Socket
Socket
Sign inDemoInstall

@aws-cdk/aws-kms

Package Overview
Dependencies
2
Maintainers
4
Versions
288
Alerts
File Explorer

Advanced tools

npm Scripts
License

Install Socket

Detect and block malicious and high-risk dependencies

Install

@aws-cdk/aws-kms

Version published
Maintainers
4
Created

Package description

What is @aws-cdk/aws-kms?

@aws-cdk/aws-kms is an AWS CDK library that allows you to define and manage AWS Key Management Service (KMS) resources in your AWS infrastructure as code. It provides constructs for creating and managing KMS keys, aliases, and grants, enabling secure encryption and decryption of data.

What are @aws-cdk/aws-kms's main functionalities?

Create a KMS Key

This code sample demonstrates how to create a new KMS key with key rotation enabled and an alias using the AWS CDK.

const cdk = require('@aws-cdk/core');
const kms = require('@aws-cdk/aws-kms');

const app = new cdk.App();
const stack = new cdk.Stack(app, 'MyStack');

const key = new kms.Key(stack, 'MyKey', {
  enableKeyRotation: true,
  alias: 'alias/my-key'
});

app.synth();

Create a KMS Alias

This code sample demonstrates how to create a new KMS alias that points to an existing KMS key using the AWS CDK.

const cdk = require('@aws-cdk/core');
const kms = require('@aws-cdk/aws-kms');

const app = new cdk.App();
const stack = new cdk.Stack(app, 'MyStack');

const key = new kms.Key(stack, 'MyKey');

const alias = new kms.Alias(stack, 'MyAlias', {
  aliasName: 'alias/my-alias',
  targetKey: key
});

app.synth();

Grant Permissions to a KMS Key

This code sample demonstrates how to grant encrypt and decrypt permissions to an IAM user for a KMS key using the AWS CDK.

const cdk = require('@aws-cdk/core');
const kms = require('@aws-cdk/aws-kms');
const iam = require('@aws-cdk/aws-iam');

const app = new cdk.App();
const stack = new cdk.Stack(app, 'MyStack');

const key = new kms.Key(stack, 'MyKey');

const user = new iam.User(stack, 'MyUser');

key.grantEncryptDecrypt(user);

app.synth();

Other packages similar to @aws-cdk/aws-kms

    aws-sdk

    The aws-sdk package is the official AWS SDK for JavaScript, which provides a comprehensive set of tools for interacting with AWS services, including KMS. Unlike @aws-cdk/aws-kms, which is used for defining infrastructure as code, aws-sdk is used for making API calls to AWS services directly from your application code.

    serverless

    The serverless package is a framework for building and deploying serverless applications on AWS and other cloud providers. It includes support for managing AWS KMS keys as part of your serverless infrastructure. While it provides similar functionality for managing KMS keys, it is more focused on serverless architectures compared to the broader infrastructure management capabilities of @aws-cdk/aws-kms.

    terraform

    Terraform is an open-source infrastructure as code tool that allows you to define and manage cloud resources, including AWS KMS keys, using a declarative configuration language. It provides similar functionality to @aws-cdk/aws-kms but uses a different syntax and approach to infrastructure management.

Changelog

Source

0.8.2 - 2018-08-15

Features

  • @aws-cdk/cdk: Tokens can now be transparently embedded into strings and encoded into JSON without losing their semantics. This makes it possible to treat late-bound (deploy-time) values as if they were regular strings ([@rix0rrr] in #518).
  • @aws-cdk/aws-s3: add support for bucket notifications to Lambda, SNS, and SQS targets ([@eladb] in #201, #560, #561, #564)
  • @aws-cdk/cdk: non-alphanumeric characters can now be used as construct identifiers ([@eladb] in #556)
  • @aws-cdk/aws-iam: add support for maxSessionDuration for Roles ([@eladb] in #545).

Changes

  • @aws-cdk/aws-lambda (BREAKING): most classes renamed to be shorter and more in line with official service naming (Lambda renamed to Function or ommitted) ([@eladb] in #550)
  • @aws-cdk/aws-codepipeline (BREAKING): move all CodePipeline actions from @aws-cdk/aws-xxx-codepipeline packages into the regular @aws-cdk/aws-xxx service packages ([@skinny85] in #459).
  • @aws-cdk/aws-custom-resources (BREAKING): package was removed, and the Custom Resource construct added to the @aws-cdk/aws-cloudformation package ([@rix0rrr] in #513)

Fixes

  • @aws-cdk/aws-lambda: Lambdas that are triggered by CloudWatch Events now show up in the console, and can only be triggered the indicated Event Rule. BREAKING for middleware writers (as this introduces an API change), but transparent to regular consumers ([@eladb] in #558)
  • @aws-cdk/aws-codecommit: fix a bug where pollForSourceChanges could not be set to false ([@maciejwalkowiak] in #534)
  • aws-cdk: don't fail if the ~/.aws/credentials file is missing ([@RomainMuller] in #541)
  • @aws-cdk/aws-cloudformation: fix a bug in the CodePipeline actions to correctly support TemplateConfiguration ([@mindstorms6] in #571).
  • @aws-cdk/aws-cloudformation: fix a bug in the CodePipeline actions to correctly support ParameterOverrides ([@mindstorms6] in #574).

Known Issues

  • cdk init will try to init a git repository and fail if no global user.name and user.email have been configured.

Readme

Source

AWS KMS Construct Library

Defines a KMS key:

new EncryptionKey(this, 'MyKey', {
    enableKeyRotation: true
});

Add a couple of aliases:

const key = new EncryptionKey(this, 'MyKey');
key.addAlias('alias/foo');
key.addAlias('alias/bar');

Importing and exporting keys

To use a KMS key that is not defined within this stack, use the EncryptionKey.import(parent, name, ref) factory method:

const key = EncryptionKey.import(this, 'MyImportedKey', {
    keyArn: new KeyArn('arn:aws:...')
});

// you can do stuff with this imported key.
key.addAlias('alias/foo');

To export a key from a stack and import it in another stack, use key.export which returns an EncryptionKeyRef, which can later be used to import:

// in stackA
const myKey = new EncryptionKey(stackA, 'MyKey');
const myKeyRef = myKey.export();

// meanwhile in stackB
const myKeyImported = EncryptionKey.import(stackB, 'MyKeyImported', myKeyRef);

Note that a call to .addToPolicy(statement) on myKeyImported will not have an affect on the key's policy because it is not owned by your stack. The call will be a no-op.

Keywords

FAQs

Last updated on 15 Aug 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Unverified npm Account Takeover Vulnerability For Sale on Dark Web Forum

Security News

Unverified npm Account Takeover Vulnerability For Sale on Dark Web Forum

A threat actor on BreachForums is selling an unverified npm vulnerability for account takeover, but npm has not officially confirmed the existence of this security concern.

By Sarah Gooding  -  Jul 06, 2024
Cyber Insurance Market Projected to Reach $43 Billion by 2030

Security News

Cyber Insurance Market Projected to Reach $43 Billion by 2030

Cyber insurance rates are dropping as the market matures, according to a new report projecting global premiums to reach $43 billion by 2030, driven by international market uptake and growth in the SME sector.

By Sarah Gooding  -  Jul 04, 2024
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc