Create a KMS custom Key in CloudFormation template for different region
Create a KMS custom Key in CloudFormation template for different region
Is there any way to generate a custom KMS Key via CloudFormation template in a different region than the region which is specified in the respective AWS User account you use to run the template?
Merci A
1 Answer
1
Short answer:
No, not directly.
Long answer:
It can actually be done in one of two ways. First, using StackSets, you can create a single template that will be deployed in selected accounts (1 in this occurence) and regions.
The second way to achieve your goal is to use a Custom Resource to create your KMS keys in other regions. This custom resource will invoke a Lambda function to handle the lifecycle of your KMS keys. Within this Lambda you will have to call the appropriate APIs to create/update/delete the KMS keys in the desired region.
Thanks for contributing an answer to Stack Overflow!
But avoid …
To learn more, see our tips on writing great answers.
Required, but never shown
Required, but never shown
By clicking "Post Your Answer", you agree to our terms of service, privacy policy and cookie policy
Merci, was afraid it would be like that. However I'm having difficulties to generate a kms key in a different region with my admin account at all. How is that doable via AWSCLI? there is no --region option.
– aerioeus
Sep 15 '18 at 15:31