Struct rusoto_kms::ReplicateKeyRequest [−][src]
pub struct ReplicateKeyRequest { pub bypass_policy_lockout_safety_check: Option<bool>, pub description: Option<String>, pub key_id: String, pub policy: Option<String>, pub replica_region: String, pub tags: Option<Vec<Tag>>, }
Fields
bypass_policy_lockout_safety_check: Option<bool>
A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent PutKeyPolicy
request on the CMK.
The default value is false.
description: Option<String>
A description of the CMK. Use a description that helps you decide whether the CMK is appropriate for a task. The default value is an empty string (no description).
The description is not a shared property of multi-Region keys. You can specify the same description or a different description for each key in a set of related multi-Region keys. AWS KMS does not synchronize this property.
key_id: String
Identifies the multi-Region primary key that is being replicated. To determine whether a CMK is a multi-Region primary key, use the DescribeKey operation to check the value of the MultiRegionKeyType
property.
Specify the key ID or key ARN of a multi-Region primary key.
For example:
-
Key ID:
mrk-1234abcd12ab34cd56ef1234567890ab
-
Key ARN:
arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
policy: Option<String>
The key policy to attach to the CMK. This parameter is optional. If you do not provide a key policy, AWS KMS attaches the default key policy to the CMK.
The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a different key policy for each key in a set of related multi-Region keys. AWS KMS does not synchronize this property.
If you provide a key policy, it must meet the following criteria:
-
If you don't set
BypassPolicyLockoutSafetyCheck
to true, the key policy must give the callerkms:PutKeyPolicy
permission on the replica CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the AWS Key Management Service Developer Guide . -
Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the AWS Identity and Access Management User Guide.
-
The key policy size quota is 32 kilobytes (32768 bytes).
replica_region: String
The Region ID of the AWS Region for this replica key.
Enter the Region ID, such as us-east-1
or ap-southeast-2
. For a list of AWS Regions in which AWS KMS is supported, see AWS KMS service endpoints in the Amazon Web Services General Reference.
The replica must be in a different AWS Region than its primary key and other replicas of that primary key, but in the same AWS partition. AWS KMS must be available in the replica Region. If the Region is not enabled by default, the AWS account must be enabled in the Region.
For information about AWS partitions, see Amazon Resource Names (ARNs) in the Amazon Web Services General Reference. For information about enabling and disabling Regions, see Enabling a Region and Disabling a Region in the Amazon Web Services General Reference.
Assigns one or more tags to the replica key. Use this parameter to tag the CMK when it is created. To tag an existing CMK, use the TagResource operation.
Tagging or untagging a CMK can allow or deny permission to the CMK. For details, see Using ABAC in AWS KMS in the AWS Key Management Service Developer Guide.
To use this parameter, you must have kms:TagResource permission in an IAM policy.
Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key in a set of related multi-Region keys. AWS KMS does not synchronize this property.
Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag value can be an empty (null) string. You cannot have more than one tag on a CMK with the same tag key. If you specify an existing tag key with a different tag value, AWS KMS replaces the current tag value with the specified one.
When you assign tags to an AWS resource, AWS generates a cost allocation report with usage and costs aggregated by tags. Tags can also be used to control access to a CMK. For details, see Tagging Keys.
Trait Implementations
Returns the “default value” for a type. Read more
This method tests for self
and other
values to be equal, and is used
by ==
. Read more
This method tests for !=
.
Auto Trait Implementations
impl RefUnwindSafe for ReplicateKeyRequest
impl Send for ReplicateKeyRequest
impl Sync for ReplicateKeyRequest
impl Unpin for ReplicateKeyRequest
impl UnwindSafe for ReplicateKeyRequest
Blanket Implementations
Mutably borrows from an owned value. Read more
Instruments this type with the provided Span
, returning an
Instrumented
wrapper. Read more
type Output = T
type Output = T
Should always be Self