Cloudformation-coverage-roadmap: AWS::KMS::Key asymmetric signing key support
AWS::KMS::Key asymmetric signing key support
2. Scope of request
The AWS::KMS::Key resource doesn't support creating an asymmetric signing key today, although it is possible to create such a key through the KMS API.
This needs two things:
- Support for
AWS::KMS::Key-CustomerMasterKeySpecattribute - Support for
SIGN_VERIFYvalue inAWS::KMS::Key-KeyUsageattribute (docs say this is supported, but it gives an error.)
5. Helpful Links to speed up research and evaluation
AWS::KMS::Key resource doc
KMS CreateKey API doc
StackoverFlow Question
6. Category (required)
- Security (IAM, KMS...)
abiro
All 6 comments
I think I would prefer this be a separate resource type, perhaps even going so far as to separate out SIGN_VERIFY and ENCRYPT_DECRYPT asymmetric keys into separate types, so that it will be easier for type-checking tools to determine if they are being used correctly (with the new resource provider framework, resource schemas could make it clear which usage type of asymmetric key they need), audit tools to understand the contents of a template more simply, etc.
benkehoe
on 10 Jan 2020
Any chances this will be implemented? 馃殌
okgolove
on 20 Apr 2020
AWS::KMS::Key is now open source and changes can be tracked here: https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kms/tree/master/key
PatMyron
on 29 Aug 2020
Any chances this will be implemented? 馃殌
this is currently WIP; should be merged soon - https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kms/pull/24
ammokhov
on 18 Sep 2020
Any update on this?
mkamioner
on 19 Nov 2020
Any update on this?
Hey! This change is merged and should be available for use now. For more information, see the AWS::KMS::Key documentation.
jtcul
on 20 Nov 2020
Related issues
hoegertn
路
4Comments
luiseduardocolon
路
4Comments
baxang
路
3Comments
TheDanBlanco
路
3Comments
seansummers
路
3Comments
Most helpful comment
Any chances this will be implemented? 馃殌