x-kms

Syntax

x-kms:
  keyA:
    Properties: {}
    Settings: {}
    Services: []
    Lookup: {}

Properties

See AWS CFN KMS Key Documentation

Settings

Alias

In addition to EnvNames, for KMS, we also have Alias which will create an Alias along with the KMS Key. The alias name must be a string, not starting with alias/aws or aws. If you specify a an alias starting with alias/ then the string will be used as is, if you only specify a short name, then the alias will be prefixed with the RootStack name and region.

Examples

Simple key creation and link to services

x-kms:
  keyA:
    Properties:
      PendingWindowInDays: 14
    Services:
      - name: serviceA
        access: EncryptDecrypt
      - name: serviceB
        access: EncryptDecrypt
    Settings:
      Alias: keyA

Services

List of key/pair values, as for other ECS ComposeX x-resources.

Three access types have been created for the table:

• EncryptDecrypt

• EncryptOnly

• DecryptOnly

• SQS

KMS and Services

x-kms:
  keyA:
    Properties: {}
    Services:
      - name: serviceA
        access: EncryptDecrypt
      - name: serviceB
        access: DecryptOnly

IAM Permissions

Three access types have been created for the table:

• EncryptDecrypt

• EncryptOnly

• DecryptOnly

• SQS