Menu
AWS Key Management Service
API Reference (API Version 2014-11-01)

UpdateAlias

Updates an alias to map it to a different key.

An alias is not a property of a key. Therefore, an alias can be mapped to and unmapped from an existing key without changing the properties of the key.

An alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An alias must start with the word "alias" followed by a forward slash (alias/). An alias that begins with "aws" after the forward slash (alias/aws...) is reserved by Amazon Web Services (AWS).

The alias and the key it is mapped to must be in the same AWS account and the same region.

Request Syntax

Copy
{ "AliasName": "string", "TargetKeyId": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.

Note

In the following list, the required parameters are described first.

AliasName

String that contains the name of the alias to be modified. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/aws" are reserved.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^[a-zA-Z0-9:/_-]+$

Required: Yes

TargetKeyId

Unique identifier of the customer master key to be mapped to the alias. This value can be a globally unique identifier or the fully specified ARN of a key.

  • Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012

  • Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012

You can call ListAliases to verify that the alias is mapped to the correct TargetKeyId.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.

Errors

For information about the errors that are common to all actions, see Common Errors.

DependencyTimeoutException

The system timed out while trying to fulfill the request. The request can be retried.

HTTP Status Code: 500

KMSInternalException

The request was rejected because an internal exception occurred. The request can be retried.

HTTP Status Code: 400

KMSInvalidStateException

The request was rejected because the state of the specified resource is not valid for this request.

For more information about how key state affects the use of a CMK, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.

HTTP Status Code: 400

NotFoundException

The request was rejected because the specified entity or resource could not be found.

HTTP Status Code: 400

Examples

Example Request

The following example is formatted for legibility.

Copy
POST / HTTP/1.1 Host: kms.us-east-2.amazonaws.com Content-Length: 90 X-Amz-Target: TrentService.UpdateAlias X-Amz-Date: 20161212T193252Z Content-Type: application/x-amz-json-1.1 Authorization: AWS4-HMAC-SHA256\ Credential=AKIAI44QH8DHBEXAMPLE/20161212/us-east-2/kms/aws4_request,\ SignedHeaders=content-type;host;x-amz-date;x-amz-target,\ Signature=3d6375048a5917aff38f25b92e66bceb16b29562193f7ab7f869b4c53f115c20 { "TargetKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "AliasName": "alias/ExampleAlias" }

Example Response

Copy
HTTP/1.1 200 OK Server: Server Date: Mon, 12 Dec 2016 19:32:53 GMT Content-Type: application/x-amz-json-1.1 Content-Length: 0 Connection: keep-alive x-amzn-RequestId: c64706c8-c0a1-11e6-b0c0-3343f53dee45

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: