software.amazon.awscdk.services.kms

Class Alias

java.lang.Object

software.amazon.jsii.JsiiObject

software.constructs.Construct

software.amazon.awscdk.core.Construct

software.amazon.awscdk.core.Resource

software.amazon.awscdk.services.kms.Alias

All Implemented Interfaces:

IDependable, IResource, IAlias, IKey, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct

@Generated(value="jsii-pacmak/1.74.0 (build 6d08790)",
           date="2023-05-19T23:09:24.335Z")
 @Stability(value=Stable)
public class Alias
extends Resource
implements IAlias

Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).

Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.

You can also add an alias for a key by calling key.addAlias(alias).

Example:

 // Passing an encrypted replication bucket created in a different stack.
 App app = new App();
 Stack replicationStack = Stack.Builder.create(app, "ReplicationStack")
         .env(Environment.builder()
                 .region("us-west-1")
                 .build())
         .build();
 Key key = new Key(replicationStack, "ReplicationKey");
 Alias alias = Alias.Builder.create(replicationStack, "ReplicationAlias")
         // aliasName is required
         .aliasName(PhysicalName.GENERATE_IF_NEEDED)
         .targetKey(key)
         .build();
 Bucket replicationBucket = Bucket.Builder.create(replicationStack, "ReplicationBucket")
         .bucketName(PhysicalName.GENERATE_IF_NEEDED)
         .encryptionKey(alias)
         .build();
 

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
static class	Alias.Builder A fluent builder for Alias.

Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject

software.amazon.jsii.JsiiObject.InitializationMode

Nested classes/interfaces inherited from interface software.amazon.awscdk.services.kms.IAlias

IAlias.Jsii$Default, IAlias.Jsii$Proxy

Constructor Summary

Constructors

Modifier	Constructor and Description
	Alias(software.constructs.Construct scope, String id, AliasProps props)
protected	Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
protected	Alias(software.amazon.jsii.JsiiObjectRef objRef)

Method Summary

Modifier and Type	Method and Description
Alias	addAlias(String alias) Defines a new alias for the key.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement) Adds a statement to the KMS key resource policy.
AddToResourcePolicyResult	addToResourcePolicy(PolicyStatement statement, Boolean allowNoOp) Adds a statement to the KMS key resource policy.
static IAlias	fromAliasAttributes(software.constructs.Construct scope, String id, AliasAttributes attrs) Import an existing KMS Alias defined outside the CDK app.
static IAlias	fromAliasName(software.constructs.Construct scope, String id, String aliasName) Import an existing KMS Alias defined outside the CDK app, by the alias name.
protected String	generatePhysicalName()
String	getAliasName() The name of the alias.
IKey	getAliasTargetKey() The Key to which the Alias refers.
String	getKeyArn() The ARN of the key.
String	getKeyId() The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
Grant	grant(IGrantable grantee, String... actions) Grant the indicated permissions on this key to the given principal.
Grant	grantDecrypt(IGrantable grantee) Grant decryption permissions using this key to the given principal.
Grant	grantEncrypt(IGrantable grantee) Grant encryption permissions using this key to the given principal.
Grant	grantEncryptDecrypt(IGrantable grantee) Grant encryption and decryption permissions using this key to the given principal.

Methods inherited from class software.amazon.awscdk.core.Resource

applyRemovalPolicy, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource

Methods inherited from class software.amazon.awscdk.core.Construct

getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate

Methods inherited from class software.constructs.Construct

toString

Methods inherited from class software.amazon.jsii.JsiiObject

jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Methods inherited from interface software.amazon.awscdk.core.IResource

applyRemovalPolicy, getEnv, getStack

Methods inherited from interface software.amazon.awscdk.core.IConstruct

getNode

Methods inherited from interface software.amazon.jsii.JsiiSerializable

$jsii$toJson

Constructor Detail

Alias

protected Alias(software.amazon.jsii.JsiiObjectRef objRef)

Alias

protected Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)

Alias

@Stability(value=Stable)
public Alias(@NotNull
                                      software.constructs.Construct scope,
                                      @NotNull
                                      String id,
                                      @NotNull
                                      AliasProps props)

Parameters:

scope - This parameter is required.

id - This parameter is required.

props - This parameter is required.

Method Detail

fromAliasAttributes

@Stability(value=Stable)
 @NotNull
public static IAlias fromAliasAttributes(@NotNull
                                                                            software.constructs.Construct scope,
                                                                            @NotNull
                                                                            String id,
                                                                            @NotNull
                                                                            AliasAttributes attrs)

Import an existing KMS Alias defined outside the CDK app.

Parameters:

scope - The parent creating construct (usually `this`). This parameter is required.

id - The construct's name. This parameter is required.

attrs - the properties of the referenced KMS Alias. This parameter is required.

fromAliasName

@Stability(value=Stable)
 @NotNull
public static IAlias fromAliasName(@NotNull
                                                                      software.constructs.Construct scope,
                                                                      @NotNull
                                                                      String id,
                                                                      @NotNull
                                                                      String aliasName)

Import an existing KMS Alias defined outside the CDK app, by the alias name.

This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported.

Parameters:

scope - The parent creating construct (usually `this`). This parameter is required.

id - The construct's name. This parameter is required.

aliasName - The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias'). This parameter is required.

addAlias

@Stability(value=Stable)
 @NotNull
public Alias addAlias(@NotNull
                                                         String alias)

Defines a new alias for the key.

Specified by:

addAlias in interface IKey

Parameters:

alias - This parameter is required.

addToResourcePolicy

@Stability(value=Stable)
 @NotNull
public AddToResourcePolicyResult addToResourcePolicy(@NotNull
                                                                                        PolicyStatement statement,
                                                                                        @Nullable
                                                                                        Boolean allowNoOp)

Adds a statement to the KMS key resource policy.

Specified by:

addToResourcePolicy in interface IKey

Parameters:

statement - This parameter is required.

allowNoOp -

addToResourcePolicy

@Stability(value=Stable)
 @NotNull
public AddToResourcePolicyResult addToResourcePolicy(@NotNull
                                                                                        PolicyStatement statement)

Adds a statement to the KMS key resource policy.

Specified by:

addToResourcePolicy in interface IKey

Parameters:

statement - This parameter is required.

generatePhysicalName

@Stability(value=Stable)
 @NotNull
protected String generatePhysicalName()

Overrides:

generatePhysicalName in class Resource

grant

@Stability(value=Stable)
 @NotNull
public Grant grant(@NotNull
                                                      IGrantable grantee,
                                                      @NotNull
                                                      String... actions)

Grant the indicated permissions on this key to the given principal.

Specified by:

grant in interface IKey

Parameters:

grantee - This parameter is required.

actions - This parameter is required.

grantDecrypt

@Stability(value=Stable)
 @NotNull
public Grant grantDecrypt(@NotNull
                                                             IGrantable grantee)

Grant decryption permissions using this key to the given principal.

Specified by:

grantDecrypt in interface IKey

Parameters:

grantee - This parameter is required.

grantEncrypt

@Stability(value=Stable)
 @NotNull
public Grant grantEncrypt(@NotNull
                                                             IGrantable grantee)

Grant encryption permissions using this key to the given principal.

Specified by:

grantEncrypt in interface IKey

Parameters:

grantee - This parameter is required.

grantEncryptDecrypt

@Stability(value=Stable)
 @NotNull
public Grant grantEncryptDecrypt(@NotNull
                                                                    IGrantable grantee)

Grant encryption and decryption permissions using this key to the given principal.

Specified by:

grantEncryptDecrypt in interface IKey

Parameters:

grantee - This parameter is required.

getAliasName

@Stability(value=Stable)
 @NotNull
public String getAliasName()

The name of the alias.

Specified by:

getAliasName in interface IAlias

getAliasTargetKey

@Stability(value=Stable)
 @NotNull
public IKey getAliasTargetKey()

The Key to which the Alias refers.

Specified by:

getAliasTargetKey in interface IAlias

getKeyArn

@Stability(value=Stable)
 @NotNull
public String getKeyArn()

The ARN of the key.

Specified by:

getKeyArn in interface IKey

getKeyId

@Stability(value=Stable)
 @NotNull
public String getKeyId()

The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).

Specified by:

getKeyId in interface IKey