Working with aliases using the Amazon KMS API and the Amazon SDK for PHP Version 3
Amazon Key Management Service (Amazon KMS) provides an optional display name for an Amazon KMS key called an alias.
The following examples show how to:
-
Create an alias using CreateAlias.
-
View an alias using ListAliases.
-
Update an alias using UpdateAlias.
-
Delete an alias using DeleteAlias.
All the example code for the Amazon SDK for PHP is available here on
GitHub
Credentials
Before running the example code, configure your Amazon credentials, as described in Credentials. Then import the Amazon SDK for PHP, as described in Basic usage.
For more information about using Amazon Key Management Service (Amazon KMS), see the Amazon KMS Developer Guide.
Create an alias
To create an alias for a KMS key, use the CreateAlias
operation. The alias must be unique in the account and Amazon Region. If you create an alias
for a KMS key that already has an alias, CreateAlias
creates another alias
to the same KMS key. It doesn’t replace the existing alias.
Imports
require 'vendor/autoload.php'; use Aws\Exception\AwsException;
Sample Code
$KmsClient = new Aws\Kms\KmsClient([ 'profile' => 'default', 'version' => '2014-11-01', 'region' => 'us-east-2' ]); $keyId = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab'; $aliasName = "alias/projectKey1"; try { $result = $KmsClient->createAlias([ 'AliasName' => $aliasName, 'TargetKeyId' => $keyId, ]); var_dump($result); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; }
View an alias
To list all aliases in the caller's Amazon Web Services account and Amazon Web Services Region, use the ListAliases operation.
Imports
require 'vendor/autoload.php'; use Aws\Exception\AwsException;
Sample Code
$KmsClient = new Aws\Kms\KmsClient([ 'profile' => 'default', 'version' => '2014-11-01', 'region' => 'us-east-2' ]); $limit = 10; try { $result = $KmsClient->listAliases([ 'Limit' => $limit, ]); var_dump($result); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; }
Update an alias
To associate an existing alias with a different KMS key, use the UpdateAlias operation.
Imports
require 'vendor/autoload.php'; use Aws\Exception\AwsException;
Sample Code
$KmsClient = new Aws\Kms\KmsClient([ 'profile' => 'default', 'version' => '2014-11-01', 'region' => 'us-east-2' ]); $keyId = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab'; $aliasName = "alias/projectKey1"; try { $result = $KmsClient->updateAlias([ 'AliasName' => $aliasName, 'TargetKeyId' => $keyId, ]); var_dump($result); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; }
Delete an alias
To delete an alias, use the DeleteAlias operation. Deleting an alias has no effect on the underlying KMS key.
Imports
require 'vendor/autoload.php'; use Aws\Exception\AwsException;
Sample Code
$KmsClient = new Aws\Kms\KmsClient([ 'profile' => 'default', 'version' => '2014-11-01', 'region' => 'us-east-2' ]); $aliasName = "alias/projectKey1"; try { $result = $KmsClient->deleteAlias([ 'AliasName' => $aliasName, ]); var_dump($result); } catch (AwsException $e) { // output error message if fails echo $e->getMessage(); echo "\n"; }