Configuration to create an AWS KMS Customer Master Key (CMK) with automatic key rotation enabled.

The following settings are available for configuration:

  • Key Alias and Description
  • Key Rotation – Enables AWS KMS to automatically creates new key material for the CMK 365 days after the enable date and every 365 days thereafter
  • Regionality – Provides an option to create a Multi-Region primary CMK that you can replicate in other AWS Regions.

This template also provides the option to create a Replica Key based on an existing multi-region key. (Note: For CLI templates, you must select the region)

Items
1
Size
0.6 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  KmsKey:
    Type: 'AWS::KMS::Key'
    Properties:
      EnableKeyRotation: true
      MultiRegion: false
      KeyPolicy:
        Version: '2012-10-17'
        Statement:
          - Sid: Enable IAM User Permissions
            Effect: Allow
            Principal:
              AWS:
                'Fn::Join':
                  - ''
                  - - 'arn:aws:iam::'
                    - Ref: 'AWS::AccountId'
                    - ':root'
            Action: 'kms:*'
            Resource: '*'
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

* Required field