk.Construct, id *string, props *CfnKeyProps)

Create a new `AWS::KMS::Key`.

func NewKey_Override

func NewKey_Override(k Key, scope constructs.Construct, id *string, props *KeyProps)

Experimental.

func NewViaServicePrincipal_Override

func NewViaServicePrincipal_Override(v ViaServicePrincipal, serviceName *string, basePrincipal awsiam.IPrincipal)

Experimental.

Types

type Alias

type Alias interface {
	awscdk.Resource
	IAlias
	AliasName() *string
	AliasTargetKey() IKey
	Env() *awscdk.ResourceEnvironment
	KeyArn() *string
	KeyId() *string
	Node() awscdk.ConstructNode
	PhysicalName() *string
	Stack() awscdk.Stack
	AddAlias(alias *string) Alias
	AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant
	GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	Prepare()
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
}

Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).

Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.

You can also add an alias for a key by calling `key.addAlias(alias)`. Experimental.

func NewAlias

func NewAlias(scope constructs.Construct, id *string, props *AliasProps) Alias

Experimental.

type AliasAttributes

type AliasAttributes struct {
	// Specifies the alias name.
	//
	// This value must begin with alias/ followed by a name (i.e. alias/ExampleAlias)
	// Experimental.
	AliasName *string `json:"aliasName"`
	// The customer master key (CMK) to which the Alias refers.
	// Experimental.
	AliasTargetKey IKey `json:"aliasTargetKey"`
}

Properties of a reference to an existing KMS Alias. Experimental.

type AliasProps

type AliasProps struct {
	// The name of the alias.
	//
	// The name must start with alias followed by a
	// forward slash, such as alias/. You can't specify aliases that begin with
	// alias/AWS. These aliases are reserved.
	// Experimental.
	AliasName *string `json:"aliasName"`
	// The ID of the key for which you are creating the alias.
	//
	// Specify the key's
	// globally unique identifier or Amazon Resource Name (ARN). You can't
	// specify another alias.
	// Experimental.
	TargetKey IKey `json:"targetKey"`
	// Policy to apply when the alias is removed from this stack.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
}

Construction properties for a KMS Key Alias object. Experimental.

type CfnAlias

type CfnAlias interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AliasName() *string
	SetAliasName(val *string)
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CreationStack() *[]*string
	LogicalId() *string
	Node() awscdk.ConstructNode
	Ref() *string
	Stack() awscdk.Stack
	TargetKeyId() *string
	SetTargetKeyId(val *string)
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	OverrideLogicalId(newLogicalId *string)
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::KMS::Alias`.

func NewCfnAlias

func NewCfnAlias(scope awscdk.Construct, id *string, props *CfnAliasProps) CfnAlias

Create a new `AWS::KMS::Alias`.

type CfnAliasProps

type CfnAliasProps struct {
	// `AWS::KMS::Alias.AliasName`.
	AliasName *string `json:"aliasName"`
	// `AWS::KMS::Alias.TargetKeyId`.
	TargetKeyId *string `json:"targetKeyId"`
}

Properties for defining a `AWS::KMS::Alias`.

type CfnKey

type CfnKey interface {
	awscdk.CfnResource
	awscdk.IInspectable
	AttrArn() *string
	AttrKeyId() *string
	CfnOptions() awscdk.ICfnResourceOptions
	CfnProperties() *map[string]interface{}
	CfnResourceType() *string
	CreationStack() *[]*string
	Description() *string
	SetDescription(val *string)
	Enabled() interface{}
	SetEnabled(val interface{})
	EnableKeyRotation() interface{}
	SetEnableKeyRotation(val interface{})
	KeyPolicy() interface{}
	SetKeyPolicy(val interface{})
	KeySpec() *string
	SetKeySpec(val *string)
	KeyUsage() *string
	SetKeyUsage(val *string)
	LogicalId() *string
	Node() awscdk.ConstructNode
	PendingWindowInDays() *float64
	SetPendingWindowInDays(val *float64)
	Ref() *string
	Stack() awscdk.Stack
	Tags() awscdk.TagManager
	UpdatedProperites() *map[string]interface{}
	AddDeletionOverride(path *string)
	AddDependsOn(target awscdk.CfnResource)
	AddMetadata(key *string, value interface{})
	AddOverride(path *string, value interface{})
	AddPropertyDeletionOverride(propertyPath *string)
	AddPropertyOverride(propertyPath *string, value interface{})
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy, options *awscdk.RemovalPolicyOptions)
	GetAtt(attributeName *string) awscdk.Reference
	GetMetadata(key *string) interface{}
	Inspect(inspector awscdk.TreeInspector)
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	OverrideLogicalId(newLogicalId *string)
	Prepare()
	RenderProperties(props *map[string]interface{}) *map[string]interface{}
	ShouldSynthesize() *bool
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
	ValidateProperties(_properties interface{})
}

A CloudFormation `AWS::KMS::Key`.

func NewCfnKey

func NewCfnKey(scope awscdk.Construct, id *string, props *CfnKeyProps) CfnKey

Create a new `AWS::KMS::Key`.

type CfnKeyProps

type CfnKeyProps struct {
	// `AWS::KMS::Key.KeyPolicy`.
	KeyPolicy interface{} `json:"keyPolicy"`
	// `AWS::KMS::Key.Description`.
	Description *string `json:"description"`
	// `AWS::KMS::Key.Enabled`.
	Enabled interface{} `json:"enabled"`
	// `AWS::KMS::Key.EnableKeyRotation`.
	EnableKeyRotation interface{} `json:"enableKeyRotation"`
	// `AWS::KMS::Key.KeySpec`.
	KeySpec *string `json:"keySpec"`
	// `AWS::KMS::Key.KeyUsage`.
	KeyUsage *string `json:"keyUsage"`
	// `AWS::KMS::Key.PendingWindowInDays`.
	PendingWindowInDays *float64 `json:"pendingWindowInDays"`
	// `AWS::KMS::Key.Tags`.
	Tags *[]*awscdk.CfnTag `json:"tags"`
}

Properties for defining a `AWS::KMS::Key`.

type IAlias

type IAlias interface {
	IKey
	// The name of the alias.
	// Experimental.
	AliasName() *string
	// The Key to which the Alias refers.
	// Experimental.
	AliasTargetKey() IKey
}

A KMS Key alias.

An alias can be used in all places that expect a key. Experimental.

func Alias_FromAliasAttributes

func Alias_FromAliasAttributes(scope constructs.Construct, id *string, attrs *AliasAttributes) IAlias

Import an existing KMS Alias defined outside the CDK app. Experimental.

func Alias_FromAliasName

func Alias_FromAliasName(scope constructs.Construct, id *string, aliasName *string) IAlias

Import an existing KMS Alias defined outside the CDK app, by the alias name.

This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported. Experimental.

type IKey

type IKey interface {
	awscdk.IResource
	// Defines a new alias for the key.
	// Experimental.
	AddAlias(alias *string) Alias
	// Adds a statement to the KMS key resource policy.
	// Experimental.
	AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult
	// Grant the indicated permissions on this key to the given principal.
	// Experimental.
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	// Grant decryption permissions using this key to the given principal.
	// Experimental.
	GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	// Grant encryption permissions using this key to the given principal.
	// Experimental.
	GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant
	// Grant encryption and decryption permissions using this key to the given principal.
	// Experimental.
	GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	// The ARN of the key.
	// Experimental.
	KeyArn() *string
	// The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
	// Experimental.
	KeyId() *string
}

A KMS Key, either managed by this CDK app, or imported. Experimental.

func Key_FromKeyArn

func Key_FromKeyArn(scope constructs.Construct, id *string, keyArn *string) IKey

Import an externally defined KMS Key using its ARN. Experimental.

type Key

type Key interface {
	awscdk.Resource
	IKey
	Env() *awscdk.ResourceEnvironment
	KeyArn() *string
	KeyId() *string
	Node() awscdk.ConstructNode
	PhysicalName() *string
	Policy() awsiam.PolicyDocument
	Stack() awscdk.Stack
	TrustAccountIdentities() *bool
	AddAlias(aliasName *string) Alias
	AddToResourcePolicy(statement awsiam.PolicyStatement, allowNoOp *bool) *awsiam.AddToResourcePolicyResult
	ApplyRemovalPolicy(policy awscdk.RemovalPolicy)
	GeneratePhysicalName() *string
	GetResourceArnAttribute(arnAttr *string, arnComponents *awscdk.ArnComponents) *string
	GetResourceNameAttribute(nameAttr *string) *string
	Grant(grantee awsiam.IGrantable, actions ...*string) awsiam.Grant
	GrantAdmin(grantee awsiam.IGrantable) awsiam.Grant
	GrantDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	GrantEncrypt(grantee awsiam.IGrantable) awsiam.Grant
	GrantEncryptDecrypt(grantee awsiam.IGrantable) awsiam.Grant
	OnPrepare()
	OnSynthesize(session constructs.ISynthesisSession)
	OnValidate() *[]*string
	Prepare()
	Synthesize(session awscdk.ISynthesisSession)
	ToString() *string
	Validate() *[]*string
}

Defines a KMS key. Experimental.

func NewKey

func NewKey(scope constructs.Construct, id *string, props *KeyProps) Key

Experimental.

type KeyProps

type KeyProps struct {
	// A list of principals to add as key administrators to the key policy.
	//
	// Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions
	// to use the key in cryptographic operations (e.g., encrypt, decrypt).
	//
	// These principals will be added to the default key policy (if none specified), or to the specified policy (if provided).
	// Experimental.
	Admins *[]awsiam.IPrincipal `json:"admins"`
	// Initial alias to add to the key.
	//
	// More aliases can be added later by calling `addAlias`.
	// Experimental.
	Alias *string `json:"alias"`
	// A description of the key.
	//
	// Use a description that helps your users decide
	// whether the key is appropriate for a particular task.
	// Experimental.
	Description *string `json:"description"`
	// Indicates whether the key is available for use.
	// Experimental.
	Enabled *bool `json:"enabled"`
	// Indicates whether AWS KMS rotates the key.
	// Experimental.
	EnableKeyRotation *bool `json:"enableKeyRotation"`
	// Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.
	//
	// When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion
	// and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period.
	// During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in
	// cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK.
	//
	// Enter a value between 7 and 30 days.
	// See: https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-pendingwindowindays
	//
	// Experimental.
	PendingWindow awscdk.Duration `json:"pendingWindow"`
	// Custom policy document to attach to the KMS key.
	//
	// NOTE - If the `@aws-cdk/aws-kms:defaultKeyPolicies` feature flag is set (the default for new projects),
	// this policy will *override* the default key policy and become the only key policy for the key. If the
	// feature flag is not set, this policy will be appended to the default key policy.
	// Experimental.
	Policy awsiam.PolicyDocument `json:"policy"`
	// Whether the encryption key should be retained when it is removed from the Stack.
	//
	// This is useful when one wants to
	// retain access to data that was encrypted with a key that is being retired.
	// Experimental.
	RemovalPolicy awscdk.RemovalPolicy `json:"removalPolicy"`
	// Whether the key usage can be granted by IAM policies.
	//
	// Setting this to true adds a default statement which delegates key
	// access control completely to the identity's IAM policy (similar
	// to how it works for other AWS resources). This matches the default behavior
	// when creating KMS keys via the API or console.
	//
	// If the `@aws-cdk/aws-kms:defaultKeyPolicies` feature flag is set (the default for new projects),
	// this flag will always be treated as 'true' and does not need to be explicitly set.
	// See: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
	//
	// Deprecated: redundant with the `@aws-cdk/aws-kms:defaultKeyPolicies` feature flag
	TrustAccountIdentities *bool `json:"trustAccountIdentities"`
}

Construction properties for a KMS Key object. Experimental.

type ViaServicePrincipal

type ViaServicePrincipal interface {
	awsiam.PrincipalBase
	AssumeRoleAction() *string
	GrantPrincipal() awsiam.IPrincipal
	PolicyFragment() awsiam.PrincipalPolicyFragment
	PrincipalAccount() *string
	AddToPolicy(statement awsiam.PolicyStatement) *bool
	AddToPrincipalPolicy(_statement awsiam.PolicyStatement) *awsiam.AddToPrincipalPolicyResult
	ToJSON() *map[string]*[]*string
	ToString() *string
	WithConditions(conditions *map[string]interface{}) awsiam.IPrincipal
}

A principal to allow access to a key if it's being used through another AWS service. Experimental.

func NewViaServicePrincipal

func NewViaServicePrincipal(serviceName *string, basePrincipal awsiam.IPrincipal) ViaServicePrincipal

Experimental.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL