KmsKey

---

Resource Icon

Resource Overview

AWS Key Management Service (AWS KMS) is an encryption and key management service designed for the cloud. AWS KMS keys and features are used by other AWS services, and users can use these AWS KMS keys and features to protect data in their own applications that use AWS.

Associated Resources

Parent Resources

• Region

Resource Setting Values

Basic Settings

• description : Description of the key displayed in the AWS Console
• key_usage : Usage type of the key - ENCRYPT_DECRYPT
• multi_region : Whether to use the KMS key in multiple regions - true, false
• deletion_window_in_days : Waiting period (in days) before deleting the KMS key
• enable_key_rotation : Whether automatic key rotation is enabled - true, false

KMS Grant (grant_list)

• grant_list.operations : List of operations allowed for the KMS key - Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, Sign, Verify, CreateGrant, RetireGrant, DescribeKey

Tags

• tag : Tags used to categorize the resource

---

References

• AWS Key Management Service(AWS)
• AWS Key Management Service Pricing(AWS)
• aws_kms_alias(Terraform)