KMS / Client / delete_alias
delete_alias#
- KMS.Client.delete_alias(**kwargs)#
Deletes the specified alias.
Note
Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.
Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.
Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias.
Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.
Required permissions
kms:DeleteAlias on the alias (IAM policy).
kms:DeleteAlias on the KMS key (key policy).
For details, see Controlling access to aliases in the Key Management Service Developer Guide.
Related operations:
CreateAlias
ListAliases
UpdateAlias
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
See also: AWS API Documentation
Request Syntax
response = client.delete_alias( AliasName='string' )
- Parameters:
AliasName (string) –
[REQUIRED]
The alias to be deleted. The alias name must begin with
alias/
followed by the alias name, such asalias/ExampleAlias
.- Returns:
None
Exceptions
Examples
The following example deletes the specified alias.
response = client.delete_alias( # The alias to delete. AliasName='alias/ExampleAlias', ) print(response)
Expected Output:
{ 'ResponseMetadata': { '...': '...', }, }