Readonly alias(OPTIONAL) Initial alias to add to the key
Note: If changing this value, a new CMK with the new alias will be created.
Readonly deploymentThis configuration determines which accounts and/or OUs the CMK is deployed to.
To deploy KMS key into Root and Infrastructure organizational units, you need to provide below value for this parameter.
- deploymentTargets:
organizationalUnits:
- Root
- Infrastructure
Readonly description(OPTIONAL) A description of the key.
Readonly enable(OPTIONAL) Indicates whether AWS KMS rotates the key.
true
Readonly enabled(OPTIONAL) Indicates whether the key is available for use.
Readonly nameUnique Key name for logical reference
Readonly policy(OPTIONAL)Key policy file path. This file must be available in accelerator config repository.
Readonly removal(OPTIONAL) Whether the encryption key should be retained when it is removed from the Stack.
retain
Generated using TypeDoc
SecurityConfig / KeyManagementServiceConfig / KeyConfig
https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt | AWS KMS Key configuration. Use this configuration to define your customer managed key (CMK) and where it's deployed to along with it's management properties.
Example