Module: AWSCDK::KMS::IKey

Includes:
IResource, Interfaces::AWSKMS::IKeyRef
Included in:
IAlias, Key
Defined in:
kms/i_key.rb

Overview

A KMS Key, either managed by this CDK app, or imported.

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

Class Method Summary collapse

Instance Method Summary collapse

Class Method Details

.jsii_overridable_methodsObject



198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
# File 'kms/i_key.rb', line 198

def self.jsii_overridable_methods
  {
    :node => { kind: :property, name: "node", is_optional: false },
    :env => { kind: :property, name: "env", is_optional: false },
    :stack => { kind: :property, name: "stack", is_optional: false },
    :key_ref => { kind: :property, name: "keyRef", is_optional: false },
    :key_arn => { kind: :property, name: "keyArn", is_optional: false },
    :key_id => { kind: :property, name: "keyId", is_optional: false },
    :with => { kind: :method, name: "with", is_optional: false },
    :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false },
    :add_alias => { kind: :method, name: "addAlias", is_optional: false },
    :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false },
    :grant => { kind: :method, name: "grant", is_optional: false },
    :grant_decrypt => { kind: :method, name: "grantDecrypt", is_optional: false },
    :grant_encrypt => { kind: :method, name: "grantEncrypt", is_optional: false },
    :grant_encrypt_decrypt => { kind: :method, name: "grantEncryptDecrypt", is_optional: false },
    :grant_generate_mac => { kind: :method, name: "grantGenerateMac", is_optional: false },
    :grant_sign => { kind: :method, name: "grantSign", is_optional: false },
    :grant_sign_verify => { kind: :method, name: "grantSignVerify", is_optional: false },
    :grant_verify => { kind: :method, name: "grantVerify", is_optional: false },
    :grant_verify_mac => { kind: :method, name: "grantVerifyMac", is_optional: false },
  }
end

Instance Method Details

#add_alias(_alias) ⇒ AWSCDK::KMS::Alias

Defines a new alias for the key.

Parameters:

  • _alias (String)

Returns:



97
98
99
100
# File 'kms/i_key.rb', line 97

def add_alias(_alias)
  Jsii::Type.check_type(_alias, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "alias")
  jsii_call_method("addAlias", [_alias])
end

#add_to_resource_policy(statement, allow_no_op = nil) ⇒ AWSCDK::IAM::AddToResourcePolicyResult

Adds a statement to the KMS key resource policy.

Parameters:

  • statement (AWSCDK::IAM::PolicyStatement)

    The policy statement to add.

  • allow_no_op (Boolean, nil) (defaults to: nil)

    If this is set to false and there is no policy defined (i.e. external key), the operation will fail. Otherwise, it will no-op.

Returns:



107
108
109
110
111
# File 'kms/i_key.rb', line 107

def add_to_resource_policy(statement, allow_no_op = nil)
  Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement")
  Jsii::Type.check_type(allow_no_op, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "allowNoOp") unless allow_no_op.nil?
  jsii_call_method("addToResourcePolicy", [statement, allow_no_op])
end

#apply_removal_policy(policy) ⇒ void

This method returns an undefined value.

Apply the given removal policy to this resource.

The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.

The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS account for data recovery and cleanup later (RemovalPolicy.RETAIN).

Parameters:



88
89
90
91
# File 'kms/i_key.rb', line 88

def apply_removal_policy(policy)
  Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy")
  jsii_call_method("applyRemovalPolicy", [policy])
end

#envAWSCDK::Interfaces::ResourceEnvironment

The environment this resource belongs to.

For resources that are created and managed in a Stack (those created by creating new class instances like new Role(), new Bucket(), etc.), this is always the same as the environment of the stack they belong to.

For referenced resources (those obtained from referencing methods like Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be different than the stack they were imported into.



30
31
32
# File 'kms/i_key.rb', line 30

def env()
  jsii_get_property("env")
end

#grant(grantee, *actions) ⇒ AWSCDK::IAM::Grant

Grant the indicated permissions on this key to the given principal.

Parameters:

Returns:



118
119
120
121
122
123
124
# File 'kms/i_key.rb', line 118

def grant(grantee, *actions)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  actions.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "actions[#{index}]")
  end
  jsii_call_method("grant", [grantee, *actions])
end

#grant_decrypt(grantee) ⇒ AWSCDK::IAM::Grant

Grant decryption permissions using this key to the given principal.

Parameters:

Returns:



130
131
132
133
# File 'kms/i_key.rb', line 130

def grant_decrypt(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantDecrypt", [grantee])
end

#grant_encrypt(grantee) ⇒ AWSCDK::IAM::Grant

Grant encryption permissions using this key to the given principal.

Parameters:

Returns:



139
140
141
142
# File 'kms/i_key.rb', line 139

def grant_encrypt(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantEncrypt", [grantee])
end

#grant_encrypt_decrypt(grantee) ⇒ AWSCDK::IAM::Grant

Grant encryption and decryption permissions using this key to the given principal.

Parameters:

Returns:



148
149
150
151
# File 'kms/i_key.rb', line 148

def grant_encrypt_decrypt(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantEncryptDecrypt", [grantee])
end

#grant_generate_mac(grantee) ⇒ AWSCDK::IAM::Grant

Grant permissions to generating MACs to the given principal.

Parameters:

Returns:



157
158
159
160
# File 'kms/i_key.rb', line 157

def grant_generate_mac(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantGenerateMac", [grantee])
end

#grant_sign(grantee) ⇒ AWSCDK::IAM::Grant

Grant sign permissions using this key to the given principal.

Parameters:

Returns:



166
167
168
169
# File 'kms/i_key.rb', line 166

def grant_sign(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantSign", [grantee])
end

#grant_sign_verify(grantee) ⇒ AWSCDK::IAM::Grant

Grant sign and verify permissions using this key to the given principal.

Parameters:

Returns:



175
176
177
178
# File 'kms/i_key.rb', line 175

def grant_sign_verify(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantSignVerify", [grantee])
end

#grant_verify(grantee) ⇒ AWSCDK::IAM::Grant

Grant verify permissions using this key to the given principal.

Parameters:

Returns:



184
185
186
187
# File 'kms/i_key.rb', line 184

def grant_verify(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantVerify", [grantee])
end

#grant_verify_mac(grantee) ⇒ AWSCDK::IAM::Grant

Grant permissions to verifying MACs to the given principal.

Parameters:

Returns:



193
194
195
196
# File 'kms/i_key.rb', line 193

def grant_verify_mac(grantee)
  Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee")
  jsii_call_method("grantVerifyMac", [grantee])
end

#key_arnString

The ARN of the key.

Returns:

  • (String)


51
52
53
# File 'kms/i_key.rb', line 51

def key_arn()
  jsii_get_property("keyArn")
end

#key_idString

The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).

Returns:

  • (String)


58
59
60
# File 'kms/i_key.rb', line 58

def key_id()
  jsii_get_property("keyId")
end

#key_refAWSCDK::Interfaces::AWSKMS::KeyReference

A reference to a Key resource.



44
45
46
# File 'kms/i_key.rb', line 44

def key_ref()
  jsii_get_property("keyRef")
end

#nodeConstructs::Node

The tree node.

Returns:

  • (Constructs::Node)


15
16
17
# File 'kms/i_key.rb', line 15

def node()
  jsii_get_property("node")
end

#stackAWSCDK::Stack

The stack in which this resource is defined.

Returns:



37
38
39
# File 'kms/i_key.rb', line 37

def stack()
  jsii_get_property("stack")
end

#with(*mixins) ⇒ Constructs::IConstruct

Applies one or more mixins to this construct.

Mixins are applied in order. The list of constructs is captured at the start of the call, so constructs added by a mixin will not be visited.

Parameters:

  • mixins (Array<Constructs::IMixin>)

    The mixins to apply.

Returns:

  • (Constructs::IConstruct)

    This construct for chaining



69
70
71
72
73
74
# File 'kms/i_key.rb', line 69

def with(*mixins)
  mixins.each_with_index do |item, index|
    Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]")
  end
  jsii_call_method("with", [*mixins])
end