{ "author": { "name": "Amazon Web Services", "organization": true, "roles": [ "author" ], "url": "https://aws.amazon.com" }, "dependencies": { "@aws-cdk/aws-iam": "1.64.0", "@aws-cdk/core": "1.64.0", "constructs": "^3.0.4" }, "dependencyClosure": { "@aws-cdk/aws-iam": { "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.IAM", "packageId": "Amazon.CDK.AWS.IAM", "signAssembly": true }, "java": { "maven": { "artifactId": "iam", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.iam" }, "js": { "npm": "@aws-cdk/aws-iam" }, "python": { "distName": "aws-cdk.aws-iam", "module": "aws_cdk.aws_iam" } } }, "@aws-cdk/cloud-assembly-schema": { "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.CloudAssembly.Schema", "packageId": "Amazon.CDK.CloudAssembly.Schema", "signAssembly": true }, "java": { "maven": { "artifactId": "cdk-cloud-assembly-schema", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.cloudassembly.schema" }, "js": { "npm": "@aws-cdk/cloud-assembly-schema" }, "python": { "distName": "aws-cdk.cloud-assembly-schema", "module": "aws_cdk.cloud_assembly_schema" } } }, "@aws-cdk/core": { "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK", "packageId": "Amazon.CDK", "signAssembly": true }, "java": { "maven": { "artifactId": "core", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.core" }, "js": { "npm": "@aws-cdk/core" }, "python": { "distName": "aws-cdk.core", "module": "aws_cdk.core" } } }, "@aws-cdk/cx-api": { "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.CXAPI", "packageId": "Amazon.CDK.CXAPI", "signAssembly": true }, "java": { "maven": { "artifactId": "cdk-cx-api", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.cxapi" }, "js": { "npm": "@aws-cdk/cx-api" }, "python": { "distName": "aws-cdk.cx-api", "module": "aws_cdk.cx_api" } } }, "@aws-cdk/region-info": { "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.RegionInfo", "packageId": "Amazon.CDK.RegionInfo", "signAssembly": true }, "java": { "maven": { "artifactId": "cdk-region-info", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.regioninfo" }, "js": { "npm": "@aws-cdk/region-info" }, "python": { "distName": "aws-cdk.region-info", "module": "aws_cdk.region_info" } } }, "constructs": { "targets": { "dotnet": { "namespace": "Constructs", "packageId": "Constructs" }, "java": { "maven": { "artifactId": "constructs", "groupId": "software.constructs" }, "package": "software.constructs" }, "js": { "npm": "constructs" }, "python": { "distName": "constructs", "module": "constructs" } } } }, "description": "The CDK Construct Library for AWS::KMS", "docs": { "stability": "stable" }, "homepage": "https://github.com/aws/aws-cdk", "jsiiVersion": "1.12.0 (build 5ddc9f2)", "keywords": [ "aws", "cdk", "constructs", "kms" ], "license": "Apache-2.0", "name": "@aws-cdk/aws-kms", "readme": { "markdown": "## AWS Key Management Service Construct Library\n\n---\n\n![cfn-resources: Stable](https://img.shields.io/badge/cfn--resources-stable-success.svg?style=for-the-badge)\n\n![cdk-constructs: Stable](https://img.shields.io/badge/cdk--constructs-stable-success.svg?style=for-the-badge)\n\n---\n\n\nDefine a KMS key:\n\n```ts\nimport * as kms from '@aws-cdk/aws-kms';\n\nnew kms.Key(this, 'MyKey', {\n enableKeyRotation: true\n});\n```\n\nAdd a couple of aliases:\n\n```ts\nconst key = new kms.Key(this, 'MyKey');\nkey.addAlias('alias/foo');\nkey.addAlias('alias/bar');\n```\n\n### Sharing keys between stacks\n\n> see Trust Account Identities for additional details\n\nTo use a KMS key in a different stack in the same CDK application,\npass the construct to the other stack:\n\n```ts lit=test/integ.key-sharing.lit.ts\n\n/**\n * Stack that defines the key\n */\nclass KeyStack extends cdk.Stack {\n public readonly key: kms.Key;\n\n constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {\n super(scope, id, props);\n this.key = new kms.Key(this, 'MyKey', { removalPolicy: cdk.RemovalPolicy.DESTROY });\n }\n}\n\ninterface UseStackProps extends cdk.StackProps {\n key: kms.IKey; // Use IKey here\n}\n\n/**\n * Stack that uses the key\n */\nclass UseStack extends cdk.Stack {\n constructor(scope: cdk.App, id: string, props: UseStackProps) {\n super(scope, id, props);\n\n // Use the IKey object here.\n new kms.Alias(this, 'Alias', {\n aliasName: 'alias/foo',\n targetKey: props.key,\n });\n }\n}\n\nconst keyStack = new KeyStack(app, 'KeyStack');\nnew UseStack(app, 'UseStack', { key: keyStack.key });\n```\n\n\n### Importing existing keys\n\n> see Trust Account Identities for additional details\n\nTo use a KMS key that is not defined in this CDK app, but is created through other means, use\n`Key.fromKeyArn(parent, name, ref)`:\n\n```ts\nconst myKeyImported = kms.Key.fromKeyArn(this, 'MyImportedKey', 'arn:aws:...');\n\n// you can do stuff with this imported key.\nmyKeyImported.addAlias('alias/foo');\n```\n\nNote that a call to `.addToPolicy(statement)` on `myKeyImported` will not have\nan affect on the key's policy because it is not owned by your stack. The call\nwill be a no-op.\n\nIf a Key has an associated Alias, the Alias can be imported by name and used in place\nof the Key as a reference. A common scenario for this is in referencing AWS managed keys.\n\n```ts\nconst myKeyAlias = kms.Alias.fromAliasName(this, 'myKey', 'alias/aws/s3');\nconst trail = new cloudtrail.Trail(this, 'myCloudTrail', {\n sendToCloudWatchLogs: true,\n kmsKey: myKeyAlias\n});\n```\n\nNote that calls to `addToResourcePolicy` and `grant*` methods on `myKeyAlias` will be\nno-ops, and `addAlias` and `aliasTargetKey` will fail, as the imported alias does not\nhave a reference to the underlying KMS Key.\n\n### Trust Account Identities\n\nKMS keys can be created to trust IAM policies. This is the default behavior in\nthe console and is described\n[here](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html).\nThis same behavior can be enabled by:\n\n```ts\nnew Key(stack, 'MyKey', { trustAccountIdentities: true });\n```\n\nUsing `trustAccountIdentities` solves many issues around cyclic dependencies\nbetween stacks. The most common use case is creating an S3 Bucket with CMK\ndefault encryption which is later accessed by IAM roles in other stacks.\n\nstack-1 (bucket and key created)\n\n```ts\n// ... snip\nconst myKmsKey = new kms.Key(this, 'MyKey', { trustAccountIdentities: true });\n\nconst bucket = new Bucket(this, 'MyEncryptedBucket', {\n bucketName: 'myEncryptedBucket',\n encryption: BucketEncryption.KMS,\n encryptionKey: myKmsKey\n});\n```\n\nstack-2 (lambda that operates on bucket and key)\n\n```ts\n// ... snip\n\nconst fn = new lambda.Function(this, 'MyFunction', {\n runtime: lambda.Runtime.NODEJS_10_X,\n handler: 'index.handler',\n code: lambda.Code.fromAsset(path.join(__dirname, 'lambda-handler')),\n});\n\nconst bucket = s3.Bucket.fromBucketName(this, 'BucketId', 'myEncryptedBucket');\n\nconst key = kms.Key.fromKeyArn(this, 'KeyId', 'arn:aws:...'); // key ARN passed via stack props\n\nbucket.grantReadWrite(fn);\nkey.grantEncryptDecrypt(fn);\n```\n\nThe challenge in this scenario is the KMS key policy behavior. The simple way to understand\nthis, is IAM policies for account entities can only grant the permissions granted to the\naccount root principle in the key policy. When `trustAccountIdentities` is true,\nthe following policy statement is added:\n\n```json\n{\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\"AWS\": \"arn:aws:iam::111122223333:root\"},\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n}\n```\n\nAs the name suggests this trusts IAM policies to control access to the key.\nIf account root does not have permissions to the specific actions, then the key\npolicy and the IAM policy for the entity (e.g. Lambda) both need to grant\npermission.\n\n\n" }, "repository": { "directory": "packages/@aws-cdk/aws-kms", "type": "git", "url": "https://github.com/aws/aws-cdk.git" }, "schema": "jsii/0.10.0", "targets": { "dotnet": { "assemblyOriginatorKeyFile": "../../key.snk", "iconUrl": "https://raw.githubusercontent.com/aws/aws-cdk/master/logo/default-256-dark.png", "namespace": "Amazon.CDK.AWS.KMS", "packageId": "Amazon.CDK.AWS.KMS", "signAssembly": true }, "java": { "maven": { "artifactId": "kms", "groupId": "software.amazon.awscdk" }, "package": "software.amazon.awscdk.services.kms" }, "js": { "npm": "@aws-cdk/aws-kms" }, "python": { "distName": "aws-cdk.aws-kms", "module": "aws_cdk.aws_kms" } }, "types": { "@aws-cdk/aws-kms.Alias": { "assembly": "@aws-cdk/aws-kms", "base": "@aws-cdk/core.Resource", "docs": { "custom": { "resource": "AWS::KMS::Alias" }, "remarks": "Using an alias to refer to a key can help you simplify key\nmanagement. For example, when rotating keys, you can just update the alias\nmapping instead of tracking and changing key IDs. For more information, see\nWorking with Aliases in the AWS Key Management Service Developer Guide.\n\nYou can also add an alias for a key by calling `key.addAlias(alias)`.", "stability": "stable", "summary": "Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS)." }, "fqn": "@aws-cdk/aws-kms.Alias", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/alias.ts", "line": 170 }, "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "type": { "fqn": "@aws-cdk/aws-kms.AliasProps" } } ] }, "interfaces": [ "@aws-cdk/aws-kms.IAlias" ], "kind": "class", "locationInModule": { "filename": "lib/alias.ts", "line": 123 }, "methods": [ { "docs": { "stability": "stable", "summary": "Import an existing KMS Alias defined outside the CDK app." }, "locationInModule": { "filename": "lib/alias.ts", "line": 131 }, "name": "fromAliasAttributes", "parameters": [ { "docs": { "summary": "The parent creating construct (usually `this`)." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "The construct's name." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "the properties of the referenced KMS Alias." }, "name": "attrs", "type": { "fqn": "@aws-cdk/aws-kms.AliasAttributes" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-kms.IAlias" } }, "static": true }, { "docs": { "remarks": "This method should be used\ninstead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available.\nThis Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported.", "stability": "stable", "summary": "Import an existing KMS Alias defined outside the CDK app, by the alias name." }, "locationInModule": { "filename": "lib/alias.ts", "line": 148 }, "name": "fromAliasName", "parameters": [ { "docs": { "summary": "The parent creating construct (usually `this`)." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "The construct's name." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias')." }, "name": "aliasName", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-kms.IAlias" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Defines a new alias for the key." }, "locationInModule": { "filename": "lib/alias.ts", "line": 72 }, "name": "addAlias", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "alias", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-kms.Alias" } } }, { "docs": { "stability": "stable", "summary": "Adds a statement to the KMS key resource policy." }, "locationInModule": { "filename": "lib/alias.ts", "line": 76 }, "name": "addToResourcePolicy", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } }, { "name": "allowNoOp", "optional": true, "type": { "primitive": "boolean" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult" } } }, { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/alias.ts", "line": 209 }, "name": "generatePhysicalName", "overrides": "@aws-cdk/core.Resource", "protected": true, "returns": { "type": { "primitive": "string" } } }, { "docs": { "stability": "stable", "summary": "Grant the indicated permissions on this key to the given principal." }, "locationInModule": { "filename": "lib/alias.ts", "line": 80 }, "name": "grant", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } }, { "name": "actions", "type": { "primitive": "string" }, "variadic": true } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "variadic": true }, { "docs": { "stability": "stable", "summary": "Grant decryption permisisons using this key to the given principal." }, "locationInModule": { "filename": "lib/alias.ts", "line": 84 }, "name": "grantDecrypt", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } }, { "docs": { "stability": "stable", "summary": "Grant encryption permisisons using this key to the given principal." }, "locationInModule": { "filename": "lib/alias.ts", "line": 88 }, "name": "grantEncrypt", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } }, { "docs": { "stability": "stable", "summary": "Grant encryption and decryption permisisons using this key to the given principal." }, "locationInModule": { "filename": "lib/alias.ts", "line": 92 }, "name": "grantEncryptDecrypt", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } } ], "name": "Alias", "properties": [ { "docs": { "stability": "stable", "summary": "The name of the alias." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 167 }, "name": "aliasName", "overrides": "@aws-cdk/aws-kms.IAlias", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The Key to which the Alias refers." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 168 }, "name": "aliasTargetKey", "overrides": "@aws-cdk/aws-kms.IAlias", "type": { "fqn": "@aws-cdk/aws-kms.IKey" } }, { "docs": { "stability": "stable", "summary": "The ARN of the key." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 60 }, "name": "keyArn", "overrides": "@aws-cdk/aws-kms.IKey", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab)." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 68 }, "name": "keyId", "overrides": "@aws-cdk/aws-kms.IKey", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-kms.AliasAttributes": { "assembly": "@aws-cdk/aws-kms", "datatype": true, "docs": { "stability": "stable", "summary": "Properties of a reference to an existing KMS Alias." }, "fqn": "@aws-cdk/aws-kms.AliasAttributes", "kind": "interface", "locationInModule": { "filename": "lib/alias.ts", "line": 100 }, "name": "AliasAttributes", "properties": [ { "abstract": true, "docs": { "remarks": "This value must begin with alias/ followed by a name (i.e. alias/ExampleAlias)", "stability": "stable", "summary": "Specifies the alias name." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 104 }, "name": "aliasName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "stability": "stable", "summary": "The customer master key (CMK) to which the Alias refers." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 109 }, "name": "aliasTargetKey", "type": { "fqn": "@aws-cdk/aws-kms.IKey" } } ] }, "@aws-cdk/aws-kms.AliasProps": { "assembly": "@aws-cdk/aws-kms", "datatype": true, "docs": { "stability": "stable", "summary": "Construction properties for a KMS Key Alias object." }, "fqn": "@aws-cdk/aws-kms.AliasProps", "kind": "interface", "locationInModule": { "filename": "lib/alias.ts", "line": 32 }, "name": "AliasProps", "properties": [ { "abstract": true, "docs": { "remarks": "The name must start with alias followed by a\nforward slash, such as alias/. You can't specify aliases that begin with\nalias/AWS. These aliases are reserved.", "stability": "stable", "summary": "The name of the alias." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 38 }, "name": "aliasName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "remarks": "Specify the key's\nglobally unique identifier or Amazon Resource Name (ARN). You can't\nspecify another alias.", "stability": "stable", "summary": "The ID of the key for which you are creating the alias." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 45 }, "name": "targetKey", "type": { "fqn": "@aws-cdk/aws-kms.IKey" } }, { "abstract": true, "docs": { "default": "- The alias will be deleted", "stability": "stable", "summary": "Policy to apply when the alias is removed from this stack." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 52 }, "name": "removalPolicy", "optional": true, "type": { "fqn": "@aws-cdk/core.RemovalPolicy" } } ] }, "@aws-cdk/aws-kms.CfnAlias": { "assembly": "@aws-cdk/aws-kms", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::KMS::Alias" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-alias.html", "stability": "external", "summary": "A CloudFormation `AWS::KMS::Alias`." }, "fqn": "@aws-cdk/aws-kms.CfnAlias", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::KMS::Alias`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 123 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-kms.CfnAliasProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/kms.generated.ts", "line": 82 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 139 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 150 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnAlias", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 86 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 144 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-alias.html#cfn-kms-alias-aliasname", "stability": "external", "summary": "`AWS::KMS::Alias.AliasName`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 108 }, "name": "aliasName", "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-alias.html#cfn-kms-alias-targetkeyid", "stability": "external", "summary": "`AWS::KMS::Alias.TargetKeyId`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 114 }, "name": "targetKeyId", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-kms.CfnAliasProps": { "assembly": "@aws-cdk/aws-kms", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-alias.html", "stability": "external", "summary": "Properties for defining a `AWS::KMS::Alias`." }, "fqn": "@aws-cdk/aws-kms.CfnAliasProps", "kind": "interface", "locationInModule": { "filename": "lib/kms.generated.ts", "line": 17 }, "name": "CfnAliasProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-alias.html#cfn-kms-alias-aliasname", "stability": "external", "summary": "`AWS::KMS::Alias.AliasName`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 23 }, "name": "aliasName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-alias.html#cfn-kms-alias-targetkeyid", "stability": "external", "summary": "`AWS::KMS::Alias.TargetKeyId`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 29 }, "name": "targetKeyId", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-kms.CfnKey": { "assembly": "@aws-cdk/aws-kms", "base": "@aws-cdk/core.CfnResource", "docs": { "custom": { "cloudformationResource": "AWS::KMS::Key" }, "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html", "stability": "external", "summary": "A CloudFormation `AWS::KMS::Key`." }, "fqn": "@aws-cdk/aws-kms.CfnKey", "initializer": { "docs": { "stability": "external", "summary": "Create a new `AWS::KMS::Key`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 351 }, "parameters": [ { "docs": { "summary": "- scope in which this resource is defined." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "- scoped id of the resource." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "- resource properties." }, "name": "props", "type": { "fqn": "@aws-cdk/aws-kms.CfnKeyProps" } } ] }, "interfaces": [ "@aws-cdk/core.IInspectable" ], "kind": "class", "locationInModule": { "filename": "lib/kms.generated.ts", "line": 270 }, "methods": [ { "docs": { "stability": "experimental", "summary": "Examines the CloudFormation resource and discloses attributes." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 373 }, "name": "inspect", "overrides": "@aws-cdk/core.IInspectable", "parameters": [ { "docs": { "summary": "- tree inspector to collect and process attributes." }, "name": "inspector", "type": { "fqn": "@aws-cdk/core.TreeInspector" } } ] }, { "docs": { "stability": "external" }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 389 }, "name": "renderProperties", "overrides": "@aws-cdk/core.CfnResource", "parameters": [ { "name": "props", "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } ], "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } } } ], "name": "CfnKey", "properties": [ { "const": true, "docs": { "stability": "external", "summary": "The CloudFormation resource type name for this resource class." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 274 }, "name": "CFN_RESOURCE_TYPE_NAME", "static": true, "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "Arn" }, "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 295 }, "name": "attrArn", "type": { "primitive": "string" } }, { "docs": { "custom": { "cloudformationAttribute": "KeyId" }, "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 300 }, "name": "attrKeyId", "type": { "primitive": "string" } }, { "docs": { "stability": "external" }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 378 }, "name": "cfnProperties", "overrides": "@aws-cdk/core.CfnResource", "protected": true, "type": { "collection": { "elementtype": { "primitive": "any" }, "kind": "map" } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-tags", "stability": "external", "summary": "`AWS::KMS::Key.Tags`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 342 }, "name": "tags", "type": { "fqn": "@aws-cdk/core.TagManager" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-keypolicy", "stability": "external", "summary": "`AWS::KMS::Key.KeyPolicy`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 306 }, "name": "keyPolicy", "type": { "primitive": "any" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-description", "stability": "external", "summary": "`AWS::KMS::Key.Description`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 312 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-enabled", "stability": "external", "summary": "`AWS::KMS::Key.Enabled`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 318 }, "name": "enabled", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-enablekeyrotation", "stability": "external", "summary": "`AWS::KMS::Key.EnableKeyRotation`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 324 }, "name": "enableKeyRotation", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-keyusage", "stability": "external", "summary": "`AWS::KMS::Key.KeyUsage`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 330 }, "name": "keyUsage", "optional": true, "type": { "primitive": "string" } }, { "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-pendingwindowindays", "stability": "external", "summary": "`AWS::KMS::Key.PendingWindowInDays`." }, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 336 }, "name": "pendingWindowInDays", "optional": true, "type": { "primitive": "number" } } ] }, "@aws-cdk/aws-kms.CfnKeyProps": { "assembly": "@aws-cdk/aws-kms", "datatype": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html", "stability": "external", "summary": "Properties for defining a `AWS::KMS::Key`." }, "fqn": "@aws-cdk/aws-kms.CfnKeyProps", "kind": "interface", "locationInModule": { "filename": "lib/kms.generated.ts", "line": 161 }, "name": "CfnKeyProps", "properties": [ { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-keypolicy", "stability": "external", "summary": "`AWS::KMS::Key.KeyPolicy`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 167 }, "name": "keyPolicy", "type": { "primitive": "any" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-description", "stability": "external", "summary": "`AWS::KMS::Key.Description`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 173 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-enabled", "stability": "external", "summary": "`AWS::KMS::Key.Enabled`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 179 }, "name": "enabled", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-enablekeyrotation", "stability": "external", "summary": "`AWS::KMS::Key.EnableKeyRotation`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 185 }, "name": "enableKeyRotation", "optional": true, "type": { "union": { "types": [ { "primitive": "boolean" }, { "fqn": "@aws-cdk/core.IResolvable" } ] } } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-keyusage", "stability": "external", "summary": "`AWS::KMS::Key.KeyUsage`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 191 }, "name": "keyUsage", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-pendingwindowindays", "stability": "external", "summary": "`AWS::KMS::Key.PendingWindowInDays`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 197 }, "name": "pendingWindowInDays", "optional": true, "type": { "primitive": "number" } }, { "abstract": true, "docs": { "see": "http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html#cfn-kms-key-tags", "stability": "external", "summary": "`AWS::KMS::Key.Tags`." }, "immutable": true, "locationInModule": { "filename": "lib/kms.generated.ts", "line": 203 }, "name": "tags", "optional": true, "type": { "collection": { "elementtype": { "fqn": "@aws-cdk/core.CfnTag" }, "kind": "array" } } } ] }, "@aws-cdk/aws-kms.IAlias": { "assembly": "@aws-cdk/aws-kms", "docs": { "remarks": "An alias can be used in all places that expect a key.", "stability": "stable", "summary": "A KMS Key alias." }, "fqn": "@aws-cdk/aws-kms.IAlias", "interfaces": [ "@aws-cdk/aws-kms.IKey" ], "kind": "interface", "locationInModule": { "filename": "lib/alias.ts", "line": 13 }, "name": "IAlias", "properties": [ { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The name of the alias." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 19 }, "name": "aliasName", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The Key to which the Alias refers." }, "immutable": true, "locationInModule": { "filename": "lib/alias.ts", "line": 26 }, "name": "aliasTargetKey", "type": { "fqn": "@aws-cdk/aws-kms.IKey" } } ] }, "@aws-cdk/aws-kms.IKey": { "assembly": "@aws-cdk/aws-kms", "docs": { "stability": "stable", "summary": "A KMS Key, either managed by this CDK app, or imported." }, "fqn": "@aws-cdk/aws-kms.IKey", "interfaces": [ "@aws-cdk/core.IResource" ], "kind": "interface", "locationInModule": { "filename": "lib/key.ts", "line": 9 }, "methods": [ { "abstract": true, "docs": { "stability": "stable", "summary": "Defines a new alias for the key." }, "locationInModule": { "filename": "lib/key.ts", "line": 28 }, "name": "addAlias", "parameters": [ { "name": "alias", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-kms.Alias" } } }, { "abstract": true, "docs": { "stability": "stable", "summary": "Adds a statement to the KMS key resource policy." }, "locationInModule": { "filename": "lib/key.ts", "line": 37 }, "name": "addToResourcePolicy", "parameters": [ { "docs": { "summary": "The policy statement to add." }, "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } }, { "docs": { "summary": "If this is set to `false` and there is no policy defined (i.e. external key), the operation will fail. Otherwise, it will no-op." }, "name": "allowNoOp", "optional": true, "type": { "primitive": "boolean" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult" } } }, { "abstract": true, "docs": { "stability": "stable", "summary": "Grant the indicated permissions on this key to the given principal." }, "locationInModule": { "filename": "lib/key.ts", "line": 42 }, "name": "grant", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } }, { "name": "actions", "type": { "primitive": "string" }, "variadic": true } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "variadic": true }, { "abstract": true, "docs": { "stability": "stable", "summary": "Grant decryption permisisons using this key to the given principal." }, "locationInModule": { "filename": "lib/key.ts", "line": 47 }, "name": "grantDecrypt", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } }, { "abstract": true, "docs": { "stability": "stable", "summary": "Grant encryption permisisons using this key to the given principal." }, "locationInModule": { "filename": "lib/key.ts", "line": 52 }, "name": "grantEncrypt", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } }, { "abstract": true, "docs": { "stability": "stable", "summary": "Grant encryption and decryption permisisons using this key to the given principal." }, "locationInModule": { "filename": "lib/key.ts", "line": 57 }, "name": "grantEncryptDecrypt", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } } ], "name": "IKey", "properties": [ { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The ARN of the key." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 15 }, "name": "keyArn", "type": { "primitive": "string" } }, { "abstract": true, "docs": { "custom": { "attribute": "true" }, "stability": "stable", "summary": "The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab)." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 23 }, "name": "keyId", "type": { "primitive": "string" } } ] }, "@aws-cdk/aws-kms.Key": { "assembly": "@aws-cdk/aws-kms", "base": "@aws-cdk/core.Resource", "docs": { "custom": { "resource": "AWS::KMS::Key" }, "stability": "stable", "summary": "Defines a KMS key." }, "fqn": "@aws-cdk/aws-kms.Key", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/key.ts", "line": 364 }, "parameters": [ { "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "name": "id", "type": { "primitive": "string" } }, { "name": "props", "optional": true, "type": { "fqn": "@aws-cdk/aws-kms.KeyProps" } } ] }, "interfaces": [ "@aws-cdk/aws-kms.IKey" ], "kind": "class", "locationInModule": { "filename": "lib/key.ts", "line": 326 }, "methods": [ { "docs": { "stability": "stable", "summary": "Import an externally defined KMS Key using its ARN." }, "locationInModule": { "filename": "lib/key.ts", "line": 334 }, "name": "fromKeyArn", "parameters": [ { "docs": { "summary": "the construct that will \"own\" the imported key." }, "name": "scope", "type": { "fqn": "@aws-cdk/core.Construct" } }, { "docs": { "summary": "the id of the imported key in the construct tree." }, "name": "id", "type": { "primitive": "string" } }, { "docs": { "summary": "the ARN of an existing KMS key." }, "name": "keyArn", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-kms.IKey" } }, "static": true }, { "docs": { "stability": "stable", "summary": "Defines a new alias for the key." }, "locationInModule": { "filename": "lib/key.ts", "line": 94 }, "name": "addAlias", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "aliasName", "type": { "primitive": "string" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-kms.Alias" } } }, { "docs": { "stability": "stable", "summary": "Adds a statement to the KMS key resource policy." }, "locationInModule": { "filename": "lib/key.ts", "line": 110 }, "name": "addToResourcePolicy", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "docs": { "summary": "The policy statement to add." }, "name": "statement", "type": { "fqn": "@aws-cdk/aws-iam.PolicyStatement" } }, { "docs": { "summary": "If this is set to `false` and there is no policy defined (i.e. external key), the operation will fail. Otherwise, it will no-op." }, "name": "allowNoOp", "optional": true, "type": { "primitive": "boolean" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.AddToResourcePolicyResult" } } }, { "docs": { "remarks": "This modifies both the principal's policy as well as the resource policy,\nsince the default CloudFormation setup for KMS keys is that the policy\nmust not be empty and so default grants won't work.", "stability": "stable", "summary": "Grant the indicated permissions on this key to the given principal." }, "locationInModule": { "filename": "lib/key.ts", "line": 135 }, "name": "grant", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } }, { "name": "actions", "type": { "primitive": "string" }, "variadic": true } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } }, "variadic": true }, { "docs": { "stability": "stable", "summary": "Grant decryption permisisons using this key to the given principal." }, "locationInModule": { "filename": "lib/key.ts", "line": 172 }, "name": "grantDecrypt", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } }, { "docs": { "stability": "stable", "summary": "Grant encryption permisisons using this key to the given principal." }, "locationInModule": { "filename": "lib/key.ts", "line": 181 }, "name": "grantEncrypt", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } }, { "docs": { "stability": "stable", "summary": "Grant encryption and decryption permisisons using this key to the given principal." }, "locationInModule": { "filename": "lib/key.ts", "line": 192 }, "name": "grantEncryptDecrypt", "overrides": "@aws-cdk/aws-kms.IKey", "parameters": [ { "name": "grantee", "type": { "fqn": "@aws-cdk/aws-iam.IGrantable" } } ], "returns": { "type": { "fqn": "@aws-cdk/aws-iam.Grant" } } }, { "docs": { "remarks": "This method can be implemented by derived constructs in order to perform\nvalidation logic. It is called on all constructs before synthesis.", "stability": "stable", "summary": "Validate the current construct." }, "locationInModule": { "filename": "lib/key.ts", "line": 122 }, "name": "validate", "overrides": "@aws-cdk/core.Construct", "protected": true, "returns": { "type": { "collection": { "elementtype": { "primitive": "string" }, "kind": "array" } } } } ], "name": "Key", "properties": [ { "docs": { "stability": "stable", "summary": "The ARN of the key." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 359 }, "name": "keyArn", "overrides": "@aws-cdk/aws-kms.IKey", "type": { "primitive": "string" } }, { "docs": { "stability": "stable", "summary": "The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab)." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 360 }, "name": "keyId", "overrides": "@aws-cdk/aws-kms.IKey", "type": { "primitive": "string" } }, { "docs": { "remarks": "If specified grants will default identity policies instead of to both\nresource and identity policies.", "stability": "stable", "summary": "Optional property to control trusting account identities." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 362 }, "name": "trustAccountIdentities", "protected": true, "type": { "primitive": "boolean" } }, { "docs": { "remarks": "If specified, addToResourcePolicy can be used to edit this policy.\nOtherwise this method will no-op.", "stability": "stable", "summary": "Optional policy document that represents the resource policy of this key." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 361 }, "name": "policy", "optional": true, "protected": true, "type": { "fqn": "@aws-cdk/aws-iam.PolicyDocument" } } ] }, "@aws-cdk/aws-kms.KeyProps": { "assembly": "@aws-cdk/aws-kms", "datatype": true, "docs": { "stability": "stable", "summary": "Construction properties for a KMS Key object." }, "fqn": "@aws-cdk/aws-kms.KeyProps", "kind": "interface", "locationInModule": { "filename": "lib/key.ts", "line": 260 }, "name": "KeyProps", "properties": [ { "abstract": true, "docs": { "default": "- No alias is added for the key.", "remarks": "More aliases can be added later by calling `addAlias`.", "stability": "stable", "summary": "Initial alias to add to the key." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 276 }, "name": "alias", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- No description.", "remarks": "Use a description that helps your users decide\nwhether the key is appropriate for a particular task.", "stability": "stable", "summary": "A description of the key." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 267 }, "name": "description", "optional": true, "type": { "primitive": "string" } }, { "abstract": true, "docs": { "default": "- Key is enabled.", "stability": "stable", "summary": "Indicates whether the key is available for use." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 290 }, "name": "enabled", "optional": true, "type": { "primitive": "boolean" } }, { "abstract": true, "docs": { "default": "false", "stability": "stable", "summary": "Indicates whether AWS KMS rotates the key." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 283 }, "name": "enableKeyRotation", "optional": true, "type": { "primitive": "boolean" } }, { "abstract": true, "docs": { "default": "- A policy document with permissions for the account root to\nadminister the key will be created.", "stability": "stable", "summary": "Custom policy document to attach to the KMS key." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 298 }, "name": "policy", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.PolicyDocument" } }, { "abstract": true, "docs": { "default": "RemovalPolicy.Retain", "remarks": "This is useful when one wants to\nretain access to data that was encrypted with a key that is being retired.", "stability": "stable", "summary": "Whether the encryption key should be retained when it is removed from the Stack." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 306 }, "name": "removalPolicy", "optional": true, "type": { "fqn": "@aws-cdk/core.RemovalPolicy" } }, { "abstract": true, "docs": { "default": "false", "remarks": "Setting this to true adds a default statement which delegates key\naccess control completely to the identity's IAM policy (similar\nto how it works for other AWS resources).", "see": "https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam", "stability": "stable", "summary": "Whether the key usage can be granted by IAM policies." }, "immutable": true, "locationInModule": { "filename": "lib/key.ts", "line": 318 }, "name": "trustAccountIdentities", "optional": true, "type": { "primitive": "boolean" } } ] }, "@aws-cdk/aws-kms.ViaServicePrincipal": { "assembly": "@aws-cdk/aws-kms", "base": "@aws-cdk/aws-iam.PrincipalBase", "docs": { "stability": "stable", "summary": "A principal to allow access to a key if it's being used through another AWS service." }, "fqn": "@aws-cdk/aws-kms.ViaServicePrincipal", "initializer": { "docs": { "stability": "stable" }, "locationInModule": { "filename": "lib/via-service-principal.ts", "line": 9 }, "parameters": [ { "name": "serviceName", "type": { "primitive": "string" } }, { "name": "basePrincipal", "optional": true, "type": { "fqn": "@aws-cdk/aws-iam.IPrincipal" } } ] }, "kind": "class", "locationInModule": { "filename": "lib/via-service-principal.ts", "line": 6 }, "name": "ViaServicePrincipal", "properties": [ { "docs": { "stability": "stable", "summary": "Return the policy fragment that identifies this principal in a Policy." }, "immutable": true, "locationInModule": { "filename": "lib/via-service-principal.ts", "line": 14 }, "name": "policyFragment", "overrides": "@aws-cdk/aws-iam.PrincipalBase", "type": { "fqn": "@aws-cdk/aws-iam.PrincipalPolicyFragment" } } ] } }, "version": "1.64.0", "fingerprint": "wB33JspkN4UQh2NliEsYJA3ippyzw49rQvywndAYLec=" }