Package software.amazon.awscdk.cfnpropertymixins.services.kms

Class CfnKeyPropsMixin

java.lang.Object
software.amazon.jsii.JsiiObject
software.amazon.awscdk.Mixin
software.amazon.awscdk.cfnpropertymixins.services.kms.CfnKeyPropsMixin
All Implemented Interfaces:
software.amazon.jsii.JsiiSerializable, software.constructs.IMixin
@Generated(value="jsii-pacmak/1.127.0 (build 2117ad5)", date="2026-03-11T13:20:00.835Z") @Stability(Stable) public class CfnKeyPropsMixin extends Mixin implements software.constructs.IMixin
The AWS::KMS::Key resource specifies an KMS key in AWS Key Management Service . You can use this resource to create symmetric encryption KMS keys, asymmetric KMS keys for encryption or signing, and symmetric HMAC KMS keys. You can use AWS::KMS::Key to create multi-Region primary keys of all supported types. To replicate a multi-Region key, use the AWS::KMS::ReplicaKey resource.

If you change the value of the KeySpec , KeyUsage , Origin , or MultiRegion properties of an existing KMS key, the update request fails, regardless of the value of the UpdateReplacePolicy attribute . This prevents you from accidentally deleting a KMS key by changing any of its immutable property values. > AWS replaced the term customer master key (CMK) with AWS KMS key and KMS key . The concept has not changed. To prevent breaking changes, AWS is keeping some variations of this term.

You can use symmetric encryption KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use a symmetric encryption KMS key to encrypt data stored in AWS services that are integrated with AWS . For more information, see Symmetric encryption KMS keys in the AWS Key Management Service Developer Guide .

You can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric KeySpec value and a KeyUsage value. For details, see Asymmetric keys in AWS in the AWS Key Management Service Developer Guide .

You can use HMAC KMS keys (which are also symmetric keys) to generate and verify hash-based message authentication codes. To create an HMAC key, you must specify an HMAC KeySpec value and a KeyUsage value of GENERATE_VERIFY_MAC . For details, see HMAC keys in AWS in the AWS Key Management Service Developer Guide .

You can also create symmetric encryption, asymmetric, and HMAC multi-Region primary keys. To create a multi-Region primary key, set the MultiRegion property to true . For information about multi-Region keys, see Multi-Region keys in AWS in the AWS Key Management Service Developer Guide .

You cannot use the AWS::KMS::Key resource to specify a KMS key with imported key material or a KMS key in a custom key store .

Regions

AWS CloudFormation resources are available in all Regions in which AWS and CloudFormation are supported. You can use the AWS::KMS::Key resource to create and manage all KMS key types that are supported in a Region.

Example: 

 // The code below shows an example of how to instantiate this type.
 // The values are placeholders you should change.
 import software.amazon.awscdk.cfnpropertymixins.services.kms.*;
 import software.amazon.awscdk.*;
 Object keyPolicy;
 IMergeStrategy mergeStrategy;
 CfnKeyPropsMixin cfnKeyPropsMixin = CfnKeyPropsMixin.Builder.create(CfnKeyMixinProps.builder()
         .bypassPolicyLockoutSafetyCheck(false)
         .description("description")
         .enabled(false)
         .enableKeyRotation(false)
         .keyPolicy(keyPolicy)
         .keySpec("keySpec")
         .keyUsage("keyUsage")
         .multiRegion(false)
         .origin("origin")
         .pendingWindowInDays(123)
         .rotationPeriodInDays(123)
         .tags(List.of(CfnTag.builder()
                 .key("key")
                 .value("value")
                 .build()))
         .build())
 .strategy(mergeStrategy)
 .build();

See Also:

  • Nested Class Summary

    Nested Classes
    Modifier and Type
    Class
    Description
    static final class 
    CfnKeyPropsMixin.Builder
    A fluent builder for CfnKeyPropsMixin.

    Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

    software.amazon.jsii.JsiiObject.InitializationMode

    Nested classes/interfaces inherited from interface software.constructs.IMixin

    software.constructs.IMixin.Jsii$Default, software.constructs.IMixin.Jsii$Proxy

  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected static final List<String>
    CFN_PROPERTY_KEYS
     

  • Constructor Summary

    Constructors
    Modifier
    Constructor
    Description
     
    CfnKeyPropsMixin(CfnKeyMixinProps props)
    Create a mixin to apply properties to AWS::KMS::Key.
     
    CfnKeyPropsMixin(CfnKeyMixinProps props, CfnPropertyMixinOptions options)
    Create a mixin to apply properties to AWS::KMS::Key.
    protected
    CfnKeyPropsMixin(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
     
    protected
    CfnKeyPropsMixin(software.amazon.jsii.JsiiObjectRef objRef)
     

  • Method Summary

    Modifier and Type
    Method
    Description
    void
    applyTo(software.constructs.IConstruct construct)
    Apply the mixin properties to the construct.
    protected CfnKeyMixinProps
    getProps()
     
    protected IMergeStrategy
    getStrategy()
     
    Boolean
    supports(software.constructs.IConstruct construct)
    Check if this mixin supports the given construct.

    Methods inherited from class software.amazon.awscdk.Mixin

    isMixin

    Methods inherited from class software.amazon.jsii.JsiiObject

    jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

    Methods inherited from interface software.amazon.jsii.JsiiSerializable

    $jsii$toJson

  • Field Details

    • CFN_PROPERTY_KEYS

      @Stability(Stable) protected static final List<String> CFN_PROPERTY_KEYS

  • Constructor Details

    • CfnKeyPropsMixin

      protected CfnKeyPropsMixin(software.amazon.jsii.JsiiObjectRef objRef)

    • CfnKeyPropsMixin

      protected CfnKeyPropsMixin(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

    • CfnKeyPropsMixin

      @Stability(Stable) public CfnKeyPropsMixin(@NotNull CfnKeyMixinProps props, @Nullable CfnPropertyMixinOptions options)
      Create a mixin to apply properties to AWS::KMS::Key.

      Parameters:
      props - L1 properties to apply. This parameter is required.
      options - Mixin options.

    • CfnKeyPropsMixin

      @Stability(Stable) public CfnKeyPropsMixin(@NotNull CfnKeyMixinProps props)
      Create a mixin to apply properties to AWS::KMS::Key.

      Parameters:
      props - L1 properties to apply. This parameter is required.

  • Method Details

    • applyTo

      @Stability(Stable) public void applyTo(@NotNull software.constructs.IConstruct construct)
      Apply the mixin properties to the construct.

      Specified by:
      applyTo in interface software.constructs.IMixin
      Specified by:
      applyTo in class Mixin
      Parameters:
      construct - This parameter is required.

    • supports

      @Stability(Stable) @NotNull public Boolean supports(@NotNull software.constructs.IConstruct construct)
      Check if this mixin supports the given construct.

      Specified by:
      supports in interface software.constructs.IMixin
      Overrides:
      supports in class Mixin
      Parameters:
      construct - This parameter is required.

    • getProps

      @Stability(Stable) @NotNull protected CfnKeyMixinProps getProps()

    • getStrategy

      @Stability(Stable) @NotNull protected IMergeStrategy getStrategy()