SecurityConfig / KeyManagementServiceConfig / KeyConfig

https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt | AWS KMS Key configuration. Use this configuration to define your customer managed key (CMK) and where it's deployed to along with it's management properties.

Example

- name: ExampleKey
deploymentTargets:
organizationalUnits:
- Root
alias: alias/example/key
policy: path/to/policy.json
description: Example KMS key
enabled: true
enableKeyRotation: true
removalPolicy: retain

Hierarchy

  • KeyConfig

Implements

Constructors

Properties

alias: "" = ''

(OPTIONAL) Initial alias to add to the key

Remarks

Note: If changing this value, a new CMK with the new alias will be created.

deploymentTargets: DeploymentTargets = ...

This configuration determines which accounts and/or OUs the CMK is deployed to.

To deploy KMS key into Root and Infrastructure organizational units, you need to provide below value for this parameter.

Example

- deploymentTargets:
organizationalUnits:
- Root
- Infrastructure
description: "" = ''

(OPTIONAL) A description of the key.

enableKeyRotation: true = true

(OPTIONAL) Indicates whether AWS KMS rotates the key.

Default

true

enabled: true = true

(OPTIONAL) Indicates whether the key is available for use.

Default

  • Key is enabled.
name: "" = ''

Unique Key name for logical reference

policy: "" = ''

(OPTIONAL)Key policy file path. This file must be available in accelerator config repository.

removalPolicy: "retain" = 'retain'

(OPTIONAL) Whether the encryption key should be retained when it is removed from the Stack.

Default

retain

Generated using TypeDoc