terraform/website/source/docs/providers/aws/r/kms_key.html.markdown

---
layout: "aws"
page_title: "AWS: aws_kms_key"
sidebar_current: "docs-aws-resource-kms-key"
description: |-
  Provides a KMS customer master key.
---

# aws\_kms\_key

Provides a KMS customer master key.

## Example Usage

```
resource "aws_kms_key" "a" {
    description = "KMS key 1"
    deletion_window_in_days = 10
}
```

## Argument Reference

The following arguments are supported:

* `description` - (Optional) The description of the key as viewed in AWS console.
* `key_usage` - (Optional) Specifies the intended use of the key.
	Defaults to ENCRYPT/DECRYPT, and only symmetric encryption and decryption are supported.
* `policy` - (Optional) A valid policy JSON document.
* `deletion_window_in_days` - (Optional) Duration in days after which the key is deleted
	after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.
* `is_enabled` - (Optional) Specifies whether the key is enabled. Defaults to true.
* `enable_key_rotation` - (Optional) Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
	is enabled. Defaults to false.

## Attributes Reference

The following attributes are exported:

* `arn` - The Amazon Resource Name (ARN) of the key.
* `key_id` - The globally unique identifier for the key.

## Import

KMS Keys can be imported using the `id`, e.g. 

```
$ terraform import aws_kms_key.a arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
```
Added docs for kms 2015-10-26 15:47:35 +01:00			`---`
			`layout: "aws"`
			`page_title: "AWS: aws_kms_key"`
			`sidebar_current: "docs-aws-resource-kms-key"`
			`description: \|-`
			`Provides a KMS customer master key.`
			`---`

			`# aws\_kms\_key`

			`Provides a KMS customer master key.`

			`## Example Usage`

			```
			`resource "aws_kms_key" "a" {`
			`description = "KMS key 1"`
aws: kms_key - Change field name (deletion_window -> deletion_window_in_days) 2015-11-14 18:47:58 +01:00			`deletion_window_in_days = 10`
Added docs for kms 2015-10-26 15:47:35 +01:00			`}`
			```

			`## Argument Reference`

			`The following arguments are supported:`

			* `description` - (Optional) The description of the key as viewed in AWS console.
aws: kms_key - Change field name (deletion_window -> deletion_window_in_days) 2015-11-14 18:47:58 +01:00			* `key_usage` - (Optional) Specifies the intended use of the key.
			`Defaults to ENCRYPT/DECRYPT, and only symmetric encryption and decryption are supported.`
Added docs for kms 2015-10-26 15:47:35 +01:00			* `policy` - (Optional) A valid policy JSON document.
aws: kms_key - Change field name (deletion_window -> deletion_window_in_days) 2015-11-14 18:47:58 +01:00			* `deletion_window_in_days` - (Optional) Duration in days after which the key is deleted
			`after destruction of the resource, must be between 7 and 30 days. Defaults to 30 days.`
aws: kms_key - Add support for is_enabled + enable_key_rotation 2015-11-14 22:23:20 +01:00			* `is_enabled` - (Optional) Specifies whether the key is enabled. Defaults to true.
			* `enable_key_rotation` - (Optional) Specifies whether [key rotation](http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html)
			`is enabled. Defaults to false.`
Added docs for kms 2015-10-26 15:47:35 +01:00
			`## Attributes Reference`

			`The following attributes are exported:`

			* `arn` - The Amazon Resource Name (ARN) of the key.
			* `key_id` - The globally unique identifier for the key.
documentation/aws: More additions of Import documention to the AWS (#7729) resources 2016-07-21 00:28:59 +02:00
			`## Import`

			KMS Keys can be imported using the `id`, e.g.

			```
			`$ terraform import aws_kms_key.a arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
			```