Use the ListAliasesByKeyId API operation or Alibaba Cloud CLI to retrieve all aliases bound to a specified CMK (customer master key). Only aliases associated with the specified CMK are returned.
Prerequisites
Before you begin, ensure that you have:
A CMK with at least one alias bound to it
A RAM user with a custom policy granting
kms:ListAliasesByKeyIdpermission on the target CMK
Grant RAM permissions
To allow a RAM user to query aliases for a specified CMK, create a custom RAM policy and attach it to the RAM user.
The following policy grants user 123456 permission to call ListAliasesByKeyId on the CMK 127d2f84-ee5f-4f4d-9d41-dbc1aca2**** in the cn-hangzhou region.
{
"Version": "1",
"Statement": [
{
"Effect": "Allow",
"Action": [
"kms:ListAliasesByKeyId"
],
"Resource": [
"acs:kms:cn-hangzhou:123456:key/127d2f84-ee5f-4f4d-9d41-dbc1aca2****"
]
}
]
}Query aliases using the API
Call the ListAliasesByKeyId operation to retrieve all aliases bound to a specified CMK.
Query aliases using Alibaba Cloud CLI
Run the following command to query aliases for a specified CMK:
aliyun kms ListAliasesByKeyId --KeyId 127d2f84-ee5f-4f4d-9d41-dbc1aca2****