on_key_list Event
Fires once for each CMK when listing CMKs.
Syntax
class AmazonKMSKeyListEventParams(object): @property def arn() -> str: ... @property def id() -> str: ... @property def account_id() -> str: ... @property def description() -> str: ... @property def enabled() -> bool: ... @property def aws_managed() -> bool: ... @property def for_signing() -> bool: ... @property def key_spec() -> str: ... @property def algorithms() -> str: ... @property def state() -> int: ... @property def creation_date() -> str: ... @property def deletion_date() -> str: ... # In class AmazonKMS: @property def on_key_list() -> Callable[[AmazonKMSKeyListEventParams], None]: ... @on_key_list.setter def on_key_list(event_hook: Callable[[AmazonKMSKeyListEventParams], None]) -> None: ...
Remarks
This event fires once for each CMK returned when list_keys or get_key_info is called. However, note that only ARN and Id are populated when list_keys is called (unless the include_key_details property is enabled; refer to its documentation for more information).
ARN reflects the Amazon resource name of the CMK.
Id reflects the Id of the CMK.
AccountId reflects the Id of the AWS account that owns the CMK.
Description reflects the CMK's description.
Enabled reflects whether the CMK is currently enabled.
AWSManaged reflects whether the CMK is AWS-managed (True) or customer-managed (False).
ForSigning reflects whether the CMK's usage is signing/verification (True) or encryption/decryption (False).
KeySpec reflects the key spec of the CMK. For symmetric CMKs, the only possible value is SYMMETRIC_DEFAULT which, according to the Amazon KMS documentation, is based on AES-256-GCM. For asymmetric CMKs, possible values are:
- RSA_2048
- RSA_3072
- RSA_4096
- ECC_NIST_P256 (secp256r1)
- ECC_NIST_P384 (secp384r1)
- ECC_NIST_P521 (secp521r1)
- ECC_SECG_P256K1 (secp256k1)
Algorithms reflects a comma-separated list of algorithms that the CMK supports. If key_for_signing is False, possible values are:
- SYMMETRIC_DEFAULT
- RSAES_OAEP_SHA_1
- RSAES_OAEP_SHA_256
If key_for_signing is True, possible values are:
- RSASSA_PSS_SHA_256
- RSASSA_PSS_SHA_384
- RSASSA_PSS_SHA_512
- RSASSA_PKCS1_V1_5_SHA_256
- RSASSA_PKCS1_V1_5_SHA_384
- RSASSA_PKCS1_V1_5_SHA_512
- ECDSA_SHA_256
- ECDSA_SHA_384
- ECDSA_SHA_512
State reflects the CMK's state. Possible values are:
- aksEnabled (0): The CMK is enabled and ready for use. (Also the default value used when list_keys is called.)
- aksDisabled (1): The CMK is disabled and cannot be used until it is enabled again.
- aksPendingDeletion (2): The CMK is pending deletion and cannot be used unless the deletion is canceled.
- aksPendingImport (3): The CMK has been created, but external key material has not yet been imported into it, so it cannot be used.
- aksUnavailable (4): The CMK is currently unavailable because the CloudHSM cluster that contains its key material has been disconnected from Amazon KMS.
CreationDate reflects the creation date of the CMK, in seconds since the Unix epoch (including fractional seconds).
If the CMK's state is aksPendingDeletion (2), DeletionDate reflects the deletion date, in seconds since the Unix epoch (including fractional seconds)