UNPKG

@pulumi/aws-native

Version:

The Pulumi AWS Cloud Control Provider enables you to build, deploy, and manage [any AWS resource that's supported by the AWS Cloud Control API](https://github.com/pulumi/pulumi-aws-native/blob/master/provider/cmd/pulumi-gen-aws-native/supported-types.txt)

pulumi.com

pulumi/pulumi-aws-native

107 lines (106 loc) 5.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; import * as enums from "../types/enums"; /** * Definition of AWS::PaymentCryptography::Key Resource Type */ export declare class Key extends pulumi.CustomResource { /** * Get an existing Key resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, opts?: pulumi.CustomResourceOptions): Key; /** * Returns true if the given object is an instance of Key. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is Key; /** * The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec. */ readonly deriveKeyUsage: pulumi.Output<enums.paymentcryptography.KeyDeriveKeyUsage | undefined>; /** * Specifies whether the key is enabled. */ readonly enabled: pulumi.Output<boolean | undefined>; /** * Specifies whether the key is exportable. This data is immutable after the key is created. */ readonly exportable: pulumi.Output<boolean>; /** * The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created. */ readonly keyAttributes: pulumi.Output<outputs.paymentcryptography.KeyAttributes>; /** * The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. * * For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. */ readonly keyCheckValueAlgorithm: pulumi.Output<enums.paymentcryptography.KeyCheckValueAlgorithm | undefined>; readonly keyIdentifier: pulumi.Output<string>; /** * The source of the key material. For keys created within AWS Payment Cryptography, the value is `AWS_PAYMENT_CRYPTOGRAPHY` . For keys imported into AWS Payment Cryptography, the value is `EXTERNAL` . */ readonly keyOrigin: pulumi.Output<enums.paymentcryptography.KeyOrigin>; /** * The state of key that is being created or deleted. */ readonly keyState: pulumi.Output<enums.paymentcryptography.KeyState>; /** * The list of AWS Regions to remove from the key's replication configuration. * * The key will no longer be available for cryptographic operations in these regions after removal. Ensure no active operations depend on the key in these regions before removal. */ readonly replicationRegions: pulumi.Output<string[] | undefined>; readonly replicationStatus: pulumi.Output<{ [key: string]: outputs.paymentcryptography.KeyReplicationStatusType; }>; readonly tags: pulumi.Output<outputs.Tag[] | undefined>; /** * Create a Key resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: KeyArgs, opts?: pulumi.CustomResourceOptions); } /** * The set of arguments for constructing a Key resource. */ export interface KeyArgs { /** * The cryptographic usage of an ECDH derived key as defined in section A.5.2 of the TR-31 spec. */ deriveKeyUsage?: pulumi.Input<enums.paymentcryptography.KeyDeriveKeyUsage>; /** * Specifies whether the key is enabled. */ enabled?: pulumi.Input<boolean>; /** * Specifies whether the key is exportable. This data is immutable after the key is created. */ exportable: pulumi.Input<boolean>; /** * The role of the key, the algorithm it supports, and the cryptographic operations allowed with the key. This data is immutable after the key is created. */ keyAttributes: pulumi.Input<inputs.paymentcryptography.KeyAttributesArgs>; /** * The algorithm that AWS Payment Cryptography uses to calculate the key check value (KCV). It is used to validate the key integrity. * * For TDES keys, the KCV is computed by encrypting 8 bytes, each with value of zero, with the key to be checked and retaining the 3 highest order bytes of the encrypted result. For AES keys, the KCV is computed using a CMAC algorithm where the input data is 16 bytes of zero and retaining the 3 highest order bytes of the encrypted result. */ keyCheckValueAlgorithm?: pulumi.Input<enums.paymentcryptography.KeyCheckValueAlgorithm>; /** * The list of AWS Regions to remove from the key's replication configuration. * * The key will no longer be available for cryptographic operations in these regions after removal. Ensure no active operations depend on the key in these regions before removal. */ replicationRegions?: pulumi.Input<pulumi.Input<string>[]>; tags?: pulumi.Input<pulumi.Input<inputs.TagArgs>[]>; }