Package software.amazon.awscdk.services.kms

Class KeyProps.Jsii$Proxy

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.services.kms.KeyProps.Jsii$Proxy
All Implemented Interfaces:
KeyProps, software.amazon.jsii.JsiiSerializable
Enclosing interface:
KeyProps
@Stability(Stable) @Internal public static final class KeyProps.Jsii$Proxy extends software.amazon.jsii.JsiiObject implements KeyProps
An implementation for KeyProps

  • Nested Class Summary

    Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

    software.amazon.jsii.JsiiObject.InitializationMode

    Nested classes/interfaces inherited from interface software.amazon.awscdk.services.kms.KeyProps

    KeyProps.Builder, KeyProps.Jsii$Proxy

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
    protected
    Jsii$Proxy(KeyProps.Builder builder)
    Constructor that initializes the object based on literal property values passed by the KeyProps.Builder.
    protected
    Jsii$Proxy(software.amazon.jsii.JsiiObjectRef objRef)
    Constructor that initializes the object based on values retrieved from the JsiiObject.

  • Method Summary

    Modifier and Type
    Method
    Description
    com.fasterxml.jackson.databind.JsonNode
    $jsii$toJson()
     
    final boolean
    equals(Object o)
     
    final List<IPrincipal>
    getAdmins()
    A list of principals to add as key administrators to the key policy.
    final String
    getAlias()
    Initial alias to add to the key.
    final String
    getDescription()
    A description of the key.
    final Boolean
    getEnabled()
    Indicates whether the key is available for use.
    final Boolean
    getEnableKeyRotation()
    Indicates whether AWS KMS rotates the key.
    final KeySpec
    getKeySpec()
    The cryptographic configuration of the key.
    final KeyUsage
    getKeyUsage()
    The cryptographic operations for which the key can be used.
    final Duration
    getPendingWindow()
    Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.
    final PolicyDocument
    getPolicy()
    Custom policy document to attach to the KMS key.
    final RemovalPolicy
    getRemovalPolicy()
    Whether the encryption key should be retained when it is removed from the Stack.
    final Boolean
    getTrustAccountIdentities()
    (deprecated) Whether the key usage can be granted by IAM policies.
    final int
    hashCode()
     

    Methods inherited from class software.amazon.jsii.JsiiObject

    jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

    Methods inherited from class java.lang.Object

    clone, finalize, getClass, notify, notifyAll, toString, wait, wait, wait

  • Constructor Details

    • Jsii$Proxy

      protected Jsii$Proxy(software.amazon.jsii.JsiiObjectRef objRef)
      Constructor that initializes the object based on values retrieved from the JsiiObject.
      Parameters:
      objRef - Reference to the JSII managed object.

    • Jsii$Proxy

      protected Jsii$Proxy(KeyProps.Builder builder)
      Constructor that initializes the object based on literal property values passed by the KeyProps.Builder.

  • Method Details

    • getAdmins

      public final List<IPrincipal> getAdmins()
      Description copied from interface: KeyProps
      A list of principals to add as key administrators to the key policy.

      Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions to use the key in cryptographic operations (e.g., encrypt, decrypt).

      These principals will be added to the default key policy (if none specified), or to the specified policy (if provided).

      Default: []

      Specified by:
      getAdmins in interface KeyProps

    • getAlias

      public final String getAlias()
      Description copied from interface: KeyProps
      Initial alias to add to the key.

      More aliases can be added later by calling addAlias.

      Default: - No alias is added for the key.

      Specified by:
      getAlias in interface KeyProps

    • getDescription

      public final String getDescription()
      Description copied from interface: KeyProps
      A description of the key.

      Use a description that helps your users decide whether the key is appropriate for a particular task.

      Default: - No description.

      Specified by:
      getDescription in interface KeyProps

    • getEnabled

      public final Boolean getEnabled()
      Description copied from interface: KeyProps
      Indicates whether the key is available for use.

      Default: - Key is enabled.

      Specified by:
      getEnabled in interface KeyProps

    • getEnableKeyRotation

      public final Boolean getEnableKeyRotation()
      Description copied from interface: KeyProps
      Indicates whether AWS KMS rotates the key.

      Default: false

      Specified by:
      getEnableKeyRotation in interface KeyProps

    • getKeySpec

      public final KeySpec getKeySpec()
      Description copied from interface: KeyProps
      The cryptographic configuration of the key. The valid value depends on usage of the key.

      IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion and a new key is created with the specified value.

      Default: KeySpec.SYMMETRIC_DEFAULT

      Specified by:
      getKeySpec in interface KeyProps

    • getKeyUsage

      public final KeyUsage getKeyUsage()
      Description copied from interface: KeyProps
      The cryptographic operations for which the key can be used.

      IMPORTANT: If you change this property of an existing key, the existing key is scheduled for deletion and a new key is created with the specified value.

      Default: KeyUsage.ENCRYPT_DECRYPT

      Specified by:
      getKeyUsage in interface KeyProps

    • getPendingWindow

      public final Duration getPendingWindow()
      Description copied from interface: KeyProps
      Specifies the number of days in the waiting period before AWS KMS deletes a CMK that has been removed from a CloudFormation stack.

      When you remove a customer master key (CMK) from a CloudFormation stack, AWS KMS schedules the CMK for deletion and starts the mandatory waiting period. The PendingWindowInDays property determines the length of waiting period. During the waiting period, the key state of CMK is Pending Deletion, which prevents the CMK from being used in cryptographic operations. When the waiting period expires, AWS KMS permanently deletes the CMK.

      Enter a value between 7 and 30 days.

      Default: - 30 days

      Specified by:
      getPendingWindow in interface KeyProps
      See Also:

    • getPolicy

      public final PolicyDocument getPolicy()
      Description copied from interface: KeyProps
      Custom policy document to attach to the KMS key.

      NOTE - If the @aws-cdk/aws-kms:defaultKeyPolicies feature flag is set (the default for new projects), this policy will override the default key policy and become the only key policy for the key. If the feature flag is not set, this policy will be appended to the default key policy.

      Default: - A policy document with permissions for the account root to administer the key will be created.

      Specified by:
      getPolicy in interface KeyProps

    • getRemovalPolicy

      public final RemovalPolicy getRemovalPolicy()
      Description copied from interface: KeyProps
      Whether the encryption key should be retained when it is removed from the Stack.

      This is useful when one wants to retain access to data that was encrypted with a key that is being retired.

      Default: RemovalPolicy.Retain

      Specified by:
      getRemovalPolicy in interface KeyProps

    • getTrustAccountIdentities

      public final Boolean getTrustAccountIdentities()
      Description copied from interface: KeyProps
      (deprecated) Whether the key usage can be granted by IAM policies.

      Setting this to true adds a default statement which delegates key access control completely to the identity's IAM policy (similar to how it works for other AWS resources). This matches the default behavior when creating KMS keys via the API or console.

      If the @aws-cdk/aws-kms:defaultKeyPolicies feature flag is set (the default for new projects), this flag will always be treated as 'true' and does not need to be explicitly set.

      Default: - false, unless the `@aws-cdk/aws-kms:defaultKeyPolicies` feature flag is set.

      Specified by:
      getTrustAccountIdentities in interface KeyProps
      See Also:

    • $jsii$toJson

      @Internal public com.fasterxml.jackson.databind.JsonNode $jsii$toJson()
      Specified by:
      $jsii$toJson in interface software.amazon.jsii.JsiiSerializable

    • equals

      public final boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public final int hashCode()
      Overrides:
      hashCode in class Object