* Associates an existing KMS alias with a different KMS key. Each alias is * associated with only one KMS key at a time, although a KMS key can have * multiple aliases. The alias and the KMS key must be in the same Amazon Web * Services account and Region. *
** Adding, deleting, or updating an alias can allow or deny permission to the * KMS key. For details, see ABAC * for KMS in the Key Management Service Developer Guide. *
** The current and new KMS key must be the same type (both symmetric or both * asymmetric or both HMAC), and they must have the same key usage. This * restriction prevents errors in code that uses aliases. If you must assign an * alias to a different type of KMS key, use DeleteAlias to delete the * old alias and CreateAlias to create a new alias. *
*
* You cannot use UpdateAlias to change an alias name. To change an
* alias name, use DeleteAlias to delete the old alias and
* CreateAlias to create a new alias.
*
* Because an alias is not a property of a KMS key, you can create, update, and * delete the aliases of a KMS key without affecting the KMS key. Also, aliases * do not appear in the response from the DescribeKey operation. To get * the aliases of all KMS keys in the account, use the ListAliases * operation. *
** The KMS key that you use for this operation must be in a compatible key * state. For details, see Key states of KMS keys in the Key Management Service Developer * Guide. *
** Cross-account use: No. You cannot perform this operation on a KMS key * in a different Amazon Web Services account. *
** Required permissions *
** kms:UpdateAlias on the alias (IAM policy). *
** kms:UpdateAlias on the current KMS key (key policy). *
** kms:UpdateAlias on the new KMS key (key policy). *
** For details, see Controlling access to aliases in the Key Management Service Developer * Guide. *
** Related operations: *
** CreateAlias *
** DeleteAlias *
** ListAliases *
*
* Identifies the alias that is changing its KMS key. This value must begin
* with alias/ followed by the alias name, such as
* alias/ExampleAlias. You cannot use UpdateAlias
* to change the alias name.
*
* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *
*
* Constraints:
* Length: 1 - 256
* Pattern: ^[a-zA-Z0-9:/_-]+$
*/
private String aliasName;
/**
*
* Identifies the customer managed key to associate with the alias. You don't have * permission to associate an alias with an Amazon Web Services managed key. *
** The KMS key must be in the same Amazon Web Services account and Region as * the alias. Also, the new target KMS key must be the same type as the * current target KMS key (both symmetric or both asymmetric or both HMAC) * and they must have the same key usage. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
** To verify that the alias is mapped to the correct KMS key, use * ListAliases. *
*
* Constraints:
* Length: 1 - 2048
*/
private String targetKeyId;
/**
*
* Identifies the alias that is changing its KMS key. This value must begin
* with alias/ followed by the alias name, such as
* alias/ExampleAlias. You cannot use UpdateAlias
* to change the alias name.
*
* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *
*
* Constraints:
* Length: 1 - 256
* Pattern: ^[a-zA-Z0-9:/_-]+$
*
* @return
* Identifies the alias that is changing its KMS key. This value
* must begin with alias/ followed by the alias name,
* such as alias/ExampleAlias. You cannot use
* UpdateAlias to change the alias name.
*
* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *
*
* Identifies the alias that is changing its KMS key. This value must begin
* with alias/ followed by the alias name, such as
* alias/ExampleAlias. You cannot use UpdateAlias
* to change the alias name.
*
* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *
*
* Constraints:
* Length: 1 - 256
* Pattern: ^[a-zA-Z0-9:/_-]+$
*
* @param aliasName
* Identifies the alias that is changing its KMS key. This value
* must begin with alias/ followed by the alias
* name, such as alias/ExampleAlias. You cannot use
* UpdateAlias to change the alias name.
*
* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *
*
* Identifies the alias that is changing its KMS key. This value must begin
* with alias/ followed by the alias name, such as
* alias/ExampleAlias. You cannot use UpdateAlias
* to change the alias name.
*
* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *
** Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Length: 1 - 256
* Pattern: ^[a-zA-Z0-9:/_-]+$
*
* @param aliasName
* Identifies the alias that is changing its KMS key. This value
* must begin with alias/ followed by the alias
* name, such as alias/ExampleAlias. You cannot use
* UpdateAlias to change the alias name.
*
* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *
** Identifies the customer managed key to associate with the alias. You don't have * permission to associate an alias with an Amazon Web Services managed key. *
** The KMS key must be in the same Amazon Web Services account and Region as * the alias. Also, the new target KMS key must be the same type as the * current target KMS key (both symmetric or both asymmetric or both HMAC) * and they must have the same key usage. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
** To verify that the alias is mapped to the correct KMS key, use * ListAliases. *
*
* Constraints:
* Length: 1 - 2048
*
* @return
* Identifies the customer managed key to associate with the alias. You don't * have permission to associate an alias with an Amazon Web Services managed key. *
** The KMS key must be in the same Amazon Web Services account and * Region as the alias. Also, the new target KMS key must be the * same type as the current target KMS key (both symmetric or both * asymmetric or both HMAC) and they must have the same key usage. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys * or DescribeKey. *
** To verify that the alias is mapped to the correct KMS key, use * ListAliases. *
*/ public String getTargetKeyId() { return targetKeyId; } /** ** Identifies the customer managed key to associate with the alias. You don't have * permission to associate an alias with an Amazon Web Services managed key. *
** The KMS key must be in the same Amazon Web Services account and Region as * the alias. Also, the new target KMS key must be the same type as the * current target KMS key (both symmetric or both asymmetric or both HMAC) * and they must have the same key usage. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
** To verify that the alias is mapped to the correct KMS key, use * ListAliases. *
*
* Constraints:
* Length: 1 - 2048
*
* @param targetKeyId
* Identifies the customer managed key to associate with the alias. You * don't have permission to associate an alias with an Amazon Web Services managed key. *
** The KMS key must be in the same Amazon Web Services account * and Region as the alias. Also, the new target KMS key must be * the same type as the current target KMS key (both symmetric or * both asymmetric or both HMAC) and they must have the same key * usage. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. *
** To verify that the alias is mapped to the correct KMS key, use * ListAliases. *
*/ public void setTargetKeyId(String targetKeyId) { this.targetKeyId = targetKeyId; } /** ** Identifies the customer managed key to associate with the alias. You don't have * permission to associate an alias with an Amazon Web Services managed key. *
** The KMS key must be in the same Amazon Web Services account and Region as * the alias. Also, the new target KMS key must be the same type as the * current target KMS key (both symmetric or both asymmetric or both HMAC) * and they must have the same key usage. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
** To verify that the alias is mapped to the correct KMS key, use * ListAliases. *
** Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Length: 1 - 2048
*
* @param targetKeyId
* Identifies the customer managed key to associate with the alias. You * don't have permission to associate an alias with an Amazon Web Services managed key. *
** The KMS key must be in the same Amazon Web Services account * and Region as the alias. Also, the new target KMS key must be * the same type as the current target KMS key (both symmetric or * both asymmetric or both HMAC) and they must have the same key * usage. *
** Specify the key ID or key ARN of the KMS key. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. *
** To verify that the alias is mapped to the correct KMS key, use * ListAliases. *
* @return A reference to this updated object so that method calls can be * chained together. */ public UpdateAliasRequest withTargetKeyId(String targetKeyId) { this.targetKeyId = targetKeyId; return this; } /** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getAliasName() != null) sb.append("AliasName: " + getAliasName() + ","); if (getTargetKeyId() != null) sb.append("TargetKeyId: " + getTargetKeyId()); sb.append("}"); return sb.toString(); } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getAliasName() == null) ? 0 : getAliasName().hashCode()); hashCode = prime * hashCode + ((getTargetKeyId() == null) ? 0 : getTargetKeyId().hashCode()); return hashCode; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof UpdateAliasRequest == false) return false; UpdateAliasRequest other = (UpdateAliasRequest) obj; if (other.getAliasName() == null ^ this.getAliasName() == null) return false; if (other.getAliasName() != null && other.getAliasName().equals(this.getAliasName()) == false) return false; if (other.getTargetKeyId() == null ^ this.getTargetKeyId() == null) return false; if (other.getTargetKeyId() != null && other.getTargetKeyId().equals(this.getTargetKeyId()) == false) return false; return true; } }