--- title: "Get Scan Keys report." slug: "get-scan-keys-report" updated: 2025-10-18T04:50:53Z published: 2025-10-18T04:50:58Z --- > ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Get Scan Keys report. Get/api/v1/discovery/scans/{id}/key_usage_report/aws Get Scan Keys report. SecurityOAuth OAuth 2.0 client credential flow, see [https://datatracker.ietf.org/doc/html/rfc6749#section-4.4](https://datatracker.ietf.org/doc/html/rfc6749#section-4.4). FlowClient Credentials Token URLhttps://api.armor.fortanix.com/api/v1/iam/session/oauth2/token Path parametersidstring (uuid) Required Query parametersDiscoveryAwsKeyUsageParamsobject filterstring limitinteger previous_idstring previous_sort_valuestring sort_bystring Responses2XX Success result Expand Allobject items Array of object (DiscoveryAwsKeyUsageDetails) object keyobject accountobject detailsobject namestring | null idstring arnstring detailsOneOfobjectobject$typestring Valid values[ "acm" ] analysisobject is_expiredboolean is_sharedboolean key_algo_crypto_policy_complianceobject is_compliantboolean violation_reasonstring | null overly_permissive_usage_violationboolean signature_crypto_policy_complianceobject is_compliantboolean violation_reasonstring | null certificate_arnstring created_atstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z domain_namestring extended_key_usages Array of object (DiscoveryAcmCertificateExtendedKeyUsage) | null object namestring Valid values[ "any", "code_signing", "custom", "email_protection", "ipsec_end_system", "ipsec_tunnel", "ipsec_user", "none", "ocsp_signing", "time_stamping", "tls_web_server_authentication", "tls_web_client_authentication", "unknown" ] object_identifierstring | null issuerstring key_algorithmstring Valid values[ "rsa2048", "rsa3072", "rsa4096", "unknown" ] not_valid_afterstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z not_valid_beforestring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z renewal_eligibilitystring Valid values[ "ineligible", "eligible", "unknown" ] serialstring signature_algorithmstring Valid values[ "sha256_with_rsa", "sha512_with_rsa", "unknown" ] statusstring Valid values[ "expired", "pending", "issued", "failed", "inactive", "revoked", "validation_timed_out", "unknown" ] subject_alternative_names Array of string | null string used_by_services Array of string string objectobject$typestring Valid values[ "ebs" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] availability_zonestring The region this volume will be available kms_key_idstring | null The arn of the key in KMS that encrypts this drive volume_idstring | null The ARN of the volume volume_sizeinteger (int32) | null The storage limit (in GB) of the volume volume_statestring Enumeration of the states that a volume may occupy. This enum will default to the `Other` variant when a new variant is found as the SDK from AWS marks their enum as "non-exhaustive" Valid values[ "available", "creating", "deleted", "deleting", "error", "in_use", "other" ] volume_typestring Enumeration of the various types of volumes supported. This enum will default to the `Other` variant when a new variant is found as the SDK from AWS marks their enum as "non-exhaustive" Valid values[ "gp2", "gp3", "io1", "io2", "sc1", "st1", "standard", "other" ] objectobject$typestring Valid values[ "kms" ] analysisobject crypto_policy_complianceobject is_compliantboolean violation_reasonstring | null is_cross_account_keyboolean | null is_sharedboolean overly_permissive_violationsobject management_violations Array of object (DiscoveryKeyPolicyId) OneOfobjectobject$typestring Valid values[ "aws_key_policy_sid" ] sidstring objectobject$typestring Valid values[ "aws_grant_id" ] idstring usage_violations Array of object (DiscoveryKeyPolicyId) OneOfobjectobject$typestring Valid values[ "aws_key_policy_sid" ] sidstring objectobject$typestring Valid values[ "aws_grant_id" ] idstring usage_detailsobject encryptobject service_countinteger usages Array of string (DiscoveryKeyUsage) | null string Valid values[ "encrypt", "unused" ] external_key_stores Array of object (DiscoveryAwsKmsExternalKeyStore) | null object idstring namestring key_aliases Array of string string key_creation_datestring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z key_idstring | null key_managerstring Valid values[ "aws", "customer", "other" ] key_originstring Valid values[ "kms", "imported", "cloud_hsm", "xks", "fortanix", "other" ] key_rotation_statusOneOfobjectobject$typestring Valid values[ "unknown" ] objectobject$typestring Valid values[ "enabled" ] next_rotation_datestring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z rotation_periodinteger Minimum0Maximum4294967295 objectobject$typestring Valid values[ "disabled" ] key_specstring Valid values[ "rsa2048", "rsa3072", "rsa4096", "ecc_nist_p256", "ecc_nist_p384", "ecc_nist_p521", "ecc_secg_p256k1", "symmetric_default", "hmac224", "hmac256", "hmac384", "hmac512", "sm2", "other" ] key_statestring Valid values[ "creating", "enabled", "disabled", "pending_deletion", "pending_import", "pending_replica_deletion", "unavailable", "updating", "other" ] key_tagsobject | null property*string additionalProperties key_usagestring Valid values[ "sign_verify", "encrypt_decrypt", "generate_verify_mac", "other" ] key_valid_tostring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z last_rotated_atstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z source_scan_inventory_objectobject idstring (uuid) scan_idstring (uuid) objectobject$typestring Valid values[ "s3" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] namestring server_side_encryption_rules Array of object (DiscoveryAwsServerSideEncryptionRule) object bucket_key_enabledboolean default_sseobject kms_master_keystring | null sse_algorithmstring Valid values[ "aes256", "kms", "aws:kms_dsse", "other" ] objectobject$typestring Valid values[ "rds" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] enginestring | null engine_versionstring | null identifierstring | null kms_key_idstring | null objectobject$typestring Valid values[ "dynamo_db" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] identifierstring | null kms_key_idstring | null objectobject$typestring Valid values[ "eks" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] encryption_statusstring Valid values[ "encrypted", "unencrypted" ] kms_key_idstring | null namestring statusstring Valid values[ "active", "creating", "deleting", "failed", "pending", "updating", "unknown" ] objectobject$typestring Valid values[ "efs" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] file_system_idstring kms_key_idstring | null life_cycle_statestring Valid values[ "available", "creating", "deleted", "deleting", "error", "updating", "unknown" ] sizeinteger (int64) | null objectobject$typestring Valid values[ "redshift" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean encrypted_with_overly_permissive_usage_keyboolean encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] encryption_statusstring Valid values[ "encrypted", "unencrypted" ] kms_key_idstring | null namestring statusstring Valid values[ "available", "available_prep_for_resize", "available_resize_cleanup", "canceling_resize", "creating", "deleting", "final_snapshot", "hardware_failure", "incompatible_hsm", "incompatible_network", "incompatible_parameters", "incompatible_restore", "modifying", "paused", "rebooting", "renaming", "resizing", "rotating_keys", "storage_full", "updating_hsm", "pausing", "resuming", "restoring", "unknown" ] regionstring Reference: [https://docs.aws.amazon.com/general/latest/gr/rande.html](https://docs.aws.amazon.com/general/latest/gr/rande.html) Valid values[ "us-east-2", "us-east-1", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-south-2", "ap-southeast-3", "ap-southeast-4", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "ca-west-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-south-1", "eu-west-3", "eu-south-2", "eu-north-1", "eu-central-2", "il-central-1", "me-south-1", "me-central-1", "sa-east-1", "us-gov-east-1", "us-gov-west-1" ] key_idstring protected_services Array of object (DiscoveryAwsObject) object accountobject detailsobject namestring | null idstring arnstring detailsOneOfobjectobject$typestring Valid values[ "acm" ] analysisobject is_expiredboolean is_sharedboolean key_algo_crypto_policy_complianceobject is_compliantboolean violation_reasonstring | null overly_permissive_usage_violationboolean signature_crypto_policy_complianceobject is_compliantboolean violation_reasonstring | null certificate_arnstring created_atstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z domain_namestring extended_key_usages Array of object (DiscoveryAcmCertificateExtendedKeyUsage) | null object namestring Valid values[ "any", "code_signing", "custom", "email_protection", "ipsec_end_system", "ipsec_tunnel", "ipsec_user", "none", "ocsp_signing", "time_stamping", "tls_web_server_authentication", "tls_web_client_authentication", "unknown" ] object_identifierstring | null issuerstring key_algorithmstring Valid values[ "rsa2048", "rsa3072", "rsa4096", "unknown" ] not_valid_afterstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z not_valid_beforestring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z renewal_eligibilitystring Valid values[ "ineligible", "eligible", "unknown" ] serialstring signature_algorithmstring Valid values[ "sha256_with_rsa", "sha512_with_rsa", "unknown" ] statusstring Valid values[ "expired", "pending", "issued", "failed", "inactive", "revoked", "validation_timed_out", "unknown" ] subject_alternative_names Array of string | null string used_by_services Array of string string objectobject$typestring Valid values[ "ebs" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] availability_zonestring The region this volume will be available kms_key_idstring | null The arn of the key in KMS that encrypts this drive volume_idstring | null The ARN of the volume volume_sizeinteger (int32) | null The storage limit (in GB) of the volume volume_statestring Enumeration of the states that a volume may occupy. This enum will default to the `Other` variant when a new variant is found as the SDK from AWS marks their enum as "non-exhaustive" Valid values[ "available", "creating", "deleted", "deleting", "error", "in_use", "other" ] volume_typestring Enumeration of the various types of volumes supported. This enum will default to the `Other` variant when a new variant is found as the SDK from AWS marks their enum as "non-exhaustive" Valid values[ "gp2", "gp3", "io1", "io2", "sc1", "st1", "standard", "other" ] objectobject$typestring Valid values[ "kms" ] analysisobject crypto_policy_complianceobject is_compliantboolean violation_reasonstring | null is_cross_account_keyboolean | null is_sharedboolean overly_permissive_violationsobject management_violations Array of object (DiscoveryKeyPolicyId) OneOfobjectobject$typestring Valid values[ "aws_key_policy_sid" ] sidstring objectobject$typestring Valid values[ "aws_grant_id" ] idstring usage_violations Array of object (DiscoveryKeyPolicyId) OneOfobjectobject$typestring Valid values[ "aws_key_policy_sid" ] sidstring objectobject$typestring Valid values[ "aws_grant_id" ] idstring usage_detailsobject encryptobject service_countinteger usages Array of string (DiscoveryKeyUsage) | null string Valid values[ "encrypt", "unused" ] external_key_stores Array of object (DiscoveryAwsKmsExternalKeyStore) | null object idstring namestring key_aliases Array of string string key_creation_datestring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z key_idstring | null key_managerstring Valid values[ "aws", "customer", "other" ] key_originstring Valid values[ "kms", "imported", "cloud_hsm", "xks", "fortanix", "other" ] key_rotation_statusOneOfobjectobject$typestring Valid values[ "unknown" ] objectobject$typestring Valid values[ "enabled" ] next_rotation_datestring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z rotation_periodinteger Minimum0Maximum4294967295 objectobject$typestring Valid values[ "disabled" ] key_specstring Valid values[ "rsa2048", "rsa3072", "rsa4096", "ecc_nist_p256", "ecc_nist_p384", "ecc_nist_p521", "ecc_secg_p256k1", "symmetric_default", "hmac224", "hmac256", "hmac384", "hmac512", "sm2", "other" ] key_statestring Valid values[ "creating", "enabled", "disabled", "pending_deletion", "pending_import", "pending_replica_deletion", "unavailable", "updating", "other" ] key_tagsobject | null property*string additionalProperties key_usagestring Valid values[ "sign_verify", "encrypt_decrypt", "generate_verify_mac", "other" ] key_valid_tostring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z last_rotated_atstring Pattern^\d{4}\d{2}\d{2}T\d{2}\d{2}\d{2}Z$Example20170509T070912Z source_scan_inventory_objectobject idstring (uuid) scan_idstring (uuid) objectobject$typestring Valid values[ "s3" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] namestring server_side_encryption_rules Array of object (DiscoveryAwsServerSideEncryptionRule) object bucket_key_enabledboolean default_sseobject kms_master_keystring | null sse_algorithmstring Valid values[ "aes256", "kms", "aws:kms_dsse", "other" ] objectobject$typestring Valid values[ "rds" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] enginestring | null engine_versionstring | null identifierstring | null kms_key_idstring | null objectobject$typestring Valid values[ "dynamo_db" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] identifierstring | null kms_key_idstring | null objectobject$typestring Valid values[ "eks" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] encryption_statusstring Valid values[ "encrypted", "unencrypted" ] kms_key_idstring | null namestring statusstring Valid values[ "active", "creating", "deleting", "failed", "pending", "updating", "unknown" ] objectobject$typestring Valid values[ "efs" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean | null encrypted_with_overly_permissive_usage_keyboolean | null encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean | null encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] file_system_idstring kms_key_idstring | null life_cycle_statestring Valid values[ "available", "creating", "deleted", "deleting", "error", "updating", "unknown" ] sizeinteger (int64) | null objectobject$typestring Valid values[ "redshift" ] analysisobject encrypted_with_expired_keyboolean | null encrypted_with_noncompliant_keyboolean encrypted_with_overly_permissive_management_keyboolean encrypted_with_overly_permissive_usage_keyboolean encrypted_with_quantum_vulnerable_keyboolean | null encrypted_with_shared_keyboolean encryption_statusstring Valid values[ "unencrypted", "encrypted_with_csp_generated_key", "encrypted_with_platform_managed_key", "encrypted_with_customer_managed_key" ] key_availabilitystring This enum will be used for denoting key availability for all services in all cloud providers. Each variant corresponds to different states of key used to encrypt the service. If a service is not encrypted, the key will me marked as Unknown Valid values[ "available", "soft_deleted", "purged", "cross_account", "unknown" ] encryption_statusstring Valid values[ "encrypted", "unencrypted" ] kms_key_idstring | null namestring statusstring Valid values[ "available", "available_prep_for_resize", "available_resize_cleanup", "canceling_resize", "creating", "deleting", "final_snapshot", "hardware_failure", "incompatible_hsm", "incompatible_network", "incompatible_parameters", "incompatible_restore", "modifying", "paused", "rebooting", "renaming", "resizing", "rotating_keys", "storage_full", "updating_hsm", "pausing", "resuming", "restoring", "unknown" ] regionstring Reference: [https://docs.aws.amazon.com/general/latest/gr/rande.html](https://docs.aws.amazon.com/general/latest/gr/rande.html) Valid values[ "us-east-2", "us-east-1", "us-west-1", "us-west-2", "af-south-1", "ap-east-1", "ap-south-2", "ap-southeast-3", "ap-southeast-4", "ap-south-1", "ap-northeast-3", "ap-northeast-2", "ap-southeast-1", "ap-southeast-2", "ap-northeast-1", "ca-central-1", "ca-west-1", "eu-central-1", "eu-west-1", "eu-west-2", "eu-south-1", "eu-west-3", "eu-south-2", "eu-north-1", "eu-central-2", "il-central-1", "me-south-1", "me-central-1", "sa-east-1", "us-gov-east-1", "us-gov-west-1" ]