1. Answers
  2. Creating an AWS KMS Alias

How do I create an AWS KMS Alias?

Introduction

In this example, we’ll be using Pulumi to create an AWS KMS (Key Management Service) alias. AWS KMS is a managed service that makes it easy to create and control the encryption keys used to encrypt your data. An alias in AWS KMS is essentially a friendly name for your customer master key (CMK), making it easier to use the key in various operations.

We’ll be creating a KMS key and then setting up an alias for this key. This alias helps in simplifying the key management by providing a more readable identifier for the key.

Key points

  • Create an AWS KMS Key
  • Assign an alias to the KMS Key
  • Export the key information

The Code

import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";

// Create the key
const example = new aws.kms.Key("example", {
    description: "Example KMS key",
    deletionWindowInDays: 10,
    keyUsage: "ENCRYPT_DECRYPT",
});
// Create the alias for the key
const exampleAlias = new aws.kms.Alias("example_alias", {
    name: "alias/exampleAlias",
    targetKeyId: example.keyId,
});
export const kmsKeyId = example.keyId;
export const kmsAliasName = exampleAlias.name;

Summary

In this example, we’ve demonstrated how to create a KMS key and assign a friendly alias to it. This setup helps in organizing and managing the encryption keys more efficiently by using a readable name instead of a long key identifier. The outputs section ensures you get the necessary identifiers for further use in your infrastructure configurations.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up