UNPKG

168 kBJavaScriptView Raw
1"use strict";
2var _a, _b, _c;
3Object.defineProperty(exports, "__esModule", { value: true });
4exports.CfnReplicaKey = exports.CfnKey = exports.CfnAlias = void 0;
5const jsiiDeprecationWarnings = require("../.warnings.jsii.js");
6const JSII_RTTI_SYMBOL_1 = Symbol.for("jsii.rtti");
7// Copyright 2012-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved.
8// Generated from the AWS CloudFormation Resource Specification
9// See: docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/cfn-resource-specification.html
10// @cfn2ts:meta@ {"generated":"2023-06-19T15:13:32.851Z","fingerprint":"hWXxhN/XEOzY/6btujI1Lggpw4pOOMBC2jvUeehi+so="}
11/* eslint-disable max-len */ // This is generated code - line lengths are difficult to control
12const cdk = require("@aws-cdk/core");
13const cfn_parse = require("@aws-cdk/core/lib/helpers-internal");
14/**
15 * Determine whether the given properties match those of a `CfnAliasProps`
16 *
17 * @param properties - the TypeScript properties of a `CfnAliasProps`
18 *
19 * @returns the result of the validation.
20 */
21function CfnAliasPropsValidator(properties) {
22 if (!cdk.canInspect(properties)) {
23 return cdk.VALIDATION_SUCCESS;
24 }
25 const errors = new cdk.ValidationResults();
26 if (typeof properties !== 'object') {
27 errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
28 }
29 errors.collect(cdk.propertyValidator('aliasName', cdk.requiredValidator)(properties.aliasName));
30 errors.collect(cdk.propertyValidator('aliasName', cdk.validateString)(properties.aliasName));
31 errors.collect(cdk.propertyValidator('targetKeyId', cdk.requiredValidator)(properties.targetKeyId));
32 errors.collect(cdk.propertyValidator('targetKeyId', cdk.validateString)(properties.targetKeyId));
33 return errors.wrap('supplied properties not correct for "CfnAliasProps"');
34}
35/**
36 * Renders the AWS CloudFormation properties of an `AWS::KMS::Alias` resource
37 *
38 * @param properties - the TypeScript properties of a `CfnAliasProps`
39 *
40 * @returns the AWS CloudFormation properties of an `AWS::KMS::Alias` resource.
41 */
42// @ts-ignore TS6133
43function cfnAliasPropsToCloudFormation(properties) {
44 if (!cdk.canInspect(properties)) {
45 return properties;
46 }
47 CfnAliasPropsValidator(properties).assertSuccess();
48 return {
49 AliasName: cdk.stringToCloudFormation(properties.aliasName),
50 TargetKeyId: cdk.stringToCloudFormation(properties.targetKeyId),
51 };
52}
53// @ts-ignore TS6133
54function CfnAliasPropsFromCloudFormation(properties) {
55 properties = properties == null ? {} : properties;
56 if (typeof properties !== 'object') {
57 return new cfn_parse.FromCloudFormationResult(properties);
58 }
59 const ret = new cfn_parse.FromCloudFormationPropertyObject();
60 ret.addPropertyResult('aliasName', 'AliasName', cfn_parse.FromCloudFormation.getString(properties.AliasName));
61 ret.addPropertyResult('targetKeyId', 'TargetKeyId', cfn_parse.FromCloudFormation.getString(properties.TargetKeyId));
62 ret.addUnrecognizedPropertiesAsExtra(properties);
63 return ret;
64}
65/**
66 * A CloudFormation `AWS::KMS::Alias`
67 *
68 * The `AWS::KMS::Alias` resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) . You can use an alias to identify a KMS key in the AWS KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) , such as [Decrypt](https://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html) and [GenerateDataKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html) .
69 *
70 * > Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see [ABAC for AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the *AWS Key Management Service Developer Guide* .
71 *
72 * Using an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys in different AWS Regions . For more information, see [Using aliases](https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) in the *AWS Key Management Service Developer Guide* .
73 *
74 * When specifying an alias, observe the following rules.
75 *
76 * - Each alias is associated with one KMS key, but multiple aliases can be associated with the same KMS key.
77 * - The alias and its associated KMS key must be in the same AWS account and Region.
78 * - The alias name must be unique in the AWS account and Region. However, you can create aliases with the same name in different AWS Regions . For example, you can have an `alias/projectKey` in multiple Regions, each of which is associated with a KMS key in its Region.
79 * - Each alias name must begin with `alias/` followed by a name, such as `alias/exampleKey` . The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with `alias/aws/` . That alias name prefix is reserved for [AWS managed keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk) .
80 *
81 * *Regions*
82 *
83 * AWS KMS CloudFormation resources are available in all AWS Regions in which AWS KMS and AWS CloudFormation are supported.
84 *
85 * @cloudformationResource AWS::KMS::Alias
86 * @stability external
87 *
88 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-alias.html
89 */
90class CfnAlias extends cdk.CfnResource {
91 /**
92 * Create a new `AWS::KMS::Alias`.
93 *
94 * @param scope - scope in which this resource is defined
95 * @param id - scoped id of the resource
96 * @param props - resource properties
97 */
98 constructor(scope, id, props) {
99 super(scope, id, { type: CfnAlias.CFN_RESOURCE_TYPE_NAME, properties: props });
100 try {
101 jsiiDeprecationWarnings._aws_cdk_aws_kms_CfnAliasProps(props);
102 }
103 catch (error) {
104 if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
105 Error.captureStackTrace(error, CfnAlias);
106 }
107 throw error;
108 }
109 cdk.requireProperty(props, 'aliasName', this);
110 cdk.requireProperty(props, 'targetKeyId', this);
111 this.aliasName = props.aliasName;
112 this.targetKeyId = props.targetKeyId;
113 }
114 /**
115 * A factory method that creates a new instance of this class from an object
116 * containing the CloudFormation properties of this resource.
117 * Used in the @aws-cdk/cloudformation-include module.
118 *
119 * @internal
120 */
121 static _fromCloudFormation(scope, id, resourceAttributes, options) {
122 resourceAttributes = resourceAttributes || {};
123 const resourceProperties = options.parser.parseValue(resourceAttributes.Properties);
124 const propsResult = CfnAliasPropsFromCloudFormation(resourceProperties);
125 const ret = new CfnAlias(scope, id, propsResult.value);
126 for (const [propKey, propVal] of Object.entries(propsResult.extraProperties)) {
127 ret.addPropertyOverride(propKey, propVal);
128 }
129 options.parser.handleAttributes(ret, resourceAttributes, id);
130 return ret;
131 }
132 /**
133 * Examines the CloudFormation resource and discloses attributes.
134 *
135 * @param inspector - tree inspector to collect and process attributes
136 *
137 */
138 inspect(inspector) {
139 inspector.addAttribute("aws:cdk:cloudformation:type", CfnAlias.CFN_RESOURCE_TYPE_NAME);
140 inspector.addAttribute("aws:cdk:cloudformation:props", this.cfnProperties);
141 }
142 get cfnProperties() {
143 return {
144 aliasName: this.aliasName,
145 targetKeyId: this.targetKeyId,
146 };
147 }
148 renderProperties(props) {
149 return cfnAliasPropsToCloudFormation(props);
150 }
151}
152exports.CfnAlias = CfnAlias;
153_a = JSII_RTTI_SYMBOL_1;
154CfnAlias[_a] = { fqn: "@aws-cdk/aws-kms.CfnAlias", version: "1.204.0" };
155/**
156 * The CloudFormation resource type name for this resource class.
157 */
158CfnAlias.CFN_RESOURCE_TYPE_NAME = "AWS::KMS::Alias";
159/**
160 * Determine whether the given properties match those of a `CfnKeyProps`
161 *
162 * @param properties - the TypeScript properties of a `CfnKeyProps`
163 *
164 * @returns the result of the validation.
165 */
166function CfnKeyPropsValidator(properties) {
167 if (!cdk.canInspect(properties)) {
168 return cdk.VALIDATION_SUCCESS;
169 }
170 const errors = new cdk.ValidationResults();
171 if (typeof properties !== 'object') {
172 errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
173 }
174 errors.collect(cdk.propertyValidator('description', cdk.validateString)(properties.description));
175 errors.collect(cdk.propertyValidator('enableKeyRotation', cdk.validateBoolean)(properties.enableKeyRotation));
176 errors.collect(cdk.propertyValidator('enabled', cdk.validateBoolean)(properties.enabled));
177 errors.collect(cdk.propertyValidator('keyPolicy', cdk.requiredValidator)(properties.keyPolicy));
178 errors.collect(cdk.propertyValidator('keyPolicy', cdk.validateObject)(properties.keyPolicy));
179 errors.collect(cdk.propertyValidator('keySpec', cdk.validateString)(properties.keySpec));
180 errors.collect(cdk.propertyValidator('keyUsage', cdk.validateString)(properties.keyUsage));
181 errors.collect(cdk.propertyValidator('multiRegion', cdk.validateBoolean)(properties.multiRegion));
182 errors.collect(cdk.propertyValidator('pendingWindowInDays', cdk.validateNumber)(properties.pendingWindowInDays));
183 errors.collect(cdk.propertyValidator('tags', cdk.listValidator(cdk.validateCfnTag))(properties.tags));
184 return errors.wrap('supplied properties not correct for "CfnKeyProps"');
185}
186/**
187 * Renders the AWS CloudFormation properties of an `AWS::KMS::Key` resource
188 *
189 * @param properties - the TypeScript properties of a `CfnKeyProps`
190 *
191 * @returns the AWS CloudFormation properties of an `AWS::KMS::Key` resource.
192 */
193// @ts-ignore TS6133
194function cfnKeyPropsToCloudFormation(properties) {
195 if (!cdk.canInspect(properties)) {
196 return properties;
197 }
198 CfnKeyPropsValidator(properties).assertSuccess();
199 return {
200 KeyPolicy: cdk.objectToCloudFormation(properties.keyPolicy),
201 Description: cdk.stringToCloudFormation(properties.description),
202 Enabled: cdk.booleanToCloudFormation(properties.enabled),
203 EnableKeyRotation: cdk.booleanToCloudFormation(properties.enableKeyRotation),
204 KeySpec: cdk.stringToCloudFormation(properties.keySpec),
205 KeyUsage: cdk.stringToCloudFormation(properties.keyUsage),
206 MultiRegion: cdk.booleanToCloudFormation(properties.multiRegion),
207 PendingWindowInDays: cdk.numberToCloudFormation(properties.pendingWindowInDays),
208 Tags: cdk.listMapper(cdk.cfnTagToCloudFormation)(properties.tags),
209 };
210}
211// @ts-ignore TS6133
212function CfnKeyPropsFromCloudFormation(properties) {
213 properties = properties == null ? {} : properties;
214 if (typeof properties !== 'object') {
215 return new cfn_parse.FromCloudFormationResult(properties);
216 }
217 const ret = new cfn_parse.FromCloudFormationPropertyObject();
218 ret.addPropertyResult('keyPolicy', 'KeyPolicy', cfn_parse.FromCloudFormation.getAny(properties.KeyPolicy));
219 ret.addPropertyResult('description', 'Description', properties.Description != null ? cfn_parse.FromCloudFormation.getString(properties.Description) : undefined);
220 ret.addPropertyResult('enabled', 'Enabled', properties.Enabled != null ? cfn_parse.FromCloudFormation.getBoolean(properties.Enabled) : undefined);
221 ret.addPropertyResult('enableKeyRotation', 'EnableKeyRotation', properties.EnableKeyRotation != null ? cfn_parse.FromCloudFormation.getBoolean(properties.EnableKeyRotation) : undefined);
222 ret.addPropertyResult('keySpec', 'KeySpec', properties.KeySpec != null ? cfn_parse.FromCloudFormation.getString(properties.KeySpec) : undefined);
223 ret.addPropertyResult('keyUsage', 'KeyUsage', properties.KeyUsage != null ? cfn_parse.FromCloudFormation.getString(properties.KeyUsage) : undefined);
224 ret.addPropertyResult('multiRegion', 'MultiRegion', properties.MultiRegion != null ? cfn_parse.FromCloudFormation.getBoolean(properties.MultiRegion) : undefined);
225 ret.addPropertyResult('pendingWindowInDays', 'PendingWindowInDays', properties.PendingWindowInDays != null ? cfn_parse.FromCloudFormation.getNumber(properties.PendingWindowInDays) : undefined);
226 ret.addPropertyResult('tags', 'Tags', properties.Tags != null ? cfn_parse.FromCloudFormation.getArray(cfn_parse.FromCloudFormation.getCfnTag)(properties.Tags) : undefined);
227 ret.addUnrecognizedPropertiesAsExtra(properties);
228 return ret;
229}
230/**
231 * A CloudFormation `AWS::KMS::Key`
232 *
233 * The `AWS::KMS::Key` resource specifies an [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in AWS Key Management Service . You can use this resource to create symmetric encryption KMS keys, asymmetric KMS keys for encryption or signing, and symmetric HMAC KMS keys. You can use `AWS::KMS::Key` to create [multi-Region primary keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-primary-key) of all supported types. To replicate a multi-Region key, use the `AWS::KMS::ReplicaKey` resource.
234 *
235 * > If you change the value of the `KeySpec` , `KeyUsage` , or `MultiRegion` properties of an existing KMS key, the update request fails, regardless of the value of the [`UpdateReplacePolicy` attribute](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-attribute-updatereplacepolicy.html) . This prevents you from accidentally deleting a KMS key by changing any of its immutable property values. > AWS KMS replaced the term *customer master key (CMK)* with *AWS KMS key* and *KMS key* . The concept has not changed. To prevent breaking changes, AWS KMS is keeping some variations of this term.
236 *
237 * You can use symmetric encryption KMS keys to encrypt and decrypt small amounts of data, but they are more commonly used to generate data keys and data key pairs. You can also use a symmetric encryption KMS key to encrypt data stored in AWS services that are [integrated with AWS KMS](https://docs.aws.amazon.com//kms/features/#AWS_Service_Integration) . For more information, see [Symmetric encryption KMS keys](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks) in the *AWS Key Management Service Developer Guide* .
238 *
239 * You can use asymmetric KMS keys to encrypt and decrypt data or sign messages and verify signatures. To create an asymmetric key, you must specify an asymmetric `KeySpec` value and a `KeyUsage` value. For details, see [Asymmetric keys in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html) in the *AWS Key Management Service Developer Guide* .
240 *
241 * You can use HMAC KMS keys (which are also symmetric keys) to generate and verify hash-based message authentication codes. To create an HMAC key, you must specify an HMAC `KeySpec` value and a `KeyUsage` value of `GENERATE_VERIFY_MAC` . For details, see [HMAC keys in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html) in the *AWS Key Management Service Developer Guide* .
242 *
243 * You can also create symmetric encryption, asymmetric, and HMAC multi-Region primary keys. To create a multi-Region primary key, set the `MultiRegion` property to `true` . For information about multi-Region keys, see [Multi-Region keys in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .
244 *
245 * You cannot use the `AWS::KMS::Key` resource to specify a KMS key with [imported key material](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) or a KMS key in a [custom key store](https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) .
246 *
247 * *Regions*
248 *
249 * AWS KMS CloudFormation resources are available in all Regions in which AWS KMS and AWS CloudFormation are supported. You can use the `AWS::KMS::Key` resource to create and manage all KMS key types that are supported in a Region.
250 *
251 * @cloudformationResource AWS::KMS::Key
252 * @stability external
253 *
254 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html
255 */
256class CfnKey extends cdk.CfnResource {
257 /**
258 * Create a new `AWS::KMS::Key`.
259 *
260 * @param scope - scope in which this resource is defined
261 * @param id - scoped id of the resource
262 * @param props - resource properties
263 */
264 constructor(scope, id, props) {
265 super(scope, id, { type: CfnKey.CFN_RESOURCE_TYPE_NAME, properties: props });
266 try {
267 jsiiDeprecationWarnings._aws_cdk_aws_kms_CfnKeyProps(props);
268 }
269 catch (error) {
270 if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
271 Error.captureStackTrace(error, CfnKey);
272 }
273 throw error;
274 }
275 cdk.requireProperty(props, 'keyPolicy', this);
276 this.attrArn = cdk.Token.asString(this.getAtt('Arn'));
277 this.attrKeyId = cdk.Token.asString(this.getAtt('KeyId'));
278 this.keyPolicy = props.keyPolicy;
279 this.description = props.description;
280 this.enabled = props.enabled;
281 this.enableKeyRotation = props.enableKeyRotation;
282 this.keySpec = props.keySpec;
283 this.keyUsage = props.keyUsage;
284 this.multiRegion = props.multiRegion;
285 this.pendingWindowInDays = props.pendingWindowInDays;
286 this.tags = new cdk.TagManager(cdk.TagType.STANDARD, "AWS::KMS::Key", props.tags, { tagPropertyName: 'tags' });
287 if (this.node.scope && cdk.Resource.isResource(this.node.scope)) {
288 this.node.addValidation({ validate: () => this.cfnOptions.deletionPolicy === undefined
289 ? ['\'AWS::KMS::Key\' is a stateful resource type, and you must specify a Removal Policy for it. Call \'resource.applyRemovalPolicy()\'.']
290 : [] });
291 }
292 }
293 /**
294 * A factory method that creates a new instance of this class from an object
295 * containing the CloudFormation properties of this resource.
296 * Used in the @aws-cdk/cloudformation-include module.
297 *
298 * @internal
299 */
300 static _fromCloudFormation(scope, id, resourceAttributes, options) {
301 resourceAttributes = resourceAttributes || {};
302 const resourceProperties = options.parser.parseValue(resourceAttributes.Properties);
303 const propsResult = CfnKeyPropsFromCloudFormation(resourceProperties);
304 const ret = new CfnKey(scope, id, propsResult.value);
305 for (const [propKey, propVal] of Object.entries(propsResult.extraProperties)) {
306 ret.addPropertyOverride(propKey, propVal);
307 }
308 options.parser.handleAttributes(ret, resourceAttributes, id);
309 return ret;
310 }
311 /**
312 * Examines the CloudFormation resource and discloses attributes.
313 *
314 * @param inspector - tree inspector to collect and process attributes
315 *
316 */
317 inspect(inspector) {
318 inspector.addAttribute("aws:cdk:cloudformation:type", CfnKey.CFN_RESOURCE_TYPE_NAME);
319 inspector.addAttribute("aws:cdk:cloudformation:props", this.cfnProperties);
320 }
321 get cfnProperties() {
322 return {
323 keyPolicy: this.keyPolicy,
324 description: this.description,
325 enabled: this.enabled,
326 enableKeyRotation: this.enableKeyRotation,
327 keySpec: this.keySpec,
328 keyUsage: this.keyUsage,
329 multiRegion: this.multiRegion,
330 pendingWindowInDays: this.pendingWindowInDays,
331 tags: this.tags.renderTags(),
332 };
333 }
334 renderProperties(props) {
335 return cfnKeyPropsToCloudFormation(props);
336 }
337}
338exports.CfnKey = CfnKey;
339_b = JSII_RTTI_SYMBOL_1;
340CfnKey[_b] = { fqn: "@aws-cdk/aws-kms.CfnKey", version: "1.204.0" };
341/**
342 * The CloudFormation resource type name for this resource class.
343 */
344CfnKey.CFN_RESOURCE_TYPE_NAME = "AWS::KMS::Key";
345/**
346 * Determine whether the given properties match those of a `CfnReplicaKeyProps`
347 *
348 * @param properties - the TypeScript properties of a `CfnReplicaKeyProps`
349 *
350 * @returns the result of the validation.
351 */
352function CfnReplicaKeyPropsValidator(properties) {
353 if (!cdk.canInspect(properties)) {
354 return cdk.VALIDATION_SUCCESS;
355 }
356 const errors = new cdk.ValidationResults();
357 if (typeof properties !== 'object') {
358 errors.collect(new cdk.ValidationResult('Expected an object, but received: ' + JSON.stringify(properties)));
359 }
360 errors.collect(cdk.propertyValidator('description', cdk.validateString)(properties.description));
361 errors.collect(cdk.propertyValidator('enabled', cdk.validateBoolean)(properties.enabled));
362 errors.collect(cdk.propertyValidator('keyPolicy', cdk.requiredValidator)(properties.keyPolicy));
363 errors.collect(cdk.propertyValidator('keyPolicy', cdk.validateObject)(properties.keyPolicy));
364 errors.collect(cdk.propertyValidator('pendingWindowInDays', cdk.validateNumber)(properties.pendingWindowInDays));
365 errors.collect(cdk.propertyValidator('primaryKeyArn', cdk.requiredValidator)(properties.primaryKeyArn));
366 errors.collect(cdk.propertyValidator('primaryKeyArn', cdk.validateString)(properties.primaryKeyArn));
367 errors.collect(cdk.propertyValidator('tags', cdk.listValidator(cdk.validateCfnTag))(properties.tags));
368 return errors.wrap('supplied properties not correct for "CfnReplicaKeyProps"');
369}
370/**
371 * Renders the AWS CloudFormation properties of an `AWS::KMS::ReplicaKey` resource
372 *
373 * @param properties - the TypeScript properties of a `CfnReplicaKeyProps`
374 *
375 * @returns the AWS CloudFormation properties of an `AWS::KMS::ReplicaKey` resource.
376 */
377// @ts-ignore TS6133
378function cfnReplicaKeyPropsToCloudFormation(properties) {
379 if (!cdk.canInspect(properties)) {
380 return properties;
381 }
382 CfnReplicaKeyPropsValidator(properties).assertSuccess();
383 return {
384 KeyPolicy: cdk.objectToCloudFormation(properties.keyPolicy),
385 PrimaryKeyArn: cdk.stringToCloudFormation(properties.primaryKeyArn),
386 Description: cdk.stringToCloudFormation(properties.description),
387 Enabled: cdk.booleanToCloudFormation(properties.enabled),
388 PendingWindowInDays: cdk.numberToCloudFormation(properties.pendingWindowInDays),
389 Tags: cdk.listMapper(cdk.cfnTagToCloudFormation)(properties.tags),
390 };
391}
392// @ts-ignore TS6133
393function CfnReplicaKeyPropsFromCloudFormation(properties) {
394 properties = properties == null ? {} : properties;
395 if (typeof properties !== 'object') {
396 return new cfn_parse.FromCloudFormationResult(properties);
397 }
398 const ret = new cfn_parse.FromCloudFormationPropertyObject();
399 ret.addPropertyResult('keyPolicy', 'KeyPolicy', cfn_parse.FromCloudFormation.getAny(properties.KeyPolicy));
400 ret.addPropertyResult('primaryKeyArn', 'PrimaryKeyArn', cfn_parse.FromCloudFormation.getString(properties.PrimaryKeyArn));
401 ret.addPropertyResult('description', 'Description', properties.Description != null ? cfn_parse.FromCloudFormation.getString(properties.Description) : undefined);
402 ret.addPropertyResult('enabled', 'Enabled', properties.Enabled != null ? cfn_parse.FromCloudFormation.getBoolean(properties.Enabled) : undefined);
403 ret.addPropertyResult('pendingWindowInDays', 'PendingWindowInDays', properties.PendingWindowInDays != null ? cfn_parse.FromCloudFormation.getNumber(properties.PendingWindowInDays) : undefined);
404 ret.addPropertyResult('tags', 'Tags', properties.Tags != null ? cfn_parse.FromCloudFormation.getArray(cfn_parse.FromCloudFormation.getCfnTag)(properties.Tags) : undefined);
405 ret.addUnrecognizedPropertiesAsExtra(properties);
406 return ret;
407}
408/**
409 * A CloudFormation `AWS::KMS::ReplicaKey`
410 *
411 * The `AWS::KMS::ReplicaKey` resource specifies a multi-Region replica key that is based on a multi-Region primary key.
412 *
413 * *Multi-Region keys* are an AWS KMS feature that lets you create multiple interoperable KMS keys in different AWS Regions . Because these KMS keys have the same key ID, key material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information, see [Multi-Region keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the *AWS Key Management Service Developer Guide* .
414 *
415 * A multi-Region *primary key* is a fully functional symmetric encryption KMS key, HMAC KMS key, or asymmetric KMS key that is also the model for replica keys in other AWS Regions . To create a multi-Region primary key, add an [AWS::KMS::Key](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-key.html) resource to your CloudFormation stack. Set its `MultiRegion` property to true.
416 *
417 * A multi-Region *replica key* is a fully functional KMS key that has the same key ID and key material as a multi-Region primary key, but is located in a different AWS Region of the same AWS partition. There can be multiple replicas of a primary key, but each must be in a different AWS Region .
418 *
419 * When you create a replica key in AWS CloudFormation , the replica key is created in the AWS Region represented by the endpoint you use for the request. If you try to replicate a multi-Region key into a Region in which the key type is not supported, the request will fail.
420 *
421 * A primary key and its replicas have the same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. These properties are known as *shared properties* . If they change, AWS KMS synchronizes the change to all related multi-Region keys. All other properties of a replica key can differ, including its key policy, tags, aliases, and key state. AWS KMS does not synchronize these properties.
422 *
423 * *Regions*
424 *
425 * AWS KMS CloudFormation resources are available in all AWS Regions in which AWS KMS and AWS CloudFormation are supported. You can use the `AWS::KMS::ReplicaKey` resource to create replica keys in all Regions that support multi-Region KMS keys. For details, see [Multi-Region keys in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html) in the ** .
426 *
427 * @cloudformationResource AWS::KMS::ReplicaKey
428 * @stability external
429 *
430 * @link http://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-kms-replicakey.html
431 */
432class CfnReplicaKey extends cdk.CfnResource {
433 /**
434 * Create a new `AWS::KMS::ReplicaKey`.
435 *
436 * @param scope - scope in which this resource is defined
437 * @param id - scoped id of the resource
438 * @param props - resource properties
439 */
440 constructor(scope, id, props) {
441 super(scope, id, { type: CfnReplicaKey.CFN_RESOURCE_TYPE_NAME, properties: props });
442 try {
443 jsiiDeprecationWarnings._aws_cdk_aws_kms_CfnReplicaKeyProps(props);
444 }
445 catch (error) {
446 if (process.env.JSII_DEBUG !== "1" && error.name === "DeprecationError") {
447 Error.captureStackTrace(error, CfnReplicaKey);
448 }
449 throw error;
450 }
451 cdk.requireProperty(props, 'keyPolicy', this);
452 cdk.requireProperty(props, 'primaryKeyArn', this);
453 this.attrArn = cdk.Token.asString(this.getAtt('Arn'));
454 this.attrKeyId = cdk.Token.asString(this.getAtt('KeyId'));
455 this.keyPolicy = props.keyPolicy;
456 this.primaryKeyArn = props.primaryKeyArn;
457 this.description = props.description;
458 this.enabled = props.enabled;
459 this.pendingWindowInDays = props.pendingWindowInDays;
460 this.tags = new cdk.TagManager(cdk.TagType.STANDARD, "AWS::KMS::ReplicaKey", props.tags, { tagPropertyName: 'tags' });
461 }
462 /**
463 * A factory method that creates a new instance of this class from an object
464 * containing the CloudFormation properties of this resource.
465 * Used in the @aws-cdk/cloudformation-include module.
466 *
467 * @internal
468 */
469 static _fromCloudFormation(scope, id, resourceAttributes, options) {
470 resourceAttributes = resourceAttributes || {};
471 const resourceProperties = options.parser.parseValue(resourceAttributes.Properties);
472 const propsResult = CfnReplicaKeyPropsFromCloudFormation(resourceProperties);
473 const ret = new CfnReplicaKey(scope, id, propsResult.value);
474 for (const [propKey, propVal] of Object.entries(propsResult.extraProperties)) {
475 ret.addPropertyOverride(propKey, propVal);
476 }
477 options.parser.handleAttributes(ret, resourceAttributes, id);
478 return ret;
479 }
480 /**
481 * Examines the CloudFormation resource and discloses attributes.
482 *
483 * @param inspector - tree inspector to collect and process attributes
484 *
485 */
486 inspect(inspector) {
487 inspector.addAttribute("aws:cdk:cloudformation:type", CfnReplicaKey.CFN_RESOURCE_TYPE_NAME);
488 inspector.addAttribute("aws:cdk:cloudformation:props", this.cfnProperties);
489 }
490 get cfnProperties() {
491 return {
492 keyPolicy: this.keyPolicy,
493 primaryKeyArn: this.primaryKeyArn,
494 description: this.description,
495 enabled: this.enabled,
496 pendingWindowInDays: this.pendingWindowInDays,
497 tags: this.tags.renderTags(),
498 };
499 }
500 renderProperties(props) {
501 return cfnReplicaKeyPropsToCloudFormation(props);
502 }
503}
504exports.CfnReplicaKey = CfnReplicaKey;
505_c = JSII_RTTI_SYMBOL_1;
506CfnReplicaKey[_c] = { fqn: "@aws-cdk/aws-kms.CfnReplicaKey", version: "1.204.0" };
507/**
508 * The CloudFormation resource type name for this resource class.
509 */
510CfnReplicaKey.CFN_RESOURCE_TYPE_NAME = "AWS::KMS::ReplicaKey";
511//# sourceMappingURL=data:application/json;base64,
\No newline at end of file