Documentation ¶
Index ¶
- type Alias
- type AliasArgs
- type AliasArray
- type AliasArrayInput
- type AliasArrayOutput
- type AliasInput
- type AliasMap
- type AliasMapInput
- type AliasMapOutput
- type AliasOutput
- func (AliasOutput) ElementType() reflect.Type
- func (o AliasOutput) ToAliasOutput() AliasOutput
- func (o AliasOutput) ToAliasOutputWithContext(ctx context.Context) AliasOutput
- func (o AliasOutput) ToAliasPtrOutput() AliasPtrOutput
- func (o AliasOutput) ToAliasPtrOutputWithContext(ctx context.Context) AliasPtrOutput
- type AliasPtrInput
- type AliasPtrOutput
- type AliasState
- type Ciphertext
- func (*Ciphertext) ElementType() reflect.Type
- func (i *Ciphertext) ToCiphertextOutput() CiphertextOutput
- func (i *Ciphertext) ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput
- func (i *Ciphertext) ToCiphertextPtrOutput() CiphertextPtrOutput
- func (i *Ciphertext) ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput
- type CiphertextArgs
- type CiphertextArray
- type CiphertextArrayInput
- type CiphertextArrayOutput
- func (CiphertextArrayOutput) ElementType() reflect.Type
- func (o CiphertextArrayOutput) Index(i pulumi.IntInput) CiphertextOutput
- func (o CiphertextArrayOutput) ToCiphertextArrayOutput() CiphertextArrayOutput
- func (o CiphertextArrayOutput) ToCiphertextArrayOutputWithContext(ctx context.Context) CiphertextArrayOutput
- type CiphertextInput
- type CiphertextMap
- type CiphertextMapInput
- type CiphertextMapOutput
- func (CiphertextMapOutput) ElementType() reflect.Type
- func (o CiphertextMapOutput) MapIndex(k pulumi.StringInput) CiphertextOutput
- func (o CiphertextMapOutput) ToCiphertextMapOutput() CiphertextMapOutput
- func (o CiphertextMapOutput) ToCiphertextMapOutputWithContext(ctx context.Context) CiphertextMapOutput
- type CiphertextOutput
- func (CiphertextOutput) ElementType() reflect.Type
- func (o CiphertextOutput) ToCiphertextOutput() CiphertextOutput
- func (o CiphertextOutput) ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput
- func (o CiphertextOutput) ToCiphertextPtrOutput() CiphertextPtrOutput
- func (o CiphertextOutput) ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput
- type CiphertextPtrInput
- type CiphertextPtrOutput
- type CiphertextState
- type ExternalKey
- func (*ExternalKey) ElementType() reflect.Type
- func (i *ExternalKey) ToExternalKeyOutput() ExternalKeyOutput
- func (i *ExternalKey) ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput
- func (i *ExternalKey) ToExternalKeyPtrOutput() ExternalKeyPtrOutput
- func (i *ExternalKey) ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput
- type ExternalKeyArgs
- type ExternalKeyArray
- type ExternalKeyArrayInput
- type ExternalKeyArrayOutput
- func (ExternalKeyArrayOutput) ElementType() reflect.Type
- func (o ExternalKeyArrayOutput) Index(i pulumi.IntInput) ExternalKeyOutput
- func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutput() ExternalKeyArrayOutput
- func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutputWithContext(ctx context.Context) ExternalKeyArrayOutput
- type ExternalKeyInput
- type ExternalKeyMap
- type ExternalKeyMapInput
- type ExternalKeyMapOutput
- func (ExternalKeyMapOutput) ElementType() reflect.Type
- func (o ExternalKeyMapOutput) MapIndex(k pulumi.StringInput) ExternalKeyOutput
- func (o ExternalKeyMapOutput) ToExternalKeyMapOutput() ExternalKeyMapOutput
- func (o ExternalKeyMapOutput) ToExternalKeyMapOutputWithContext(ctx context.Context) ExternalKeyMapOutput
- type ExternalKeyOutput
- func (ExternalKeyOutput) ElementType() reflect.Type
- func (o ExternalKeyOutput) ToExternalKeyOutput() ExternalKeyOutput
- func (o ExternalKeyOutput) ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput
- func (o ExternalKeyOutput) ToExternalKeyPtrOutput() ExternalKeyPtrOutput
- func (o ExternalKeyOutput) ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput
- type ExternalKeyPtrInput
- type ExternalKeyPtrOutput
- type ExternalKeyState
- type GetCipherTextArgs
- type GetCipherTextResult
- type GetPublicKeyArgs
- type GetPublicKeyResult
- type GetSecretArgs
- type GetSecretResult
- type GetSecretSecret
- type GetSecretSecretArgs
- type GetSecretSecretArray
- type GetSecretSecretArrayInput
- type GetSecretSecretArrayOutput
- func (GetSecretSecretArrayOutput) ElementType() reflect.Type
- func (o GetSecretSecretArrayOutput) Index(i pulumi.IntInput) GetSecretSecretOutput
- func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput
- func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput
- type GetSecretSecretInput
- type GetSecretSecretOutput
- func (o GetSecretSecretOutput) Context() pulumi.StringMapOutput
- func (GetSecretSecretOutput) ElementType() reflect.Type
- func (o GetSecretSecretOutput) GrantTokens() pulumi.StringArrayOutput
- func (o GetSecretSecretOutput) Name() pulumi.StringOutput
- func (o GetSecretSecretOutput) Payload() pulumi.StringOutput
- func (o GetSecretSecretOutput) ToGetSecretSecretOutput() GetSecretSecretOutput
- func (o GetSecretSecretOutput) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput
- type GetSecretsArgs
- type GetSecretsResult
- type GetSecretsSecret
- type GetSecretsSecretArgs
- type GetSecretsSecretArray
- type GetSecretsSecretArrayInput
- type GetSecretsSecretArrayOutput
- func (GetSecretsSecretArrayOutput) ElementType() reflect.Type
- func (o GetSecretsSecretArrayOutput) Index(i pulumi.IntInput) GetSecretsSecretOutput
- func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput
- func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput
- type GetSecretsSecretInput
- type GetSecretsSecretOutput
- func (o GetSecretsSecretOutput) Context() pulumi.StringMapOutput
- func (GetSecretsSecretOutput) ElementType() reflect.Type
- func (o GetSecretsSecretOutput) GrantTokens() pulumi.StringArrayOutput
- func (o GetSecretsSecretOutput) Name() pulumi.StringOutput
- func (o GetSecretsSecretOutput) Payload() pulumi.StringOutput
- func (o GetSecretsSecretOutput) ToGetSecretsSecretOutput() GetSecretsSecretOutput
- func (o GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput
- type Grant
- type GrantArgs
- type GrantArray
- type GrantArrayInput
- type GrantArrayOutput
- type GrantConstraint
- type GrantConstraintArgs
- type GrantConstraintArray
- type GrantConstraintArrayInput
- type GrantConstraintArrayOutput
- func (GrantConstraintArrayOutput) ElementType() reflect.Type
- func (o GrantConstraintArrayOutput) Index(i pulumi.IntInput) GrantConstraintOutput
- func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput
- func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput
- type GrantConstraintInput
- type GrantConstraintOutput
- func (GrantConstraintOutput) ElementType() reflect.Type
- func (o GrantConstraintOutput) EncryptionContextEquals() pulumi.StringMapOutput
- func (o GrantConstraintOutput) EncryptionContextSubset() pulumi.StringMapOutput
- func (o GrantConstraintOutput) ToGrantConstraintOutput() GrantConstraintOutput
- func (o GrantConstraintOutput) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput
- type GrantInput
- type GrantMap
- type GrantMapInput
- type GrantMapOutput
- type GrantOutput
- func (GrantOutput) ElementType() reflect.Type
- func (o GrantOutput) ToGrantOutput() GrantOutput
- func (o GrantOutput) ToGrantOutputWithContext(ctx context.Context) GrantOutput
- func (o GrantOutput) ToGrantPtrOutput() GrantPtrOutput
- func (o GrantOutput) ToGrantPtrOutputWithContext(ctx context.Context) GrantPtrOutput
- type GrantPtrInput
- type GrantPtrOutput
- type GrantState
- type Key
- type KeyArgs
- type KeyArray
- type KeyArrayInput
- type KeyArrayOutput
- type KeyInput
- type KeyMap
- type KeyMapInput
- type KeyMapOutput
- type KeyOutput
- type KeyPtrInput
- type KeyPtrOutput
- type KeyState
- type LookupAliasArgs
- type LookupAliasResult
- type LookupKeyArgs
- type LookupKeyResult
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Alias ¶
type Alias struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) of the key alias. Arn pulumi.StringOutput `pulumi:"arn"` // The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/) Name pulumi.StringOutput `pulumi:"name"` // Creates an unique alias beginning with the specified prefix. // The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with `name`. NamePrefix pulumi.StringOutput `pulumi:"namePrefix"` // The Amazon Resource Name (ARN) of the target key identifier. TargetKeyArn pulumi.StringOutput `pulumi:"targetKeyArn"` // Identifier for the key for which the alias is for, can be either an ARN or key_id. TargetKeyId pulumi.StringOutput `pulumi:"targetKeyId"` }
Provides an alias for a KMS customer master key. AWS Console enforces 1-to-1 mapping between aliases & keys, but API (hence this provider too) allows you to create as many aliases as the [account limits](http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) allow you.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { key, err := kms.NewKey(ctx, "key", nil) if err != nil { return err } _, err = kms.NewAlias(ctx, "alias", &kms.AliasArgs{ TargetKeyId: key.KeyId, }) if err != nil { return err } return nil }) }
```
## Import
KMS aliases can be imported using the `name`, e.g.
```sh
$ pulumi import aws:kms/alias:Alias a alias/my-key-alias
```
func GetAlias ¶
func GetAlias(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AliasState, opts ...pulumi.ResourceOption) (*Alias, error)
GetAlias gets an existing Alias resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAlias ¶
func NewAlias(ctx *pulumi.Context, name string, args *AliasArgs, opts ...pulumi.ResourceOption) (*Alias, error)
NewAlias registers a new resource with the given unique name, arguments, and options.
func (*Alias) ElementType ¶
func (*Alias) ToAliasOutput ¶
func (i *Alias) ToAliasOutput() AliasOutput
func (*Alias) ToAliasOutputWithContext ¶
func (i *Alias) ToAliasOutputWithContext(ctx context.Context) AliasOutput
func (*Alias) ToAliasPtrOutput ¶
func (i *Alias) ToAliasPtrOutput() AliasPtrOutput
func (*Alias) ToAliasPtrOutputWithContext ¶
func (i *Alias) ToAliasPtrOutputWithContext(ctx context.Context) AliasPtrOutput
type AliasArgs ¶
type AliasArgs struct { // The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/) Name pulumi.StringPtrInput // Creates an unique alias beginning with the specified prefix. // The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with `name`. NamePrefix pulumi.StringPtrInput // Identifier for the key for which the alias is for, can be either an ARN or key_id. TargetKeyId pulumi.StringInput }
The set of arguments for constructing a Alias resource.
func (AliasArgs) ElementType ¶
type AliasArray ¶
type AliasArray []AliasInput
func (AliasArray) ElementType ¶
func (AliasArray) ElementType() reflect.Type
func (AliasArray) ToAliasArrayOutput ¶
func (i AliasArray) ToAliasArrayOutput() AliasArrayOutput
func (AliasArray) ToAliasArrayOutputWithContext ¶
func (i AliasArray) ToAliasArrayOutputWithContext(ctx context.Context) AliasArrayOutput
type AliasArrayInput ¶
type AliasArrayInput interface { pulumi.Input ToAliasArrayOutput() AliasArrayOutput ToAliasArrayOutputWithContext(context.Context) AliasArrayOutput }
AliasArrayInput is an input type that accepts AliasArray and AliasArrayOutput values. You can construct a concrete instance of `AliasArrayInput` via:
AliasArray{ AliasArgs{...} }
type AliasArrayOutput ¶
type AliasArrayOutput struct{ *pulumi.OutputState }
func (AliasArrayOutput) ElementType ¶
func (AliasArrayOutput) ElementType() reflect.Type
func (AliasArrayOutput) Index ¶
func (o AliasArrayOutput) Index(i pulumi.IntInput) AliasOutput
func (AliasArrayOutput) ToAliasArrayOutput ¶
func (o AliasArrayOutput) ToAliasArrayOutput() AliasArrayOutput
func (AliasArrayOutput) ToAliasArrayOutputWithContext ¶
func (o AliasArrayOutput) ToAliasArrayOutputWithContext(ctx context.Context) AliasArrayOutput
type AliasInput ¶
type AliasInput interface { pulumi.Input ToAliasOutput() AliasOutput ToAliasOutputWithContext(ctx context.Context) AliasOutput }
type AliasMap ¶
type AliasMap map[string]AliasInput
func (AliasMap) ElementType ¶
func (AliasMap) ToAliasMapOutput ¶
func (i AliasMap) ToAliasMapOutput() AliasMapOutput
func (AliasMap) ToAliasMapOutputWithContext ¶
func (i AliasMap) ToAliasMapOutputWithContext(ctx context.Context) AliasMapOutput
type AliasMapInput ¶
type AliasMapInput interface { pulumi.Input ToAliasMapOutput() AliasMapOutput ToAliasMapOutputWithContext(context.Context) AliasMapOutput }
AliasMapInput is an input type that accepts AliasMap and AliasMapOutput values. You can construct a concrete instance of `AliasMapInput` via:
AliasMap{ "key": AliasArgs{...} }
type AliasMapOutput ¶
type AliasMapOutput struct{ *pulumi.OutputState }
func (AliasMapOutput) ElementType ¶
func (AliasMapOutput) ElementType() reflect.Type
func (AliasMapOutput) MapIndex ¶
func (o AliasMapOutput) MapIndex(k pulumi.StringInput) AliasOutput
func (AliasMapOutput) ToAliasMapOutput ¶
func (o AliasMapOutput) ToAliasMapOutput() AliasMapOutput
func (AliasMapOutput) ToAliasMapOutputWithContext ¶
func (o AliasMapOutput) ToAliasMapOutputWithContext(ctx context.Context) AliasMapOutput
type AliasOutput ¶
type AliasOutput struct{ *pulumi.OutputState }
func (AliasOutput) ElementType ¶
func (AliasOutput) ElementType() reflect.Type
func (AliasOutput) ToAliasOutput ¶
func (o AliasOutput) ToAliasOutput() AliasOutput
func (AliasOutput) ToAliasOutputWithContext ¶
func (o AliasOutput) ToAliasOutputWithContext(ctx context.Context) AliasOutput
func (AliasOutput) ToAliasPtrOutput ¶
func (o AliasOutput) ToAliasPtrOutput() AliasPtrOutput
func (AliasOutput) ToAliasPtrOutputWithContext ¶
func (o AliasOutput) ToAliasPtrOutputWithContext(ctx context.Context) AliasPtrOutput
type AliasPtrInput ¶
type AliasPtrInput interface { pulumi.Input ToAliasPtrOutput() AliasPtrOutput ToAliasPtrOutputWithContext(ctx context.Context) AliasPtrOutput }
type AliasPtrOutput ¶
type AliasPtrOutput struct{ *pulumi.OutputState }
func (AliasPtrOutput) Elem ¶ added in v4.15.0
func (o AliasPtrOutput) Elem() AliasOutput
func (AliasPtrOutput) ElementType ¶
func (AliasPtrOutput) ElementType() reflect.Type
func (AliasPtrOutput) ToAliasPtrOutput ¶
func (o AliasPtrOutput) ToAliasPtrOutput() AliasPtrOutput
func (AliasPtrOutput) ToAliasPtrOutputWithContext ¶
func (o AliasPtrOutput) ToAliasPtrOutputWithContext(ctx context.Context) AliasPtrOutput
type AliasState ¶
type AliasState struct { // The Amazon Resource Name (ARN) of the key alias. Arn pulumi.StringPtrInput // The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/) Name pulumi.StringPtrInput // Creates an unique alias beginning with the specified prefix. // The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The Amazon Resource Name (ARN) of the target key identifier. TargetKeyArn pulumi.StringPtrInput // Identifier for the key for which the alias is for, can be either an ARN or key_id. TargetKeyId pulumi.StringPtrInput }
func (AliasState) ElementType ¶
func (AliasState) ElementType() reflect.Type
type Ciphertext ¶
type Ciphertext struct { pulumi.CustomResourceState // Base64 encoded ciphertext CiphertextBlob pulumi.StringOutput `pulumi:"ciphertextBlob"` // An optional mapping that makes up the encryption context. Context pulumi.StringMapOutput `pulumi:"context"` // Globally unique key ID for the customer master key. KeyId pulumi.StringOutput `pulumi:"keyId"` // Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file. Plaintext pulumi.StringOutput `pulumi:"plaintext"` }
The KMS ciphertext resource allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this resource is stable across every apply. For a changing ciphertext value each apply, see the `kms.Ciphertext` data source.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { oauthConfig, err := kms.NewKey(ctx, "oauthConfig", &kms.KeyArgs{ Description: pulumi.String("oauth config"), IsEnabled: pulumi.Bool(true), }) if err != nil { return err } _, err = kms.NewCiphertext(ctx, "oauth", &kms.CiphertextArgs{ KeyId: oauthConfig.KeyId, Plaintext: pulumi.String(fmt.Sprintf("%v%v%v%v", "{\n", " \"client_id\": \"e587dbae22222f55da22\",\n", " \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n", "}\n")), }) if err != nil { return err } return nil }) }
```
func GetCiphertext ¶
func GetCiphertext(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CiphertextState, opts ...pulumi.ResourceOption) (*Ciphertext, error)
GetCiphertext gets an existing Ciphertext resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewCiphertext ¶
func NewCiphertext(ctx *pulumi.Context, name string, args *CiphertextArgs, opts ...pulumi.ResourceOption) (*Ciphertext, error)
NewCiphertext registers a new resource with the given unique name, arguments, and options.
func (*Ciphertext) ElementType ¶
func (*Ciphertext) ElementType() reflect.Type
func (*Ciphertext) ToCiphertextOutput ¶
func (i *Ciphertext) ToCiphertextOutput() CiphertextOutput
func (*Ciphertext) ToCiphertextOutputWithContext ¶
func (i *Ciphertext) ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput
func (*Ciphertext) ToCiphertextPtrOutput ¶
func (i *Ciphertext) ToCiphertextPtrOutput() CiphertextPtrOutput
func (*Ciphertext) ToCiphertextPtrOutputWithContext ¶
func (i *Ciphertext) ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput
type CiphertextArgs ¶
type CiphertextArgs struct { // An optional mapping that makes up the encryption context. Context pulumi.StringMapInput // Globally unique key ID for the customer master key. KeyId pulumi.StringInput // Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file. Plaintext pulumi.StringInput }
The set of arguments for constructing a Ciphertext resource.
func (CiphertextArgs) ElementType ¶
func (CiphertextArgs) ElementType() reflect.Type
type CiphertextArray ¶
type CiphertextArray []CiphertextInput
func (CiphertextArray) ElementType ¶
func (CiphertextArray) ElementType() reflect.Type
func (CiphertextArray) ToCiphertextArrayOutput ¶
func (i CiphertextArray) ToCiphertextArrayOutput() CiphertextArrayOutput
func (CiphertextArray) ToCiphertextArrayOutputWithContext ¶
func (i CiphertextArray) ToCiphertextArrayOutputWithContext(ctx context.Context) CiphertextArrayOutput
type CiphertextArrayInput ¶
type CiphertextArrayInput interface { pulumi.Input ToCiphertextArrayOutput() CiphertextArrayOutput ToCiphertextArrayOutputWithContext(context.Context) CiphertextArrayOutput }
CiphertextArrayInput is an input type that accepts CiphertextArray and CiphertextArrayOutput values. You can construct a concrete instance of `CiphertextArrayInput` via:
CiphertextArray{ CiphertextArgs{...} }
type CiphertextArrayOutput ¶
type CiphertextArrayOutput struct{ *pulumi.OutputState }
func (CiphertextArrayOutput) ElementType ¶
func (CiphertextArrayOutput) ElementType() reflect.Type
func (CiphertextArrayOutput) Index ¶
func (o CiphertextArrayOutput) Index(i pulumi.IntInput) CiphertextOutput
func (CiphertextArrayOutput) ToCiphertextArrayOutput ¶
func (o CiphertextArrayOutput) ToCiphertextArrayOutput() CiphertextArrayOutput
func (CiphertextArrayOutput) ToCiphertextArrayOutputWithContext ¶
func (o CiphertextArrayOutput) ToCiphertextArrayOutputWithContext(ctx context.Context) CiphertextArrayOutput
type CiphertextInput ¶
type CiphertextInput interface { pulumi.Input ToCiphertextOutput() CiphertextOutput ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput }
type CiphertextMap ¶
type CiphertextMap map[string]CiphertextInput
func (CiphertextMap) ElementType ¶
func (CiphertextMap) ElementType() reflect.Type
func (CiphertextMap) ToCiphertextMapOutput ¶
func (i CiphertextMap) ToCiphertextMapOutput() CiphertextMapOutput
func (CiphertextMap) ToCiphertextMapOutputWithContext ¶
func (i CiphertextMap) ToCiphertextMapOutputWithContext(ctx context.Context) CiphertextMapOutput
type CiphertextMapInput ¶
type CiphertextMapInput interface { pulumi.Input ToCiphertextMapOutput() CiphertextMapOutput ToCiphertextMapOutputWithContext(context.Context) CiphertextMapOutput }
CiphertextMapInput is an input type that accepts CiphertextMap and CiphertextMapOutput values. You can construct a concrete instance of `CiphertextMapInput` via:
CiphertextMap{ "key": CiphertextArgs{...} }
type CiphertextMapOutput ¶
type CiphertextMapOutput struct{ *pulumi.OutputState }
func (CiphertextMapOutput) ElementType ¶
func (CiphertextMapOutput) ElementType() reflect.Type
func (CiphertextMapOutput) MapIndex ¶
func (o CiphertextMapOutput) MapIndex(k pulumi.StringInput) CiphertextOutput
func (CiphertextMapOutput) ToCiphertextMapOutput ¶
func (o CiphertextMapOutput) ToCiphertextMapOutput() CiphertextMapOutput
func (CiphertextMapOutput) ToCiphertextMapOutputWithContext ¶
func (o CiphertextMapOutput) ToCiphertextMapOutputWithContext(ctx context.Context) CiphertextMapOutput
type CiphertextOutput ¶
type CiphertextOutput struct{ *pulumi.OutputState }
func (CiphertextOutput) ElementType ¶
func (CiphertextOutput) ElementType() reflect.Type
func (CiphertextOutput) ToCiphertextOutput ¶
func (o CiphertextOutput) ToCiphertextOutput() CiphertextOutput
func (CiphertextOutput) ToCiphertextOutputWithContext ¶
func (o CiphertextOutput) ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput
func (CiphertextOutput) ToCiphertextPtrOutput ¶
func (o CiphertextOutput) ToCiphertextPtrOutput() CiphertextPtrOutput
func (CiphertextOutput) ToCiphertextPtrOutputWithContext ¶
func (o CiphertextOutput) ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput
type CiphertextPtrInput ¶
type CiphertextPtrInput interface { pulumi.Input ToCiphertextPtrOutput() CiphertextPtrOutput ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput }
type CiphertextPtrOutput ¶
type CiphertextPtrOutput struct{ *pulumi.OutputState }
func (CiphertextPtrOutput) Elem ¶ added in v4.15.0
func (o CiphertextPtrOutput) Elem() CiphertextOutput
func (CiphertextPtrOutput) ElementType ¶
func (CiphertextPtrOutput) ElementType() reflect.Type
func (CiphertextPtrOutput) ToCiphertextPtrOutput ¶
func (o CiphertextPtrOutput) ToCiphertextPtrOutput() CiphertextPtrOutput
func (CiphertextPtrOutput) ToCiphertextPtrOutputWithContext ¶
func (o CiphertextPtrOutput) ToCiphertextPtrOutputWithContext(ctx context.Context) CiphertextPtrOutput
type CiphertextState ¶
type CiphertextState struct { // Base64 encoded ciphertext CiphertextBlob pulumi.StringPtrInput // An optional mapping that makes up the encryption context. Context pulumi.StringMapInput // Globally unique key ID for the customer master key. KeyId pulumi.StringPtrInput // Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file. Plaintext pulumi.StringPtrInput }
func (CiphertextState) ElementType ¶
func (CiphertextState) ElementType() reflect.Type
type ExternalKey ¶
type ExternalKey struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) of the key. Arn pulumi.StringOutput `pulumi:"arn"` // Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrOutput `pulumi:"bypassPolicyLockoutSafetyCheck"` // Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`. DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"` // Description of the key. Description pulumi.StringPtrOutput `pulumi:"description"` // Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired. Enabled pulumi.BoolOutput `pulumi:"enabled"` // Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`. ExpirationModel pulumi.StringOutput `pulumi:"expirationModel"` // Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material. KeyMaterialBase64 pulumi.StringPtrOutput `pulumi:"keyMaterialBase64"` // The state of the CMK. KeyState pulumi.StringOutput `pulumi:"keyState"` // The cryptographic operations for which you can use the CMK. KeyUsage pulumi.StringOutput `pulumi:"keyUsage"` // A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. Policy pulumi.StringOutput `pulumi:"policy"` // A key-value map of tags to assign to the key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapOutput `pulumi:"tags"` // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"` // Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`) ValidTo pulumi.StringPtrOutput `pulumi:"validTo"` }
Manages a KMS Customer Master Key that uses external key material. To instead manage a KMS Customer Master Key where AWS automatically generates and potentially rotates key material, see the `kms.Key` resource.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewExternalKey(ctx, "example", &kms.ExternalKeyArgs{ Description: pulumi.String("KMS EXTERNAL for AMI encryption"), }) if err != nil { return err } return nil }) }
```
## Import
KMS External Keys can be imported using the `id`, e.g.
```sh
$ pulumi import aws:kms/externalKey:ExternalKey a arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
```
func GetExternalKey ¶
func GetExternalKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ExternalKeyState, opts ...pulumi.ResourceOption) (*ExternalKey, error)
GetExternalKey gets an existing ExternalKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewExternalKey ¶
func NewExternalKey(ctx *pulumi.Context, name string, args *ExternalKeyArgs, opts ...pulumi.ResourceOption) (*ExternalKey, error)
NewExternalKey registers a new resource with the given unique name, arguments, and options.
func (*ExternalKey) ElementType ¶
func (*ExternalKey) ElementType() reflect.Type
func (*ExternalKey) ToExternalKeyOutput ¶
func (i *ExternalKey) ToExternalKeyOutput() ExternalKeyOutput
func (*ExternalKey) ToExternalKeyOutputWithContext ¶
func (i *ExternalKey) ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput
func (*ExternalKey) ToExternalKeyPtrOutput ¶
func (i *ExternalKey) ToExternalKeyPtrOutput() ExternalKeyPtrOutput
func (*ExternalKey) ToExternalKeyPtrOutputWithContext ¶
func (i *ExternalKey) ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput
type ExternalKeyArgs ¶
type ExternalKeyArgs struct { // Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`. DeletionWindowInDays pulumi.IntPtrInput // Description of the key. Description pulumi.StringPtrInput // Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired. Enabled pulumi.BoolPtrInput // Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material. KeyMaterialBase64 pulumi.StringPtrInput // A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. Policy pulumi.StringPtrInput // A key-value map of tags to assign to the key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput // Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`) ValidTo pulumi.StringPtrInput }
The set of arguments for constructing a ExternalKey resource.
func (ExternalKeyArgs) ElementType ¶
func (ExternalKeyArgs) ElementType() reflect.Type
type ExternalKeyArray ¶
type ExternalKeyArray []ExternalKeyInput
func (ExternalKeyArray) ElementType ¶
func (ExternalKeyArray) ElementType() reflect.Type
func (ExternalKeyArray) ToExternalKeyArrayOutput ¶
func (i ExternalKeyArray) ToExternalKeyArrayOutput() ExternalKeyArrayOutput
func (ExternalKeyArray) ToExternalKeyArrayOutputWithContext ¶
func (i ExternalKeyArray) ToExternalKeyArrayOutputWithContext(ctx context.Context) ExternalKeyArrayOutput
type ExternalKeyArrayInput ¶
type ExternalKeyArrayInput interface { pulumi.Input ToExternalKeyArrayOutput() ExternalKeyArrayOutput ToExternalKeyArrayOutputWithContext(context.Context) ExternalKeyArrayOutput }
ExternalKeyArrayInput is an input type that accepts ExternalKeyArray and ExternalKeyArrayOutput values. You can construct a concrete instance of `ExternalKeyArrayInput` via:
ExternalKeyArray{ ExternalKeyArgs{...} }
type ExternalKeyArrayOutput ¶
type ExternalKeyArrayOutput struct{ *pulumi.OutputState }
func (ExternalKeyArrayOutput) ElementType ¶
func (ExternalKeyArrayOutput) ElementType() reflect.Type
func (ExternalKeyArrayOutput) Index ¶
func (o ExternalKeyArrayOutput) Index(i pulumi.IntInput) ExternalKeyOutput
func (ExternalKeyArrayOutput) ToExternalKeyArrayOutput ¶
func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutput() ExternalKeyArrayOutput
func (ExternalKeyArrayOutput) ToExternalKeyArrayOutputWithContext ¶
func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutputWithContext(ctx context.Context) ExternalKeyArrayOutput
type ExternalKeyInput ¶
type ExternalKeyInput interface { pulumi.Input ToExternalKeyOutput() ExternalKeyOutput ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput }
type ExternalKeyMap ¶
type ExternalKeyMap map[string]ExternalKeyInput
func (ExternalKeyMap) ElementType ¶
func (ExternalKeyMap) ElementType() reflect.Type
func (ExternalKeyMap) ToExternalKeyMapOutput ¶
func (i ExternalKeyMap) ToExternalKeyMapOutput() ExternalKeyMapOutput
func (ExternalKeyMap) ToExternalKeyMapOutputWithContext ¶
func (i ExternalKeyMap) ToExternalKeyMapOutputWithContext(ctx context.Context) ExternalKeyMapOutput
type ExternalKeyMapInput ¶
type ExternalKeyMapInput interface { pulumi.Input ToExternalKeyMapOutput() ExternalKeyMapOutput ToExternalKeyMapOutputWithContext(context.Context) ExternalKeyMapOutput }
ExternalKeyMapInput is an input type that accepts ExternalKeyMap and ExternalKeyMapOutput values. You can construct a concrete instance of `ExternalKeyMapInput` via:
ExternalKeyMap{ "key": ExternalKeyArgs{...} }
type ExternalKeyMapOutput ¶
type ExternalKeyMapOutput struct{ *pulumi.OutputState }
func (ExternalKeyMapOutput) ElementType ¶
func (ExternalKeyMapOutput) ElementType() reflect.Type
func (ExternalKeyMapOutput) MapIndex ¶
func (o ExternalKeyMapOutput) MapIndex(k pulumi.StringInput) ExternalKeyOutput
func (ExternalKeyMapOutput) ToExternalKeyMapOutput ¶
func (o ExternalKeyMapOutput) ToExternalKeyMapOutput() ExternalKeyMapOutput
func (ExternalKeyMapOutput) ToExternalKeyMapOutputWithContext ¶
func (o ExternalKeyMapOutput) ToExternalKeyMapOutputWithContext(ctx context.Context) ExternalKeyMapOutput
type ExternalKeyOutput ¶
type ExternalKeyOutput struct{ *pulumi.OutputState }
func (ExternalKeyOutput) ElementType ¶
func (ExternalKeyOutput) ElementType() reflect.Type
func (ExternalKeyOutput) ToExternalKeyOutput ¶
func (o ExternalKeyOutput) ToExternalKeyOutput() ExternalKeyOutput
func (ExternalKeyOutput) ToExternalKeyOutputWithContext ¶
func (o ExternalKeyOutput) ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput
func (ExternalKeyOutput) ToExternalKeyPtrOutput ¶
func (o ExternalKeyOutput) ToExternalKeyPtrOutput() ExternalKeyPtrOutput
func (ExternalKeyOutput) ToExternalKeyPtrOutputWithContext ¶
func (o ExternalKeyOutput) ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput
type ExternalKeyPtrInput ¶
type ExternalKeyPtrInput interface { pulumi.Input ToExternalKeyPtrOutput() ExternalKeyPtrOutput ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput }
type ExternalKeyPtrOutput ¶
type ExternalKeyPtrOutput struct{ *pulumi.OutputState }
func (ExternalKeyPtrOutput) Elem ¶ added in v4.15.0
func (o ExternalKeyPtrOutput) Elem() ExternalKeyOutput
func (ExternalKeyPtrOutput) ElementType ¶
func (ExternalKeyPtrOutput) ElementType() reflect.Type
func (ExternalKeyPtrOutput) ToExternalKeyPtrOutput ¶
func (o ExternalKeyPtrOutput) ToExternalKeyPtrOutput() ExternalKeyPtrOutput
func (ExternalKeyPtrOutput) ToExternalKeyPtrOutputWithContext ¶
func (o ExternalKeyPtrOutput) ToExternalKeyPtrOutputWithContext(ctx context.Context) ExternalKeyPtrOutput
type ExternalKeyState ¶
type ExternalKeyState struct { // The Amazon Resource Name (ARN) of the key. Arn pulumi.StringPtrInput // Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`. DeletionWindowInDays pulumi.IntPtrInput // Description of the key. Description pulumi.StringPtrInput // Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired. Enabled pulumi.BoolPtrInput // Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`. ExpirationModel pulumi.StringPtrInput // Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material. KeyMaterialBase64 pulumi.StringPtrInput // The state of the CMK. KeyState pulumi.StringPtrInput // The cryptographic operations for which you can use the CMK. KeyUsage pulumi.StringPtrInput // A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. Policy pulumi.StringPtrInput // A key-value map of tags to assign to the key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. TagsAll pulumi.StringMapInput // Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`) ValidTo pulumi.StringPtrInput }
func (ExternalKeyState) ElementType ¶
func (ExternalKeyState) ElementType() reflect.Type
type GetCipherTextArgs ¶
type GetCipherTextArgs struct { // An optional mapping that makes up the encryption context. Context map[string]string `pulumi:"context"` // Globally unique key ID for the customer master key. KeyId string `pulumi:"keyId"` // Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file. Plaintext string `pulumi:"plaintext"` }
A collection of arguments for invoking getCipherText.
type GetCipherTextResult ¶
type GetCipherTextResult struct { // Base64 encoded ciphertext CiphertextBlob string `pulumi:"ciphertextBlob"` Context map[string]string `pulumi:"context"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyId string `pulumi:"keyId"` Plaintext string `pulumi:"plaintext"` }
A collection of values returned by getCipherText.
func GetCipherText ¶
func GetCipherText(ctx *pulumi.Context, args *GetCipherTextArgs, opts ...pulumi.InvokeOption) (*GetCipherTextResult, error)
The KMS ciphertext data source allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this data source changes every apply. For a stable ciphertext value, see the `kms.Ciphertext` resource.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { oauthConfig, err := kms.NewKey(ctx, "oauthConfig", &kms.KeyArgs{ Description: pulumi.String("oauth config"), IsEnabled: pulumi.Bool(true), }) if err != nil { return err } return nil }) }
```
type GetPublicKeyArgs ¶ added in v4.2.0
type GetPublicKeyArgs struct { // List of grant tokens GrantTokens []string `pulumi:"grantTokens"` // Key identifier which can be one of the following format: // * Key ID. E.g - `1234abcd-12ab-34cd-56ef-1234567890ab` // * Key ARN. E.g. - `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` // * Alias name. E.g. - `alias/my-key` // * Alias ARN - E.g. - `arn:aws:kms:us-east-1:111122223333:alias/my-key` KeyId string `pulumi:"keyId"` }
A collection of arguments for invoking getPublicKey.
type GetPublicKeyResult ¶ added in v4.2.0
type GetPublicKeyResult struct { // Key ARN of the asymmetric CMK from which the public key was downloaded. Arn string `pulumi:"arn"` // Type of the public key that was downloaded. CustomerMasterKeySpec string `pulumi:"customerMasterKeySpec"` // Encryption algorithms that AWS KMS supports for this key. Only set when the `keyUsage` of the public key is `ENCRYPT_DECRYPT`. EncryptionAlgorithms []string `pulumi:"encryptionAlgorithms"` GrantTokens []string `pulumi:"grantTokens"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyId string `pulumi:"keyId"` // Permitted use of the public key. Valid values are `ENCRYPT_DECRYPT` or `SIGN_VERIFY` KeyUsage string `pulumi:"keyUsage"` // Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in [RFC 5280](https://tools.ietf.org/html/rfc5280). The value is Base64-encoded. PublicKey string `pulumi:"publicKey"` // Signing algorithms that AWS KMS supports for this key. Only set when the `keyUsage` of the public key is `SIGN_VERIFY`. SigningAlgorithms []string `pulumi:"signingAlgorithms"` }
A collection of values returned by getPublicKey.
func GetPublicKey ¶ added in v4.2.0
func GetPublicKey(ctx *pulumi.Context, args *GetPublicKeyArgs, opts ...pulumi.InvokeOption) (*GetPublicKeyResult, error)
Use this data source to get the public key about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{ KeyId: "alias/my-key", }, nil) if err != nil { return err } _, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{ KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab", }, nil) if err != nil { return err } _, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{ KeyId: "arn:aws:kms:us-east-1:111122223333:alias/my-key", }, nil) if err != nil { return err } _, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{ KeyId: "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", }, nil) if err != nil { return err } return nil }) }
```
type GetSecretArgs ¶
type GetSecretArgs struct {
Secrets []GetSecretSecret `pulumi:"secrets"`
}
A collection of arguments for invoking getSecret.
type GetSecretResult ¶
type GetSecretResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Secrets []GetSecretSecret `pulumi:"secrets"` }
A collection of values returned by getSecret.
func GetSecret ¶
func GetSecret(ctx *pulumi.Context, args *GetSecretArgs, opts ...pulumi.InvokeOption) (*GetSecretResult, error)
type GetSecretSecret ¶
type GetSecretSecretArgs ¶
type GetSecretSecretArgs struct { Context pulumi.StringMapInput `pulumi:"context"` GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"` Name pulumi.StringInput `pulumi:"name"` Payload pulumi.StringInput `pulumi:"payload"` }
func (GetSecretSecretArgs) ElementType ¶
func (GetSecretSecretArgs) ElementType() reflect.Type
func (GetSecretSecretArgs) ToGetSecretSecretOutput ¶
func (i GetSecretSecretArgs) ToGetSecretSecretOutput() GetSecretSecretOutput
func (GetSecretSecretArgs) ToGetSecretSecretOutputWithContext ¶
func (i GetSecretSecretArgs) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput
type GetSecretSecretArray ¶
type GetSecretSecretArray []GetSecretSecretInput
func (GetSecretSecretArray) ElementType ¶
func (GetSecretSecretArray) ElementType() reflect.Type
func (GetSecretSecretArray) ToGetSecretSecretArrayOutput ¶
func (i GetSecretSecretArray) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput
func (GetSecretSecretArray) ToGetSecretSecretArrayOutputWithContext ¶
func (i GetSecretSecretArray) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput
type GetSecretSecretArrayInput ¶
type GetSecretSecretArrayInput interface { pulumi.Input ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput ToGetSecretSecretArrayOutputWithContext(context.Context) GetSecretSecretArrayOutput }
GetSecretSecretArrayInput is an input type that accepts GetSecretSecretArray and GetSecretSecretArrayOutput values. You can construct a concrete instance of `GetSecretSecretArrayInput` via:
GetSecretSecretArray{ GetSecretSecretArgs{...} }
type GetSecretSecretArrayOutput ¶
type GetSecretSecretArrayOutput struct{ *pulumi.OutputState }
func (GetSecretSecretArrayOutput) ElementType ¶
func (GetSecretSecretArrayOutput) ElementType() reflect.Type
func (GetSecretSecretArrayOutput) Index ¶
func (o GetSecretSecretArrayOutput) Index(i pulumi.IntInput) GetSecretSecretOutput
func (GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput ¶
func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput
func (GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext ¶
func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput
type GetSecretSecretInput ¶
type GetSecretSecretInput interface { pulumi.Input ToGetSecretSecretOutput() GetSecretSecretOutput ToGetSecretSecretOutputWithContext(context.Context) GetSecretSecretOutput }
GetSecretSecretInput is an input type that accepts GetSecretSecretArgs and GetSecretSecretOutput values. You can construct a concrete instance of `GetSecretSecretInput` via:
GetSecretSecretArgs{...}
type GetSecretSecretOutput ¶
type GetSecretSecretOutput struct{ *pulumi.OutputState }
func (GetSecretSecretOutput) Context ¶
func (o GetSecretSecretOutput) Context() pulumi.StringMapOutput
func (GetSecretSecretOutput) ElementType ¶
func (GetSecretSecretOutput) ElementType() reflect.Type
func (GetSecretSecretOutput) GrantTokens ¶
func (o GetSecretSecretOutput) GrantTokens() pulumi.StringArrayOutput
func (GetSecretSecretOutput) Name ¶
func (o GetSecretSecretOutput) Name() pulumi.StringOutput
func (GetSecretSecretOutput) Payload ¶
func (o GetSecretSecretOutput) Payload() pulumi.StringOutput
func (GetSecretSecretOutput) ToGetSecretSecretOutput ¶
func (o GetSecretSecretOutput) ToGetSecretSecretOutput() GetSecretSecretOutput
func (GetSecretSecretOutput) ToGetSecretSecretOutputWithContext ¶
func (o GetSecretSecretOutput) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput
type GetSecretsArgs ¶
type GetSecretsArgs struct { // One or more encrypted payload definitions from the KMS service. See the Secret Definitions below. Secrets []GetSecretsSecret `pulumi:"secrets"` }
A collection of arguments for invoking getSecrets.
type GetSecretsResult ¶
type GetSecretsResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // Map containing each `secret` `name` as the key with its decrypted plaintext value Plaintext map[string]string `pulumi:"plaintext"` Secrets []GetSecretsSecret `pulumi:"secrets"` }
A collection of values returned by getSecrets.
func GetSecrets ¶
func GetSecrets(ctx *pulumi.Context, args *GetSecretsArgs, opts ...pulumi.InvokeOption) (*GetSecretsResult, error)
Decrypt multiple secrets from data encrypted with the AWS KMS service.
type GetSecretsSecret ¶
type GetSecretsSecret struct { // An optional mapping that makes up the Encryption Context for the secret. Context map[string]string `pulumi:"context"` // An optional list of Grant Tokens for the secret. GrantTokens []string `pulumi:"grantTokens"` // The name to export this secret under in the attributes. Name string `pulumi:"name"` // Base64 encoded payload, as returned from a KMS encrypt operation. Payload string `pulumi:"payload"` }
type GetSecretsSecretArgs ¶
type GetSecretsSecretArgs struct { // An optional mapping that makes up the Encryption Context for the secret. Context pulumi.StringMapInput `pulumi:"context"` // An optional list of Grant Tokens for the secret. GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"` // The name to export this secret under in the attributes. Name pulumi.StringInput `pulumi:"name"` // Base64 encoded payload, as returned from a KMS encrypt operation. Payload pulumi.StringInput `pulumi:"payload"` }
func (GetSecretsSecretArgs) ElementType ¶
func (GetSecretsSecretArgs) ElementType() reflect.Type
func (GetSecretsSecretArgs) ToGetSecretsSecretOutput ¶
func (i GetSecretsSecretArgs) ToGetSecretsSecretOutput() GetSecretsSecretOutput
func (GetSecretsSecretArgs) ToGetSecretsSecretOutputWithContext ¶
func (i GetSecretsSecretArgs) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput
type GetSecretsSecretArray ¶
type GetSecretsSecretArray []GetSecretsSecretInput
func (GetSecretsSecretArray) ElementType ¶
func (GetSecretsSecretArray) ElementType() reflect.Type
func (GetSecretsSecretArray) ToGetSecretsSecretArrayOutput ¶
func (i GetSecretsSecretArray) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput
func (GetSecretsSecretArray) ToGetSecretsSecretArrayOutputWithContext ¶
func (i GetSecretsSecretArray) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput
type GetSecretsSecretArrayInput ¶
type GetSecretsSecretArrayInput interface { pulumi.Input ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput ToGetSecretsSecretArrayOutputWithContext(context.Context) GetSecretsSecretArrayOutput }
GetSecretsSecretArrayInput is an input type that accepts GetSecretsSecretArray and GetSecretsSecretArrayOutput values. You can construct a concrete instance of `GetSecretsSecretArrayInput` via:
GetSecretsSecretArray{ GetSecretsSecretArgs{...} }
type GetSecretsSecretArrayOutput ¶
type GetSecretsSecretArrayOutput struct{ *pulumi.OutputState }
func (GetSecretsSecretArrayOutput) ElementType ¶
func (GetSecretsSecretArrayOutput) ElementType() reflect.Type
func (GetSecretsSecretArrayOutput) Index ¶
func (o GetSecretsSecretArrayOutput) Index(i pulumi.IntInput) GetSecretsSecretOutput
func (GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput ¶
func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput
func (GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext ¶
func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput
type GetSecretsSecretInput ¶
type GetSecretsSecretInput interface { pulumi.Input ToGetSecretsSecretOutput() GetSecretsSecretOutput ToGetSecretsSecretOutputWithContext(context.Context) GetSecretsSecretOutput }
GetSecretsSecretInput is an input type that accepts GetSecretsSecretArgs and GetSecretsSecretOutput values. You can construct a concrete instance of `GetSecretsSecretInput` via:
GetSecretsSecretArgs{...}
type GetSecretsSecretOutput ¶
type GetSecretsSecretOutput struct{ *pulumi.OutputState }
func (GetSecretsSecretOutput) Context ¶
func (o GetSecretsSecretOutput) Context() pulumi.StringMapOutput
An optional mapping that makes up the Encryption Context for the secret.
func (GetSecretsSecretOutput) ElementType ¶
func (GetSecretsSecretOutput) ElementType() reflect.Type
func (GetSecretsSecretOutput) GrantTokens ¶
func (o GetSecretsSecretOutput) GrantTokens() pulumi.StringArrayOutput
An optional list of Grant Tokens for the secret.
func (GetSecretsSecretOutput) Name ¶
func (o GetSecretsSecretOutput) Name() pulumi.StringOutput
The name to export this secret under in the attributes.
func (GetSecretsSecretOutput) Payload ¶
func (o GetSecretsSecretOutput) Payload() pulumi.StringOutput
Base64 encoded payload, as returned from a KMS encrypt operation.
func (GetSecretsSecretOutput) ToGetSecretsSecretOutput ¶
func (o GetSecretsSecretOutput) ToGetSecretsSecretOutput() GetSecretsSecretOutput
func (GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext ¶
func (o GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput
type Grant ¶
type Grant struct { pulumi.CustomResourceState // A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). Constraints GrantConstraintArrayOutput `pulumi:"constraints"` // A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens. GrantCreationTokens pulumi.StringArrayOutput `pulumi:"grantCreationTokens"` // The unique identifier for the grant. GrantId pulumi.StringOutput `pulumi:"grantId"` // The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantToken pulumi.StringOutput `pulumi:"grantToken"` // The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. GranteePrincipal pulumi.StringOutput `pulumi:"granteePrincipal"` // The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. KeyId pulumi.StringOutput `pulumi:"keyId"` // A friendly name for identifying the grant. Name pulumi.StringOutput `pulumi:"name"` // A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`. Operations pulumi.StringArrayOutput `pulumi:"operations"` // -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. // See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information. RetireOnDelete pulumi.BoolPtrOutput `pulumi:"retireOnDelete"` // The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. RetiringPrincipal pulumi.StringPtrOutput `pulumi:"retiringPrincipal"` }
Provides a resource-based access control mechanism for a KMS customer master key.
## Example Usage
```go package main
import (
"fmt" "github.com/pulumi/pulumi-aws/sdk/v4/go/aws/iam" "github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { key, err := kms.NewKey(ctx, "key", nil) if err != nil { return err } role, err := iam.NewRole(ctx, "role", &iam.RoleArgs{ AssumeRolePolicy: pulumi.Any(fmt.Sprintf("%v%v%v%v%v%v%v%v%v%v%v%v%v", "{\n", " \"Version\": \"2012-10-17\",\n", " \"Statement\": [\n", " {\n", " \"Action\": \"sts:AssumeRole\",\n", " \"Principal\": {\n", " \"Service\": \"lambda.amazonaws.com\"\n", " },\n", " \"Effect\": \"Allow\",\n", " \"Sid\": \"\"\n", " }\n", " ]\n", "}\n")), }) if err != nil { return err } _, err = kms.NewGrant(ctx, "grant", &kms.GrantArgs{ KeyId: key.KeyId, GranteePrincipal: role.Arn, Operations: pulumi.StringArray{ pulumi.String("Encrypt"), pulumi.String("Decrypt"), pulumi.String("GenerateDataKey"), }, Constraints: kms.GrantConstraintArray{ &kms.GrantConstraintArgs{ EncryptionContextEquals: pulumi.StringMap{ "Department": pulumi.String("Finance"), }, }, }, }) if err != nil { return err } return nil }) }
```
## Import
KMS Grants can be imported using the Key ID and Grant ID separated by a colon (`:`), e.g.
```sh
$ pulumi import aws:kms/grant:Grant test 1234abcd-12ab-34cd-56ef-1234567890ababcde1237f76e4ba7987489ac329fbfba6ad343d6f7075dbd1ef191f0120514
```
func GetGrant ¶
func GetGrant(ctx *pulumi.Context, name string, id pulumi.IDInput, state *GrantState, opts ...pulumi.ResourceOption) (*Grant, error)
GetGrant gets an existing Grant resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewGrant ¶
func NewGrant(ctx *pulumi.Context, name string, args *GrantArgs, opts ...pulumi.ResourceOption) (*Grant, error)
NewGrant registers a new resource with the given unique name, arguments, and options.
func (*Grant) ElementType ¶
func (*Grant) ToGrantOutput ¶
func (i *Grant) ToGrantOutput() GrantOutput
func (*Grant) ToGrantOutputWithContext ¶
func (i *Grant) ToGrantOutputWithContext(ctx context.Context) GrantOutput
func (*Grant) ToGrantPtrOutput ¶
func (i *Grant) ToGrantPtrOutput() GrantPtrOutput
func (*Grant) ToGrantPtrOutputWithContext ¶
func (i *Grant) ToGrantPtrOutputWithContext(ctx context.Context) GrantPtrOutput
type GrantArgs ¶
type GrantArgs struct { // A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). Constraints GrantConstraintArrayInput // A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens. GrantCreationTokens pulumi.StringArrayInput // The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. GranteePrincipal pulumi.StringInput // The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. KeyId pulumi.StringInput // A friendly name for identifying the grant. Name pulumi.StringPtrInput // A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`. Operations pulumi.StringArrayInput // -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. // See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information. RetireOnDelete pulumi.BoolPtrInput // The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. RetiringPrincipal pulumi.StringPtrInput }
The set of arguments for constructing a Grant resource.
func (GrantArgs) ElementType ¶
type GrantArray ¶
type GrantArray []GrantInput
func (GrantArray) ElementType ¶
func (GrantArray) ElementType() reflect.Type
func (GrantArray) ToGrantArrayOutput ¶
func (i GrantArray) ToGrantArrayOutput() GrantArrayOutput
func (GrantArray) ToGrantArrayOutputWithContext ¶
func (i GrantArray) ToGrantArrayOutputWithContext(ctx context.Context) GrantArrayOutput
type GrantArrayInput ¶
type GrantArrayInput interface { pulumi.Input ToGrantArrayOutput() GrantArrayOutput ToGrantArrayOutputWithContext(context.Context) GrantArrayOutput }
GrantArrayInput is an input type that accepts GrantArray and GrantArrayOutput values. You can construct a concrete instance of `GrantArrayInput` via:
GrantArray{ GrantArgs{...} }
type GrantArrayOutput ¶
type GrantArrayOutput struct{ *pulumi.OutputState }
func (GrantArrayOutput) ElementType ¶
func (GrantArrayOutput) ElementType() reflect.Type
func (GrantArrayOutput) Index ¶
func (o GrantArrayOutput) Index(i pulumi.IntInput) GrantOutput
func (GrantArrayOutput) ToGrantArrayOutput ¶
func (o GrantArrayOutput) ToGrantArrayOutput() GrantArrayOutput
func (GrantArrayOutput) ToGrantArrayOutputWithContext ¶
func (o GrantArrayOutput) ToGrantArrayOutputWithContext(ctx context.Context) GrantArrayOutput
type GrantConstraint ¶
type GrantConstraint struct { // A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`. EncryptionContextEquals map[string]string `pulumi:"encryptionContextEquals"` // A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`. EncryptionContextSubset map[string]string `pulumi:"encryptionContextSubset"` }
type GrantConstraintArgs ¶
type GrantConstraintArgs struct { // A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`. EncryptionContextEquals pulumi.StringMapInput `pulumi:"encryptionContextEquals"` // A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`. EncryptionContextSubset pulumi.StringMapInput `pulumi:"encryptionContextSubset"` }
func (GrantConstraintArgs) ElementType ¶
func (GrantConstraintArgs) ElementType() reflect.Type
func (GrantConstraintArgs) ToGrantConstraintOutput ¶
func (i GrantConstraintArgs) ToGrantConstraintOutput() GrantConstraintOutput
func (GrantConstraintArgs) ToGrantConstraintOutputWithContext ¶
func (i GrantConstraintArgs) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput
type GrantConstraintArray ¶
type GrantConstraintArray []GrantConstraintInput
func (GrantConstraintArray) ElementType ¶
func (GrantConstraintArray) ElementType() reflect.Type
func (GrantConstraintArray) ToGrantConstraintArrayOutput ¶
func (i GrantConstraintArray) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput
func (GrantConstraintArray) ToGrantConstraintArrayOutputWithContext ¶
func (i GrantConstraintArray) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput
type GrantConstraintArrayInput ¶
type GrantConstraintArrayInput interface { pulumi.Input ToGrantConstraintArrayOutput() GrantConstraintArrayOutput ToGrantConstraintArrayOutputWithContext(context.Context) GrantConstraintArrayOutput }
GrantConstraintArrayInput is an input type that accepts GrantConstraintArray and GrantConstraintArrayOutput values. You can construct a concrete instance of `GrantConstraintArrayInput` via:
GrantConstraintArray{ GrantConstraintArgs{...} }
type GrantConstraintArrayOutput ¶
type GrantConstraintArrayOutput struct{ *pulumi.OutputState }
func (GrantConstraintArrayOutput) ElementType ¶
func (GrantConstraintArrayOutput) ElementType() reflect.Type
func (GrantConstraintArrayOutput) Index ¶
func (o GrantConstraintArrayOutput) Index(i pulumi.IntInput) GrantConstraintOutput
func (GrantConstraintArrayOutput) ToGrantConstraintArrayOutput ¶
func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput
func (GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext ¶
func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput
type GrantConstraintInput ¶
type GrantConstraintInput interface { pulumi.Input ToGrantConstraintOutput() GrantConstraintOutput ToGrantConstraintOutputWithContext(context.Context) GrantConstraintOutput }
GrantConstraintInput is an input type that accepts GrantConstraintArgs and GrantConstraintOutput values. You can construct a concrete instance of `GrantConstraintInput` via:
GrantConstraintArgs{...}
type GrantConstraintOutput ¶
type GrantConstraintOutput struct{ *pulumi.OutputState }
func (GrantConstraintOutput) ElementType ¶
func (GrantConstraintOutput) ElementType() reflect.Type
func (GrantConstraintOutput) EncryptionContextEquals ¶
func (o GrantConstraintOutput) EncryptionContextEquals() pulumi.StringMapOutput
A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`.
func (GrantConstraintOutput) EncryptionContextSubset ¶
func (o GrantConstraintOutput) EncryptionContextSubset() pulumi.StringMapOutput
A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`.
func (GrantConstraintOutput) ToGrantConstraintOutput ¶
func (o GrantConstraintOutput) ToGrantConstraintOutput() GrantConstraintOutput
func (GrantConstraintOutput) ToGrantConstraintOutputWithContext ¶
func (o GrantConstraintOutput) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput
type GrantInput ¶
type GrantInput interface { pulumi.Input ToGrantOutput() GrantOutput ToGrantOutputWithContext(ctx context.Context) GrantOutput }
type GrantMap ¶
type GrantMap map[string]GrantInput
func (GrantMap) ElementType ¶
func (GrantMap) ToGrantMapOutput ¶
func (i GrantMap) ToGrantMapOutput() GrantMapOutput
func (GrantMap) ToGrantMapOutputWithContext ¶
func (i GrantMap) ToGrantMapOutputWithContext(ctx context.Context) GrantMapOutput
type GrantMapInput ¶
type GrantMapInput interface { pulumi.Input ToGrantMapOutput() GrantMapOutput ToGrantMapOutputWithContext(context.Context) GrantMapOutput }
GrantMapInput is an input type that accepts GrantMap and GrantMapOutput values. You can construct a concrete instance of `GrantMapInput` via:
GrantMap{ "key": GrantArgs{...} }
type GrantMapOutput ¶
type GrantMapOutput struct{ *pulumi.OutputState }
func (GrantMapOutput) ElementType ¶
func (GrantMapOutput) ElementType() reflect.Type
func (GrantMapOutput) MapIndex ¶
func (o GrantMapOutput) MapIndex(k pulumi.StringInput) GrantOutput
func (GrantMapOutput) ToGrantMapOutput ¶
func (o GrantMapOutput) ToGrantMapOutput() GrantMapOutput
func (GrantMapOutput) ToGrantMapOutputWithContext ¶
func (o GrantMapOutput) ToGrantMapOutputWithContext(ctx context.Context) GrantMapOutput
type GrantOutput ¶
type GrantOutput struct{ *pulumi.OutputState }
func (GrantOutput) ElementType ¶
func (GrantOutput) ElementType() reflect.Type
func (GrantOutput) ToGrantOutput ¶
func (o GrantOutput) ToGrantOutput() GrantOutput
func (GrantOutput) ToGrantOutputWithContext ¶
func (o GrantOutput) ToGrantOutputWithContext(ctx context.Context) GrantOutput
func (GrantOutput) ToGrantPtrOutput ¶
func (o GrantOutput) ToGrantPtrOutput() GrantPtrOutput
func (GrantOutput) ToGrantPtrOutputWithContext ¶
func (o GrantOutput) ToGrantPtrOutputWithContext(ctx context.Context) GrantPtrOutput
type GrantPtrInput ¶
type GrantPtrInput interface { pulumi.Input ToGrantPtrOutput() GrantPtrOutput ToGrantPtrOutputWithContext(ctx context.Context) GrantPtrOutput }
type GrantPtrOutput ¶
type GrantPtrOutput struct{ *pulumi.OutputState }
func (GrantPtrOutput) Elem ¶ added in v4.15.0
func (o GrantPtrOutput) Elem() GrantOutput
func (GrantPtrOutput) ElementType ¶
func (GrantPtrOutput) ElementType() reflect.Type
func (GrantPtrOutput) ToGrantPtrOutput ¶
func (o GrantPtrOutput) ToGrantPtrOutput() GrantPtrOutput
func (GrantPtrOutput) ToGrantPtrOutputWithContext ¶
func (o GrantPtrOutput) ToGrantPtrOutputWithContext(ctx context.Context) GrantPtrOutput
type GrantState ¶
type GrantState struct { // A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). Constraints GrantConstraintArrayInput // A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens. GrantCreationTokens pulumi.StringArrayInput // The unique identifier for the grant. GrantId pulumi.StringPtrInput // The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantToken pulumi.StringPtrInput // The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. GranteePrincipal pulumi.StringPtrInput // The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. KeyId pulumi.StringPtrInput // A friendly name for identifying the grant. Name pulumi.StringPtrInput // A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`. Operations pulumi.StringArrayInput // -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. // See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information. RetireOnDelete pulumi.BoolPtrInput // The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. RetiringPrincipal pulumi.StringPtrInput }
func (GrantState) ElementType ¶
func (GrantState) ElementType() reflect.Type
type Key ¶
type Key struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) of the key. Arn pulumi.StringOutput `pulumi:"arn"` // Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrOutput `pulumi:"bypassPolicyLockoutSafetyCheck"` // Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. // Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html). CustomerMasterKeySpec pulumi.StringPtrOutput `pulumi:"customerMasterKeySpec"` // Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days. DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"` // The description of the key as viewed in AWS console. Description pulumi.StringOutput `pulumi:"description"` // Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false. EnableKeyRotation pulumi.BoolPtrOutput `pulumi:"enableKeyRotation"` // Specifies whether the key is enabled. Defaults to true. IsEnabled pulumi.BoolPtrOutput `pulumi:"isEnabled"` // The globally unique identifier for the key. KeyId pulumi.StringOutput `pulumi:"keyId"` // Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`. // Defaults to `ENCRYPT_DECRYPT`. KeyUsage pulumi.StringPtrOutput `pulumi:"keyUsage"` // A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. Policy pulumi.StringOutput `pulumi:"policy"` Tags pulumi.StringMapOutput `pulumi:"tags"` TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"` }
Provides a KMS single-Region customer master key (CMK).
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewKey(ctx, "key", &kms.KeyArgs{ DeletionWindowInDays: pulumi.Int(10), Description: pulumi.String("KMS key 1"), }) if err != nil { return err } return nil }) }
```
## Import
KMS Keys can be imported using the `id`, e.g.
```sh
$ pulumi import aws:kms/key:Key a 1234abcd-12ab-34cd-56ef-1234567890ab
```
func GetKey ¶
func GetKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)
GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKey ¶
func NewKey(ctx *pulumi.Context, name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)
NewKey registers a new resource with the given unique name, arguments, and options.
func (*Key) ElementType ¶
func (*Key) ToKeyOutput ¶
func (*Key) ToKeyOutputWithContext ¶
func (*Key) ToKeyPtrOutput ¶
func (i *Key) ToKeyPtrOutput() KeyPtrOutput
func (*Key) ToKeyPtrOutputWithContext ¶
func (i *Key) ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput
type KeyArgs ¶
type KeyArgs struct { // Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. // Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html). CustomerMasterKeySpec pulumi.StringPtrInput // Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days. DeletionWindowInDays pulumi.IntPtrInput // The description of the key as viewed in AWS console. Description pulumi.StringPtrInput // Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false. EnableKeyRotation pulumi.BoolPtrInput // Specifies whether the key is enabled. Defaults to true. IsEnabled pulumi.BoolPtrInput // Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`. // Defaults to `ENCRYPT_DECRYPT`. KeyUsage pulumi.StringPtrInput // A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. Policy pulumi.StringPtrInput Tags pulumi.StringMapInput }
The set of arguments for constructing a Key resource.
func (KeyArgs) ElementType ¶
type KeyArray ¶
type KeyArray []KeyInput
func (KeyArray) ElementType ¶
func (KeyArray) ToKeyArrayOutput ¶
func (i KeyArray) ToKeyArrayOutput() KeyArrayOutput
func (KeyArray) ToKeyArrayOutputWithContext ¶
func (i KeyArray) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput
type KeyArrayInput ¶
type KeyArrayInput interface { pulumi.Input ToKeyArrayOutput() KeyArrayOutput ToKeyArrayOutputWithContext(context.Context) KeyArrayOutput }
KeyArrayInput is an input type that accepts KeyArray and KeyArrayOutput values. You can construct a concrete instance of `KeyArrayInput` via:
KeyArray{ KeyArgs{...} }
type KeyArrayOutput ¶
type KeyArrayOutput struct{ *pulumi.OutputState }
func (KeyArrayOutput) ElementType ¶
func (KeyArrayOutput) ElementType() reflect.Type
func (KeyArrayOutput) ToKeyArrayOutput ¶
func (o KeyArrayOutput) ToKeyArrayOutput() KeyArrayOutput
func (KeyArrayOutput) ToKeyArrayOutputWithContext ¶
func (o KeyArrayOutput) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput
type KeyMap ¶
func (KeyMap) ElementType ¶
func (KeyMap) ToKeyMapOutput ¶
func (i KeyMap) ToKeyMapOutput() KeyMapOutput
func (KeyMap) ToKeyMapOutputWithContext ¶
func (i KeyMap) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput
type KeyMapInput ¶
type KeyMapInput interface { pulumi.Input ToKeyMapOutput() KeyMapOutput ToKeyMapOutputWithContext(context.Context) KeyMapOutput }
KeyMapInput is an input type that accepts KeyMap and KeyMapOutput values. You can construct a concrete instance of `KeyMapInput` via:
KeyMap{ "key": KeyArgs{...} }
type KeyMapOutput ¶
type KeyMapOutput struct{ *pulumi.OutputState }
func (KeyMapOutput) ElementType ¶
func (KeyMapOutput) ElementType() reflect.Type
func (KeyMapOutput) MapIndex ¶
func (o KeyMapOutput) MapIndex(k pulumi.StringInput) KeyOutput
func (KeyMapOutput) ToKeyMapOutput ¶
func (o KeyMapOutput) ToKeyMapOutput() KeyMapOutput
func (KeyMapOutput) ToKeyMapOutputWithContext ¶
func (o KeyMapOutput) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput
type KeyOutput ¶
type KeyOutput struct{ *pulumi.OutputState }
func (KeyOutput) ElementType ¶
func (KeyOutput) ToKeyOutput ¶
func (KeyOutput) ToKeyOutputWithContext ¶
func (KeyOutput) ToKeyPtrOutput ¶
func (o KeyOutput) ToKeyPtrOutput() KeyPtrOutput
func (KeyOutput) ToKeyPtrOutputWithContext ¶
func (o KeyOutput) ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput
type KeyPtrInput ¶
type KeyPtrInput interface { pulumi.Input ToKeyPtrOutput() KeyPtrOutput ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput }
type KeyPtrOutput ¶
type KeyPtrOutput struct{ *pulumi.OutputState }
func (KeyPtrOutput) Elem ¶ added in v4.15.0
func (o KeyPtrOutput) Elem() KeyOutput
func (KeyPtrOutput) ElementType ¶
func (KeyPtrOutput) ElementType() reflect.Type
func (KeyPtrOutput) ToKeyPtrOutput ¶
func (o KeyPtrOutput) ToKeyPtrOutput() KeyPtrOutput
func (KeyPtrOutput) ToKeyPtrOutputWithContext ¶
func (o KeyPtrOutput) ToKeyPtrOutputWithContext(ctx context.Context) KeyPtrOutput
type KeyState ¶
type KeyState struct { // The Amazon Resource Name (ARN) of the key. Arn pulumi.StringPtrInput // Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. // Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html). CustomerMasterKeySpec pulumi.StringPtrInput // Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days. DeletionWindowInDays pulumi.IntPtrInput // The description of the key as viewed in AWS console. Description pulumi.StringPtrInput // Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false. EnableKeyRotation pulumi.BoolPtrInput // Specifies whether the key is enabled. Defaults to true. IsEnabled pulumi.BoolPtrInput // The globally unique identifier for the key. KeyId pulumi.StringPtrInput // Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT` or `SIGN_VERIFY`. // Defaults to `ENCRYPT_DECRYPT`. KeyUsage pulumi.StringPtrInput // A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. Policy pulumi.StringPtrInput Tags pulumi.StringMapInput TagsAll pulumi.StringMapInput }
func (KeyState) ElementType ¶
type LookupAliasArgs ¶
type LookupAliasArgs struct { // The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/) Name string `pulumi:"name"` }
A collection of arguments for invoking getAlias.
type LookupAliasResult ¶
type LookupAliasResult struct { // The Amazon Resource Name(ARN) of the key alias. Arn string `pulumi:"arn"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Name string `pulumi:"name"` // ARN pointed to by the alias. TargetKeyArn string `pulumi:"targetKeyArn"` // Key identifier pointed to by the alias. TargetKeyId string `pulumi:"targetKeyId"` }
A collection of values returned by getAlias.
func LookupAlias ¶
func LookupAlias(ctx *pulumi.Context, args *LookupAliasArgs, opts ...pulumi.InvokeOption) (*LookupAliasResult, error)
Use this data source to get the ARN of a KMS key alias. By using this data source, you can reference key alias without having to hard code the ARN as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.LookupAlias(ctx, &kms.LookupAliasArgs{ Name: "alias/aws/s3", }, nil) if err != nil { return err } return nil }) }
```
type LookupKeyArgs ¶
type LookupKeyArgs struct { // List of grant tokens GrantTokens []string `pulumi:"grantTokens"` // Key identifier which can be one of the following format: // * Key ID. E.g: `1234abcd-12ab-34cd-56ef-1234567890ab` // * Key ARN. E.g.: `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` // * Alias name. E.g.: `alias/my-key` // * Alias ARN: E.g.: `arn:aws:kms:us-east-1:111122223333:alias/my-key` KeyId string `pulumi:"keyId"` }
A collection of arguments for invoking getKey.
type LookupKeyResult ¶
type LookupKeyResult struct { Arn string `pulumi:"arn"` AwsAccountId string `pulumi:"awsAccountId"` CreationDate string `pulumi:"creationDate"` CustomerMasterKeySpec string `pulumi:"customerMasterKeySpec"` DeletionDate string `pulumi:"deletionDate"` Description string `pulumi:"description"` Enabled bool `pulumi:"enabled"` ExpirationModel string `pulumi:"expirationModel"` GrantTokens []string `pulumi:"grantTokens"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyId string `pulumi:"keyId"` KeyManager string `pulumi:"keyManager"` KeyState string `pulumi:"keyState"` KeyUsage string `pulumi:"keyUsage"` Origin string `pulumi:"origin"` ValidTo string `pulumi:"validTo"` }
A collection of values returned by getKey.
func LookupKey ¶
func LookupKey(ctx *pulumi.Context, args *LookupKeyArgs, opts ...pulumi.InvokeOption) (*LookupKeyResult, error)
Use this data source to get detailed information about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v4/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.LookupKey(ctx, &kms.LookupKeyArgs{ KeyId: "alias/my-key", }, nil) if err != nil { return err } _, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{ KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab", }, nil) if err != nil { return err } _, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{ KeyId: "arn:aws:kms:us-east-1:111122223333:alias/my-key", }, nil) if err != nil { return err } _, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{ KeyId: "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", }, nil) if err != nil { return err } return nil }) }
```