AWS::KMS::Alias

KMS Alias

The AWS::KMS::Alias resource specifies a display name for a [KMS key](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys). You can use an alias to identify a KMS key in the KMS console, in the [DescribeKey](https://docs.aws.amazon.com/kms/latest/APIReference/API_DescribeKey.html) operation, and in [cryptographic operations](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), such as [Decrypt](https://docs.aws.amazon.com/...

Properties

2 configurable properties. 2 required. Click a row to see details.

Filter:

Property	Type	Flags
`AliasName`	`string`	RequiredCreate-only
`TargetKeyId`	`string`	Required

Sample CloudFormation Template

A minimal template with required properties and common optional ones.

template.yaml

AWSTemplateFormatVersion: "2010-09-09"
Description: Sample template for AWS::KMS::Alias

Resources:
  MyResource:
    Type: AWS::KMS::Alias
    Properties:
      AliasName: "my-aliasname"
      TargetKeyId: "my-targetkeyid"

Required IAM Permissions

Permissions CloudFormation needs in your IAM role to manage this resource.

read

kms:ListAliases

create

kms:CreateAlias

update

kms:UpdateAlias

list

kms:ListAliases

delete

kms:DeleteAlias

Learn AWS the Practical Way

Our bi-weekly newsletter teaches hands-on AWS fundamentals. No certification fluff - just practical knowledge.

Subscribe to Newsletter

Quick Facts

ServiceKMS

Properties2

Required2

TaggingNot supported

Primary IDAliasName

Supported Operations

ReadCreateUpdateListDelete

Immutable After Creation

These properties cannot be changed after the resource is created. Updating them triggers a replacement.

AliasName

Related Resources

External Links

AWS Documentation