com.pulumi.aws.kms.ExternalKeyArgs Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of aws Show documentation
Show all versions of aws Show documentation
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.aws.kms;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class ExternalKeyArgs extends com.pulumi.resources.ResourceArgs {
public static final ExternalKeyArgs Empty = new ExternalKeyArgs();
/**
* Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.
*
*/
@Import(name="bypassPolicyLockoutSafetyCheck")
private @Nullable Output bypassPolicyLockoutSafetyCheck;
/**
* @return Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.
*
*/
public Optional> bypassPolicyLockoutSafetyCheck() {
return Optional.ofNullable(this.bypassPolicyLockoutSafetyCheck);
}
/**
* Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
*
*/
@Import(name="deletionWindowInDays")
private @Nullable Output deletionWindowInDays;
/**
* @return Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
*
*/
public Optional> deletionWindowInDays() {
return Optional.ofNullable(this.deletionWindowInDays);
}
/**
* Description of the key.
*
*/
@Import(name="description")
private @Nullable Output description;
/**
* @return Description of the key.
*
*/
public Optional> description() {
return Optional.ofNullable(this.description);
}
/**
* Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
*/
@Import(name="enabled")
private @Nullable Output enabled;
/**
* @return Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
*/
public Optional> enabled() {
return Optional.ofNullable(this.enabled);
}
/**
* Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
*
*/
@Import(name="keyMaterialBase64")
private @Nullable Output keyMaterialBase64;
/**
* @return Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
*
*/
public Optional> keyMaterialBase64() {
return Optional.ofNullable(this.keyMaterialBase64);
}
/**
* Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`.
*
*/
@Import(name="multiRegion")
private @Nullable Output multiRegion;
/**
* @return Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`.
*
*/
public Optional> multiRegion() {
return Optional.ofNullable(this.multiRegion);
}
/**
* A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
*
*/
@Import(name="policy")
private @Nullable Output policy;
/**
* @return A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
*
*/
public Optional> policy() {
return Optional.ofNullable(this.policy);
}
/**
* A key-value map of tags to assign to the key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
*/
@Import(name="tags")
private @Nullable Output> tags;
/**
* @return A key-value map of tags to assign to the key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
*/
public Optional>> tags() {
return Optional.ofNullable(this.tags);
}
/**
* Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
*/
@Import(name="validTo")
private @Nullable Output validTo;
/**
* @return Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
*/
public Optional> validTo() {
return Optional.ofNullable(this.validTo);
}
private ExternalKeyArgs() {}
private ExternalKeyArgs(ExternalKeyArgs $) {
this.bypassPolicyLockoutSafetyCheck = $.bypassPolicyLockoutSafetyCheck;
this.deletionWindowInDays = $.deletionWindowInDays;
this.description = $.description;
this.enabled = $.enabled;
this.keyMaterialBase64 = $.keyMaterialBase64;
this.multiRegion = $.multiRegion;
this.policy = $.policy;
this.tags = $.tags;
this.validTo = $.validTo;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(ExternalKeyArgs defaults) {
return new Builder(defaults);
}
public static final class Builder {
private ExternalKeyArgs $;
public Builder() {
$ = new ExternalKeyArgs();
}
public Builder(ExternalKeyArgs defaults) {
$ = new ExternalKeyArgs(Objects.requireNonNull(defaults));
}
/**
* @param bypassPolicyLockoutSafetyCheck Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.
*
* @return builder
*
*/
public Builder bypassPolicyLockoutSafetyCheck(@Nullable Output bypassPolicyLockoutSafetyCheck) {
$.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
return this;
}
/**
* @param bypassPolicyLockoutSafetyCheck Specifies whether to disable the policy lockout check performed when creating or updating the key's policy. Setting this value to `true` increases the risk that the key becomes unmanageable. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the AWS Key Management Service Developer Guide. Defaults to `false`.
*
* @return builder
*
*/
public Builder bypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
return bypassPolicyLockoutSafetyCheck(Output.of(bypassPolicyLockoutSafetyCheck));
}
/**
* @param deletionWindowInDays Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
*
* @return builder
*
*/
public Builder deletionWindowInDays(@Nullable Output deletionWindowInDays) {
$.deletionWindowInDays = deletionWindowInDays;
return this;
}
/**
* @param deletionWindowInDays Duration in days after which the key is deleted after destruction of the resource. Must be between `7` and `30` days. Defaults to `30`.
*
* @return builder
*
*/
public Builder deletionWindowInDays(Integer deletionWindowInDays) {
return deletionWindowInDays(Output.of(deletionWindowInDays));
}
/**
* @param description Description of the key.
*
* @return builder
*
*/
public Builder description(@Nullable Output description) {
$.description = description;
return this;
}
/**
* @param description Description of the key.
*
* @return builder
*
*/
public Builder description(String description) {
return description(Output.of(description));
}
/**
* @param enabled Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
* @return builder
*
*/
public Builder enabled(@Nullable Output enabled) {
$.enabled = enabled;
return this;
}
/**
* @param enabled Specifies whether the key is enabled. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
* @return builder
*
*/
public Builder enabled(Boolean enabled) {
return enabled(Output.of(enabled));
}
/**
* @param keyMaterialBase64 Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
*
* @return builder
*
*/
public Builder keyMaterialBase64(@Nullable Output keyMaterialBase64) {
$.keyMaterialBase64 = keyMaterialBase64;
return this;
}
/**
* @param keyMaterialBase64 Base64 encoded 256-bit symmetric encryption key material to import. The CMK is permanently associated with this key material. The same key material can be reimported, but you cannot import different key material.
*
* @return builder
*
*/
public Builder keyMaterialBase64(String keyMaterialBase64) {
return keyMaterialBase64(Output.of(keyMaterialBase64));
}
/**
* @param multiRegion Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`.
*
* @return builder
*
*/
public Builder multiRegion(@Nullable Output multiRegion) {
$.multiRegion = multiRegion;
return this;
}
/**
* @param multiRegion Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`.
*
* @return builder
*
*/
public Builder multiRegion(Boolean multiRegion) {
return multiRegion(Output.of(multiRegion));
}
/**
* @param policy A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
*
* @return builder
*
*/
public Builder policy(@Nullable Output policy) {
$.policy = policy;
return this;
}
/**
* @param policy A key policy JSON document. If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK.
*
* @return builder
*
*/
public Builder policy(String policy) {
return policy(Output.of(policy));
}
/**
* @param tags A key-value map of tags to assign to the key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
* @return builder
*
*/
public Builder tags(@Nullable Output> tags) {
$.tags = tags;
return this;
}
/**
* @param tags A key-value map of tags to assign to the key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
* @return builder
*
*/
public Builder tags(Map tags) {
return tags(Output.of(tags));
}
/**
* @param validTo Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
* @return builder
*
*/
public Builder validTo(@Nullable Output validTo) {
$.validTo = validTo;
return this;
}
/**
* @param validTo Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
* @return builder
*
*/
public Builder validTo(String validTo) {
return validTo(Output.of(validTo));
}
public ExternalKeyArgs build() {
return $;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy