CreateAlias
Creates a friendly name (alias) for a KMS key.
Description
The `CreateAlias` operation creates a display name for a KMS key. An alias is a friendly name that you can use to identify a KMS key in the console and in some QKMS operations. Each alias is associated with exactly one KMS key at a time, but a KMS key can have multiple aliases.
note
- Each alias must be unique in the account and region. To simplify key management, you can use the same alias in different regions to refer to different keys.
- The alias name must begin with `alias/` followed by a name that contains only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-).
- The alias name cannot begin with `alias/aws/` as this prefix is reserved for QKMS managed keys.
Request Syntax
Headers
| Name | Description | Required | Type |
|---|---|---|---|
| Content-Type | Must be "application/x-amz-json-1.1" | Yes | string |
| X-Amz-Target | Must be "TrentService.CreateAlias" | Yes | string |
Request Body
| Name | Description | Required | Type |
|---|---|---|---|
| AliasName | The alias name. The name must begin with 'alias/' followed by a name, such as 'alias/ExampleAlias'. | Yes | string |
| TargetKeyId | The unique identifier of the KMS key that the alias will be associated with. This value can be the key ID or the key ARN of the KMS key. | Yes | string |
POST / HTTP/1.1
Content-Type: application/x-amz-json-1.1
X-Amz-Target: TrentService.CreateAlias
{
"AliasName": "alias/ExampleAlias",
"TargetKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
}
Values in italics indicate user input and should be replaced with actual values.
Examples
Example 1: Create an alias for a KMS key
POST / HTTP/1.1
Content-Type: application/x-amz-json-1.1
X-Amz-Target: TrentService.CreateAlias
{
"AliasName": "alias/ExampleAlias",
"TargetKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
}
Values in italics indicate user input and should be replaced with actual values.
HTTP/1.1 200 OK
Content-Type: application/x-amz-json-1.1
Values in italics indicate variable response values.
Response Elements
This operation returns no response data.
Special Errors
| Error Code | Description |
|---|---|
| AlreadyExistsException | The alias you are trying to create already exists. |
| DependencyTimeoutException | The system timed out while trying to fulfill the request. |
| InvalidAliasNameException | The alias name is not valid. |
| KMSInternalException | An internal error occurred. |
| KMSInvalidStateException | The request was rejected because the key state is not valid for this operation. |
| LimitExceededException | The request was rejected because a quota was exceeded. |
| NotFoundException | The request was rejected because the specified key was not found. |
Permissions
To use the `CreateAlias` operation, you must have the following permissions:
- `kms:CreateAlias` on the alias (specified in the policy)
- `kms:CreateAlias` on the KMS key (specified in the policy)
Try It Out
Test CreateAlias
Create an alias for a KMS key.
Coming Soon
This feature is currently under development and will be available soon.