AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Creates a display name for a customer master key (CMK). You can use an alias to identify a CMK in selected operations, such as Encrypt and GenerateDataKey.

Each CMK can have multiple aliases, but each alias points to only one CMK. The alias name must be unique in the AWS account and region. To simplify code that runs in multiple regions, use the same alias name, but point it to a different CMK in each region.

Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the CMK. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all CMKs, use the ListAliases operation.

An alias must start with the word alias followed by a forward slash (alias/). The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with aws; that alias name prefix is reserved by Amazon Web Services (AWS).

The alias and the CMK it is mapped to must be in the same AWS account and the same region. You cannot perform this operation on an alias in a different AWS account.

To map an existing alias to a different CMK, call UpdateAlias.


For .NET Core and PCL this operation is only available in asynchronous form. Please refer to CreateAliasAsync.

Namespace: Amazon.KeyManagementService
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z


public virtual CreateAliasResponse CreateAlias(
         CreateAliasRequest request
Type: Amazon.KeyManagementService.Model.CreateAliasRequest

Container for the necessary parameters to execute the CreateAlias service method.

Return Value
The response from the CreateAlias service method, as returned by KeyManagementService.


AlreadyExistsException The request was rejected because it attempted to create a resource that already exists.
DependencyTimeoutException The system timed out while trying to fulfill the request. The request can be retried.
InvalidAliasNameException The request was rejected because the specified alias name is not valid.
KMSInternalException The request was rejected because an internal exception occurred. The request can be retried.
KMSInvalidStateException The request was rejected because the state of the specified resource is not valid for this request. For more information about how key state affects the use of a CMK, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.
LimitExceededException The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key Management Service Developer Guide.
NotFoundException The request was rejected because the specified entity or resource could not be found.


The following example creates an alias for the specified customer master key (CMK).

To create an alias

var response = client.CreateAlias(new CreateAliasRequest 
    AliasName = "alias/ExampleAlias", // The alias to create. Aliases must begin with 'alias/'. Do not use aliases that begin with 'alias/aws' because they are reserved for use by AWS.
    TargetKeyId = "1234abcd-12ab-34cd-56ef-1234567890ab" // The identifier of the CMK whose alias you are creating. You can use the key ID or the Amazon Resource Name (ARN) of the CMK.


Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5

Portable Class Library:
Supported in: Windows Store Apps
Supported in: Windows Phone 8.1
Supported in: Xamarin Android
Supported in: Xamarin iOS (Unified)
Supported in: Xamarin.Forms

See Also