Bindplane

The Bindplane Developer Hub

Welcome to the Bindplane developer hub. You'll find comprehensive guides and documentation to help you start working with Bindplane as quickly as possible, as well as support if you get stuck. Let's jump right in!

Amazon KMS

Least Privileged User

Navigate to the AWS console and create an IAM user with programmatic access. The user will need the following permissions. You can create a policy specifically for these permissions and apply the permissions to the user.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "VisualEditor0",
      "Effect": "Allow",
      "Action": [
        "kms:ListKeyPolicies",
        "kms:GenerateRandom",
        "cloudwatch:GetMetricData",
        "kms:ListRetirableGrants",
        "kms:GetKeyPolicy",
        "kms:ListResourceTags",
        "cloudwatch:GetMetricStatistics",
        "cloudwatch:ListMetrics",
        "kms:ReEncryptFrom",
        "kms:ListGrants",
        "kms:GetParametersForImport",
        "kms:ListKeys",
        "cloudwatch:DescribeAlarmHistory",
        "kms:GetKeyRotationStatus",
        "cloudwatch:DescribeAlarmsForMetric",
        "kms:ListAliases",
        "cloudwatch:DescribeAlarms",
        "kms:ReEncryptTo",
        "kms:DescribeKey"
      ],
      "Resource": "*"
    }
  ]
}

Connection Parameters

Name
Required?
Description

Region

Access Key ID

Required

Secret Access Key

Required

Additional Threads

The number of additional threads allowed to be utilized during collection.

Request Timeout (seconds)

The number of seconds to allow for the API to return a response.

Collect CloudWatch Metrics

CloudWatch Historic Mode

If enabled, retrieves a history of data points from CloudWatch. Otherwise, collects only the most recent data point for each metric.

Metrics

Key

Name
Description

Account ID

The twelve-digit account ID of the AWS account that owns the CMK.

Alias

The alias of the CMK

ARN

The Amazon Resource Name (ARN) of the CMK

Description

The description of the CMK.

Enabled

Specifies whether the CMK is enabled.

Expiration Time

The time at which the imported key material expires.

ID

The globally unique identifier for the CMK.

Key Material Expiration Date (Seconds)

This metric tracks the amount of time remaining until imported key material expires.

Manager

The CMK's manager.

Origin

The source of the CMK's key material.

Policies

The names of the key policies that are attached to a customer master key (CMK).

Region

The AWS Region this object belongs to.

State

The state of the CMK.

Usage

The cryptographic operations for which you can use the CMK.