Working with aliases using the AWS KMS API and the AWS SDK for PHP Version 3
AWS Key Management Service (AWS KMS) provides an optional display name for an AWS KMS key called an alias.
The following examples show how to:
-
Create an alias using CreateAlias.
-
View an alias using ListAliases.
-
Update an alias using UpdateAlias.
-
Delete an alias using DeleteAlias.
All the example code for the AWS SDK for PHP is available here on
GitHub
Credentials
Before running the example code, configure your AWS credentials, as described in Credentials. Then import the AWS SDK for PHP, as described in Basic usage.
For more information about using AWS Key Management Service (AWS KMS), see the AWS KMS Developer Guide.
Create an alias
To create an alias for a KMS key, use the CreateAlias
operation. The alias must be unique in the account and AWS Region. If you create an alias
for a KMS key that already has an alias, CreateAlias
creates another alias
to the same KMS key. It doesn’t replace the existing alias.
Imports
require 'vendor/autoload.php'; use Aws\Exception\AwsException;
Sample Code
$KmsClient = new Aws\Kms\KmsClient([ 'profile' => 'default', 'version' => '2014-11-01', 'region' => 'us-east-2' ]); $keyId = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab'; $aliasName = "alias/projectKey1"; try { $result = $KmsClient->createAlias([ 'AliasName' => $aliasName, 'TargetKeyId' => $keyId, ]); var_dump($result); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; }
View an alias
To list all aliases in the caller's AWS account and AWS Region, use the ListAliases operation.
Imports
require 'vendor/autoload.php'; use Aws\Exception\AwsException;
Sample Code
$KmsClient = new Aws\Kms\KmsClient([ 'profile' => 'default', 'version' => '2014-11-01', 'region' => 'us-east-2' ]); $limit = 10; try { $result = $KmsClient->listAliases([ 'Limit' => $limit, ]); var_dump($result); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; }
Update an alias
To associate an existing alias with a different KMS key, use the UpdateAlias operation.
Imports
require 'vendor/autoload.php'; use Aws\Exception\AwsException;
Sample Code
$KmsClient = new Aws\Kms\KmsClient([ 'profile' => 'default', 'version' => '2014-11-01', 'region' => 'us-east-2' ]); $keyId = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab'; $aliasName = "alias/projectKey1"; try { $result = $KmsClient->updateAlias([ 'AliasName' => $aliasName, 'TargetKeyId' => $keyId, ]); var_dump($result); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; }
Delete an alias
To delete an alias, use the DeleteAlias operation. Deleting an alias has no effect on the underlying KMS key.
Imports
require 'vendor/autoload.php'; use Aws\Exception\AwsException;
Sample Code
$KmsClient = new Aws\Kms\KmsClient([ 'profile' => 'default', 'version' => '2014-11-01', 'region' => 'us-east-2' ]); $aliasName = "alias/projectKey1"; try { $result = $KmsClient->deleteAlias([ 'AliasName' => $aliasName, ]); var_dump($result); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; }