Menu
AWS CloudFormation
User Guide (API Version 2010-05-15)

AWS::KMS::Alias

The AWS::KMS::Alias resource creates a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS). Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

Copy
{ "Type" : "AWS::KMS::Alias", "Properties" : { "AliasName" : String, "TargetKeyId" : String } }

YAML

Copy
Type: "AWS::KMS::Alias" Properties: AliasName: String TargetKeyId: String

Properties

AliasName

The name of the alias. The name must start with alias followed by a forward slash, such as alias/. You can't specify aliases that begin with alias/AWS. These aliases are reserved.

Required: Yes

Type: String

Update requires: Replacement

TargetKeyId

The ID of the key for which you are creating the alias. Specify the key's globally unique identifier or Amazon Resource Name (ARN). You can't specify another alias.

Required: Yes

Type: String

Update requires: No interruption

Return Value

Ref

When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the alias name, such as alias/myKeyAlias.

For more information about using the Ref function, see Ref.

Examples

The following examples create the alias/myKeyAlias alias for the myKey AWS KMS key.

JSON

Copy
"myKeyAlias" : { "Type" : "AWS::KMS::Alias", "Properties" : { "AliasName" : "alias/myKeyAlias", "TargetKeyId" : {"Ref":"myKey"} } }

YAML

Copy
myKeyAlias: Type: AWS::KMS::Alias Properties: AliasName: alias/myKeyAlias TargetKeyId: Ref: myKey