# AWS::KMS::ReplicaKey
The AWS::KMS::ReplicaKey resource specifies a multi-region replica AWS KMS key in AWS Key Management Service (AWS KMS).
## Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
### JSON
{
"Type" : "AWS::KMS::ReplicaKey",
"Properties" : {
"PrimaryKeyArn" : String,
"Description" : String,
"Enabled" : Boolean,
"KeyPolicy" : Map, String,
"PendingWindowInDays" : Integer,
"Tags" : [ Tag, ... ],
}
}
### YAML
Type: AWS::KMS::ReplicaKey
Properties:
PrimaryKeyArn: String
Description: String
Enabled: Boolean
KeyPolicy: Map, String
PendingWindowInDays: Integer
Tags:
- Tag
## Properties
#### PrimaryKeyArn
Identifies the primary AWS KMS key to create a replica of. Specify the Amazon Resource Name (ARN) of the AWS KMS key. You cannot specify an alias or key ID. For help finding the ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
_Required_: Yes
_Type_: String
_Minimum_: 1
_Maximum_: 256
_Update requires_: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement)
#### Description
A description of the AWS KMS key. Use a description that helps you to distinguish this AWS KMS key from others in the account, such as its intended use.
_Required_: No
_Type_: String
_Maximum_: 8192
_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
#### Enabled
Specifies whether the AWS KMS key is enabled. Disabled AWS KMS keys cannot be used in cryptographic operations.
_Required_: No
_Type_: Boolean
_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
#### KeyPolicy
The key policy that authorizes use of the AWS KMS key. The key policy must observe the following rules.
_Required_: Yes
_Type_: Map, String
_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
#### PendingWindowInDays
Specifies the number of days in the waiting period before AWS KMS deletes an AWS KMS key that has been removed from a CloudFormation stack. Enter a value between 7 and 30 days. The default value is 30 days.
_Required_: No
_Type_: Integer
_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
#### Tags
An array of key-value pairs to apply to this resource.
_Required_: No
_Type_: List of Tag
_Update requires_: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)
## Return Values
### Ref
When you pass the logical ID of this resource to the intrinsic `Ref` function, Ref returns the KeyId.
### Fn::GetAtt
The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.
For more information about using the `Fn::GetAtt` intrinsic function, see [Fn::GetAtt](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/intrinsic-function-reference-getatt.html).
#### Arn
Returns the Arn value.
#### KeyId
Returns the KeyId value.