public class CreateAliasRequest extends AmazonWebServiceRequest implements Serializable
Creates a display name for a customer managed customer master key (CMK). You can use an alias to identify a CMK in cryptographic operations, such as Encrypt and GenerateDataKey. You can change the CMK associated with the alias at any time.
Aliases are easier to remember than key IDs. They can also help to simplify your applications. For example, if you use an alias in your code, you can change the CMK your code uses by associating a given alias with a different CMK.
To run the same code in multiple AWS regions, use an alias in your code, such
as alias/ApplicationKey. Then, in each AWS Region, create an
alias/ApplicationKey alias that is associated with a CMK in that
Region. When you run your code, it uses the alias/ApplicationKey
CMK for that AWS Region without any Region-specific code.
This operation does not return a response. To get the alias that you created, use the ListAliases operation.
To use aliases successfully, be aware of the following information.
Each alias points to only one CMK at a time, although a single CMK can have multiple aliases. The alias and its associated CMK must be in the same AWS account and Region.
You can associate an alias with any customer managed CMK in the same AWS account and Region. However, you do not have permission to associate an alias with an AWS managed CMK or an AWS owned CMK.
To change the CMK associated with an alias, use the UpdateAlias
operation. The current CMK and the new CMK must be the same type (both
symmetric or both asymmetric) and they must have the same key usage (
ENCRYPT_DECRYPT or SIGN_VERIFY). This restriction
prevents cryptographic errors in code that uses aliases.
The alias name must begin with alias/ followed by a name, such
as alias/ExampleAlias. It can contain only alphanumeric
characters, forward slashes (/), underscores (_), and dashes (-). The alias
name cannot begin with alias/aws/. The alias/aws/
prefix is reserved for AWS managed CMKs.
The alias name must be unique within an AWS Region. However, you can use the same alias name in multiple Regions of the same AWS account. Each instance of the alias is associated with a CMK in its Region.
After you create an alias, you cannot change its alias name. However, you can use the DeleteAlias operation to delete the alias and then create a new alias with the desired name.
You can use an alias name or alias ARN to identify a CMK in AWS KMS
cryptographic operations and in the DescribeKey operation. However,
you cannot use alias names or alias ARNs in API operations that manage CMKs,
such as DisableKey or GetKeyPolicy. For information about the
valid CMK identifiers for each AWS KMS API operation, see the descriptions of
the KeyId parameter in the API operation documentation.
Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases and alias ARNs of CMKs in each AWS account and Region, use the ListAliases operation.
The CMK that you use for this operation must be in a compatible key state. For details, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.
| Constructor and Description |
|---|
CreateAliasRequest() |
| Modifier and Type | Method and Description |
|---|---|
boolean |
equals(Object obj) |
String |
getAliasName()
Specifies the alias name.
|
String |
getTargetKeyId()
Identifies the CMK to which the alias refers.
|
int |
hashCode() |
void |
setAliasName(String aliasName)
Specifies the alias name.
|
void |
setTargetKeyId(String targetKeyId)
Identifies the CMK to which the alias refers.
|
String |
toString()
Returns a string representation of this object; useful for testing and
debugging.
|
CreateAliasRequest |
withAliasName(String aliasName)
Specifies the alias name.
|
CreateAliasRequest |
withTargetKeyId(String targetKeyId)
Identifies the CMK to which the alias refers.
|
clone, copyBaseTo, getCloneRoot, getCloneSource, getGeneralProgressListener, getRequestClientOptions, getRequestCredentials, getRequestMetricCollector, setGeneralProgressListener, setRequestCredentials, setRequestMetricCollector, withGeneralProgressListener, withRequestMetricCollectorpublic String getAliasName()
Specifies the alias name. This value must begin with alias/
followed by a name, such as alias/ExampleAlias. The alias
name cannot begin with alias/aws/. The
alias/aws/ prefix is reserved for AWS managed CMKs.
Constraints:
Length: 1 - 256
Pattern: ^[a-zA-Z0-9:/_-]+$
Specifies the alias name. This value must begin with
alias/ followed by a name, such as
alias/ExampleAlias. The alias name cannot begin with
alias/aws/. The alias/aws/ prefix is
reserved for AWS managed CMKs.
public void setAliasName(String aliasName)
Specifies the alias name. This value must begin with alias/
followed by a name, such as alias/ExampleAlias. The alias
name cannot begin with alias/aws/. The
alias/aws/ prefix is reserved for AWS managed CMKs.
Constraints:
Length: 1 - 256
Pattern: ^[a-zA-Z0-9:/_-]+$
aliasName -
Specifies the alias name. This value must begin with
alias/ followed by a name, such as
alias/ExampleAlias. The alias name cannot begin
with alias/aws/. The alias/aws/
prefix is reserved for AWS managed CMKs.
public CreateAliasRequest withAliasName(String aliasName)
Specifies the alias name. This value must begin with alias/
followed by a name, such as alias/ExampleAlias. The alias
name cannot begin with alias/aws/. The
alias/aws/ prefix is reserved for AWS managed CMKs.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Length: 1 - 256
Pattern: ^[a-zA-Z0-9:/_-]+$
aliasName -
Specifies the alias name. This value must begin with
alias/ followed by a name, such as
alias/ExampleAlias. The alias name cannot begin
with alias/aws/. The alias/aws/
prefix is reserved for AWS managed CMKs.
public String getTargetKeyId()
Identifies the CMK to which the alias refers. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. You cannot specify another alias. For help finding the key ID and ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
Constraints:
Length: 1 - 2048
Identifies the CMK to which the alias refers. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. You cannot specify another alias. For help finding the key ID and ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
public void setTargetKeyId(String targetKeyId)
Identifies the CMK to which the alias refers. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. You cannot specify another alias. For help finding the key ID and ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
Constraints:
Length: 1 - 2048
targetKeyId - Identifies the CMK to which the alias refers. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. You cannot specify another alias. For help finding the key ID and ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
public CreateAliasRequest withTargetKeyId(String targetKeyId)
Identifies the CMK to which the alias refers. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. You cannot specify another alias. For help finding the key ID and ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
Returns a reference to this object so that method calls can be chained together.
Constraints:
Length: 1 - 2048
targetKeyId - Identifies the CMK to which the alias refers. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. You cannot specify another alias. For help finding the key ID and ARN, see Finding the Key ID and ARN in the AWS Key Management Service Developer Guide.
public String toString()
toString in class ObjectObject.toString()Copyright © 2020. All rights reserved.