AWS::KMS::Alias
The AWS::KMS::Alias resource creates a display name for a customer master key (CMK) in AWS Key Management
Service (AWS KMS). Using an alias to refer to a key can help you simplify key management.
For example, when rotating keys, you can just update the alias mapping instead of
tracking and changing key IDs. For more information, see Working with Aliases in the AWS Key Management Service Developer Guide.
Topics
Syntax
To declare this entity in your AWS CloudFormation template, use the following syntax:
JSON
{ "Type" : "AWS::KMS::Alias", "Properties" : { "AliasName" :String, "TargetKeyId" :String} }
YAML
Type: AWS::KMS::Alias Properties: AliasName:StringTargetKeyId:String
Properties
AliasName-
The name of the alias. The name must start with
aliasfollowed by a forward slash, such asalias/. You can't specify aliases that begin withalias/AWS. These aliases are reserved.Required: Yes
Type: String
Update requires: Replacement
TargetKeyId-
The ID of the key for which you are creating the alias. Specify the key's globally unique identifier or Amazon Resource Name (ARN). You can't specify another alias.
Required: Yes
Type: String
Update requires: No interruption
Return Value
Ref
When the logical ID of this resource is provided to the Ref intrinsic function, Ref returns the alias name, such as alias/myKeyAlias.
For more information about using the Ref function, see Ref.
Examples
The following examples create the alias/myKeyAlias alias for the myKey AWS KMS key.
JSON
"myKeyAlias" : { "Type" : "AWS::KMS::Alias", "Properties" : { "AliasName" : "alias/myKeyAlias", "TargetKeyId" : {"Ref":"myKey"} } }
YAML
myKeyAlias: Type: AWS::KMS::Alias Properties: AliasName: alias/myKeyAlias TargetKeyId: Ref: myKey
