Skip to content

Add Key Replication Regions

paymentcryptographycontrolplane_add_key_replication_regions R Documentation

Adds replication Amazon Web Services Regions to an existing Amazon Web Services Payment Cryptography key, enabling the key to be used for cryptographic operations in additional Amazon Web Services Regions

Description

Adds replication Amazon Web Services Regions to an existing Amazon Web Services Payment Cryptography key, enabling the key to be used for cryptographic operations in additional Amazon Web Services Regions.

Multi-Region key replication allow you to use the same key material across multiple Amazon Web Services Regions, providing lower latency for applications distributed across regions. When you add Replication Regions, Amazon Web Services Payment Cryptography securely replicates the key material to the specified Amazon Web Services Regions.

The key must be in an active state to add Replication Regions. You can add multiple regions in a single operation, and the key will be available for use in those regions once replication is complete.

Cross-account use: This operation supports cross-account use when the key has a resource-based policy that grants access. For more information, see Resource-based policies.

Related operations:

  • remove_key_replication_regions

  • enable_default_key_replication_regions

  • get_default_key_replication_regions

Usage

paymentcryptographycontrolplane_add_key_replication_regions(
  KeyIdentifier, ReplicationRegions)

Arguments

KeyIdentifier

[required] The key identifier (ARN or alias) of the key for which to add replication regions.

This key must exist and be in a valid state for replication operations.
ReplicationRegions

[required] The list of Amazon Web Services Regions to add to the key's replication configuration.

Each region must be a valid Amazon Web Services Region where Amazon Web Services Payment Cryptography is available. The key will be replicated to these regions, allowing cryptographic operations to be performed closer to your applications.

Value

A list with the following syntax:

list(
  Key = list(
    KeyArn = "string",
    KeyAttributes = list(
      KeyUsage = "TR31_B0_BASE_DERIVATION_KEY"|"TR31_C0_CARD_VERIFICATION_KEY"|"TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"|"TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION"|"TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"|"TR31_E1_EMV_MKEY_CONFIDENTIALITY"|"TR31_E2_EMV_MKEY_INTEGRITY"|"TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"|"TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"|"TR31_E6_EMV_MKEY_OTHER"|"TR31_K0_KEY_ENCRYPTION_KEY"|"TR31_K1_KEY_BLOCK_PROTECTION_KEY"|"TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT"|"TR31_M0_ISO_16609_MAC_KEY"|"TR31_M3_ISO_9797_3_MAC_KEY"|"TR31_M1_ISO_9797_1_MAC_KEY"|"TR31_M6_ISO_9797_5_CMAC_KEY"|"TR31_M7_HMAC_KEY"|"TR31_P0_PIN_ENCRYPTION_KEY"|"TR31_P1_PIN_GENERATION_KEY"|"TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE"|"TR31_V1_IBM3624_PIN_VERIFICATION_KEY"|"TR31_V2_VISA_PIN_VERIFICATION_KEY"|"TR31_K2_TR34_ASYMMETRIC_KEY",
      KeyClass = "SYMMETRIC_KEY"|"ASYMMETRIC_KEY_PAIR"|"PRIVATE_KEY"|"PUBLIC_KEY",
      KeyAlgorithm = "TDES_2KEY"|"TDES_3KEY"|"AES_128"|"AES_192"|"AES_256"|"HMAC_SHA256"|"HMAC_SHA384"|"HMAC_SHA512"|"HMAC_SHA224"|"RSA_2048"|"RSA_3072"|"RSA_4096"|"ECC_NIST_P256"|"ECC_NIST_P384"|"ECC_NIST_P521",
      KeyModesOfUse = list(
        Encrypt = TRUE|FALSE,
        Decrypt = TRUE|FALSE,
        Wrap = TRUE|FALSE,
        Unwrap = TRUE|FALSE,
        Generate = TRUE|FALSE,
        Sign = TRUE|FALSE,
        Verify = TRUE|FALSE,
        DeriveKey = TRUE|FALSE,
        NoRestrictions = TRUE|FALSE
      )
    ),
    KeyCheckValue = "string",
    KeyCheckValueAlgorithm = "CMAC"|"ANSI_X9_24"|"HMAC"|"SHA_1",
    Enabled = TRUE|FALSE,
    Exportable = TRUE|FALSE,
    KeyState = "CREATE_IN_PROGRESS"|"CREATE_COMPLETE"|"DELETE_PENDING"|"DELETE_COMPLETE",
    KeyOrigin = "EXTERNAL"|"AWS_PAYMENT_CRYPTOGRAPHY",
    CreateTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    UsageStartTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    UsageStopTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    DeletePendingTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    DeleteTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    DeriveKeyUsage = "TR31_B0_BASE_DERIVATION_KEY"|"TR31_C0_CARD_VERIFICATION_KEY"|"TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"|"TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"|"TR31_E1_EMV_MKEY_CONFIDENTIALITY"|"TR31_E2_EMV_MKEY_INTEGRITY"|"TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"|"TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"|"TR31_E6_EMV_MKEY_OTHER"|"TR31_K0_KEY_ENCRYPTION_KEY"|"TR31_K1_KEY_BLOCK_PROTECTION_KEY"|"TR31_M3_ISO_9797_3_MAC_KEY"|"TR31_M1_ISO_9797_1_MAC_KEY"|"TR31_M6_ISO_9797_5_CMAC_KEY"|"TR31_M7_HMAC_KEY"|"TR31_P0_PIN_ENCRYPTION_KEY"|"TR31_P1_PIN_GENERATION_KEY"|"TR31_V1_IBM3624_PIN_VERIFICATION_KEY"|"TR31_V2_VISA_PIN_VERIFICATION_KEY",
    MultiRegionKeyType = "PRIMARY"|"REPLICA",
    PrimaryRegion = "string",
    ReplicationStatus = list(
      list(
        Status = "IN_PROGRESS"|"DELETE_IN_PROGRESS"|"FAILED"|"SYNCHRONIZED",
        StatusMessage = "string"
      )
    ),
    UsingDefaultReplicationRegions = TRUE|FALSE,
    MpaStatus = list(
      MpaSessionArn = "string",
      Status = "PENDING"|"APPROVED"|"FAILED"|"CANCELLED",
      InitiationDate = as.POSIXct(
        "2015-01-01"
      ),
      StatusMessage = "string"
    )
  )
)

Request syntax

svc$add_key_replication_regions(
  KeyIdentifier = "string",
  ReplicationRegions = list(
    "string"
  )
)