KMS - Ability to import an AWS managed key by its alias

It would be nice to be able to reuse existing/default keys that come with every AWS account, without having to hardcode their full ARNs, e.g. by providing just their alias.

Currently, it’s only possible through: const key = kms.Key.fromKeyArn(this, "default", "arn:aws:kms:us-east-1:xxxxx:key/390a2c1f-xxxx-4abd-xxxx-c17e04362ba9")

It would be nice to have something like: const key = kms.Key.fromKeyAlias(this, "default", "alias:aws/s3")

Like it is currently possible to be done using Terraform: https://www.terraform.io/docs/providers/aws/d/kms_key.html

Use Case

I am currently creating a CloudTrail that sends log files to an S3 bucket. The CloudTrail has the option for “encrypting logs using KMS”. However, in order to pass it the default S3 key that AWS provided me, I need to be able to find/import it. The only possibility currently, is the following method, which is far from an ideal solution because it requires me to hardcode the key ID in the ARN (a highly dynamic string). This makes the CDK stack less reusable and portable across regions and AWS accounts (another account will have a different key ID for the default S3 key for example).

Proposed Solution

A new method like: const key = kms.Key.fromAlias(this, "default", "alias:kms/s3")

Other

Current code:

export class Cloudtrail extends cdk.Stack {
    constructor(scope: cdk.Construct, id: string, props?: cdk.StackProps) {
        super(scope, id, props);

        const key = kms.Key.fromKeyArn(this, "default", "arn:aws:kms:us-east-1:xxxxx:key/390a2c1f-xxxx-4abd-xxxx-c17e04362ba9")

        const trail = new cloudtrail.Trail(this, 'CloudTrail', {
            sendToCloudWatchLogs: true,
            includeGlobalServiceEvents: true,
            kmsKey: key
        });
    }
}

This is a 🚀 Feature Request