Configuration to create an AWS KMS Customer Master Key (CMK) with automatic key rotation enabled.
AWSTemplateFormatVersion: '2010-09-09'
Description: ''
Resources:
KMSKey:
Type: 'AWS::KMS::Key'
Properties:
EnableKeyRotation: true
KeyPolicy:
Version: '2012-10-17'
Statement:
- Sid: Enable IAM User Permissions
Effect: Allow
Principal:
AWS:
'Fn::Join':
- ''
- - 'arn:aws:iam::'
- Ref: 'AWS::AccountId'
- ':root'
Action: 'kms:*'
Resource: '*'
Parameters: {}
Metadata: {}
Conditions: {}
Configuration Source: AWS Documentation
Additional Documentation: