github.com/danp/terraform@v0.9.5-0.20170426144147-39d740081351/website/source/docs/providers/aws/r/kms_key.html.markdown (about) 1 --- 2 layout: "aws" 3 page_title: "AWS: aws_kms_key" 4 sidebar_current: "docs-aws-resource-kms-key" 5 description: |- 6 Provides a KMS customer master key. 7 --- 8 9 # aws\_kms\_key 10 11 Provides a KMS customer master key. 12 13 ## Example Usage 14 15 ```hcl 16 resource "aws_kms_key" "a" { 17 description = "KMS key 1" 18 deletion_window_in_days = 10 19 } 20 ``` 21 22 ## Argument Reference 23 24 The following arguments are supported: 25 26 * `description` - (Optional) The description of the key as viewed in AWS console. 27 * `key_usage` - (Optional) Specifies the intended use of the key. 28 Defaults to ENCRYPT/DECRYPT, and only symmetric encryption and decryption are supported. 29 * `policy` - (Optional) A valid policy JSON document. 30 * `deletion_window_in_days` - (Optional) Duration in days after which the key is deleted 31 after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days. 32 * `is_enabled` - (Optional) Specifies whether the key is enabled. Defaults to true. 33 * `enable_key_rotation` - (Optional) Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) 34 is enabled. Defaults to false. 35 * `tags` - (Optional) A mapping of tags to assign to the object. 36 37 ## Attributes Reference 38 39 The following attributes are exported: 40 41 * `arn` - The Amazon Resource Name (ARN) of the key. 42 * `key_id` - The globally unique identifier for the key. 43 44 ## Import 45 46 KMS Keys can be imported using the `id`, e.g. 47 48 ``` 49 $ terraform import aws_kms_key.a arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 50 ```