AWS CloudFormation
User Guide (API Version 2010-05-15)


The AWS::KMS::Alias resource creates a display name for a customer master key (CMK) in AWS Key Management Service (AWS KMS). Using an alias to refer to a key can help you simplify key management. For example, when rotating keys, you can just update the alias mapping instead of tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.


To declare this entity in your AWS CloudFormation template, use the following syntax:


{ "Type" : "AWS::KMS::Alias", "Properties" : { "AliasName" : String, "TargetKeyId" : String } }


Type: AWS::KMS::Alias Properties: AliasName: String TargetKeyId: String



The name of the alias. The name must start with alias followed by a forward slash, such as alias/. You can't specify aliases that begin with alias/AWS. These aliases are reserved.

Required: Yes

Type: String

Update requires: Replacement


The ID of the key for which you are creating the alias. Specify the key's globally unique identifier or Amazon Resource Name (ARN). You can't specify another alias.

Required: Yes

Type: String

Update requires: No interruption

Return Value


When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the alias name, such as alias/myKeyAlias.

For more information about using the Ref function, see Ref.


The following examples create the alias/myKeyAlias alias for the myKey AWS KMS key.


"myKeyAlias" : { "Type" : "AWS::KMS::Alias", "Properties" : { "AliasName" : "alias/myKeyAlias", "TargetKeyId" : {"Ref":"myKey"} } }


myKeyAlias: Type: AWS::KMS::Alias Properties: AliasName: alias/myKeyAlias TargetKeyId: Ref: myKey