AwsKmsKeyDetails
Contains metadata about an Amazon KMS key.
Contents
- AWSAccountId
-
The twelve-digit account ID of the Amazon Web Services account that owns the KMS key.
Type: String
Pattern:
.*\S.*
Required: No
- CreationDate
-
Indicates when the KMS key was created.
For more information about the validation and formatting of timestamp fields in Amazon Security Hub, see Timestamps.
Type: Double
Required: No
- Description
-
A description of the KMS key.
Type: String
Pattern:
.*\S.*
Required: No
- KeyId
-
The globally unique identifier for the KMS key.
Type: String
Pattern:
.*\S.*
Required: No
- KeyManager
-
The manager of the KMS key. KMS keys in your Amazon Web Services account are either customer managed or Amazon managed.
Type: String
Pattern:
.*\S.*
Required: No
- KeyRotationStatus
-
Whether the key has key rotation enabled.
Type: Boolean
Required: No
- KeyState
-
The state of the KMS key. Valid values are as follows:
-
Disabled
-
Enabled
-
PendingDeletion
-
PendingImport
-
Unavailable
Type: String
Pattern:
.*\S.*
Required: No
-
- Origin
-
The source of the KMS key material.
When this value is
AWS_KMS
, Amazon KMS created the key material.When this value is
EXTERNAL
, the key material was imported from your existing key management infrastructure or the KMS key lacks key material.When this value is
AWS_CLOUDHSM
, the key material was created in the Amazon CloudHSM cluster associated with a custom key store.Type: String
Pattern:
.*\S.*
Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: