CfnReplicaKeyPropsMixin
- class aws_cdk.mixins_preview.aws_kms.mixins.CfnReplicaKeyPropsMixin(props, *, strategy=None)
Bases:
MixinThe
AWS::KMS::ReplicaKeyresource specifies a multi-Region replica key that is based on a multi-Region primary key.Multi-Region keys are an AWS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see Multi-Region keys in the AWS Key Management Service Developer Guide .
A multi-Region primary key is a fully functional symmetric encryption KMS key, HMAC KMS key, or asymmetric KMS key that is also the model for replica keys in other AWS Regions . To create a multi-Region primary key, add an AWS::KMS::Key resource to your CloudFormation stack. Set its
MultiRegionproperty to true.A multi-Region replica key is a fully functional KMS key that has the same key ID and key material as a multi-Region primary key, but is located in a different AWS Region of the same AWS partition. There can be multiple replicas of a primary key, but each must be in a different AWS Region .
When you create a replica key in CloudFormation , the replica key is created in the AWS Region represented by the endpoint you use for the request. If you try to replicate a multi-Region key into a Region in which the key type is not supported, the request will fail.
A primary key and its replicas have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. These properties are known as shared properties . If they change, AWS synchronizes the change to all related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and key state. AWS does not synchronize these properties.
Regions
AWS CloudFormation resources are available in all AWS Regions in which AWS and CloudFormation are supported. You can use the
AWS::KMS::ReplicaKeyresource to create replica keys in all Regions that support multi-Region KMS keys. For details, see Multi-Region keys in AWS in the ** .- See:
http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html
- CloudformationResource:
AWS::KMS::ReplicaKey
- Mixin:
true
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk.mixins_preview import mixins from aws_cdk.mixins_preview.aws_kms import mixins as kms_mixins # key_policy: Any cfn_replica_key_props_mixin = kms_mixins.CfnReplicaKeyPropsMixin(kms_mixins.CfnReplicaKeyMixinProps( description="description", enabled=False, key_policy=key_policy, pending_window_in_days=123, primary_key_arn="primaryKeyArn", tags=[CfnTag( key="key", value="value" )] ), strategy=mixins.PropertyMergeStrategy.OVERRIDE )
Create a mixin to apply properties to
AWS::KMS::ReplicaKey.- Parameters:
props (
Union[CfnReplicaKeyMixinProps,Dict[str,Any]]) – L1 properties to apply.strategy (
Optional[PropertyMergeStrategy]) – (experimental) Strategy for merging nested properties. Default: - PropertyMergeStrategy.MERGE
Methods
- apply_to(construct)
Apply the mixin properties to the construct.
- Parameters:
construct (
IConstruct)- Return type:
- supports(construct)
Check if this mixin supports the given construct.
- Parameters:
construct (
IConstruct)- Return type:
bool
Attributes
- CFN_PROPERTY_KEYS = ['description', 'enabled', 'keyPolicy', 'pendingWindowInDays', 'primaryKeyArn', 'tags']
Static Methods
- classmethod is_mixin(x)
(experimental) Checks if
xis a Mixin.- Parameters:
x (
Any) – Any object.- Return type:
bool- Returns:
true if
xis an object created from a class which extendsMixin.- Stability:
experimental