ALIYUN::KMS::Key类型用于创建一个主密钥。

语法

{
  "Type": "ALIYUN::KMS::Key",
  "Properties": {
    "KeyUsage": String,
    "Enable": Boolean,
    "PendingWindowInDays": Integer,
    "Description": String
  }
}

属性

属性名称 类型 必须 允许更新 描述 约束
KeyUsage String 密钥的用途。 取值:
  • ENCRYPT:加密。
  • DECRYPT:解密。
Enable Boolean 将密钥设置为启用或禁用状态。 取值:
  • true(默认值):启用。
  • false:禁用。
PendingWindowInDays Integer 密钥预删除周期。在这段时间内,您可以撤销删除处于待删除状态的密钥;预删除时间过后无法撤销删除。 取值范围:7~30。

默认值:30。

Description String 密钥的描述。 长度为0~8192个字符。

返回值

Fn::GetAtt

KeyId:密钥的全局唯一标识符。

示例

JSON格式

{
  "ROSTemplateFormatVersion": "2015-09-01",
  "Parameters": {
    "Description": {
      "Type": "String",
      "Description": "The description of the CMK. Length constraints: Minimum length of 0 characters. Maximum length of 8192 characters.",
      "MinLength": 0,
      "MaxLength": 8192
    },
    "PendingWindowInDays": {
      "Type": "Number",
      "Description": "The waiting period, specified in number of days. During this period, you can cancel the CMK in PendingDeletion status. After the waiting period expires, you cannot cancel the deletion. The value must be between 7 and 30. Default value is 30.",
      "MinValue": 7,
      "MaxValue": 30,
      "Default": 30
    },
    "KeyUsage": {
      "Type": "String",
      "Description": "The intended use of the CMK. Default value: ENCRYPT/DECRYPT.",
      "Default": "ENCRYPT/DECRYPT"
    },
    "Enable": {
      "Type": "Boolean",
      "Description": "Specifies whether the key is enabled. Defaults to true.",
      "AllowedValues": [
        "True",
        "true",
        "False",
        "false"
      ],
      "Default": true
    }
  },
  "Resources": {
    "Key": {
      "Type": "ALIYUN::KMS::Key",
      "Properties": {
        "Description": {
          "Ref": "Description"
        },
        "PendingWindowInDays": {
          "Ref": "PendingWindowInDays"
        },
        "KeyUsage": {
          "Ref": "KeyUsage"
        },
        "Enable": {
          "Ref": "Enable"
        }
      }
    }
  },
  "Outputs": {
    "KeyId": {
      "Description": "The globally unique identifier for the CMK.",
      "Value": {
        "Fn::GetAtt": [
          "Key",
          "KeyId"
        ]
      }
    }
  }
}

YAML格式

ROSTemplateFormatVersion: '2015-09-01'
Parameters:
  Description:
    Type: String
    Description: >-
      The description of the CMK. Length constraints: Minimum length of 0
      characters. Maximum length of 8192 characters.
    MinLength: 0
    MaxLength: 8192
  PendingWindowInDays:
    Type: Number
    Description: >-
      The waiting period, specified in number of days. During this period, you
      can cancel the CMK in PendingDeletion status. After the waiting period
      expires, you cannot cancel the deletion. The value must be between 7 and
      30. Default value is 30.
    MinValue: 7
    MaxValue: 30
    Default: 30
  KeyUsage:
    Type: String
    Description: 'The intended use of the CMK. Default value: ENCRYPT/DECRYPT.'
    Default: ENCRYPT/DECRYPT
  Enable:
    Type: Boolean
    Description: Specifies whether the key is enabled. Defaults to true.
    AllowedValues:
      - 'True'
      - 'true'
      - 'False'
      - 'false'
    Default: true
Resources:
  Key:
    Type: 'ALIYUN::KMS::Key'
    Properties:
      Description:
        Ref: Description
      PendingWindowInDays:
        Ref: PendingWindowInDays
      KeyUsage:
        Ref: KeyUsage
      Enable:
        Ref: Enable
Outputs:
  KeyId:
    Description: The globally unique identifier for the CMK.
    Value:
      'Fn::GetAtt':
        - Key
        - KeyId