Documentation ¶
Index ¶
- type Alias
- type AliasArgs
- type AliasArray
- type AliasArrayInput
- type AliasArrayOutput
- type AliasInput
- type AliasMap
- type AliasMapInput
- type AliasMapOutput
- type AliasOutput
- func (o AliasOutput) Arn() pulumi.StringOutput
- func (AliasOutput) ElementType() reflect.Type
- func (o AliasOutput) Name() pulumi.StringOutput
- func (o AliasOutput) NamePrefix() pulumi.StringOutput
- func (o AliasOutput) TargetKeyArn() pulumi.StringOutput
- func (o AliasOutput) TargetKeyId() pulumi.StringOutput
- func (o AliasOutput) ToAliasOutput() AliasOutput
- func (o AliasOutput) ToAliasOutputWithContext(ctx context.Context) AliasOutput
- type AliasState
- type Ciphertext
- type CiphertextArgs
- type CiphertextArray
- type CiphertextArrayInput
- type CiphertextArrayOutput
- func (CiphertextArrayOutput) ElementType() reflect.Type
- func (o CiphertextArrayOutput) Index(i pulumi.IntInput) CiphertextOutput
- func (o CiphertextArrayOutput) ToCiphertextArrayOutput() CiphertextArrayOutput
- func (o CiphertextArrayOutput) ToCiphertextArrayOutputWithContext(ctx context.Context) CiphertextArrayOutput
- type CiphertextInput
- type CiphertextMap
- type CiphertextMapInput
- type CiphertextMapOutput
- func (CiphertextMapOutput) ElementType() reflect.Type
- func (o CiphertextMapOutput) MapIndex(k pulumi.StringInput) CiphertextOutput
- func (o CiphertextMapOutput) ToCiphertextMapOutput() CiphertextMapOutput
- func (o CiphertextMapOutput) ToCiphertextMapOutputWithContext(ctx context.Context) CiphertextMapOutput
- type CiphertextOutput
- func (o CiphertextOutput) CiphertextBlob() pulumi.StringOutput
- func (o CiphertextOutput) Context() pulumi.StringMapOutput
- func (CiphertextOutput) ElementType() reflect.Type
- func (o CiphertextOutput) KeyId() pulumi.StringOutput
- func (o CiphertextOutput) Plaintext() pulumi.StringOutput
- func (o CiphertextOutput) ToCiphertextOutput() CiphertextOutput
- func (o CiphertextOutput) ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput
- type CiphertextState
- type CustomKeyStore
- type CustomKeyStoreArgs
- type CustomKeyStoreArray
- type CustomKeyStoreArrayInput
- type CustomKeyStoreArrayOutput
- func (CustomKeyStoreArrayOutput) ElementType() reflect.Type
- func (o CustomKeyStoreArrayOutput) Index(i pulumi.IntInput) CustomKeyStoreOutput
- func (o CustomKeyStoreArrayOutput) ToCustomKeyStoreArrayOutput() CustomKeyStoreArrayOutput
- func (o CustomKeyStoreArrayOutput) ToCustomKeyStoreArrayOutputWithContext(ctx context.Context) CustomKeyStoreArrayOutput
- type CustomKeyStoreInput
- type CustomKeyStoreMap
- type CustomKeyStoreMapInput
- type CustomKeyStoreMapOutput
- func (CustomKeyStoreMapOutput) ElementType() reflect.Type
- func (o CustomKeyStoreMapOutput) MapIndex(k pulumi.StringInput) CustomKeyStoreOutput
- func (o CustomKeyStoreMapOutput) ToCustomKeyStoreMapOutput() CustomKeyStoreMapOutput
- func (o CustomKeyStoreMapOutput) ToCustomKeyStoreMapOutputWithContext(ctx context.Context) CustomKeyStoreMapOutput
- type CustomKeyStoreOutput
- func (o CustomKeyStoreOutput) CloudHsmClusterId() pulumi.StringOutput
- func (o CustomKeyStoreOutput) CustomKeyStoreName() pulumi.StringOutput
- func (CustomKeyStoreOutput) ElementType() reflect.Type
- func (o CustomKeyStoreOutput) KeyStorePassword() pulumi.StringOutput
- func (o CustomKeyStoreOutput) ToCustomKeyStoreOutput() CustomKeyStoreOutput
- func (o CustomKeyStoreOutput) ToCustomKeyStoreOutputWithContext(ctx context.Context) CustomKeyStoreOutput
- func (o CustomKeyStoreOutput) TrustAnchorCertificate() pulumi.StringOutput
- type CustomKeyStoreState
- type ExternalKey
- type ExternalKeyArgs
- type ExternalKeyArray
- type ExternalKeyArrayInput
- type ExternalKeyArrayOutput
- func (ExternalKeyArrayOutput) ElementType() reflect.Type
- func (o ExternalKeyArrayOutput) Index(i pulumi.IntInput) ExternalKeyOutput
- func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutput() ExternalKeyArrayOutput
- func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutputWithContext(ctx context.Context) ExternalKeyArrayOutput
- type ExternalKeyInput
- type ExternalKeyMap
- type ExternalKeyMapInput
- type ExternalKeyMapOutput
- func (ExternalKeyMapOutput) ElementType() reflect.Type
- func (o ExternalKeyMapOutput) MapIndex(k pulumi.StringInput) ExternalKeyOutput
- func (o ExternalKeyMapOutput) ToExternalKeyMapOutput() ExternalKeyMapOutput
- func (o ExternalKeyMapOutput) ToExternalKeyMapOutputWithContext(ctx context.Context) ExternalKeyMapOutput
- type ExternalKeyOutput
- func (o ExternalKeyOutput) Arn() pulumi.StringOutput
- func (o ExternalKeyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
- func (o ExternalKeyOutput) DeletionWindowInDays() pulumi.IntPtrOutput
- func (o ExternalKeyOutput) Description() pulumi.StringPtrOutput
- func (ExternalKeyOutput) ElementType() reflect.Type
- func (o ExternalKeyOutput) Enabled() pulumi.BoolOutput
- func (o ExternalKeyOutput) ExpirationModel() pulumi.StringOutput
- func (o ExternalKeyOutput) KeyMaterialBase64() pulumi.StringPtrOutput
- func (o ExternalKeyOutput) KeyState() pulumi.StringOutput
- func (o ExternalKeyOutput) KeyUsage() pulumi.StringOutput
- func (o ExternalKeyOutput) MultiRegion() pulumi.BoolOutput
- func (o ExternalKeyOutput) Policy() pulumi.StringOutput
- func (o ExternalKeyOutput) Tags() pulumi.StringMapOutput
- func (o ExternalKeyOutput) TagsAll() pulumi.StringMapOutputdeprecated
- func (o ExternalKeyOutput) ToExternalKeyOutput() ExternalKeyOutput
- func (o ExternalKeyOutput) ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput
- func (o ExternalKeyOutput) ValidTo() pulumi.StringPtrOutput
- type ExternalKeyState
- type GetCipherTextArgs
- type GetCipherTextOutputArgs
- type GetCipherTextResult
- type GetCipherTextResultOutput
- func (o GetCipherTextResultOutput) CiphertextBlob() pulumi.StringOutput
- func (o GetCipherTextResultOutput) Context() pulumi.StringMapOutput
- func (GetCipherTextResultOutput) ElementType() reflect.Type
- func (o GetCipherTextResultOutput) Id() pulumi.StringOutput
- func (o GetCipherTextResultOutput) KeyId() pulumi.StringOutput
- func (o GetCipherTextResultOutput) Plaintext() pulumi.StringOutput
- func (o GetCipherTextResultOutput) ToGetCipherTextResultOutput() GetCipherTextResultOutput
- func (o GetCipherTextResultOutput) ToGetCipherTextResultOutputWithContext(ctx context.Context) GetCipherTextResultOutput
- type GetKeyMultiRegionConfiguration
- type GetKeyMultiRegionConfigurationArgs
- func (GetKeyMultiRegionConfigurationArgs) ElementType() reflect.Type
- func (i GetKeyMultiRegionConfigurationArgs) ToGetKeyMultiRegionConfigurationOutput() GetKeyMultiRegionConfigurationOutput
- func (i GetKeyMultiRegionConfigurationArgs) ToGetKeyMultiRegionConfigurationOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationOutput
- type GetKeyMultiRegionConfigurationArray
- func (GetKeyMultiRegionConfigurationArray) ElementType() reflect.Type
- func (i GetKeyMultiRegionConfigurationArray) ToGetKeyMultiRegionConfigurationArrayOutput() GetKeyMultiRegionConfigurationArrayOutput
- func (i GetKeyMultiRegionConfigurationArray) ToGetKeyMultiRegionConfigurationArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationArrayOutput
- type GetKeyMultiRegionConfigurationArrayInput
- type GetKeyMultiRegionConfigurationArrayOutput
- func (GetKeyMultiRegionConfigurationArrayOutput) ElementType() reflect.Type
- func (o GetKeyMultiRegionConfigurationArrayOutput) Index(i pulumi.IntInput) GetKeyMultiRegionConfigurationOutput
- func (o GetKeyMultiRegionConfigurationArrayOutput) ToGetKeyMultiRegionConfigurationArrayOutput() GetKeyMultiRegionConfigurationArrayOutput
- func (o GetKeyMultiRegionConfigurationArrayOutput) ToGetKeyMultiRegionConfigurationArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationArrayOutput
- type GetKeyMultiRegionConfigurationInput
- type GetKeyMultiRegionConfigurationOutput
- func (GetKeyMultiRegionConfigurationOutput) ElementType() reflect.Type
- func (o GetKeyMultiRegionConfigurationOutput) MultiRegionKeyType() pulumi.StringOutput
- func (o GetKeyMultiRegionConfigurationOutput) PrimaryKeys() GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
- func (o GetKeyMultiRegionConfigurationOutput) ReplicaKeys() GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
- func (o GetKeyMultiRegionConfigurationOutput) ToGetKeyMultiRegionConfigurationOutput() GetKeyMultiRegionConfigurationOutput
- func (o GetKeyMultiRegionConfigurationOutput) ToGetKeyMultiRegionConfigurationOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationOutput
- type GetKeyMultiRegionConfigurationPrimaryKey
- type GetKeyMultiRegionConfigurationPrimaryKeyArgs
- func (GetKeyMultiRegionConfigurationPrimaryKeyArgs) ElementType() reflect.Type
- func (i GetKeyMultiRegionConfigurationPrimaryKeyArgs) ToGetKeyMultiRegionConfigurationPrimaryKeyOutput() GetKeyMultiRegionConfigurationPrimaryKeyOutput
- func (i GetKeyMultiRegionConfigurationPrimaryKeyArgs) ToGetKeyMultiRegionConfigurationPrimaryKeyOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationPrimaryKeyOutput
- type GetKeyMultiRegionConfigurationPrimaryKeyArray
- func (GetKeyMultiRegionConfigurationPrimaryKeyArray) ElementType() reflect.Type
- func (i GetKeyMultiRegionConfigurationPrimaryKeyArray) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutput() GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
- func (i GetKeyMultiRegionConfigurationPrimaryKeyArray) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
- type GetKeyMultiRegionConfigurationPrimaryKeyArrayInput
- type GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
- func (GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) ElementType() reflect.Type
- func (o GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) Index(i pulumi.IntInput) GetKeyMultiRegionConfigurationPrimaryKeyOutput
- func (o GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutput() GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
- func (o GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
- type GetKeyMultiRegionConfigurationPrimaryKeyInput
- type GetKeyMultiRegionConfigurationPrimaryKeyOutput
- func (o GetKeyMultiRegionConfigurationPrimaryKeyOutput) Arn() pulumi.StringOutput
- func (GetKeyMultiRegionConfigurationPrimaryKeyOutput) ElementType() reflect.Type
- func (o GetKeyMultiRegionConfigurationPrimaryKeyOutput) Region() pulumi.StringOutput
- func (o GetKeyMultiRegionConfigurationPrimaryKeyOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyOutput() GetKeyMultiRegionConfigurationPrimaryKeyOutput
- func (o GetKeyMultiRegionConfigurationPrimaryKeyOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationPrimaryKeyOutput
- type GetKeyMultiRegionConfigurationReplicaKey
- type GetKeyMultiRegionConfigurationReplicaKeyArgs
- func (GetKeyMultiRegionConfigurationReplicaKeyArgs) ElementType() reflect.Type
- func (i GetKeyMultiRegionConfigurationReplicaKeyArgs) ToGetKeyMultiRegionConfigurationReplicaKeyOutput() GetKeyMultiRegionConfigurationReplicaKeyOutput
- func (i GetKeyMultiRegionConfigurationReplicaKeyArgs) ToGetKeyMultiRegionConfigurationReplicaKeyOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationReplicaKeyOutput
- type GetKeyMultiRegionConfigurationReplicaKeyArray
- func (GetKeyMultiRegionConfigurationReplicaKeyArray) ElementType() reflect.Type
- func (i GetKeyMultiRegionConfigurationReplicaKeyArray) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutput() GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
- func (i GetKeyMultiRegionConfigurationReplicaKeyArray) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
- type GetKeyMultiRegionConfigurationReplicaKeyArrayInput
- type GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
- func (GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) ElementType() reflect.Type
- func (o GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) Index(i pulumi.IntInput) GetKeyMultiRegionConfigurationReplicaKeyOutput
- func (o GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutput() GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
- func (o GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
- type GetKeyMultiRegionConfigurationReplicaKeyInput
- type GetKeyMultiRegionConfigurationReplicaKeyOutput
- func (o GetKeyMultiRegionConfigurationReplicaKeyOutput) Arn() pulumi.StringOutput
- func (GetKeyMultiRegionConfigurationReplicaKeyOutput) ElementType() reflect.Type
- func (o GetKeyMultiRegionConfigurationReplicaKeyOutput) Region() pulumi.StringOutput
- func (o GetKeyMultiRegionConfigurationReplicaKeyOutput) ToGetKeyMultiRegionConfigurationReplicaKeyOutput() GetKeyMultiRegionConfigurationReplicaKeyOutput
- func (o GetKeyMultiRegionConfigurationReplicaKeyOutput) ToGetKeyMultiRegionConfigurationReplicaKeyOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationReplicaKeyOutput
- type GetKeyXksKeyConfiguration
- type GetKeyXksKeyConfigurationArgs
- func (GetKeyXksKeyConfigurationArgs) ElementType() reflect.Type
- func (i GetKeyXksKeyConfigurationArgs) ToGetKeyXksKeyConfigurationOutput() GetKeyXksKeyConfigurationOutput
- func (i GetKeyXksKeyConfigurationArgs) ToGetKeyXksKeyConfigurationOutputWithContext(ctx context.Context) GetKeyXksKeyConfigurationOutput
- type GetKeyXksKeyConfigurationArray
- func (GetKeyXksKeyConfigurationArray) ElementType() reflect.Type
- func (i GetKeyXksKeyConfigurationArray) ToGetKeyXksKeyConfigurationArrayOutput() GetKeyXksKeyConfigurationArrayOutput
- func (i GetKeyXksKeyConfigurationArray) ToGetKeyXksKeyConfigurationArrayOutputWithContext(ctx context.Context) GetKeyXksKeyConfigurationArrayOutput
- type GetKeyXksKeyConfigurationArrayInput
- type GetKeyXksKeyConfigurationArrayOutput
- func (GetKeyXksKeyConfigurationArrayOutput) ElementType() reflect.Type
- func (o GetKeyXksKeyConfigurationArrayOutput) Index(i pulumi.IntInput) GetKeyXksKeyConfigurationOutput
- func (o GetKeyXksKeyConfigurationArrayOutput) ToGetKeyXksKeyConfigurationArrayOutput() GetKeyXksKeyConfigurationArrayOutput
- func (o GetKeyXksKeyConfigurationArrayOutput) ToGetKeyXksKeyConfigurationArrayOutputWithContext(ctx context.Context) GetKeyXksKeyConfigurationArrayOutput
- type GetKeyXksKeyConfigurationInput
- type GetKeyXksKeyConfigurationOutput
- func (GetKeyXksKeyConfigurationOutput) ElementType() reflect.Type
- func (o GetKeyXksKeyConfigurationOutput) Id() pulumi.StringOutput
- func (o GetKeyXksKeyConfigurationOutput) ToGetKeyXksKeyConfigurationOutput() GetKeyXksKeyConfigurationOutput
- func (o GetKeyXksKeyConfigurationOutput) ToGetKeyXksKeyConfigurationOutputWithContext(ctx context.Context) GetKeyXksKeyConfigurationOutput
- type GetPublicKeyArgs
- type GetPublicKeyOutputArgs
- type GetPublicKeyResult
- type GetPublicKeyResultOutput
- func (o GetPublicKeyResultOutput) Arn() pulumi.StringOutput
- func (o GetPublicKeyResultOutput) CustomerMasterKeySpec() pulumi.StringOutput
- func (GetPublicKeyResultOutput) ElementType() reflect.Type
- func (o GetPublicKeyResultOutput) EncryptionAlgorithms() pulumi.StringArrayOutput
- func (o GetPublicKeyResultOutput) GrantTokens() pulumi.StringArrayOutput
- func (o GetPublicKeyResultOutput) Id() pulumi.StringOutput
- func (o GetPublicKeyResultOutput) KeyId() pulumi.StringOutput
- func (o GetPublicKeyResultOutput) KeyUsage() pulumi.StringOutput
- func (o GetPublicKeyResultOutput) PublicKey() pulumi.StringOutput
- func (o GetPublicKeyResultOutput) PublicKeyPem() pulumi.StringOutput
- func (o GetPublicKeyResultOutput) SigningAlgorithms() pulumi.StringArrayOutput
- func (o GetPublicKeyResultOutput) ToGetPublicKeyResultOutput() GetPublicKeyResultOutput
- func (o GetPublicKeyResultOutput) ToGetPublicKeyResultOutputWithContext(ctx context.Context) GetPublicKeyResultOutput
- type GetSecretArgs
- type GetSecretOutputArgs
- type GetSecretResult
- type GetSecretResultOutput
- func (GetSecretResultOutput) ElementType() reflect.Type
- func (o GetSecretResultOutput) Id() pulumi.StringOutput
- func (o GetSecretResultOutput) Secrets() GetSecretSecretArrayOutput
- func (o GetSecretResultOutput) ToGetSecretResultOutput() GetSecretResultOutput
- func (o GetSecretResultOutput) ToGetSecretResultOutputWithContext(ctx context.Context) GetSecretResultOutput
- type GetSecretSecret
- type GetSecretSecretArgs
- type GetSecretSecretArray
- type GetSecretSecretArrayInput
- type GetSecretSecretArrayOutput
- func (GetSecretSecretArrayOutput) ElementType() reflect.Type
- func (o GetSecretSecretArrayOutput) Index(i pulumi.IntInput) GetSecretSecretOutput
- func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput
- func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput
- type GetSecretSecretInput
- type GetSecretSecretOutput
- func (o GetSecretSecretOutput) Context() pulumi.StringMapOutput
- func (GetSecretSecretOutput) ElementType() reflect.Type
- func (o GetSecretSecretOutput) GrantTokens() pulumi.StringArrayOutput
- func (o GetSecretSecretOutput) Name() pulumi.StringOutput
- func (o GetSecretSecretOutput) Payload() pulumi.StringOutput
- func (o GetSecretSecretOutput) ToGetSecretSecretOutput() GetSecretSecretOutput
- func (o GetSecretSecretOutput) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput
- type GetSecretsArgs
- type GetSecretsOutputArgs
- type GetSecretsResult
- type GetSecretsResultOutput
- func (GetSecretsResultOutput) ElementType() reflect.Type
- func (o GetSecretsResultOutput) Id() pulumi.StringOutput
- func (o GetSecretsResultOutput) Plaintext() pulumi.StringMapOutput
- func (o GetSecretsResultOutput) Secrets() GetSecretsSecretArrayOutput
- func (o GetSecretsResultOutput) ToGetSecretsResultOutput() GetSecretsResultOutput
- func (o GetSecretsResultOutput) ToGetSecretsResultOutputWithContext(ctx context.Context) GetSecretsResultOutput
- type GetSecretsSecret
- type GetSecretsSecretArgs
- type GetSecretsSecretArray
- type GetSecretsSecretArrayInput
- type GetSecretsSecretArrayOutput
- func (GetSecretsSecretArrayOutput) ElementType() reflect.Type
- func (o GetSecretsSecretArrayOutput) Index(i pulumi.IntInput) GetSecretsSecretOutput
- func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput
- func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput
- type GetSecretsSecretInput
- type GetSecretsSecretOutput
- func (o GetSecretsSecretOutput) Context() pulumi.StringMapOutput
- func (GetSecretsSecretOutput) ElementType() reflect.Type
- func (o GetSecretsSecretOutput) EncryptionAlgorithm() pulumi.StringPtrOutput
- func (o GetSecretsSecretOutput) GrantTokens() pulumi.StringArrayOutput
- func (o GetSecretsSecretOutput) KeyId() pulumi.StringPtrOutput
- func (o GetSecretsSecretOutput) Name() pulumi.StringOutput
- func (o GetSecretsSecretOutput) Payload() pulumi.StringOutput
- func (o GetSecretsSecretOutput) ToGetSecretsSecretOutput() GetSecretsSecretOutput
- func (o GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput
- type Grant
- type GrantArgs
- type GrantArray
- type GrantArrayInput
- type GrantArrayOutput
- type GrantConstraint
- type GrantConstraintArgs
- type GrantConstraintArray
- type GrantConstraintArrayInput
- type GrantConstraintArrayOutput
- func (GrantConstraintArrayOutput) ElementType() reflect.Type
- func (o GrantConstraintArrayOutput) Index(i pulumi.IntInput) GrantConstraintOutput
- func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput
- func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput
- type GrantConstraintInput
- type GrantConstraintOutput
- func (GrantConstraintOutput) ElementType() reflect.Type
- func (o GrantConstraintOutput) EncryptionContextEquals() pulumi.StringMapOutput
- func (o GrantConstraintOutput) EncryptionContextSubset() pulumi.StringMapOutput
- func (o GrantConstraintOutput) ToGrantConstraintOutput() GrantConstraintOutput
- func (o GrantConstraintOutput) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput
- type GrantInput
- type GrantMap
- type GrantMapInput
- type GrantMapOutput
- type GrantOutput
- func (o GrantOutput) Constraints() GrantConstraintArrayOutput
- func (GrantOutput) ElementType() reflect.Type
- func (o GrantOutput) GrantCreationTokens() pulumi.StringArrayOutput
- func (o GrantOutput) GrantId() pulumi.StringOutput
- func (o GrantOutput) GrantToken() pulumi.StringOutput
- func (o GrantOutput) GranteePrincipal() pulumi.StringOutput
- func (o GrantOutput) KeyId() pulumi.StringOutput
- func (o GrantOutput) Name() pulumi.StringOutput
- func (o GrantOutput) Operations() pulumi.StringArrayOutput
- func (o GrantOutput) RetireOnDelete() pulumi.BoolPtrOutput
- func (o GrantOutput) RetiringPrincipal() pulumi.StringPtrOutput
- func (o GrantOutput) ToGrantOutput() GrantOutput
- func (o GrantOutput) ToGrantOutputWithContext(ctx context.Context) GrantOutput
- type GrantState
- type Key
- type KeyArgs
- type KeyArray
- type KeyArrayInput
- type KeyArrayOutput
- type KeyInput
- type KeyMap
- type KeyMapInput
- type KeyMapOutput
- type KeyOutput
- func (o KeyOutput) Arn() pulumi.StringOutput
- func (o KeyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
- func (o KeyOutput) CustomKeyStoreId() pulumi.StringPtrOutput
- func (o KeyOutput) CustomerMasterKeySpec() pulumi.StringPtrOutput
- func (o KeyOutput) DeletionWindowInDays() pulumi.IntPtrOutput
- func (o KeyOutput) Description() pulumi.StringOutput
- func (KeyOutput) ElementType() reflect.Type
- func (o KeyOutput) EnableKeyRotation() pulumi.BoolPtrOutput
- func (o KeyOutput) IsEnabled() pulumi.BoolPtrOutput
- func (o KeyOutput) KeyId() pulumi.StringOutput
- func (o KeyOutput) KeyUsage() pulumi.StringPtrOutput
- func (o KeyOutput) MultiRegion() pulumi.BoolOutput
- func (o KeyOutput) Policy() pulumi.StringOutput
- func (o KeyOutput) RotationPeriodInDays() pulumi.IntOutput
- func (o KeyOutput) Tags() pulumi.StringMapOutput
- func (o KeyOutput) TagsAll() pulumi.StringMapOutputdeprecated
- func (o KeyOutput) ToKeyOutput() KeyOutput
- func (o KeyOutput) ToKeyOutputWithContext(ctx context.Context) KeyOutput
- func (o KeyOutput) XksKeyId() pulumi.StringPtrOutput
- type KeyPolicy
- type KeyPolicyArgs
- type KeyPolicyArray
- type KeyPolicyArrayInput
- type KeyPolicyArrayOutput
- func (KeyPolicyArrayOutput) ElementType() reflect.Type
- func (o KeyPolicyArrayOutput) Index(i pulumi.IntInput) KeyPolicyOutput
- func (o KeyPolicyArrayOutput) ToKeyPolicyArrayOutput() KeyPolicyArrayOutput
- func (o KeyPolicyArrayOutput) ToKeyPolicyArrayOutputWithContext(ctx context.Context) KeyPolicyArrayOutput
- type KeyPolicyInput
- type KeyPolicyMap
- type KeyPolicyMapInput
- type KeyPolicyMapOutput
- type KeyPolicyOutput
- func (o KeyPolicyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
- func (KeyPolicyOutput) ElementType() reflect.Type
- func (o KeyPolicyOutput) KeyId() pulumi.StringOutput
- func (o KeyPolicyOutput) Policy() pulumi.StringOutput
- func (o KeyPolicyOutput) ToKeyPolicyOutput() KeyPolicyOutput
- func (o KeyPolicyOutput) ToKeyPolicyOutputWithContext(ctx context.Context) KeyPolicyOutput
- type KeyPolicyState
- type KeyState
- type LookupAliasArgs
- type LookupAliasOutputArgs
- type LookupAliasResult
- type LookupAliasResultOutput
- func (o LookupAliasResultOutput) Arn() pulumi.StringOutput
- func (LookupAliasResultOutput) ElementType() reflect.Type
- func (o LookupAliasResultOutput) Id() pulumi.StringOutput
- func (o LookupAliasResultOutput) Name() pulumi.StringOutput
- func (o LookupAliasResultOutput) TargetKeyArn() pulumi.StringOutput
- func (o LookupAliasResultOutput) TargetKeyId() pulumi.StringOutput
- func (o LookupAliasResultOutput) ToLookupAliasResultOutput() LookupAliasResultOutput
- func (o LookupAliasResultOutput) ToLookupAliasResultOutputWithContext(ctx context.Context) LookupAliasResultOutput
- type LookupCustomKeyStoreArgs
- type LookupCustomKeyStoreOutputArgs
- type LookupCustomKeyStoreResult
- type LookupCustomKeyStoreResultOutput
- func (o LookupCustomKeyStoreResultOutput) CloudHsmClusterId() pulumi.StringOutput
- func (o LookupCustomKeyStoreResultOutput) ConnectionState() pulumi.StringOutput
- func (o LookupCustomKeyStoreResultOutput) CreationDate() pulumi.StringOutput
- func (o LookupCustomKeyStoreResultOutput) CustomKeyStoreId() pulumi.StringOutput
- func (o LookupCustomKeyStoreResultOutput) CustomKeyStoreName() pulumi.StringOutput
- func (LookupCustomKeyStoreResultOutput) ElementType() reflect.Type
- func (o LookupCustomKeyStoreResultOutput) Id() pulumi.StringOutput
- func (o LookupCustomKeyStoreResultOutput) ToLookupCustomKeyStoreResultOutput() LookupCustomKeyStoreResultOutput
- func (o LookupCustomKeyStoreResultOutput) ToLookupCustomKeyStoreResultOutputWithContext(ctx context.Context) LookupCustomKeyStoreResultOutput
- func (o LookupCustomKeyStoreResultOutput) TrustAnchorCertificate() pulumi.StringOutput
- type LookupKeyArgs
- type LookupKeyOutputArgs
- type LookupKeyResult
- type LookupKeyResultOutput
- func (o LookupKeyResultOutput) Arn() pulumi.StringOutput
- func (o LookupKeyResultOutput) AwsAccountId() pulumi.StringOutput
- func (o LookupKeyResultOutput) CloudHsmClusterId() pulumi.StringOutput
- func (o LookupKeyResultOutput) CreationDate() pulumi.StringOutput
- func (o LookupKeyResultOutput) CustomKeyStoreId() pulumi.StringOutput
- func (o LookupKeyResultOutput) CustomerMasterKeySpec() pulumi.StringOutput
- func (o LookupKeyResultOutput) DeletionDate() pulumi.StringOutput
- func (o LookupKeyResultOutput) Description() pulumi.StringOutput
- func (LookupKeyResultOutput) ElementType() reflect.Type
- func (o LookupKeyResultOutput) Enabled() pulumi.BoolOutput
- func (o LookupKeyResultOutput) ExpirationModel() pulumi.StringOutput
- func (o LookupKeyResultOutput) GrantTokens() pulumi.StringArrayOutput
- func (o LookupKeyResultOutput) Id() pulumi.StringOutput
- func (o LookupKeyResultOutput) KeyId() pulumi.StringOutput
- func (o LookupKeyResultOutput) KeyManager() pulumi.StringOutput
- func (o LookupKeyResultOutput) KeySpec() pulumi.StringOutput
- func (o LookupKeyResultOutput) KeyState() pulumi.StringOutput
- func (o LookupKeyResultOutput) KeyUsage() pulumi.StringOutput
- func (o LookupKeyResultOutput) MultiRegion() pulumi.BoolOutput
- func (o LookupKeyResultOutput) MultiRegionConfigurations() GetKeyMultiRegionConfigurationArrayOutput
- func (o LookupKeyResultOutput) Origin() pulumi.StringOutput
- func (o LookupKeyResultOutput) PendingDeletionWindowInDays() pulumi.IntOutput
- func (o LookupKeyResultOutput) ToLookupKeyResultOutput() LookupKeyResultOutput
- func (o LookupKeyResultOutput) ToLookupKeyResultOutputWithContext(ctx context.Context) LookupKeyResultOutput
- func (o LookupKeyResultOutput) ValidTo() pulumi.StringOutput
- func (o LookupKeyResultOutput) XksKeyConfigurations() GetKeyXksKeyConfigurationArrayOutput
- type ReplicaExternalKey
- type ReplicaExternalKeyArgs
- type ReplicaExternalKeyArray
- type ReplicaExternalKeyArrayInput
- type ReplicaExternalKeyArrayOutput
- func (ReplicaExternalKeyArrayOutput) ElementType() reflect.Type
- func (o ReplicaExternalKeyArrayOutput) Index(i pulumi.IntInput) ReplicaExternalKeyOutput
- func (o ReplicaExternalKeyArrayOutput) ToReplicaExternalKeyArrayOutput() ReplicaExternalKeyArrayOutput
- func (o ReplicaExternalKeyArrayOutput) ToReplicaExternalKeyArrayOutputWithContext(ctx context.Context) ReplicaExternalKeyArrayOutput
- type ReplicaExternalKeyInput
- type ReplicaExternalKeyMap
- type ReplicaExternalKeyMapInput
- type ReplicaExternalKeyMapOutput
- func (ReplicaExternalKeyMapOutput) ElementType() reflect.Type
- func (o ReplicaExternalKeyMapOutput) MapIndex(k pulumi.StringInput) ReplicaExternalKeyOutput
- func (o ReplicaExternalKeyMapOutput) ToReplicaExternalKeyMapOutput() ReplicaExternalKeyMapOutput
- func (o ReplicaExternalKeyMapOutput) ToReplicaExternalKeyMapOutputWithContext(ctx context.Context) ReplicaExternalKeyMapOutput
- type ReplicaExternalKeyOutput
- func (o ReplicaExternalKeyOutput) Arn() pulumi.StringOutput
- func (o ReplicaExternalKeyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
- func (o ReplicaExternalKeyOutput) DeletionWindowInDays() pulumi.IntPtrOutput
- func (o ReplicaExternalKeyOutput) Description() pulumi.StringPtrOutput
- func (ReplicaExternalKeyOutput) ElementType() reflect.Type
- func (o ReplicaExternalKeyOutput) Enabled() pulumi.BoolOutput
- func (o ReplicaExternalKeyOutput) ExpirationModel() pulumi.StringOutput
- func (o ReplicaExternalKeyOutput) KeyId() pulumi.StringOutput
- func (o ReplicaExternalKeyOutput) KeyMaterialBase64() pulumi.StringPtrOutput
- func (o ReplicaExternalKeyOutput) KeyState() pulumi.StringOutput
- func (o ReplicaExternalKeyOutput) KeyUsage() pulumi.StringOutput
- func (o ReplicaExternalKeyOutput) Policy() pulumi.StringOutput
- func (o ReplicaExternalKeyOutput) PrimaryKeyArn() pulumi.StringOutput
- func (o ReplicaExternalKeyOutput) Tags() pulumi.StringMapOutput
- func (o ReplicaExternalKeyOutput) TagsAll() pulumi.StringMapOutputdeprecated
- func (o ReplicaExternalKeyOutput) ToReplicaExternalKeyOutput() ReplicaExternalKeyOutput
- func (o ReplicaExternalKeyOutput) ToReplicaExternalKeyOutputWithContext(ctx context.Context) ReplicaExternalKeyOutput
- func (o ReplicaExternalKeyOutput) ValidTo() pulumi.StringPtrOutput
- type ReplicaExternalKeyState
- type ReplicaKey
- type ReplicaKeyArgs
- type ReplicaKeyArray
- type ReplicaKeyArrayInput
- type ReplicaKeyArrayOutput
- func (ReplicaKeyArrayOutput) ElementType() reflect.Type
- func (o ReplicaKeyArrayOutput) Index(i pulumi.IntInput) ReplicaKeyOutput
- func (o ReplicaKeyArrayOutput) ToReplicaKeyArrayOutput() ReplicaKeyArrayOutput
- func (o ReplicaKeyArrayOutput) ToReplicaKeyArrayOutputWithContext(ctx context.Context) ReplicaKeyArrayOutput
- type ReplicaKeyInput
- type ReplicaKeyMap
- type ReplicaKeyMapInput
- type ReplicaKeyMapOutput
- func (ReplicaKeyMapOutput) ElementType() reflect.Type
- func (o ReplicaKeyMapOutput) MapIndex(k pulumi.StringInput) ReplicaKeyOutput
- func (o ReplicaKeyMapOutput) ToReplicaKeyMapOutput() ReplicaKeyMapOutput
- func (o ReplicaKeyMapOutput) ToReplicaKeyMapOutputWithContext(ctx context.Context) ReplicaKeyMapOutput
- type ReplicaKeyOutput
- func (o ReplicaKeyOutput) Arn() pulumi.StringOutput
- func (o ReplicaKeyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
- func (o ReplicaKeyOutput) DeletionWindowInDays() pulumi.IntPtrOutput
- func (o ReplicaKeyOutput) Description() pulumi.StringPtrOutput
- func (ReplicaKeyOutput) ElementType() reflect.Type
- func (o ReplicaKeyOutput) Enabled() pulumi.BoolPtrOutput
- func (o ReplicaKeyOutput) KeyId() pulumi.StringOutput
- func (o ReplicaKeyOutput) KeyRotationEnabled() pulumi.BoolOutput
- func (o ReplicaKeyOutput) KeySpec() pulumi.StringOutput
- func (o ReplicaKeyOutput) KeyUsage() pulumi.StringOutput
- func (o ReplicaKeyOutput) Policy() pulumi.StringOutput
- func (o ReplicaKeyOutput) PrimaryKeyArn() pulumi.StringOutput
- func (o ReplicaKeyOutput) Tags() pulumi.StringMapOutput
- func (o ReplicaKeyOutput) TagsAll() pulumi.StringMapOutputdeprecated
- func (o ReplicaKeyOutput) ToReplicaKeyOutput() ReplicaKeyOutput
- func (o ReplicaKeyOutput) ToReplicaKeyOutputWithContext(ctx context.Context) ReplicaKeyOutput
- type ReplicaKeyState
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Alias ¶
type Alias struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) of the key alias. Arn pulumi.StringOutput `pulumi:"arn"` // The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/) Name pulumi.StringOutput `pulumi:"name"` // Creates an unique alias beginning with the specified prefix. // The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with `name`. NamePrefix pulumi.StringOutput `pulumi:"namePrefix"` // The Amazon Resource Name (ARN) of the target key identifier. TargetKeyArn pulumi.StringOutput `pulumi:"targetKeyArn"` // Identifier for the key for which the alias is for, can be either an ARN or key_id. TargetKeyId pulumi.StringOutput `pulumi:"targetKeyId"` }
Provides an alias for a KMS customer master key. AWS Console enforces 1-to-1 mapping between aliases & keys, but API (hence this provider too) allows you to create as many aliases as the [account limits](http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) allow you.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { a, err := kms.NewKey(ctx, "a", nil) if err != nil { return err } _, err = kms.NewAlias(ctx, "a", &kms.AliasArgs{ Name: pulumi.String("alias/my-key-alias"), TargetKeyId: a.KeyId, }) if err != nil { return err } return nil }) }
```
## Import
Using `pulumi import`, import KMS aliases using the `name`. For example:
```sh $ pulumi import aws:kms/alias:Alias a alias/my-key-alias ```
func GetAlias ¶
func GetAlias(ctx *pulumi.Context, name string, id pulumi.IDInput, state *AliasState, opts ...pulumi.ResourceOption) (*Alias, error)
GetAlias gets an existing Alias resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewAlias ¶
func NewAlias(ctx *pulumi.Context, name string, args *AliasArgs, opts ...pulumi.ResourceOption) (*Alias, error)
NewAlias registers a new resource with the given unique name, arguments, and options.
func (*Alias) ElementType ¶
func (*Alias) ToAliasOutput ¶
func (i *Alias) ToAliasOutput() AliasOutput
func (*Alias) ToAliasOutputWithContext ¶
func (i *Alias) ToAliasOutputWithContext(ctx context.Context) AliasOutput
type AliasArgs ¶
type AliasArgs struct { // The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/) Name pulumi.StringPtrInput // Creates an unique alias beginning with the specified prefix. // The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with `name`. NamePrefix pulumi.StringPtrInput // Identifier for the key for which the alias is for, can be either an ARN or key_id. TargetKeyId pulumi.StringInput }
The set of arguments for constructing a Alias resource.
func (AliasArgs) ElementType ¶
type AliasArray ¶
type AliasArray []AliasInput
func (AliasArray) ElementType ¶
func (AliasArray) ElementType() reflect.Type
func (AliasArray) ToAliasArrayOutput ¶
func (i AliasArray) ToAliasArrayOutput() AliasArrayOutput
func (AliasArray) ToAliasArrayOutputWithContext ¶
func (i AliasArray) ToAliasArrayOutputWithContext(ctx context.Context) AliasArrayOutput
type AliasArrayInput ¶
type AliasArrayInput interface { pulumi.Input ToAliasArrayOutput() AliasArrayOutput ToAliasArrayOutputWithContext(context.Context) AliasArrayOutput }
AliasArrayInput is an input type that accepts AliasArray and AliasArrayOutput values. You can construct a concrete instance of `AliasArrayInput` via:
AliasArray{ AliasArgs{...} }
type AliasArrayOutput ¶
type AliasArrayOutput struct{ *pulumi.OutputState }
func (AliasArrayOutput) ElementType ¶
func (AliasArrayOutput) ElementType() reflect.Type
func (AliasArrayOutput) Index ¶
func (o AliasArrayOutput) Index(i pulumi.IntInput) AliasOutput
func (AliasArrayOutput) ToAliasArrayOutput ¶
func (o AliasArrayOutput) ToAliasArrayOutput() AliasArrayOutput
func (AliasArrayOutput) ToAliasArrayOutputWithContext ¶
func (o AliasArrayOutput) ToAliasArrayOutputWithContext(ctx context.Context) AliasArrayOutput
type AliasInput ¶
type AliasInput interface { pulumi.Input ToAliasOutput() AliasOutput ToAliasOutputWithContext(ctx context.Context) AliasOutput }
type AliasMap ¶
type AliasMap map[string]AliasInput
func (AliasMap) ElementType ¶
func (AliasMap) ToAliasMapOutput ¶
func (i AliasMap) ToAliasMapOutput() AliasMapOutput
func (AliasMap) ToAliasMapOutputWithContext ¶
func (i AliasMap) ToAliasMapOutputWithContext(ctx context.Context) AliasMapOutput
type AliasMapInput ¶
type AliasMapInput interface { pulumi.Input ToAliasMapOutput() AliasMapOutput ToAliasMapOutputWithContext(context.Context) AliasMapOutput }
AliasMapInput is an input type that accepts AliasMap and AliasMapOutput values. You can construct a concrete instance of `AliasMapInput` via:
AliasMap{ "key": AliasArgs{...} }
type AliasMapOutput ¶
type AliasMapOutput struct{ *pulumi.OutputState }
func (AliasMapOutput) ElementType ¶
func (AliasMapOutput) ElementType() reflect.Type
func (AliasMapOutput) MapIndex ¶
func (o AliasMapOutput) MapIndex(k pulumi.StringInput) AliasOutput
func (AliasMapOutput) ToAliasMapOutput ¶
func (o AliasMapOutput) ToAliasMapOutput() AliasMapOutput
func (AliasMapOutput) ToAliasMapOutputWithContext ¶
func (o AliasMapOutput) ToAliasMapOutputWithContext(ctx context.Context) AliasMapOutput
type AliasOutput ¶
type AliasOutput struct{ *pulumi.OutputState }
func (AliasOutput) Arn ¶
func (o AliasOutput) Arn() pulumi.StringOutput
The Amazon Resource Name (ARN) of the key alias.
func (AliasOutput) ElementType ¶
func (AliasOutput) ElementType() reflect.Type
func (AliasOutput) Name ¶
func (o AliasOutput) Name() pulumi.StringOutput
The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
func (AliasOutput) NamePrefix ¶
func (o AliasOutput) NamePrefix() pulumi.StringOutput
Creates an unique alias beginning with the specified prefix. The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with `name`.
func (AliasOutput) TargetKeyArn ¶
func (o AliasOutput) TargetKeyArn() pulumi.StringOutput
The Amazon Resource Name (ARN) of the target key identifier.
func (AliasOutput) TargetKeyId ¶
func (o AliasOutput) TargetKeyId() pulumi.StringOutput
Identifier for the key for which the alias is for, can be either an ARN or key_id.
func (AliasOutput) ToAliasOutput ¶
func (o AliasOutput) ToAliasOutput() AliasOutput
func (AliasOutput) ToAliasOutputWithContext ¶
func (o AliasOutput) ToAliasOutputWithContext(ctx context.Context) AliasOutput
type AliasState ¶
type AliasState struct { // The Amazon Resource Name (ARN) of the key alias. Arn pulumi.StringPtrInput // The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/) Name pulumi.StringPtrInput // Creates an unique alias beginning with the specified prefix. // The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with `name`. NamePrefix pulumi.StringPtrInput // The Amazon Resource Name (ARN) of the target key identifier. TargetKeyArn pulumi.StringPtrInput // Identifier for the key for which the alias is for, can be either an ARN or key_id. TargetKeyId pulumi.StringPtrInput }
func (AliasState) ElementType ¶
func (AliasState) ElementType() reflect.Type
type Ciphertext ¶
type Ciphertext struct { pulumi.CustomResourceState // Base64 encoded ciphertext CiphertextBlob pulumi.StringOutput `pulumi:"ciphertextBlob"` // An optional mapping that makes up the encryption context. Context pulumi.StringMapOutput `pulumi:"context"` // Globally unique key ID for the customer master key. KeyId pulumi.StringOutput `pulumi:"keyId"` // Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file. Plaintext pulumi.StringOutput `pulumi:"plaintext"` }
The KMS ciphertext resource allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this resource is stable across every apply. For a changing ciphertext value each apply, see the `kms.Ciphertext` data source.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { oauthConfig, err := kms.NewKey(ctx, "oauth_config", &kms.KeyArgs{ Description: pulumi.String("oauth config"), IsEnabled: pulumi.Bool(true), }) if err != nil { return err } _, err = kms.NewCiphertext(ctx, "oauth", &kms.CiphertextArgs{ KeyId: oauthConfig.KeyId, Plaintext: pulumi.String("{\n \"client_id\": \"e587dbae22222f55da22\",\n \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n"), }) if err != nil { return err } return nil }) }
```
func GetCiphertext ¶
func GetCiphertext(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CiphertextState, opts ...pulumi.ResourceOption) (*Ciphertext, error)
GetCiphertext gets an existing Ciphertext resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewCiphertext ¶
func NewCiphertext(ctx *pulumi.Context, name string, args *CiphertextArgs, opts ...pulumi.ResourceOption) (*Ciphertext, error)
NewCiphertext registers a new resource with the given unique name, arguments, and options.
func (*Ciphertext) ElementType ¶
func (*Ciphertext) ElementType() reflect.Type
func (*Ciphertext) ToCiphertextOutput ¶
func (i *Ciphertext) ToCiphertextOutput() CiphertextOutput
func (*Ciphertext) ToCiphertextOutputWithContext ¶
func (i *Ciphertext) ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput
type CiphertextArgs ¶
type CiphertextArgs struct { // An optional mapping that makes up the encryption context. Context pulumi.StringMapInput // Globally unique key ID for the customer master key. KeyId pulumi.StringInput // Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file. Plaintext pulumi.StringInput }
The set of arguments for constructing a Ciphertext resource.
func (CiphertextArgs) ElementType ¶
func (CiphertextArgs) ElementType() reflect.Type
type CiphertextArray ¶
type CiphertextArray []CiphertextInput
func (CiphertextArray) ElementType ¶
func (CiphertextArray) ElementType() reflect.Type
func (CiphertextArray) ToCiphertextArrayOutput ¶
func (i CiphertextArray) ToCiphertextArrayOutput() CiphertextArrayOutput
func (CiphertextArray) ToCiphertextArrayOutputWithContext ¶
func (i CiphertextArray) ToCiphertextArrayOutputWithContext(ctx context.Context) CiphertextArrayOutput
type CiphertextArrayInput ¶
type CiphertextArrayInput interface { pulumi.Input ToCiphertextArrayOutput() CiphertextArrayOutput ToCiphertextArrayOutputWithContext(context.Context) CiphertextArrayOutput }
CiphertextArrayInput is an input type that accepts CiphertextArray and CiphertextArrayOutput values. You can construct a concrete instance of `CiphertextArrayInput` via:
CiphertextArray{ CiphertextArgs{...} }
type CiphertextArrayOutput ¶
type CiphertextArrayOutput struct{ *pulumi.OutputState }
func (CiphertextArrayOutput) ElementType ¶
func (CiphertextArrayOutput) ElementType() reflect.Type
func (CiphertextArrayOutput) Index ¶
func (o CiphertextArrayOutput) Index(i pulumi.IntInput) CiphertextOutput
func (CiphertextArrayOutput) ToCiphertextArrayOutput ¶
func (o CiphertextArrayOutput) ToCiphertextArrayOutput() CiphertextArrayOutput
func (CiphertextArrayOutput) ToCiphertextArrayOutputWithContext ¶
func (o CiphertextArrayOutput) ToCiphertextArrayOutputWithContext(ctx context.Context) CiphertextArrayOutput
type CiphertextInput ¶
type CiphertextInput interface { pulumi.Input ToCiphertextOutput() CiphertextOutput ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput }
type CiphertextMap ¶
type CiphertextMap map[string]CiphertextInput
func (CiphertextMap) ElementType ¶
func (CiphertextMap) ElementType() reflect.Type
func (CiphertextMap) ToCiphertextMapOutput ¶
func (i CiphertextMap) ToCiphertextMapOutput() CiphertextMapOutput
func (CiphertextMap) ToCiphertextMapOutputWithContext ¶
func (i CiphertextMap) ToCiphertextMapOutputWithContext(ctx context.Context) CiphertextMapOutput
type CiphertextMapInput ¶
type CiphertextMapInput interface { pulumi.Input ToCiphertextMapOutput() CiphertextMapOutput ToCiphertextMapOutputWithContext(context.Context) CiphertextMapOutput }
CiphertextMapInput is an input type that accepts CiphertextMap and CiphertextMapOutput values. You can construct a concrete instance of `CiphertextMapInput` via:
CiphertextMap{ "key": CiphertextArgs{...} }
type CiphertextMapOutput ¶
type CiphertextMapOutput struct{ *pulumi.OutputState }
func (CiphertextMapOutput) ElementType ¶
func (CiphertextMapOutput) ElementType() reflect.Type
func (CiphertextMapOutput) MapIndex ¶
func (o CiphertextMapOutput) MapIndex(k pulumi.StringInput) CiphertextOutput
func (CiphertextMapOutput) ToCiphertextMapOutput ¶
func (o CiphertextMapOutput) ToCiphertextMapOutput() CiphertextMapOutput
func (CiphertextMapOutput) ToCiphertextMapOutputWithContext ¶
func (o CiphertextMapOutput) ToCiphertextMapOutputWithContext(ctx context.Context) CiphertextMapOutput
type CiphertextOutput ¶
type CiphertextOutput struct{ *pulumi.OutputState }
func (CiphertextOutput) CiphertextBlob ¶
func (o CiphertextOutput) CiphertextBlob() pulumi.StringOutput
Base64 encoded ciphertext
func (CiphertextOutput) Context ¶
func (o CiphertextOutput) Context() pulumi.StringMapOutput
An optional mapping that makes up the encryption context.
func (CiphertextOutput) ElementType ¶
func (CiphertextOutput) ElementType() reflect.Type
func (CiphertextOutput) KeyId ¶
func (o CiphertextOutput) KeyId() pulumi.StringOutput
Globally unique key ID for the customer master key.
func (CiphertextOutput) Plaintext ¶
func (o CiphertextOutput) Plaintext() pulumi.StringOutput
Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
func (CiphertextOutput) ToCiphertextOutput ¶
func (o CiphertextOutput) ToCiphertextOutput() CiphertextOutput
func (CiphertextOutput) ToCiphertextOutputWithContext ¶
func (o CiphertextOutput) ToCiphertextOutputWithContext(ctx context.Context) CiphertextOutput
type CiphertextState ¶
type CiphertextState struct { // Base64 encoded ciphertext CiphertextBlob pulumi.StringPtrInput // An optional mapping that makes up the encryption context. Context pulumi.StringMapInput // Globally unique key ID for the customer master key. KeyId pulumi.StringPtrInput // Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file. Plaintext pulumi.StringPtrInput }
func (CiphertextState) ElementType ¶
func (CiphertextState) ElementType() reflect.Type
type CustomKeyStore ¶
type CustomKeyStore struct { pulumi.CustomResourceState // Cluster ID of CloudHSM. CloudHsmClusterId pulumi.StringOutput `pulumi:"cloudHsmClusterId"` // Unique name for Custom Key Store. CustomKeyStoreName pulumi.StringOutput `pulumi:"customKeyStoreName"` // Password for `kmsuser` on CloudHSM. KeyStorePassword pulumi.StringOutput `pulumi:"keyStorePassword"` // Customer certificate used for signing on CloudHSM. TrustAnchorCertificate pulumi.StringOutput `pulumi:"trustAnchorCertificate"` }
Resource for managing an AWS KMS (Key Management) Custom Key Store.
## Example Usage
### Basic Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi-std/sdk/go/std" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { invokeFile, err := std.File(ctx, &std.FileArgs{ Input: "anchor-certificate.crt", }, nil) if err != nil { return err } _, err = kms.NewCustomKeyStore(ctx, "test", &kms.CustomKeyStoreArgs{ CloudHsmClusterId: pulumi.Any(cloudHsmClusterId), CustomKeyStoreName: pulumi.String("kms-custom-key-store-test"), KeyStorePassword: pulumi.String("noplaintextpasswords1"), TrustAnchorCertificate: pulumi.String(invokeFile.Result), }) if err != nil { return err } return nil }) }
```
## Import
Using `pulumi import`, import KMS (Key Management) Custom Key Store using the `id`. For example:
```sh $ pulumi import aws:kms/customKeyStore:CustomKeyStore example cks-5ebd4ef395a96288e ```
func GetCustomKeyStore ¶
func GetCustomKeyStore(ctx *pulumi.Context, name string, id pulumi.IDInput, state *CustomKeyStoreState, opts ...pulumi.ResourceOption) (*CustomKeyStore, error)
GetCustomKeyStore gets an existing CustomKeyStore resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewCustomKeyStore ¶
func NewCustomKeyStore(ctx *pulumi.Context, name string, args *CustomKeyStoreArgs, opts ...pulumi.ResourceOption) (*CustomKeyStore, error)
NewCustomKeyStore registers a new resource with the given unique name, arguments, and options.
func (*CustomKeyStore) ElementType ¶
func (*CustomKeyStore) ElementType() reflect.Type
func (*CustomKeyStore) ToCustomKeyStoreOutput ¶
func (i *CustomKeyStore) ToCustomKeyStoreOutput() CustomKeyStoreOutput
func (*CustomKeyStore) ToCustomKeyStoreOutputWithContext ¶
func (i *CustomKeyStore) ToCustomKeyStoreOutputWithContext(ctx context.Context) CustomKeyStoreOutput
type CustomKeyStoreArgs ¶
type CustomKeyStoreArgs struct { // Cluster ID of CloudHSM. CloudHsmClusterId pulumi.StringInput // Unique name for Custom Key Store. CustomKeyStoreName pulumi.StringInput // Password for `kmsuser` on CloudHSM. KeyStorePassword pulumi.StringInput // Customer certificate used for signing on CloudHSM. TrustAnchorCertificate pulumi.StringInput }
The set of arguments for constructing a CustomKeyStore resource.
func (CustomKeyStoreArgs) ElementType ¶
func (CustomKeyStoreArgs) ElementType() reflect.Type
type CustomKeyStoreArray ¶
type CustomKeyStoreArray []CustomKeyStoreInput
func (CustomKeyStoreArray) ElementType ¶
func (CustomKeyStoreArray) ElementType() reflect.Type
func (CustomKeyStoreArray) ToCustomKeyStoreArrayOutput ¶
func (i CustomKeyStoreArray) ToCustomKeyStoreArrayOutput() CustomKeyStoreArrayOutput
func (CustomKeyStoreArray) ToCustomKeyStoreArrayOutputWithContext ¶
func (i CustomKeyStoreArray) ToCustomKeyStoreArrayOutputWithContext(ctx context.Context) CustomKeyStoreArrayOutput
type CustomKeyStoreArrayInput ¶
type CustomKeyStoreArrayInput interface { pulumi.Input ToCustomKeyStoreArrayOutput() CustomKeyStoreArrayOutput ToCustomKeyStoreArrayOutputWithContext(context.Context) CustomKeyStoreArrayOutput }
CustomKeyStoreArrayInput is an input type that accepts CustomKeyStoreArray and CustomKeyStoreArrayOutput values. You can construct a concrete instance of `CustomKeyStoreArrayInput` via:
CustomKeyStoreArray{ CustomKeyStoreArgs{...} }
type CustomKeyStoreArrayOutput ¶
type CustomKeyStoreArrayOutput struct{ *pulumi.OutputState }
func (CustomKeyStoreArrayOutput) ElementType ¶
func (CustomKeyStoreArrayOutput) ElementType() reflect.Type
func (CustomKeyStoreArrayOutput) Index ¶
func (o CustomKeyStoreArrayOutput) Index(i pulumi.IntInput) CustomKeyStoreOutput
func (CustomKeyStoreArrayOutput) ToCustomKeyStoreArrayOutput ¶
func (o CustomKeyStoreArrayOutput) ToCustomKeyStoreArrayOutput() CustomKeyStoreArrayOutput
func (CustomKeyStoreArrayOutput) ToCustomKeyStoreArrayOutputWithContext ¶
func (o CustomKeyStoreArrayOutput) ToCustomKeyStoreArrayOutputWithContext(ctx context.Context) CustomKeyStoreArrayOutput
type CustomKeyStoreInput ¶
type CustomKeyStoreInput interface { pulumi.Input ToCustomKeyStoreOutput() CustomKeyStoreOutput ToCustomKeyStoreOutputWithContext(ctx context.Context) CustomKeyStoreOutput }
type CustomKeyStoreMap ¶
type CustomKeyStoreMap map[string]CustomKeyStoreInput
func (CustomKeyStoreMap) ElementType ¶
func (CustomKeyStoreMap) ElementType() reflect.Type
func (CustomKeyStoreMap) ToCustomKeyStoreMapOutput ¶
func (i CustomKeyStoreMap) ToCustomKeyStoreMapOutput() CustomKeyStoreMapOutput
func (CustomKeyStoreMap) ToCustomKeyStoreMapOutputWithContext ¶
func (i CustomKeyStoreMap) ToCustomKeyStoreMapOutputWithContext(ctx context.Context) CustomKeyStoreMapOutput
type CustomKeyStoreMapInput ¶
type CustomKeyStoreMapInput interface { pulumi.Input ToCustomKeyStoreMapOutput() CustomKeyStoreMapOutput ToCustomKeyStoreMapOutputWithContext(context.Context) CustomKeyStoreMapOutput }
CustomKeyStoreMapInput is an input type that accepts CustomKeyStoreMap and CustomKeyStoreMapOutput values. You can construct a concrete instance of `CustomKeyStoreMapInput` via:
CustomKeyStoreMap{ "key": CustomKeyStoreArgs{...} }
type CustomKeyStoreMapOutput ¶
type CustomKeyStoreMapOutput struct{ *pulumi.OutputState }
func (CustomKeyStoreMapOutput) ElementType ¶
func (CustomKeyStoreMapOutput) ElementType() reflect.Type
func (CustomKeyStoreMapOutput) MapIndex ¶
func (o CustomKeyStoreMapOutput) MapIndex(k pulumi.StringInput) CustomKeyStoreOutput
func (CustomKeyStoreMapOutput) ToCustomKeyStoreMapOutput ¶
func (o CustomKeyStoreMapOutput) ToCustomKeyStoreMapOutput() CustomKeyStoreMapOutput
func (CustomKeyStoreMapOutput) ToCustomKeyStoreMapOutputWithContext ¶
func (o CustomKeyStoreMapOutput) ToCustomKeyStoreMapOutputWithContext(ctx context.Context) CustomKeyStoreMapOutput
type CustomKeyStoreOutput ¶
type CustomKeyStoreOutput struct{ *pulumi.OutputState }
func (CustomKeyStoreOutput) CloudHsmClusterId ¶
func (o CustomKeyStoreOutput) CloudHsmClusterId() pulumi.StringOutput
Cluster ID of CloudHSM.
func (CustomKeyStoreOutput) CustomKeyStoreName ¶
func (o CustomKeyStoreOutput) CustomKeyStoreName() pulumi.StringOutput
Unique name for Custom Key Store.
func (CustomKeyStoreOutput) ElementType ¶
func (CustomKeyStoreOutput) ElementType() reflect.Type
func (CustomKeyStoreOutput) KeyStorePassword ¶
func (o CustomKeyStoreOutput) KeyStorePassword() pulumi.StringOutput
Password for `kmsuser` on CloudHSM.
func (CustomKeyStoreOutput) ToCustomKeyStoreOutput ¶
func (o CustomKeyStoreOutput) ToCustomKeyStoreOutput() CustomKeyStoreOutput
func (CustomKeyStoreOutput) ToCustomKeyStoreOutputWithContext ¶
func (o CustomKeyStoreOutput) ToCustomKeyStoreOutputWithContext(ctx context.Context) CustomKeyStoreOutput
func (CustomKeyStoreOutput) TrustAnchorCertificate ¶
func (o CustomKeyStoreOutput) TrustAnchorCertificate() pulumi.StringOutput
Customer certificate used for signing on CloudHSM.
type CustomKeyStoreState ¶
type CustomKeyStoreState struct { // Cluster ID of CloudHSM. CloudHsmClusterId pulumi.StringPtrInput // Unique name for Custom Key Store. CustomKeyStoreName pulumi.StringPtrInput // Password for `kmsuser` on CloudHSM. KeyStorePassword pulumi.StringPtrInput // Customer certificate used for signing on CloudHSM. TrustAnchorCertificate pulumi.StringPtrInput }
func (CustomKeyStoreState) ElementType ¶
func (CustomKeyStoreState) ElementType() reflect.Type
type ExternalKey ¶
type ExternalKey struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) of the key. Arn pulumi.StringOutput `pulumi:"arn"` // Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrOutput `pulumi:"bypassPolicyLockoutSafetyCheck"` // Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`. DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"` // Description of the key. Description pulumi.StringPtrOutput `pulumi:"description"` // Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired. Enabled pulumi.BoolOutput `pulumi:"enabled"` // Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`. ExpirationModel pulumi.StringOutput `pulumi:"expirationModel"` // Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material. KeyMaterialBase64 pulumi.StringPtrOutput `pulumi:"keyMaterialBase64"` // The state of the CMK. KeyState pulumi.StringOutput `pulumi:"keyState"` // The cryptographic operations for which you can use the CMK. KeyUsage pulumi.StringOutput `pulumi:"keyUsage"` // Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`. MultiRegion pulumi.BoolOutput `pulumi:"multiRegion"` // A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. Policy pulumi.StringOutput `pulumi:"policy"` // A key-value map of tags to assign to the key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapOutput `pulumi:"tags"` // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. // // Deprecated: Please use `tags` instead. TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"` // Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`) ValidTo pulumi.StringPtrOutput `pulumi:"validTo"` }
Manages a single-Region or multi-Region primary KMS key that uses external key material. To instead manage a single-Region or multi-Region primary KMS key where AWS automatically generates and potentially rotates key material, see the `kms.Key` resource.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewExternalKey(ctx, "example", &kms.ExternalKeyArgs{ Description: pulumi.String("KMS EXTERNAL for AMI encryption"), }) if err != nil { return err } return nil }) }
```
## Import
Using `pulumi import`, import KMS External Keys using the `id`. For example:
```sh $ pulumi import aws:kms/externalKey:ExternalKey a arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab ```
func GetExternalKey ¶
func GetExternalKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ExternalKeyState, opts ...pulumi.ResourceOption) (*ExternalKey, error)
GetExternalKey gets an existing ExternalKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewExternalKey ¶
func NewExternalKey(ctx *pulumi.Context, name string, args *ExternalKeyArgs, opts ...pulumi.ResourceOption) (*ExternalKey, error)
NewExternalKey registers a new resource with the given unique name, arguments, and options.
func (*ExternalKey) ElementType ¶
func (*ExternalKey) ElementType() reflect.Type
func (*ExternalKey) ToExternalKeyOutput ¶
func (i *ExternalKey) ToExternalKeyOutput() ExternalKeyOutput
func (*ExternalKey) ToExternalKeyOutputWithContext ¶
func (i *ExternalKey) ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput
type ExternalKeyArgs ¶
type ExternalKeyArgs struct { // Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`. DeletionWindowInDays pulumi.IntPtrInput // Description of the key. Description pulumi.StringPtrInput // Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired. Enabled pulumi.BoolPtrInput // Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material. KeyMaterialBase64 pulumi.StringPtrInput // Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`. MultiRegion pulumi.BoolPtrInput // A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. Policy pulumi.StringPtrInput // A key-value map of tags to assign to the key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput // Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`) ValidTo pulumi.StringPtrInput }
The set of arguments for constructing a ExternalKey resource.
func (ExternalKeyArgs) ElementType ¶
func (ExternalKeyArgs) ElementType() reflect.Type
type ExternalKeyArray ¶
type ExternalKeyArray []ExternalKeyInput
func (ExternalKeyArray) ElementType ¶
func (ExternalKeyArray) ElementType() reflect.Type
func (ExternalKeyArray) ToExternalKeyArrayOutput ¶
func (i ExternalKeyArray) ToExternalKeyArrayOutput() ExternalKeyArrayOutput
func (ExternalKeyArray) ToExternalKeyArrayOutputWithContext ¶
func (i ExternalKeyArray) ToExternalKeyArrayOutputWithContext(ctx context.Context) ExternalKeyArrayOutput
type ExternalKeyArrayInput ¶
type ExternalKeyArrayInput interface { pulumi.Input ToExternalKeyArrayOutput() ExternalKeyArrayOutput ToExternalKeyArrayOutputWithContext(context.Context) ExternalKeyArrayOutput }
ExternalKeyArrayInput is an input type that accepts ExternalKeyArray and ExternalKeyArrayOutput values. You can construct a concrete instance of `ExternalKeyArrayInput` via:
ExternalKeyArray{ ExternalKeyArgs{...} }
type ExternalKeyArrayOutput ¶
type ExternalKeyArrayOutput struct{ *pulumi.OutputState }
func (ExternalKeyArrayOutput) ElementType ¶
func (ExternalKeyArrayOutput) ElementType() reflect.Type
func (ExternalKeyArrayOutput) Index ¶
func (o ExternalKeyArrayOutput) Index(i pulumi.IntInput) ExternalKeyOutput
func (ExternalKeyArrayOutput) ToExternalKeyArrayOutput ¶
func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutput() ExternalKeyArrayOutput
func (ExternalKeyArrayOutput) ToExternalKeyArrayOutputWithContext ¶
func (o ExternalKeyArrayOutput) ToExternalKeyArrayOutputWithContext(ctx context.Context) ExternalKeyArrayOutput
type ExternalKeyInput ¶
type ExternalKeyInput interface { pulumi.Input ToExternalKeyOutput() ExternalKeyOutput ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput }
type ExternalKeyMap ¶
type ExternalKeyMap map[string]ExternalKeyInput
func (ExternalKeyMap) ElementType ¶
func (ExternalKeyMap) ElementType() reflect.Type
func (ExternalKeyMap) ToExternalKeyMapOutput ¶
func (i ExternalKeyMap) ToExternalKeyMapOutput() ExternalKeyMapOutput
func (ExternalKeyMap) ToExternalKeyMapOutputWithContext ¶
func (i ExternalKeyMap) ToExternalKeyMapOutputWithContext(ctx context.Context) ExternalKeyMapOutput
type ExternalKeyMapInput ¶
type ExternalKeyMapInput interface { pulumi.Input ToExternalKeyMapOutput() ExternalKeyMapOutput ToExternalKeyMapOutputWithContext(context.Context) ExternalKeyMapOutput }
ExternalKeyMapInput is an input type that accepts ExternalKeyMap and ExternalKeyMapOutput values. You can construct a concrete instance of `ExternalKeyMapInput` via:
ExternalKeyMap{ "key": ExternalKeyArgs{...} }
type ExternalKeyMapOutput ¶
type ExternalKeyMapOutput struct{ *pulumi.OutputState }
func (ExternalKeyMapOutput) ElementType ¶
func (ExternalKeyMapOutput) ElementType() reflect.Type
func (ExternalKeyMapOutput) MapIndex ¶
func (o ExternalKeyMapOutput) MapIndex(k pulumi.StringInput) ExternalKeyOutput
func (ExternalKeyMapOutput) ToExternalKeyMapOutput ¶
func (o ExternalKeyMapOutput) ToExternalKeyMapOutput() ExternalKeyMapOutput
func (ExternalKeyMapOutput) ToExternalKeyMapOutputWithContext ¶
func (o ExternalKeyMapOutput) ToExternalKeyMapOutputWithContext(ctx context.Context) ExternalKeyMapOutput
type ExternalKeyOutput ¶
type ExternalKeyOutput struct{ *pulumi.OutputState }
func (ExternalKeyOutput) Arn ¶
func (o ExternalKeyOutput) Arn() pulumi.StringOutput
The Amazon Resource Name (ARN) of the key.
func (ExternalKeyOutput) BypassPolicyLockoutSafetyCheck ¶
func (o ExternalKeyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.
func (ExternalKeyOutput) DeletionWindowInDays ¶
func (o ExternalKeyOutput) DeletionWindowInDays() pulumi.IntPtrOutput
Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
func (ExternalKeyOutput) Description ¶
func (o ExternalKeyOutput) Description() pulumi.StringPtrOutput
Description of the key.
func (ExternalKeyOutput) ElementType ¶
func (ExternalKeyOutput) ElementType() reflect.Type
func (ExternalKeyOutput) Enabled ¶
func (o ExternalKeyOutput) Enabled() pulumi.BoolOutput
Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
func (ExternalKeyOutput) ExpirationModel ¶
func (o ExternalKeyOutput) ExpirationModel() pulumi.StringOutput
Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
func (ExternalKeyOutput) KeyMaterialBase64 ¶
func (o ExternalKeyOutput) KeyMaterialBase64() pulumi.StringPtrOutput
Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
func (ExternalKeyOutput) KeyState ¶
func (o ExternalKeyOutput) KeyState() pulumi.StringOutput
The state of the CMK.
func (ExternalKeyOutput) KeyUsage ¶
func (o ExternalKeyOutput) KeyUsage() pulumi.StringOutput
The cryptographic operations for which you can use the CMK.
func (ExternalKeyOutput) MultiRegion ¶
func (o ExternalKeyOutput) MultiRegion() pulumi.BoolOutput
Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`.
func (ExternalKeyOutput) Policy ¶
func (o ExternalKeyOutput) Policy() pulumi.StringOutput
A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
func (ExternalKeyOutput) Tags ¶
func (o ExternalKeyOutput) Tags() pulumi.StringMapOutput
A key-value map of tags to assign to the key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
func (ExternalKeyOutput) TagsAll
deprecated
func (o ExternalKeyOutput) TagsAll() pulumi.StringMapOutput
A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
Deprecated: Please use `tags` instead.
func (ExternalKeyOutput) ToExternalKeyOutput ¶
func (o ExternalKeyOutput) ToExternalKeyOutput() ExternalKeyOutput
func (ExternalKeyOutput) ToExternalKeyOutputWithContext ¶
func (o ExternalKeyOutput) ToExternalKeyOutputWithContext(ctx context.Context) ExternalKeyOutput
func (ExternalKeyOutput) ValidTo ¶
func (o ExternalKeyOutput) ValidTo() pulumi.StringPtrOutput
Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
type ExternalKeyState ¶
type ExternalKeyState struct { // The Amazon Resource Name (ARN) of the key. Arn pulumi.StringPtrInput // Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`. DeletionWindowInDays pulumi.IntPtrInput // Description of the key. Description pulumi.StringPtrInput // Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired. Enabled pulumi.BoolPtrInput // Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`. ExpirationModel pulumi.StringPtrInput // Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material. KeyMaterialBase64 pulumi.StringPtrInput // The state of the CMK. KeyState pulumi.StringPtrInput // The cryptographic operations for which you can use the CMK. KeyUsage pulumi.StringPtrInput // Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`. MultiRegion pulumi.BoolPtrInput // A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. Policy pulumi.StringPtrInput // A key-value map of tags to assign to the key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. // // Deprecated: Please use `tags` instead. TagsAll pulumi.StringMapInput // Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`) ValidTo pulumi.StringPtrInput }
func (ExternalKeyState) ElementType ¶
func (ExternalKeyState) ElementType() reflect.Type
type GetCipherTextArgs ¶
type GetCipherTextArgs struct { // An optional mapping that makes up the encryption context. Context map[string]string `pulumi:"context"` // Globally unique key ID for the customer master key. KeyId string `pulumi:"keyId"` // Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file. Plaintext string `pulumi:"plaintext"` }
A collection of arguments for invoking getCipherText.
type GetCipherTextOutputArgs ¶
type GetCipherTextOutputArgs struct { // An optional mapping that makes up the encryption context. Context pulumi.StringMapInput `pulumi:"context"` // Globally unique key ID for the customer master key. KeyId pulumi.StringInput `pulumi:"keyId"` // Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file. Plaintext pulumi.StringInput `pulumi:"plaintext"` }
A collection of arguments for invoking getCipherText.
func (GetCipherTextOutputArgs) ElementType ¶
func (GetCipherTextOutputArgs) ElementType() reflect.Type
type GetCipherTextResult ¶
type GetCipherTextResult struct { // Base64 encoded ciphertext CiphertextBlob string `pulumi:"ciphertextBlob"` Context map[string]string `pulumi:"context"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyId string `pulumi:"keyId"` Plaintext string `pulumi:"plaintext"` }
A collection of values returned by getCipherText.
func GetCipherText ¶
func GetCipherText(ctx *pulumi.Context, args *GetCipherTextArgs, opts ...pulumi.InvokeOption) (*GetCipherTextResult, error)
The KMS ciphertext data source allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this data source changes every apply. For a stable ciphertext value, see the `kms.Ciphertext` resource.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { oauthConfig, err := kms.NewKey(ctx, "oauth_config", &kms.KeyArgs{ Description: pulumi.String("oauth config"), IsEnabled: pulumi.Bool(true), }) if err != nil { return err } _ = kms.GetCipherTextOutput(ctx, kms.GetCipherTextOutputArgs{ KeyId: oauthConfig.KeyId, Plaintext: pulumi.String("{\n \"client_id\": \"e587dbae22222f55da22\",\n \"client_secret\": \"8289575d00000ace55e1815ec13673955721b8a5\"\n}\n"), }, nil) return nil }) }
```
type GetCipherTextResultOutput ¶
type GetCipherTextResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getCipherText.
func GetCipherTextOutput ¶
func GetCipherTextOutput(ctx *pulumi.Context, args GetCipherTextOutputArgs, opts ...pulumi.InvokeOption) GetCipherTextResultOutput
func (GetCipherTextResultOutput) CiphertextBlob ¶
func (o GetCipherTextResultOutput) CiphertextBlob() pulumi.StringOutput
Base64 encoded ciphertext
func (GetCipherTextResultOutput) Context ¶
func (o GetCipherTextResultOutput) Context() pulumi.StringMapOutput
func (GetCipherTextResultOutput) ElementType ¶
func (GetCipherTextResultOutput) ElementType() reflect.Type
func (GetCipherTextResultOutput) Id ¶
func (o GetCipherTextResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetCipherTextResultOutput) KeyId ¶
func (o GetCipherTextResultOutput) KeyId() pulumi.StringOutput
func (GetCipherTextResultOutput) Plaintext ¶
func (o GetCipherTextResultOutput) Plaintext() pulumi.StringOutput
func (GetCipherTextResultOutput) ToGetCipherTextResultOutput ¶
func (o GetCipherTextResultOutput) ToGetCipherTextResultOutput() GetCipherTextResultOutput
func (GetCipherTextResultOutput) ToGetCipherTextResultOutputWithContext ¶
func (o GetCipherTextResultOutput) ToGetCipherTextResultOutputWithContext(ctx context.Context) GetCipherTextResultOutput
type GetKeyMultiRegionConfiguration ¶
type GetKeyMultiRegionConfiguration struct { // Indicates whether the KMS key is a `PRIMARY` or `REPLICA` key. MultiRegionKeyType string `pulumi:"multiRegionKeyType"` // The key ARN and Region of the primary key. This is the current KMS key if it is the primary key. PrimaryKeys []GetKeyMultiRegionConfigurationPrimaryKey `pulumi:"primaryKeys"` // The key ARNs and Regions of all replica keys. Includes the current KMS key if it is a replica key. ReplicaKeys []GetKeyMultiRegionConfigurationReplicaKey `pulumi:"replicaKeys"` }
type GetKeyMultiRegionConfigurationArgs ¶
type GetKeyMultiRegionConfigurationArgs struct { // Indicates whether the KMS key is a `PRIMARY` or `REPLICA` key. MultiRegionKeyType pulumi.StringInput `pulumi:"multiRegionKeyType"` // The key ARN and Region of the primary key. This is the current KMS key if it is the primary key. PrimaryKeys GetKeyMultiRegionConfigurationPrimaryKeyArrayInput `pulumi:"primaryKeys"` // The key ARNs and Regions of all replica keys. Includes the current KMS key if it is a replica key. ReplicaKeys GetKeyMultiRegionConfigurationReplicaKeyArrayInput `pulumi:"replicaKeys"` }
func (GetKeyMultiRegionConfigurationArgs) ElementType ¶
func (GetKeyMultiRegionConfigurationArgs) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationArgs) ToGetKeyMultiRegionConfigurationOutput ¶
func (i GetKeyMultiRegionConfigurationArgs) ToGetKeyMultiRegionConfigurationOutput() GetKeyMultiRegionConfigurationOutput
func (GetKeyMultiRegionConfigurationArgs) ToGetKeyMultiRegionConfigurationOutputWithContext ¶
func (i GetKeyMultiRegionConfigurationArgs) ToGetKeyMultiRegionConfigurationOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationOutput
type GetKeyMultiRegionConfigurationArray ¶
type GetKeyMultiRegionConfigurationArray []GetKeyMultiRegionConfigurationInput
func (GetKeyMultiRegionConfigurationArray) ElementType ¶
func (GetKeyMultiRegionConfigurationArray) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationArray) ToGetKeyMultiRegionConfigurationArrayOutput ¶
func (i GetKeyMultiRegionConfigurationArray) ToGetKeyMultiRegionConfigurationArrayOutput() GetKeyMultiRegionConfigurationArrayOutput
func (GetKeyMultiRegionConfigurationArray) ToGetKeyMultiRegionConfigurationArrayOutputWithContext ¶
func (i GetKeyMultiRegionConfigurationArray) ToGetKeyMultiRegionConfigurationArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationArrayOutput
type GetKeyMultiRegionConfigurationArrayInput ¶
type GetKeyMultiRegionConfigurationArrayInput interface { pulumi.Input ToGetKeyMultiRegionConfigurationArrayOutput() GetKeyMultiRegionConfigurationArrayOutput ToGetKeyMultiRegionConfigurationArrayOutputWithContext(context.Context) GetKeyMultiRegionConfigurationArrayOutput }
GetKeyMultiRegionConfigurationArrayInput is an input type that accepts GetKeyMultiRegionConfigurationArray and GetKeyMultiRegionConfigurationArrayOutput values. You can construct a concrete instance of `GetKeyMultiRegionConfigurationArrayInput` via:
GetKeyMultiRegionConfigurationArray{ GetKeyMultiRegionConfigurationArgs{...} }
type GetKeyMultiRegionConfigurationArrayOutput ¶
type GetKeyMultiRegionConfigurationArrayOutput struct{ *pulumi.OutputState }
func (GetKeyMultiRegionConfigurationArrayOutput) ElementType ¶
func (GetKeyMultiRegionConfigurationArrayOutput) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationArrayOutput) ToGetKeyMultiRegionConfigurationArrayOutput ¶
func (o GetKeyMultiRegionConfigurationArrayOutput) ToGetKeyMultiRegionConfigurationArrayOutput() GetKeyMultiRegionConfigurationArrayOutput
func (GetKeyMultiRegionConfigurationArrayOutput) ToGetKeyMultiRegionConfigurationArrayOutputWithContext ¶
func (o GetKeyMultiRegionConfigurationArrayOutput) ToGetKeyMultiRegionConfigurationArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationArrayOutput
type GetKeyMultiRegionConfigurationInput ¶
type GetKeyMultiRegionConfigurationInput interface { pulumi.Input ToGetKeyMultiRegionConfigurationOutput() GetKeyMultiRegionConfigurationOutput ToGetKeyMultiRegionConfigurationOutputWithContext(context.Context) GetKeyMultiRegionConfigurationOutput }
GetKeyMultiRegionConfigurationInput is an input type that accepts GetKeyMultiRegionConfigurationArgs and GetKeyMultiRegionConfigurationOutput values. You can construct a concrete instance of `GetKeyMultiRegionConfigurationInput` via:
GetKeyMultiRegionConfigurationArgs{...}
type GetKeyMultiRegionConfigurationOutput ¶
type GetKeyMultiRegionConfigurationOutput struct{ *pulumi.OutputState }
func (GetKeyMultiRegionConfigurationOutput) ElementType ¶
func (GetKeyMultiRegionConfigurationOutput) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationOutput) MultiRegionKeyType ¶
func (o GetKeyMultiRegionConfigurationOutput) MultiRegionKeyType() pulumi.StringOutput
Indicates whether the KMS key is a `PRIMARY` or `REPLICA` key.
func (GetKeyMultiRegionConfigurationOutput) PrimaryKeys ¶
func (o GetKeyMultiRegionConfigurationOutput) PrimaryKeys() GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
The key ARN and Region of the primary key. This is the current KMS key if it is the primary key.
func (GetKeyMultiRegionConfigurationOutput) ReplicaKeys ¶
func (o GetKeyMultiRegionConfigurationOutput) ReplicaKeys() GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
The key ARNs and Regions of all replica keys. Includes the current KMS key if it is a replica key.
func (GetKeyMultiRegionConfigurationOutput) ToGetKeyMultiRegionConfigurationOutput ¶
func (o GetKeyMultiRegionConfigurationOutput) ToGetKeyMultiRegionConfigurationOutput() GetKeyMultiRegionConfigurationOutput
func (GetKeyMultiRegionConfigurationOutput) ToGetKeyMultiRegionConfigurationOutputWithContext ¶
func (o GetKeyMultiRegionConfigurationOutput) ToGetKeyMultiRegionConfigurationOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationOutput
type GetKeyMultiRegionConfigurationPrimaryKeyArgs ¶
type GetKeyMultiRegionConfigurationPrimaryKeyArgs struct { // The key ARN of a primary or replica key of a multi-Region key. Arn pulumi.StringInput `pulumi:"arn"` // The AWS Region of a primary or replica key in a multi-Region key. Region pulumi.StringInput `pulumi:"region"` }
func (GetKeyMultiRegionConfigurationPrimaryKeyArgs) ElementType ¶
func (GetKeyMultiRegionConfigurationPrimaryKeyArgs) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationPrimaryKeyArgs) ToGetKeyMultiRegionConfigurationPrimaryKeyOutput ¶
func (i GetKeyMultiRegionConfigurationPrimaryKeyArgs) ToGetKeyMultiRegionConfigurationPrimaryKeyOutput() GetKeyMultiRegionConfigurationPrimaryKeyOutput
func (GetKeyMultiRegionConfigurationPrimaryKeyArgs) ToGetKeyMultiRegionConfigurationPrimaryKeyOutputWithContext ¶
func (i GetKeyMultiRegionConfigurationPrimaryKeyArgs) ToGetKeyMultiRegionConfigurationPrimaryKeyOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationPrimaryKeyOutput
type GetKeyMultiRegionConfigurationPrimaryKeyArray ¶
type GetKeyMultiRegionConfigurationPrimaryKeyArray []GetKeyMultiRegionConfigurationPrimaryKeyInput
func (GetKeyMultiRegionConfigurationPrimaryKeyArray) ElementType ¶
func (GetKeyMultiRegionConfigurationPrimaryKeyArray) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationPrimaryKeyArray) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutput ¶
func (i GetKeyMultiRegionConfigurationPrimaryKeyArray) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutput() GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
func (GetKeyMultiRegionConfigurationPrimaryKeyArray) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutputWithContext ¶
func (i GetKeyMultiRegionConfigurationPrimaryKeyArray) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
type GetKeyMultiRegionConfigurationPrimaryKeyArrayInput ¶
type GetKeyMultiRegionConfigurationPrimaryKeyArrayInput interface { pulumi.Input ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutput() GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutputWithContext(context.Context) GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput }
GetKeyMultiRegionConfigurationPrimaryKeyArrayInput is an input type that accepts GetKeyMultiRegionConfigurationPrimaryKeyArray and GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput values. You can construct a concrete instance of `GetKeyMultiRegionConfigurationPrimaryKeyArrayInput` via:
GetKeyMultiRegionConfigurationPrimaryKeyArray{ GetKeyMultiRegionConfigurationPrimaryKeyArgs{...} }
type GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput ¶
type GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput struct{ *pulumi.OutputState }
func (GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) ElementType ¶
func (GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutput ¶
func (o GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutput() GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
func (GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutputWithContext ¶
func (o GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationPrimaryKeyArrayOutput
type GetKeyMultiRegionConfigurationPrimaryKeyInput ¶
type GetKeyMultiRegionConfigurationPrimaryKeyInput interface { pulumi.Input ToGetKeyMultiRegionConfigurationPrimaryKeyOutput() GetKeyMultiRegionConfigurationPrimaryKeyOutput ToGetKeyMultiRegionConfigurationPrimaryKeyOutputWithContext(context.Context) GetKeyMultiRegionConfigurationPrimaryKeyOutput }
GetKeyMultiRegionConfigurationPrimaryKeyInput is an input type that accepts GetKeyMultiRegionConfigurationPrimaryKeyArgs and GetKeyMultiRegionConfigurationPrimaryKeyOutput values. You can construct a concrete instance of `GetKeyMultiRegionConfigurationPrimaryKeyInput` via:
GetKeyMultiRegionConfigurationPrimaryKeyArgs{...}
type GetKeyMultiRegionConfigurationPrimaryKeyOutput ¶
type GetKeyMultiRegionConfigurationPrimaryKeyOutput struct{ *pulumi.OutputState }
func (GetKeyMultiRegionConfigurationPrimaryKeyOutput) Arn ¶
func (o GetKeyMultiRegionConfigurationPrimaryKeyOutput) Arn() pulumi.StringOutput
The key ARN of a primary or replica key of a multi-Region key.
func (GetKeyMultiRegionConfigurationPrimaryKeyOutput) ElementType ¶
func (GetKeyMultiRegionConfigurationPrimaryKeyOutput) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationPrimaryKeyOutput) Region ¶
func (o GetKeyMultiRegionConfigurationPrimaryKeyOutput) Region() pulumi.StringOutput
The AWS Region of a primary or replica key in a multi-Region key.
func (GetKeyMultiRegionConfigurationPrimaryKeyOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyOutput ¶
func (o GetKeyMultiRegionConfigurationPrimaryKeyOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyOutput() GetKeyMultiRegionConfigurationPrimaryKeyOutput
func (GetKeyMultiRegionConfigurationPrimaryKeyOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyOutputWithContext ¶
func (o GetKeyMultiRegionConfigurationPrimaryKeyOutput) ToGetKeyMultiRegionConfigurationPrimaryKeyOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationPrimaryKeyOutput
type GetKeyMultiRegionConfigurationReplicaKeyArgs ¶
type GetKeyMultiRegionConfigurationReplicaKeyArgs struct { // The key ARN of a primary or replica key of a multi-Region key. Arn pulumi.StringInput `pulumi:"arn"` // The AWS Region of a primary or replica key in a multi-Region key. Region pulumi.StringInput `pulumi:"region"` }
func (GetKeyMultiRegionConfigurationReplicaKeyArgs) ElementType ¶
func (GetKeyMultiRegionConfigurationReplicaKeyArgs) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationReplicaKeyArgs) ToGetKeyMultiRegionConfigurationReplicaKeyOutput ¶
func (i GetKeyMultiRegionConfigurationReplicaKeyArgs) ToGetKeyMultiRegionConfigurationReplicaKeyOutput() GetKeyMultiRegionConfigurationReplicaKeyOutput
func (GetKeyMultiRegionConfigurationReplicaKeyArgs) ToGetKeyMultiRegionConfigurationReplicaKeyOutputWithContext ¶
func (i GetKeyMultiRegionConfigurationReplicaKeyArgs) ToGetKeyMultiRegionConfigurationReplicaKeyOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationReplicaKeyOutput
type GetKeyMultiRegionConfigurationReplicaKeyArray ¶
type GetKeyMultiRegionConfigurationReplicaKeyArray []GetKeyMultiRegionConfigurationReplicaKeyInput
func (GetKeyMultiRegionConfigurationReplicaKeyArray) ElementType ¶
func (GetKeyMultiRegionConfigurationReplicaKeyArray) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationReplicaKeyArray) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutput ¶
func (i GetKeyMultiRegionConfigurationReplicaKeyArray) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutput() GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
func (GetKeyMultiRegionConfigurationReplicaKeyArray) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutputWithContext ¶
func (i GetKeyMultiRegionConfigurationReplicaKeyArray) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
type GetKeyMultiRegionConfigurationReplicaKeyArrayInput ¶
type GetKeyMultiRegionConfigurationReplicaKeyArrayInput interface { pulumi.Input ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutput() GetKeyMultiRegionConfigurationReplicaKeyArrayOutput ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutputWithContext(context.Context) GetKeyMultiRegionConfigurationReplicaKeyArrayOutput }
GetKeyMultiRegionConfigurationReplicaKeyArrayInput is an input type that accepts GetKeyMultiRegionConfigurationReplicaKeyArray and GetKeyMultiRegionConfigurationReplicaKeyArrayOutput values. You can construct a concrete instance of `GetKeyMultiRegionConfigurationReplicaKeyArrayInput` via:
GetKeyMultiRegionConfigurationReplicaKeyArray{ GetKeyMultiRegionConfigurationReplicaKeyArgs{...} }
type GetKeyMultiRegionConfigurationReplicaKeyArrayOutput ¶
type GetKeyMultiRegionConfigurationReplicaKeyArrayOutput struct{ *pulumi.OutputState }
func (GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) ElementType ¶
func (GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutput ¶
func (o GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutput() GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
func (GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutputWithContext ¶
func (o GetKeyMultiRegionConfigurationReplicaKeyArrayOutput) ToGetKeyMultiRegionConfigurationReplicaKeyArrayOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationReplicaKeyArrayOutput
type GetKeyMultiRegionConfigurationReplicaKeyInput ¶
type GetKeyMultiRegionConfigurationReplicaKeyInput interface { pulumi.Input ToGetKeyMultiRegionConfigurationReplicaKeyOutput() GetKeyMultiRegionConfigurationReplicaKeyOutput ToGetKeyMultiRegionConfigurationReplicaKeyOutputWithContext(context.Context) GetKeyMultiRegionConfigurationReplicaKeyOutput }
GetKeyMultiRegionConfigurationReplicaKeyInput is an input type that accepts GetKeyMultiRegionConfigurationReplicaKeyArgs and GetKeyMultiRegionConfigurationReplicaKeyOutput values. You can construct a concrete instance of `GetKeyMultiRegionConfigurationReplicaKeyInput` via:
GetKeyMultiRegionConfigurationReplicaKeyArgs{...}
type GetKeyMultiRegionConfigurationReplicaKeyOutput ¶
type GetKeyMultiRegionConfigurationReplicaKeyOutput struct{ *pulumi.OutputState }
func (GetKeyMultiRegionConfigurationReplicaKeyOutput) Arn ¶
func (o GetKeyMultiRegionConfigurationReplicaKeyOutput) Arn() pulumi.StringOutput
The key ARN of a primary or replica key of a multi-Region key.
func (GetKeyMultiRegionConfigurationReplicaKeyOutput) ElementType ¶
func (GetKeyMultiRegionConfigurationReplicaKeyOutput) ElementType() reflect.Type
func (GetKeyMultiRegionConfigurationReplicaKeyOutput) Region ¶
func (o GetKeyMultiRegionConfigurationReplicaKeyOutput) Region() pulumi.StringOutput
The AWS Region of a primary or replica key in a multi-Region key.
func (GetKeyMultiRegionConfigurationReplicaKeyOutput) ToGetKeyMultiRegionConfigurationReplicaKeyOutput ¶
func (o GetKeyMultiRegionConfigurationReplicaKeyOutput) ToGetKeyMultiRegionConfigurationReplicaKeyOutput() GetKeyMultiRegionConfigurationReplicaKeyOutput
func (GetKeyMultiRegionConfigurationReplicaKeyOutput) ToGetKeyMultiRegionConfigurationReplicaKeyOutputWithContext ¶
func (o GetKeyMultiRegionConfigurationReplicaKeyOutput) ToGetKeyMultiRegionConfigurationReplicaKeyOutputWithContext(ctx context.Context) GetKeyMultiRegionConfigurationReplicaKeyOutput
type GetKeyXksKeyConfiguration ¶
type GetKeyXksKeyConfiguration struct { // The globally unique identifier for the key Id string `pulumi:"id"` }
type GetKeyXksKeyConfigurationArgs ¶
type GetKeyXksKeyConfigurationArgs struct { // The globally unique identifier for the key Id pulumi.StringInput `pulumi:"id"` }
func (GetKeyXksKeyConfigurationArgs) ElementType ¶
func (GetKeyXksKeyConfigurationArgs) ElementType() reflect.Type
func (GetKeyXksKeyConfigurationArgs) ToGetKeyXksKeyConfigurationOutput ¶
func (i GetKeyXksKeyConfigurationArgs) ToGetKeyXksKeyConfigurationOutput() GetKeyXksKeyConfigurationOutput
func (GetKeyXksKeyConfigurationArgs) ToGetKeyXksKeyConfigurationOutputWithContext ¶
func (i GetKeyXksKeyConfigurationArgs) ToGetKeyXksKeyConfigurationOutputWithContext(ctx context.Context) GetKeyXksKeyConfigurationOutput
type GetKeyXksKeyConfigurationArray ¶
type GetKeyXksKeyConfigurationArray []GetKeyXksKeyConfigurationInput
func (GetKeyXksKeyConfigurationArray) ElementType ¶
func (GetKeyXksKeyConfigurationArray) ElementType() reflect.Type
func (GetKeyXksKeyConfigurationArray) ToGetKeyXksKeyConfigurationArrayOutput ¶
func (i GetKeyXksKeyConfigurationArray) ToGetKeyXksKeyConfigurationArrayOutput() GetKeyXksKeyConfigurationArrayOutput
func (GetKeyXksKeyConfigurationArray) ToGetKeyXksKeyConfigurationArrayOutputWithContext ¶
func (i GetKeyXksKeyConfigurationArray) ToGetKeyXksKeyConfigurationArrayOutputWithContext(ctx context.Context) GetKeyXksKeyConfigurationArrayOutput
type GetKeyXksKeyConfigurationArrayInput ¶
type GetKeyXksKeyConfigurationArrayInput interface { pulumi.Input ToGetKeyXksKeyConfigurationArrayOutput() GetKeyXksKeyConfigurationArrayOutput ToGetKeyXksKeyConfigurationArrayOutputWithContext(context.Context) GetKeyXksKeyConfigurationArrayOutput }
GetKeyXksKeyConfigurationArrayInput is an input type that accepts GetKeyXksKeyConfigurationArray and GetKeyXksKeyConfigurationArrayOutput values. You can construct a concrete instance of `GetKeyXksKeyConfigurationArrayInput` via:
GetKeyXksKeyConfigurationArray{ GetKeyXksKeyConfigurationArgs{...} }
type GetKeyXksKeyConfigurationArrayOutput ¶
type GetKeyXksKeyConfigurationArrayOutput struct{ *pulumi.OutputState }
func (GetKeyXksKeyConfigurationArrayOutput) ElementType ¶
func (GetKeyXksKeyConfigurationArrayOutput) ElementType() reflect.Type
func (GetKeyXksKeyConfigurationArrayOutput) Index ¶
func (o GetKeyXksKeyConfigurationArrayOutput) Index(i pulumi.IntInput) GetKeyXksKeyConfigurationOutput
func (GetKeyXksKeyConfigurationArrayOutput) ToGetKeyXksKeyConfigurationArrayOutput ¶
func (o GetKeyXksKeyConfigurationArrayOutput) ToGetKeyXksKeyConfigurationArrayOutput() GetKeyXksKeyConfigurationArrayOutput
func (GetKeyXksKeyConfigurationArrayOutput) ToGetKeyXksKeyConfigurationArrayOutputWithContext ¶
func (o GetKeyXksKeyConfigurationArrayOutput) ToGetKeyXksKeyConfigurationArrayOutputWithContext(ctx context.Context) GetKeyXksKeyConfigurationArrayOutput
type GetKeyXksKeyConfigurationInput ¶
type GetKeyXksKeyConfigurationInput interface { pulumi.Input ToGetKeyXksKeyConfigurationOutput() GetKeyXksKeyConfigurationOutput ToGetKeyXksKeyConfigurationOutputWithContext(context.Context) GetKeyXksKeyConfigurationOutput }
GetKeyXksKeyConfigurationInput is an input type that accepts GetKeyXksKeyConfigurationArgs and GetKeyXksKeyConfigurationOutput values. You can construct a concrete instance of `GetKeyXksKeyConfigurationInput` via:
GetKeyXksKeyConfigurationArgs{...}
type GetKeyXksKeyConfigurationOutput ¶
type GetKeyXksKeyConfigurationOutput struct{ *pulumi.OutputState }
func (GetKeyXksKeyConfigurationOutput) ElementType ¶
func (GetKeyXksKeyConfigurationOutput) ElementType() reflect.Type
func (GetKeyXksKeyConfigurationOutput) Id ¶
func (o GetKeyXksKeyConfigurationOutput) Id() pulumi.StringOutput
The globally unique identifier for the key
func (GetKeyXksKeyConfigurationOutput) ToGetKeyXksKeyConfigurationOutput ¶
func (o GetKeyXksKeyConfigurationOutput) ToGetKeyXksKeyConfigurationOutput() GetKeyXksKeyConfigurationOutput
func (GetKeyXksKeyConfigurationOutput) ToGetKeyXksKeyConfigurationOutputWithContext ¶
func (o GetKeyXksKeyConfigurationOutput) ToGetKeyXksKeyConfigurationOutputWithContext(ctx context.Context) GetKeyXksKeyConfigurationOutput
type GetPublicKeyArgs ¶
type GetPublicKeyArgs struct { // List of grant tokens GrantTokens []string `pulumi:"grantTokens"` // Key identifier which can be one of the following format: // * Key ID. E.g - `1234abcd-12ab-34cd-56ef-1234567890ab` // * Key ARN. E.g. - `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` // * Alias name. E.g. - `alias/my-key` // * Alias ARN - E.g. - `arn:aws:kms:us-east-1:111122223333:alias/my-key` KeyId string `pulumi:"keyId"` }
A collection of arguments for invoking getPublicKey.
type GetPublicKeyOutputArgs ¶
type GetPublicKeyOutputArgs struct { // List of grant tokens GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"` // Key identifier which can be one of the following format: // * Key ID. E.g - `1234abcd-12ab-34cd-56ef-1234567890ab` // * Key ARN. E.g. - `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` // * Alias name. E.g. - `alias/my-key` // * Alias ARN - E.g. - `arn:aws:kms:us-east-1:111122223333:alias/my-key` KeyId pulumi.StringInput `pulumi:"keyId"` }
A collection of arguments for invoking getPublicKey.
func (GetPublicKeyOutputArgs) ElementType ¶
func (GetPublicKeyOutputArgs) ElementType() reflect.Type
type GetPublicKeyResult ¶
type GetPublicKeyResult struct { // Key ARN of the asymmetric CMK from which the public key was downloaded. Arn string `pulumi:"arn"` // Type of the public key that was downloaded. CustomerMasterKeySpec string `pulumi:"customerMasterKeySpec"` // Encryption algorithms that AWS KMS supports for this key. Only set when the `keyUsage` of the public key is `ENCRYPT_DECRYPT`. EncryptionAlgorithms []string `pulumi:"encryptionAlgorithms"` GrantTokens []string `pulumi:"grantTokens"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyId string `pulumi:"keyId"` // Permitted use of the public key. Valid values are `ENCRYPT_DECRYPT` or `SIGN_VERIFY` KeyUsage string `pulumi:"keyUsage"` // Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in [RFC 5280](https://tools.ietf.org/html/rfc5280). The value is Base64-encoded. PublicKey string `pulumi:"publicKey"` // Exported public key. The value is Privacy Enhanced Mail (PEM) encoded. PublicKeyPem string `pulumi:"publicKeyPem"` // Signing algorithms that AWS KMS supports for this key. Only set when the `keyUsage` of the public key is `SIGN_VERIFY`. SigningAlgorithms []string `pulumi:"signingAlgorithms"` }
A collection of values returned by getPublicKey.
func GetPublicKey ¶
func GetPublicKey(ctx *pulumi.Context, args *GetPublicKeyArgs, opts ...pulumi.InvokeOption) (*GetPublicKeyResult, error)
Use this data source to get the public key about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{ KeyId: "alias/my-key", }, nil) if err != nil { return err } _, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{ KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab", }, nil) if err != nil { return err } _, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{ KeyId: "arn:aws:kms:us-east-1:111122223333:alias/my-key", }, nil) if err != nil { return err } _, err = kms.GetPublicKey(ctx, &kms.GetPublicKeyArgs{ KeyId: "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", }, nil) if err != nil { return err } return nil }) }
```
type GetPublicKeyResultOutput ¶
type GetPublicKeyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getPublicKey.
func GetPublicKeyOutput ¶
func GetPublicKeyOutput(ctx *pulumi.Context, args GetPublicKeyOutputArgs, opts ...pulumi.InvokeOption) GetPublicKeyResultOutput
func (GetPublicKeyResultOutput) Arn ¶
func (o GetPublicKeyResultOutput) Arn() pulumi.StringOutput
Key ARN of the asymmetric CMK from which the public key was downloaded.
func (GetPublicKeyResultOutput) CustomerMasterKeySpec ¶
func (o GetPublicKeyResultOutput) CustomerMasterKeySpec() pulumi.StringOutput
Type of the public key that was downloaded.
func (GetPublicKeyResultOutput) ElementType ¶
func (GetPublicKeyResultOutput) ElementType() reflect.Type
func (GetPublicKeyResultOutput) EncryptionAlgorithms ¶
func (o GetPublicKeyResultOutput) EncryptionAlgorithms() pulumi.StringArrayOutput
Encryption algorithms that AWS KMS supports for this key. Only set when the `keyUsage` of the public key is `ENCRYPT_DECRYPT`.
func (GetPublicKeyResultOutput) GrantTokens ¶
func (o GetPublicKeyResultOutput) GrantTokens() pulumi.StringArrayOutput
func (GetPublicKeyResultOutput) Id ¶
func (o GetPublicKeyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetPublicKeyResultOutput) KeyId ¶
func (o GetPublicKeyResultOutput) KeyId() pulumi.StringOutput
func (GetPublicKeyResultOutput) KeyUsage ¶
func (o GetPublicKeyResultOutput) KeyUsage() pulumi.StringOutput
Permitted use of the public key. Valid values are `ENCRYPT_DECRYPT` or `SIGN_VERIFY`
func (GetPublicKeyResultOutput) PublicKey ¶
func (o GetPublicKeyResultOutput) PublicKey() pulumi.StringOutput
Exported public key. The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in [RFC 5280](https://tools.ietf.org/html/rfc5280). The value is Base64-encoded.
func (GetPublicKeyResultOutput) PublicKeyPem ¶
func (o GetPublicKeyResultOutput) PublicKeyPem() pulumi.StringOutput
Exported public key. The value is Privacy Enhanced Mail (PEM) encoded.
func (GetPublicKeyResultOutput) SigningAlgorithms ¶
func (o GetPublicKeyResultOutput) SigningAlgorithms() pulumi.StringArrayOutput
Signing algorithms that AWS KMS supports for this key. Only set when the `keyUsage` of the public key is `SIGN_VERIFY`.
func (GetPublicKeyResultOutput) ToGetPublicKeyResultOutput ¶
func (o GetPublicKeyResultOutput) ToGetPublicKeyResultOutput() GetPublicKeyResultOutput
func (GetPublicKeyResultOutput) ToGetPublicKeyResultOutputWithContext ¶
func (o GetPublicKeyResultOutput) ToGetPublicKeyResultOutputWithContext(ctx context.Context) GetPublicKeyResultOutput
type GetSecretArgs ¶
type GetSecretArgs struct {
Secrets []GetSecretSecret `pulumi:"secrets"`
}
A collection of arguments for invoking getSecret.
type GetSecretOutputArgs ¶
type GetSecretOutputArgs struct {
Secrets GetSecretSecretArrayInput `pulumi:"secrets"`
}
A collection of arguments for invoking getSecret.
func (GetSecretOutputArgs) ElementType ¶
func (GetSecretOutputArgs) ElementType() reflect.Type
type GetSecretResult ¶
type GetSecretResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` Secrets []GetSecretSecret `pulumi:"secrets"` }
A collection of values returned by getSecret.
func GetSecret ¶
func GetSecret(ctx *pulumi.Context, args *GetSecretArgs, opts ...pulumi.InvokeOption) (*GetSecretResult, error)
type GetSecretResultOutput ¶
type GetSecretResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getSecret.
func GetSecretOutput ¶
func GetSecretOutput(ctx *pulumi.Context, args GetSecretOutputArgs, opts ...pulumi.InvokeOption) GetSecretResultOutput
func (GetSecretResultOutput) ElementType ¶
func (GetSecretResultOutput) ElementType() reflect.Type
func (GetSecretResultOutput) Id ¶
func (o GetSecretResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetSecretResultOutput) Secrets ¶
func (o GetSecretResultOutput) Secrets() GetSecretSecretArrayOutput
func (GetSecretResultOutput) ToGetSecretResultOutput ¶
func (o GetSecretResultOutput) ToGetSecretResultOutput() GetSecretResultOutput
func (GetSecretResultOutput) ToGetSecretResultOutputWithContext ¶
func (o GetSecretResultOutput) ToGetSecretResultOutputWithContext(ctx context.Context) GetSecretResultOutput
type GetSecretSecret ¶
type GetSecretSecretArgs ¶
type GetSecretSecretArgs struct { Context pulumi.StringMapInput `pulumi:"context"` GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"` Name pulumi.StringInput `pulumi:"name"` Payload pulumi.StringInput `pulumi:"payload"` }
func (GetSecretSecretArgs) ElementType ¶
func (GetSecretSecretArgs) ElementType() reflect.Type
func (GetSecretSecretArgs) ToGetSecretSecretOutput ¶
func (i GetSecretSecretArgs) ToGetSecretSecretOutput() GetSecretSecretOutput
func (GetSecretSecretArgs) ToGetSecretSecretOutputWithContext ¶
func (i GetSecretSecretArgs) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput
type GetSecretSecretArray ¶
type GetSecretSecretArray []GetSecretSecretInput
func (GetSecretSecretArray) ElementType ¶
func (GetSecretSecretArray) ElementType() reflect.Type
func (GetSecretSecretArray) ToGetSecretSecretArrayOutput ¶
func (i GetSecretSecretArray) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput
func (GetSecretSecretArray) ToGetSecretSecretArrayOutputWithContext ¶
func (i GetSecretSecretArray) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput
type GetSecretSecretArrayInput ¶
type GetSecretSecretArrayInput interface { pulumi.Input ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput ToGetSecretSecretArrayOutputWithContext(context.Context) GetSecretSecretArrayOutput }
GetSecretSecretArrayInput is an input type that accepts GetSecretSecretArray and GetSecretSecretArrayOutput values. You can construct a concrete instance of `GetSecretSecretArrayInput` via:
GetSecretSecretArray{ GetSecretSecretArgs{...} }
type GetSecretSecretArrayOutput ¶
type GetSecretSecretArrayOutput struct{ *pulumi.OutputState }
func (GetSecretSecretArrayOutput) ElementType ¶
func (GetSecretSecretArrayOutput) ElementType() reflect.Type
func (GetSecretSecretArrayOutput) Index ¶
func (o GetSecretSecretArrayOutput) Index(i pulumi.IntInput) GetSecretSecretOutput
func (GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput ¶
func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutput() GetSecretSecretArrayOutput
func (GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext ¶
func (o GetSecretSecretArrayOutput) ToGetSecretSecretArrayOutputWithContext(ctx context.Context) GetSecretSecretArrayOutput
type GetSecretSecretInput ¶
type GetSecretSecretInput interface { pulumi.Input ToGetSecretSecretOutput() GetSecretSecretOutput ToGetSecretSecretOutputWithContext(context.Context) GetSecretSecretOutput }
GetSecretSecretInput is an input type that accepts GetSecretSecretArgs and GetSecretSecretOutput values. You can construct a concrete instance of `GetSecretSecretInput` via:
GetSecretSecretArgs{...}
type GetSecretSecretOutput ¶
type GetSecretSecretOutput struct{ *pulumi.OutputState }
func (GetSecretSecretOutput) Context ¶
func (o GetSecretSecretOutput) Context() pulumi.StringMapOutput
func (GetSecretSecretOutput) ElementType ¶
func (GetSecretSecretOutput) ElementType() reflect.Type
func (GetSecretSecretOutput) GrantTokens ¶
func (o GetSecretSecretOutput) GrantTokens() pulumi.StringArrayOutput
func (GetSecretSecretOutput) Name ¶
func (o GetSecretSecretOutput) Name() pulumi.StringOutput
func (GetSecretSecretOutput) Payload ¶
func (o GetSecretSecretOutput) Payload() pulumi.StringOutput
func (GetSecretSecretOutput) ToGetSecretSecretOutput ¶
func (o GetSecretSecretOutput) ToGetSecretSecretOutput() GetSecretSecretOutput
func (GetSecretSecretOutput) ToGetSecretSecretOutputWithContext ¶
func (o GetSecretSecretOutput) ToGetSecretSecretOutputWithContext(ctx context.Context) GetSecretSecretOutput
type GetSecretsArgs ¶
type GetSecretsArgs struct { // One or more encrypted payload definitions from the KMS service. See the Secret Definitions below. Secrets []GetSecretsSecret `pulumi:"secrets"` }
A collection of arguments for invoking getSecrets.
type GetSecretsOutputArgs ¶
type GetSecretsOutputArgs struct { // One or more encrypted payload definitions from the KMS service. See the Secret Definitions below. Secrets GetSecretsSecretArrayInput `pulumi:"secrets"` }
A collection of arguments for invoking getSecrets.
func (GetSecretsOutputArgs) ElementType ¶
func (GetSecretsOutputArgs) ElementType() reflect.Type
type GetSecretsResult ¶
type GetSecretsResult struct { // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // Map containing each `secret` `name` as the key with its decrypted plaintext value Plaintext map[string]string `pulumi:"plaintext"` Secrets []GetSecretsSecret `pulumi:"secrets"` }
A collection of values returned by getSecrets.
func GetSecrets ¶
func GetSecrets(ctx *pulumi.Context, args *GetSecretsArgs, opts ...pulumi.InvokeOption) (*GetSecretsResult, error)
Decrypt multiple secrets from data encrypted with the AWS KMS service.
## Example Usage
If you do not already have a `CiphertextBlob` from encrypting a KMS secret, you can use the below commands to obtain one using the [AWS CLI kms encrypt](https://docs.aws.amazon.com/cli/latest/reference/kms/encrypt.html) command. This requires you to have your AWS CLI setup correctly and replace the `--key-id` with your own. Alternatively you can use `--plaintext 'master-password'` (CLIv1) or `--plaintext fileb://<(echo -n 'master-password')` (CLIv2) instead of reading from a file.
> If you have a newline character at the end of your file, it will be decrypted with this newline character intact. For most use cases this is undesirable and leads to incorrect passwords or invalid values, as well as possible changes in the plan. Be sure to use `echo -n` if necessary. If you are using asymmetric keys ensure you are using the right encryption algorithm when you encrypt and decrypt else you will get IncorrectKeyException during the decrypt phase.
That encrypted output can now be inserted into provider configurations without exposing the plaintext secret directly.
type GetSecretsResultOutput ¶
type GetSecretsResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getSecrets.
func GetSecretsOutput ¶
func GetSecretsOutput(ctx *pulumi.Context, args GetSecretsOutputArgs, opts ...pulumi.InvokeOption) GetSecretsResultOutput
func (GetSecretsResultOutput) ElementType ¶
func (GetSecretsResultOutput) ElementType() reflect.Type
func (GetSecretsResultOutput) Id ¶
func (o GetSecretsResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (GetSecretsResultOutput) Plaintext ¶
func (o GetSecretsResultOutput) Plaintext() pulumi.StringMapOutput
Map containing each `secret` `name` as the key with its decrypted plaintext value
func (GetSecretsResultOutput) Secrets ¶
func (o GetSecretsResultOutput) Secrets() GetSecretsSecretArrayOutput
func (GetSecretsResultOutput) ToGetSecretsResultOutput ¶
func (o GetSecretsResultOutput) ToGetSecretsResultOutput() GetSecretsResultOutput
func (GetSecretsResultOutput) ToGetSecretsResultOutputWithContext ¶
func (o GetSecretsResultOutput) ToGetSecretsResultOutputWithContext(ctx context.Context) GetSecretsResultOutput
type GetSecretsSecret ¶
type GetSecretsSecret struct { // An optional mapping that makes up the Encryption Context for the secret. Context map[string]string `pulumi:"context"` // The encryption algorithm that will be used to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Valid Values: SYMMETRIC_DEFAULT | RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256 | SM2PKE EncryptionAlgorithm *string `pulumi:"encryptionAlgorithm"` // An optional list of Grant Tokens for the secret. GrantTokens []string `pulumi:"grantTokens"` // Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. // // For more information on `context` and `grantTokens` see the [KMS // Concepts](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) KeyId *string `pulumi:"keyId"` // Name to export this secret under in the attributes. Name string `pulumi:"name"` // Base64 encoded payload, as returned from a KMS encrypt operation. Payload string `pulumi:"payload"` }
type GetSecretsSecretArgs ¶
type GetSecretsSecretArgs struct { // An optional mapping that makes up the Encryption Context for the secret. Context pulumi.StringMapInput `pulumi:"context"` // The encryption algorithm that will be used to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Valid Values: SYMMETRIC_DEFAULT | RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256 | SM2PKE EncryptionAlgorithm pulumi.StringPtrInput `pulumi:"encryptionAlgorithm"` // An optional list of Grant Tokens for the secret. GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"` // Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. // // For more information on `context` and `grantTokens` see the [KMS // Concepts](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html) KeyId pulumi.StringPtrInput `pulumi:"keyId"` // Name to export this secret under in the attributes. Name pulumi.StringInput `pulumi:"name"` // Base64 encoded payload, as returned from a KMS encrypt operation. Payload pulumi.StringInput `pulumi:"payload"` }
func (GetSecretsSecretArgs) ElementType ¶
func (GetSecretsSecretArgs) ElementType() reflect.Type
func (GetSecretsSecretArgs) ToGetSecretsSecretOutput ¶
func (i GetSecretsSecretArgs) ToGetSecretsSecretOutput() GetSecretsSecretOutput
func (GetSecretsSecretArgs) ToGetSecretsSecretOutputWithContext ¶
func (i GetSecretsSecretArgs) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput
type GetSecretsSecretArray ¶
type GetSecretsSecretArray []GetSecretsSecretInput
func (GetSecretsSecretArray) ElementType ¶
func (GetSecretsSecretArray) ElementType() reflect.Type
func (GetSecretsSecretArray) ToGetSecretsSecretArrayOutput ¶
func (i GetSecretsSecretArray) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput
func (GetSecretsSecretArray) ToGetSecretsSecretArrayOutputWithContext ¶
func (i GetSecretsSecretArray) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput
type GetSecretsSecretArrayInput ¶
type GetSecretsSecretArrayInput interface { pulumi.Input ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput ToGetSecretsSecretArrayOutputWithContext(context.Context) GetSecretsSecretArrayOutput }
GetSecretsSecretArrayInput is an input type that accepts GetSecretsSecretArray and GetSecretsSecretArrayOutput values. You can construct a concrete instance of `GetSecretsSecretArrayInput` via:
GetSecretsSecretArray{ GetSecretsSecretArgs{...} }
type GetSecretsSecretArrayOutput ¶
type GetSecretsSecretArrayOutput struct{ *pulumi.OutputState }
func (GetSecretsSecretArrayOutput) ElementType ¶
func (GetSecretsSecretArrayOutput) ElementType() reflect.Type
func (GetSecretsSecretArrayOutput) Index ¶
func (o GetSecretsSecretArrayOutput) Index(i pulumi.IntInput) GetSecretsSecretOutput
func (GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput ¶
func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutput() GetSecretsSecretArrayOutput
func (GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext ¶
func (o GetSecretsSecretArrayOutput) ToGetSecretsSecretArrayOutputWithContext(ctx context.Context) GetSecretsSecretArrayOutput
type GetSecretsSecretInput ¶
type GetSecretsSecretInput interface { pulumi.Input ToGetSecretsSecretOutput() GetSecretsSecretOutput ToGetSecretsSecretOutputWithContext(context.Context) GetSecretsSecretOutput }
GetSecretsSecretInput is an input type that accepts GetSecretsSecretArgs and GetSecretsSecretOutput values. You can construct a concrete instance of `GetSecretsSecretInput` via:
GetSecretsSecretArgs{...}
type GetSecretsSecretOutput ¶
type GetSecretsSecretOutput struct{ *pulumi.OutputState }
func (GetSecretsSecretOutput) Context ¶
func (o GetSecretsSecretOutput) Context() pulumi.StringMapOutput
An optional mapping that makes up the Encryption Context for the secret.
func (GetSecretsSecretOutput) ElementType ¶
func (GetSecretsSecretOutput) ElementType() reflect.Type
func (GetSecretsSecretOutput) EncryptionAlgorithm ¶
func (o GetSecretsSecretOutput) EncryptionAlgorithm() pulumi.StringPtrOutput
The encryption algorithm that will be used to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key. Valid Values: SYMMETRIC_DEFAULT | RSAES_OAEP_SHA_1 | RSAES_OAEP_SHA_256 | SM2PKE
func (GetSecretsSecretOutput) GrantTokens ¶
func (o GetSecretsSecretOutput) GrantTokens() pulumi.StringArrayOutput
An optional list of Grant Tokens for the secret.
func (GetSecretsSecretOutput) KeyId ¶
func (o GetSecretsSecretOutput) KeyId() pulumi.StringPtrOutput
Specifies the KMS key that AWS KMS uses to decrypt the ciphertext. This parameter is required only when the ciphertext was encrypted under an asymmetric KMS key.
For more information on `context` and `grantTokens` see the [KMS Concepts](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html)
func (GetSecretsSecretOutput) Name ¶
func (o GetSecretsSecretOutput) Name() pulumi.StringOutput
Name to export this secret under in the attributes.
func (GetSecretsSecretOutput) Payload ¶
func (o GetSecretsSecretOutput) Payload() pulumi.StringOutput
Base64 encoded payload, as returned from a KMS encrypt operation.
func (GetSecretsSecretOutput) ToGetSecretsSecretOutput ¶
func (o GetSecretsSecretOutput) ToGetSecretsSecretOutput() GetSecretsSecretOutput
func (GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext ¶
func (o GetSecretsSecretOutput) ToGetSecretsSecretOutputWithContext(ctx context.Context) GetSecretsSecretOutput
type Grant ¶
type Grant struct { pulumi.CustomResourceState // A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). Constraints GrantConstraintArrayOutput `pulumi:"constraints"` // A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens. GrantCreationTokens pulumi.StringArrayOutput `pulumi:"grantCreationTokens"` // The unique identifier for the grant. GrantId pulumi.StringOutput `pulumi:"grantId"` // The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantToken pulumi.StringOutput `pulumi:"grantToken"` // The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. GranteePrincipal pulumi.StringOutput `pulumi:"granteePrincipal"` // The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. KeyId pulumi.StringOutput `pulumi:"keyId"` // A friendly name for identifying the grant. Name pulumi.StringOutput `pulumi:"name"` // A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`. Operations pulumi.StringArrayOutput `pulumi:"operations"` // If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. // See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information. RetireOnDelete pulumi.BoolPtrOutput `pulumi:"retireOnDelete"` // The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. RetiringPrincipal pulumi.StringPtrOutput `pulumi:"retiringPrincipal"` }
Provides a resource-based access control mechanism for a KMS customer master key.
> **Note:** All arguments including the grant token will be stored in the raw state as plain-text. ## Import
Using `pulumi import`, import KMS Grants using the Key ID and Grant ID separated by a colon (`:`). For example:
```sh $ pulumi import aws:kms/grant:Grant test 1234abcd-12ab-34cd-56ef-1234567890ab:abcde1237f76e4ba7987489ac329fbfba6ad343d6f7075dbd1ef191f0120514 ```
func GetGrant ¶
func GetGrant(ctx *pulumi.Context, name string, id pulumi.IDInput, state *GrantState, opts ...pulumi.ResourceOption) (*Grant, error)
GetGrant gets an existing Grant resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewGrant ¶
func NewGrant(ctx *pulumi.Context, name string, args *GrantArgs, opts ...pulumi.ResourceOption) (*Grant, error)
NewGrant registers a new resource with the given unique name, arguments, and options.
func (*Grant) ElementType ¶
func (*Grant) ToGrantOutput ¶
func (i *Grant) ToGrantOutput() GrantOutput
func (*Grant) ToGrantOutputWithContext ¶
func (i *Grant) ToGrantOutputWithContext(ctx context.Context) GrantOutput
type GrantArgs ¶
type GrantArgs struct { // A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). Constraints GrantConstraintArrayInput // A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens. GrantCreationTokens pulumi.StringArrayInput // The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. GranteePrincipal pulumi.StringInput // The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. KeyId pulumi.StringInput // A friendly name for identifying the grant. Name pulumi.StringPtrInput // A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`. Operations pulumi.StringArrayInput // If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. // See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information. RetireOnDelete pulumi.BoolPtrInput // The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. RetiringPrincipal pulumi.StringPtrInput }
The set of arguments for constructing a Grant resource.
func (GrantArgs) ElementType ¶
type GrantArray ¶
type GrantArray []GrantInput
func (GrantArray) ElementType ¶
func (GrantArray) ElementType() reflect.Type
func (GrantArray) ToGrantArrayOutput ¶
func (i GrantArray) ToGrantArrayOutput() GrantArrayOutput
func (GrantArray) ToGrantArrayOutputWithContext ¶
func (i GrantArray) ToGrantArrayOutputWithContext(ctx context.Context) GrantArrayOutput
type GrantArrayInput ¶
type GrantArrayInput interface { pulumi.Input ToGrantArrayOutput() GrantArrayOutput ToGrantArrayOutputWithContext(context.Context) GrantArrayOutput }
GrantArrayInput is an input type that accepts GrantArray and GrantArrayOutput values. You can construct a concrete instance of `GrantArrayInput` via:
GrantArray{ GrantArgs{...} }
type GrantArrayOutput ¶
type GrantArrayOutput struct{ *pulumi.OutputState }
func (GrantArrayOutput) ElementType ¶
func (GrantArrayOutput) ElementType() reflect.Type
func (GrantArrayOutput) Index ¶
func (o GrantArrayOutput) Index(i pulumi.IntInput) GrantOutput
func (GrantArrayOutput) ToGrantArrayOutput ¶
func (o GrantArrayOutput) ToGrantArrayOutput() GrantArrayOutput
func (GrantArrayOutput) ToGrantArrayOutputWithContext ¶
func (o GrantArrayOutput) ToGrantArrayOutputWithContext(ctx context.Context) GrantArrayOutput
type GrantConstraint ¶
type GrantConstraint struct { // A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`. EncryptionContextEquals map[string]string `pulumi:"encryptionContextEquals"` // A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`. EncryptionContextSubset map[string]string `pulumi:"encryptionContextSubset"` }
type GrantConstraintArgs ¶
type GrantConstraintArgs struct { // A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`. EncryptionContextEquals pulumi.StringMapInput `pulumi:"encryptionContextEquals"` // A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`. EncryptionContextSubset pulumi.StringMapInput `pulumi:"encryptionContextSubset"` }
func (GrantConstraintArgs) ElementType ¶
func (GrantConstraintArgs) ElementType() reflect.Type
func (GrantConstraintArgs) ToGrantConstraintOutput ¶
func (i GrantConstraintArgs) ToGrantConstraintOutput() GrantConstraintOutput
func (GrantConstraintArgs) ToGrantConstraintOutputWithContext ¶
func (i GrantConstraintArgs) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput
type GrantConstraintArray ¶
type GrantConstraintArray []GrantConstraintInput
func (GrantConstraintArray) ElementType ¶
func (GrantConstraintArray) ElementType() reflect.Type
func (GrantConstraintArray) ToGrantConstraintArrayOutput ¶
func (i GrantConstraintArray) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput
func (GrantConstraintArray) ToGrantConstraintArrayOutputWithContext ¶
func (i GrantConstraintArray) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput
type GrantConstraintArrayInput ¶
type GrantConstraintArrayInput interface { pulumi.Input ToGrantConstraintArrayOutput() GrantConstraintArrayOutput ToGrantConstraintArrayOutputWithContext(context.Context) GrantConstraintArrayOutput }
GrantConstraintArrayInput is an input type that accepts GrantConstraintArray and GrantConstraintArrayOutput values. You can construct a concrete instance of `GrantConstraintArrayInput` via:
GrantConstraintArray{ GrantConstraintArgs{...} }
type GrantConstraintArrayOutput ¶
type GrantConstraintArrayOutput struct{ *pulumi.OutputState }
func (GrantConstraintArrayOutput) ElementType ¶
func (GrantConstraintArrayOutput) ElementType() reflect.Type
func (GrantConstraintArrayOutput) Index ¶
func (o GrantConstraintArrayOutput) Index(i pulumi.IntInput) GrantConstraintOutput
func (GrantConstraintArrayOutput) ToGrantConstraintArrayOutput ¶
func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutput() GrantConstraintArrayOutput
func (GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext ¶
func (o GrantConstraintArrayOutput) ToGrantConstraintArrayOutputWithContext(ctx context.Context) GrantConstraintArrayOutput
type GrantConstraintInput ¶
type GrantConstraintInput interface { pulumi.Input ToGrantConstraintOutput() GrantConstraintOutput ToGrantConstraintOutputWithContext(context.Context) GrantConstraintOutput }
GrantConstraintInput is an input type that accepts GrantConstraintArgs and GrantConstraintOutput values. You can construct a concrete instance of `GrantConstraintInput` via:
GrantConstraintArgs{...}
type GrantConstraintOutput ¶
type GrantConstraintOutput struct{ *pulumi.OutputState }
func (GrantConstraintOutput) ElementType ¶
func (GrantConstraintOutput) ElementType() reflect.Type
func (GrantConstraintOutput) EncryptionContextEquals ¶
func (o GrantConstraintOutput) EncryptionContextEquals() pulumi.StringMapOutput
A list of key-value pairs that must match the encryption context in subsequent cryptographic operation requests. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. Conflicts with `encryptionContextSubset`.
func (GrantConstraintOutput) EncryptionContextSubset ¶
func (o GrantConstraintOutput) EncryptionContextSubset() pulumi.StringMapOutput
A list of key-value pairs that must be included in the encryption context of subsequent cryptographic operation requests. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. Conflicts with `encryptionContextEquals`.
func (GrantConstraintOutput) ToGrantConstraintOutput ¶
func (o GrantConstraintOutput) ToGrantConstraintOutput() GrantConstraintOutput
func (GrantConstraintOutput) ToGrantConstraintOutputWithContext ¶
func (o GrantConstraintOutput) ToGrantConstraintOutputWithContext(ctx context.Context) GrantConstraintOutput
type GrantInput ¶
type GrantInput interface { pulumi.Input ToGrantOutput() GrantOutput ToGrantOutputWithContext(ctx context.Context) GrantOutput }
type GrantMap ¶
type GrantMap map[string]GrantInput
func (GrantMap) ElementType ¶
func (GrantMap) ToGrantMapOutput ¶
func (i GrantMap) ToGrantMapOutput() GrantMapOutput
func (GrantMap) ToGrantMapOutputWithContext ¶
func (i GrantMap) ToGrantMapOutputWithContext(ctx context.Context) GrantMapOutput
type GrantMapInput ¶
type GrantMapInput interface { pulumi.Input ToGrantMapOutput() GrantMapOutput ToGrantMapOutputWithContext(context.Context) GrantMapOutput }
GrantMapInput is an input type that accepts GrantMap and GrantMapOutput values. You can construct a concrete instance of `GrantMapInput` via:
GrantMap{ "key": GrantArgs{...} }
type GrantMapOutput ¶
type GrantMapOutput struct{ *pulumi.OutputState }
func (GrantMapOutput) ElementType ¶
func (GrantMapOutput) ElementType() reflect.Type
func (GrantMapOutput) MapIndex ¶
func (o GrantMapOutput) MapIndex(k pulumi.StringInput) GrantOutput
func (GrantMapOutput) ToGrantMapOutput ¶
func (o GrantMapOutput) ToGrantMapOutput() GrantMapOutput
func (GrantMapOutput) ToGrantMapOutputWithContext ¶
func (o GrantMapOutput) ToGrantMapOutputWithContext(ctx context.Context) GrantMapOutput
type GrantOutput ¶
type GrantOutput struct{ *pulumi.OutputState }
func (GrantOutput) Constraints ¶
func (o GrantOutput) Constraints() GrantConstraintArrayOutput
A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
func (GrantOutput) ElementType ¶
func (GrantOutput) ElementType() reflect.Type
func (GrantOutput) GrantCreationTokens ¶
func (o GrantOutput) GrantCreationTokens() pulumi.StringArrayOutput
A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
func (GrantOutput) GrantId ¶
func (o GrantOutput) GrantId() pulumi.StringOutput
The unique identifier for the grant.
func (GrantOutput) GrantToken ¶
func (o GrantOutput) GrantToken() pulumi.StringOutput
The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).
func (GrantOutput) GranteePrincipal ¶
func (o GrantOutput) GranteePrincipal() pulumi.StringOutput
The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
func (GrantOutput) KeyId ¶
func (o GrantOutput) KeyId() pulumi.StringOutput
The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
func (GrantOutput) Name ¶
func (o GrantOutput) Name() pulumi.StringOutput
A friendly name for identifying the grant.
func (GrantOutput) Operations ¶
func (o GrantOutput) Operations() pulumi.StringArrayOutput
A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`.
func (GrantOutput) RetireOnDelete ¶
func (o GrantOutput) RetireOnDelete() pulumi.BoolPtrOutput
If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
func (GrantOutput) RetiringPrincipal ¶
func (o GrantOutput) RetiringPrincipal() pulumi.StringPtrOutput
The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS.
func (GrantOutput) ToGrantOutput ¶
func (o GrantOutput) ToGrantOutput() GrantOutput
func (GrantOutput) ToGrantOutputWithContext ¶
func (o GrantOutput) ToGrantOutputWithContext(ctx context.Context) GrantOutput
type GrantState ¶
type GrantState struct { // A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html). Constraints GrantConstraintArrayInput // A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens. GrantCreationTokens pulumi.StringArrayInput // The unique identifier for the grant. GrantId pulumi.StringPtrInput // The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token). GrantToken pulumi.StringPtrInput // The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. GranteePrincipal pulumi.StringPtrInput // The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. KeyId pulumi.StringPtrInput // A friendly name for identifying the grant. Name pulumi.StringPtrInput // A list of operations that the grant permits. The permitted values are: `Decrypt`, `Encrypt`, `GenerateDataKey`, `GenerateDataKeyWithoutPlaintext`, `ReEncryptFrom`, `ReEncryptTo`, `Sign`, `Verify`, `GetPublicKey`, `CreateGrant`, `RetireGrant`, `DescribeKey`, `GenerateDataKeyPair`, or `GenerateDataKeyPairWithoutPlaintext`. Operations pulumi.StringArrayInput // If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. // See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information. RetireOnDelete pulumi.BoolPtrInput // The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the providers's state may not always be refreshed to reflect what is true in AWS. RetiringPrincipal pulumi.StringPtrInput }
func (GrantState) ElementType ¶
func (GrantState) ElementType() reflect.Type
type Key ¶
type Key struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) of the key. Arn pulumi.StringOutput `pulumi:"arn"` // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. // The default value is `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrOutput `pulumi:"bypassPolicyLockoutSafetyCheck"` // ID of the KMS [Custom Key Store](https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) where the key will be stored instead of KMS (eg CloudHSM). CustomKeyStoreId pulumi.StringPtrOutput `pulumi:"customKeyStoreId"` // Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. // Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html). CustomerMasterKeySpec pulumi.StringPtrOutput `pulumi:"customerMasterKeySpec"` // The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. // If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. // If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately. DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"` // The description of the key as viewed in AWS console. Description pulumi.StringOutput `pulumi:"description"` // Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to `false`. EnableKeyRotation pulumi.BoolPtrOutput `pulumi:"enableKeyRotation"` // Specifies whether the key is enabled. Defaults to `true`. IsEnabled pulumi.BoolPtrOutput `pulumi:"isEnabled"` // The globally unique identifier for the key. KeyId pulumi.StringOutput `pulumi:"keyId"` // Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `GENERATE_VERIFY_MAC`. // Defaults to `ENCRYPT_DECRYPT`. KeyUsage pulumi.StringPtrOutput `pulumi:"keyUsage"` // Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`. MultiRegion pulumi.BoolOutput `pulumi:"multiRegion"` // A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. // // > **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants. Policy pulumi.StringOutput `pulumi:"policy"` // Custom period of time between each rotation date. Must be a number between 90 and 2560 (inclusive). RotationPeriodInDays pulumi.IntOutput `pulumi:"rotationPeriodInDays"` // A map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapOutput `pulumi:"tags"` // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. // // Deprecated: Please use `tags` instead. TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"` // Identifies the external key that serves as key material for the KMS key in an external key store. XksKeyId pulumi.StringPtrOutput `pulumi:"xksKeyId"` }
Manages a single-Region or multi-Region primary KMS key.
> **NOTE on KMS Key Policy:** KMS Key Policy can be configured in either the standalone resource `kms.KeyPolicy` or with the parameter `policy` in this resource. Configuring with both will cause inconsistencies and may overwrite configuration.
## Example Usage
### Symmetric Encryption KMS Key
```go package main
import (
"encoding/json" "fmt" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { current, err := aws.GetCallerIdentity(ctx, nil, nil) if err != nil { return err } tmpJSON0, err := json.Marshal(map[string]interface{}{ "Version": "2012-10-17", "Id": "key-default-1", "Statement": []interface{}{ map[string]interface{}{ "Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:root", current.AccountId), }, "Action": "kms:*", "Resource": "*", }, map[string]interface{}{ "Sid": "Allow administration of the key", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:user/Alice", current.AccountId), }, "Action": []string{ "kms:ReplicateKey", "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion", }, "Resource": "*", }, map[string]interface{}{ "Sid": "Allow use of the key", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:user/Bob", current.AccountId), }, "Action": []string{ "kms:DescribeKey", "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext", }, "Resource": "*", }, }, }) if err != nil { return err } json0 := string(tmpJSON0) _, err = kms.NewKey(ctx, "example", &kms.KeyArgs{ Description: pulumi.String("An example symmetric encryption KMS key"), EnableKeyRotation: pulumi.Bool(true), DeletionWindowInDays: pulumi.Int(20), Policy: pulumi.String(json0), }) if err != nil { return err } return nil }) }
```
### Symmetric Encryption KMS Key With Standalone Policy Resource
```go package main
import (
"encoding/json" "fmt" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { current, err := aws.GetCallerIdentity(ctx, nil, nil) if err != nil { return err } example, err := kms.NewKey(ctx, "example", &kms.KeyArgs{ Description: pulumi.String("An example symmetric encryption KMS key"), EnableKeyRotation: pulumi.Bool(true), DeletionWindowInDays: pulumi.Int(20), }) if err != nil { return err } tmpJSON0, err := json.Marshal(map[string]interface{}{ "Version": "2012-10-17", "Id": "key-default-1", "Statement": []map[string]interface{}{ map[string]interface{}{ "Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:root", current.AccountId), }, "Action": "kms:*", "Resource": "*", }, }, }) if err != nil { return err } json0 := string(tmpJSON0) _, err = kms.NewKeyPolicy(ctx, "example", &kms.KeyPolicyArgs{ KeyId: example.ID(), Policy: pulumi.String(json0), }) if err != nil { return err } return nil }) }
```
### Asymmetric KMS Key
```go package main
import (
"encoding/json" "fmt" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { current, err := aws.GetCallerIdentity(ctx, nil, nil) if err != nil { return err } tmpJSON0, err := json.Marshal(map[string]interface{}{ "Version": "2012-10-17", "Id": "key-default-1", "Statement": []interface{}{ map[string]interface{}{ "Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:root", current.AccountId), }, "Action": "kms:*", "Resource": "*", }, map[string]interface{}{ "Sid": "Allow administration of the key", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:role/Admin", current.AccountId), }, "Action": []string{ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion", }, "Resource": "*", }, map[string]interface{}{ "Sid": "Allow use of the key", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:role/Developer", current.AccountId), }, "Action": []string{ "kms:Sign", "kms:Verify", "kms:DescribeKey", }, "Resource": "*", }, }, }) if err != nil { return err } json0 := string(tmpJSON0) _, err = kms.NewKey(ctx, "example", &kms.KeyArgs{ Description: pulumi.String("RSA-3072 asymmetric KMS key for signing and verification"), CustomerMasterKeySpec: pulumi.String("RSA_3072"), KeyUsage: pulumi.String("SIGN_VERIFY"), EnableKeyRotation: pulumi.Bool(false), Policy: pulumi.String(json0), }) if err != nil { return err } return nil }) }
```
### HMAC KMS key
```go package main
import (
"encoding/json" "fmt" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { current, err := aws.GetCallerIdentity(ctx, nil, nil) if err != nil { return err } tmpJSON0, err := json.Marshal(map[string]interface{}{ "Version": "2012-10-17", "Id": "key-default-1", "Statement": []interface{}{ map[string]interface{}{ "Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:root", current.AccountId), }, "Action": "kms:*", "Resource": "*", }, map[string]interface{}{ "Sid": "Allow administration of the key", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:role/Admin", current.AccountId), }, "Action": []string{ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion", }, "Resource": "*", }, map[string]interface{}{ "Sid": "Allow use of the key", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:role/Developer", current.AccountId), }, "Action": []string{ "kms:GenerateMac", "kms:VerifyMac", "kms:DescribeKey", }, "Resource": "*", }, }, }) if err != nil { return err } json0 := string(tmpJSON0) _, err = kms.NewKey(ctx, "example", &kms.KeyArgs{ Description: pulumi.String("HMAC_384 key for tokens"), CustomerMasterKeySpec: pulumi.String("HMAC_384"), KeyUsage: pulumi.String("GENERATE_VERIFY_MAC"), EnableKeyRotation: pulumi.Bool(false), Policy: pulumi.String(json0), }) if err != nil { return err } return nil }) }
```
### Multi-Region Primary Key
```go package main
import (
"encoding/json" "fmt" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { current, err := aws.GetCallerIdentity(ctx, nil, nil) if err != nil { return err } tmpJSON0, err := json.Marshal(map[string]interface{}{ "Version": "2012-10-17", "Id": "key-default-1", "Statement": []interface{}{ map[string]interface{}{ "Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:root", current.AccountId), }, "Action": "kms:*", "Resource": "*", }, map[string]interface{}{ "Sid": "Allow administration of the key", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:user/Alice", current.AccountId), }, "Action": []string{ "kms:ReplicateKey", "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion", }, "Resource": "*", }, map[string]interface{}{ "Sid": "Allow use of the key", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": fmt.Sprintf("arn:aws:iam::%v:user/Bob", current.AccountId), }, "Action": []string{ "kms:DescribeKey", "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey", "kms:GenerateDataKeyWithoutPlaintext", }, "Resource": "*", }, }, }) if err != nil { return err } json0 := string(tmpJSON0) _, err = kms.NewKey(ctx, "example", &kms.KeyArgs{ Description: pulumi.String("An example multi-Region primary key"), MultiRegion: pulumi.Bool(true), EnableKeyRotation: pulumi.Bool(true), DeletionWindowInDays: pulumi.Int(10), Policy: pulumi.String(json0), }) if err != nil { return err } return nil }) }
```
## Import
Using `pulumi import`, import KMS Keys using the `id`. For example:
```sh $ pulumi import aws:kms/key:Key a 1234abcd-12ab-34cd-56ef-1234567890ab ```
func GetKey ¶
func GetKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyState, opts ...pulumi.ResourceOption) (*Key, error)
GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKey ¶
func NewKey(ctx *pulumi.Context, name string, args *KeyArgs, opts ...pulumi.ResourceOption) (*Key, error)
NewKey registers a new resource with the given unique name, arguments, and options.
func (*Key) ElementType ¶
func (*Key) ToKeyOutput ¶
type KeyArgs ¶
type KeyArgs struct { // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. // The default value is `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // ID of the KMS [Custom Key Store](https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) where the key will be stored instead of KMS (eg CloudHSM). CustomKeyStoreId pulumi.StringPtrInput // Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. // Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html). CustomerMasterKeySpec pulumi.StringPtrInput // The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. // If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. // If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately. DeletionWindowInDays pulumi.IntPtrInput // The description of the key as viewed in AWS console. Description pulumi.StringPtrInput // Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to `false`. EnableKeyRotation pulumi.BoolPtrInput // Specifies whether the key is enabled. Defaults to `true`. IsEnabled pulumi.BoolPtrInput // Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `GENERATE_VERIFY_MAC`. // Defaults to `ENCRYPT_DECRYPT`. KeyUsage pulumi.StringPtrInput // Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`. MultiRegion pulumi.BoolPtrInput // A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. // // > **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants. Policy pulumi.StringPtrInput // Custom period of time between each rotation date. Must be a number between 90 and 2560 (inclusive). RotationPeriodInDays pulumi.IntPtrInput // A map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput // Identifies the external key that serves as key material for the KMS key in an external key store. XksKeyId pulumi.StringPtrInput }
The set of arguments for constructing a Key resource.
func (KeyArgs) ElementType ¶
type KeyArray ¶
type KeyArray []KeyInput
func (KeyArray) ElementType ¶
func (KeyArray) ToKeyArrayOutput ¶
func (i KeyArray) ToKeyArrayOutput() KeyArrayOutput
func (KeyArray) ToKeyArrayOutputWithContext ¶
func (i KeyArray) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput
type KeyArrayInput ¶
type KeyArrayInput interface { pulumi.Input ToKeyArrayOutput() KeyArrayOutput ToKeyArrayOutputWithContext(context.Context) KeyArrayOutput }
KeyArrayInput is an input type that accepts KeyArray and KeyArrayOutput values. You can construct a concrete instance of `KeyArrayInput` via:
KeyArray{ KeyArgs{...} }
type KeyArrayOutput ¶
type KeyArrayOutput struct{ *pulumi.OutputState }
func (KeyArrayOutput) ElementType ¶
func (KeyArrayOutput) ElementType() reflect.Type
func (KeyArrayOutput) ToKeyArrayOutput ¶
func (o KeyArrayOutput) ToKeyArrayOutput() KeyArrayOutput
func (KeyArrayOutput) ToKeyArrayOutputWithContext ¶
func (o KeyArrayOutput) ToKeyArrayOutputWithContext(ctx context.Context) KeyArrayOutput
type KeyMap ¶
func (KeyMap) ElementType ¶
func (KeyMap) ToKeyMapOutput ¶
func (i KeyMap) ToKeyMapOutput() KeyMapOutput
func (KeyMap) ToKeyMapOutputWithContext ¶
func (i KeyMap) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput
type KeyMapInput ¶
type KeyMapInput interface { pulumi.Input ToKeyMapOutput() KeyMapOutput ToKeyMapOutputWithContext(context.Context) KeyMapOutput }
KeyMapInput is an input type that accepts KeyMap and KeyMapOutput values. You can construct a concrete instance of `KeyMapInput` via:
KeyMap{ "key": KeyArgs{...} }
type KeyMapOutput ¶
type KeyMapOutput struct{ *pulumi.OutputState }
func (KeyMapOutput) ElementType ¶
func (KeyMapOutput) ElementType() reflect.Type
func (KeyMapOutput) MapIndex ¶
func (o KeyMapOutput) MapIndex(k pulumi.StringInput) KeyOutput
func (KeyMapOutput) ToKeyMapOutput ¶
func (o KeyMapOutput) ToKeyMapOutput() KeyMapOutput
func (KeyMapOutput) ToKeyMapOutputWithContext ¶
func (o KeyMapOutput) ToKeyMapOutputWithContext(ctx context.Context) KeyMapOutput
type KeyOutput ¶
type KeyOutput struct{ *pulumi.OutputState }
func (KeyOutput) Arn ¶
func (o KeyOutput) Arn() pulumi.StringOutput
The Amazon Resource Name (ARN) of the key.
func (KeyOutput) BypassPolicyLockoutSafetyCheck ¶
func (o KeyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. The default value is `false`.
func (KeyOutput) CustomKeyStoreId ¶
func (o KeyOutput) CustomKeyStoreId() pulumi.StringPtrOutput
ID of the KMS [Custom Key Store](https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) where the key will be stored instead of KMS (eg CloudHSM).
func (KeyOutput) CustomerMasterKeySpec ¶
func (o KeyOutput) CustomerMasterKeySpec() pulumi.StringPtrOutput
Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).
func (KeyOutput) DeletionWindowInDays ¶
func (o KeyOutput) DeletionWindowInDays() pulumi.IntPtrOutput
The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately.
func (KeyOutput) Description ¶
func (o KeyOutput) Description() pulumi.StringOutput
The description of the key as viewed in AWS console.
func (KeyOutput) ElementType ¶
func (KeyOutput) EnableKeyRotation ¶
func (o KeyOutput) EnableKeyRotation() pulumi.BoolPtrOutput
Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to `false`.
func (KeyOutput) IsEnabled ¶
func (o KeyOutput) IsEnabled() pulumi.BoolPtrOutput
Specifies whether the key is enabled. Defaults to `true`.
func (KeyOutput) KeyId ¶
func (o KeyOutput) KeyId() pulumi.StringOutput
The globally unique identifier for the key.
func (KeyOutput) KeyUsage ¶
func (o KeyOutput) KeyUsage() pulumi.StringPtrOutput
Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `GENERATE_VERIFY_MAC`. Defaults to `ENCRYPT_DECRYPT`.
func (KeyOutput) MultiRegion ¶
func (o KeyOutput) MultiRegion() pulumi.BoolOutput
Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`.
func (KeyOutput) Policy ¶
func (o KeyOutput) Policy() pulumi.StringOutput
A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used.
> **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants.
func (KeyOutput) RotationPeriodInDays ¶ added in v6.36.0
Custom period of time between each rotation date. Must be a number between 90 and 2560 (inclusive).
func (KeyOutput) Tags ¶
func (o KeyOutput) Tags() pulumi.StringMapOutput
A map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
func (KeyOutput) TagsAll
deprecated
func (o KeyOutput) TagsAll() pulumi.StringMapOutput
A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
Deprecated: Please use `tags` instead.
func (KeyOutput) ToKeyOutput ¶
func (KeyOutput) ToKeyOutputWithContext ¶
func (KeyOutput) XksKeyId ¶ added in v6.18.2
func (o KeyOutput) XksKeyId() pulumi.StringPtrOutput
Identifies the external key that serves as key material for the KMS key in an external key store.
type KeyPolicy ¶
type KeyPolicy struct { pulumi.CustomResourceState // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. If this value is set, and the resource is destroyed, a warning will be shown, and the resource will be removed from state. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrOutput `pulumi:"bypassPolicyLockoutSafetyCheck"` // The ID of the KMS Key to attach the policy. KeyId pulumi.StringOutput `pulumi:"keyId"` // A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. For more information about building policy documents, see the AWS IAM Policy Document Guide. // // > **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, or this resource is destroyed, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants. Policy pulumi.StringOutput `pulumi:"policy"` }
Attaches a policy to a KMS Key.
## Example Usage
```go package main
import (
"encoding/json" "github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { example, err := kms.NewKey(ctx, "example", &kms.KeyArgs{ Description: pulumi.String("example"), }) if err != nil { return err } tmpJSON0, err := json.Marshal(map[string]interface{}{ "Id": "example", "Statement": []map[string]interface{}{ map[string]interface{}{ "Action": "kms:*", "Effect": "Allow", "Principal": map[string]interface{}{ "AWS": "*", }, "Resource": "*", "Sid": "Enable IAM User Permissions", }, }, "Version": "2012-10-17", }) if err != nil { return err } json0 := string(tmpJSON0) _, err = kms.NewKeyPolicy(ctx, "example", &kms.KeyPolicyArgs{ KeyId: example.ID(), Policy: pulumi.String(json0), }) if err != nil { return err } return nil }) }
```
## Import
Using `pulumi import`, import KMS Key Policies using the `key_id`. For example:
```sh $ pulumi import aws:kms/keyPolicy:KeyPolicy a 1234abcd-12ab-34cd-56ef-1234567890ab ```
func GetKeyPolicy ¶
func GetKeyPolicy(ctx *pulumi.Context, name string, id pulumi.IDInput, state *KeyPolicyState, opts ...pulumi.ResourceOption) (*KeyPolicy, error)
GetKeyPolicy gets an existing KeyPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewKeyPolicy ¶
func NewKeyPolicy(ctx *pulumi.Context, name string, args *KeyPolicyArgs, opts ...pulumi.ResourceOption) (*KeyPolicy, error)
NewKeyPolicy registers a new resource with the given unique name, arguments, and options.
func (*KeyPolicy) ElementType ¶
func (*KeyPolicy) ToKeyPolicyOutput ¶
func (i *KeyPolicy) ToKeyPolicyOutput() KeyPolicyOutput
func (*KeyPolicy) ToKeyPolicyOutputWithContext ¶
func (i *KeyPolicy) ToKeyPolicyOutputWithContext(ctx context.Context) KeyPolicyOutput
type KeyPolicyArgs ¶
type KeyPolicyArgs struct { // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. If this value is set, and the resource is destroyed, a warning will be shown, and the resource will be removed from state. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // The ID of the KMS Key to attach the policy. KeyId pulumi.StringInput // A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. For more information about building policy documents, see the AWS IAM Policy Document Guide. // // > **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, or this resource is destroyed, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants. Policy pulumi.StringInput }
The set of arguments for constructing a KeyPolicy resource.
func (KeyPolicyArgs) ElementType ¶
func (KeyPolicyArgs) ElementType() reflect.Type
type KeyPolicyArray ¶
type KeyPolicyArray []KeyPolicyInput
func (KeyPolicyArray) ElementType ¶
func (KeyPolicyArray) ElementType() reflect.Type
func (KeyPolicyArray) ToKeyPolicyArrayOutput ¶
func (i KeyPolicyArray) ToKeyPolicyArrayOutput() KeyPolicyArrayOutput
func (KeyPolicyArray) ToKeyPolicyArrayOutputWithContext ¶
func (i KeyPolicyArray) ToKeyPolicyArrayOutputWithContext(ctx context.Context) KeyPolicyArrayOutput
type KeyPolicyArrayInput ¶
type KeyPolicyArrayInput interface { pulumi.Input ToKeyPolicyArrayOutput() KeyPolicyArrayOutput ToKeyPolicyArrayOutputWithContext(context.Context) KeyPolicyArrayOutput }
KeyPolicyArrayInput is an input type that accepts KeyPolicyArray and KeyPolicyArrayOutput values. You can construct a concrete instance of `KeyPolicyArrayInput` via:
KeyPolicyArray{ KeyPolicyArgs{...} }
type KeyPolicyArrayOutput ¶
type KeyPolicyArrayOutput struct{ *pulumi.OutputState }
func (KeyPolicyArrayOutput) ElementType ¶
func (KeyPolicyArrayOutput) ElementType() reflect.Type
func (KeyPolicyArrayOutput) Index ¶
func (o KeyPolicyArrayOutput) Index(i pulumi.IntInput) KeyPolicyOutput
func (KeyPolicyArrayOutput) ToKeyPolicyArrayOutput ¶
func (o KeyPolicyArrayOutput) ToKeyPolicyArrayOutput() KeyPolicyArrayOutput
func (KeyPolicyArrayOutput) ToKeyPolicyArrayOutputWithContext ¶
func (o KeyPolicyArrayOutput) ToKeyPolicyArrayOutputWithContext(ctx context.Context) KeyPolicyArrayOutput
type KeyPolicyInput ¶
type KeyPolicyInput interface { pulumi.Input ToKeyPolicyOutput() KeyPolicyOutput ToKeyPolicyOutputWithContext(ctx context.Context) KeyPolicyOutput }
type KeyPolicyMap ¶
type KeyPolicyMap map[string]KeyPolicyInput
func (KeyPolicyMap) ElementType ¶
func (KeyPolicyMap) ElementType() reflect.Type
func (KeyPolicyMap) ToKeyPolicyMapOutput ¶
func (i KeyPolicyMap) ToKeyPolicyMapOutput() KeyPolicyMapOutput
func (KeyPolicyMap) ToKeyPolicyMapOutputWithContext ¶
func (i KeyPolicyMap) ToKeyPolicyMapOutputWithContext(ctx context.Context) KeyPolicyMapOutput
type KeyPolicyMapInput ¶
type KeyPolicyMapInput interface { pulumi.Input ToKeyPolicyMapOutput() KeyPolicyMapOutput ToKeyPolicyMapOutputWithContext(context.Context) KeyPolicyMapOutput }
KeyPolicyMapInput is an input type that accepts KeyPolicyMap and KeyPolicyMapOutput values. You can construct a concrete instance of `KeyPolicyMapInput` via:
KeyPolicyMap{ "key": KeyPolicyArgs{...} }
type KeyPolicyMapOutput ¶
type KeyPolicyMapOutput struct{ *pulumi.OutputState }
func (KeyPolicyMapOutput) ElementType ¶
func (KeyPolicyMapOutput) ElementType() reflect.Type
func (KeyPolicyMapOutput) MapIndex ¶
func (o KeyPolicyMapOutput) MapIndex(k pulumi.StringInput) KeyPolicyOutput
func (KeyPolicyMapOutput) ToKeyPolicyMapOutput ¶
func (o KeyPolicyMapOutput) ToKeyPolicyMapOutput() KeyPolicyMapOutput
func (KeyPolicyMapOutput) ToKeyPolicyMapOutputWithContext ¶
func (o KeyPolicyMapOutput) ToKeyPolicyMapOutputWithContext(ctx context.Context) KeyPolicyMapOutput
type KeyPolicyOutput ¶
type KeyPolicyOutput struct{ *pulumi.OutputState }
func (KeyPolicyOutput) BypassPolicyLockoutSafetyCheck ¶
func (o KeyPolicyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. If this value is set, and the resource is destroyed, a warning will be shown, and the resource will be removed from state. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_.
func (KeyPolicyOutput) ElementType ¶
func (KeyPolicyOutput) ElementType() reflect.Type
func (KeyPolicyOutput) KeyId ¶
func (o KeyPolicyOutput) KeyId() pulumi.StringOutput
The ID of the KMS Key to attach the policy.
func (KeyPolicyOutput) Policy ¶
func (o KeyPolicyOutput) Policy() pulumi.StringOutput
A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. For more information about building policy documents, see the AWS IAM Policy Document Guide.
> **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, or this resource is destroyed, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants.
func (KeyPolicyOutput) ToKeyPolicyOutput ¶
func (o KeyPolicyOutput) ToKeyPolicyOutput() KeyPolicyOutput
func (KeyPolicyOutput) ToKeyPolicyOutputWithContext ¶
func (o KeyPolicyOutput) ToKeyPolicyOutputWithContext(ctx context.Context) KeyPolicyOutput
type KeyPolicyState ¶
type KeyPolicyState struct { // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. If this value is set, and the resource is destroyed, a warning will be shown, and the resource will be removed from state. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // The ID of the KMS Key to attach the policy. KeyId pulumi.StringPtrInput // A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. For more information about building policy documents, see the AWS IAM Policy Document Guide. // // > **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, or this resource is destroyed, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants. Policy pulumi.StringPtrInput }
func (KeyPolicyState) ElementType ¶
func (KeyPolicyState) ElementType() reflect.Type
type KeyState ¶
type KeyState struct { // The Amazon Resource Name (ARN) of the key. Arn pulumi.StringPtrInput // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. // The default value is `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // ID of the KMS [Custom Key Store](https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) where the key will be stored instead of KMS (eg CloudHSM). CustomKeyStoreId pulumi.StringPtrInput // Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. // Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html). CustomerMasterKeySpec pulumi.StringPtrInput // The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. // If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. // If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately. DeletionWindowInDays pulumi.IntPtrInput // The description of the key as viewed in AWS console. Description pulumi.StringPtrInput // Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to `false`. EnableKeyRotation pulumi.BoolPtrInput // Specifies whether the key is enabled. Defaults to `true`. IsEnabled pulumi.BoolPtrInput // The globally unique identifier for the key. KeyId pulumi.StringPtrInput // Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `GENERATE_VERIFY_MAC`. // Defaults to `ENCRYPT_DECRYPT`. KeyUsage pulumi.StringPtrInput // Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`. MultiRegion pulumi.BoolPtrInput // A valid policy JSON document. Although this is a key policy, not an IAM policy, an `iam.getPolicyDocument`, in the form that designates a principal, can be used. // // > **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants. Policy pulumi.StringPtrInput // Custom period of time between each rotation date. Must be a number between 90 and 2560 (inclusive). RotationPeriodInDays pulumi.IntPtrInput // A map of tags to assign to the object. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. // // Deprecated: Please use `tags` instead. TagsAll pulumi.StringMapInput // Identifies the external key that serves as key material for the KMS key in an external key store. XksKeyId pulumi.StringPtrInput }
func (KeyState) ElementType ¶
type LookupAliasArgs ¶
type LookupAliasArgs struct { // Display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/) Name string `pulumi:"name"` }
A collection of arguments for invoking getAlias.
type LookupAliasOutputArgs ¶
type LookupAliasOutputArgs struct { // Display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/) Name pulumi.StringInput `pulumi:"name"` }
A collection of arguments for invoking getAlias.
func (LookupAliasOutputArgs) ElementType ¶
func (LookupAliasOutputArgs) ElementType() reflect.Type
type LookupAliasResult ¶
type LookupAliasResult struct { // Amazon Resource Name(ARN) of the key alias. Arn string `pulumi:"arn"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // Name of the alias Name string `pulumi:"name"` // ARN pointed to by the alias. TargetKeyArn string `pulumi:"targetKeyArn"` // Key identifier pointed to by the alias. TargetKeyId string `pulumi:"targetKeyId"` }
A collection of values returned by getAlias.
func LookupAlias ¶
func LookupAlias(ctx *pulumi.Context, args *LookupAliasArgs, opts ...pulumi.InvokeOption) (*LookupAliasResult, error)
Use this data source to get the ARN of a KMS key alias. By using this data source, you can reference key alias without having to hard code the ARN as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.LookupAlias(ctx, &kms.LookupAliasArgs{ Name: "alias/aws/s3", }, nil) if err != nil { return err } return nil }) }
```
type LookupAliasResultOutput ¶
type LookupAliasResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getAlias.
func LookupAliasOutput ¶
func LookupAliasOutput(ctx *pulumi.Context, args LookupAliasOutputArgs, opts ...pulumi.InvokeOption) LookupAliasResultOutput
func (LookupAliasResultOutput) Arn ¶
func (o LookupAliasResultOutput) Arn() pulumi.StringOutput
Amazon Resource Name(ARN) of the key alias.
func (LookupAliasResultOutput) ElementType ¶
func (LookupAliasResultOutput) ElementType() reflect.Type
func (LookupAliasResultOutput) Id ¶
func (o LookupAliasResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupAliasResultOutput) Name ¶
func (o LookupAliasResultOutput) Name() pulumi.StringOutput
Name of the alias
func (LookupAliasResultOutput) TargetKeyArn ¶
func (o LookupAliasResultOutput) TargetKeyArn() pulumi.StringOutput
ARN pointed to by the alias.
func (LookupAliasResultOutput) TargetKeyId ¶
func (o LookupAliasResultOutput) TargetKeyId() pulumi.StringOutput
Key identifier pointed to by the alias.
func (LookupAliasResultOutput) ToLookupAliasResultOutput ¶
func (o LookupAliasResultOutput) ToLookupAliasResultOutput() LookupAliasResultOutput
func (LookupAliasResultOutput) ToLookupAliasResultOutputWithContext ¶
func (o LookupAliasResultOutput) ToLookupAliasResultOutputWithContext(ctx context.Context) LookupAliasResultOutput
type LookupCustomKeyStoreArgs ¶
type LookupCustomKeyStoreArgs struct { // The ID for the custom key store. CustomKeyStoreId *string `pulumi:"customKeyStoreId"` // The user-specified friendly name for the custom key store. CustomKeyStoreName *string `pulumi:"customKeyStoreName"` }
A collection of arguments for invoking getCustomKeyStore.
type LookupCustomKeyStoreOutputArgs ¶
type LookupCustomKeyStoreOutputArgs struct { // The ID for the custom key store. CustomKeyStoreId pulumi.StringPtrInput `pulumi:"customKeyStoreId"` // The user-specified friendly name for the custom key store. CustomKeyStoreName pulumi.StringPtrInput `pulumi:"customKeyStoreName"` }
A collection of arguments for invoking getCustomKeyStore.
func (LookupCustomKeyStoreOutputArgs) ElementType ¶
func (LookupCustomKeyStoreOutputArgs) ElementType() reflect.Type
type LookupCustomKeyStoreResult ¶
type LookupCustomKeyStoreResult struct { CloudHsmClusterId string `pulumi:"cloudHsmClusterId"` // Indicates whether the custom key store is connected to its CloudHSM cluster. ConnectionState string `pulumi:"connectionState"` // The date and time when the custom key store was created. CreationDate string `pulumi:"creationDate"` CustomKeyStoreId string `pulumi:"customKeyStoreId"` CustomKeyStoreName string `pulumi:"customKeyStoreName"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` // The trust anchor certificate of the associated CloudHSM cluster. TrustAnchorCertificate string `pulumi:"trustAnchorCertificate"` }
A collection of values returned by getCustomKeyStore.
func LookupCustomKeyStore ¶
func LookupCustomKeyStore(ctx *pulumi.Context, args *LookupCustomKeyStoreArgs, opts ...pulumi.InvokeOption) (*LookupCustomKeyStoreResult, error)
Use this data source to get the metadata KMS custom key store. By using this data source, you can reference KMS custom key store without having to hard code the ID as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.LookupCustomKeyStore(ctx, &kms.LookupCustomKeyStoreArgs{ CustomKeyStoreName: pulumi.StringRef("my_cloudhsm"), }, nil) if err != nil { return err } return nil }) }
```
type LookupCustomKeyStoreResultOutput ¶
type LookupCustomKeyStoreResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getCustomKeyStore.
func LookupCustomKeyStoreOutput ¶
func LookupCustomKeyStoreOutput(ctx *pulumi.Context, args LookupCustomKeyStoreOutputArgs, opts ...pulumi.InvokeOption) LookupCustomKeyStoreResultOutput
func (LookupCustomKeyStoreResultOutput) CloudHsmClusterId ¶
func (o LookupCustomKeyStoreResultOutput) CloudHsmClusterId() pulumi.StringOutput
func (LookupCustomKeyStoreResultOutput) ConnectionState ¶
func (o LookupCustomKeyStoreResultOutput) ConnectionState() pulumi.StringOutput
Indicates whether the custom key store is connected to its CloudHSM cluster.
func (LookupCustomKeyStoreResultOutput) CreationDate ¶
func (o LookupCustomKeyStoreResultOutput) CreationDate() pulumi.StringOutput
The date and time when the custom key store was created.
func (LookupCustomKeyStoreResultOutput) CustomKeyStoreId ¶
func (o LookupCustomKeyStoreResultOutput) CustomKeyStoreId() pulumi.StringOutput
func (LookupCustomKeyStoreResultOutput) CustomKeyStoreName ¶
func (o LookupCustomKeyStoreResultOutput) CustomKeyStoreName() pulumi.StringOutput
func (LookupCustomKeyStoreResultOutput) ElementType ¶
func (LookupCustomKeyStoreResultOutput) ElementType() reflect.Type
func (LookupCustomKeyStoreResultOutput) Id ¶
func (o LookupCustomKeyStoreResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupCustomKeyStoreResultOutput) ToLookupCustomKeyStoreResultOutput ¶
func (o LookupCustomKeyStoreResultOutput) ToLookupCustomKeyStoreResultOutput() LookupCustomKeyStoreResultOutput
func (LookupCustomKeyStoreResultOutput) ToLookupCustomKeyStoreResultOutputWithContext ¶
func (o LookupCustomKeyStoreResultOutput) ToLookupCustomKeyStoreResultOutputWithContext(ctx context.Context) LookupCustomKeyStoreResultOutput
func (LookupCustomKeyStoreResultOutput) TrustAnchorCertificate ¶
func (o LookupCustomKeyStoreResultOutput) TrustAnchorCertificate() pulumi.StringOutput
The trust anchor certificate of the associated CloudHSM cluster.
type LookupKeyArgs ¶
type LookupKeyArgs struct { // List of grant tokens GrantTokens []string `pulumi:"grantTokens"` // Key identifier which can be one of the following format: // * Key ID. E.g: `1234abcd-12ab-34cd-56ef-1234567890ab` // * Key ARN. E.g.: `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` // * Alias name. E.g.: `alias/my-key` // * Alias ARN: E.g.: `arn:aws:kms:us-east-1:111122223333:alias/my-key` KeyId string `pulumi:"keyId"` }
A collection of arguments for invoking getKey.
type LookupKeyOutputArgs ¶
type LookupKeyOutputArgs struct { // List of grant tokens GrantTokens pulumi.StringArrayInput `pulumi:"grantTokens"` // Key identifier which can be one of the following format: // * Key ID. E.g: `1234abcd-12ab-34cd-56ef-1234567890ab` // * Key ARN. E.g.: `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab` // * Alias name. E.g.: `alias/my-key` // * Alias ARN: E.g.: `arn:aws:kms:us-east-1:111122223333:alias/my-key` KeyId pulumi.StringInput `pulumi:"keyId"` }
A collection of arguments for invoking getKey.
func (LookupKeyOutputArgs) ElementType ¶
func (LookupKeyOutputArgs) ElementType() reflect.Type
type LookupKeyResult ¶
type LookupKeyResult struct { // The key ARN of a primary or replica key of a multi-Region key. Arn string `pulumi:"arn"` // The twelve-digit account ID of the AWS account that owns the key AwsAccountId string `pulumi:"awsAccountId"` // The cluster ID of the AWS CloudHSM cluster that contains the key material for the KMS key. CloudHsmClusterId string `pulumi:"cloudHsmClusterId"` // The date and time when the key was created CreationDate string `pulumi:"creationDate"` // A unique identifier for the custom key store that contains the KMS key. CustomKeyStoreId string `pulumi:"customKeyStoreId"` // Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports CustomerMasterKeySpec string `pulumi:"customerMasterKeySpec"` // The date and time after which AWS KMS deletes the key. This value is present only when `keyState` is `PendingDeletion`, otherwise this value is 0 DeletionDate string `pulumi:"deletionDate"` // The description of the key. Description string `pulumi:"description"` // Specifies whether the key is enabled. When `keyState` is `Enabled` this value is true, otherwise it is false Enabled bool `pulumi:"enabled"` // Specifies whether the Key's key material expires. This value is present only when `origin` is `EXTERNAL`, otherwise this value is empty ExpirationModel string `pulumi:"expirationModel"` GrantTokens []string `pulumi:"grantTokens"` // The provider-assigned unique ID for this managed resource. Id string `pulumi:"id"` KeyId string `pulumi:"keyId"` // The key's manager KeyManager string `pulumi:"keyManager"` // Describes the type of key material in the KMS key. KeySpec string `pulumi:"keySpec"` // The state of the key KeyState string `pulumi:"keyState"` // Specifies the intended use of the key KeyUsage string `pulumi:"keyUsage"` // Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. MultiRegion bool `pulumi:"multiRegion"` // Lists the primary and replica keys in same multi-Region key. Present only when the value of `multiRegion` is `true`. MultiRegionConfigurations []GetKeyMultiRegionConfiguration `pulumi:"multiRegionConfigurations"` // When this value is `AWS_KMS`, AWS KMS created the key material. When this value is `EXTERNAL`, the key material was imported from your existing key management infrastructure or the CMK lacks key material Origin string `pulumi:"origin"` // The waiting period before the primary key in a multi-Region key is deleted. PendingDeletionWindowInDays int `pulumi:"pendingDeletionWindowInDays"` // The time at which the imported key material expires. This value is present only when `origin` is `EXTERNAL` and whose `expirationModel` is `KEY_MATERIAL_EXPIRES`, otherwise this value is 0 ValidTo string `pulumi:"validTo"` // Information about the external key that is associated with a KMS key in an external key store. XksKeyConfigurations []GetKeyXksKeyConfiguration `pulumi:"xksKeyConfigurations"` }
A collection of values returned by getKey.
func LookupKey ¶
func LookupKey(ctx *pulumi.Context, args *LookupKeyArgs, opts ...pulumi.InvokeOption) (*LookupKeyResult, error)
Use this data source to get detailed information about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.LookupKey(ctx, &kms.LookupKeyArgs{ KeyId: "alias/my-key", }, nil) if err != nil { return err } _, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{ KeyId: "1234abcd-12ab-34cd-56ef-1234567890ab", }, nil) if err != nil { return err } _, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{ KeyId: "arn:aws:kms:us-east-1:111122223333:alias/my-key", }, nil) if err != nil { return err } _, err = kms.LookupKey(ctx, &kms.LookupKeyArgs{ KeyId: "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", }, nil) if err != nil { return err } return nil }) }
```
type LookupKeyResultOutput ¶
type LookupKeyResultOutput struct{ *pulumi.OutputState }
A collection of values returned by getKey.
func LookupKeyOutput ¶
func LookupKeyOutput(ctx *pulumi.Context, args LookupKeyOutputArgs, opts ...pulumi.InvokeOption) LookupKeyResultOutput
func (LookupKeyResultOutput) Arn ¶
func (o LookupKeyResultOutput) Arn() pulumi.StringOutput
The key ARN of a primary or replica key of a multi-Region key.
func (LookupKeyResultOutput) AwsAccountId ¶
func (o LookupKeyResultOutput) AwsAccountId() pulumi.StringOutput
The twelve-digit account ID of the AWS account that owns the key
func (LookupKeyResultOutput) CloudHsmClusterId ¶
func (o LookupKeyResultOutput) CloudHsmClusterId() pulumi.StringOutput
The cluster ID of the AWS CloudHSM cluster that contains the key material for the KMS key.
func (LookupKeyResultOutput) CreationDate ¶
func (o LookupKeyResultOutput) CreationDate() pulumi.StringOutput
The date and time when the key was created
func (LookupKeyResultOutput) CustomKeyStoreId ¶
func (o LookupKeyResultOutput) CustomKeyStoreId() pulumi.StringOutput
A unique identifier for the custom key store that contains the KMS key.
func (LookupKeyResultOutput) CustomerMasterKeySpec ¶
func (o LookupKeyResultOutput) CustomerMasterKeySpec() pulumi.StringOutput
Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports
func (LookupKeyResultOutput) DeletionDate ¶
func (o LookupKeyResultOutput) DeletionDate() pulumi.StringOutput
The date and time after which AWS KMS deletes the key. This value is present only when `keyState` is `PendingDeletion`, otherwise this value is 0
func (LookupKeyResultOutput) Description ¶
func (o LookupKeyResultOutput) Description() pulumi.StringOutput
The description of the key.
func (LookupKeyResultOutput) ElementType ¶
func (LookupKeyResultOutput) ElementType() reflect.Type
func (LookupKeyResultOutput) Enabled ¶
func (o LookupKeyResultOutput) Enabled() pulumi.BoolOutput
Specifies whether the key is enabled. When `keyState` is `Enabled` this value is true, otherwise it is false
func (LookupKeyResultOutput) ExpirationModel ¶
func (o LookupKeyResultOutput) ExpirationModel() pulumi.StringOutput
Specifies whether the Key's key material expires. This value is present only when `origin` is `EXTERNAL`, otherwise this value is empty
func (LookupKeyResultOutput) GrantTokens ¶
func (o LookupKeyResultOutput) GrantTokens() pulumi.StringArrayOutput
func (LookupKeyResultOutput) Id ¶
func (o LookupKeyResultOutput) Id() pulumi.StringOutput
The provider-assigned unique ID for this managed resource.
func (LookupKeyResultOutput) KeyId ¶
func (o LookupKeyResultOutput) KeyId() pulumi.StringOutput
func (LookupKeyResultOutput) KeyManager ¶
func (o LookupKeyResultOutput) KeyManager() pulumi.StringOutput
The key's manager
func (LookupKeyResultOutput) KeySpec ¶
func (o LookupKeyResultOutput) KeySpec() pulumi.StringOutput
Describes the type of key material in the KMS key.
func (LookupKeyResultOutput) KeyState ¶
func (o LookupKeyResultOutput) KeyState() pulumi.StringOutput
The state of the key
func (LookupKeyResultOutput) KeyUsage ¶
func (o LookupKeyResultOutput) KeyUsage() pulumi.StringOutput
Specifies the intended use of the key
func (LookupKeyResultOutput) MultiRegion ¶
func (o LookupKeyResultOutput) MultiRegion() pulumi.BoolOutput
Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key.
func (LookupKeyResultOutput) MultiRegionConfigurations ¶
func (o LookupKeyResultOutput) MultiRegionConfigurations() GetKeyMultiRegionConfigurationArrayOutput
Lists the primary and replica keys in same multi-Region key. Present only when the value of `multiRegion` is `true`.
func (LookupKeyResultOutput) Origin ¶
func (o LookupKeyResultOutput) Origin() pulumi.StringOutput
When this value is `AWS_KMS`, AWS KMS created the key material. When this value is `EXTERNAL`, the key material was imported from your existing key management infrastructure or the CMK lacks key material
func (LookupKeyResultOutput) PendingDeletionWindowInDays ¶
func (o LookupKeyResultOutput) PendingDeletionWindowInDays() pulumi.IntOutput
The waiting period before the primary key in a multi-Region key is deleted.
func (LookupKeyResultOutput) ToLookupKeyResultOutput ¶
func (o LookupKeyResultOutput) ToLookupKeyResultOutput() LookupKeyResultOutput
func (LookupKeyResultOutput) ToLookupKeyResultOutputWithContext ¶
func (o LookupKeyResultOutput) ToLookupKeyResultOutputWithContext(ctx context.Context) LookupKeyResultOutput
func (LookupKeyResultOutput) ValidTo ¶
func (o LookupKeyResultOutput) ValidTo() pulumi.StringOutput
The time at which the imported key material expires. This value is present only when `origin` is `EXTERNAL` and whose `expirationModel` is `KEY_MATERIAL_EXPIRES`, otherwise this value is 0
func (LookupKeyResultOutput) XksKeyConfigurations ¶
func (o LookupKeyResultOutput) XksKeyConfigurations() GetKeyXksKeyConfigurationArrayOutput
Information about the external key that is associated with a KMS key in an external key store.
type ReplicaExternalKey ¶
type ReplicaExternalKey struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value. Arn pulumi.StringOutput `pulumi:"arn"` // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. // The default value is `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrOutput `pulumi:"bypassPolicyLockoutSafetyCheck"` // The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. // If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"` // A description of the KMS key. Description pulumi.StringPtrOutput `pulumi:"description"` // Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired. Enabled pulumi.BoolOutput `pulumi:"enabled"` // Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`. ExpirationModel pulumi.StringOutput `pulumi:"expirationModel"` // The key ID of the replica key. Related multi-Region keys have the same key ID. KeyId pulumi.StringOutput `pulumi:"keyId"` // Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material. KeyMaterialBase64 pulumi.StringPtrOutput `pulumi:"keyMaterialBase64"` // The state of the replica key. KeyState pulumi.StringOutput `pulumi:"keyState"` // The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys. KeyUsage pulumi.StringOutput `pulumi:"keyUsage"` // The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key. Policy pulumi.StringOutput `pulumi:"policy"` // The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region. PrimaryKeyArn pulumi.StringOutput `pulumi:"primaryKeyArn"` // A map of tags to assign to the replica key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapOutput `pulumi:"tags"` // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. // // Deprecated: Please use `tags` instead. TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"` // Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`) ValidTo pulumi.StringPtrOutput `pulumi:"validTo"` }
Manages a KMS multi-Region replica key that uses external key material. See the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html) for more information on importing key material into multi-Region keys.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { _, err := kms.NewExternalKey(ctx, "primary", &kms.ExternalKeyArgs{ Description: pulumi.String("Multi-Region primary key"), DeletionWindowInDays: pulumi.Int(30), MultiRegion: pulumi.Bool(true), Enabled: pulumi.Bool(true), KeyMaterialBase64: pulumi.String("..."), }) if err != nil { return err } _, err = kms.NewReplicaExternalKey(ctx, "replica", &kms.ReplicaExternalKeyArgs{ Description: pulumi.String("Multi-Region replica key"), DeletionWindowInDays: pulumi.Int(7), PrimaryKeyArn: pulumi.Any(primaryAwsKmsExternal.Arn), KeyMaterialBase64: pulumi.String("..."), }) if err != nil { return err } return nil }) }
```
## Import
Using `pulumi import`, import KMS multi-Region replica keys using the `id`. For example:
```sh $ pulumi import aws:kms/replicaExternalKey:ReplicaExternalKey example 1234abcd-12ab-34cd-56ef-1234567890ab ```
func GetReplicaExternalKey ¶
func GetReplicaExternalKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ReplicaExternalKeyState, opts ...pulumi.ResourceOption) (*ReplicaExternalKey, error)
GetReplicaExternalKey gets an existing ReplicaExternalKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewReplicaExternalKey ¶
func NewReplicaExternalKey(ctx *pulumi.Context, name string, args *ReplicaExternalKeyArgs, opts ...pulumi.ResourceOption) (*ReplicaExternalKey, error)
NewReplicaExternalKey registers a new resource with the given unique name, arguments, and options.
func (*ReplicaExternalKey) ElementType ¶
func (*ReplicaExternalKey) ElementType() reflect.Type
func (*ReplicaExternalKey) ToReplicaExternalKeyOutput ¶
func (i *ReplicaExternalKey) ToReplicaExternalKeyOutput() ReplicaExternalKeyOutput
func (*ReplicaExternalKey) ToReplicaExternalKeyOutputWithContext ¶
func (i *ReplicaExternalKey) ToReplicaExternalKeyOutputWithContext(ctx context.Context) ReplicaExternalKeyOutput
type ReplicaExternalKeyArgs ¶
type ReplicaExternalKeyArgs struct { // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. // The default value is `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. // If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. DeletionWindowInDays pulumi.IntPtrInput // A description of the KMS key. Description pulumi.StringPtrInput // Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired. Enabled pulumi.BoolPtrInput // Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material. KeyMaterialBase64 pulumi.StringPtrInput // The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key. Policy pulumi.StringPtrInput // The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region. PrimaryKeyArn pulumi.StringInput // A map of tags to assign to the replica key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput // Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`) ValidTo pulumi.StringPtrInput }
The set of arguments for constructing a ReplicaExternalKey resource.
func (ReplicaExternalKeyArgs) ElementType ¶
func (ReplicaExternalKeyArgs) ElementType() reflect.Type
type ReplicaExternalKeyArray ¶
type ReplicaExternalKeyArray []ReplicaExternalKeyInput
func (ReplicaExternalKeyArray) ElementType ¶
func (ReplicaExternalKeyArray) ElementType() reflect.Type
func (ReplicaExternalKeyArray) ToReplicaExternalKeyArrayOutput ¶
func (i ReplicaExternalKeyArray) ToReplicaExternalKeyArrayOutput() ReplicaExternalKeyArrayOutput
func (ReplicaExternalKeyArray) ToReplicaExternalKeyArrayOutputWithContext ¶
func (i ReplicaExternalKeyArray) ToReplicaExternalKeyArrayOutputWithContext(ctx context.Context) ReplicaExternalKeyArrayOutput
type ReplicaExternalKeyArrayInput ¶
type ReplicaExternalKeyArrayInput interface { pulumi.Input ToReplicaExternalKeyArrayOutput() ReplicaExternalKeyArrayOutput ToReplicaExternalKeyArrayOutputWithContext(context.Context) ReplicaExternalKeyArrayOutput }
ReplicaExternalKeyArrayInput is an input type that accepts ReplicaExternalKeyArray and ReplicaExternalKeyArrayOutput values. You can construct a concrete instance of `ReplicaExternalKeyArrayInput` via:
ReplicaExternalKeyArray{ ReplicaExternalKeyArgs{...} }
type ReplicaExternalKeyArrayOutput ¶
type ReplicaExternalKeyArrayOutput struct{ *pulumi.OutputState }
func (ReplicaExternalKeyArrayOutput) ElementType ¶
func (ReplicaExternalKeyArrayOutput) ElementType() reflect.Type
func (ReplicaExternalKeyArrayOutput) Index ¶
func (o ReplicaExternalKeyArrayOutput) Index(i pulumi.IntInput) ReplicaExternalKeyOutput
func (ReplicaExternalKeyArrayOutput) ToReplicaExternalKeyArrayOutput ¶
func (o ReplicaExternalKeyArrayOutput) ToReplicaExternalKeyArrayOutput() ReplicaExternalKeyArrayOutput
func (ReplicaExternalKeyArrayOutput) ToReplicaExternalKeyArrayOutputWithContext ¶
func (o ReplicaExternalKeyArrayOutput) ToReplicaExternalKeyArrayOutputWithContext(ctx context.Context) ReplicaExternalKeyArrayOutput
type ReplicaExternalKeyInput ¶
type ReplicaExternalKeyInput interface { pulumi.Input ToReplicaExternalKeyOutput() ReplicaExternalKeyOutput ToReplicaExternalKeyOutputWithContext(ctx context.Context) ReplicaExternalKeyOutput }
type ReplicaExternalKeyMap ¶
type ReplicaExternalKeyMap map[string]ReplicaExternalKeyInput
func (ReplicaExternalKeyMap) ElementType ¶
func (ReplicaExternalKeyMap) ElementType() reflect.Type
func (ReplicaExternalKeyMap) ToReplicaExternalKeyMapOutput ¶
func (i ReplicaExternalKeyMap) ToReplicaExternalKeyMapOutput() ReplicaExternalKeyMapOutput
func (ReplicaExternalKeyMap) ToReplicaExternalKeyMapOutputWithContext ¶
func (i ReplicaExternalKeyMap) ToReplicaExternalKeyMapOutputWithContext(ctx context.Context) ReplicaExternalKeyMapOutput
type ReplicaExternalKeyMapInput ¶
type ReplicaExternalKeyMapInput interface { pulumi.Input ToReplicaExternalKeyMapOutput() ReplicaExternalKeyMapOutput ToReplicaExternalKeyMapOutputWithContext(context.Context) ReplicaExternalKeyMapOutput }
ReplicaExternalKeyMapInput is an input type that accepts ReplicaExternalKeyMap and ReplicaExternalKeyMapOutput values. You can construct a concrete instance of `ReplicaExternalKeyMapInput` via:
ReplicaExternalKeyMap{ "key": ReplicaExternalKeyArgs{...} }
type ReplicaExternalKeyMapOutput ¶
type ReplicaExternalKeyMapOutput struct{ *pulumi.OutputState }
func (ReplicaExternalKeyMapOutput) ElementType ¶
func (ReplicaExternalKeyMapOutput) ElementType() reflect.Type
func (ReplicaExternalKeyMapOutput) MapIndex ¶
func (o ReplicaExternalKeyMapOutput) MapIndex(k pulumi.StringInput) ReplicaExternalKeyOutput
func (ReplicaExternalKeyMapOutput) ToReplicaExternalKeyMapOutput ¶
func (o ReplicaExternalKeyMapOutput) ToReplicaExternalKeyMapOutput() ReplicaExternalKeyMapOutput
func (ReplicaExternalKeyMapOutput) ToReplicaExternalKeyMapOutputWithContext ¶
func (o ReplicaExternalKeyMapOutput) ToReplicaExternalKeyMapOutputWithContext(ctx context.Context) ReplicaExternalKeyMapOutput
type ReplicaExternalKeyOutput ¶
type ReplicaExternalKeyOutput struct{ *pulumi.OutputState }
func (ReplicaExternalKeyOutput) Arn ¶
func (o ReplicaExternalKeyOutput) Arn() pulumi.StringOutput
The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value.
func (ReplicaExternalKeyOutput) BypassPolicyLockoutSafetyCheck ¶
func (o ReplicaExternalKeyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. The default value is `false`.
func (ReplicaExternalKeyOutput) DeletionWindowInDays ¶
func (o ReplicaExternalKeyOutput) DeletionWindowInDays() pulumi.IntPtrOutput
The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
func (ReplicaExternalKeyOutput) Description ¶
func (o ReplicaExternalKeyOutput) Description() pulumi.StringPtrOutput
A description of the KMS key.
func (ReplicaExternalKeyOutput) ElementType ¶
func (ReplicaExternalKeyOutput) ElementType() reflect.Type
func (ReplicaExternalKeyOutput) Enabled ¶
func (o ReplicaExternalKeyOutput) Enabled() pulumi.BoolOutput
Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
func (ReplicaExternalKeyOutput) ExpirationModel ¶
func (o ReplicaExternalKeyOutput) ExpirationModel() pulumi.StringOutput
Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
func (ReplicaExternalKeyOutput) KeyId ¶
func (o ReplicaExternalKeyOutput) KeyId() pulumi.StringOutput
The key ID of the replica key. Related multi-Region keys have the same key ID.
func (ReplicaExternalKeyOutput) KeyMaterialBase64 ¶
func (o ReplicaExternalKeyOutput) KeyMaterialBase64() pulumi.StringPtrOutput
Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material.
func (ReplicaExternalKeyOutput) KeyState ¶
func (o ReplicaExternalKeyOutput) KeyState() pulumi.StringOutput
The state of the replica key.
func (ReplicaExternalKeyOutput) KeyUsage ¶
func (o ReplicaExternalKeyOutput) KeyUsage() pulumi.StringOutput
The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys.
func (ReplicaExternalKeyOutput) Policy ¶
func (o ReplicaExternalKeyOutput) Policy() pulumi.StringOutput
The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
func (ReplicaExternalKeyOutput) PrimaryKeyArn ¶
func (o ReplicaExternalKeyOutput) PrimaryKeyArn() pulumi.StringOutput
The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
func (ReplicaExternalKeyOutput) Tags ¶
func (o ReplicaExternalKeyOutput) Tags() pulumi.StringMapOutput
A map of tags to assign to the replica key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
func (ReplicaExternalKeyOutput) TagsAll
deprecated
func (o ReplicaExternalKeyOutput) TagsAll() pulumi.StringMapOutput
A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
Deprecated: Please use `tags` instead.
func (ReplicaExternalKeyOutput) ToReplicaExternalKeyOutput ¶
func (o ReplicaExternalKeyOutput) ToReplicaExternalKeyOutput() ReplicaExternalKeyOutput
func (ReplicaExternalKeyOutput) ToReplicaExternalKeyOutputWithContext ¶
func (o ReplicaExternalKeyOutput) ToReplicaExternalKeyOutputWithContext(ctx context.Context) ReplicaExternalKeyOutput
func (ReplicaExternalKeyOutput) ValidTo ¶
func (o ReplicaExternalKeyOutput) ValidTo() pulumi.StringPtrOutput
Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
type ReplicaExternalKeyState ¶
type ReplicaExternalKeyState struct { // The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value. Arn pulumi.StringPtrInput // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. // The default value is `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. // If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. DeletionWindowInDays pulumi.IntPtrInput // A description of the KMS key. Description pulumi.StringPtrInput // Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired. Enabled pulumi.BoolPtrInput // Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`. ExpirationModel pulumi.StringPtrInput // The key ID of the replica key. Related multi-Region keys have the same key ID. KeyId pulumi.StringPtrInput // Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material. KeyMaterialBase64 pulumi.StringPtrInput // The state of the replica key. KeyState pulumi.StringPtrInput // The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys. KeyUsage pulumi.StringPtrInput // The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key. Policy pulumi.StringPtrInput // The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region. PrimaryKeyArn pulumi.StringPtrInput // A map of tags to assign to the replica key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. // // Deprecated: Please use `tags` instead. TagsAll pulumi.StringMapInput // Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`) ValidTo pulumi.StringPtrInput }
func (ReplicaExternalKeyState) ElementType ¶
func (ReplicaExternalKeyState) ElementType() reflect.Type
type ReplicaKey ¶
type ReplicaKey struct { pulumi.CustomResourceState // The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value. Arn pulumi.StringOutput `pulumi:"arn"` // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. // The default value is `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrOutput `pulumi:"bypassPolicyLockoutSafetyCheck"` // The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. // If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. DeletionWindowInDays pulumi.IntPtrOutput `pulumi:"deletionWindowInDays"` // A description of the KMS key. Description pulumi.StringPtrOutput `pulumi:"description"` // Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. The default value is `true`. Enabled pulumi.BoolPtrOutput `pulumi:"enabled"` // The key ID of the replica key. Related multi-Region keys have the same key ID. KeyId pulumi.StringOutput `pulumi:"keyId"` // A Boolean value that specifies whether key rotation is enabled. This is a shared property of multi-Region keys. KeyRotationEnabled pulumi.BoolOutput `pulumi:"keyRotationEnabled"` // The type of key material in the KMS key. This is a shared property of multi-Region keys. KeySpec pulumi.StringOutput `pulumi:"keySpec"` // The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys. KeyUsage pulumi.StringOutput `pulumi:"keyUsage"` // The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key. Policy pulumi.StringOutput `pulumi:"policy"` // The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region. PrimaryKeyArn pulumi.StringOutput `pulumi:"primaryKeyArn"` // A map of tags to assign to the replica key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapOutput `pulumi:"tags"` // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. // // Deprecated: Please use `tags` instead. TagsAll pulumi.StringMapOutput `pulumi:"tagsAll"` }
Manages a KMS multi-Region replica key.
## Example Usage
```go package main
import (
"github.com/pulumi/pulumi-aws/sdk/v6/go/aws/kms" "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() { pulumi.Run(func(ctx *pulumi.Context) error { primary, err := kms.NewKey(ctx, "primary", &kms.KeyArgs{ Description: pulumi.String("Multi-Region primary key"), DeletionWindowInDays: pulumi.Int(30), MultiRegion: pulumi.Bool(true), }) if err != nil { return err } _, err = kms.NewReplicaKey(ctx, "replica", &kms.ReplicaKeyArgs{ Description: pulumi.String("Multi-Region replica key"), DeletionWindowInDays: pulumi.Int(7), PrimaryKeyArn: primary.Arn, }) if err != nil { return err } return nil }) }
```
## Import
Using `pulumi import`, import KMS multi-Region replica keys using the `id`. For example:
```sh $ pulumi import aws:kms/replicaKey:ReplicaKey example 1234abcd-12ab-34cd-56ef-1234567890ab ```
func GetReplicaKey ¶
func GetReplicaKey(ctx *pulumi.Context, name string, id pulumi.IDInput, state *ReplicaKeyState, opts ...pulumi.ResourceOption) (*ReplicaKey, error)
GetReplicaKey gets an existing ReplicaKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).
func NewReplicaKey ¶
func NewReplicaKey(ctx *pulumi.Context, name string, args *ReplicaKeyArgs, opts ...pulumi.ResourceOption) (*ReplicaKey, error)
NewReplicaKey registers a new resource with the given unique name, arguments, and options.
func (*ReplicaKey) ElementType ¶
func (*ReplicaKey) ElementType() reflect.Type
func (*ReplicaKey) ToReplicaKeyOutput ¶
func (i *ReplicaKey) ToReplicaKeyOutput() ReplicaKeyOutput
func (*ReplicaKey) ToReplicaKeyOutputWithContext ¶
func (i *ReplicaKey) ToReplicaKeyOutputWithContext(ctx context.Context) ReplicaKeyOutput
type ReplicaKeyArgs ¶
type ReplicaKeyArgs struct { // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. // The default value is `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. // If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. DeletionWindowInDays pulumi.IntPtrInput // A description of the KMS key. Description pulumi.StringPtrInput // Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. The default value is `true`. Enabled pulumi.BoolPtrInput // The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key. Policy pulumi.StringPtrInput // The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region. PrimaryKeyArn pulumi.StringInput // A map of tags to assign to the replica key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput }
The set of arguments for constructing a ReplicaKey resource.
func (ReplicaKeyArgs) ElementType ¶
func (ReplicaKeyArgs) ElementType() reflect.Type
type ReplicaKeyArray ¶
type ReplicaKeyArray []ReplicaKeyInput
func (ReplicaKeyArray) ElementType ¶
func (ReplicaKeyArray) ElementType() reflect.Type
func (ReplicaKeyArray) ToReplicaKeyArrayOutput ¶
func (i ReplicaKeyArray) ToReplicaKeyArrayOutput() ReplicaKeyArrayOutput
func (ReplicaKeyArray) ToReplicaKeyArrayOutputWithContext ¶
func (i ReplicaKeyArray) ToReplicaKeyArrayOutputWithContext(ctx context.Context) ReplicaKeyArrayOutput
type ReplicaKeyArrayInput ¶
type ReplicaKeyArrayInput interface { pulumi.Input ToReplicaKeyArrayOutput() ReplicaKeyArrayOutput ToReplicaKeyArrayOutputWithContext(context.Context) ReplicaKeyArrayOutput }
ReplicaKeyArrayInput is an input type that accepts ReplicaKeyArray and ReplicaKeyArrayOutput values. You can construct a concrete instance of `ReplicaKeyArrayInput` via:
ReplicaKeyArray{ ReplicaKeyArgs{...} }
type ReplicaKeyArrayOutput ¶
type ReplicaKeyArrayOutput struct{ *pulumi.OutputState }
func (ReplicaKeyArrayOutput) ElementType ¶
func (ReplicaKeyArrayOutput) ElementType() reflect.Type
func (ReplicaKeyArrayOutput) Index ¶
func (o ReplicaKeyArrayOutput) Index(i pulumi.IntInput) ReplicaKeyOutput
func (ReplicaKeyArrayOutput) ToReplicaKeyArrayOutput ¶
func (o ReplicaKeyArrayOutput) ToReplicaKeyArrayOutput() ReplicaKeyArrayOutput
func (ReplicaKeyArrayOutput) ToReplicaKeyArrayOutputWithContext ¶
func (o ReplicaKeyArrayOutput) ToReplicaKeyArrayOutputWithContext(ctx context.Context) ReplicaKeyArrayOutput
type ReplicaKeyInput ¶
type ReplicaKeyInput interface { pulumi.Input ToReplicaKeyOutput() ReplicaKeyOutput ToReplicaKeyOutputWithContext(ctx context.Context) ReplicaKeyOutput }
type ReplicaKeyMap ¶
type ReplicaKeyMap map[string]ReplicaKeyInput
func (ReplicaKeyMap) ElementType ¶
func (ReplicaKeyMap) ElementType() reflect.Type
func (ReplicaKeyMap) ToReplicaKeyMapOutput ¶
func (i ReplicaKeyMap) ToReplicaKeyMapOutput() ReplicaKeyMapOutput
func (ReplicaKeyMap) ToReplicaKeyMapOutputWithContext ¶
func (i ReplicaKeyMap) ToReplicaKeyMapOutputWithContext(ctx context.Context) ReplicaKeyMapOutput
type ReplicaKeyMapInput ¶
type ReplicaKeyMapInput interface { pulumi.Input ToReplicaKeyMapOutput() ReplicaKeyMapOutput ToReplicaKeyMapOutputWithContext(context.Context) ReplicaKeyMapOutput }
ReplicaKeyMapInput is an input type that accepts ReplicaKeyMap and ReplicaKeyMapOutput values. You can construct a concrete instance of `ReplicaKeyMapInput` via:
ReplicaKeyMap{ "key": ReplicaKeyArgs{...} }
type ReplicaKeyMapOutput ¶
type ReplicaKeyMapOutput struct{ *pulumi.OutputState }
func (ReplicaKeyMapOutput) ElementType ¶
func (ReplicaKeyMapOutput) ElementType() reflect.Type
func (ReplicaKeyMapOutput) MapIndex ¶
func (o ReplicaKeyMapOutput) MapIndex(k pulumi.StringInput) ReplicaKeyOutput
func (ReplicaKeyMapOutput) ToReplicaKeyMapOutput ¶
func (o ReplicaKeyMapOutput) ToReplicaKeyMapOutput() ReplicaKeyMapOutput
func (ReplicaKeyMapOutput) ToReplicaKeyMapOutputWithContext ¶
func (o ReplicaKeyMapOutput) ToReplicaKeyMapOutputWithContext(ctx context.Context) ReplicaKeyMapOutput
type ReplicaKeyOutput ¶
type ReplicaKeyOutput struct{ *pulumi.OutputState }
func (ReplicaKeyOutput) Arn ¶
func (o ReplicaKeyOutput) Arn() pulumi.StringOutput
The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value.
func (ReplicaKeyOutput) BypassPolicyLockoutSafetyCheck ¶
func (o ReplicaKeyOutput) BypassPolicyLockoutSafetyCheck() pulumi.BoolPtrOutput
A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. The default value is `false`.
func (ReplicaKeyOutput) DeletionWindowInDays ¶
func (o ReplicaKeyOutput) DeletionWindowInDays() pulumi.IntPtrOutput
The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
func (ReplicaKeyOutput) Description ¶
func (o ReplicaKeyOutput) Description() pulumi.StringPtrOutput
A description of the KMS key.
func (ReplicaKeyOutput) ElementType ¶
func (ReplicaKeyOutput) ElementType() reflect.Type
func (ReplicaKeyOutput) Enabled ¶
func (o ReplicaKeyOutput) Enabled() pulumi.BoolPtrOutput
Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. The default value is `true`.
func (ReplicaKeyOutput) KeyId ¶
func (o ReplicaKeyOutput) KeyId() pulumi.StringOutput
The key ID of the replica key. Related multi-Region keys have the same key ID.
func (ReplicaKeyOutput) KeyRotationEnabled ¶
func (o ReplicaKeyOutput) KeyRotationEnabled() pulumi.BoolOutput
A Boolean value that specifies whether key rotation is enabled. This is a shared property of multi-Region keys.
func (ReplicaKeyOutput) KeySpec ¶
func (o ReplicaKeyOutput) KeySpec() pulumi.StringOutput
The type of key material in the KMS key. This is a shared property of multi-Region keys.
func (ReplicaKeyOutput) KeyUsage ¶
func (o ReplicaKeyOutput) KeyUsage() pulumi.StringOutput
The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys.
func (ReplicaKeyOutput) Policy ¶
func (o ReplicaKeyOutput) Policy() pulumi.StringOutput
The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
func (ReplicaKeyOutput) PrimaryKeyArn ¶
func (o ReplicaKeyOutput) PrimaryKeyArn() pulumi.StringOutput
The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
func (ReplicaKeyOutput) Tags ¶
func (o ReplicaKeyOutput) Tags() pulumi.StringMapOutput
A map of tags to assign to the replica key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
func (ReplicaKeyOutput) TagsAll
deprecated
func (o ReplicaKeyOutput) TagsAll() pulumi.StringMapOutput
A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block.
Deprecated: Please use `tags` instead.
func (ReplicaKeyOutput) ToReplicaKeyOutput ¶
func (o ReplicaKeyOutput) ToReplicaKeyOutput() ReplicaKeyOutput
func (ReplicaKeyOutput) ToReplicaKeyOutputWithContext ¶
func (o ReplicaKeyOutput) ToReplicaKeyOutputWithContext(ctx context.Context) ReplicaKeyOutput
type ReplicaKeyState ¶
type ReplicaKeyState struct { // The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value. Arn pulumi.StringPtrInput // A flag to indicate whether to bypass the key policy lockout safety check. // Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. // For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. // The default value is `false`. BypassPolicyLockoutSafetyCheck pulumi.BoolPtrInput // The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. // If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. DeletionWindowInDays pulumi.IntPtrInput // A description of the KMS key. Description pulumi.StringPtrInput // Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. The default value is `true`. Enabled pulumi.BoolPtrInput // The key ID of the replica key. Related multi-Region keys have the same key ID. KeyId pulumi.StringPtrInput // A Boolean value that specifies whether key rotation is enabled. This is a shared property of multi-Region keys. KeyRotationEnabled pulumi.BoolPtrInput // The type of key material in the KMS key. This is a shared property of multi-Region keys. KeySpec pulumi.StringPtrInput // The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys. KeyUsage pulumi.StringPtrInput // The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key. Policy pulumi.StringPtrInput // The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region. PrimaryKeyArn pulumi.StringPtrInput // A map of tags to assign to the replica key. If configured with a provider `defaultTags` configuration block present, tags with matching keys will overwrite those defined at the provider-level. Tags pulumi.StringMapInput // A map of tags assigned to the resource, including those inherited from the provider `defaultTags` configuration block. // // Deprecated: Please use `tags` instead. TagsAll pulumi.StringMapInput }
func (ReplicaKeyState) ElementType ¶
func (ReplicaKeyState) ElementType() reflect.Type