Skip to content

Resource: awsKmsAlias

Provides an alias for a KMS customer master key. AWS Console enforces 1-to-1 mapping between aliases & keys, but API (hence Terraform too) allows you to create as many aliases as the account limits allow you.

Example Usage

/*Provider bindings are generated by running cdktf get.
See https://cdk.tf/provider-generation for more details.*/
import * as aws from "./.gen/providers/aws";
const awsKmsKeyA = new aws.kmsKey.KmsKey(this, "a", {});
const awsKmsAliasA = new aws.kmsAlias.KmsAlias(this, "a_1", {
  name: "alias/my-key-alias",
  targetKeyId: awsKmsKeyA.keyId,
});
/*This allows the Terraform resource name to match the original name. You can remove the call if you don't need them to match.*/
awsKmsAliasA.overrideLogicalId("a");

Argument Reference

The following arguments are supported:

  • name - (Optional) The display name of the alias. The name must start with the word "alias" followed by a forward slash (alias/)
  • namePrefix - (Optional) Creates an unique alias beginning with the specified prefix. The name must start with the word "alias" followed by a forward slash (alias/). Conflicts with name.
  • targetKeyId - (Required) Identifier for the key for which the alias is for, can be either an ARN or key_id.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • arn - The Amazon Resource Name (ARN) of the key alias.
  • targetKeyArn - The Amazon Resource Name (ARN) of the target key identifier.

Import

KMS aliases can be imported using the name, e.g.,

$ terraform import aws_kms_alias.a alias/my-key-alias