Finding the alias name and alias ARN - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.

Finding the alias name and alias ARN

An alias is a friendly name for an Amazon KMS Amazon KMS keys (KMS key). You can find the alias name and alias ARN in the Amazon KMS console or Amazon KMS API.

For detailed information about the KMS key identifiers that Amazon KMS supports, see Key identifiers (KeyId). For help finding the key ID and key ARN, see Finding the key ID and key ARN.

To find the alias name and alias ARN (console)

The Amazon KMS console displays the aliases associated with the KMS key.

  1. Open the Amazon KMS console at https://console.amazonaws.cn/kms.

  2. To change the Amazon Region, use the Region selector in the upper-right corner of the page.

  3. To view the keys in your account that you create and manage, in the navigation pane choose Customer managed keys. To view the keys in your account that Amazon creates and manages for you, in the navigation pane, choose Amazon managed keys.

  4. The Aliases column displays the alias for each KMS key. If a KMS key does not have an alias, a dash (-) appears in the Aliases column.

    If a KMS key has multiple aliases, the Aliases column also has an alias summary, such as (+n more). For example, the following KMS key has two aliases, one of which is key-test.

    To find the alias name and alias ARN of all aliases for the KMS key, use the Aliases tab.

    • To go directly to the Aliases tab, in the Aliases column, choose the alias summary (+n more). An alias summary appears only if the KMS key has more than one alias.

    • Or, choose the alias or key ID of the KMS key (which opens the detail page for the KMS key) and then choose the Aliases tab. The tabs are under the General configuration section.

  5. The Aliases tab displays the alias name and alias ARN of all aliases for a KMS key. You can also create and delete aliases for the KMS key on this tab.

To find the alias name and alias ARN (Amazon KMS API)

To find the alias name and alias ARN of an Amazon KMS key, use the ListAliases operation. For examples in multiple programming languages, see Listing aliases and Get alias names and ARNs Get tags.

By default, the response includes the alias name and alias ARN for every alias in the account and Region. To get only the aliases for a particular KMS key, use the KeyId parameter.

For example, the following command gets only the aliases for an example KMS key with key ID 1234abcd-12ab-34cd-56ef-1234567890ab.

$ aws kms list-aliases --key-id 1234abcd-12ab-34cd-56ef-1234567890ab { "Aliases": [ { "AliasName": "alias/key-test", "AliasArn": "arn:aws:kms:us-west-2:111122223333:alias/key-test", "TargetKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": 1593622000.191, "LastUpdatedDate": 1593622000.191 }, { "AliasName": "alias/project-key", "AliasArn": "arn:aws:kms:us-west-2:111122223333:alias/project-key", "TargetKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" "CreationDate": 1516435200.399, "LastUpdatedDate": 1516435200.399 } ] }