@Generated(value="jsii-pacmak/1.73.0 (build 6faeda3)", date="2023-01-25T18:29:01.768Z") public class Alias extends Resource implements IAlias
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias)
.
Example:
// Passing an encrypted replication bucket created in a different stack. App app = new App(); Stack replicationStack = Stack.Builder.create(app, "ReplicationStack") .env(Environment.builder() .region("us-west-1") .build()) .build(); Key key = new Key(replicationStack, "ReplicationKey"); Alias alias = Alias.Builder.create(replicationStack, "ReplicationAlias") // aliasName is required .aliasName(PhysicalName.GENERATE_IF_NEEDED) .targetKey(key) .build(); Bucket replicationBucket = Bucket.Builder.create(replicationStack, "ReplicationBucket") .bucketName(PhysicalName.GENERATE_IF_NEEDED) .encryptionKey(alias) .build();
Modifier and Type | Class and Description |
---|---|
static class |
Alias.Builder
A fluent builder for
Alias . |
IAlias.Jsii$Default, IAlias.Jsii$Proxy
Modifier | Constructor and Description |
---|---|
protected |
Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) |
protected |
Alias(software.amazon.jsii.JsiiObjectRef objRef) |
|
Alias(software.constructs.Construct scope,
java.lang.String id,
AliasProps props) |
Modifier and Type | Method and Description |
---|---|
Alias |
addAlias(java.lang.String alias)
Defines a new alias for the key.
|
AddToResourcePolicyResult |
addToResourcePolicy(PolicyStatement statement)
Adds a statement to the KMS key resource policy.
|
AddToResourcePolicyResult |
addToResourcePolicy(PolicyStatement statement,
java.lang.Boolean allowNoOp)
Adds a statement to the KMS key resource policy.
|
static IAlias |
fromAliasAttributes(software.constructs.Construct scope,
java.lang.String id,
AliasAttributes attrs)
Import an existing KMS Alias defined outside the CDK app.
|
static IAlias |
fromAliasName(software.constructs.Construct scope,
java.lang.String id,
java.lang.String aliasName)
Import an existing KMS Alias defined outside the CDK app, by the alias name.
|
protected java.lang.String |
generatePhysicalName() |
java.lang.String |
getAliasName()
The name of the alias.
|
IKey |
getAliasTargetKey()
The Key to which the Alias refers.
|
java.lang.String |
getKeyArn()
The ARN of the key.
|
java.lang.String |
getKeyId()
The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
|
Grant |
grant(IGrantable grantee,
java.lang.String... actions)
Grant the indicated permissions on this key to the given principal.
|
Grant |
grantDecrypt(IGrantable grantee)
Grant decryption permissions using this key to the given principal.
|
Grant |
grantEncrypt(IGrantable grantee)
Grant encryption permissions using this key to the given principal.
|
Grant |
grantEncryptDecrypt(IGrantable grantee)
Grant encryption and decryption permissions using this key to the given principal.
|
applyRemovalPolicy, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isResource
getNode, isConstruct, onPrepare, onSynthesize, onValidate, prepare, synthesize, validate
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
applyRemovalPolicy, getEnv, getStack
getNode
protected Alias(software.amazon.jsii.JsiiObjectRef objRef)
protected Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
public Alias(software.constructs.Construct scope, java.lang.String id, AliasProps props)
scope
- This parameter is required.id
- This parameter is required.props
- This parameter is required.public static IAlias fromAliasAttributes(software.constructs.Construct scope, java.lang.String id, AliasAttributes attrs)
scope
- The parent creating construct (usually `this`). This parameter is required.id
- The construct's name. This parameter is required.attrs
- the properties of the referenced KMS Alias. This parameter is required.public static IAlias fromAliasName(software.constructs.Construct scope, java.lang.String id, java.lang.String aliasName)
This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported.
scope
- The parent creating construct (usually `this`). This parameter is required.id
- The construct's name. This parameter is required.aliasName
- The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias'). This parameter is required.public Alias addAlias(java.lang.String alias)
public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement, java.lang.Boolean allowNoOp)
addToResourcePolicy
in interface IKey
statement
- This parameter is required.allowNoOp
- public AddToResourcePolicyResult addToResourcePolicy(PolicyStatement statement)
addToResourcePolicy
in interface IKey
statement
- This parameter is required.protected java.lang.String generatePhysicalName()
generatePhysicalName
in class Resource
public Grant grant(IGrantable grantee, java.lang.String... actions)
public Grant grantDecrypt(IGrantable grantee)
grantDecrypt
in interface IKey
grantee
- This parameter is required.public Grant grantEncrypt(IGrantable grantee)
grantEncrypt
in interface IKey
grantee
- This parameter is required.public Grant grantEncryptDecrypt(IGrantable grantee)
grantEncryptDecrypt
in interface IKey
grantee
- This parameter is required.public java.lang.String getAliasName()
getAliasName
in interface IAlias
public IKey getAliasTargetKey()
getAliasTargetKey
in interface IAlias
public java.lang.String getKeyArn()