kms

package
v0.18.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 5, 2019 License: Apache-2.0 Imports: 2 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Alias 

type Alias struct {
	// contains filtered or unexported fields
}

Provides an alias for a KMS customer master key. AWS Console enforces 1-to-1 mapping between aliases & keys, but API (hence Terraform too) allows you to create as many aliases as the [account limits](http://docs.aws.amazon.com/kms/latest/developerguide/limits.html) allow you.

func GetAlias 

func GetAlias(ctx *pulumi.Context,
	name string, id pulumi.ID, state *AliasState, opts ...pulumi.ResourceOpt) (*Alias, error)

GetAlias gets an existing Alias resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAlias 

func NewAlias(ctx *pulumi.Context,
	name string, args *AliasArgs, opts ...pulumi.ResourceOpt) (*Alias, error)

NewAlias registers a new resource with the given unique name, arguments, and options.

func (*Alias) Arn 

func (r *Alias) Arn() *pulumi.StringOutput

The Amazon Resource Name (ARN) of the key alias.

func (*Alias) ID 

func (r *Alias) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Alias) Name 

func (r *Alias) Name() *pulumi.StringOutput

The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)

func (*Alias) NamePrefix 

func (r *Alias) NamePrefix() *pulumi.StringOutput

Creates an unique alias beginning with the specified prefix. The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with `name`.

func (*Alias) TargetKeyArn 

func (r *Alias) TargetKeyArn() *pulumi.StringOutput

The Amazon Resource Name (ARN) of the target key identifier.

func (*Alias) TargetKeyId 

func (r *Alias) TargetKeyId() *pulumi.StringOutput

Identifier for the key for which the alias is for, can be either an ARN or key_id.

func (*Alias) URN 

func (r *Alias) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type AliasArgs 

type AliasArgs struct {
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name interface{}
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix interface{}
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId interface{}
}

The set of arguments for constructing a Alias resource.

type AliasState 

type AliasState struct {
	// The Amazon Resource Name (ARN) of the key alias.
	Arn interface{}
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name interface{}
	// Creates an unique alias beginning with the specified prefix.
	// The name must start with the word "alias" followed by a forward slash (alias/).  Conflicts with `name`.
	NamePrefix interface{}
	// The Amazon Resource Name (ARN) of the target key identifier.
	TargetKeyArn interface{}
	// Identifier for the key for which the alias is for, can be either an ARN or key_id.
	TargetKeyId interface{}
}

Input properties used for looking up and filtering Alias resources.

type Ciphertext added in v0.18.1 

type Ciphertext struct {
	// contains filtered or unexported fields
}

The KMS ciphertext resource allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this resource is stable across every apply. For a changing ciphertext value each apply, see the [`aws_kms_ciphertext` data source](https://www.terraform.io/docs/providers/aws/d/kms_ciphertext.html).

> **Note:** All arguments including the plaintext be stored in the raw state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/docs/state/sensitive-data.html).

func GetCiphertext added in v0.18.1 

func GetCiphertext(ctx *pulumi.Context,
	name string, id pulumi.ID, state *CiphertextState, opts ...pulumi.ResourceOpt) (*Ciphertext, error)

GetCiphertext gets an existing Ciphertext resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewCiphertext added in v0.18.1 

func NewCiphertext(ctx *pulumi.Context,
	name string, args *CiphertextArgs, opts ...pulumi.ResourceOpt) (*Ciphertext, error)

NewCiphertext registers a new resource with the given unique name, arguments, and options.

func (*Ciphertext) CiphertextBlob added in v0.18.1 

func (r *Ciphertext) CiphertextBlob() *pulumi.StringOutput

Base64 encoded ciphertext

func (*Ciphertext) Context added in v0.18.1 

func (r *Ciphertext) Context() *pulumi.MapOutput

An optional mapping that makes up the encryption context.

func (*Ciphertext) ID added in v0.18.1 

func (r *Ciphertext) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Ciphertext) KeyId added in v0.18.1 

func (r *Ciphertext) KeyId() *pulumi.StringOutput

Globally unique key ID for the customer master key.

func (*Ciphertext) Plaintext added in v0.18.1 

func (r *Ciphertext) Plaintext() *pulumi.StringOutput

Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.

func (*Ciphertext) URN added in v0.18.1 

func (r *Ciphertext) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type CiphertextArgs added in v0.18.1 

type CiphertextArgs struct {
	// An optional mapping that makes up the encryption context.
	Context interface{}
	// Globally unique key ID for the customer master key.
	KeyId interface{}
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext interface{}
}

The set of arguments for constructing a Ciphertext resource.

type CiphertextState added in v0.18.1 

type CiphertextState struct {
	// Base64 encoded ciphertext
	CiphertextBlob interface{}
	// An optional mapping that makes up the encryption context.
	Context interface{}
	// Globally unique key ID for the customer master key.
	KeyId interface{}
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext interface{}
}

Input properties used for looking up and filtering Ciphertext resources.

type ExternalKey added in v0.18.1 

type ExternalKey struct {
	// contains filtered or unexported fields
}

Manages a KMS Customer Master Key that uses external key material. To instead manage a KMS Customer Master Key where AWS automatically generates and potentially rotates key material, see the [`aws_kms_key` resource](https://www.terraform.io/docs/providers/aws/r/kms_key.html).

> **Note:** All arguments including the key material will be stored in the raw state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/docs/state/sensitive-data.html).

func GetExternalKey added in v0.18.1 

func GetExternalKey(ctx *pulumi.Context,
	name string, id pulumi.ID, state *ExternalKeyState, opts ...pulumi.ResourceOpt) (*ExternalKey, error)

GetExternalKey gets an existing ExternalKey resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewExternalKey added in v0.18.1 

func NewExternalKey(ctx *pulumi.Context,
	name string, args *ExternalKeyArgs, opts ...pulumi.ResourceOpt) (*ExternalKey, error)

NewExternalKey registers a new resource with the given unique name, arguments, and options.

func (*ExternalKey) Arn added in v0.18.1 

func (r *ExternalKey) Arn() *pulumi.StringOutput

The Amazon Resource Name (ARN) of the key.

func (*ExternalKey) DeletionWindowInDays added in v0.18.1 

func (r *ExternalKey) DeletionWindowInDays() *pulumi.IntOutput

Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.

func (*ExternalKey) Description added in v0.18.1 

func (r *ExternalKey) Description() *pulumi.StringOutput

Description of the key.

func (*ExternalKey) Enabled added in v0.18.1 

func (r *ExternalKey) Enabled() *pulumi.BoolOutput

Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.

func (*ExternalKey) ExpirationModel added in v0.18.1 

func (r *ExternalKey) ExpirationModel() *pulumi.StringOutput

Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.

func (*ExternalKey) ID added in v0.18.1 

func (r *ExternalKey) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*ExternalKey) KeyMaterialBase64 added in v0.18.1 

func (r *ExternalKey) KeyMaterialBase64() *pulumi.StringOutput

Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.

func (*ExternalKey) KeyState added in v0.18.1 

func (r *ExternalKey) KeyState() *pulumi.StringOutput

The state of the CMK.

func (*ExternalKey) KeyUsage added in v0.18.1 

func (r *ExternalKey) KeyUsage() *pulumi.StringOutput

The cryptographic operations for which you can use the CMK.

func (*ExternalKey) Policy added in v0.18.1 

func (r *ExternalKey) Policy() *pulumi.StringOutput

A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.

func (*ExternalKey) Tags added in v0.18.1 

func (r *ExternalKey) Tags() *pulumi.MapOutput

A key-value map of tags to assign to the key.

func (*ExternalKey) URN added in v0.18.1 

func (r *ExternalKey) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

func (*ExternalKey) ValidTo added in v0.18.1 

func (r *ExternalKey) ValidTo() *pulumi.StringOutput

Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)

type ExternalKeyArgs added in v0.18.1 

type ExternalKeyArgs struct {
	// Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
	DeletionWindowInDays interface{}
	// Description of the key.
	Description interface{}
	// Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
	Enabled interface{}
	// Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
	KeyMaterialBase64 interface{}
	// A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
	Policy interface{}
	// A key-value map of tags to assign to the key.
	Tags interface{}
	// Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
	ValidTo interface{}
}

The set of arguments for constructing a ExternalKey resource.

type ExternalKeyState added in v0.18.1 

type ExternalKeyState struct {
	// The Amazon Resource Name (ARN) of the key.
	Arn interface{}
	// Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
	DeletionWindowInDays interface{}
	// Description of the key.
	Description interface{}
	// Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
	Enabled interface{}
	// Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
	ExpirationModel interface{}
	// Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
	KeyMaterialBase64 interface{}
	// The state of the CMK.
	KeyState interface{}
	// The cryptographic operations for which you can use the CMK.
	KeyUsage interface{}
	// A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
	Policy interface{}
	// A key-value map of tags to assign to the key.
	Tags interface{}
	// Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
	ValidTo interface{}
}

Input properties used for looking up and filtering ExternalKey resources.

type GetAliasArgs 

type GetAliasArgs struct {
	// The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
	Name interface{}
}

A collection of arguments for invoking getAlias.

type GetAliasResult 

type GetAliasResult struct {
	// The Amazon Resource Name(ARN) of the key alias.
	Arn interface{}
	// ARN pointed to by the alias.
	TargetKeyArn interface{}
	// Key identifier pointed to by the alias.
	TargetKeyId interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getAlias.

func LookupAlias 

func LookupAlias(ctx *pulumi.Context, args *GetAliasArgs) (*GetAliasResult, error)

Use this data source to get the ARN of a KMS key alias. By using this data source, you can reference key alias without having to hard code the ARN as input.

type GetCipherTextArgs 

type GetCipherTextArgs struct {
	// An optional mapping that makes up the encryption context.
	Context interface{}
	// Globally unique key ID for the customer master key.
	KeyId interface{}
	// Data to be encrypted. Note that this may show up in logs, and it will be stored in the state file.
	Plaintext interface{}
}

A collection of arguments for invoking getCipherText.

type GetCipherTextResult 

type GetCipherTextResult struct {
	// Base64 encoded ciphertext
	CiphertextBlob interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getCipherText.

func LookupCipherText 

func LookupCipherText(ctx *pulumi.Context, args *GetCipherTextArgs) (*GetCipherTextResult, error)

The KMS ciphertext data source allows you to encrypt plaintext into ciphertext by using an AWS KMS customer master key. The value returned by this data source changes every apply. For a stable ciphertext value, see the [`aws_kms_ciphertext` resource](https://www.terraform.io/docs/providers/aws/r/kms_ciphertext.html).

> **Note:** All arguments including the plaintext be stored in the raw state as plain-text. [Read more about sensitive data in state](https://www.terraform.io/docs/state/sensitive-data.html).

type GetKeyArgs 

type GetKeyArgs struct {
	// List of grant tokens
	GrantTokens interface{}
	// Key identifier which can be one of the following format:
	// * Key ID. E.g: `1234abcd-12ab-34cd-56ef-1234567890ab`
	// * Key ARN. E.g.: `arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
	// * Alias name. E.g.: `alias/my-key`
	// * Alias ARN: E.g.: `arn:aws:kms:us-east-1:111122223333:alias/my-key`
	KeyId interface{}
}

A collection of arguments for invoking getKey.

type GetKeyResult 

type GetKeyResult struct {
	Arn             interface{}
	AwsAccountId    interface{}
	CreationDate    interface{}
	DeletionDate    interface{}
	Description     interface{}
	Enabled         interface{}
	ExpirationModel interface{}
	KeyManager      interface{}
	KeyState        interface{}
	KeyUsage        interface{}
	Origin          interface{}
	ValidTo         interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getKey.

func LookupKey 

func LookupKey(ctx *pulumi.Context, args *GetKeyArgs) (*GetKeyResult, error)

Use this data source to get detailed information about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.

type GetSecretArgs 

type GetSecretArgs struct {
	Secrets interface{}
}

A collection of arguments for invoking getSecret.

type GetSecretResult added in v0.14.1 

type GetSecretResult struct {
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getSecret.

func LookupSecret 

func LookupSecret(ctx *pulumi.Context, args *GetSecretArgs) (*GetSecretResult, error)

!> **WARNING:** This data source was removed in version 2.0.0 of the Terraform AWS Provider. You can migrate existing configurations to the [`aws_kms_secrets` data source](https://www.terraform.io/docs/providers/aws/d/kms_secrets.html) following instructions available in the [Version 2 Upgrade Guide](https://www.terraform.io/docs/providers/aws/guides/version-2-upgrade.html#data-source-aws_kms_secret).

type GetSecretsArgs added in v0.15.1 

type GetSecretsArgs struct {
	// One or more encrypted payload definitions from the KMS service. See the Secret Definitions below.
	Secrets interface{}
}

A collection of arguments for invoking getSecrets.

type GetSecretsResult added in v0.15.1 

type GetSecretsResult struct {
	// Map containing each `secret` `name` as the key with its decrypted plaintext value
	Plaintext interface{}
	// id is the provider-assigned unique ID for this managed resource.
	Id interface{}
}

A collection of values returned by getSecrets.

func LookupSecrets added in v0.15.1 

func LookupSecrets(ctx *pulumi.Context, args *GetSecretsArgs) (*GetSecretsResult, error)

Decrypt multiple secrets from data encrypted with the AWS KMS service.

> **NOTE**: Using this data provider will allow you to conceal secret data within your resource definitions but does not take care of protecting that data in all Terraform logging and state output. Please take care to secure your secret data beyond just the Terraform configuration.

type Grant 

type Grant struct {
	// contains filtered or unexported fields
}

Provides a resource-based access control mechanism for a KMS customer master key.

func GetGrant 

func GetGrant(ctx *pulumi.Context,
	name string, id pulumi.ID, state *GrantState, opts ...pulumi.ResourceOpt) (*Grant, error)

GetGrant gets an existing Grant resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewGrant 

func NewGrant(ctx *pulumi.Context,
	name string, args *GrantArgs, opts ...pulumi.ResourceOpt) (*Grant, error)

NewGrant registers a new resource with the given unique name, arguments, and options.

func (*Grant) Constraints 

func (r *Grant) Constraints() *pulumi.ArrayOutput

A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).

func (*Grant) GrantCreationTokens 

func (r *Grant) GrantCreationTokens() *pulumi.ArrayOutput

A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens. * `retire_on_delete` -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.

func (*Grant) GrantId 

func (r *Grant) GrantId() *pulumi.StringOutput

The unique identifier for the grant.

func (*Grant) GrantToken 

func (r *Grant) GrantToken() *pulumi.StringOutput

The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).

func (*Grant) GranteePrincipal 

func (r *Grant) GranteePrincipal() *pulumi.StringOutput

The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, terraform's state may not always be refreshed to reflect what is true in AWS.

func (*Grant) ID 

func (r *Grant) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Grant) KeyId 

func (r *Grant) KeyId() *pulumi.StringOutput

The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.

func (*Grant) Name 

func (r *Grant) Name() *pulumi.StringOutput

A friendly name for identifying the grant.

func (*Grant) Operations 

func (r *Grant) Operations() *pulumi.ArrayOutput

A list of operations that the grant permits. The permitted values are: `Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey`

func (*Grant) RetireOnDelete 

func (r *Grant) RetireOnDelete() *pulumi.BoolOutput

func (*Grant) RetiringPrincipal 

func (r *Grant) RetiringPrincipal() *pulumi.StringOutput

func (*Grant) URN 

func (r *Grant) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type GrantArgs 

type GrantArgs struct {
	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints interface{}
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	// * `retire_on_delete` -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	GrantCreationTokens interface{}
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, terraform's state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal interface{}
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId interface{}
	// A friendly name for identifying the grant.
	Name interface{}
	// A list of operations that the grant permits. The permitted values are: `Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey`
	Operations        interface{}
	RetireOnDelete    interface{}
	RetiringPrincipal interface{}
}

The set of arguments for constructing a Grant resource.

type GrantState 

type GrantState struct {
	// A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context](http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html).
	Constraints interface{}
	// A list of grant tokens to be used when creating the grant. See [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) for more information about grant tokens.
	// * `retire_on_delete` -(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants.
	// See [RetireGrant](https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html) for more information.
	GrantCreationTokens interface{}
	// The unique identifier for the grant.
	GrantId interface{}
	// The grant token for the created grant. For more information, see [Grant Tokens](http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token).
	GrantToken interface{}
	// The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, terraform's state may not always be refreshed to reflect what is true in AWS.
	GranteePrincipal interface{}
	// The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
	KeyId interface{}
	// A friendly name for identifying the grant.
	Name interface{}
	// A list of operations that the grant permits. The permitted values are: `Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey`
	Operations        interface{}
	RetireOnDelete    interface{}
	RetiringPrincipal interface{}
}

Input properties used for looking up and filtering Grant resources.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Provides a KMS customer master key.

func GetKey 

func GetKey(ctx *pulumi.Context,
	name string, id pulumi.ID, state *KeyState, opts ...pulumi.ResourceOpt) (*Key, error)

GetKey gets an existing Key resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewKey 

func NewKey(ctx *pulumi.Context,
	name string, args *KeyArgs, opts ...pulumi.ResourceOpt) (*Key, error)

NewKey registers a new resource with the given unique name, arguments, and options.

func (*Key) Arn 

func (r *Key) Arn() *pulumi.StringOutput

The Amazon Resource Name (ARN) of the key.

func (*Key) DeletionWindowInDays 

func (r *Key) DeletionWindowInDays() *pulumi.IntOutput

Duration in days after which the key is deleted after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.

func (*Key) Description 

func (r *Key) Description() *pulumi.StringOutput

The description of the key as viewed in AWS console.

func (*Key) EnableKeyRotation 

func (r *Key) EnableKeyRotation() *pulumi.BoolOutput

Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to false.

func (*Key) ID 

func (r *Key) ID() *pulumi.IDOutput

ID is this resource's unique identifier assigned by its provider.

func (*Key) IsEnabled 

func (r *Key) IsEnabled() *pulumi.BoolOutput

Specifies whether the key is enabled. Defaults to true.

func (*Key) KeyId 

func (r *Key) KeyId() *pulumi.StringOutput

The globally unique identifier for the key.

func (*Key) KeyUsage 

func (r *Key) KeyUsage() *pulumi.StringOutput

Specifies the intended use of the key. Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported.

func (*Key) Policy 

func (r *Key) Policy() *pulumi.StringOutput

A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform, see the [AWS IAM Policy Document Guide](https://www.terraform.io/docs/providers/aws/guides/iam-policy-documents.html).

func (*Key) Tags 

func (r *Key) Tags() *pulumi.MapOutput

A mapping of tags to assign to the object.

func (*Key) URN 

func (r *Key) URN() *pulumi.URNOutput

URN is this resource's unique name assigned by Pulumi.

type KeyArgs 

type KeyArgs struct {
	// Duration in days after which the key is deleted
	// after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays interface{}
	// The description of the key as viewed in AWS console.
	Description interface{}
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
	// is enabled. Defaults to false.
	EnableKeyRotation interface{}
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled interface{}
	// Specifies the intended use of the key.
	// Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported.
	KeyUsage interface{}
	// A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform, see the [AWS IAM Policy Document Guide](https://www.terraform.io/docs/providers/aws/guides/iam-policy-documents.html).
	Policy interface{}
	// A mapping of tags to assign to the object.
	Tags interface{}
}

The set of arguments for constructing a Key resource.

type KeyState 

type KeyState struct {
	// The Amazon Resource Name (ARN) of the key.
	Arn interface{}
	// Duration in days after which the key is deleted
	// after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
	DeletionWindowInDays interface{}
	// The description of the key as viewed in AWS console.
	Description interface{}
	// Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
	// is enabled. Defaults to false.
	EnableKeyRotation interface{}
	// Specifies whether the key is enabled. Defaults to true.
	IsEnabled interface{}
	// The globally unique identifier for the key.
	KeyId interface{}
	// Specifies the intended use of the key.
	// Defaults to ENCRYPT_DECRYPT, and only symmetric encryption and decryption are supported.
	KeyUsage interface{}
	// A valid policy JSON document. For more information about building AWS IAM policy documents with Terraform, see the [AWS IAM Policy Document Guide](https://www.terraform.io/docs/providers/aws/guides/iam-policy-documents.html).
	Policy interface{}
	// A mapping of tags to assign to the object.
	Tags interface{}
}

Input properties used for looking up and filtering Key resources.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.