Using aliases - AWS Key Management Service

Using aliases

An alias is a friendly name for a customer master key (CMK). For example, an alias lets you refer to a CMK as test-key instead of 1234abcd-12ab-34cd-56ef-1234567890ab.

You can use an alias to identify a CMK in the AWS KMS console, in the DescribeKey operation, and in cryptographic operations, such as Encrypt and GenerateDataKey.

Aliases also make it easy to recognize an AWS managed CMKs. Aliases for these CMKs always have the form: aws/<service-name>. For example, the alias for the AWS managed CMK for Amazon DynamoDB is aws/dynamodb. You can establish similar alias standards for your projects, such as prefacing your aliases with the name of a project or category.

You can also allow and deny access to CMKs based on their aliases without having to edit policies or manage grants. This feature is part of AWS KMS support for attribute-based access control (ABAC). For details, see Using aliases to control access to CMKs.

Much of the power of aliases come from your ability to change the CMK associated with an alias at any time. Aliases can make your code easier to write and maintain. For example, suppose you use an alias to refer to a particular CMK and you want to change the CMK. In that case, just associate the alias with a different CMK. You don't need to change your code.

Aliases also make it easier to reuse the same code in different AWS Regions. Create aliases with the same name in multiple Regions and associate each alias with a CMK in its Region. When the code runs in each Region, the alias refers to its associated CMK in that Region. For an example, see Using aliases in your applications.

The AWS KMS API provides full control of aliases in each account and Region. The API includes operations to create an alias (CreateAlias), view alias names and alias ARNs (ListAliases), change the CMK associated with an alias (UpdateAlias), and delete an alias (DeleteAlias). For examples of managing aliases multiple programming languages, see Working with aliases.

The following resources can help you learn more: