ReplicateKey
Creates a replica of a multi-Region KMS key in a different Region.
Description
Creates a replica of a multi-Region KMS key in a different Region. This operation creates a KMS key with the same key ID and key material as the primary key. The replica key also has the same key usage, key policy, description, and tags as the primary key, unless you specify different values in the request.
Request Syntax
Headers
| Name | Description | Required | Type |
|---|---|---|---|
| Content-Type | Must be "application/x-amz-json-1.1" | Yes | string |
| X-Amz-Target | Must be "TrentService.ReplicateKey" | Yes | string |
Request Body
| Name | Description | Required | Type |
|---|---|---|---|
| KeyId | Identifies the multi-Region primary key that is being replicated. Specify the key ID or key ARN of a multi-Region primary key. | Yes | string |
| ReplicaRegion | The Region ID of the Region that will contain the key replica. | Yes | string |
| Description | A description of the KMS key. The default value is an empty string (no description). | No | string |
| Policy | The key policy that authorizes use of the KMS key. The default value is the default key policy. | No | string |
| Tags | One or more tags. Each tag consists of a tag key and a tag value. | No | array |
POST / HTTP/1.1
Content-Type: application/x-amz-json-1.1
X-Amz-Target: TrentService.ReplicateKey
{
"KeyId": "mrk-1234567890abcdef0",
"ReplicaRegion": "us-west-2",
"Description": "Example replica key",
"Policy": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Sid\":\"Enable IAM User Permissions\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::111122223333:root\"},\"Action\":\"kms:*\",\"Resource\":\"*\"}]}",
"Tags": [
{
"TagKey": "Purpose",
"TagValue": "Test"
}
]
}
Values in italics indicate user input and should be replaced with actual values.
Response Elements
| Name | Description | Required | Type |
|---|---|---|---|
| ReplicaKeyMetadata | Detailed information about the replica key. | No | String |
| ReplicaPolicy | The key policy of the replica key. | No | String |
| ReplicaTags | The tags on the replica key. | No | String |
Special Errors
| Error Code | Description |
|---|---|
| DisabledException | The request was rejected because the specified KMS key is not enabled. |
| InvalidKeyUsageException | The request was rejected because the specified KeyUsage value is not valid. |
| KMSInvalidStateException | The request was rejected because the state of the specified resource is not valid for this request. |
| KMSNotFoundException | The request was rejected because the specified entity or resource could not be found. |
| TagException | The request was rejected because one or more tags are not valid. |
| UnsupportedOperationException | The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation. |
Permissions
To use the ReplicateKey operation, you must have the following permissions:
kms:ReplicateKeyon the primary keykms:CreateKeyin the replica region
Try It Out
Test ReplicateKey
Create a replica of a multi-Region KMS key.
Coming Soon
This feature is currently under development and will be available soon.