kms

package
v3.36.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2021 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Alias 

type Alias struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name (ARN) of the key alias.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name pulumi.StringOutput `pulumi:"name"`
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix pulumi.StringPtrOutput `pulumi:"namePrefix"`
	// The Amazon Resource Name (ARN) of the target key identifier.
	TargetKeyArn pulumi.StringOutput `pulumi:"targetKeyArn"`
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId pulumi.StringOutput `pulumi:"targetKeyId"`
}

Provides an alias for a KMS customer master key. AWS Console enforces 1-to-1 mapping between aliases & keys, but API (hence this provider too) allows you to create as many aliases as the [account limits](http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) allow you.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		key, err := kms.NewKey(ctx, "key", nil)
		if err != nil {
			return err
		}
		_, err = kms.NewAlias(ctx, "alias", &kms.AliasArgs{
			TargetKeyId: key.KeyId,
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

KMS aliases can be imported using the `name`, e.g.

```sh 

$ pulumi import aws:kms/alias:Alias a alias/my-key-alias

```

func GetAlias 

func GetAlias(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AliasState, opts ...pulumi.ResourceOption) (*Alias, error)

GetAlias gets an existing Alias resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlias 

func NewAlias(ctx *pulumi.Context,
	name string, args *AliasArgs, opts ...pulumi.ResourceOption) (*Alias, error)

NewAlias registers a new resource with the given unique name, arguments, and options.

func (*Alias) ElementType added in v3.13.0 

func (*Alias) ElementType() reflect.Type

func (*Alias) ToAliasOutput added in v3.13.0 

func (i *Alias) ToAliasOutput() AliasOutput

func (*Alias) ToAliasOutputWithContext added in v3.13.0 

func (i *Alias) ToAliasOutputWithContext(ctx context.Context) AliasOutput

func (*Alias) ToAliasPtrOutput added in v3.25.0 

func (i *Alias) ToAliasPtrOutput() AliasPtrOutput

func (*Alias) ToAliasPtrOutputWithContext added in v3.25.0 

func (i *Alias) ToAliasPtrOutputWithContext(ctx context.Context) AliasPtrOutput

type AliasArgs 

type AliasArgs struct {
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name pulumi.StringPtrInput
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId pulumi.StringInput
}

The set of arguments for constructing a Alias resource.

func (AliasArgs) ElementType 

func (AliasArgs) ElementType() reflect.Type

type AliasArray added in v3.25.0 

type AliasArray []AliasInput

func (AliasArray) ElementType added in v3.25.0 

func (AliasArray) ElementType() reflect.Type

func (AliasArray) ToAliasArrayOutput added in v3.25.0 

func (i AliasArray) ToAliasArrayOutput() AliasArrayOutput

func (AliasArray) ToAliasArrayOutputWithContext added in v3.25.0 

func (i AliasArray) ToAliasArrayOutputWithContext(ctx context.Context) AliasArrayOutput

type AliasArrayInput added in v3.25.0 

type AliasArrayInput interface {
	pulumi.Input

	ToAliasArrayOutput() AliasArrayOutput
	ToAliasArrayOutputWithContext(context.Context) AliasArrayOutput
}

AliasArrayInput is an input type that accepts AliasArray and AliasArrayOutput values. You can construct a concrete instance of `AliasArrayInput` via: 

AliasArray{ AliasArgs{...} }

type AliasArrayOutput added in v3.25.0 

type AliasArrayOutput struct{ *pulumi.OutputState }

func (AliasArrayOutput) ElementType added in v3.25.0 

func (AliasArrayOutput) ElementType() reflect.Type

func (AliasArrayOutput) Index added in v3.25.0 

func (o AliasArrayOutput) Index(i pulumi.IntInput) AliasOutput

func (AliasArrayOutput) ToAliasArrayOutput added in v3.25.0 

func (o AliasArrayOutput) ToAliasArrayOutput() AliasArrayOutput

func (AliasArrayOutput) ToAliasArrayOutputWithContext added in v3.25.0 

func (o AliasArrayOutput) ToAliasArrayOutputWithContext(ctx context.Context) AliasArrayOutput

type AliasInput added in v3.13.0 

type AliasInput interface {
	pulumi.Input

	ToAliasOutput() AliasOutput
	ToAliasOutputWithContext(ctx context.Context) AliasOutput
}

type AliasMap added in v3.25.0 

type AliasMap map[string]AliasInput

func (AliasMap) ElementType added in v3.25.0 

func (AliasMap) ElementType() reflect.Type

func (AliasMap) ToAliasMapOutput added in v3.25.0 

func (i AliasMap) ToAliasMapOutput() AliasMapOutput

func (AliasMap) ToAliasMapOutputWithContext added in v3.25.0 

func (i AliasMap) ToAliasMapOutputWithContext(ctx context.Context) AliasMapOutput

type AliasMapInput added in v3.25.0 

type AliasMapInput interface {
	pulumi.Input

	ToAliasMapOutput() AliasMapOutput
	ToAliasMapOutputWithContext(context.Context) AliasMapOutput
}

AliasMapInput is an input type that accepts AliasMap and AliasMapOutput values. You can construct a concrete instance of `AliasMapInput` via: 

AliasMap{ "key": AliasArgs{...} }

type AliasMapOutput added in v3.25.0 

type AliasMapOutput struct{ *pulumi.OutputState }

func (AliasMapOutput) ElementType added in v3.25.0 

func (AliasMapOutput) ElementType() reflect.Type

func (AliasMapOutput) MapIndex added in v3.25.0 

func (o AliasMapOutput) MapIndex(k pulumi.StringInput) AliasOutput

func (AliasMapOutput) ToAliasMapOutput added in v3.25.0 

func (o AliasMapOutput) ToAliasMapOutput() AliasMapOutput

func (AliasMapOutput) ToAliasMapOutputWithContext added in v3.25.0 

func (o AliasMapOutput) ToAliasMapOutputWithContext(ctx context.Context) AliasMapOutput

type AliasOutput added in v3.13.0 

type AliasOutput struct {
	*pulumi.OutputState
}

func (AliasOutput) ElementType added in v3.13.0 

func (AliasOutput) ElementType() reflect.Type

func (AliasOutput) ToAliasOutput added in v3.13.0 

func (o AliasOutput) ToAliasOutput() AliasOutput

func (AliasOutput) ToAliasOutputWithContext added in v3.13.0 

func (o AliasOutput) ToAliasOutputWithContext(ctx context.Context) AliasOutput

func (AliasOutput) ToAliasPtrOutput added in v3.25.0 

func (o AliasOutput) ToAliasPtrOutput() AliasPtrOutput

func (AliasOutput) ToAliasPtrOutputWithContext added in v3.25.0 

func (o AliasOutput) ToAliasPtrOutputWithContext(ctx context.Context) AliasPtrOutput

type AliasPtrInput added in v3.25.0 

type AliasPtrInput interface {
	pulumi.Input

	ToAliasPtrOutput() AliasPtrOutput
	ToAliasPtrOutputWithContext(ctx context.Context) AliasPtrOutput
}

type AliasPtrOutput added in v3.25.0 

type AliasPtrOutput struct {
	*pulumi.OutputState
}

func (AliasPtrOutput) ElementType added in v3.25.0 

func (AliasPtrOutput) ElementType() reflect.Type

func (AliasPtrOutput) ToAliasPtrOutput added in v3.25.0 

func (o AliasPtrOutput) ToAliasPtrOutput() AliasPtrOutput

func (AliasPtrOutput) ToAliasPtrOutputWithContext added in v3.25.0 

func (o AliasPtrOutput) ToAliasPtrOutputWithContext(ctx context.Context) AliasPtrOutput

type AliasState 

type AliasState struct {
	// The Amazon Resource Name (ARN) of the key alias.
	Arn pulumi.StringPtrInput
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name pulumi.StringPtrInput
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix pulumi.StringPtrInput
	// The Amazon Resource Name (ARN) of the target key identifier.
	TargetKeyArn pulumi.StringPtrInput
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId pulumi.StringPtrInput
}

func (AliasState) ElementType 

func (AliasState) ElementType() reflect.Type

type Ciphertext 

type Ciphertext struct {
	pulumi.CustomResourceState

	// Base64 encoded ciphertext
	CiphertextBlob pulumi.StringOutput `pulumi:"ciphertextBlob"`
	// An optional mapping that makes up the encryption context.
	Context pulumi.StringMapOutput `pulumi:"context"`
	// Globally unique key ID for the customer master key.
	KeyId pulumi.StringOutput `pulumi:"keyId"`
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext pulumi.StringOutput `pulumi:"plaintext"`
}

The KMS ciphertext resource allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this resource is stable across every apply. For a changing ciphertext value each apply, see the `kms.Ciphertext` data source.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		oauthConfig, err := kms.NewKey(ctx, "oauthConfig", &kms.KeyArgs{
			Description: pulumi.String("oauth config"),
			IsEnabled:   pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewCiphertext(ctx, "oauth", &kms.CiphertextArgs{
			KeyId:     oauthConfig.KeyId,
			Plaintext: pulumi.String(fmt.Sprintf("%v%v%v%v", "{\n", "  \"client_id\": \"e587dbae22222f55da22\",\n", "  \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n", "}\n")),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

func GetCiphertext 

func GetCiphertext(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *CiphertextState, opts ...pulumi.ResourceOption) (*Ciphertext, error)

GetCiphertext gets an existing Ciphertext resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCiphertext 

func NewCiphertext(ctx *pulumi.Context,
	name string, args *CiphertextArgs, opts ...pulumi.ResourceOption) (*Ciphertext, error)

NewCiphertext registers a new resource with the given unique name, arguments, and options.

func (*Ciphertext) ElementType added in v3.13.0 

func (*Ciphertext) ElementType() reflect.Type

func (*Ciphertext) ToCiphertextOutput added in v3.13.0 

func (i *Ciphertext) ToCiphertextOutput() CiphertextOutput

func (*Ciphertext) ToCiphertextOutputWithContext added in v3.13.0 

func (i *Ciphertext) ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput

func (*Ciphertext) ToCiphertextPtrOutput added in v3.25.0 

func (i *Ciphertext) ToCiphertextPtrOutput() CiphertextPtrOutput

func (*Ciphertext) ToCiphertextPtrOutputWithContext added in v3.25.0 

func (i *Ciphertext) ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput

type CiphertextArgs 

type CiphertextArgs struct {
	// An optional mapping that makes up the encryption context.
	Context pulumi.StringMapInput
	// Globally unique key ID for the customer master key.
	KeyId pulumi.StringInput
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext pulumi.StringInput
}

The set of arguments for constructing a Ciphertext resource.

func (CiphertextArgs) ElementType 

func (CiphertextArgs) ElementType() reflect.Type

type CiphertextArray added in v3.25.0 

type CiphertextArray []CiphertextInput

func (CiphertextArray) ElementType added in v3.25.0 

func (CiphertextArray) ElementType() reflect.Type

func (CiphertextArray) ToCiphertextArrayOutput added in v3.25.0 

func (i CiphertextArray) ToCiphertextArrayOutput() CiphertextArrayOutput

func (CiphertextArray) ToCiphertextArrayOutputWithContext added in v3.25.0 

func (i CiphertextArray) ToCiphertextArrayOutputWithContext(ctx context.Context) CiphertextArrayOutput

type CiphertextArrayInput added in v3.25.0 

type CiphertextArrayInput interface {
	pulumi.Input

	ToCiphertextArrayOutput() CiphertextArrayOutput
	ToCiphertextArrayOutputWithContext(context.Context) CiphertextArrayOutput
}

CiphertextArrayInput is an input type that accepts CiphertextArray and CiphertextArrayOutput values. You can construct a concrete instance of `CiphertextArrayInput` via: 

CiphertextArray{ CiphertextArgs{...} }

type CiphertextArrayOutput added in v3.25.0 

type CiphertextArrayOutput struct{ *pulumi.OutputState }

func (CiphertextArrayOutput) ElementType added in v3.25.0 

func (CiphertextArrayOutput) ElementType() reflect.Type

func (CiphertextArrayOutput) Index added in v3.25.0 

func (o CiphertextArrayOutput) Index(i pulumi.IntInput) CiphertextOutput

func (CiphertextArrayOutput) ToCiphertextArrayOutput added in v3.25.0 

func (o CiphertextArrayOutput) ToCiphertextArrayOutput() CiphertextArrayOutput

func (CiphertextArrayOutput) ToCiphertextArrayOutputWithContext added in v3.25.0 

func (o CiphertextArrayOutput) ToCiphertextArrayOutputWithContext(ctx context.Context) CiphertextArrayOutput

type CiphertextInput added in v3.13.0 

type CiphertextInput interface {
	pulumi.Input

	ToCiphertextOutput() CiphertextOutput
	ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput
}

type CiphertextMap added in v3.25.0 

type CiphertextMap map[string]CiphertextInput

func (CiphertextMap) ElementType added in v3.25.0 

func (CiphertextMap) ElementType() reflect.Type

func (CiphertextMap) ToCiphertextMapOutput added in v3.25.0 

func (i CiphertextMap) ToCiphertextMapOutput() CiphertextMapOutput

func (CiphertextMap) ToCiphertextMapOutputWithContext added in v3.25.0 

func (i CiphertextMap) ToCiphertextMapOutputWithContext(ctx context.Context) CiphertextMapOutput

type CiphertextMapInput added in v3.25.0 

type CiphertextMapInput interface {
	pulumi.Input

	ToCiphertextMapOutput() CiphertextMapOutput
	ToCiphertextMapOutputWithContext(context.Context) CiphertextMapOutput
}

CiphertextMapInput is an input type that accepts CiphertextMap and CiphertextMapOutput values. You can construct a concrete instance of `CiphertextMapInput` via: 

CiphertextMap{ "key": CiphertextArgs{...} }

type CiphertextMapOutput added in v3.25.0 

type CiphertextMapOutput struct{ *pulumi.OutputState }

func (CiphertextMapOutput) ElementType added in v3.25.0 

func (CiphertextMapOutput) ElementType() reflect.Type

func (CiphertextMapOutput) MapIndex added in v3.25.0 

func (o CiphertextMapOutput) MapIndex(k pulumi.StringInput) CiphertextOutput

func (CiphertextMapOutput) ToCiphertextMapOutput added in v3.25.0 

func (o CiphertextMapOutput) ToCiphertextMapOutput() CiphertextMapOutput

func (CiphertextMapOutput) ToCiphertextMapOutputWithContext added in v3.25.0 

func (o CiphertextMapOutput) ToCiphertextMapOutputWithContext(ctx context.Context) CiphertextMapOutput

type CiphertextOutput added in v3.13.0 

type CiphertextOutput struct {
	*pulumi.OutputState
}

func (CiphertextOutput) ElementType added in v3.13.0 

func (CiphertextOutput) ElementType() reflect.Type

func (CiphertextOutput) ToCiphertextOutput added in v3.13.0 

func (o CiphertextOutput) ToCiphertextOutput() CiphertextOutput

func (CiphertextOutput) ToCiphertextOutputWithContext added in v3.13.0 

func (o CiphertextOutput) ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput

func (CiphertextOutput) ToCiphertextPtrOutput added in v3.25.0 

func (o CiphertextOutput) ToCiphertextPtrOutput() CiphertextPtrOutput

func (CiphertextOutput) ToCiphertextPtrOutputWithContext added in v3.25.0 

func (o CiphertextOutput) ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput

type CiphertextPtrInput added in v3.25.0 

type CiphertextPtrInput interface {
	pulumi.Input

	ToCiphertextPtrOutput() CiphertextPtrOutput
	ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput
}

type CiphertextPtrOutput added in v3.25.0 

type CiphertextPtrOutput struct {
	*pulumi.OutputState
}

func (CiphertextPtrOutput) ElementType added in v3.25.0 

func (CiphertextPtrOutput) ElementType() reflect.Type

func (CiphertextPtrOutput) ToCiphertextPtrOutput added in v3.25.0 

func (o CiphertextPtrOutput) ToCiphertextPtrOutput() CiphertextPtrOutput

func (CiphertextPtrOutput) ToCiphertextPtrOutputWithContext added in v3.25.0 

func (o CiphertextPtrOutput) ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput

type CiphertextState 

type CiphertextState struct {
	// Base64 encoded ciphertext
	CiphertextBlob pulumi.StringPtrInput
	// An optional mapping that makes up the encryption context.
	Context pulumi.StringMapInput
	// Globally unique key ID for the customer master key.
	KeyId pulumi.StringPtrInput
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext pulumi.StringPtrInput
}

func (CiphertextState) ElementType 

func (CiphertextState) ElementType() reflect.Type

type ExternalKey 

type ExternalKey struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name (ARN) of the key.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
	DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"`
	// Description of the key.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
	Enabled pulumi.BoolOutput `pulumi:"enabled"`
	// Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
	ExpirationModel pulumi.StringOutput `pulumi:"expirationModel"`
	// Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
	KeyMaterialBase64 pulumi.StringPtrOutput `pulumi:"keyMaterialBase64"`
	// The state of the CMK.
	KeyState pulumi.StringOutput `pulumi:"keyState"`
	// The cryptographic operations for which you can use the CMK.
	KeyUsage pulumi.StringOutput `pulumi:"keyUsage"`
	// A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
	Policy pulumi.StringOutput `pulumi:"policy"`
	// A key-value map of tags to assign to the key.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
	// Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
	ValidTo pulumi.StringPtrOutput `pulumi:"validTo"`
}

Manages a KMS Customer Master Key that uses external key material. To instead manage a KMS Customer Master Key where AWS automatically generates and potentially rotates key material, see the `kms.Key` resource.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewExternalKey(ctx, "example", &kms.ExternalKeyArgs{
			Description: pulumi.String("KMS EXTERNAL for AMI encryption"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

KMS External Keys can be imported using the `id`, e.g.

```sh 

$ pulumi import aws:kms/externalKey:ExternalKey a arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

```

func GetExternalKey 

func GetExternalKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *ExternalKeyState, opts ...pulumi.ResourceOption) (*ExternalKey, error)

GetExternalKey gets an existing ExternalKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewExternalKey 

func NewExternalKey(ctx *pulumi.Context,
	name string, args *ExternalKeyArgs, opts ...pulumi.ResourceOption) (*ExternalKey, error)

NewExternalKey registers a new resource with the given unique name, arguments, and options.

func (*ExternalKey) ElementType added in v3.13.0 

func (*ExternalKey) ElementType() reflect.Type

func (*ExternalKey) ToExternalKeyOutput added in v3.13.0 

func (i *ExternalKey) ToExternalKeyOutput() ExternalKeyOutput

func (*ExternalKey) ToExternalKeyOutputWithContext added in v3.13.0 

func (i *ExternalKey) ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput

func (*ExternalKey) ToExternalKeyPtrOutput added in v3.25.0 

func (i *ExternalKey) ToExternalKeyPtrOutput() ExternalKeyPtrOutput

func (*ExternalKey) ToExternalKeyPtrOutputWithContext added in v3.25.0 

func (i *ExternalKey) ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput

type ExternalKeyArgs 

type ExternalKeyArgs struct {
	// Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
	DeletionWindowInDays pulumi.IntPtrInput
	// Description of the key.
	Description pulumi.StringPtrInput
	// Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
	Enabled pulumi.BoolPtrInput
	// Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
	KeyMaterialBase64 pulumi.StringPtrInput
	// A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
	Policy pulumi.StringPtrInput
	// A key-value map of tags to assign to the key.
	Tags pulumi.StringMapInput
	// Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
	ValidTo pulumi.StringPtrInput
}

The set of arguments for constructing a ExternalKey resource.

func (ExternalKeyArgs) ElementType 

func (ExternalKeyArgs) ElementType() reflect.Type

type ExternalKeyArray added in v3.25.0 

type ExternalKeyArray []ExternalKeyInput

func (ExternalKeyArray) ElementType added in v3.25.0 

func (ExternalKeyArray) ElementType() reflect.Type

func (ExternalKeyArray) ToExternalKeyArrayOutput added in v3.25.0 

func (i ExternalKeyArray) ToExternalKeyArrayOutput() ExternalKeyArrayOutput

func (ExternalKeyArray) ToExternalKeyArrayOutputWithContext added in v3.25.0 

func (i ExternalKeyArray) ToExternalKeyArrayOutputWithContext(ctx context.Context) ExternalKeyArrayOutput

type ExternalKeyArrayInput added in v3.25.0 

type ExternalKeyArrayInput interface {
	pulumi.Input

	ToExternalKeyArrayOutput() ExternalKeyArrayOutput
	ToExternalKeyArrayOutputWithContext(context.Context) ExternalKeyArrayOutput
}

ExternalKeyArrayInput is an input type that accepts ExternalKeyArray and ExternalKeyArrayOutput values. You can construct a concrete instance of `ExternalKeyArrayInput` via: 

ExternalKeyArray{ ExternalKeyArgs{...} }

type ExternalKeyArrayOutput added in v3.25.0 

type ExternalKeyArrayOutput struct{ *pulumi.OutputState }

func (ExternalKeyArrayOutput) ElementType added in v3.25.0 

func (ExternalKeyArrayOutput) ElementType() reflect.Type

func (ExternalKeyArrayOutput) Index added in v3.25.0 

func (o ExternalKeyArrayOutput) Index(i pulumi.IntInput) ExternalKeyOutput

func (ExternalKeyArrayOutput) ToExternalKeyArrayOutput added in v3.25.0 

func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutput() ExternalKeyArrayOutput

func (ExternalKeyArrayOutput) ToExternalKeyArrayOutputWithContext added in v3.25.0 

func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutputWithContext(ctx context.Context) ExternalKeyArrayOutput

type ExternalKeyInput added in v3.13.0 

type ExternalKeyInput interface {
	pulumi.Input

	ToExternalKeyOutput() ExternalKeyOutput
	ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput
}

type ExternalKeyMap added in v3.25.0 

type ExternalKeyMap map[string]ExternalKeyInput

func (ExternalKeyMap) ElementType added in v3.25.0 

func (ExternalKeyMap) ElementType() reflect.Type

func (ExternalKeyMap) ToExternalKeyMapOutput added in v3.25.0 

func (i ExternalKeyMap) ToExternalKeyMapOutput() ExternalKeyMapOutput

func (ExternalKeyMap) ToExternalKeyMapOutputWithContext added in v3.25.0 

func (i ExternalKeyMap) ToExternalKeyMapOutputWithContext(ctx context.Context) ExternalKeyMapOutput

type ExternalKeyMapInput added in v3.25.0 

type ExternalKeyMapInput interface {
	pulumi.Input

	ToExternalKeyMapOutput() ExternalKeyMapOutput
	ToExternalKeyMapOutputWithContext(context.Context) ExternalKeyMapOutput
}

ExternalKeyMapInput is an input type that accepts ExternalKeyMap and ExternalKeyMapOutput values. You can construct a concrete instance of `ExternalKeyMapInput` via: 

ExternalKeyMap{ "key": ExternalKeyArgs{...} }

type ExternalKeyMapOutput added in v3.25.0 

type ExternalKeyMapOutput struct{ *pulumi.OutputState }

func (ExternalKeyMapOutput) ElementType added in v3.25.0 

func (ExternalKeyMapOutput) ElementType() reflect.Type

func (ExternalKeyMapOutput) MapIndex added in v3.25.0 

func (o ExternalKeyMapOutput) MapIndex(k pulumi.StringInput) ExternalKeyOutput

func (ExternalKeyMapOutput) ToExternalKeyMapOutput added in v3.25.0 

func (o ExternalKeyMapOutput) ToExternalKeyMapOutput() ExternalKeyMapOutput

func (ExternalKeyMapOutput) ToExternalKeyMapOutputWithContext added in v3.25.0 

func (o ExternalKeyMapOutput) ToExternalKeyMapOutputWithContext(ctx context.Context) ExternalKeyMapOutput

type ExternalKeyOutput added in v3.13.0 

type ExternalKeyOutput struct {
	*pulumi.OutputState
}

func (ExternalKeyOutput) ElementType added in v3.13.0 

func (ExternalKeyOutput) ElementType() reflect.Type

func (ExternalKeyOutput) ToExternalKeyOutput added in v3.13.0 

func (o ExternalKeyOutput) ToExternalKeyOutput() ExternalKeyOutput

func (ExternalKeyOutput) ToExternalKeyOutputWithContext added in v3.13.0 

func (o ExternalKeyOutput) ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput

func (ExternalKeyOutput) ToExternalKeyPtrOutput added in v3.25.0 

func (o ExternalKeyOutput) ToExternalKeyPtrOutput() ExternalKeyPtrOutput

func (ExternalKeyOutput) ToExternalKeyPtrOutputWithContext added in v3.25.0 

func (o ExternalKeyOutput) ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput

type ExternalKeyPtrInput added in v3.25.0 

type ExternalKeyPtrInput interface {
	pulumi.Input

	ToExternalKeyPtrOutput() ExternalKeyPtrOutput
	ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput
}

type ExternalKeyPtrOutput added in v3.25.0 

type ExternalKeyPtrOutput struct {
	*pulumi.OutputState
}

func (ExternalKeyPtrOutput) ElementType added in v3.25.0 

func (ExternalKeyPtrOutput) ElementType() reflect.Type

func (ExternalKeyPtrOutput) ToExternalKeyPtrOutput added in v3.25.0 

func (o ExternalKeyPtrOutput) ToExternalKeyPtrOutput() ExternalKeyPtrOutput

func (ExternalKeyPtrOutput) ToExternalKeyPtrOutputWithContext added in v3.25.0 

func (o ExternalKeyPtrOutput) ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput

type ExternalKeyState 

type ExternalKeyState struct {
	// The Amazon Resource Name (ARN) of the key.
	Arn pulumi.StringPtrInput
	// Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
	DeletionWindowInDays pulumi.IntPtrInput
	// Description of the key.
	Description pulumi.StringPtrInput
	// Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
	Enabled pulumi.BoolPtrInput
	// Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
	ExpirationModel pulumi.StringPtrInput
	// Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
	KeyMaterialBase64 pulumi.StringPtrInput
	// The state of the CMK.
	KeyState pulumi.StringPtrInput
	// The cryptographic operations for which you can use the CMK.
	KeyUsage pulumi.StringPtrInput
	// A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
	Policy pulumi.StringPtrInput
	// A key-value map of tags to assign to the key.
	Tags pulumi.StringMapInput
	// Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
	ValidTo pulumi.StringPtrInput
}

func (ExternalKeyState) ElementType 

func (ExternalKeyState) ElementType() reflect.Type

type GetCipherTextArgs 

type GetCipherTextArgs struct {
	// An optional mapping that makes up the encryption context.
	Context map[string]string `pulumi:"context"`
	// Globally unique key ID for the customer master key.
	KeyId string `pulumi:"keyId"`
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext string `pulumi:"plaintext"`
}

A collection of arguments for invoking getCipherText.

type GetCipherTextResult 

type GetCipherTextResult struct {
	// Base64 encoded ciphertext
	CiphertextBlob string            `pulumi:"ciphertextBlob"`
	Context        map[string]string `pulumi:"context"`
	// The provider-assigned unique ID for this managed resource.
	Id        string `pulumi:"id"`
	KeyId     string `pulumi:"keyId"`
	Plaintext string `pulumi:"plaintext"`
}

A collection of values returned by getCipherText.

func GetCipherText 

func GetCipherText(ctx *pulumi.Context, args *GetCipherTextArgs, opts ...pulumi.InvokeOption) (*GetCipherTextResult, error)

The KMS ciphertext data source allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this data source changes every apply. For a stable ciphertext value, see the `kms.Ciphertext` resource.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		oauthConfig, err := kms.NewKey(ctx, "oauthConfig", &kms.KeyArgs{
			Description: pulumi.String("oauth config"),
			IsEnabled:   pulumi.Bool(true),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

type GetSecretArgs 

type GetSecretArgs struct {
	Secrets []GetSecretSecret `pulumi:"secrets"`
}

A collection of arguments for invoking getSecret.

type GetSecretResult 

type GetSecretResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id      string            `pulumi:"id"`
	Secrets []GetSecretSecret `pulumi:"secrets"`
}

A collection of values returned by getSecret.

func GetSecret 

func GetSecret(ctx *pulumi.Context, args *GetSecretArgs, opts ...pulumi.InvokeOption) (*GetSecretResult, error)

type GetSecretSecret 

type GetSecretSecret struct {
	Context     map[string]string `pulumi:"context"`
	GrantTokens []string          `pulumi:"grantTokens"`
	Name        string            `pulumi:"name"`
	Payload     string            `pulumi:"payload"`
}

type GetSecretSecretArgs 

type GetSecretSecretArgs struct {
	Context     pulumi.StringMapInput   `pulumi:"context"`
	GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"`
	Name        pulumi.StringInput      `pulumi:"name"`
	Payload     pulumi.StringInput      `pulumi:"payload"`
}

func (GetSecretSecretArgs) ElementType 

func (GetSecretSecretArgs) ElementType() reflect.Type

func (GetSecretSecretArgs) ToGetSecretSecretOutput 

func (i GetSecretSecretArgs) ToGetSecretSecretOutput() GetSecretSecretOutput

func (GetSecretSecretArgs) ToGetSecretSecretOutputWithContext 

func (i GetSecretSecretArgs) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput

type GetSecretSecretArray 

type GetSecretSecretArray []GetSecretSecretInput

func (GetSecretSecretArray) ElementType 

func (GetSecretSecretArray) ElementType() reflect.Type

func (GetSecretSecretArray) ToGetSecretSecretArrayOutput 

func (i GetSecretSecretArray) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput

func (GetSecretSecretArray) ToGetSecretSecretArrayOutputWithContext 

func (i GetSecretSecretArray) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput

type GetSecretSecretArrayInput 

type GetSecretSecretArrayInput interface {
	pulumi.Input

	ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput
	ToGetSecretSecretArrayOutputWithContext(context.Context) GetSecretSecretArrayOutput
}

GetSecretSecretArrayInput is an input type that accepts GetSecretSecretArray and GetSecretSecretArrayOutput values. You can construct a concrete instance of `GetSecretSecretArrayInput` via: 

GetSecretSecretArray{ GetSecretSecretArgs{...} }

type GetSecretSecretArrayOutput 

type GetSecretSecretArrayOutput struct{ *pulumi.OutputState }

func (GetSecretSecretArrayOutput) ElementType 

func (GetSecretSecretArrayOutput) ElementType() reflect.Type

func (GetSecretSecretArrayOutput) Index 

func (o GetSecretSecretArrayOutput) Index(i pulumi.IntInput) GetSecretSecretOutput

func (GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput 

func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput

func (GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext 

func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput

type GetSecretSecretInput 

type GetSecretSecretInput interface {
	pulumi.Input

	ToGetSecretSecretOutput() GetSecretSecretOutput
	ToGetSecretSecretOutputWithContext(context.Context) GetSecretSecretOutput
}

GetSecretSecretInput is an input type that accepts GetSecretSecretArgs and GetSecretSecretOutput values. You can construct a concrete instance of `GetSecretSecretInput` via: 

GetSecretSecretArgs{...}

type GetSecretSecretOutput 

type GetSecretSecretOutput struct{ *pulumi.OutputState }

func (GetSecretSecretOutput) Context 

func (o GetSecretSecretOutput) Context() pulumi.StringMapOutput

func (GetSecretSecretOutput) ElementType 

func (GetSecretSecretOutput) ElementType() reflect.Type

func (GetSecretSecretOutput) GrantTokens 

func (o GetSecretSecretOutput) GrantTokens() pulumi.StringArrayOutput

func (GetSecretSecretOutput) Name 

func (o GetSecretSecretOutput) Name() pulumi.StringOutput

func (GetSecretSecretOutput) Payload 

func (o GetSecretSecretOutput) Payload() pulumi.StringOutput

func (GetSecretSecretOutput) ToGetSecretSecretOutput 

func (o GetSecretSecretOutput) ToGetSecretSecretOutput() GetSecretSecretOutput

func (GetSecretSecretOutput) ToGetSecretSecretOutputWithContext 

func (o GetSecretSecretOutput) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput

type GetSecretsArgs 

type GetSecretsArgs struct {
	// One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.
	Secrets []GetSecretsSecret `pulumi:"secrets"`
}

A collection of arguments for invoking getSecrets.

type GetSecretsResult 

type GetSecretsResult struct {
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// Map containing each `secret` `name` as the key with its decrypted plaintext value
	Plaintext map[string]string  `pulumi:"plaintext"`
	Secrets   []GetSecretsSecret `pulumi:"secrets"`
}

A collection of values returned by getSecrets.

func GetSecrets 

func GetSecrets(ctx *pulumi.Context, args *GetSecretsArgs, opts ...pulumi.InvokeOption) (*GetSecretsResult, error)

Decrypt multiple secrets from data encrypted with the AWS KMS service.

type GetSecretsSecret 

type GetSecretsSecret struct {
	// An optional mapping that makes up the Encryption Context for the secret.
	Context map[string]string `pulumi:"context"`
	// An optional list of Grant Tokens for the secret.
	GrantTokens []string `pulumi:"grantTokens"`
	// The name to export this secret under in the attributes.
	Name string `pulumi:"name"`
	// Base64 encoded payload, as returned from a KMS encrypt operation.
	Payload string `pulumi:"payload"`
}

type GetSecretsSecretArgs 

type GetSecretsSecretArgs struct {
	// An optional mapping that makes up the Encryption Context for the secret.
	Context pulumi.StringMapInput `pulumi:"context"`
	// An optional list of Grant Tokens for the secret.
	GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"`
	// The name to export this secret under in the attributes.
	Name pulumi.StringInput `pulumi:"name"`
	// Base64 encoded payload, as returned from a KMS encrypt operation.
	Payload pulumi.StringInput `pulumi:"payload"`
}

func (GetSecretsSecretArgs) ElementType 

func (GetSecretsSecretArgs) ElementType() reflect.Type

func (GetSecretsSecretArgs) ToGetSecretsSecretOutput 

func (i GetSecretsSecretArgs) ToGetSecretsSecretOutput() GetSecretsSecretOutput

func (GetSecretsSecretArgs) ToGetSecretsSecretOutputWithContext 

func (i GetSecretsSecretArgs) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput

type GetSecretsSecretArray 

type GetSecretsSecretArray []GetSecretsSecretInput

func (GetSecretsSecretArray) ElementType 

func (GetSecretsSecretArray) ElementType() reflect.Type

func (GetSecretsSecretArray) ToGetSecretsSecretArrayOutput 

func (i GetSecretsSecretArray) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput

func (GetSecretsSecretArray) ToGetSecretsSecretArrayOutputWithContext 

func (i GetSecretsSecretArray) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput

type GetSecretsSecretArrayInput 

type GetSecretsSecretArrayInput interface {
	pulumi.Input

	ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput
	ToGetSecretsSecretArrayOutputWithContext(context.Context) GetSecretsSecretArrayOutput
}

GetSecretsSecretArrayInput is an input type that accepts GetSecretsSecretArray and GetSecretsSecretArrayOutput values. You can construct a concrete instance of `GetSecretsSecretArrayInput` via: 

GetSecretsSecretArray{ GetSecretsSecretArgs{...} }

type GetSecretsSecretArrayOutput 

type GetSecretsSecretArrayOutput struct{ *pulumi.OutputState }

func (GetSecretsSecretArrayOutput) ElementType 

func (GetSecretsSecretArrayOutput) ElementType() reflect.Type

func (GetSecretsSecretArrayOutput) Index 

func (o GetSecretsSecretArrayOutput) Index(i pulumi.IntInput) GetSecretsSecretOutput

func (GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput 

func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput

func (GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext 

func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput

type GetSecretsSecretInput 

type GetSecretsSecretInput interface {
	pulumi.Input

	ToGetSecretsSecretOutput() GetSecretsSecretOutput
	ToGetSecretsSecretOutputWithContext(context.Context) GetSecretsSecretOutput
}

GetSecretsSecretInput is an input type that accepts GetSecretsSecretArgs and GetSecretsSecretOutput values. You can construct a concrete instance of `GetSecretsSecretInput` via: 

GetSecretsSecretArgs{...}

type GetSecretsSecretOutput 

type GetSecretsSecretOutput struct{ *pulumi.OutputState }

func (GetSecretsSecretOutput) Context 

func (o GetSecretsSecretOutput) Context() pulumi.StringMapOutput

An optional mapping that makes up the Encryption Context for the secret.

func (GetSecretsSecretOutput) ElementType 

func (GetSecretsSecretOutput) ElementType() reflect.Type

func (GetSecretsSecretOutput) GrantTokens 

func (o GetSecretsSecretOutput) GrantTokens() pulumi.StringArrayOutput

An optional list of Grant Tokens for the secret.

func (GetSecretsSecretOutput) Name 

func (o GetSecretsSecretOutput) Name() pulumi.StringOutput

The name to export this secret under in the attributes.

func (GetSecretsSecretOutput) Payload 

func (o GetSecretsSecretOutput) Payload() pulumi.StringOutput

Base64 encoded payload, as returned from a KMS encrypt operation.

func (GetSecretsSecretOutput) ToGetSecretsSecretOutput 

func (o GetSecretsSecretOutput) ToGetSecretsSecretOutput() GetSecretsSecretOutput

func (GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext 

func (o GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput

type Grant 

type Grant struct {
	pulumi.CustomResourceState

	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints GrantConstraintArrayOutput `pulumi:"constraints"`
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	GrantCreationTokens pulumi.StringArrayOutput `pulumi:"grantCreationTokens"`
	// The unique identifier for the grant.
	GrantId pulumi.StringOutput `pulumi:"grantId"`
	// The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).
	GrantToken pulumi.StringOutput `pulumi:"grantToken"`
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal pulumi.StringOutput `pulumi:"granteePrincipal"`
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId pulumi.StringOutput `pulumi:"keyId"`
	// A friendly name for identifying the grant.
	Name pulumi.StringOutput `pulumi:"name"`
	// A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.
	Operations pulumi.StringArrayOutput `pulumi:"operations"`
	// -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	RetireOnDelete pulumi.BoolPtrOutput `pulumi:"retireOnDelete"`
	// The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
	RetiringPrincipal pulumi.StringPtrOutput `pulumi:"retiringPrincipal"`
}

Provides a resource-based access control mechanism for a KMS customer master key.

## Example Usage

```go package main

import ( 

"fmt"

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/iam"
"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		key, err := kms.NewKey(ctx, "key", nil)
		if err != nil {
			return err
		}
		role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{
			AssumeRolePolicy: pulumi.String(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", "  \"Version\": \"2012-10-17\",\n", "  \"Statement\": [\n", "    {\n", "      \"Action\": \"sts:AssumeRole\",\n", "      \"Principal\": {\n", "        \"Service\": \"lambda.amazonaws.com\"\n", "      },\n", "      \"Effect\": \"Allow\",\n", "      \"Sid\": \"\"\n", "    }\n", "  ]\n", "}\n")),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewGrant(ctx, "grant", &kms.GrantArgs{
			KeyId:            key.KeyId,
			GranteePrincipal: role.Arn,
			Operations: pulumi.StringArray{
				pulumi.String("Encrypt"),
				pulumi.String("Decrypt"),
				pulumi.String("GenerateDataKey"),
			},
			Constraints: kms.GrantConstraintArray{
				&kms.GrantConstraintArgs{
					EncryptionContextEquals: pulumi.StringMap{
						"Department": pulumi.String("Finance"),
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

KMS Grants can be imported using the Key ID and Grant ID separated by a colon (`:`), e.g.

```sh 

$ pulumi import aws:kms/grant:Grant test 1234abcd-12ab-34cd-56ef-1234567890ababcde1237f76e4ba7987489ac329fbfba6ad343d6f7075dbd1ef191f0120514

```

func GetGrant 

func GetGrant(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *GrantState, opts ...pulumi.ResourceOption) (*Grant, error)

GetGrant gets an existing Grant resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewGrant 

func NewGrant(ctx *pulumi.Context,
	name string, args *GrantArgs, opts ...pulumi.ResourceOption) (*Grant, error)

NewGrant registers a new resource with the given unique name, arguments, and options.

func (*Grant) ElementType added in v3.13.0 

func (*Grant) ElementType() reflect.Type

func (*Grant) ToGrantOutput added in v3.13.0 

func (i *Grant) ToGrantOutput() GrantOutput

func (*Grant) ToGrantOutputWithContext added in v3.13.0 

func (i *Grant) ToGrantOutputWithContext(ctx context.Context) GrantOutput

func (*Grant) ToGrantPtrOutput added in v3.25.0 

func (i *Grant) ToGrantPtrOutput() GrantPtrOutput

func (*Grant) ToGrantPtrOutputWithContext added in v3.25.0 

func (i *Grant) ToGrantPtrOutputWithContext(ctx context.Context) GrantPtrOutput

type GrantArgs 

type GrantArgs struct {
	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints GrantConstraintArrayInput
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	GrantCreationTokens pulumi.StringArrayInput
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal pulumi.StringInput
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId pulumi.StringInput
	// A friendly name for identifying the grant.
	Name pulumi.StringPtrInput
	// A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.
	Operations pulumi.StringArrayInput
	// -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	RetireOnDelete pulumi.BoolPtrInput
	// The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
	RetiringPrincipal pulumi.StringPtrInput
}

The set of arguments for constructing a Grant resource.

func (GrantArgs) ElementType 

func (GrantArgs) ElementType() reflect.Type

type GrantArray added in v3.25.0 

type GrantArray []GrantInput

func (GrantArray) ElementType added in v3.25.0 

func (GrantArray) ElementType() reflect.Type

func (GrantArray) ToGrantArrayOutput added in v3.25.0 

func (i GrantArray) ToGrantArrayOutput() GrantArrayOutput

func (GrantArray) ToGrantArrayOutputWithContext added in v3.25.0 

func (i GrantArray) ToGrantArrayOutputWithContext(ctx context.Context) GrantArrayOutput

type GrantArrayInput added in v3.25.0 

type GrantArrayInput interface {
	pulumi.Input

	ToGrantArrayOutput() GrantArrayOutput
	ToGrantArrayOutputWithContext(context.Context) GrantArrayOutput
}

GrantArrayInput is an input type that accepts GrantArray and GrantArrayOutput values. You can construct a concrete instance of `GrantArrayInput` via: 

GrantArray{ GrantArgs{...} }

type GrantArrayOutput added in v3.25.0 

type GrantArrayOutput struct{ *pulumi.OutputState }

func (GrantArrayOutput) ElementType added in v3.25.0 

func (GrantArrayOutput) ElementType() reflect.Type

func (GrantArrayOutput) Index added in v3.25.0 

func (o GrantArrayOutput) Index(i pulumi.IntInput) GrantOutput

func (GrantArrayOutput) ToGrantArrayOutput added in v3.25.0 

func (o GrantArrayOutput) ToGrantArrayOutput() GrantArrayOutput

func (GrantArrayOutput) ToGrantArrayOutputWithContext added in v3.25.0 

func (o GrantArrayOutput) ToGrantArrayOutputWithContext(ctx context.Context) GrantArrayOutput

type GrantConstraint 

type GrantConstraint struct {
	// A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`.
	EncryptionContextEquals map[string]string `pulumi:"encryptionContextEquals"`
	// A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`.
	EncryptionContextSubset map[string]string `pulumi:"encryptionContextSubset"`
}

type GrantConstraintArgs 

type GrantConstraintArgs struct {
	// A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`.
	EncryptionContextEquals pulumi.StringMapInput `pulumi:"encryptionContextEquals"`
	// A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`.
	EncryptionContextSubset pulumi.StringMapInput `pulumi:"encryptionContextSubset"`
}

func (GrantConstraintArgs) ElementType 

func (GrantConstraintArgs) ElementType() reflect.Type

func (GrantConstraintArgs) ToGrantConstraintOutput 

func (i GrantConstraintArgs) ToGrantConstraintOutput() GrantConstraintOutput

func (GrantConstraintArgs) ToGrantConstraintOutputWithContext 

func (i GrantConstraintArgs) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput

type GrantConstraintArray 

type GrantConstraintArray []GrantConstraintInput

func (GrantConstraintArray) ElementType 

func (GrantConstraintArray) ElementType() reflect.Type

func (GrantConstraintArray) ToGrantConstraintArrayOutput 

func (i GrantConstraintArray) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput

func (GrantConstraintArray) ToGrantConstraintArrayOutputWithContext 

func (i GrantConstraintArray) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput

type GrantConstraintArrayInput 

type GrantConstraintArrayInput interface {
	pulumi.Input

	ToGrantConstraintArrayOutput() GrantConstraintArrayOutput
	ToGrantConstraintArrayOutputWithContext(context.Context) GrantConstraintArrayOutput
}

GrantConstraintArrayInput is an input type that accepts GrantConstraintArray and GrantConstraintArrayOutput values. You can construct a concrete instance of `GrantConstraintArrayInput` via: 

GrantConstraintArray{ GrantConstraintArgs{...} }

type GrantConstraintArrayOutput 

type GrantConstraintArrayOutput struct{ *pulumi.OutputState }

func (GrantConstraintArrayOutput) ElementType 

func (GrantConstraintArrayOutput) ElementType() reflect.Type

func (GrantConstraintArrayOutput) Index 

func (o GrantConstraintArrayOutput) Index(i pulumi.IntInput) GrantConstraintOutput

func (GrantConstraintArrayOutput) ToGrantConstraintArrayOutput 

func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput

func (GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext 

func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput

type GrantConstraintInput 

type GrantConstraintInput interface {
	pulumi.Input

	ToGrantConstraintOutput() GrantConstraintOutput
	ToGrantConstraintOutputWithContext(context.Context) GrantConstraintOutput
}

GrantConstraintInput is an input type that accepts GrantConstraintArgs and GrantConstraintOutput values. You can construct a concrete instance of `GrantConstraintInput` via: 

GrantConstraintArgs{...}

type GrantConstraintOutput 

type GrantConstraintOutput struct{ *pulumi.OutputState }

func (GrantConstraintOutput) ElementType 

func (GrantConstraintOutput) ElementType() reflect.Type

func (GrantConstraintOutput) EncryptionContextEquals 

func (o GrantConstraintOutput) EncryptionContextEquals() pulumi.StringMapOutput

A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`.

func (GrantConstraintOutput) EncryptionContextSubset 

func (o GrantConstraintOutput) EncryptionContextSubset() pulumi.StringMapOutput

A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`.

func (GrantConstraintOutput) ToGrantConstraintOutput 

func (o GrantConstraintOutput) ToGrantConstraintOutput() GrantConstraintOutput

func (GrantConstraintOutput) ToGrantConstraintOutputWithContext 

func (o GrantConstraintOutput) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput

type GrantInput added in v3.13.0 

type GrantInput interface {
	pulumi.Input

	ToGrantOutput() GrantOutput
	ToGrantOutputWithContext(ctx context.Context) GrantOutput
}

type GrantMap added in v3.25.0 

type GrantMap map[string]GrantInput

func (GrantMap) ElementType added in v3.25.0 

func (GrantMap) ElementType() reflect.Type

func (GrantMap) ToGrantMapOutput added in v3.25.0 

func (i GrantMap) ToGrantMapOutput() GrantMapOutput

func (GrantMap) ToGrantMapOutputWithContext added in v3.25.0 

func (i GrantMap) ToGrantMapOutputWithContext(ctx context.Context) GrantMapOutput

type GrantMapInput added in v3.25.0 

type GrantMapInput interface {
	pulumi.Input

	ToGrantMapOutput() GrantMapOutput
	ToGrantMapOutputWithContext(context.Context) GrantMapOutput
}

GrantMapInput is an input type that accepts GrantMap and GrantMapOutput values. You can construct a concrete instance of `GrantMapInput` via: 

GrantMap{ "key": GrantArgs{...} }

type GrantMapOutput added in v3.25.0 

type GrantMapOutput struct{ *pulumi.OutputState }

func (GrantMapOutput) ElementType added in v3.25.0 

func (GrantMapOutput) ElementType() reflect.Type

func (GrantMapOutput) MapIndex added in v3.25.0 

func (o GrantMapOutput) MapIndex(k pulumi.StringInput) GrantOutput

func (GrantMapOutput) ToGrantMapOutput added in v3.25.0 

func (o GrantMapOutput) ToGrantMapOutput() GrantMapOutput

func (GrantMapOutput) ToGrantMapOutputWithContext added in v3.25.0 

func (o GrantMapOutput) ToGrantMapOutputWithContext(ctx context.Context) GrantMapOutput

type GrantOutput added in v3.13.0 

type GrantOutput struct {
	*pulumi.OutputState
}

func (GrantOutput) ElementType added in v3.13.0 

func (GrantOutput) ElementType() reflect.Type

func (GrantOutput) ToGrantOutput added in v3.13.0 

func (o GrantOutput) ToGrantOutput() GrantOutput

func (GrantOutput) ToGrantOutputWithContext added in v3.13.0 

func (o GrantOutput) ToGrantOutputWithContext(ctx context.Context) GrantOutput

func (GrantOutput) ToGrantPtrOutput added in v3.25.0 

func (o GrantOutput) ToGrantPtrOutput() GrantPtrOutput

func (GrantOutput) ToGrantPtrOutputWithContext added in v3.25.0 

func (o GrantOutput) ToGrantPtrOutputWithContext(ctx context.Context) GrantPtrOutput

type GrantPtrInput added in v3.25.0 

type GrantPtrInput interface {
	pulumi.Input

	ToGrantPtrOutput() GrantPtrOutput
	ToGrantPtrOutputWithContext(ctx context.Context) GrantPtrOutput
}

type GrantPtrOutput added in v3.25.0 

type GrantPtrOutput struct {
	*pulumi.OutputState
}

func (GrantPtrOutput) ElementType added in v3.25.0 

func (GrantPtrOutput) ElementType() reflect.Type

func (GrantPtrOutput) ToGrantPtrOutput added in v3.25.0 

func (o GrantPtrOutput) ToGrantPtrOutput() GrantPtrOutput

func (GrantPtrOutput) ToGrantPtrOutputWithContext added in v3.25.0 

func (o GrantPtrOutput) ToGrantPtrOutputWithContext(ctx context.Context) GrantPtrOutput

type GrantState 

type GrantState struct {
	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints GrantConstraintArrayInput
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	GrantCreationTokens pulumi.StringArrayInput
	// The unique identifier for the grant.
	GrantId pulumi.StringPtrInput
	// The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).
	GrantToken pulumi.StringPtrInput
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal pulumi.StringPtrInput
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId pulumi.StringPtrInput
	// A friendly name for identifying the grant.
	Name pulumi.StringPtrInput
	// A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.
	Operations pulumi.StringArrayInput
	// -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	RetireOnDelete pulumi.BoolPtrInput
	// The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
	RetiringPrincipal pulumi.StringPtrInput
}

func (GrantState) ElementType 

func (GrantState) ElementType() reflect.Type

type Key 

type Key struct {
	pulumi.CustomResourceState

	// The Amazon Resource Name (ARN) of the key.
	Arn pulumi.StringOutput `pulumi:"arn"`
	// Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports.
	// Valid values: `SYMMETRIC_DEFAULT`,  `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).
	CustomerMasterKeySpec pulumi.StringPtrOutput `pulumi:"customerMasterKeySpec"`
	// Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"`
	// The description of the key as viewed in AWS console.
	Description pulumi.StringOutput `pulumi:"description"`
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false.
	EnableKeyRotation pulumi.BoolPtrOutput `pulumi:"enableKeyRotation"`
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled pulumi.BoolPtrOutput `pulumi:"isEnabled"`
	// The globally unique identifier for the key.
	KeyId pulumi.StringOutput `pulumi:"keyId"`
	// Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
	// Defaults to `ENCRYPT_DECRYPT`.
	KeyUsage pulumi.StringPtrOutput `pulumi:"keyUsage"`
	// A valid policy JSON document.
	Policy pulumi.StringOutput `pulumi:"policy"`
	// A map of tags to assign to the object.
	Tags pulumi.StringMapOutput `pulumi:"tags"`
}

Provides a KMS customer master key.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.NewKey(ctx, "key", &kms.KeyArgs{
			DeletionWindowInDays: pulumi.Int(10),
			Description:          pulumi.String("KMS key 1"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

KMS Keys can be imported using the `id`, e.g.

```sh 

$ pulumi import aws:kms/key:Key a 1234abcd-12ab-34cd-56ef-1234567890ab

```

func GetKey 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

func (*Key) ElementType added in v3.13.0 

func (*Key) ElementType() reflect.Type

func (*Key) ToKeyOutput added in v3.13.0 

func (i *Key) ToKeyOutput() KeyOutput

func (*Key) ToKeyOutputWithContext added in v3.13.0 

func (i *Key) ToKeyOutputWithContext(ctx context.Context) KeyOutput

func (*Key) ToKeyPtrOutput added in v3.25.0 

func (i *Key) ToKeyPtrOutput() KeyPtrOutput

func (*Key) ToKeyPtrOutputWithContext added in v3.25.0 

func (i *Key) ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput

type KeyArgs 

type KeyArgs struct {
	// Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports.
	// Valid values: `SYMMETRIC_DEFAULT`,  `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).
	CustomerMasterKeySpec pulumi.StringPtrInput
	// Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays pulumi.IntPtrInput
	// The description of the key as viewed in AWS console.
	Description pulumi.StringPtrInput
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false.
	EnableKeyRotation pulumi.BoolPtrInput
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled pulumi.BoolPtrInput
	// Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
	// Defaults to `ENCRYPT_DECRYPT`.
	KeyUsage pulumi.StringPtrInput
	// A valid policy JSON document.
	Policy pulumi.StringPtrInput
	// A map of tags to assign to the object.
	Tags pulumi.StringMapInput
}

The set of arguments for constructing a Key resource.

func (KeyArgs) ElementType 

func (KeyArgs) ElementType() reflect.Type

type KeyArray added in v3.25.0 

type KeyArray []KeyInput

func (KeyArray) ElementType added in v3.25.0 

func (KeyArray) ElementType() reflect.Type

func (KeyArray) ToKeyArrayOutput added in v3.25.0 

func (i KeyArray) ToKeyArrayOutput() KeyArrayOutput

func (KeyArray) ToKeyArrayOutputWithContext added in v3.25.0 

func (i KeyArray) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput

type KeyArrayInput added in v3.25.0 

type KeyArrayInput interface {
	pulumi.Input

	ToKeyArrayOutput() KeyArrayOutput
	ToKeyArrayOutputWithContext(context.Context) KeyArrayOutput
}

KeyArrayInput is an input type that accepts KeyArray and KeyArrayOutput values. You can construct a concrete instance of `KeyArrayInput` via: 

KeyArray{ KeyArgs{...} }

type KeyArrayOutput added in v3.25.0 

type KeyArrayOutput struct{ *pulumi.OutputState }

func (KeyArrayOutput) ElementType added in v3.25.0 

func (KeyArrayOutput) ElementType() reflect.Type

func (KeyArrayOutput) Index added in v3.25.0 

func (o KeyArrayOutput) Index(i pulumi.IntInput) KeyOutput

func (KeyArrayOutput) ToKeyArrayOutput added in v3.25.0 

func (o KeyArrayOutput) ToKeyArrayOutput() KeyArrayOutput

func (KeyArrayOutput) ToKeyArrayOutputWithContext added in v3.25.0 

func (o KeyArrayOutput) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput

type KeyInput added in v3.13.0 

type KeyInput interface {
	pulumi.Input

	ToKeyOutput() KeyOutput
	ToKeyOutputWithContext(ctx context.Context) KeyOutput
}

type KeyMap added in v3.25.0 

type KeyMap map[string]KeyInput

func (KeyMap) ElementType added in v3.25.0 

func (KeyMap) ElementType() reflect.Type

func (KeyMap) ToKeyMapOutput added in v3.25.0 

func (i KeyMap) ToKeyMapOutput() KeyMapOutput

func (KeyMap) ToKeyMapOutputWithContext added in v3.25.0 

func (i KeyMap) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput

type KeyMapInput added in v3.25.0 

type KeyMapInput interface {
	pulumi.Input

	ToKeyMapOutput() KeyMapOutput
	ToKeyMapOutputWithContext(context.Context) KeyMapOutput
}

KeyMapInput is an input type that accepts KeyMap and KeyMapOutput values. You can construct a concrete instance of `KeyMapInput` via: 

KeyMap{ "key": KeyArgs{...} }

type KeyMapOutput added in v3.25.0 

type KeyMapOutput struct{ *pulumi.OutputState }

func (KeyMapOutput) ElementType added in v3.25.0 

func (KeyMapOutput) ElementType() reflect.Type

func (KeyMapOutput) MapIndex added in v3.25.0 

func (o KeyMapOutput) MapIndex(k pulumi.StringInput) KeyOutput

func (KeyMapOutput) ToKeyMapOutput added in v3.25.0 

func (o KeyMapOutput) ToKeyMapOutput() KeyMapOutput

func (KeyMapOutput) ToKeyMapOutputWithContext added in v3.25.0 

func (o KeyMapOutput) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput

type KeyOutput added in v3.13.0 

type KeyOutput struct {
	*pulumi.OutputState
}

func (KeyOutput) ElementType added in v3.13.0 

func (KeyOutput) ElementType() reflect.Type

func (KeyOutput) ToKeyOutput added in v3.13.0 

func (o KeyOutput) ToKeyOutput() KeyOutput

func (KeyOutput) ToKeyOutputWithContext added in v3.13.0 

func (o KeyOutput) ToKeyOutputWithContext(ctx context.Context) KeyOutput

func (KeyOutput) ToKeyPtrOutput added in v3.25.0 

func (o KeyOutput) ToKeyPtrOutput() KeyPtrOutput

func (KeyOutput) ToKeyPtrOutputWithContext added in v3.25.0 

func (o KeyOutput) ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput

type KeyPtrInput added in v3.25.0 

type KeyPtrInput interface {
	pulumi.Input

	ToKeyPtrOutput() KeyPtrOutput
	ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput
}

type KeyPtrOutput added in v3.25.0 

type KeyPtrOutput struct {
	*pulumi.OutputState
}

func (KeyPtrOutput) ElementType added in v3.25.0 

func (KeyPtrOutput) ElementType() reflect.Type

func (KeyPtrOutput) ToKeyPtrOutput added in v3.25.0 

func (o KeyPtrOutput) ToKeyPtrOutput() KeyPtrOutput

func (KeyPtrOutput) ToKeyPtrOutputWithContext added in v3.25.0 

func (o KeyPtrOutput) ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput

type KeyState 

type KeyState struct {
	// The Amazon Resource Name (ARN) of the key.
	Arn pulumi.StringPtrInput
	// Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports.
	// Valid values: `SYMMETRIC_DEFAULT`,  `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).
	CustomerMasterKeySpec pulumi.StringPtrInput
	// Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays pulumi.IntPtrInput
	// The description of the key as viewed in AWS console.
	Description pulumi.StringPtrInput
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false.
	EnableKeyRotation pulumi.BoolPtrInput
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled pulumi.BoolPtrInput
	// The globally unique identifier for the key.
	KeyId pulumi.StringPtrInput
	// Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
	// Defaults to `ENCRYPT_DECRYPT`.
	KeyUsage pulumi.StringPtrInput
	// A valid policy JSON document.
	Policy pulumi.StringPtrInput
	// A map of tags to assign to the object.
	Tags pulumi.StringMapInput
}

func (KeyState) ElementType 

func (KeyState) ElementType() reflect.Type

type LookupAliasArgs 

type LookupAliasArgs struct {
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name string `pulumi:"name"`
}

A collection of arguments for invoking getAlias.

type LookupAliasResult 

type LookupAliasResult struct {
	// The Amazon Resource Name(ARN) of the key alias.
	Arn string `pulumi:"arn"`
	// The provider-assigned unique ID for this managed resource.
	Id   string `pulumi:"id"`
	Name string `pulumi:"name"`
	// ARN pointed to by the alias.
	TargetKeyArn string `pulumi:"targetKeyArn"`
	// Key identifier pointed to by the alias.
	TargetKeyId string `pulumi:"targetKeyId"`
}

A collection of values returned by getAlias.

func LookupAlias 

func LookupAlias(ctx *pulumi.Context, args *LookupAliasArgs, opts ...pulumi.InvokeOption) (*LookupAliasResult, error)

Use this data source to get the ARN of a KMS key alias. By using this data source, you can reference key alias without having to hard code the ARN as input.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.LookupAlias(ctx, &kms.LookupAliasArgs{
			Name: "alias/aws/s3",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupKeyArgs 

type LookupKeyArgs struct {
	// List of grant tokens
	GrantTokens []string `pulumi:"grantTokens"`
	// Key identifier which can be one of the following format:
	// * Key ID. E.g: `1234abcd-12ab-34cd-56ef-1234567890ab`
	// * Key ARN. E.g.: `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
	// * Alias name. E.g.: `alias/my-key`
	// * Alias ARN: E.g.: `arn:aws:kms:us-east-1:111122223333:alias/my-key`
	KeyId string `pulumi:"keyId"`
}

A collection of arguments for invoking getKey.

type LookupKeyResult 

type LookupKeyResult struct {
	Arn                   string   `pulumi:"arn"`
	AwsAccountId          string   `pulumi:"awsAccountId"`
	CreationDate          string   `pulumi:"creationDate"`
	CustomerMasterKeySpec string   `pulumi:"customerMasterKeySpec"`
	DeletionDate          string   `pulumi:"deletionDate"`
	Description           string   `pulumi:"description"`
	Enabled               bool     `pulumi:"enabled"`
	ExpirationModel       string   `pulumi:"expirationModel"`
	GrantTokens           []string `pulumi:"grantTokens"`
	// The provider-assigned unique ID for this managed resource.
	Id         string `pulumi:"id"`
	KeyId      string `pulumi:"keyId"`
	KeyManager string `pulumi:"keyManager"`
	KeyState   string `pulumi:"keyState"`
	KeyUsage   string `pulumi:"keyUsage"`
	Origin     string `pulumi:"origin"`
	ValidTo    string `pulumi:"validTo"`
}

A collection of values returned by getKey.

func LookupKey 

func LookupKey(ctx *pulumi.Context, args *LookupKeyArgs, opts ...pulumi.InvokeOption) (*LookupKeyResult, error)

Use this data source to get detailed information about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.

## Example Usage

```go package main

import ( 

"github.com/pulumi/pulumi-aws/sdk/v3/go/aws/kms"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := kms.LookupKey(ctx, &kms.LookupKeyArgs{
			KeyId: "alias/my-key",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{
			KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{
			KeyId: "arn:aws:kms:us-east-1:111122223333:alias/my-key",
		}, nil)
		if err != nil {
			return err
		}
		_, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{
			KeyId: "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.