aws_ddk_core.resources.KMSFactory¶
- class aws_ddk_core.resources.KMSFactory¶
Class factory to create and configure Key Management Service DDK resources, including Keys.
- __init__()¶
Methods
- static key(scope: constructs.Construct, id: str, environment_id: str, alias: Optional[str] = None, enable_key_rotation: Optional[bool] = None, pending_window: Optional[aws_cdk.Duration] = None, removal_policy: Optional[aws_cdk.RemovalPolicy] = None, **key_props: Any) aws_cdk.aws_kms.IKey¶
Create and configure KMS key.
This construct allows to configure parameters of the key using ddk.json configuration file depending on the environment_id in which the key is used. Supported parameters are: enable_key_rotation,`pending_window`, and removal_policy.
The parameters are respected in the following order: 1 - Explicit arguments are always preferred 2 - Values from configuration file 3 - Defaults are used otherwise
- Parameters
scope (Construct) – Scope within which this construct is defined
id (str) – Identifier of the key
environment_id (str) – Identifier of the environment
alias (Optional[str]) – Key alias
enable_key_rotation (Optional[bool]) – Indicates whether AWS KMS rotates the key. True by default.
pending_window (Optional[Duration]) – Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack. aws_cdk.Duration.days(30) by default.
removal_policy (Optional[RemovalPolicy]) – Whether the encryption key should be retained when it is removed from the Stack. aws_cdk.RemovalPolicy.RETAIN by default.
key_props (Any) – Additional key properties. For complete list of properties refer to CDK Documentation - KMS Key: https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_kms/Key.html
- Returns
key – KMS key
- Return type
aws_cdk.aws_kms.Key