Cloud Keys 2020 Python Edition

Questions / Feedback?

on_key_list Event

Fires once for each CMK when listing CMKs.

Syntax

class AmazonKMSKeyListEventParams(object):
  @property
  def arn() -> str: ...
  @property
  def id() -> str: ...
  @property
  def account_id() -> str: ...
  @property
  def description() -> str: ...
  @property
  def enabled() -> bool: ...
  @property
  def aws_managed() -> bool: ...
  @property
  def for_signing() -> bool: ...
  @property
  def key_spec() -> str: ...
  @property
  def algorithms() -> str: ...
  @property
  def state() -> int: ...
  @property
  def creation_date() -> str: ...
  @property
  def deletion_date() -> str: ...

# In class AmazonKMS:
@property
def on_key_list() -> Callable[[AmazonKMSKeyListEventParams], None]: ...
@on_key_list.setter
def on_key_list(event_hook: Callable[[AmazonKMSKeyListEventParams], None]) -> None: ...

Remarks

This event fires once for each CMK returned when list_keys or get_key_info is called. However, note that only ARN and Id are populated when list_keys is called (unless the include_key_details property is enabled; refer to its documentation for more information).

ARN reflects the Amazon resource name of the CMK.

Id reflects the Id of the CMK.

AccountId reflects the Id of the AWS account that owns the CMK.

Description reflects the CMK's description.

Enabled reflects whether the CMK is currently enabled.

AWSManaged reflects whether the CMK is AWS-managed (True) or customer-managed (False).

ForSigning reflects whether the CMK's usage is signing/verification (True) or encryption/decryption (False).

KeySpec reflects the key spec of the CMK. For symmetric CMKs, the only possible value is SYMMETRIC_DEFAULT which, according to the Amazon KMS documentation, is based on AES-256-GCM. For asymmetric CMKs, possible values are:

  • RSA_2048
  • RSA_3072
  • RSA_4096
  • ECC_NIST_P256 (secp256r1)
  • ECC_NIST_P384 (secp384r1)
  • ECC_NIST_P521 (secp521r1)
  • ECC_SECG_P256K1 (secp256k1)

Algorithms reflects a comma-separated list of algorithms that the CMK supports. If key_for_signing is False, possible values are:

  • SYMMETRIC_DEFAULT
  • RSAES_OAEP_SHA_1
  • RSAES_OAEP_SHA_256

If key_for_signing is True, possible values are:

  • RSASSA_PSS_SHA_256
  • RSASSA_PSS_SHA_384
  • RSASSA_PSS_SHA_512
  • RSASSA_PKCS1_V1_5_SHA_256
  • RSASSA_PKCS1_V1_5_SHA_384
  • RSASSA_PKCS1_V1_5_SHA_512
  • ECDSA_SHA_256
  • ECDSA_SHA_384
  • ECDSA_SHA_512

State reflects the CMK's state. Possible values are:

  • aksEnabled (0): The CMK is enabled and ready for use. (Also the default value used when list_keys is called.)
  • aksDisabled (1): The CMK is disabled and cannot be used until it is enabled again.
  • aksPendingDeletion (2): The CMK is pending deletion and cannot be used unless the deletion is canceled.
  • aksPendingImport (3): The CMK has been created, but external key material has not yet been imported into it, so it cannot be used.
  • aksUnavailable (4): The CMK is currently unavailable because the CloudHSM cluster that contains its key material has been disconnected from Amazon KMS.

CreationDate reflects the creation date of the CMK, in seconds since the Unix epoch (including fractional seconds).

If the CMK's state is aksPendingDeletion (2), DeletionDate reflects the deletion date, in seconds since the Unix epoch (including fractional seconds)

Copyright (c) 2022 /n software inc. - All rights reserved.
Cloud Keys 2020 Python Edition - Version 20.0 [Build 8157]