CDK Constructs for AWS KMS
Project description
AWS Key Management Service Construct Library
---Define a KMS key:
# Example may have issues. See https://github.com/aws/jsii/issues/826
import aws_cdk.aws_kms as kms
kms.Key(self, "MyKey",
enable_key_rotation=True
)
Add a couple of aliases:
# Example may have issues. See https://github.com/aws/jsii/issues/826
key = kms.Key(self, "MyKey")
key.add_alias("alias/foo")
key.add_alias("alias/bar")
Sharing keys between stacks
To use a KMS key in a different stack in the same CDK application, pass the construct to the other stack:
# Example may have issues. See https://github.com/aws/jsii/issues/826
#
# Stack that defines the key
#
class KeyStack(cdk.Stack):
def __init__(self, scope, id, props=None):
super().__init__(scope, id, props)
self.key = kms.Key(self, "MyKey", removal_policy=RemovalPolicy.DESTROY)
#
# Stack that uses the key
#
class UseStack(cdk.Stack):
def __init__(self, scope, id, *, key):
super().__init__(scope, id, key=key)
# Use the IKey object here.
kms.Alias(self, "Alias",
alias_name="alias/foo",
target_key=key
)
key_stack = KeyStack(app, "KeyStack")
UseStack(app, "UseStack", key=key_stack.key)
Importing existing keys
To use a KMS key that is not defined in this CDK app, but is created through other means, use
Key.fromKeyArn(parent, name, ref)
:
# Example may have issues. See https://github.com/aws/jsii/issues/826
my_key_imported = kms.Key.from_key_arn(self, "MyImportedKey", "arn:aws:...")
# you can do stuff with this imported key.
my_key_imported.add_alias("alias/foo")
Note that a call to .addToPolicy(statement)
on myKeyImported
will not have
an affect on the key's policy because it is not owned by your stack. The call
will be a no-op.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
aws-cdk.aws-kms-1.15.0.tar.gz
(66.4 kB
view hashes)
Built Distribution
Close
Hashes for aws_cdk.aws_kms-1.15.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0ff8cef4b2c095a48bd24aba095c6b96aaaa60ce5d79f4e63011a7ea418bfaa7 |
|
MD5 | 6556c061ebaa6f9ad47199a3c65c2f34 |
|
BLAKE2b-256 | 02f08adc0c4e03b78bb9b7e4e05c39381adfcbb97cc0828633ba7ff9db6632bb |