software.amazon.awscdk.services.kms

Class Alias

java.lang.Object

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.Resource

software.amazon.awscdk.services.kms.Alias

All Implemented Interfaces:

IConstruct, IDependable, IResource, IAlias, IKey

@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)",
           date="2023-01-25T18:29:01.768Z")
public class Alias
extends Resource
implements IAlias

Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).

Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.

You can also add an alias for a key by calling key.addAlias(alias).

Example:

 // Passing an encrypted replication bucket created in a different stack.
 App app = new App();
 Stack replicationStack = Stack.Builder.create(app, "ReplicationStack")
         .env(Environment.builder()
                 .region("us-west-1")
                 .build())
         .build();
 Key key = new Key(replicationStack, "ReplicationKey");
 Alias alias = Alias.Builder.create(replicationStack, "ReplicationAlias")
         // aliasName is required
         .aliasName(PhysicalName.GENERATE_IF_NEEDED)
         .targetKey(key)
         .build();
 Bucket replicationBucket = Bucket.Builder.create(replicationStack, "ReplicationBucket")
         .bucketName(PhysicalName.GENERATE_IF_NEEDED)
         .encryptionKey(alias)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Alias.Builder A fluent builder for Alias.

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.kms.IAlias

IAlias.Jsii$Default, IAlias.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
protected	Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	Alias(software.amazon.jsii.JsiiObjectRef objRef)
	Alias(software.constructs.Construct scope, java.lang.String id, AliasProps props)

Method Summary

Modifier and Type	Method and Description
Alias	addAlias(java.lang.String alias) Defines a new alias for the key.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement) Adds a statement to the KMS key resource policy.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement, java.lang.Boolean allowNoOp) Adds a statement to the KMS key resource policy.
static IAlias	fromAliasAttributes(software.constructs.Construct scope, java.lang.String id, AliasAttributes attrs) Import an existing KMS Alias defined outside the CDK app.
static IAlias	fromAliasName(software.constructs.Construct scope, java.lang.String id, java.lang.String aliasName) Import an existing KMS Alias defined outside the CDK app, by the alias name.
protected java.lang.String	generatePhysicalName()
java.lang.String	getAliasName() The name of the alias.
IKey	getAliasTargetKey() The Key to which the Alias refers.
java.lang.String	getKeyArn() The ARN of the key.
java.lang.String	getKeyId() The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
Grant	grant(IGrantable grantee, java.lang.String... actions) Grant the indicated permissions on this key to the given principal.
Grant	grantDecrypt(IGrantable grantee) Grant decryption permissions using this key to the given principal.
Grant	grantEncrypt(IGrantable grantee) Grant encryption permissions using this key to the given principal.
Grant	grantEncryptDecrypt(IGrantable grantee) Grant encryption and decryption permissions using this key to the given principal.

Methods inherited from class software.amazon.awscdk.core.Resource

applyRemovalPolicy, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.core.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.amazon.awscdk.core.IConstruct

getNode

Constructor Detail

Alias

protected Alias(software.amazon.jsii.JsiiObjectRef objRef)

Alias

protected Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Alias

public Alias(software.constructs.Construct scope,
             java.lang.String id,
             AliasProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props - This parameter is required.

Method Detail

fromAliasAttributes

public static IAlias fromAliasAttributes(software.constructs.Construct scope,
                                         java.lang.String id,
                                         AliasAttributes attrs)

Import an existing KMS Alias defined outside the CDK app.

Parameters:

scope - The parent creating construct (usually `this`). This parameter is required.

id - The construct's name. This parameter is required.

attrs - the properties of the referenced KMS Alias. This parameter is required.

fromAliasName

public static IAlias fromAliasName(software.constructs.Construct scope,
                                   java.lang.String id,
                                   java.lang.String aliasName)

Import an existing KMS Alias defined outside the CDK app, by the alias name.

This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported.

Parameters:

scope - The parent creating construct (usually `this`). This parameter is required.

id - The construct's name. This parameter is required.

aliasName - The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias'). This parameter is required.

addAlias

public Alias addAlias(java.lang.String alias)

Defines a new alias for the key.

Specified by:

addAlias in interface IKey

Parameters:

alias - This parameter is required.

addToResourcePolicy

public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement,
                                                     java.lang.Boolean allowNoOp)

Adds a statement to the KMS key resource policy.

Specified by:

addToResourcePolicy in interface IKey

Parameters:

statement - This parameter is required.

allowNoOp -

addToResourcePolicy

public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement)

Adds a statement to the KMS key resource policy.

Specified by:

addToResourcePolicy in interface IKey

Parameters:

statement - This parameter is required.

generatePhysicalName

protected java.lang.String generatePhysicalName()

Overrides:

generatePhysicalName in class Resource

grant

public Grant grant(IGrantable grantee,
                   java.lang.String... actions)

Grant the indicated permissions on this key to the given principal.

Specified by:

grant in interface IKey

Parameters:

grantee - This parameter is required.

actions - This parameter is required.

grantDecrypt

public Grant grantDecrypt(IGrantable grantee)

Grant decryption permissions using this key to the given principal.

Specified by:

grantDecrypt in interface IKey

Parameters:

grantee - This parameter is required.

grantEncrypt

public Grant grantEncrypt(IGrantable grantee)

Grant encryption permissions using this key to the given principal.

Specified by:

grantEncrypt in interface IKey

Parameters:

grantee - This parameter is required.

grantEncryptDecrypt

public Grant grantEncryptDecrypt(IGrantable grantee)

Grant encryption and decryption permissions using this key to the given principal.

Specified by:

grantEncryptDecrypt in interface IKey

Parameters:

grantee - This parameter is required.

getAliasName

public java.lang.String getAliasName()

The name of the alias.

Specified by:

getAliasName in interface IAlias

getAliasTargetKey

public IKey getAliasTargetKey()

The Key to which the Alias refers.

Specified by:

getAliasTargetKey in interface IAlias

getKeyArn

public java.lang.String getKeyArn()

The ARN of the key.

Specified by:

getKeyArn in interface IKey

getKeyId

public java.lang.String getKeyId()

The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).

Specified by:

getKeyId in interface IKey