awscc_kms_alias (Resource)

The AWS::KMS::Alias resource specifies a display name for a KMS key. You can use an alias to identify a KMS key in the KMS console, in the DescribeKey operation, and in cryptographic operations, such as Decrypt and GenerateDataKey. Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for in the Developer Guide. Using an alias to refer to a KMS key can help you simplify key management. For example, an alias in your code can be associated with different KMS keys i

Example Usage

KMS Alias

To use awscc_kms_alias with awscc_kms_key:

resource "awscc_kms_key" "this" {
  key_policy = jsonencode({
    "Version" : "2012-10-17",
    "Id" : "KMS-Key-Policy",
    "Statement" : [
      {
        "Sid" : "Enable IAM User Permissions",
        "Effect" : "Allow",
        "Principal" : {
          "AWS" : "arn:aws:iam::111122223333:root"
        },
        "Action" : "kms:*",
        "Resource" : "*"
      },
    ],
    }
  )
}

resource "awscc_kms_alias" "this" {
  alias_name    = "alias/example-kms-alias"
  target_key_id = awscc_kms_key.this.key_id
}

Schema

Required

Read-Only

Import

Import is supported using the following syntax:

$ terraform import awscc_kms_alias.example <resource ID>