My Saved Presets
You must be logged in to view saved presets

Loading Library ...

KMS Customer Master Key (CMK) with Automatic Key Rotation

Configuration to create an AWS KMS Customer Master Key (CMK) with automatic key rotation enabled.

The following settings are available for configuration:

  • Key Alias and Description
  • Key Rotation – Enables AWS KMS to automatically creates new key material for the CMK 365 days after the enable date and every 365 days thereafter
  • Regionality – Provides an option to create a Multi-Region primary CMK that you can replicate in other AWS Regions.

This template also provides the option to create a Replica Key based on an existing multi-region key. (Note: For CLI templates, you must select the region)

Items
1
Size
0.6 KB
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
  KmsKey:
    Type: 'AWS::KMS::Key'
    Properties:
      EnableKeyRotation: true
      MultiRegion: false
      KeyPolicy:
        Version: '2012-10-17'
        Statement:
          - Sid: Enable IAM User Permissions
            Effect: Allow
            Principal:
              AWS:
                'Fn::Join':
                  - ''
                  - - 'arn:aws:iam::'
                    - Ref: 'AWS::AccountId'
                    - ':root'
            Action: 'kms:*'
            Resource: '*'
Parameters: {}
Metadata: {}
Conditions: {}

Actions



Customize Template

* Required field

© 2025 asecurecloud. All rights reserved.