Configuration to create an AWS KMS Replica Customer Key based on an existing multi-region key

Note: For CLI templates, you must select the region

The template can also be used to create a primary key. The following settings are available:

  • Key Alias and Description
  • Key Rotation – Enables AWS KMS to automatically creates new key material for the CMK 365 days after the enable date and every 365 days thereafter
  • Regionality – Provides an option to create a Multi-Region primary CMK that you can replicate in other AWS Regions.
Items
1
Size
0.6 KB
Missing Parameters
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  ReplicaKeyKmsKey:
    Type: 'AWS::KMS::ReplicaKey'
    Properties:
      PrimaryKeyArn: ''
      KeyPolicy:
        Version: '2012-10-17'
        Statement:
          - Sid: Enable IAM User Permissions
            Effect: Allow
            Principal:
              AWS:
                'Fn::Join':
                  - ''
                  - - 'arn:aws:iam::'
                    - Ref: 'AWS::AccountId'
                    - ':root'
            Action: 'kms:*'
            Resource: '*'
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

* Required field