Readonly
alias(OPTIONAL) Initial alias to add to the key
Note: If changing this value, a new CMK with the new alias will be created.
Readonly
deploymentThis configuration determines which accounts and/or OUs the CMK is deployed to.
To deploy KMS key into Root and Infrastructure organizational units, you need to provide below value for this parameter.
- deploymentTargets:
organizationalUnits:
- Root
- Infrastructure
Readonly
description(OPTIONAL) A description of the key.
Readonly
enable(OPTIONAL) Indicates whether AWS KMS rotates the key.
true
Readonly
enabled(OPTIONAL) Indicates whether the key is available for use.
Readonly
nameUnique Key name for logical reference
Readonly
policy(OPTIONAL)Key policy file path. This file must be available in accelerator config repository.
Readonly
removal(OPTIONAL) Whether the encryption key should be retained when it is removed from the Stack.
retain
Generated using TypeDoc
SecurityConfig / KeyManagementServiceConfig / KeyConfig
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt | AWS KMS Key configuration. Use this configuration to define your customer managed key (CMK) and where it's deployed to along with it's management properties.
Example