Class Alias
Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).
Inherited Members
Namespace: Amazon.CDK.AWS.KMS
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class Alias : Resource, IAlias, IKey, IResource, IConstruct, IDependableSyntax (vb)
Public Class [Alias] Inherits Resource Implements IAlias, IKey, IResource, IConstruct, IDependableRemarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
Examples
// Passing an encrypted replication bucket created in a different stack.
var app = new App();
var replicationStack = new Stack(app, "ReplicationStack", new StackProps {
Env = new Environment {
Region = "us-west-1"
}
});
var key = new Key(replicationStack, "ReplicationKey");
var alias = new Alias(replicationStack, "ReplicationAlias", new AliasProps {
// aliasName is required
AliasName = PhysicalName.GENERATE_IF_NEEDED,
TargetKey = key
});
var replicationBucket = new Bucket(replicationStack, "ReplicationBucket", new BucketProps {
BucketName = PhysicalName.GENERATE_IF_NEEDED,
EncryptionKey = alias
});Synopsis
Constructors
| Alias(Construct, string, IAliasProps) | Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS). |
Properties
| AliasArn | The ARN of the alias. |
| AliasName | The name of the alias. |
| AliasTargetKey | The Key to which the Alias refers. |
| KeyArn | (deprecated) The ARN of the alias. |
| KeyId | The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab). |
| PROPERTY_INJECTION_ID | Uniquely identifies this class. |
Methods
| AddAlias(string) | Defines a new alias for the key. |
| AddToResourcePolicy(PolicyStatement, bool?) | Adds a statement to the KMS key resource policy. |
| FromAliasAttributes(Construct, string, IAliasAttributes) | Import an existing KMS Alias defined outside the CDK app. |
| FromAliasName(Construct, string, string) | Import an existing KMS Alias defined outside the CDK app, by the alias name. |
| GeneratePhysicalName() | Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS). |
| Grant(IGrantable, params string[]) | Grant the indicated permissions on this key to the given principal. |
| GrantDecrypt(IGrantable) | Grant decryption permissions using this key to the given principal. |
| GrantEncrypt(IGrantable) | Grant encryption permissions using this key to the given principal. |
| GrantEncryptDecrypt(IGrantable) | Grant encryption and decryption permissions using this key to the given principal. |
| GrantGenerateMac(IGrantable) | Grant permissions to generating MACs to the given principal. |
| GrantSign(IGrantable) | Grant sign permissions using this key to the given principal. |
| GrantSignVerify(IGrantable) | Grant sign and verify permissions using this key to the given principal. |
| GrantVerify(IGrantable) | Grant verify permissions using this key to the given principal. |
| GrantVerifyMac(IGrantable) | Grant permissions to verifying MACs to the given principal. |
Constructors
Alias(Construct, string, IAliasProps)
Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).
public Alias(Construct scope, string id, IAliasProps props)Parameters
- scope Construct
- id string
- props IAliasProps
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
Examples
// Passing an encrypted replication bucket created in a different stack.
var app = new App();
var replicationStack = new Stack(app, "ReplicationStack", new StackProps {
Env = new Environment {
Region = "us-west-1"
}
});
var key = new Key(replicationStack, "ReplicationKey");
var alias = new Alias(replicationStack, "ReplicationAlias", new AliasProps {
// aliasName is required
AliasName = PhysicalName.GENERATE_IF_NEEDED,
TargetKey = key
});
var replicationBucket = new Bucket(replicationStack, "ReplicationBucket", new BucketProps {
BucketName = PhysicalName.GENERATE_IF_NEEDED,
EncryptionKey = alias
});Properties
AliasArn
The ARN of the alias.
public virtual string AliasArn { get; }Property Value
Remarks
Attribute: true
AliasName
The name of the alias.
public virtual string AliasName { get; }Property Value
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
AliasTargetKey
The Key to which the Alias refers.
public virtual IKey AliasTargetKey { get; }Property Value
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
KeyArn
(deprecated) The ARN of the alias.
[Obsolete("use `aliasArn` instead")]
public virtual string KeyArn { get; }Property Value
Remarks
Stability: Deprecated
Attribute: true
KeyId
The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
public virtual string KeyId { get; }Property Value
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
PROPERTY_INJECTION_ID
Uniquely identifies this class.
public static string PROPERTY_INJECTION_ID { get; }Property Value
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
Methods
AddAlias(string)
Defines a new alias for the key.
public virtual Alias AddAlias(string alias)Parameters
- alias string
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
AddToResourcePolicy(PolicyStatement, bool?)
Adds a statement to the KMS key resource policy.
public virtual IAddToResourcePolicyResult AddToResourcePolicy(PolicyStatement statement, bool? allowNoOp = null)Parameters
- statement PolicyStatement
- allowNoOp bool?
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
FromAliasAttributes(Construct, string, IAliasAttributes)
Import an existing KMS Alias defined outside the CDK app.
public static IAlias FromAliasAttributes(Construct scope, string id, IAliasAttributes attrs)Parameters
- scope Construct
The parent creating construct (usually
this).- id string
The construct's name.
- attrs IAliasAttributes
the properties of the referenced KMS Alias.
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
FromAliasName(Construct, string, string)
Import an existing KMS Alias defined outside the CDK app, by the alias name.
public static IAlias FromAliasName(Construct scope, string id, string aliasName)Parameters
- scope Construct
The parent creating construct (usually
this).- id string
The construct's name.
- aliasName string
The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias').
Returns
Remarks
This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias method is not supported.
If the @aws-cdk/aws-kms:applyImportedAliasPermissionsToPrincipal feature flag is set to true,
the grant* methods will use the kms:ResourceAliases condition to grant permissions to the specific alias name.
They will only modify the principal policy, not the key resource policy.
Without the feature flag grant* methods will be a no-op.
GeneratePhysicalName()
Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).
protected override string GeneratePhysicalName()Returns
Overrides
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
Grant(IGrantable, params string[])
Grant the indicated permissions on this key to the given principal.
public virtual Grant Grant(IGrantable grantee, params string[] actions)Parameters
- grantee IGrantable
- actions string[]
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
GrantDecrypt(IGrantable)
Grant decryption permissions using this key to the given principal.
public virtual Grant GrantDecrypt(IGrantable grantee)Parameters
- grantee IGrantable
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
GrantEncrypt(IGrantable)
Grant encryption permissions using this key to the given principal.
public virtual Grant GrantEncrypt(IGrantable grantee)Parameters
- grantee IGrantable
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
GrantEncryptDecrypt(IGrantable)
Grant encryption and decryption permissions using this key to the given principal.
public virtual Grant GrantEncryptDecrypt(IGrantable grantee)Parameters
- grantee IGrantable
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
GrantGenerateMac(IGrantable)
Grant permissions to generating MACs to the given principal.
public virtual Grant GrantGenerateMac(IGrantable grantee)Parameters
- grantee IGrantable
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
GrantSign(IGrantable)
Grant sign permissions using this key to the given principal.
public virtual Grant GrantSign(IGrantable grantee)Parameters
- grantee IGrantable
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
GrantSignVerify(IGrantable)
Grant sign and verify permissions using this key to the given principal.
public virtual Grant GrantSignVerify(IGrantable grantee)Parameters
- grantee IGrantable
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
GrantVerify(IGrantable)
Grant verify permissions using this key to the given principal.
public virtual Grant GrantVerify(IGrantable grantee)Parameters
- grantee IGrantable
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused
GrantVerifyMac(IGrantable)
Grant permissions to verifying MACs to the given principal.
public virtual Grant GrantVerifyMac(IGrantable grantee)Parameters
- grantee IGrantable
Returns
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias).
Resource: AWS::KMS::Alias
ExampleMetadata: infused