| alias | The display name of the alias. The name must start with the word alias followed by a forward slash. If not specified, the alias name will be auto-generated. | string | false | |
| customer_master_key_spec | Specifies whether the key contains a symmetric key or an asymmetric key pair and the encryption algorithms or signing algorithms that the key supports. Valid values: SYMMETRIC_DEFAULT, RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, or ECC_SECG_P256K1. | string | false | |
| deletion_window_in_days | Duration in days after which the key is deleted after destruction of the resource | number | false | |
| description | The description of the key as viewed in AWS console | string | false | |
| enable_key_rotation | Specifies whether key rotation is enabled | bool | false | |
| key_usage | Specifies the intended use of the key. Valid values: ENCRYPT_DECRYPT or SIGN_VERIFY. | string | false | |
| multi_region | Indicates whether the KMS key is a multi-Region (true) or regional (false) key. | bool | false | |
| policy | A valid KMS policy JSON document. Note that if the policy document is not specific enough (but still valid), Terraform may view the policy as constantly changing in a terraform plan. In this case, please make sure you use the verbose/specific version of the policy. | string | false | |
| writeConnectionSecretToRef | The secret which the cloud resource connection will be written to | writeConnectionSecretToRef | false | |