ACM.38 Giving our KMS key a user-friendly name
KMS key for the ID. In order to figure out which Key ID was the one we wanted we would have to look at the key policy and configuration, or get the key ID from the CloudFormation template in order to make sure we had the right one.
It is possible to give a KMS key a friendly name, or alias.
You can do that using the CloudFormation KeyAlias type:
When you create a key alias the AliasName has to start with /alias. Check the documentation here for any other name requirements, if you get an error related to that.
Notice that you pass in the target Key ID. The key alias is created separately from the key itself.
You can find working templates for our key alias here on GitHub:
There’s also a separate deployment script for the Key Alias.
Initially I had the key and the alias in the same template, but the key takes a long time to deploy. It was easier to test and deploy the alias separately. I can also update the alias without running the key template again.
Note that you will not be able to delete the key if the alias is referencing the key id output so delete the key alias first, then the key. If you put them both in the same CloudFormation template, AWS will handle that for you.
If you liked this story please clap and follow:
Medium: Teri Radichel or Email List: Teri Radichel
Twitter: @teriradichel or @2ndSightLab
Requests services via LinkedIn: Teri Radichel or IANS Research
© 2nd Sight Lab 2022
All the posts in this series:
Need Cloud Security Training? 2nd Sight Lab Cloud Security Training
Cybersecurity & Cloud Security Resources by Teri Radichel: Cybersecurity and Cloud security classes, articles, white papers, presentations, and podcasts