{"id":14445,"library":"aws-cdk-aws-kms","title":"AWS CDK AWS KMS Constructs (v1)","description":"The `aws-cdk-aws-kms` package provides AWS Cloud Development Kit (CDK) constructs for AWS Key Management Service (KMS). This package is part of AWS CDK v1, which is now in maintenance mode. New projects are strongly encouraged to use AWS CDK v2, where KMS constructs are bundled within the `aws-cdk-lib` package. The last published version for v1 is 1.204.0, with frequent updates during its active lifecycle.","status":"maintenance","version":"1.204.0","language":"en","source_language":"en","source_url":"https://github.com/aws/aws-cdk.git","tags":["aws","cdk","kms","infrastructure-as-code","cloud"],"install":[{"cmd":"pip install aws-cdk.aws-kms==1.204.0 aws-cdk.core==1.204.0","lang":"bash","label":"For AWS CDK v1 (this specific package)"},{"cmd":"pip install aws-cdk-lib@latest","lang":"bash","label":"For AWS CDK v2 (recommended for new projects)"}],"dependencies":[{"reason":"Core constructs for AWS CDK v1 applications.","package":"aws-cdk.core","optional":false}],"imports":[{"note":"This import path is specific to AWS CDK v1. For AWS CDK v2, the correct import is `from aws_cdk_lib import aws_kms as kms`.","wrong":"from aws_cdk_lib import aws_kms as kms","symbol":"Key","correct":"from aws_cdk import aws_kms"},{"note":"While `import aws_cdk.aws_kms as kms` works, direct import of specific symbols like `Key` or `Alias` is common in v1.","wrong":"import aws_cdk.aws_kms as kms","symbol":"Alias","correct":"from aws_cdk import aws_kms"}],"quickstart":{"code":"from aws_cdk import core as cdk\nfrom aws_cdk import aws_kms as kms\n\nclass MyKmsStack(cdk.Stack):\n def __init__(self, scope: cdk.Construct, construct_id: str, **kwargs) -> None:\n super().__init__(scope, construct_id, **kwargs)\n\n # Create a new KMS Key\n key = kms.Key(self, \"MyApplicationKey\",\n description=\"My sample KMS key for an application\",\n enable_key_rotation=True,\n removal_policy=cdk.RemovalPolicy.DESTROY # Caution: Destroys key on stack deletion\n )\n\n # Create an alias for the key\n kms.Alias(self, \"MyApplicationKeyAlias\",\n alias_name=\"alias/my-app-key\",\n target_key=key\n )\n\n # Output the Key ARN\n cdk.CfnOutput(self, \"KeyArn\",\n value=key.key_arn,\n description=\"ARN of the created KMS Key\"\n )\n\n # Output the Key Alias ARN\n cdk.CfnOutput(self, \"KeyAliasArn\",\n value=f\"arn:{{self.partition}}:kms:{{self.region}}:{{self.account}}:alias/my-app-key\",\n description=\"ARN of the KMS Key Alias\"\n )\n\napp = cdk.App()\nMyKmsStack(app, \"MyKmsV1Stack\")\napp.synth()","lang":"python","description":"This quickstart demonstrates how to create a new KMS Key and an Alias for it using AWS CDK v1 constructs. It outputs the ARN of the created key and its alias."},"warnings":[{"fix":"For new projects, `pip install aws-cdk-lib` and update your code to use `from aws_cdk_lib import aws_kms as kms` and other v2 constructs. Consult the official CDK v2 upgrade guide.","message":"AWS CDK v1 is in maintenance mode and new projects should use AWS CDK v2. The package structure and import paths are significantly different between v1 and v2.","severity":"breaking","affected_versions":"All v1.x.x versions"},{"fix":"Ensure your project uses either all v1 packages (`aws-cdk.core`, `aws-cdk.aws-kms`) or all v2 packages (`aws-cdk-lib`). Do not install both `aws-cdk.core` and `aws-cdk-lib` simultaneously.","message":"Mixing AWS CDK v1 and v2 dependencies in the same project can lead to `TypeError` or `AttributeError` at runtime, especially when dealing with core constructs like `StackProps`.","severity":"gotcha","affected_versions":"All v1.x.x versions when used with v2"},{"fix":"Only use `removal_policy=cdk.RemovalPolicy.DESTROY` for non-production environments or test keys. For production, consider `removal_policy=cdk.RemovalPolicy.RETAIN` or implement custom deletion logic.","message":"KMS Key destruction behavior: By default, KMS keys cannot be easily destroyed. Using `RemovalPolicy.DESTROY` for `kms.Key` can lead to data loss if not handled carefully, and requires manual waiting periods for key deletion.","severity":"gotcha","affected_versions":"All v1.x.x versions"},{"fix":"Refer to the AWS CDK v2 API documentation for `aws_cdk.aws_kms` to identify any changes in construct properties or methods.","message":"Some KMS properties or constructs available in v1 might have been deprecated or renamed in v2, or have different default behaviors (e.g., key rotation).","severity":"deprecated","affected_versions":"Migration from v1 to v2"}],"env_vars":null,"last_verified":"2026-04-16T00:00:00.000Z","next_check":"2026-07-15T00:00:00.000Z","problems":[{"fix":"If using v1, install it with `pip install aws-cdk.aws-kms aws-cdk.core`. If using v2, change your import to `from aws_cdk_lib import aws_kms as kms`.","cause":"The `aws-cdk-aws-kms` package (v1) is not installed, or you are trying to use a v1 import path with a v2 installation (`aws-cdk-lib`).","error":"ModuleNotFoundError: No module named 'aws_cdk.aws_kms'"},{"fix":"For AWS CDK v2, the correct import is `from aws_cdk_lib import aws_kms as kms`. Remove `from aws_cdk import aws_kms`.","cause":"You have `aws-cdk-lib` (v2) installed and are trying to use the v1 import `from aws_cdk import aws_kms`.","error":"AttributeError: module 'aws_cdk' has no attribute 'aws_kms'"},{"fix":"Standardize on either AWS CDK v1 or v2. If migrating to v2, ensure `aws-cdk.core` and other individual v1 construct packages are uninstalled, and only `aws-cdk-lib` is installed.","cause":"Your project is mixing AWS CDK v1 (`aws-cdk.core`) and v2 (`aws-cdk-lib`) dependencies.","error":"TypeError: Expected object of type aws_cdk.core.StackProps, got aws_cdk_lib.StackProps instead"},{"fix":"Ensure your `Stack` definition is initialized within a `cdk.App` context, for example: `app = cdk.App(); MyKmsStack(app, 'MyKmsStack'); app.synth()`.","cause":"A CDK Stack was instantiated without being passed a `cdk.App` instance as its scope.","error":"jsii.errors.JavaScriptError: The 'cdk.Stack' construct must be created within the scope of a 'cdk.App' construct"}],"ecosystem":"pypi"}