Aliases are optional to CMKs. Aliases must be unique in a region for each Alibaba Cloud account. An Alibaba Cloud account can have identical aliases in different regions. An alias can be bound to only one CMK in a region, but a CMK can have multiple aliases.
Although aliases are bound to CMKs, aliases are resources independent of CMKs. Aliases have the following characteristics:
- You can call the UpdateAlias operation to bind an alias to a different CMK. This operation does not affect the CMK.
- If you delete an alias, the CMK to which the alias is bound is not deleted.
- RAM users must be authorized before they can perform operations on an alias. For more information, see Use RAM to control access to resources.
- Aliases cannot be modified. To change the alias of a CMK, you must delete the original alias and create a new one for the CMK.
You can replace the CMK ID in the request parameters for the following API operations with an alias that is bound to the CMK:
An alias must contain the
alias prefix, such as
The following table describes the operations related to aliases.
|Create an alias
|Create an alias to facilitate key management.
|Bind an alias to a different CMK
|Bind an alias to a different CMK.
|Query all the aliases under the current Alibaba Cloud account in the current region.
|Query aliases bound to a specified CMK
|Query the aliases bound to a specified CMK.
|Delete an alias
|Delete an alias. If you delete an alias, the CMK to which the alias is bound is not deleted.