By Implementation

Service Control PoliciesConfig RulesAuto Remediation RulesConformance PacksAmazon GuardDutyAmazon InspectorAWS Security HubAWS Network FirewallRoute53 Resolver SecurityAmazon MacieS3 Bucket PoliciesCloudWatch Alarms and Event RulesAWS WAFAWS Secrets ManagerAWS Systems ManagerSecurity Groups & NACLsAWS KMSIAM Policies

By Service Protected

Configuration Packages

Strategy Guides

Other

AWS KMS

KMS Replica Key

Configuration to create an AWS KMS Replica Customer Key based on an existing multi-region key

Note: For CLI templates, you must select the region

The template can also be used to create a primary key. The following settings are available:

  • Key Alias and Description
  • Key Rotation – Enables AWS KMS to automatically creates new key material for the CMK 365 days after the enable date and every 365 days thereafter
  • Regionality – Provides an option to create a Multi-Region primary CMK that you can replicate in other AWS Regions.
Items
1
Size
0.6 KB
Missing Parameters
AWSTemplateFormatVersion: "2010-09-09"
Description: ""
Resources:
  ReplicaKeyKMSKey:
    Type: "AWS::KMS::ReplicaKey"
    Properties:
      PrimaryKeyArn: ""
      KeyPolicy:
        Version: "2012-10-17"
        Statement:
          - Sid: "Enable IAM User Permissions"
            Effect: "Allow"
            Principal:
              AWS:
                Fn::Join:
                  - ""
                  -
                    - "arn:aws:iam::"
                    - Ref: "AWS::AccountId"
                    - ":root"
            Action: "kms:*"
            Resource: "*"
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

* Required field