Key
The Key resource lets you manage AWS KMS Keys for encrypting and decrypting data securely within your AWS environment.
Minimal Example
Section titled “Minimal Example”Create a basic KMS Key with default settings and a description.
import AWS from "alchemy/aws/control";
const basicKmsKey = await AWS.KMS.Key("myBasicKmsKey", {  Description: "A basic KMS key for encryption",  KeyPolicy: {    Version: "2012-10-17",    Statement: [      {        Effect: "Allow",        Principal: {          AWS: "*"        },        Action: "kms:*",        Resource: "*"      }    ]  },  Enabled: true});Advanced Configuration
Section titled “Advanced Configuration”Configure a KMS Key with additional options such as rotation and multi-region support.
const advancedKmsKey = await AWS.KMS.Key("myAdvancedKmsKey", {  Description: "An advanced KMS key with rotation enabled",  KeyPolicy: {    Version: "2012-10-17",    Statement: [      {        Effect: "Allow",        Principal: {          AWS: "arn:aws:iam::123456789012:user/my-user"        },        Action: "kms:Encrypt",        Resource: "*"      }    ]  },  EnableKeyRotation: true,  MultiRegion: true,  KeySpec: "SYMMETRIC_DEFAULT",  KeyUsage: "ENCRYPT_DECRYPT"});Key with Custom Tags
Section titled “Key with Custom Tags”Create a KMS Key with custom tags for better resource management.
const taggedKmsKey = await AWS.KMS.Key("myTaggedKmsKey", {  Description: "A KMS key with custom tags for organization",  KeyPolicy: {    Version: "2012-10-17",    Statement: [      {        Effect: "Allow",        Principal: {          AWS: "arn:aws:iam::123456789012:user/my-user"        },        Action: "kms:*",        Resource: "*"      }    ]  },  Tags: [    {      Key: "Environment",      Value: "Production"    },    {      Key: "Project",      Value: "MyApp"    }  ]});KMS Key with Rotation Period
Section titled “KMS Key with Rotation Period”Create a KMS Key with a specified rotation period.
const rotatedKmsKey = await AWS.KMS.Key("myRotatedKmsKey", {  Description: "A KMS key with a rotation period of 30 days",  KeyPolicy: {    Version: "2012-10-17",    Statement: [      {        Effect: "Allow",        Principal: {          AWS: "arn:aws:iam::123456789012:user/my-user"        },        Action: "kms:Decrypt",        Resource: "*"      }    ]  },  EnableKeyRotation: true,  RotationPeriodInDays: 30});