# Create aliases
<a name="alias-create"></a>

You can create aliases in the Amazon KMS console or by using Amazon KMS API operations. 

The alias must be string of 1–256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (\$1), and dashes (-). The alias name for a [customer managed key](concepts.md#customer-mgn-key) cannot begin with `alias/aws/`. The `alias/aws/` prefix is reserved for [Amazon managed key](concepts.md#aws-managed-key).

You can create an alias for a new KMS key or for an existing KMS key. You might add an alias so that a particular KMS key is used in a project or application. 

You can also use a Amazon CloudFormation template to create an alias for a KMS key. For more information, see [AWS::KMS::Alias](https://docs.amazonaws.cn/AWSCloudFormation/latest/UserGuide/aws-resource-kms-alias.html) in the *Amazon CloudFormation User Guide*.

## Using the Amazon KMS console
<a name="alias-create-console"></a>

When you [create a KMS key](create-keys.md) in the Amazon KMS console, you must create an alias for the new KMS key. To create an alias for an existing KMS key, use the **Aliases** tab on the detail page for the KMS key.

1. Sign in to the Amazon Web Services Management Console and open the Amazon Key Management Service (Amazon KMS) console at [https://console.amazonaws.cn/kms](https://console.amazonaws.cn/kms).

1. To change the Amazon Web Services Region, use the Region selector in the upper-right corner of the page.

1. In the navigation pane, choose **Customer managed keys**. You cannot manage aliases for Amazon managed keys or Amazon owned keys.

1. In the table, choose the key ID or alias of the KMS key. Then, on the KMS key detail page, choose the **Aliases** tab.

   If a KMS key has multiple aliases, the **Aliases** column in the table displays one alias and an alias summary, such as **(\$1*n* more)**. Choosing the alias summary takes you directly to the **Aliases** tab on the KMS key detail page.

1. On the **Aliases** tab, choose **Create alias**. Enter an alias name and choose **Create alias**.
**Important**  
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
**Note**  
Do not add the `alias/` prefix. The console automatically adds it for you. If you enter `alias/ExampleAlias`, the actual alias name will be `alias/alias/ExampleAlias`.

## Using the Amazon KMS API
<a name="alias-create-api"></a>

To create an alias, use the [CreateAlias](https://docs.amazonaws.cn/kms/latest/APIReference/API_CreateAlias.html) operation. Unlike the process of creating KMS keys in the console, the [CreateKey](https://docs.amazonaws.cn/kms/latest/APIReference/API_CreateKey.html) operation doesn't create an alias for a new KMS key.

**Important**  
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.

You can use the `CreateAlias` operation to create an alias for a new KMS key with no alias. You can also use the `CreateAlias` operation to add an alias to any existing KMS key or to recreate an alias that was accidentally deleted. 

In the Amazon KMS API operations, the alias name must begin with `alias/` followed by a name, such as `alias/ExampleAlias`. The alias must be unique in the account and Region. To find the alias names that are already in use, use the [ListAliases](https://docs.amazonaws.cn/kms/latest/APIReference/API_ListAliases.html) operation. The alias name is case sensitive.

The `TargetKeyId` can be any [customer managed key](concepts.md#customer-mgn-key) in the same Amazon Web Services Region. To identify the KMS key, use its [key ID](concepts.md#key-id-key-id) or [key ARN](concepts.md#key-id-key-ARN). You cannot use another alias.

The following example creates the `example-key` alias and associates it with the specified KMS key. These examples use the Amazon Command Line Interface (Amazon CLI). For examples in multiple programming languages, see [Use `CreateAlias` with an Amazon SDK or CLI](example_kms_CreateAlias_section.md).

```
$ aws kms create-alias \
    --alias-name alias/example-key \
    --target-key-id 1234abcd-12ab-34cd-56ef-1234567890ab
```

`CreateAlias` does not return any output. To see the new alias, use the `ListAliases` operation. For details, see [Using the Amazon KMS API](alias-view.md#alias-view-api).