AWS Fundamentals Logo
AWS Fundamentals
AWS::KMS::Key

KMS Key

The AWS::KMS::Key resource specifies an [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys) in KMSlong. You can use this resource to create symmetric encryption KMS keys, asymmetric KMS keys for encryption or signing, and symmetric HMAC KMS keys. You can use AWS::KMS::Key to create [multi-Region primary keys](https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-primary-key) of all supported types. To replicate a ...

Properties

12 configurable properties. Click a row to see details.

Filter:
PropertyTypeFlags
BypassPolicyLockoutSafetyCheck
boolean
Write-only
Description
string
Enabled
boolean
EnableKeyRotation
boolean
KeyPolicy
objectstring
KeySpec
string
KeyUsage
string
MultiRegion
boolean
Origin
string
PendingWindowInDays
integer
Write-only
RotationPeriodInDays
integer
Write-only
Tags
Array<Tag>

Return Values

Values returned after the resource is created. Access these with Fn::GetAtt.

AttributeTypeDescription
Arnstring-
KeyIdstring-

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml
AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::KMS::Key

Resources:
  MyResource:
    Type: AWS::KMS::Key
    Properties:
      Tags:
        - Key: Environment
          Value: Production
      Description: !Ref "AWS::StackName"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

create

kms:CreateKeykms:EnableKeyRotationkms:DisableKeykms:TagResourcekms:PutKeyPolicy

read

kms:DescribeKeykms:GetKeyPolicykms:GetKeyRotationStatuskms:ListResourceTags

update

kms:DescribeKeykms:DisableKeykms:DisableKeyRotationkms:EnableKeykms:EnableKeyRotationkms:PutKeyPolicykms:TagResourcekms:UntagResource

delete

kms:DescribeKeykms:ScheduleKeyDeletion

list

kms:ListKeyskms:DescribeKey

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceKMS
Properties14
Required0
TaggingSupported
Primary IDKeyId

Supported Operations

CreateReadUpdateDeleteList

Related Resources

External Links