Reputation: 1410
Create a KMS custom Key in CloudFormation template for different region
Is there any way to generate a custom KMS Key via CloudFormation template in a different region than the region which is specified in the respective AWS User account you use to run the template?
Merci A
Upvotes: 1
Views: 1425
Answers (1)
Reputation: 6339
Short answer:
No, not directly.
Long answer:
It can actually be done in one of two ways. First, using StackSets, you can create a single template that will be deployed in selected accounts (1 in this occurence) and regions.
The second way to achieve your goal is to use a Custom Resource to create your KMS keys in other regions. This custom resource will invoke a Lambda function to handle the lifecycle of your KMS keys. Within this Lambda you will have to call the appropriate APIs to create/update/delete the KMS keys in the desired region.
Upvotes: 1
Related Questions
- Dropdown populated with available AWS KMS keys as parameters in aws CFT
- AWS CloudFormation - Correct Usage of Default Key Policy in AWS::KMS::Key
- Adding multiple Principal values for KMS key
- How to dynamically generate key names in Cloudformation template?
- How to store a custom key in AWS KMS
- How can I instruct an AWS CloudFormation template to create resources in a specific region?
- Dynamodb - Cloudformation specifying KMS Key
- AWS: Start EC2 Instance with Cloudformation and encrypt BlockDevices with specific KMS Key
- Create CloudFormation resources in different region
- AWS Cloudformation Template - Set Region in S3 Bucket