By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Other

AWS KMS

KMS Customer Master Key (CMK)

Configuration to create an AWS KMS Customer Master Key (CMK).

The following settings are available for configuration:

  • Key Alias and Description
  • Key Rotation – Enables AWS KMS to automatically creates new key material for the CMK 365 days after the enable date and every 365 days thereafter
  • Regionality – Provides an option to create a Multi-Region primary CMK that you can replicate in other AWS Regions.

This template also provides the option to create a Replica Key based on an existing multi-region key. (Note: For CLI templates, you must select the region)

Items
1
Size
0.6 KB
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  KMSKey:
    Type: "AWS::KMS::Key"
    Properties:
      EnableKeyRotation: false
      MultiRegion: false
      KeyPolicy:
        Version: "2012-10-17"
        Statement:
          - Sid: "Enable IAM User Permissions"
            Effect: "Allow"
            Principal:
              AWS:
                Fn::Join:
                  - ""
                  -
                    - "arn:aws:iam::"
                    - Ref: "AWS::AccountId"
                    - ":root"
            Action: "kms:*"
            Resource: "*"
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

* Required field