Skip to content

KMS Key

Customer-managed encryption key.

identity
category9
settings0
inputs1
outputs

Configuration

Setting	Type	Required	Default
Alias	Text	Yes	`—`
Description	Text	—	`—`
Key usage Options: Encrypt / Decrypt, Sign / Verify	Choice	—	`ENCRYPT_DECRYPT`
Key spec Options: Symmetric (AES-256), RSA 2048, RSA 4096, ECC NIST P-256	Choice	—	`SYMMETRIC_DEFAULT`
Deletion window (days)	Number	—	`30`
Enable key rotation	Toggle	—	`true`
Multi-region key	Toggle	—	`false`
Key policy (JSON)	Text	—	`—`
Tags	Key–value	—	`—`

Connections

Socket	Direction	Accepts	Terraform arg
Encrypted resource	Output	aws.aurora, aws.backup-vault, aws.bedrock-agent, aws.bedrock-guardrail, aws.cloudtrail, aws.cloudwatch-log-group, aws.codepipeline, aws.documentdb-elastic-cluster, aws.dynamodb, aws.ebs, aws.efs, aws.eventbridge, aws.fsx, aws.kendra-index, aws.kinesis-firehose, aws.kinesis-stream, aws.msk-cluster, aws.mwaa, aws.neptune-cluster, aws.qldb-ledger, aws.rds, aws.rds-read-replica, aws.redshift, aws.redshift-serverless-namespace, aws.s3, aws.sagemaker-domain, aws.sagemaker-feature-group, aws.sagemaker-notebook-instance, aws.secrets-manager, aws.sns, aws.sqs, aws.ssm-parameter, aws.timestream-database	—