All Products
Search
Document Center

Resource Orchestration Service:DATASOURCE::KMS::Policy

Last Updated:Oct 08, 2024

DATASOURCE::KMS::Policy is used to query the information about a permission policy.

Syntax

{
  "Type": "DATASOURCE::KMS::Policy",
  "Properties": {
    "PolicyName": String,
    "RefreshOptions": String
  }
}

Properties

Property

Type

Required

Editable

Description

Constraint

PolicyName

String

Yes

Yes

The name of the permission policy.

None.

RefreshOptions

String

No

Yes

The refresh policy for data source resources when the stack is updated.

Valid values:

  • Never (default): does not refresh data source resources when the stack is updated.

  • Always: refreshes data source resources when the stack is updated.

Return values

Fn::GetAtt

  • NetworkRules: the associated network access rules.

  • Description: the description of the permission policy.

  • PolicyName: the name of the permission policy.

  • Permissions: the operations that are supported by the permission policy.

  • KmsInstanceId: the scope of the permission policy.

  • Resources: the keys and secrets that are allowed to access.

Examples

  • YAML format

    ROSTemplateFormatVersion: '2015-09-01'
    Parameters:
      PolicyName:
        Type: String
        Description:
          en: The name of the permission policy.
        Required: true
    Resources:
      ExtensionDataSource:
        Type: DATASOURCE::KMS::Policy
        Properties:
          PolicyName:
            Ref: PolicyName
    Outputs:
      NetworkRules:
        Description: The network access rule that is associated with the permission policy.
        Value:
          Fn::GetAtt:
            - ExtensionDataSource
            - NetworkRules
      Description:
        Description: The policy description.
        Value:
          Fn::GetAtt:
            - ExtensionDataSource
            - Description
      PolicyName:
        Description: The name of the permission policy.
        Value:
          Fn::GetAtt:
            - ExtensionDataSource
            - PolicyName
      Permissions:
        Description: A list of operations that can be performed.
        Value:
          Fn::GetAtt:
            - ExtensionDataSource
            - Permissions
      KmsInstanceId:
        Description: KMS instance accessed by this policy.
        Value:
          Fn::GetAtt:
            - ExtensionDataSource
            - KmsInstanceId
      Resources:
        Description: A list of keys and secrets that are allowed to access.
        Value:
          Fn::GetAtt:
            - ExtensionDataSource
            - Resources
    
  • JSON format

    {
      "ROSTemplateFormatVersion": "2015-09-01",
      "Parameters": {
        "PolicyName": {
          "Type": "String",
          "Description": {
            "en": "The name of the permission policy."
          },
          "Required": true
        }
      },
      "Resources": {
        "ExtensionDataSource": {
          "Type": "DATASOURCE::KMS::Policy",
          "Properties": {
            "PolicyName": {
              "Ref": "PolicyName"
            }
          }
        }
      },
      "Outputs": {
        "NetworkRules": {
          "Description": "The network access rule that is associated with the permission policy.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionDataSource",
              "NetworkRules"
            ]
          }
        },
        "Description": {
          "Description": "The policy description.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionDataSource",
              "Description"
            ]
          }
        },
        "PolicyName": {
          "Description": "The name of the permission policy.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionDataSource",
              "PolicyName"
            ]
          }
        },
        "Permissions": {
          "Description": "A list of operations that can be performed.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionDataSource",
              "Permissions"
            ]
          }
        },
        "KmsInstanceId": {
          "Description": "KMS instance accessed by this policy.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionDataSource",
              "KmsInstanceId"
            ]
          }
        },
        "Resources": {
          "Description": "A list of keys and secrets that are allowed to access.",
          "Value": {
            "Fn::GetAtt": [
              "ExtensionDataSource",
              "Resources"
            ]
          }
        }
      }
    }