Package software.amazon.awscdk.services.kms

Class Alias

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.Resource

software.amazon.awscdk.services.kms.Alias

All Implemented Interfaces:

IConstruct, IDependable, IResource, IAlias, IKey, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct

@Generated(value="jsii-pacmak/1.84.0 (build 5404dcf)",
           date="2023-06-19T16:30:37.249Z")
@Stability(Stable)
public class Alias
extends Resource
implements IAlias

Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).

Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.

You can also add an alias for a key by calling key.addAlias(alias).

Example:

 // Passing an encrypted replication bucket created in a different stack.
 App app = new App();
 Stack replicationStack = Stack.Builder.create(app, "ReplicationStack")
         .env(Environment.builder()
                 .region("us-west-1")
                 .build())
         .build();
 Key key = new Key(replicationStack, "ReplicationKey");
 Alias alias = Alias.Builder.create(replicationStack, "ReplicationAlias")
         // aliasName is required
         .aliasName(PhysicalName.GENERATE_IF_NEEDED)
         .targetKey(key)
         .build();
 Bucket replicationBucket = Bucket.Builder.create(replicationStack, "ReplicationBucket")
         .bucketName(PhysicalName.GENERATE_IF_NEEDED)
         .encryptionKey(alias)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static final class	Alias.Builder	A fluent builder for Alias.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.kms.IAlias

IAlias.Jsii$Default, IAlias.Jsii$Proxy

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IConstruct

IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.constructs.IConstruct

software.constructs.IConstruct.Jsii$Default

Nested classes/interfaces inherited from interface software.amazon.awscdk.core.IResource

IResource.Jsii$Default

Constructor Summary

Constructors

Modifier	Constructor	Description
protected	Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	Alias(software.amazon.jsii.JsiiObjectRef objRef)
	Alias(software.constructs.Construct scope, String id, AliasProps props)

Method Summary

Modifier and Type	Method	Description
Alias	addAlias(String alias)	Defines a new alias for the key.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement)	Adds a statement to the KMS key resource policy.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement, Boolean allowNoOp)	Adds a statement to the KMS key resource policy.
static IAlias	fromAliasAttributes(software.constructs.Construct scope, String id, AliasAttributes attrs)	Import an existing KMS Alias defined outside the CDK app.
static IAlias	fromAliasName(software.constructs.Construct scope, String id, String aliasName)	Import an existing KMS Alias defined outside the CDK app, by the alias name.
protected String	generatePhysicalName()
String	getAliasName()	The name of the alias.
IKey	getAliasTargetKey()	The Key to which the Alias refers.
String	getKeyArn()	The ARN of the key.
String	getKeyId()	The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
Grant	grant(IGrantable grantee, @NotNull String... actions)	Grant the indicated permissions on this key to the given principal.
Grant	grantDecrypt(IGrantable grantee)	Grant decryption permissions using this key to the given principal.
Grant	grantEncrypt(IGrantable grantee)	Grant encryption permissions using this key to the given principal.
Grant	grantEncryptDecrypt(IGrantable grantee)	Grant encryption and decryption permissions using this key to the given principal.

Methods inherited from class software.amazon.awscdk.core.Resource

applyRemovalPolicy, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class software.constructs.Construct

toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.core.IConstruct

getNode

Methods inherited from interface software.amazon.awscdk.core.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Details

Alias

protected Alias(software.amazon.jsii.JsiiObjectRef objRef)

Alias

protected Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Alias

@Stability(Stable)
public Alias(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 AliasProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props - This parameter is required.

Method Details

fromAliasAttributes

@Stability(Stable)
@NotNull
public static IAlias fromAliasAttributes(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 AliasAttributes attrs)

Import an existing KMS Alias defined outside the CDK app.

Parameters:

scope - The parent creating construct (usually this). This parameter is required.

id - The construct's name. This parameter is required.

attrs - the properties of the referenced KMS Alias. This parameter is required.

fromAliasName

@Stability(Stable)
@NotNull
public static IAlias fromAliasName(@NotNull
 software.constructs.Construct scope,
 @NotNull
 String id,
 @NotNull
 String aliasName)

Import an existing KMS Alias defined outside the CDK app, by the alias name.

This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported.

Parameters:

scope - The parent creating construct (usually this). This parameter is required.

id - The construct's name. This parameter is required.

aliasName - The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias'). This parameter is required.

addAlias

@Stability(Stable)
@NotNull
public Alias addAlias(@NotNull
 String alias)

Defines a new alias for the key.

Specified by:

addAlias in interface IKey

Parameters:

alias - This parameter is required.

addToResourcePolicy

@Stability(Stable)
@NotNull
public AddToResourcePolicyResult addToResourcePolicy(@NotNull
 PolicyStatement statement,
 @Nullable
 Boolean allowNoOp)

Adds a statement to the KMS key resource policy.

Specified by:

addToResourcePolicy in interface IKey

Parameters:

statement - This parameter is required.

allowNoOp -

addToResourcePolicy

@Stability(Stable)
@NotNull
public AddToResourcePolicyResult addToResourcePolicy(@NotNull
 PolicyStatement statement)

Adds a statement to the KMS key resource policy.

Specified by:

addToResourcePolicy in interface IKey

Parameters:

statement - This parameter is required.

generatePhysicalName

@Stability(Stable)
@NotNull
protected String generatePhysicalName()

Overrides:

generatePhysicalName in class Resource

grant

@Stability(Stable)
@NotNull
public Grant grant(@NotNull
 IGrantable grantee,
 @NotNull
 @NotNull String... actions)

Grant the indicated permissions on this key to the given principal.

Specified by:

grant in interface IKey

Parameters:

grantee - This parameter is required.

actions - This parameter is required.

grantDecrypt

@Stability(Stable)
@NotNull
public Grant grantDecrypt(@NotNull
 IGrantable grantee)

Grant decryption permissions using this key to the given principal.

Specified by:

grantDecrypt in interface IKey

Parameters:

grantee - This parameter is required.

grantEncrypt

@Stability(Stable)
@NotNull
public Grant grantEncrypt(@NotNull
 IGrantable grantee)

Grant encryption permissions using this key to the given principal.

Specified by:

grantEncrypt in interface IKey

Parameters:

grantee - This parameter is required.

grantEncryptDecrypt

@Stability(Stable)
@NotNull
public Grant grantEncryptDecrypt(@NotNull
 IGrantable grantee)

Grant encryption and decryption permissions using this key to the given principal.

Specified by:

grantEncryptDecrypt in interface IKey

Parameters:

grantee - This parameter is required.

getAliasName

@Stability(Stable)
@NotNull
public String getAliasName()

The name of the alias.

Specified by:

getAliasName in interface IAlias

getAliasTargetKey

@Stability(Stable)
@NotNull
public IKey getAliasTargetKey()

The Key to which the Alias refers.

Specified by:

getAliasTargetKey in interface IAlias

getKeyArn

@Stability(Stable)
@NotNull
public String getKeyArn()

The ARN of the key.

Specified by:

getKeyArn in interface IKey

getKeyId

@Stability(Stable)
@NotNull
public String getKeyId()

The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).

Specified by:

getKeyId in interface IKey