AWS::KMS::ReplicaKeyKMS ReplicaKey
The AWS::KMS::ReplicaKey resource specifies a multi-region replica AWS KMS key in AWS Key Management Service (AWS KMS).
Properties
6 configurable properties. 2 required. Click a row to see details.
Filter:
| Property | Type | Flags |
|---|---|---|
KeyPolicy | objectstring | Required |
PrimaryKeyArn | string | RequiredCreate-only |
Description | string | |
Enabled | boolean | |
PendingWindowInDays | integer | Write-only |
Tags | Array<Tag> |
Return Values
Values returned after the resource is created. Access these with Fn::GetAtt.
| Attribute | Type | Description |
|---|---|---|
Arn | string | - |
KeyId | string | - |
Sample CloudFormation Template
A minimal template with required properties and common optional ones.
template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::KMS::ReplicaKey
Resources:
MyResource:
Type: AWS::KMS::ReplicaKey
Properties:
PrimaryKeyArn: "arn:aws:service:region:account:resource"
KeyPolicy: "value"
Tags:
- Key: Environment
Value: Production
Description: !Ref "AWS::StackName"Required IAM Permissions
Permissions CloudFormation needs in your IAM role to manage this resource.
read
kms:DescribeKeykms:GetKeyPolicykms:ListResourceTagscreate
kms:ReplicateKeykms:CreateKeykms:DescribeKeykms:DisableKeykms:TagResourceupdate
kms:DescribeKeykms:DisableKeykms:EnableKeykms:PutKeyPolicykms:TagResourcekms:UntagResourcekms:UpdateKeyDescriptionlist
kms:ListKeyskms:DescribeKeydelete
kms:DescribeKeykms:ScheduleKeyDeletionLearn AWS the Practical Way
Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.
Subscribe to NewsletterQuick Facts
ServiceKMS
Properties8
Required2
TaggingSupported
Primary ID
KeyIdSupported Operations
ReadCreateUpdateListDelete
Immutable After Creation
These properties cannot be changed after the resource is created. Updating them triggers a replacement.
PrimaryKeyArn