ALIYUN::KMS::Key is used to create a customer master key (CMK).
Syntax
{
"Type": "ALIYUN::KMS::Key",
"Properties": {
"KeyUsage": String,
"Enable": Boolean,
"PendingWindowInDays": Integer,
"Description": String,
"KeySpec": String,
"EnableAutomaticRotation": Boolean,
"RotationInterval": String,
"ProtectionLevel": String,
"DKMSInstanceId": String
}
}
Properties
Property | Type | Required | Editable | Description | Constraint |
KeyUsage | String | No | No | The usage of the CMK. | Valid values:
|
Enable | Boolean | No | Yes | Specifies whether to enable the CMK. | Valid values:
|
PendingWindowInDays | Integer | No | No | The scheduled period after when the CMK is deleted. During the period, the CMK is in the PendingDeletion state. After the period ends, you cannot cancel the deletion task. | Valid values: 7 to 30. Default value: 30. Unit: day. |
Description | String | No | Yes | The description of the CMK. | The description can be up to 8,192 characters in length. |
KeySpec | String | No | No | The type of the CMK. | Valid values:
Note If you want to create the CMK in a managed hardware security module (HSM) in the Chinese mainland, the default value is Aliyun_SM4. In other cases, the default value is Aliyun_AES_256. |
EnableAutomaticRotation | Boolean | No | Yes | Specifies whether to enable automatic key rotation. | Valid values:
|
RotationInterval | String | No | Yes | The interval of automatic key rotation. Example: | Specify the interval in the Valid values of
For example, you can use 7d or 604800s to specify a seven-day interval. The interval ranges from 7 days to 730 days. |
ProtectionLevel | String | No | No | The protection level of the CMK. | Valid values:
|
DKMSInstanceId | String | No | No | The ID of the dedicated Key Management Service (KMS) instance. | None. |
Return values
Fn::GetAtt
KeyId: the ID of the CMK.