Resource: aws_kms_replica_external_key

Manages a KMS multi-Region replica key that uses external key material. See the AWS KMS Developer Guide for more information on importing key material into multi-Region keys.

Example Usage

provider "aws" {
  alias  = "primary"
  region = "us-east-1"
}

provider "aws" {
  region = "us-west-2"
}

resource "aws_kms_external_key" "primary" {
  provider = aws.primary

  description             = "Multi-Region primary key"
  deletion_window_in_days = 30
  multi_region            = true
  enabled                 = true

  key_material_base64 = "..."
}

resource "aws_kms_replica_external_key" "replica" {
  description             = "Multi-Region replica key"
  deletion_window_in_days = 7
  primary_key_arn         = aws_kms_external.primary.arn

  key_material_base64 = "..." # Must be the same key material as the primary's.
}

Argument Reference

This resource supports the following arguments:

Attribute Reference

This resource exports the following attributes in addition to the arguments above:

Import

In Terraform v1.5.0 and later, use an import block to import KMS multi-Region replica keys using the id. For example:

import {
  to = aws_kms_replica_external_key.example
  id = "1234abcd-12ab-34cd-56ef-1234567890ab"
}

Using terraform import, import KMS multi-Region replica keys using the id. For example:

% terraform import aws_kms_replica_external_key.example 1234abcd-12ab-34cd-56ef-1234567890ab