keyUsage
Determines the cryptographic operations for which you can use the KMS key. The default value is ENCRYPT_DECRYPT. This parameter is optional when you are creating a symmetric encryption KMS key; otherwise, it is required. You can't change the KeyUsage value after the KMS key is created.
Select only one valid value.
For symmetric encryption KMS keys, omit the parameter or specify
ENCRYPT_DECRYPT.For HMAC KMS keys (symmetric), specify
GENERATE_VERIFY_MAC.For asymmetric KMS keys with RSA key material, specify
ENCRYPT_DECRYPTorSIGN_VERIFY.For asymmetric KMS keys with ECC key material, specify
SIGN_VERIFY.For asymmetric KMS keys with SM2 key material (China Regions only), specify
ENCRYPT_DECRYPTorSIGN_VERIFY.