com.pulumi.aws.kms.ReplicaExternalKeyArgs Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of aws Show documentation
Show all versions of aws Show documentation
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.aws.kms;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import com.pulumi.exceptions.MissingRequiredPropertyException;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class ReplicaExternalKeyArgs extends com.pulumi.resources.ResourceArgs {
public static final ReplicaExternalKeyArgs Empty = new ReplicaExternalKeyArgs();
/**
* A flag to indicate whether to bypass the key policy lockout safety check.
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.
* For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_.
* The default value is `false`.
*
*/
@Import(name="bypassPolicyLockoutSafetyCheck")
private @Nullable Output bypassPolicyLockoutSafetyCheck;
/**
* @return A flag to indicate whether to bypass the key policy lockout safety check.
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.
* For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_.
* The default value is `false`.
*
*/
public Optional> bypassPolicyLockoutSafetyCheck() {
return Optional.ofNullable(this.bypassPolicyLockoutSafetyCheck);
}
/**
* The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key.
* If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
*
*/
@Import(name="deletionWindowInDays")
private @Nullable Output deletionWindowInDays;
/**
* @return The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key.
* If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
*
*/
public Optional> deletionWindowInDays() {
return Optional.ofNullable(this.deletionWindowInDays);
}
/**
* A description of the KMS key.
*
*/
@Import(name="description")
private @Nullable Output description;
/**
* @return A description of the KMS key.
*
*/
public Optional> description() {
return Optional.ofNullable(this.description);
}
/**
* Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
*/
@Import(name="enabled")
private @Nullable Output enabled;
/**
* @return Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
*/
public Optional> enabled() {
return Optional.ofNullable(this.enabled);
}
/**
* Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material.
*
*/
@Import(name="keyMaterialBase64")
private @Nullable Output keyMaterialBase64;
/**
* @return Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material.
*
*/
public Optional> keyMaterialBase64() {
return Optional.ofNullable(this.keyMaterialBase64);
}
/**
* The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
*
*/
@Import(name="policy")
private @Nullable Output policy;
/**
* @return The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
*
*/
public Optional> policy() {
return Optional.ofNullable(this.policy);
}
/**
* The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
*
*/
@Import(name="primaryKeyArn", required=true)
private Output primaryKeyArn;
/**
* @return The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
*
*/
public Output primaryKeyArn() {
return this.primaryKeyArn;
}
/**
* A map of tags to assign to the replica key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
*/
@Import(name="tags")
private @Nullable Output> tags;
/**
* @return A map of tags to assign to the replica key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
*/
public Optional>> tags() {
return Optional.ofNullable(this.tags);
}
/**
* Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
*/
@Import(name="validTo")
private @Nullable Output validTo;
/**
* @return Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
*/
public Optional> validTo() {
return Optional.ofNullable(this.validTo);
}
private ReplicaExternalKeyArgs() {}
private ReplicaExternalKeyArgs(ReplicaExternalKeyArgs $) {
this.bypassPolicyLockoutSafetyCheck = $.bypassPolicyLockoutSafetyCheck;
this.deletionWindowInDays = $.deletionWindowInDays;
this.description = $.description;
this.enabled = $.enabled;
this.keyMaterialBase64 = $.keyMaterialBase64;
this.policy = $.policy;
this.primaryKeyArn = $.primaryKeyArn;
this.tags = $.tags;
this.validTo = $.validTo;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(ReplicaExternalKeyArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private ReplicaExternalKeyArgs $;
public Builder() {
$ = new ReplicaExternalKeyArgs();
}
public Builder(ReplicaExternalKeyArgs defaults) {
$ = new ReplicaExternalKeyArgs(Objects.requireNonNull(defaults));
}
/**
* @param bypassPolicyLockoutSafetyCheck A flag to indicate whether to bypass the key policy lockout safety check.
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.
* For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_.
* The default value is `false`.
*
* @return builder
*
*/
public Builder bypassPolicyLockoutSafetyCheck(@Nullable Output bypassPolicyLockoutSafetyCheck) {
$.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
return this;
}
/**
* @param bypassPolicyLockoutSafetyCheck A flag to indicate whether to bypass the key policy lockout safety check.
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.
* For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_.
* The default value is `false`.
*
* @return builder
*
*/
public Builder bypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
return bypassPolicyLockoutSafetyCheck(Output.of(bypassPolicyLockoutSafetyCheck));
}
/**
* @param deletionWindowInDays The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key.
* If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
*
* @return builder
*
*/
public Builder deletionWindowInDays(@Nullable Output deletionWindowInDays) {
$.deletionWindowInDays = deletionWindowInDays;
return this;
}
/**
* @param deletionWindowInDays The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key.
* If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
*
* @return builder
*
*/
public Builder deletionWindowInDays(Integer deletionWindowInDays) {
return deletionWindowInDays(Output.of(deletionWindowInDays));
}
/**
* @param description A description of the KMS key.
*
* @return builder
*
*/
public Builder description(@Nullable Output description) {
$.description = description;
return this;
}
/**
* @param description A description of the KMS key.
*
* @return builder
*
*/
public Builder description(String description) {
return description(Output.of(description));
}
/**
* @param enabled Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
* @return builder
*
*/
public Builder enabled(@Nullable Output enabled) {
$.enabled = enabled;
return this;
}
/**
* @param enabled Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
* @return builder
*
*/
public Builder enabled(Boolean enabled) {
return enabled(Output.of(enabled));
}
/**
* @param keyMaterialBase64 Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material.
*
* @return builder
*
*/
public Builder keyMaterialBase64(@Nullable Output keyMaterialBase64) {
$.keyMaterialBase64 = keyMaterialBase64;
return this;
}
/**
* @param keyMaterialBase64 Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material.
*
* @return builder
*
*/
public Builder keyMaterialBase64(String keyMaterialBase64) {
return keyMaterialBase64(Output.of(keyMaterialBase64));
}
/**
* @param policy The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
*
* @return builder
*
*/
public Builder policy(@Nullable Output policy) {
$.policy = policy;
return this;
}
/**
* @param policy The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
*
* @return builder
*
*/
public Builder policy(String policy) {
return policy(Output.of(policy));
}
/**
* @param primaryKeyArn The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
*
* @return builder
*
*/
public Builder primaryKeyArn(Output primaryKeyArn) {
$.primaryKeyArn = primaryKeyArn;
return this;
}
/**
* @param primaryKeyArn The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
*
* @return builder
*
*/
public Builder primaryKeyArn(String primaryKeyArn) {
return primaryKeyArn(Output.of(primaryKeyArn));
}
/**
* @param tags A map of tags to assign to the replica key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
* @return builder
*
*/
public Builder tags(@Nullable Output> tags) {
$.tags = tags;
return this;
}
/**
* @param tags A map of tags to assign to the replica key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
* @return builder
*
*/
public Builder tags(Map tags) {
return tags(Output.of(tags));
}
/**
* @param validTo Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
* @return builder
*
*/
public Builder validTo(@Nullable Output validTo) {
$.validTo = validTo;
return this;
}
/**
* @param validTo Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
* @return builder
*
*/
public Builder validTo(String validTo) {
return validTo(Output.of(validTo));
}
public ReplicaExternalKeyArgs build() {
if ($.primaryKeyArn == null) {
throw new MissingRequiredPropertyException("ReplicaExternalKeyArgs", "primaryKeyArn");
}
return $;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy