(kms): add Key.fromKeyId(), and make Key.fromXXX().env.region reflect the region that the key was imported from

[madeline-k]

Describe the feature

The ability to import a kms key based on the key id. And, the env for all imported keys should be the environment that they came from, not the environment of the current stack.

Use Case

When I already have the key id for a key, it is frustrating to have to go and get the ARN for that key id in order to import the key into my Construct.

const importedKey = kms.Key.fromKeyId(this, 'imported-key', 'xxx-xxx');

// should be the source region
importedKey.env.region

const anotherImportedKey = kms.Key.fromKeyId(this, 'imported-key-2', 'aws::us-east-1::.....');

// should be the source region
anotherImportedKey.env.region

Proposed Solution

I am not sure how exactly to implement fromKeyId, since you can't parse the ARN directly from the ID. But since fromKeyArn is able to get the key id without doing API lookups, I think it should be possible the other way.

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change

CDK version used

all

Environment details (OS name and version, etc.)

MacOS

[kaizencc]

For Key.fromKeyId(), I'm not sure if it is feasible. For example: if we have a key with id xxx-xxxxx and arn arn:aws:kms:<region>:<account>:key/xxx-xxxxx:

We can parse the keyId from the keyArn easily. However, we do not have information about the region and account when we try to go from id to arn. And we need to be able to create the keyArn, because there is a property keyBase.keyArn.

[github-actions]

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.