Class: AWSCDK::KMS::Key
Overview
Defines a KMS key.
Class Method Summary collapse
-
.DEFAULT_DUMMY_KEY_ID ⇒ String
The default key id of the dummy key.
-
.from_cfn_key(cfn_key) ⇒ AWSCDK::KMS::IKey
Create a mutable
IKeybased on a low-levelCfnKey. -
.from_key_arn(scope, id, key_arn) ⇒ AWSCDK::KMS::IKey
Import an externally defined KMS Key using its ARN.
-
.from_lookup(scope, id, options) ⇒ AWSCDK::KMS::IKey
Import an existing Key by querying the AWS environment this stack is deployed to.
-
.is_lookup_dummy(key) ⇒ Boolean
Checks if the key returned by the
Key.fromLookup()method is a dummy key, i.e., a key that was not found. - .jsii_overridable_methods ⇒ Object
-
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
Instance Method Summary collapse
-
#add_alias(alias_name) ⇒ AWSCDK::KMS::Alias
Defines a new alias for the key.
-
#add_to_resource_policy(statement, allow_no_op = nil) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the KMS key resource policy.
-
#apply_cross_stack_reference_strength(strength) ⇒ void
Override the cross-stack reference strength for this resource.
-
#apply_removal_policy(policy) ⇒ void
Apply the given removal policy to this resource.
-
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
- #generate_physical_name ⇒ String
-
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g.
bucket.bucketArn). -
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g.
bucket.bucketName). -
#grant(grantee, *actions) ⇒ AWSCDK::IAM::Grant
Grant the indicated permissions on this key to the given principal.
-
#grant_admin(grantee) ⇒ AWSCDK::IAM::Grant
Grant admins permissions using this key to the given principal.
-
#grant_decrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant decryption permissions using this key to the given principal.
-
#grant_encrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant encryption permissions using this key to the given principal.
-
#grant_encrypt_decrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant encryption and decryption permissions using this key to the given principal.
-
#grant_generate_mac(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to generating MACs to the given principal.
-
#grant_sign(grantee) ⇒ AWSCDK::IAM::Grant
Grant sign permissions using this key to the given principal.
-
#grant_sign_verify(grantee) ⇒ AWSCDK::IAM::Grant
Grant sign and verify permissions using this key to the given principal.
-
#grant_verify(grantee) ⇒ AWSCDK::IAM::Grant
Grant verify permissions using this key to the given principal.
-
#grant_verify_mac(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to verifying MACs to the given principal.
-
#grants ⇒ AWSCDK::KMS::KeyGrants
Collection of grant methods for a Key.
-
#initialize(scope, id, props = nil) ⇒ Key
constructor
A new instance of Key.
-
#key_arn ⇒ String
The ARN of the key.
-
#key_id ⇒ String
The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
-
#key_ref ⇒ AWSCDK::Interfaces::AWSKMS::KeyReference
A reference to a Key resource.
-
#node ⇒ Constructs::Node
The tree node.
-
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
-
#policy ⇒ AWSCDK::IAM::PolicyDocument?
Optional policy document that represents the resource policy of this key.
-
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
-
#to_string ⇒ String
Returns a string representation of this construct.
-
#trust_account_identities ⇒ Boolean
Optional property to control trusting account identities.
-
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Constructor Details
#initialize(scope, id, props = nil) ⇒ Key
Returns a new instance of Key.
12 13 14 15 16 17 18 |
# File 'kms/key.rb', line 12 def initialize(scope, id, props = nil) props = props.is_a?(Hash) ? ::AWSCDK::KMS::KeyProps.new(**props.transform_keys(&:to_sym)) : props Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(props, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfa21zLktleVByb3BzIn0=")), "props") unless props.nil? Jsii::Object.instance_method(:initialize).bind(self).call(scope, id, props) end |
Class Method Details
.DEFAULT_DUMMY_KEY_ID ⇒ String
The default key id of the dummy key.
This value is used as a dummy key id if the key was not found
by the Key.fromLookup() method.
182 183 184 |
# File 'kms/key.rb', line 182 def self.DEFAULT_DUMMY_KEY_ID() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_kms.Key", "DEFAULT_DUMMY_KEY_ID") end |
.from_cfn_key(cfn_key) ⇒ AWSCDK::KMS::IKey
Create a mutable IKey based on a low-level CfnKey.
This is most useful when combined with the cloudformation-include module.
This method is different than from_key_arn() because the IKey
returned from this method is mutable;
meaning, calling any mutating methods on it,
like IKey.addToResourcePolicy(),
will actually be reflected in the resulting template,
as opposed to the object returned from from_key_arn(),
on which calling those methods would have no effect.
67 68 69 70 |
# File 'kms/key.rb', line 67 def self.from_cfn_key(cfn_key) Jsii::Type.check_type(cfn_key, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfa21zLkNmbktleSJ9")), "cfnKey") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_kms.Key", "fromCfnKey", [cfn_key]) end |
.from_key_arn(scope, id, key_arn) ⇒ AWSCDK::KMS::IKey
Import an externally defined KMS Key using its ARN.
78 79 80 81 82 83 |
# File 'kms/key.rb', line 78 def self.from_key_arn(scope, id, key_arn) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") Jsii::Type.check_type(key_arn, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "keyArn") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_kms.Key", "fromKeyArn", [scope, id, key_arn]) end |
.from_lookup(scope, id, options) ⇒ AWSCDK::KMS::IKey
Import an existing Key by querying the AWS environment this stack is deployed to.
This function only needs to be used to use Keys not defined in your CDK
application. If you are looking to share a Key between stacks, you can
pass the Key object between stacks and use it as normal. In addition,
it's not necessary to use this method if an interface accepts an IKey.
In this case, Alias.fromAliasName() can be used which returns an alias
that extends IKey.
Calling this method will lead to a lookup when the CDK CLI is executed. You can therefore not use any values that will only be available at CloudFormation execution time (i.e., Tokens).
If you set return_dummy_key_on_missing to true in options and the key was not found,
this method will return a dummy key with a key id '1234abcd-12ab-34cd-56ef-1234567890ab'.
The value of the dummy key id can also be referenced using the Key.DEFAULT_DUMMY_KEY_ID
variable, and you can check if the key is a dummy key by using the Key.isLookupDummy()
method.
The Key information will be cached in cdk.context.json and the same Key
will be used on future runs. To refresh the lookup, you will have to
evict the value from the cache using the cdk context command. See
https://docs.aws.amazon.com/cdk/latest/guide/context.html for more information.
113 114 115 116 117 118 119 |
# File 'kms/key.rb', line 113 def self.from_lookup(scope, id, ) Jsii::Type.check_type(scope, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLkNvbnN0cnVjdCJ9")), "scope") Jsii::Type.check_type(id, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "id") = .is_a?(Hash) ? ::AWSCDK::KMS::KeyLookupOptions.new(**.transform_keys(&:to_sym)) : Jsii::Type.check_type(, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3Nfa21zLktleUxvb2t1cE9wdGlvbnMifQ==")), "options") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_kms.Key", "fromLookup", [scope, id, ]) end |
.is_lookup_dummy(key) ⇒ Boolean
Checks if the key returned by the Key.fromLookup() method is a dummy key, i.e., a key that was not found.
This method can only be used if the return_dummy_key_on_missing option
is set to true in the options for the Key.fromLookup() method.
128 129 130 131 |
# File 'kms/key.rb', line 128 def self.is_lookup_dummy(key) Jsii::Type.check_type(key, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5pbnRlcmZhY2VzLmF3c19rbXMuSUtleVJlZiJ9")), "key") Jsii::Kernel.instance.call_static("aws-cdk-lib.aws_kms.Key", "isLookupDummy", [key]) end |
.jsii_overridable_methods ⇒ Object
20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 |
# File 'kms/key.rb', line 20 def self.jsii_overridable_methods { :node => { kind: :property, name: "node", is_optional: false }, :env => { kind: :property, name: "env", is_optional: false }, :physical_name => { kind: :property, name: "physicalName", is_optional: false }, :stack => { kind: :property, name: "stack", is_optional: false }, :grants => { kind: :property, name: "grants", is_optional: false }, :key_arn => { kind: :property, name: "keyArn", is_optional: false }, :key_id => { kind: :property, name: "keyId", is_optional: false }, :key_ref => { kind: :property, name: "keyRef", is_optional: false }, :trust_account_identities => { kind: :property, name: "trustAccountIdentities", is_optional: false }, :policy => { kind: :property, name: "policy", is_optional: true }, :to_string => { kind: :method, name: "toString", is_optional: false }, :with => { kind: :method, name: "with", is_optional: false }, :apply_cross_stack_reference_strength => { kind: :method, name: "applyCrossStackReferenceStrength", is_optional: false }, :apply_removal_policy => { kind: :method, name: "applyRemovalPolicy", is_optional: false }, :generate_physical_name => { kind: :method, name: "generatePhysicalName", is_optional: false }, :get_resource_arn_attribute => { kind: :method, name: "getResourceArnAttribute", is_optional: false }, :get_resource_name_attribute => { kind: :method, name: "getResourceNameAttribute", is_optional: false }, :add_alias => { kind: :method, name: "addAlias", is_optional: false }, :add_to_resource_policy => { kind: :method, name: "addToResourcePolicy", is_optional: false }, :grant => { kind: :method, name: "grant", is_optional: false }, :grant_admin => { kind: :method, name: "grantAdmin", is_optional: false }, :grant_decrypt => { kind: :method, name: "grantDecrypt", is_optional: false }, :grant_encrypt => { kind: :method, name: "grantEncrypt", is_optional: false }, :grant_encrypt_decrypt => { kind: :method, name: "grantEncryptDecrypt", is_optional: false }, :grant_generate_mac => { kind: :method, name: "grantGenerateMac", is_optional: false }, :grant_sign => { kind: :method, name: "grantSign", is_optional: false }, :grant_sign_verify => { kind: :method, name: "grantSignVerify", is_optional: false }, :grant_verify => { kind: :method, name: "grantVerify", is_optional: false }, :grant_verify_mac => { kind: :method, name: "grantVerifyMac", is_optional: false }, } end |
.PROPERTY_INJECTION_ID ⇒ String
Uniquely identifies this class.
189 190 191 |
# File 'kms/key.rb', line 189 def self.PROPERTY_INJECTION_ID() Jsii::Kernel.instance.get_static("aws-cdk-lib.aws_kms.Key", "PROPERTY_INJECTION_ID") end |
Instance Method Details
#add_alias(alias_name) ⇒ AWSCDK::KMS::Alias
Defines a new alias for the key.
336 337 338 339 |
# File 'kms/key.rb', line 336 def add_alias(alias_name) Jsii::Type.check_type(alias_name, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "aliasName") jsii_call_method("addAlias", [alias_name]) end |
#add_to_resource_policy(statement, allow_no_op = nil) ⇒ AWSCDK::IAM::AddToResourcePolicyResult
Adds a statement to the KMS key resource policy.
346 347 348 349 350 |
# File 'kms/key.rb', line 346 def add_to_resource_policy(statement, allow_no_op = nil) Jsii::Type.check_type(statement, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLlBvbGljeVN0YXRlbWVudCJ9")), "statement") Jsii::Type.check_type(allow_no_op, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJib29sZWFuIn0=")), "allowNoOp") unless allow_no_op.nil? jsii_call_method("addToResourcePolicy", [statement, allow_no_op]) end |
#apply_cross_stack_reference_strength(strength) ⇒ void
This method returns an undefined value.
Override the cross-stack reference strength for this resource.
When set, any cross-stack reference to this resource will use the specified
mechanism instead of the global default determined by the
@aws-cdk/core:defaultCrossStackReferences context key. This is useful for
selectively weakening specific references to avoid the "deadly embrace" problem
without changing the app-wide default.
275 276 277 278 |
# File 'kms/key.rb', line 275 def apply_cross_stack_reference_strength(strength) Jsii::Type.check_type(strength, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZWZlcmVuY2VTdHJlbmd0aCJ9")), "strength") jsii_call_method("applyCrossStackReferenceStrength", [strength]) end |
#apply_removal_policy(policy) ⇒ void
This method returns an undefined value.
Apply the given removal policy to this resource.
The Removal Policy controls what happens to this resource when it stops being managed by CloudFormation, either because you've removed it from the CDK application or because you've made a change that requires the resource to be replaced.
The resource can be deleted (RemovalPolicy.DESTROY), or left in your AWS
account for data recovery and cleanup later (RemovalPolicy.RETAIN).
292 293 294 295 |
# File 'kms/key.rb', line 292 def apply_removal_policy(policy) Jsii::Type.check_type(policy, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5SZW1vdmFsUG9saWN5In0=")), "policy") jsii_call_method("applyRemovalPolicy", [policy]) end |
#env ⇒ AWSCDK::Interfaces::ResourceEnvironment
The environment this resource belongs to.
For resources that are created and managed in a Stack (those created by
creating new class instances like new Role(), new Bucket(), etc.), this
is always the same as the environment of the stack they belong to.
For referenced resources (those obtained from referencing methods like
Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be
different than the stack they were imported into.
151 152 153 |
# File 'kms/key.rb', line 151 def env() jsii_get_property("env") end |
#generate_physical_name ⇒ String
298 299 300 |
# File 'kms/key.rb', line 298 def generate_physical_name() jsii_call_method("generatePhysicalName", []) end |
#get_resource_arn_attribute(arn_attr, arn_components) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "ARN" attribute (e.g. bucket.bucketArn).
Normally, this token will resolve to arn_attr, but if the resource is
referenced across environments, arn_components will be used to synthesize
a concrete ARN with the resource's physical name. Make sure to reference
this.physicalName in arn_components.
312 313 314 315 316 317 |
# File 'kms/key.rb', line 312 def get_resource_arn_attribute(arn_attr, arn_components) Jsii::Type.check_type(arn_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "arnAttr") arn_components = arn_components.is_a?(Hash) ? ::AWSCDK::ARNComponents.new(**arn_components.transform_keys(&:to_sym)) : arn_components Jsii::Type.check_type(arn_components, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5Bcm5Db21wb25lbnRzIn0=")), "arnComponents") jsii_call_method("getResourceArnAttribute", [arn_attr, arn_components]) end |
#get_resource_name_attribute(name_attr) ⇒ String
Returns an environment-sensitive token that should be used for the resource's "name" attribute (e.g. bucket.bucketName).
Normally, this token will resolve to name_attr, but if the resource is
referenced across environments, it will be resolved to this.physicalName,
which will be a concrete name.
327 328 329 330 |
# File 'kms/key.rb', line 327 def get_resource_name_attribute(name_attr) Jsii::Type.check_type(name_attr, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "nameAttr") jsii_call_method("getResourceNameAttribute", [name_attr]) end |
#grant(grantee, *actions) ⇒ AWSCDK::IAM::Grant
Grant the indicated permissions on this key to the given principal.
This modifies both the principal's policy as well as the resource policy, since the default CloudFormation setup for KMS keys is that the policy must not be empty and so default grants won't work.
[disable-awslint:no-grants]
363 364 365 366 367 368 369 |
# File 'kms/key.rb', line 363 def grant(grantee, *actions) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") actions.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJwcmltaXRpdmUiOiJzdHJpbmcifQ==")), "actions[#{index}]") end jsii_call_method("grant", [grantee, *actions]) end |
#grant_admin(grantee) ⇒ AWSCDK::IAM::Grant
Grant admins permissions using this key to the given principal.
Key administrators have permissions to manage the key (e.g., change permissions, revoke), but do not have permissions to use the key in cryptographic operations (e.g., encrypt, decrypt).
[disable-awslint:no-grants]
380 381 382 383 |
# File 'kms/key.rb', line 380 def grant_admin(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantAdmin", [grantee]) end |
#grant_decrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant decryption permissions using this key to the given principal.
[disable-awslint:no-grants]
391 392 393 394 |
# File 'kms/key.rb', line 391 def grant_decrypt(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantDecrypt", [grantee]) end |
#grant_encrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant encryption permissions using this key to the given principal.
[disable-awslint:no-grants]
402 403 404 405 |
# File 'kms/key.rb', line 402 def grant_encrypt(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantEncrypt", [grantee]) end |
#grant_encrypt_decrypt(grantee) ⇒ AWSCDK::IAM::Grant
Grant encryption and decryption permissions using this key to the given principal.
[disable-awslint:no-grants]
413 414 415 416 |
# File 'kms/key.rb', line 413 def grant_encrypt_decrypt(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantEncryptDecrypt", [grantee]) end |
#grant_generate_mac(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to generating MACs to the given principal.
[disable-awslint:no-grants]
424 425 426 427 |
# File 'kms/key.rb', line 424 def grant_generate_mac(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantGenerateMac", [grantee]) end |
#grant_sign(grantee) ⇒ AWSCDK::IAM::Grant
Grant sign permissions using this key to the given principal.
[disable-awslint:no-grants]
435 436 437 438 |
# File 'kms/key.rb', line 435 def grant_sign(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantSign", [grantee]) end |
#grant_sign_verify(grantee) ⇒ AWSCDK::IAM::Grant
Grant sign and verify permissions using this key to the given principal.
[disable-awslint:no-grants]
446 447 448 449 |
# File 'kms/key.rb', line 446 def grant_sign_verify(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantSignVerify", [grantee]) end |
#grant_verify(grantee) ⇒ AWSCDK::IAM::Grant
Grant verify permissions using this key to the given principal.
[disable-awslint:no-grants]
457 458 459 460 |
# File 'kms/key.rb', line 457 def grant_verify(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantVerify", [grantee]) end |
#grant_verify_mac(grantee) ⇒ AWSCDK::IAM::Grant
Grant permissions to verifying MACs to the given principal.
[disable-awslint:no-grants]
468 469 470 471 |
# File 'kms/key.rb', line 468 def grant_verify_mac(grantee) Jsii::Type.check_type(grantee, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJhd3MtY2RrLWxpYi5hd3NfaWFtLklHcmFudGFibGUifQ==")), "grantee") jsii_call_method("grantVerifyMac", [grantee]) end |
#grants ⇒ AWSCDK::KMS::KeyGrants
Collection of grant methods for a Key.
196 197 198 |
# File 'kms/key.rb', line 196 def grants() jsii_get_property("grants") end |
#key_arn ⇒ String
The ARN of the key.
203 204 205 |
# File 'kms/key.rb', line 203 def key_arn() jsii_get_property("keyArn") end |
#key_id ⇒ String
The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
210 211 212 |
# File 'kms/key.rb', line 210 def key_id() jsii_get_property("keyId") end |
#key_ref ⇒ AWSCDK::Interfaces::AWSKMS::KeyReference
A reference to a Key resource.
217 218 219 |
# File 'kms/key.rb', line 217 def key_ref() jsii_get_property("keyRef") end |
#node ⇒ Constructs::Node
The tree node.
136 137 138 |
# File 'kms/key.rb', line 136 def node() jsii_get_property("node") end |
#physical_name ⇒ String
Returns a string-encoded token that resolves to the physical name that should be passed to the CloudFormation resource.
This value will resolve to one of the following:
- a concrete value (e.g.
"my-awesome-bucket") undefined, when a name should be generated by CloudFormation- a concrete name generated automatically during synthesis, in cross-environment scenarios.
165 166 167 |
# File 'kms/key.rb', line 165 def physical_name() jsii_get_property("physicalName") end |
#policy ⇒ AWSCDK::IAM::PolicyDocument?
Optional policy document that represents the resource policy of this key.
If specified, addToResourcePolicy can be used to edit this policy. Otherwise this method will no-op.
238 239 240 |
# File 'kms/key.rb', line 238 def policy() jsii_get_property("policy") end |
#stack ⇒ AWSCDK::Stack
The stack in which this resource is defined.
172 173 174 |
# File 'kms/key.rb', line 172 def stack() jsii_get_property("stack") end |
#to_string ⇒ String
Returns a string representation of this construct.
245 246 247 |
# File 'kms/key.rb', line 245 def to_string() jsii_call_method("toString", []) end |
#trust_account_identities ⇒ Boolean
Optional property to control trusting account identities.
If specified, grants will default identity policies instead of to both resource and identity policies. This matches the default behavior when creating KMS keys via the API or console.
228 229 230 |
# File 'kms/key.rb', line 228 def trust_account_identities() jsii_get_property("trustAccountIdentities") end |
#with(*mixins) ⇒ Constructs::IConstruct
Applies one or more mixins to this construct.
Mixins are applied in order. The list of constructs is captured at the
start of the call, so constructs added by a mixin will not be visited.
Use multiple with() calls if subsequent mixins should apply to added
constructs.
258 259 260 261 262 263 |
# File 'kms/key.rb', line 258 def with(*mixins) mixins.each_with_index do |item, index| Jsii::Type.check_type(item, JSON.parse(Base64.strict_decode64("eyJmcW4iOiJjb25zdHJ1Y3RzLklNaXhpbiJ9")), "mixins[#{index}]") end jsii_call_method("with", [*mixins]) end |