Package software.amazon.awscdk.services.kms

Interface IKey

All Superinterfaces:
software.constructs.IConstruct, software.constructs.IDependable, IEnvironmentAware, IKeyRef, IResource, software.amazon.jsii.JsiiSerializable
All Known Subinterfaces:
IAlias, IAlias.Jsii$Default, IKey.Jsii$Default
All Known Implementing Classes:
Alias, IAlias.Jsii$Proxy, IKey.Jsii$Proxy, Key
@Generated(value="jsii-pacmak/1.119.0 (build 1634eac)", date="2025-11-13T16:10:08.315Z") @Stability(Stable) public interface IKey extends software.amazon.jsii.JsiiSerializable, IResource, IKeyRef
A KMS Key, either managed by this CDK app, or imported.

This interface does double duty: it represents an actual KMS keys, but it also represents things that can behave like KMS keys, like a key alias.

  • Method Details

    • getKeyArn

      @Stability(Stable) @NotNull String getKeyArn()
      The ARN of the key.

    • getKeyId

      @Stability(Stable) @NotNull String getKeyId()
      The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).

    • addAlias

      @Stability(Stable) @NotNull Alias addAlias(@NotNull String alias)
      Defines a new alias for the key.

      Parameters:
      alias - This parameter is required.

    • addToResourcePolicy

      @Stability(Stable) @NotNull AddToResourcePolicyResult addToResourcePolicy(@NotNull PolicyStatement statement, @Nullable Boolean allowNoOp)
      Adds a statement to the KMS key resource policy.

      Parameters:
      statement - The policy statement to add. This parameter is required.
      allowNoOp - If this is set to false and there is no policy defined (i.e. external key), the operation will fail. Otherwise, it will no-op.

    • addToResourcePolicy

      @Stability(Stable) @NotNull AddToResourcePolicyResult addToResourcePolicy(@NotNull PolicyStatement statement)
      Adds a statement to the KMS key resource policy.

      Parameters:
      statement - The policy statement to add. This parameter is required.

    • grant

      @Stability(Stable) @NotNull Grant grant(@NotNull IGrantable grantee, @NotNull String... actions)
      Grant the indicated permissions on this key to the given principal.

      Parameters:
      grantee - This parameter is required.
      actions - This parameter is required.

    • grantDecrypt

      @Stability(Stable) @NotNull Grant grantDecrypt(@NotNull IGrantable grantee)
      Grant decryption permissions using this key to the given principal.

      Parameters:
      grantee - This parameter is required.

    • grantEncrypt

      @Stability(Stable) @NotNull Grant grantEncrypt(@NotNull IGrantable grantee)
      Grant encryption permissions using this key to the given principal.

      Parameters:
      grantee - This parameter is required.

    • grantEncryptDecrypt

      @Stability(Stable) @NotNull Grant grantEncryptDecrypt(@NotNull IGrantable grantee)
      Grant encryption and decryption permissions using this key to the given principal.

      Parameters:
      grantee - This parameter is required.

    • grantGenerateMac

      @Stability(Stable) @NotNull Grant grantGenerateMac(@NotNull IGrantable grantee)
      Grant permissions to generating MACs to the given principal.

      Parameters:
      grantee - This parameter is required.

    • grantSign

      @Stability(Stable) @NotNull Grant grantSign(@NotNull IGrantable grantee)
      Grant sign permissions using this key to the given principal.

      Parameters:
      grantee - This parameter is required.

    • grantSignVerify

      @Stability(Stable) @NotNull Grant grantSignVerify(@NotNull IGrantable grantee)
      Grant sign and verify permissions using this key to the given principal.

      Parameters:
      grantee - This parameter is required.

    • grantVerify

      @Stability(Stable) @NotNull Grant grantVerify(@NotNull IGrantable grantee)
      Grant verify permissions using this key to the given principal.

      Parameters:
      grantee - This parameter is required.

    • grantVerifyMac

      @Stability(Stable) @NotNull Grant grantVerifyMac(@NotNull IGrantable grantee)
      Grant permissions to verifying MACs to the given principal.

      Parameters:
      grantee - This parameter is required.

    • getNode

      @Stability(Stable) @NotNull software.constructs.Node getNode()
      The tree node.
      Specified by:
      getNode in interface software.constructs.IConstruct

    • getEnv

      @Stability(Stable) @NotNull ResourceEnvironment getEnv()
      The environment this resource belongs to.

      For resources that are created and managed in a Stack (those created by creating new class instances like new Role(), new Bucket(), etc.), this is always the same as the environment of the stack they belong to.

      For referenced resources (those obtained from referencing methods like Role.fromRoleArn(), Bucket.fromBucketName(), etc.), they might be different than the stack they were imported into.

      Specified by:
      getEnv in interface IEnvironmentAware