How do I create an AWS KMS Alias?
Introduction
In this example, we’ll be using Pulumi to create an AWS KMS (Key Management Service) alias. AWS KMS is a managed service that makes it easy to create and control the encryption keys used to encrypt your data. An alias in AWS KMS is essentially a friendly name for your customer master key (CMK), making it easier to use the key in various operations.
We’ll be creating a KMS key and then setting up an alias for this key. This alias helps in simplifying the key management by providing a more readable identifier for the key.
Key points
- Create an AWS KMS Key
- Assign an alias to the KMS Key
- Export the key information
The Code
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
// Create the key
const example = new aws.kms.Key("example", {
description: "Example KMS key",
deletionWindowInDays: 10,
keyUsage: "ENCRYPT_DECRYPT",
});
// Create the alias for the key
const exampleAlias = new aws.kms.Alias("example_alias", {
name: "alias/exampleAlias",
targetKeyId: example.keyId,
});
export const kmsKeyId = example.keyId;
export const kmsAliasName = exampleAlias.name;
Summary
In this example, we’ve demonstrated how to create a KMS key and assign a friendly alias to it. This setup helps in organizing and managing the encryption keys more efficiently by using a readable name instead of a long key identifier. The outputs section ensures you get the necessary identifiers for further use in your infrastructure configurations.
Deploy this code
Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.
Sign upNew to Pulumi?
Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.
Sign upThank you for your feedback!
If you have a question about how to use Pulumi, reach out in Community Slack.
Open an issue on GitHub to report a problem or suggest an improvement.