AWS KMS: KMS Customer Master Key (CMK)

My Saved Presets

Configuration to create an AWS KMS Customer Master Key (CMK).

The following settings are available for configuration:

Key Alias and Description
Key Rotation – Enables AWS KMS to automatically creates new key material for the CMK 365 days after the enable date and every 365 days thereafter
Regionality – Provides an option to create a Multi-Region primary CMK that you can replicate in other AWS Regions.

This template also provides the option to create a Replica Key based on an existing multi-region key. (Note: For CLI templates, you must select the region)

Items

Size

0.6 KB

YAML/JSON

AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  KmsKey:
    Type: 'AWS::KMS::Key'
    Properties:
      EnableKeyRotation: false
      MultiRegion: false
      KeyPolicy:
        Version: '2012-10-17'
        Statement:
          - Sid: Enable IAM User Permissions
            Effect: Allow
            Principal:
              AWS:
                'Fn::Join':
                  - ''
                  - - 'arn:aws:iam::'
                    - Ref: 'AWS::AccountId'
                    - ':root'
            Action: 'kms:*'
            Resource: '*'
Parameters: {}
Metadata: {}
Conditions: {}

* Required field

AWS KMS

Loading Library ...

KMS Customer Master Key (CMK)

Actions

Customize Template