com.pulumi.aws.kms.inputs.ReplicaExternalKeyState Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of aws Show documentation
Show all versions of aws Show documentation
A Pulumi package for creating and managing Amazon Web Services (AWS) cloud resources.
The newest version!
// *** WARNING: this file was generated by pulumi-java-gen. ***
// *** Do not edit by hand unless you're certain you know what you are doing! ***
package com.pulumi.aws.kms.inputs;
import com.pulumi.core.Output;
import com.pulumi.core.annotations.Import;
import java.lang.Boolean;
import java.lang.Integer;
import java.lang.String;
import java.util.Map;
import java.util.Objects;
import java.util.Optional;
import javax.annotation.Nullable;
public final class ReplicaExternalKeyState extends com.pulumi.resources.ResourceArgs {
public static final ReplicaExternalKeyState Empty = new ReplicaExternalKeyState();
/**
* The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value.
*
*/
@Import(name="arn")
private @Nullable Output arn;
/**
* @return The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value.
*
*/
public Optional> arn() {
return Optional.ofNullable(this.arn);
}
/**
* A flag to indicate whether to bypass the key policy lockout safety check.
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.
* For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_.
* The default value is `false`.
*
*/
@Import(name="bypassPolicyLockoutSafetyCheck")
private @Nullable Output bypassPolicyLockoutSafetyCheck;
/**
* @return A flag to indicate whether to bypass the key policy lockout safety check.
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.
* For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_.
* The default value is `false`.
*
*/
public Optional> bypassPolicyLockoutSafetyCheck() {
return Optional.ofNullable(this.bypassPolicyLockoutSafetyCheck);
}
/**
* The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key.
* If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
*
*/
@Import(name="deletionWindowInDays")
private @Nullable Output deletionWindowInDays;
/**
* @return The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key.
* If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
*
*/
public Optional> deletionWindowInDays() {
return Optional.ofNullable(this.deletionWindowInDays);
}
/**
* A description of the KMS key.
*
*/
@Import(name="description")
private @Nullable Output description;
/**
* @return A description of the KMS key.
*
*/
public Optional> description() {
return Optional.ofNullable(this.description);
}
/**
* Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
*/
@Import(name="enabled")
private @Nullable Output enabled;
/**
* @return Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
*/
public Optional> enabled() {
return Optional.ofNullable(this.enabled);
}
/**
* Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
*
*/
@Import(name="expirationModel")
private @Nullable Output expirationModel;
/**
* @return Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
*
*/
public Optional> expirationModel() {
return Optional.ofNullable(this.expirationModel);
}
/**
* The key ID of the replica key. Related multi-Region keys have the same key ID.
*
*/
@Import(name="keyId")
private @Nullable Output keyId;
/**
* @return The key ID of the replica key. Related multi-Region keys have the same key ID.
*
*/
public Optional> keyId() {
return Optional.ofNullable(this.keyId);
}
/**
* Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material.
*
*/
@Import(name="keyMaterialBase64")
private @Nullable Output keyMaterialBase64;
/**
* @return Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material.
*
*/
public Optional> keyMaterialBase64() {
return Optional.ofNullable(this.keyMaterialBase64);
}
/**
* The state of the replica key.
*
*/
@Import(name="keyState")
private @Nullable Output keyState;
/**
* @return The state of the replica key.
*
*/
public Optional> keyState() {
return Optional.ofNullable(this.keyState);
}
/**
* The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys.
*
*/
@Import(name="keyUsage")
private @Nullable Output keyUsage;
/**
* @return The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys.
*
*/
public Optional> keyUsage() {
return Optional.ofNullable(this.keyUsage);
}
/**
* The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
*
*/
@Import(name="policy")
private @Nullable Output policy;
/**
* @return The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
*
*/
public Optional> policy() {
return Optional.ofNullable(this.policy);
}
/**
* The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
*
*/
@Import(name="primaryKeyArn")
private @Nullable Output primaryKeyArn;
/**
* @return The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
*
*/
public Optional> primaryKeyArn() {
return Optional.ofNullable(this.primaryKeyArn);
}
/**
* A map of tags to assign to the replica key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
*/
@Import(name="tags")
private @Nullable Output> tags;
/**
* @return A map of tags to assign to the replica key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
*/
public Optional>> tags() {
return Optional.ofNullable(this.tags);
}
/**
* A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.
*
* @deprecated
* Please use `tags` instead.
*
*/
@Deprecated /* Please use `tags` instead. */
@Import(name="tagsAll")
private @Nullable Output> tagsAll;
/**
* @return A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.
*
* @deprecated
* Please use `tags` instead.
*
*/
@Deprecated /* Please use `tags` instead. */
public Optional>> tagsAll() {
return Optional.ofNullable(this.tagsAll);
}
/**
* Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
*/
@Import(name="validTo")
private @Nullable Output validTo;
/**
* @return Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
*/
public Optional> validTo() {
return Optional.ofNullable(this.validTo);
}
private ReplicaExternalKeyState() {}
private ReplicaExternalKeyState(ReplicaExternalKeyState $) {
this.arn = $.arn;
this.bypassPolicyLockoutSafetyCheck = $.bypassPolicyLockoutSafetyCheck;
this.deletionWindowInDays = $.deletionWindowInDays;
this.description = $.description;
this.enabled = $.enabled;
this.expirationModel = $.expirationModel;
this.keyId = $.keyId;
this.keyMaterialBase64 = $.keyMaterialBase64;
this.keyState = $.keyState;
this.keyUsage = $.keyUsage;
this.policy = $.policy;
this.primaryKeyArn = $.primaryKeyArn;
this.tags = $.tags;
this.tagsAll = $.tagsAll;
this.validTo = $.validTo;
}
public static Builder builder() {
return new Builder();
}
public static Builder builder(ReplicaExternalKeyState defaults) {
return new Builder(defaults);
}
public static final class Builder {
private ReplicaExternalKeyState $;
public Builder() {
$ = new ReplicaExternalKeyState();
}
public Builder(ReplicaExternalKeyState defaults) {
$ = new ReplicaExternalKeyState(Objects.requireNonNull(defaults));
}
/**
* @param arn The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value.
*
* @return builder
*
*/
public Builder arn(@Nullable Output arn) {
$.arn = arn;
return this;
}
/**
* @param arn The Amazon Resource Name (ARN) of the replica key. The key ARNs of related multi-Region keys differ only in the Region value.
*
* @return builder
*
*/
public Builder arn(String arn) {
return arn(Output.of(arn));
}
/**
* @param bypassPolicyLockoutSafetyCheck A flag to indicate whether to bypass the key policy lockout safety check.
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.
* For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_.
* The default value is `false`.
*
* @return builder
*
*/
public Builder bypassPolicyLockoutSafetyCheck(@Nullable Output bypassPolicyLockoutSafetyCheck) {
$.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
return this;
}
/**
* @param bypassPolicyLockoutSafetyCheck A flag to indicate whether to bypass the key policy lockout safety check.
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.
* For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_.
* The default value is `false`.
*
* @return builder
*
*/
public Builder bypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
return bypassPolicyLockoutSafetyCheck(Output.of(bypassPolicyLockoutSafetyCheck));
}
/**
* @param deletionWindowInDays The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key.
* If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
*
* @return builder
*
*/
public Builder deletionWindowInDays(@Nullable Output deletionWindowInDays) {
$.deletionWindowInDays = deletionWindowInDays;
return this;
}
/**
* @param deletionWindowInDays The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key.
* If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`.
*
* @return builder
*
*/
public Builder deletionWindowInDays(Integer deletionWindowInDays) {
return deletionWindowInDays(Output.of(deletionWindowInDays));
}
/**
* @param description A description of the KMS key.
*
* @return builder
*
*/
public Builder description(@Nullable Output description) {
$.description = description;
return this;
}
/**
* @param description A description of the KMS key.
*
* @return builder
*
*/
public Builder description(String description) {
return description(Output.of(description));
}
/**
* @param enabled Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
* @return builder
*
*/
public Builder enabled(@Nullable Output enabled) {
$.enabled = enabled;
return this;
}
/**
* @param enabled Specifies whether the replica key is enabled. Disabled KMS keys cannot be used in cryptographic operations. Keys pending import can only be `false`. Imported keys default to `true` unless expired.
*
* @return builder
*
*/
public Builder enabled(Boolean enabled) {
return enabled(Output.of(enabled));
}
/**
* @param expirationModel Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
*
* @return builder
*
*/
public Builder expirationModel(@Nullable Output expirationModel) {
$.expirationModel = expirationModel;
return this;
}
/**
* @param expirationModel Whether the key material expires. Empty when pending key material import, otherwise `KEY_MATERIAL_EXPIRES` or `KEY_MATERIAL_DOES_NOT_EXPIRE`.
*
* @return builder
*
*/
public Builder expirationModel(String expirationModel) {
return expirationModel(Output.of(expirationModel));
}
/**
* @param keyId The key ID of the replica key. Related multi-Region keys have the same key ID.
*
* @return builder
*
*/
public Builder keyId(@Nullable Output keyId) {
$.keyId = keyId;
return this;
}
/**
* @param keyId The key ID of the replica key. Related multi-Region keys have the same key ID.
*
* @return builder
*
*/
public Builder keyId(String keyId) {
return keyId(Output.of(keyId));
}
/**
* @param keyMaterialBase64 Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material.
*
* @return builder
*
*/
public Builder keyMaterialBase64(@Nullable Output keyMaterialBase64) {
$.keyMaterialBase64 = keyMaterialBase64;
return this;
}
/**
* @param keyMaterialBase64 Base64 encoded 256-bit symmetric encryption key material to import. The KMS key is permanently associated with this key material. The same key material can be [reimported](https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material), but you cannot import different key material.
*
* @return builder
*
*/
public Builder keyMaterialBase64(String keyMaterialBase64) {
return keyMaterialBase64(Output.of(keyMaterialBase64));
}
/**
* @param keyState The state of the replica key.
*
* @return builder
*
*/
public Builder keyState(@Nullable Output keyState) {
$.keyState = keyState;
return this;
}
/**
* @param keyState The state of the replica key.
*
* @return builder
*
*/
public Builder keyState(String keyState) {
return keyState(Output.of(keyState));
}
/**
* @param keyUsage The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys.
*
* @return builder
*
*/
public Builder keyUsage(@Nullable Output keyUsage) {
$.keyUsage = keyUsage;
return this;
}
/**
* @param keyUsage The [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations) for which you can use the KMS key. This is a shared property of multi-Region keys.
*
* @return builder
*
*/
public Builder keyUsage(String keyUsage) {
return keyUsage(Output.of(keyUsage));
}
/**
* @param policy The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
*
* @return builder
*
*/
public Builder policy(@Nullable Output policy) {
$.policy = policy;
return this;
}
/**
* @param policy The key policy to attach to the KMS key. If you do not specify a key policy, AWS KMS attaches the [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) to the KMS key.
*
* @return builder
*
*/
public Builder policy(String policy) {
return policy(Output.of(policy));
}
/**
* @param primaryKeyArn The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
*
* @return builder
*
*/
public Builder primaryKeyArn(@Nullable Output primaryKeyArn) {
$.primaryKeyArn = primaryKeyArn;
return this;
}
/**
* @param primaryKeyArn The ARN of the multi-Region primary key to replicate. The primary key must be in a different AWS Region of the same AWS Partition. You can create only one replica of a given primary key in each AWS Region.
*
* @return builder
*
*/
public Builder primaryKeyArn(String primaryKeyArn) {
return primaryKeyArn(Output.of(primaryKeyArn));
}
/**
* @param tags A map of tags to assign to the replica key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
* @return builder
*
*/
public Builder tags(@Nullable Output> tags) {
$.tags = tags;
return this;
}
/**
* @param tags A map of tags to assign to the replica key. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
*
* @return builder
*
*/
public Builder tags(Map tags) {
return tags(Output.of(tags));
}
/**
* @param tagsAll A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.
*
* @return builder
*
* @deprecated
* Please use `tags` instead.
*
*/
@Deprecated /* Please use `tags` instead. */
public Builder tagsAll(@Nullable Output> tagsAll) {
$.tagsAll = tagsAll;
return this;
}
/**
* @param tagsAll A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.
*
* @return builder
*
* @deprecated
* Please use `tags` instead.
*
*/
@Deprecated /* Please use `tags` instead. */
public Builder tagsAll(Map tagsAll) {
return tagsAll(Output.of(tagsAll));
}
/**
* @param validTo Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
* @return builder
*
*/
public Builder validTo(@Nullable Output validTo) {
$.validTo = validTo;
return this;
}
/**
* @param validTo Time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the key becomes unusable. If not specified, key material does not expire. Valid values: [RFC3339 time string](https://tools.ietf.org/html/rfc3339#section-5.8) (`YYYY-MM-DDTHH:MM:SSZ`)
*
* @return builder
*
*/
public Builder validTo(String validTo) {
return validTo(Output.of(validTo));
}
public ReplicaExternalKeyState build() {
return $;
}
}
}
© 2015 - 2025 Weber Informatics LLC | Privacy Policy