You must be logged in to view saved presets
Multi-Region Primary KMS Key
Configures a multi-Region primary KMS key with policies for key management and operational actions.
Terraform Template
data "aws_caller_identity" "current" {
}
resource "aws_kms_key" "example" {
deletion_window_in_days = 10
description = "An example multi-Region primary key"
enable_key_rotation = true
multi_region = true
policy = jsonencode({
Version = "2012-10-17"
Id = "key-default-1"
Statement = [
{
Sid = "Enable IAM User Permissions"
Effect = "Allow"
Principal = {
AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"
},
Action = "kms:*"
Resource = "*"
},
{
Sid = "Allow administration of the key"
Effect = "Allow"
Principal = {
AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/Alice"
},
Action = [
"kms:ReplicateKey",
"kms:Create*",
"kms:Describe*",
"kms:Enable*",
"kms:List*",
"kms:Put*",
"kms:Update*",
"kms:Revoke*",
"kms:Disable*",
"kms:Get*",
"kms:Delete*",
"kms:ScheduleKeyDeletion",
"kms:CancelKeyDeletion"
],
Resource = "*"
},
{
Sid = "Allow use of the key"
Effect = "Allow"
Principal = {
AWS = "arn:aws:iam::${data.aws_caller_identity.current.account_id}:user/Bob"
},
Action = [
"kms:DescribeKey",
"kms:Encrypt",
"kms:Decrypt",
"kms:ReEncrypt*",
"kms:GenerateDataKey",
"kms:GenerateDataKeyWithoutPlaintext"
],
Resource = "*"
}
]
})
}
© 2024 asecurecloud. All rights reserved.