Package com.pulumi.aws.kms.inputs

Class KeyState.Builder

  • Enclosing class:
    KeyState
    public static final class KeyState.Builder
extends java.lang.Object

    • Constructor Detail

      • Builder

        public Builder()

      • Builder

        public Builder​(KeyState defaults)

    • Method Detail

      • arn

        public KeyState.Builder arn​(@Nullable
                            com.pulumi.core.Output<java.lang.String> arn)
        Parameters:
        arn - The Amazon Resource Name (ARN) of the key.
        Returns:
        builder

      • arn

        public KeyState.Builder arn​(java.lang.String arn)
        Parameters:
        arn - The Amazon Resource Name (ARN) of the key.
        Returns:
        builder

      • bypassPolicyLockoutSafetyCheck

        public KeyState.Builder bypassPolicyLockoutSafetyCheck​(@Nullable
                                                       com.pulumi.core.Output<java.lang.Boolean> bypassPolicyLockoutSafetyCheck)
        Parameters:
        bypassPolicyLockoutSafetyCheck - A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. The default value is `false`.
        Returns:
        builder

      • bypassPolicyLockoutSafetyCheck

        public KeyState.Builder bypassPolicyLockoutSafetyCheck​(java.lang.Boolean bypassPolicyLockoutSafetyCheck)
        Parameters:
        bypassPolicyLockoutSafetyCheck - A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the [Default Key Policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the _AWS Key Management Service Developer Guide_. The default value is `false`.
        Returns:
        builder

      • customKeyStoreId

        public KeyState.Builder customKeyStoreId​(@Nullable
                                         com.pulumi.core.Output<java.lang.String> customKeyStoreId)
        Parameters:
        customKeyStoreId - ID of the KMS [Custom Key Store](https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) where the key will be stored instead of KMS (eg CloudHSM).
        Returns:
        builder

      • customKeyStoreId

        public KeyState.Builder customKeyStoreId​(java.lang.String customKeyStoreId)
        Parameters:
        customKeyStoreId - ID of the KMS [Custom Key Store](https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html) where the key will be stored instead of KMS (eg CloudHSM).
        Returns:
        builder

      • customerMasterKeySpec

        public KeyState.Builder customerMasterKeySpec​(@Nullable
                                              com.pulumi.core.Output<java.lang.String> customerMasterKeySpec)
        Parameters:
        customerMasterKeySpec - Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).
        Returns:
        builder

      • customerMasterKeySpec

        public KeyState.Builder customerMasterKeySpec​(java.lang.String customerMasterKeySpec)
        Parameters:
        customerMasterKeySpec - Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: `SYMMETRIC_DEFAULT`, `RSA_2048`, `RSA_3072`, `RSA_4096`, `HMAC_256`, `ECC_NIST_P256`, `ECC_NIST_P384`, `ECC_NIST_P521`, or `ECC_SECG_P256K1`. Defaults to `SYMMETRIC_DEFAULT`. For help with choosing a key spec, see the [AWS KMS Developer Guide](https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose.html).
        Returns:
        builder

      • deletionWindowInDays

        public KeyState.Builder deletionWindowInDays​(@Nullable
                                             com.pulumi.core.Output<java.lang.Integer> deletionWindowInDays)
        Parameters:
        deletionWindowInDays - The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately.
        Returns:
        builder

      • deletionWindowInDays

        public KeyState.Builder deletionWindowInDays​(java.lang.Integer deletionWindowInDays)
        Parameters:
        deletionWindowInDays - The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the KMS key. If you specify a value, it must be between `7` and `30`, inclusive. If you do not specify a value, it defaults to `30`. If the KMS key is a multi-Region primary key with replicas, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately.
        Returns:
        builder

      • description

        public KeyState.Builder description​(@Nullable
                                    com.pulumi.core.Output<java.lang.String> description)
        Parameters:
        description - The description of the key as viewed in AWS console.
        Returns:
        builder

      • description

        public KeyState.Builder description​(java.lang.String description)
        Parameters:
        description - The description of the key as viewed in AWS console.
        Returns:
        builder

      • enableKeyRotation

        public KeyState.Builder enableKeyRotation​(@Nullable
                                          com.pulumi.core.Output<java.lang.Boolean> enableKeyRotation)
        Parameters:
        enableKeyRotation - Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to `false`.
        Returns:
        builder

      • enableKeyRotation

        public KeyState.Builder enableKeyRotation​(java.lang.Boolean enableKeyRotation)
        Parameters:
        enableKeyRotation - Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) is enabled. Defaults to `false`.
        Returns:
        builder

      • isEnabled

        public KeyState.Builder isEnabled​(@Nullable
                                  com.pulumi.core.Output<java.lang.Boolean> isEnabled)
        Parameters:
        isEnabled - Specifies whether the key is enabled. Defaults to `true`.
        Returns:
        builder

      • isEnabled

        public KeyState.Builder isEnabled​(java.lang.Boolean isEnabled)
        Parameters:
        isEnabled - Specifies whether the key is enabled. Defaults to `true`.
        Returns:
        builder

      • keyId

        public KeyState.Builder keyId​(@Nullable
                              com.pulumi.core.Output<java.lang.String> keyId)
        Parameters:
        keyId - The globally unique identifier for the key.
        Returns:
        builder

      • keyId

        public KeyState.Builder keyId​(java.lang.String keyId)
        Parameters:
        keyId - The globally unique identifier for the key.
        Returns:
        builder

      • keyUsage

        public KeyState.Builder keyUsage​(@Nullable
                                 com.pulumi.core.Output<java.lang.String> keyUsage)
        Parameters:
        keyUsage - Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `GENERATE_VERIFY_MAC`. Defaults to `ENCRYPT_DECRYPT`.
        Returns:
        builder

      • keyUsage

        public KeyState.Builder keyUsage​(java.lang.String keyUsage)
        Parameters:
        keyUsage - Specifies the intended use of the key. Valid values: `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `GENERATE_VERIFY_MAC`. Defaults to `ENCRYPT_DECRYPT`.
        Returns:
        builder

      • multiRegion

        public KeyState.Builder multiRegion​(@Nullable
                                    com.pulumi.core.Output<java.lang.Boolean> multiRegion)
        Parameters:
        multiRegion - Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`.
        Returns:
        builder

      • multiRegion

        public KeyState.Builder multiRegion​(java.lang.Boolean multiRegion)
        Parameters:
        multiRegion - Indicates whether the KMS key is a multi-Region (`true`) or regional (`false`) key. Defaults to `false`.
        Returns:
        builder

      • policy

        public KeyState.Builder policy​(@Nullable
                               com.pulumi.core.Output<java.lang.String> policy)
        Parameters:
        policy - A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws.iam.getPolicyDocument`, in the form that designates a principal, can be used. > **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants.
        Returns:
        builder

      • policy

        public KeyState.Builder policy​(java.lang.String policy)
        Parameters:
        policy - A valid policy JSON document. Although this is a key policy, not an IAM policy, an `aws.iam.getPolicyDocument`, in the form that designates a principal, can be used. > **NOTE:** Note: All KMS keys must have a key policy. If a key policy is not specified, AWS gives the KMS key a [default key policy](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) that gives all principals in the owning account unlimited access to all KMS operations for the key. This default key policy effectively delegates all access control to IAM policies and KMS grants.
        Returns:
        builder

      • tags

        public KeyState.Builder tags​(@Nullable
                             com.pulumi.core.Output<java.util.Map<java.lang.String,​java.lang.String>> tags)
        Parameters:
        tags - A map of tags to assign to the object. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
        Returns:
        builder

      • tags

        public KeyState.Builder tags​(java.util.Map<java.lang.String,​java.lang.String> tags)
        Parameters:
        tags - A map of tags to assign to the object. If configured with a provider `default_tags` configuration block present, tags with matching keys will overwrite those defined at the provider-level.
        Returns:
        builder

      • tagsAll

        @Deprecated
public KeyState.Builder tagsAll​(@Nullable
                                com.pulumi.core.Output<java.util.Map<java.lang.String,​java.lang.String>> tagsAll)
        Deprecated.
        Please use `tags` instead.
        Parameters:
        tagsAll - A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.
        Returns:
        builder

      • tagsAll

        @Deprecated
public KeyState.Builder tagsAll​(java.util.Map<java.lang.String,​java.lang.String> tagsAll)
        Deprecated.
        Please use `tags` instead.
        Parameters:
        tagsAll - A map of tags assigned to the resource, including those inherited from the provider `default_tags` configuration block.
        Returns:
        builder

      • xksKeyId

        public KeyState.Builder xksKeyId​(@Nullable
                                 com.pulumi.core.Output<java.lang.String> xksKeyId)
        Parameters:
        xksKeyId - Identifies the external key that serves as key material for the KMS key in an external key store.
        Returns:
        builder

      • xksKeyId

        public KeyState.Builder xksKeyId​(java.lang.String xksKeyId)
        Parameters:
        xksKeyId - Identifies the external key that serves as key material for the KMS key in an external key store.
        Returns:
        builder