Simplifying KMS alias implementation using addAlias method

kris-szlapa · kris-szlapa · commit 7ae65592a101 · 2025-08-14T13:49:16.000Z
diff --git a/packages/cdk/constructs/DynamoDbTable.ts b/packages/cdk/constructs/DynamoDbTable.ts
@@ -6,7 +6,7 @@ import {
   Billing,
   TableEncryptionV2
 } from "aws-cdk-lib/aws-dynamodb"
-import {Key, Alias} from "aws-cdk-lib/aws-kms"
+import {Key} from "aws-cdk-lib/aws-kms"
 
 export interface DynamoDbTableProps {
   readonly tableName: string
@@ -20,7 +20,6 @@ export interface DynamoDbTableProps {
 export class DynamoDbTable extends Construct {
   public readonly table: TableV2
   public readonly kmsKey: Key
-  public readonly kmsAlias: Alias
 
   constructor(scope: Construct, id: string, props: DynamoDbTableProps) {
     super(scope, id)
@@ -30,12 +29,7 @@ export class DynamoDbTable extends Construct {
       description: `KMS key for ${props.tableName} DynamoDB table encryption`,
       removalPolicy: RemovalPolicy.DESTROY
     })
-
-    this.kmsAlias = new Alias(this, "TableKeyAlias", {
-      aliasName: `alias/${props.tableName}-dynamodb-key`,
-      targetKey: this.kmsKey,
-      removalPolicy: RemovalPolicy.DESTROY
-    })
+    this.kmsKey.addAlias(`alias/${props.tableName}-dynamodb-key`)
 
     this.table = new TableV2(this, props.tableName, {
       tableName: props.tableName,
diff --git a/packages/cdk/constructs/S3Bucket.ts b/packages/cdk/constructs/S3Bucket.ts
@@ -6,7 +6,7 @@ import {
   BlockPublicAccess,
   ObjectOwnership
 } from "aws-cdk-lib/aws-s3"
-import {Key, Alias} from "aws-cdk-lib/aws-kms"
+import {Key} from "aws-cdk-lib/aws-kms"
 
 export interface S3BucketProps {
   readonly bucketName: string
@@ -16,7 +16,6 @@ export interface S3BucketProps {
 export class S3Bucket extends Construct {
   public readonly bucket: Bucket
   public readonly kmsKey: Key
-  public readonly kmsAlias: Alias
 
   constructor(scope: Construct, id: string, props: S3BucketProps) {
     super(scope, id)
@@ -26,12 +25,7 @@ export class S3Bucket extends Construct {
       description: `KMS key for ${props.bucketName} S3 bucket encryption`,
       removalPolicy: RemovalPolicy.DESTROY
     })
-
-    this.kmsAlias = new Alias(this, "BucketKeyAlias", {
-      aliasName: `alias/${props.bucketName}-s3-key`,
-      targetKey: this.kmsKey,
-      removalPolicy: RemovalPolicy.DESTROY
-    })
+    this.kmsKey.addAlias(`alias/${props.bucketName}-s3-key`)
 
     this.bucket = new Bucket(this, props.bucketName, {
       blockPublicAccess: BlockPublicAccess.BLOCK_ALL,
