Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AWS::KMS::Key asymmetric signing key support #337

Closed
agostbiro opened this issue Jan 10, 2020 · 6 comments
Closed

AWS::KMS::Key asymmetric signing key support #337

agostbiro opened this issue Jan 10, 2020 · 6 comments
Labels
security identity compliance IAM, Cognito, Secrets Manager, GuardDuty, etc.
Milestone

Comments

@agostbiro
Copy link

AWS::KMS::Key asymmetric signing key support

2. Scope of request

The AWS::KMS::Key resource doesn't support creating an asymmetric signing key today, although it is possible to create such a key through the KMS API.

This needs two things:

  1. Support for AWS::KMS::Key-CustomerMasterKeySpec attribute
  2. Support for SIGN_VERIFY value in AWS::KMS::Key-KeyUsage attribute (docs say this is supported, but it gives an error.)

5. Helpful Links to speed up research and evaluation

AWS::KMS::Key resource doc
KMS CreateKey API doc
StackoverFlow Question

6. Category (required)

  1. Security (IAM, KMS...)
@benkehoe
Copy link
Contributor

benkehoe commented Jan 10, 2020

I think I would prefer this be a separate resource type, perhaps even going so far as to separate out SIGN_VERIFY and ENCRYPT_DECRYPT asymmetric keys into separate types, so that it will be easier for type-checking tools to determine if they are being used correctly (with the new resource provider framework, resource schemas could make it clear which usage type of asymmetric key they need), audit tools to understand the contents of a template more simply, etc.

@TheDanBlanco TheDanBlanco added the security identity compliance IAM, Cognito, Secrets Manager, GuardDuty, etc. label Jan 21, 2020
@okgolove
Copy link

Any chances this will be implemented? 🚀

@craigataws craigataws added this to the cov milestone Jul 21, 2020
@PatMyron
Copy link
Contributor

AWS::KMS::Key is now open source and changes can be tracked here: https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-kms/tree/master/key

@ammokhov
Copy link

Any chances this will be implemented? 🚀

this is currently WIP; should be merged soon - aws-cloudformation/aws-cloudformation-resource-providers-kms#24

@mkamioner
Copy link

Any update on this?

@jtcul
Copy link

jtcul commented Nov 20, 2020

Any update on this?

Hey! This change is merged and should be available for use now. For more information, see the AWS::KMS::Key documentation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
security identity compliance IAM, Cognito, Secrets Manager, GuardDuty, etc.
Projects
None yet
Development

No branches or pull requests

10 participants