Class Alias
java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.Resource
software.amazon.awscdk.services.kms.Alias
- All Implemented Interfaces:
IResource
,IAlias
,IKey
,software.amazon.jsii.JsiiSerializable
,software.constructs.IConstruct
,software.constructs.IDependable
@Generated(value="jsii-pacmak/1.103.1 (build bef2dea)",
date="2024-10-05T03:43:45.344Z")
@Stability(Stable)
public class Alias
extends Resource
implements IAlias
Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias)
.
Example:
// Passing an encrypted replication bucket created in a different stack. App app = new App(); Stack replicationStack = Stack.Builder.create(app, "ReplicationStack") .env(Environment.builder() .region("us-west-1") .build()) .build(); Key key = new Key(replicationStack, "ReplicationKey"); Alias alias = Alias.Builder.create(replicationStack, "ReplicationAlias") // aliasName is required .aliasName(PhysicalName.GENERATE_IF_NEEDED) .targetKey(key) .build(); Bucket replicationBucket = Bucket.Builder.create(replicationStack, "ReplicationBucket") .bucketName(PhysicalName.GENERATE_IF_NEEDED) .encryptionKey(alias) .build();
-
Nested Class Summary
Nested classes/interfaces inherited from class software.amazon.jsii.JsiiObject
software.amazon.jsii.JsiiObject.InitializationMode
Nested classes/interfaces inherited from interface software.amazon.awscdk.services.kms.IAlias
IAlias.Jsii$Default, IAlias.Jsii$Proxy
Nested classes/interfaces inherited from interface software.constructs.IConstruct
software.constructs.IConstruct.Jsii$Default
Nested classes/interfaces inherited from interface software.amazon.awscdk.IResource
IResource.Jsii$Default
-
Constructor Summary
ModifierConstructorDescriptionprotected
Alias
(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) protected
Alias
(software.amazon.jsii.JsiiObjectRef objRef) Alias
(software.constructs.Construct scope, String id, AliasProps props) -
Method Summary
Modifier and TypeMethodDescriptionDefines a new alias for the key.addToResourcePolicy
(PolicyStatement statement) Adds a statement to the KMS key resource policy.addToResourcePolicy
(PolicyStatement statement, Boolean allowNoOp) Adds a statement to the KMS key resource policy.static IAlias
fromAliasAttributes
(software.constructs.Construct scope, String id, AliasAttributes attrs) Import an existing KMS Alias defined outside the CDK app.static IAlias
fromAliasName
(software.constructs.Construct scope, String id, String aliasName) Import an existing KMS Alias defined outside the CDK app, by the alias name.protected String
The ARN of the alias.The name of the alias.The Key to which the Alias refers.Deprecated.getKeyId()
The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).grant
(IGrantable grantee, @NotNull String... actions) Grant the indicated permissions on this key to the given principal.grantDecrypt
(IGrantable grantee) Grant decryption permissions using this key to the given principal.grantEncrypt
(IGrantable grantee) Grant encryption permissions using this key to the given principal.grantEncryptDecrypt
(IGrantable grantee) Grant encryption and decryption permissions using this key to the given principal.grantGenerateMac
(IGrantable grantee) Grant permissions to generating MACs to the given principal.grantVerifyMac
(IGrantable grantee) Grant permissions to verifying MACs to the given principal.Methods inherited from class software.amazon.awscdk.Resource
applyRemovalPolicy, getEnv, getPhysicalName, getResourceArnAttribute, getResourceNameAttribute, getStack, isOwnedResource, isResource
Methods inherited from class software.constructs.Construct
getNode, isConstruct, toString
Methods inherited from class software.amazon.jsii.JsiiObject
jsiiAsyncCall, jsiiAsyncCall, jsiiCall, jsiiCall, jsiiGet, jsiiGet, jsiiSet, jsiiStaticCall, jsiiStaticCall, jsiiStaticGet, jsiiStaticGet, jsiiStaticSet, jsiiStaticSet
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
Methods inherited from interface software.constructs.IConstruct
getNode
Methods inherited from interface software.amazon.awscdk.IResource
applyRemovalPolicy, getEnv, getStack
Methods inherited from interface software.amazon.jsii.JsiiSerializable
$jsii$toJson
-
Constructor Details
-
Alias
protected Alias(software.amazon.jsii.JsiiObjectRef objRef) -
Alias
protected Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode) -
Alias
@Stability(Stable) public Alias(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull AliasProps props) - Parameters:
scope
- This parameter is required.id
- This parameter is required.props
- This parameter is required.
-
-
Method Details
-
fromAliasAttributes
@Stability(Stable) @NotNull public static IAlias fromAliasAttributes(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull AliasAttributes attrs) Import an existing KMS Alias defined outside the CDK app.- Parameters:
scope
- The parent creating construct (usuallythis
). This parameter is required.id
- The construct's name. This parameter is required.attrs
- the properties of the referenced KMS Alias. This parameter is required.
-
fromAliasName
@Stability(Stable) @NotNull public static IAlias fromAliasName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String aliasName) Import an existing KMS Alias defined outside the CDK app, by the alias name.This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported.
- Parameters:
scope
- The parent creating construct (usuallythis
). This parameter is required.id
- The construct's name. This parameter is required.aliasName
- The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias'). This parameter is required.
-
addAlias
Defines a new alias for the key. -
addToResourcePolicy
@Stability(Stable) @NotNull public AddToResourcePolicyResult addToResourcePolicy(@NotNull PolicyStatement statement, @Nullable Boolean allowNoOp) Adds a statement to the KMS key resource policy.- Specified by:
addToResourcePolicy
in interfaceIKey
- Parameters:
statement
- This parameter is required.allowNoOp
-
-
addToResourcePolicy
@Stability(Stable) @NotNull public AddToResourcePolicyResult addToResourcePolicy(@NotNull PolicyStatement statement) Adds a statement to the KMS key resource policy.- Specified by:
addToResourcePolicy
in interfaceIKey
- Parameters:
statement
- This parameter is required.
-
generatePhysicalName
- Overrides:
generatePhysicalName
in classResource
-
grant
@Stability(Stable) @NotNull public Grant grant(@NotNull IGrantable grantee, @NotNull @NotNull String... actions) Grant the indicated permissions on this key to the given principal. -
grantDecrypt
Grant decryption permissions using this key to the given principal.- Specified by:
grantDecrypt
in interfaceIKey
- Parameters:
grantee
- This parameter is required.
-
grantEncrypt
Grant encryption permissions using this key to the given principal.- Specified by:
grantEncrypt
in interfaceIKey
- Parameters:
grantee
- This parameter is required.
-
grantEncryptDecrypt
Grant encryption and decryption permissions using this key to the given principal.- Specified by:
grantEncryptDecrypt
in interfaceIKey
- Parameters:
grantee
- This parameter is required.
-
grantGenerateMac
Grant permissions to generating MACs to the given principal.- Specified by:
grantGenerateMac
in interfaceIKey
- Parameters:
grantee
- This parameter is required.
-
grantVerifyMac
Grant permissions to verifying MACs to the given principal.- Specified by:
grantVerifyMac
in interfaceIKey
- Parameters:
grantee
- This parameter is required.
-
getAliasArn
The ARN of the alias. -
getAliasName
The name of the alias.- Specified by:
getAliasName
in interfaceIAlias
-
getAliasTargetKey
The Key to which the Alias refers.- Specified by:
getAliasTargetKey
in interfaceIAlias
-
getKeyArn
Deprecated.usealiasArn
instead(deprecated) The ARN of the alias. -
getKeyId
The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
-
aliasArn
instead