Working with aliases using the Amazon KMS API and the Amazon SDK for PHP Version 3 - Amazon SDK for PHP
CredentialsCreate an aliasView an aliasUpdate an aliasDelete an alias
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Working with aliases using the Amazon KMS API and the Amazon SDK for PHP Version 3

Amazon Key Management Service (Amazon KMS) provides an optional display name for an Amazon KMS key called an alias.

The following examples show how to:

All the example code for the Amazon SDK for PHP is available here on GitHub.

Credentials

Before running the example code, configure your Amazon credentials, as described in Credentials. Then import the Amazon SDK for PHP, as described in Basic usage.

For more information about using Amazon Key Management Service (Amazon KMS), see the Amazon KMS Developer Guide.

Create an alias

To create an alias for a KMS key, use the CreateAlias operation. The alias must be unique in the account and Amazon Region. If you create an alias for a KMS key that already has an alias, CreateAlias creates another alias to the same KMS key. It doesn’t replace the existing alias.

Imports 


require 'vendor/autoload.php';

use Aws\Exception\AwsException;

Sample Code 

$KmsClient = new Aws\Kms\KmsClient([
    'profile' => 'default',
    'version' => '2014-11-01',
    'region' => 'us-east-2'
]);

$keyId = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab';
$aliasName = "alias/projectKey1";

try {
    $result = $KmsClient->createAlias([
        'AliasName' => $aliasName,
        'TargetKeyId' => $keyId,
    ]);
    var_dump($result);
} catch (AwsException $e) {
    // output error message if fails
    echo $e->getMessage();
    echo "\n";
}

View an alias

To list all aliases in the caller's Amazon Web Services account and Amazon Web Services Region, use the ListAliases operation.

Imports 


require 'vendor/autoload.php';

use Aws\Exception\AwsException;

Sample Code 

$KmsClient = new Aws\Kms\KmsClient([
    'profile' => 'default',
    'version' => '2014-11-01',
    'region' => 'us-east-2'
]);

$limit = 10;

try {
    $result = $KmsClient->listAliases([
        'Limit' => $limit,
    ]);
    var_dump($result);
} catch (AwsException $e) {
    // output error message if fails
    echo $e->getMessage();
    echo "\n";
}

Update an alias

To associate an existing alias with a different KMS key, use the UpdateAlias operation.

Imports 


require 'vendor/autoload.php';

use Aws\Exception\AwsException;

Sample Code 

$KmsClient = new Aws\Kms\KmsClient([
    'profile' => 'default',
    'version' => '2014-11-01',
    'region' => 'us-east-2'
]);

$keyId = 'arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab';
$aliasName = "alias/projectKey1";

try {
    $result = $KmsClient->updateAlias([
        'AliasName' => $aliasName,
        'TargetKeyId' => $keyId,
    ]);
    var_dump($result);
} catch (AwsException $e) {
    // output error message if fails
    echo $e->getMessage();
    echo "\n";
}

Delete an alias

To delete an alias, use the DeleteAlias operation. Deleting an alias has no effect on the underlying KMS key.

Imports 


require 'vendor/autoload.php';

use Aws\Exception\AwsException;

Sample Code 

$KmsClient = new Aws\Kms\KmsClient([
    'profile' => 'default',
    'version' => '2014-11-01',
    'region' => 'us-east-2'
]);

$aliasName = "alias/projectKey1";

try {
    $result = $KmsClient->deleteAlias([
        'AliasName' => $aliasName,
    ]);
    var_dump($result);
} catch (AwsException $e) {
    // output error message if fails
    echo $e->getMessage();
    echo "\n";
}