1 | import * as iam from '@aws-cdk/aws-iam';
|
2 | import { RemovalPolicy, Resource } from '@aws-cdk/core';
|
3 | import { Construct } from 'constructs';
|
4 | import { IKey } from './key';
|
5 | /**
|
6 | * A KMS Key alias.
|
7 | * An alias can be used in all places that expect a key.
|
8 | */
|
9 | export interface IAlias extends IKey {
|
10 | /**
|
11 | * The name of the alias.
|
12 | *
|
13 | * @attribute
|
14 | */
|
15 | readonly aliasName: string;
|
16 | /**
|
17 | * The Key to which the Alias refers.
|
18 | *
|
19 | * @attribute
|
20 | */
|
21 | readonly aliasTargetKey: IKey;
|
22 | }
|
23 | /**
|
24 | * Construction properties for a KMS Key Alias object.
|
25 | */
|
26 | export interface AliasProps {
|
27 | /**
|
28 | * The name of the alias. The name must start with alias followed by a
|
29 | * forward slash, such as alias/. You can't specify aliases that begin with
|
30 | * alias/AWS. These aliases are reserved.
|
31 | */
|
32 | readonly aliasName: string;
|
33 | /**
|
34 | * The ID of the key for which you are creating the alias. Specify the key's
|
35 | * globally unique identifier or Amazon Resource Name (ARN). You can't
|
36 | * specify another alias.
|
37 | */
|
38 | readonly targetKey: IKey;
|
39 | /**
|
40 | * Policy to apply when the alias is removed from this stack.
|
41 | *
|
42 | * @default - The alias will be deleted
|
43 | */
|
44 | readonly removalPolicy?: RemovalPolicy;
|
45 | }
|
46 | declare abstract class AliasBase extends Resource implements IAlias {
|
47 | abstract readonly aliasName: string;
|
48 | abstract readonly aliasTargetKey: IKey;
|
49 | get keyArn(): string;
|
50 | get keyId(): string;
|
51 | addAlias(alias: string): Alias;
|
52 | addToResourcePolicy(statement: iam.PolicyStatement, allowNoOp?: boolean): iam.AddToResourcePolicyResult;
|
53 | grant(grantee: iam.IGrantable, ...actions: string[]): iam.Grant;
|
54 | grantDecrypt(grantee: iam.IGrantable): iam.Grant;
|
55 | grantEncrypt(grantee: iam.IGrantable): iam.Grant;
|
56 | grantEncryptDecrypt(grantee: iam.IGrantable): iam.Grant;
|
57 | }
|
58 | /**
|
59 | * Properties of a reference to an existing KMS Alias
|
60 | */
|
61 | export interface AliasAttributes {
|
62 | /**
|
63 | * Specifies the alias name. This value must begin with alias/ followed by a name (i.e. alias/ExampleAlias)
|
64 | */
|
65 | readonly aliasName: string;
|
66 | /**
|
67 | * The customer master key (CMK) to which the Alias refers.
|
68 | */
|
69 | readonly aliasTargetKey: IKey;
|
70 | }
|
71 | /**
|
72 | * Defines a display name for a customer master key (CMK) in AWS Key Management
|
73 | * Service (AWS KMS). Using an alias to refer to a key can help you simplify key
|
74 | * management. For example, when rotating keys, you can just update the alias
|
75 | * mapping instead of tracking and changing key IDs. For more information, see
|
76 | * Working with Aliases in the AWS Key Management Service Developer Guide.
|
77 | *
|
78 | * You can also add an alias for a key by calling `key.addAlias(alias)`.
|
79 | *
|
80 | * @resource AWS::KMS::Alias
|
81 | */
|
82 | export declare class Alias extends AliasBase {
|
83 | /**
|
84 | * Import an existing KMS Alias defined outside the CDK app.
|
85 | *
|
86 | * @param scope The parent creating construct (usually `this`).
|
87 | * @param id The construct's name.
|
88 | * @param attrs the properties of the referenced KMS Alias
|
89 | */
|
90 | static fromAliasAttributes(scope: Construct, id: string, attrs: AliasAttributes): IAlias;
|
91 | /**
|
92 | * Import an existing KMS Alias defined outside the CDK app, by the alias name. This method should be used
|
93 | * instead of 'fromAliasAttributes' when the underlying KMS Key ARN is not available.
|
94 | * This Alias will not have a direct reference to the KMS Key, so addAlias and grant* methods are not supported.
|
95 | *
|
96 | * @param scope The parent creating construct (usually `this`).
|
97 | * @param id The construct's name.
|
98 | * @param aliasName The full name of the KMS Alias (e.g., 'alias/aws/s3', 'alias/myKeyAlias').
|
99 | */
|
100 | static fromAliasName(scope: Construct, id: string, aliasName: string): IAlias;
|
101 | readonly aliasName: string;
|
102 | readonly aliasTargetKey: IKey;
|
103 | constructor(scope: Construct, id: string, props: AliasProps);
|
104 | protected generatePhysicalName(): string;
|
105 | }
|
106 | export {};
|