AwsKmsKeyDetails

Contains metadata about an Amazon KMS key.

AWSAccountId

The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.

Type: String

Pattern: .*\S.*

Required: No

CreationDate

Indicates when the KMS key was created.

This field accepts only the specified formats. Timestamps can end with Z or ("+" / "-") time-hour [":" time-minute]. The time-secfrac after seconds is limited to a maximum of 9 digits. The offset is bounded by +/-18:00. Here are valid timestamp formats with examples:

YYYY-MM-DDTHH:MM:SSZ (for example, 2019-01-31T23:00:00Z)
YYYY-MM-DDTHH:MM:SS.mmmmmmmmmZ (for example, 2019-01-31T23:00:00.123456789Z)
YYYY-MM-DDTHH:MM:SS+HH:MM (for example, 2024-01-04T15:25:10+17:59)
YYYY-MM-DDTHH:MM:SS-HHMM (for example, 2024-01-04T15:25:10-1759)
YYYY-MM-DDTHH:MM:SS.mmmmmmmmm+HH:MM (for example, 2024-01-04T15:25:10.123456789+17:59)

Type: Double

Required: No

Description

A description of the KMS key.

Type: String

Pattern: .*\S.*

Required: No

KeyId

The globally unique identifier for the KMS key.

Type: String

Pattern: .*\S.*

Required: No

KeyManager

The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon managed.

Type: String

Pattern: .*\S.*

Required: No

KeyRotationStatus

Whether the key has key rotation enabled.

Type: Boolean

Required: No

KeyState

The state of the KMS key. Valid values are as follows:

Disabled
Enabled
PendingDeletion
PendingImport
Unavailable

Type: String

Pattern: .*\S.*

Required: No

Origin

The source of the KMS key material.

When this value is AWS_KMS, Amazon KMS created the key material.

When this value is EXTERNAL, the key material was imported from your existing key management infrastructure or the KMS key lacks key material.

When this value is AWS_CLOUDHSM, the key material was created in the Amazon CloudHSM cluster associated with a custom key store.

Type: String

Pattern: .*\S.*

Required: No

AwsKmsKeyDetails

Contents

See Also