Aliases are optional to CMKs. You can create aliases to facilitate CMK management.
Background information
- An alias must contain the
alias/
prefix. An alias name excluding the prefix must be 1 to 255 characters in length and can contain letters, digits, underscores (_), hyphens (-), and forward slashes (/). - If you want to allow a RAM user to create an alias, you must create a custom policy
to grant the RAM user the required permissions.
The following example shows the content of a policy that allows user 123456 to create an alias named
alias/example
for CMK 08ec3bb9-034f-485b-b1cd-3459baa8****:{ "Version": "1", "Statement": [ { "Effect": "Allow", "Action": [ "kms:CreateAlias" ], "Resource": [ "acs:kms:cn-hangzhou:123456:key/08ec3bb9-034f-485b-b1cd-3459baa8****", "acs:kms:cn-hangzhou:123456:alias/example" ] } ] }
- A new alias created for a CMK does not affect the existing aliases of the CMK.
Create an alias in the KMS console
Create an alias by calling an API operation
Call the CreateAlias operation to create an alias.
Create an alias by running a command on the Alibaba Cloud CLI
Run the aliyun kms CreateAlias command to create an alias.
aliyun kms CreateAlias --KeyId 08ec3bb9-034f-485b-b1cd-3459baa8**** --AliasName alias/example