UNPKG

@aws-cdk/aws-kms

Version:

The CDK Construct Library for AWS::KMS

github.com/aws/aws-cdk

aws/aws-cdk

107 lines (106 loc) 3.96 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
import * as iam from '@aws-cdk/aws-iam'; import { RemovalPolicy, Resource } from '@aws-cdk/core'; import { Construct } from 'constructs'; import { IKey } from './key'; /** * A KMS Key alias. * An alias can be used in all places that expect a key. */ export interface IAlias extends IKey { /** * The name of the alias. * * @attribute */ readonly aliasName: string; /** * The Key to which the Alias refers. * * @attribute */ readonly aliasTargetKey: IKey; } /** * Construction properties for a KMS Key Alias object. */ export interface AliasProps { /** * The name of the alias. The name must start with alias followed by a * forward slash, such as alias/. You can't specify aliases that begin with * alias/AWS. These aliases are reserved. */ readonly aliasName: string; /** * The ID of the key for which you are creating the alias. Specify the key's * globally unique identifier or Amazon Resource Name (ARN). You can't * specify another alias. */ readonly targetKey: IKey; /** * Policy to apply when the alias is removed from this stack. * * @default - The alias will be deleted */ readonly removalPolicy?: RemovalPolicy; } declare abstract class AliasBase extends Resource implements IAlias { abstract readonly aliasName: string; abstract readonly aliasTargetKey: IKey; get keyArn(): string; get keyId(): string; addAlias(alias: string): Alias; addToResourcePolicy(statement: iam.PolicyStatement, allowNoOp?: boolean): iam.AddToResourcePolicyResult; grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant; grantDecrypt(grantee: iam.IGrantable): iam.Grant; grantEncrypt(grantee: iam.IGrantable): iam.Grant; grantEncryptDecrypt(grantee: iam.IGrantable): iam.Grant; } /** * Properties of a reference to an existing KMS Alias */ export interface AliasAttributes { /** * Specifies the alias name. This value must begin with alias/ followed by a name (i.e. alias/ExampleAlias) */ readonly aliasName: string; /** * The customer master key (CMK) to which the Alias refers. */ readonly aliasTargetKey: IKey; } /** * Defines a display name for a customer master key (CMK) in AWS Key Management * Service (AWS KMS). Using an alias to refer to a key can help you simplify key * management. For example, when rotating keys, you can just update the alias * mapping instead of tracking and changing key IDs. For more information, see * Working with Aliases in the AWS Key Management Service Developer Guide. * * You can also add an alias for a key by calling `key.addAlias(alias)`. * * @resource AWS::KMS::Alias */ export declare class Alias extends AliasBase { /** * Import an existing KMS Alias defined outside the CDK app. * * @param scope The parent creating construct (usually `this`). * @param id The construct's name. * @param attrs the properties of the referenced KMS Alias */ static fromAliasAttributes(scope: Construct, id: string, attrs: AliasAttributes): IAlias; /** * Import an existing KMS Alias defined outside the CDK app, by the alias name. This method should be used * instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available. * This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported. * * @param scope The parent creating construct (usually `this`). * @param id The construct's name. * @param aliasName The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias'). */ static fromAliasName(scope: Construct, id: string, aliasName: string): IAlias; readonly aliasName: string; readonly aliasTargetKey: IKey; constructor(scope: Construct, id: string, props: AliasProps); protected generatePhysicalName(): string; } export {};