AWS Key Management Service (KMS) makes it easy for you to create and manage cryptographic keys and control their use across a wide range of AWS services and in your applications. AWS KMS is a secure and resilient service that uses hardware security modules that have been validated under FIPS 140-2, or are in the process of being validated, to protect your keys. AWS KMS is integrated with AWS CloudTrail to provide you with logs of all key usage to help meet your regulatory and compliance needs.
Refactored the update handler so that errors from updateKeyRotationStatus and updateKeyStatus are returned properly
Improved the depth of the Create / Read handler unit tests
Added a gitignore
Increased the memory allocated to the lambda functions (Allows for the contract tests to work on MacOS)
New wording:
"Specifies the type of CMK to create. The default value is SYMMETRIC_DEFAULT. This parameter is required only for asymmetric CMKs. You can't change the KeySpec value after the CMK is created."
"You cannot set the EnableKeyRotation property to true on asymmetric keys."
Questions for CloudFormation Reviewers:
Is there a way for us to specify our defaults such that the following update does not cause re-creation of the physical resource? Going from a template with only a key policy, to a template that explicitly specifies the default KeyUsage and KeySpec causes the resource to be re-created. This behavior is undesirable as the key should be the same, but it will no longer be able to decrypt data encrypted by the original key.
Issue #, if available:
N/A
Description of changes:
New wording:
Questions for CloudFormation Reviewers:
Original Template:
Updated Template:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.