Class Alias
Defines a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS).
Inherited Members
Namespace: Amazon.CDK.AWS.KMS
Assembly: Amazon.CDK.Lib.dll
Syntax (csharp)
public class Alias : Resource, IAlias, IKey, IResource
Syntax (vb)
Public Class Alias
Inherits Resource
Implements IAlias, IKey, IResource
Remarks
Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
You can also add an alias for a key by calling key.addAlias(alias)
.
Resource: AWS::KMS::Alias
ExampleMetadata: infused
Examples
// Passing an encrypted replication bucket created in a different stack.
var app = new App();
var replicationStack = new Stack(app, "ReplicationStack", new StackProps {
Env = new Environment {
Region = "us-west-1"
}
});
var key = new Key(replicationStack, "ReplicationKey");
var alias = new Alias(replicationStack, "ReplicationAlias", new AliasProps {
// aliasName is required
AliasName = PhysicalName.GENERATE_IF_NEEDED,
TargetKey = key
});
var replicationBucket = new Bucket(replicationStack, "ReplicationBucket", new BucketProps {
BucketName = PhysicalName.GENERATE_IF_NEEDED,
EncryptionKey = alias
});
Synopsis
Constructors
Alias(By |
Used by jsii to construct an instance of this class from a Javascript-owned object reference |
Alias(Deputy |
Used by jsii to construct an instance of this class from DeputyProps |
Alias(Construct, String, IAlias |
Properties
Alias |
The ARN of the alias. |
Alias |
The name of the alias. |
Alias |
The Key to which the Alias refers. |
Key |
(deprecated) The ARN of the alias. |
Key |
The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab). |
Methods
Add |
Defines a new alias for the key. |
AddToResourcePolicy(PolicyStatement, Nullable<Boolean>) | Adds a statement to the KMS key resource policy. |
From |
Import an existing KMS Alias defined outside the CDK app. |
From |
Import an existing KMS Alias defined outside the CDK app, by the alias name. |
Generate |
|
Grant(IGrantable, String[]) | Grant the indicated permissions on this key to the given principal. |
Grant |
Grant decryption permissions using this key to the given principal. |
Grant |
Grant encryption permissions using this key to the given principal. |
Grant |
Grant encryption and decryption permissions using this key to the given principal. |
Grant |
Grant permissions to generating MACs to the given principal. |
Grant |
Grant sign permissions using this key to the given principal. |
Grant |
Grant sign and verify permissions using this key to the given principal. |
Grant |
Grant verify permissions using this key to the given principal. |
Grant |
Grant permissions to verifying MACs to the given principal. |
Constructors
Alias(ByRefValue)
Used by jsii to construct an instance of this class from a Javascript-owned object reference
protected Alias(ByRefValue reference)
Parameters
- reference Amazon.
JSII. Runtime. Deputy. By Ref Value The Javascript-owned object reference
Alias(DeputyBase.DeputyProps)
Used by jsii to construct an instance of this class from DeputyProps
protected Alias(DeputyBase.DeputyProps props)
Parameters
- props Amazon.
JSII. Runtime. Deputy. Deputy Base. Deputy Props The deputy props
Alias(Construct, String, IAliasProps)
public Alias(Construct scope, string id, IAliasProps props)
Parameters
- scope Constructs.
Construct - id System.
String - props IAlias
Props
Properties
AliasArn
The ARN of the alias.
public virtual string AliasArn { get; }
Property Value
System.
Remarks
Attribute: true
AliasName
The name of the alias.
public virtual string AliasName { get; }
Property Value
System.
AliasTargetKey
KeyArn
(deprecated) The ARN of the alias.
public virtual string KeyArn { get; }
Property Value
System.
Remarks
Stability: Deprecated
Attribute: true
KeyId
The ID of the key (the part that looks something like: 1234abcd-12ab-34cd-56ef-1234567890ab).
public virtual string KeyId { get; }
Property Value
System.
Methods
AddAlias(String)
Defines a new alias for the key.
public virtual Alias AddAlias(string alias)
Parameters
- alias System.
String
Returns
AddToResourcePolicy(PolicyStatement, Nullable<Boolean>)
Adds a statement to the KMS key resource policy.
public virtual IAddToResourcePolicyResult AddToResourcePolicy(PolicyStatement statement, Nullable<bool> allowNoOp = null)
Parameters
- statement Policy
Statement - allowNoOp System.
Nullable <System.Boolean >
Returns
FromAliasAttributes(Construct, String, IAliasAttributes)
Import an existing KMS Alias defined outside the CDK app.
public static IAlias FromAliasAttributes(Construct scope, string id, IAliasAttributes attrs)
Parameters
- scope Constructs.
Construct The parent creating construct (usually
this
).- id System.
String The construct's name.
- attrs IAlias
Attributes the properties of the referenced KMS Alias.
Returns
FromAliasName(Construct, String, String)
Import an existing KMS Alias defined outside the CDK app, by the alias name.
public static IAlias FromAliasName(Construct scope, string id, string aliasName)
Parameters
- scope Constructs.
Construct The parent creating construct (usually
this
).- id System.
String The construct's name.
- aliasName System.
String The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias').
Returns
Remarks
This method should be used instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported.
GeneratePhysicalName()
protected override string GeneratePhysicalName()
Returns
System.
Overrides
Grant(IGrantable, String[])
Grant the indicated permissions on this key to the given principal.
public virtual Grant Grant(IGrantable grantee, params string[] actions)
Parameters
- grantee IGrantable
- actions System.
String []
Returns
GrantDecrypt(IGrantable)
Grant decryption permissions using this key to the given principal.
public virtual Grant GrantDecrypt(IGrantable grantee)
Parameters
- grantee IGrantable
Returns
GrantEncrypt(IGrantable)
Grant encryption permissions using this key to the given principal.
public virtual Grant GrantEncrypt(IGrantable grantee)
Parameters
- grantee IGrantable
Returns
GrantEncryptDecrypt(IGrantable)
Grant encryption and decryption permissions using this key to the given principal.
public virtual Grant GrantEncryptDecrypt(IGrantable grantee)
Parameters
- grantee IGrantable
Returns
GrantGenerateMac(IGrantable)
Grant permissions to generating MACs to the given principal.
public virtual Grant GrantGenerateMac(IGrantable grantee)
Parameters
- grantee IGrantable
Returns
GrantSign(IGrantable)
Grant sign permissions using this key to the given principal.
public virtual Grant GrantSign(IGrantable grantee)
Parameters
- grantee IGrantable
Returns
GrantSignVerify(IGrantable)
Grant sign and verify permissions using this key to the given principal.
public virtual Grant GrantSignVerify(IGrantable grantee)
Parameters
- grantee IGrantable
Returns
GrantVerify(IGrantable)
Grant verify permissions using this key to the given principal.
public virtual Grant GrantVerify(IGrantable grantee)
Parameters
- grantee IGrantable
Returns
GrantVerifyMac(IGrantable)
Grant permissions to verifying MACs to the given principal.
public virtual Grant GrantVerifyMac(IGrantable grantee)
Parameters
- grantee IGrantable
Returns