» aws_kms_key
Use this data source to get detailed information about the specified KMS Key with flexible key id input. This can be useful to reference key alias without having to hard code the ARN as input.
» Example Usage
data "aws_kms_key" "foo" {
key_id = "alias/my-key"
}
data "aws_kms_key" "foo" {
key_id = "1234abcd-12ab-34cd-56ef-1234567890ab"
}
data "aws_kms_key" "foo" {
key_id = "arn:aws:kms:us-east-1:111122223333:alias/my-key"
}
data "aws_kms_key" "foo" {
key_id = "arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
» Argument Reference
-
key_id
- (Required) Key identifier which can be one of the following format:- Key ID. E.g:
1234abcd-12ab-34cd-56ef-1234567890ab
- Key ARN. E.g.:
arn:aws:kms:us-east-1:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
- Alias name. E.g.:
alias/my-key
- Alias ARN: E.g.:
arn:aws:kms:us-east-1:111122223333:alias/my-key
- Key ID. E.g:
-
grant_tokens
- (Optional) List of grant tokens
» Attributes Reference
-
id
: The globally unique identifier for the key -
arn
: The Amazon Resource Name (ARN) of the key -
aws_account_id
: The twelve-digit account ID of the AWS account that owns the key -
creation_date
: The date and time when the key was created -
deletion_date
: The date and time after which AWS KMS deletes the key. This value is present only whenkey_state
isPendingDeletion
, otherwise this value is 0 -
description
: The description of the key. -
enabled
: Specifies whether the key is enabled. Whenkey_state
isEnabled
this value is true, otherwise it is false -
expiration_model
: Specifies whether the Key's key material expires. This value is present only whenorigin
isEXTERNAL
, otherwise this value is empty -
key_manager
: The key's manager -
key_state
: The state of the key -
key_usage
: Currently the only allowed value isENCRYPT_DECRYPT
-
origin
: When this value isAWS_KMS
, AWS KMS created the key material. When this value isEXTERNAL
, the key material was imported from your existing key management infrastructure or the CMK lacks key material -
valid_to
: The time at which the imported key material expires. This value is present only whenorigin
isEXTERNAL
and whoseexpiration_model
isKEY_MATERIAL_EXPIRES
, otherwise this value is 0