Skip to content

Resource: awsKmsCustomKeyStore

Terraform resource for managing an AWS KMS (Key Management) Custom Key Store.

Example Usage

Basic Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
new aws.kmsCustomKeyStore.KmsCustomKeyStore(this, "test", {
  cloudHsmClusterId: "${var.cloud_hsm_cluster_id}",
  customKeyStoreName: "kms-custom-key-store-test",
  keyStorePassword: "noplaintextpasswords1",
  trustAnchorCertificate: '${file("anchor-certificate.crt")}',
});

Argument Reference

The following arguments are required:

  • cloudHsmClusterId - (Required) Cluster ID of CloudHSM.
  • customKeyStoreName - (Required) Unique name for Custom Key Store.
  • keyStorePassword - (Required) Password for kmsuser on CloudHSM.
  • trustAnchorCertificate - (Required) Customer certificate used for signing on CloudHSM.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The Custom Key Store ID

Timeouts

Configuration options:

  • create - (Default 15M)
  • update - (Default 15M)
  • delete - (Default 15M)

Import

KMS (Key Management) Custom Key Store can be imported using the id, e.g.,

$ terraform import aws_kms_custom_key_store.example cks-5ebd4ef395a96288e