CDK Constructs for AWS KMS
Project description
AWS Key Management Service Construct Library
This is a developer preview (public beta) module. Releases might lack important features and might have future breaking changes.
This API is still under active development and subject to non-backward compatible changes or removal in any future version. Use of the API is not recommended in production environments. Experimental APIs are not subject to the Semantic Versioning model.
Defines a KMS key:
new Key(this, 'MyKey', {
enableKeyRotation: true
});
Add a couple of aliases:
const key = new Key(this, 'MyKey');
key.addAlias('alias/foo');
key.addAlias('alias/bar');
Sharing keys between stacks
To use a KMS key in a different stack in the same CDK application, pass the construct to the other stack:
/**
* Stack that defines the key
*/
class KeyStack extends cdk.Stack {
public readonly key: kms.Key;
constructor(scope: cdk.App, id: string, props?: cdk.StackProps) {
super(scope, id, props);
this.key = new kms.Key(this, 'MyKey', { removalPolicy: RemovalPolicy.DESTROY });
}
}
interface UseStackProps extends cdk.StackProps {
key: kms.IKey; // Use IKey here
}
/**
* Stack that uses the key
*/
class UseStack extends cdk.Stack {
constructor(scope: cdk.App, id: string, props: UseStackProps) {
super(scope, id, props);
// Use the IKey object here.
props.key.addAlias('alias/foo');
}
}
const keyStack = new KeyStack(app, 'KeyStack');
new UseStack(app, 'UseStack', { key: keyStack.key });
Importing existing keys
To use a KMS key that is not defined in this CDK app, but is created through other means, use
Key.fromKeyArn(parent, name, ref)
:
import kms = require('@aws-cdk/aws-kms');
const myKeyImported = kms.Key.fromKeyArn(this, 'MyImportedKey', 'arn:aws:...');
// you can do stuff with this imported key.
myKeyImported.addAlias('alias/foo');
Note that a call to .addToPolicy(statement)
on myKeyImported
will not have
an affect on the key's policy because it is not owned by your stack. The call
will be a no-op.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Hashes for aws_cdk.aws_kms-0.36.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a5555076c4b35c24e21f414a73ec21585b7821e51d3ba034ac52ea1ec9345737 |
|
MD5 | 1b56694f1d7fd25d1e14947ef9ae82a9 |
|
BLAKE2b-256 | a4e2db9a5f09c647a92736103966ab15d7f4c2e0b01beab31ea695c428eee383 |