java.lang.Object
software.amazon.jsii.JsiiObject
software.constructs.Construct
software.amazon.awscdk.Resource
software.amazon.awscdk.services.kms.Alias
All Implemented Interfaces:
IResource, IAlias, IKey, software.amazon.jsii.JsiiSerializable, software.constructs.IConstruct, software.constructs.IDependable

@Generated(value="jsii-pacmak/1.103.1 (build bef2dea)", date="2024-10-05T03:43:45.344Z") @Stability(Stable) public class Alias extends Resource implements IAlias
Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).

Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.

You can also add an alias for a key by calling key.addAlias(alias).

Example:

 // Passing an encrypted replication bucket created in a different stack.
 App app = new App();
 Stack replicationStack = Stack.Builder.create(app, "ReplicationStack")
         .env(Environment.builder()
                 .region("us-west-1")
                 .build())
         .build();
 Key key = new Key(replicationStack, "ReplicationKey");
 Alias alias = Alias.Builder.create(replicationStack, "ReplicationAlias")
         // aliasName is required
         .aliasName(PhysicalName.GENERATE_IF_NEEDED)
         .targetKey(key)
         .build();
 Bucket replicationBucket = Bucket.Builder.create(replicationStack, "ReplicationBucket")
         .bucketName(PhysicalName.GENERATE_IF_NEEDED)
         .encryptionKey(alias)
         .build();
 
  • Constructor Details

    • Alias

      protected Alias(software.amazon.jsii.JsiiObjectRef objRef)
    • Alias

      protected Alias(software.amazon.jsii.JsiiObject.InitializationMode initializationMode)
    • Alias

      @Stability(Stable) public Alias(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull AliasProps props)
      Parameters:
      scope - This parameter is required.
      id - This parameter is required.
      props - This parameter is required.
  • Method Details

    • fromAliasAttributes

      @Stability(Stable) @NotNull public static IAlias fromAliasAttributes(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull AliasAttributes attrs)
      Import an existing KMS Alias defined outside the CDK app.

      Parameters:
      scope - The parent creating construct (usually this). This parameter is required.
      id - The construct's name. This parameter is required.
      attrs - the properties of the referenced KMS Alias. This parameter is required.
    • fromAliasName

      @Stability(Stable) @NotNull public static IAlias fromAliasName(@NotNull software.constructs.Construct scope, @NotNull String id, @NotNull String aliasName)
      Import an existing KMS Alias defined outside the CDK app, by the alias name.

      This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported.

      Parameters:
      scope - The parent creating construct (usually this). This parameter is required.
      id - The construct's name. This parameter is required.
      aliasName - The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias'). This parameter is required.
    • addAlias

      @Stability(Stable) @NotNull public Alias addAlias(@NotNull String alias)
      Defines a new alias for the key.

      Specified by:
      addAlias in interface IKey
      Parameters:
      alias - This parameter is required.
    • addToResourcePolicy

      @Stability(Stable) @NotNull public AddToResourcePolicyResult addToResourcePolicy(@NotNull PolicyStatement statement, @Nullable Boolean allowNoOp)
      Adds a statement to the KMS key resource policy.

      Specified by:
      addToResourcePolicy in interface IKey
      Parameters:
      statement - This parameter is required.
      allowNoOp -
    • addToResourcePolicy

      @Stability(Stable) @NotNull public AddToResourcePolicyResult addToResourcePolicy(@NotNull PolicyStatement statement)
      Adds a statement to the KMS key resource policy.

      Specified by:
      addToResourcePolicy in interface IKey
      Parameters:
      statement - This parameter is required.
    • generatePhysicalName

      @Stability(Stable) @NotNull protected String generatePhysicalName()
      Overrides:
      generatePhysicalName in class Resource
    • grant

      @Stability(Stable) @NotNull public Grant grant(@NotNull IGrantable grantee, @NotNull @NotNull String... actions)
      Grant the indicated permissions on this key to the given principal.

      Specified by:
      grant in interface IKey
      Parameters:
      grantee - This parameter is required.
      actions - This parameter is required.
    • grantDecrypt

      @Stability(Stable) @NotNull public Grant grantDecrypt(@NotNull IGrantable grantee)
      Grant decryption permissions using this key to the given principal.

      Specified by:
      grantDecrypt in interface IKey
      Parameters:
      grantee - This parameter is required.
    • grantEncrypt

      @Stability(Stable) @NotNull public Grant grantEncrypt(@NotNull IGrantable grantee)
      Grant encryption permissions using this key to the given principal.

      Specified by:
      grantEncrypt in interface IKey
      Parameters:
      grantee - This parameter is required.
    • grantEncryptDecrypt

      @Stability(Stable) @NotNull public Grant grantEncryptDecrypt(@NotNull IGrantable grantee)
      Grant encryption and decryption permissions using this key to the given principal.

      Specified by:
      grantEncryptDecrypt in interface IKey
      Parameters:
      grantee - This parameter is required.
    • grantGenerateMac

      @Stability(Stable) @NotNull public Grant grantGenerateMac(@NotNull IGrantable grantee)
      Grant permissions to generating MACs to the given principal.

      Specified by:
      grantGenerateMac in interface IKey
      Parameters:
      grantee - This parameter is required.
    • grantVerifyMac

      @Stability(Stable) @NotNull public Grant grantVerifyMac(@NotNull IGrantable grantee)
      Grant permissions to verifying MACs to the given principal.

      Specified by:
      grantVerifyMac in interface IKey
      Parameters:
      grantee - This parameter is required.
    • getAliasArn

      @Stability(Stable) @NotNull public String getAliasArn()
      The ARN of the alias.
    • getAliasName

      @Stability(Stable) @NotNull public String getAliasName()
      The name of the alias.
      Specified by:
      getAliasName in interface IAlias
    • getAliasTargetKey

      @Stability(Stable) @NotNull public IKey getAliasTargetKey()
      The Key to which the Alias refers.
      Specified by:
      getAliasTargetKey in interface IAlias
    • getKeyArn

      @Stability(Deprecated) @Deprecated @NotNull public String getKeyArn()
      Deprecated.
      use aliasArn instead
      (deprecated) The ARN of the alias.

      Specified by:
      getKeyArn in interface IKey
    • getKeyId

      @Stability(Stable) @NotNull public String getKeyId()
      The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
      Specified by:
      getKeyId in interface IKey