aws_ddk_core.resources.KMSFactory

class aws_ddk_core.resources.KMSFactory

Class factory to create and configure Key Management Service DDK resources, including Keys.

__init__()

Methods

__init__()

key(scope, id, environment_id[, alias, ...])

Create and configure KMS key.

static key(scope: constructs.Construct, id: str, environment_id: str, alias: Optional[str] = None, enable_key_rotation: Optional[bool] = None, pending_window: Optional[aws_cdk.Duration] = None, removal_policy: Optional[aws_cdk.RemovalPolicy] = None, **key_props: Any) aws_cdk.aws_kms.IKey

Create and configure KMS key.

This construct allows to configure parameters of the key using ddk.json configuration file depending on the environment_id in which the key is used. Supported parameters are: enable_key_rotation,`pending_window`, and removal_policy.

The parameters are respected in the following order: 1 - Explicit arguments are always preferred 2 - Values from configuration file 3 - Defaults are used otherwise

Parameters
  • scope (Construct) – Scope within which this construct is defined

  • id (str) – Identifier of the key

  • environment_id (str) – Identifier of the environment

  • alias (Optional[str]) – Key alias

  • enable_key_rotation (Optional[bool]) – Indicates whether AWS KMS rotates the key. True by default.

  • pending_window (Optional[Duration]) – Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack. aws_cdk.Duration.days(30) by default.

  • removal_policy (Optional[RemovalPolicy]) – Whether the encryption key should be retained when it is removed from the Stack. aws_cdk.RemovalPolicy.RETAIN by default.

  • key_props (Any) – Additional key properties. For complete list of properties refer to CDK Documentation - KMS Key: https://docs.aws.amazon.com/cdk/api/v2/python/aws_cdk.aws_kms/Key.html

Returns

key – KMS key

Return type

aws_cdk.aws_kms.Key