KMS / Client / delete_alias

delete_alias

KMS.Client.delete_alias(**kwargs)

Deletes the specified alias.

Note

Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see ABAC for KMS in the Key Management Service Developer Guide.

Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the DescribeKey operation. To get the aliases of all KMS keys, use the ListAliases operation.

Each KMS key can have multiple aliases. To change the alias of a KMS key, use DeleteAlias to delete the current alias and CreateAlias to create a new alias. To associate an existing alias with a different KMS key, call UpdateAlias.

Cross-account use: No. You cannot perform this operation on an alias in a different Amazon Web Services account.

Required permissions

• kms:DeleteAlias on the alias (IAM policy).

• kms:DeleteAlias on the KMS key (key policy).

For details, see Controlling access to aliases in the Key Management Service Developer Guide.

Related operations:

• CreateAlias

• ListAliases

• UpdateAlias

Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

See also: AWS API Documentation

Request Syntax

response = client.delete_alias(
    AliasName='string'
)

Parameters:

AliasName (string) –

[REQUIRED]

The alias to be deleted. The alias name must begin with alias/ followed by the alias name, such as alias/ExampleAlias.

Returns:

None

Exceptions

• KMS.Client.exceptions.DependencyTimeoutException

• KMS.Client.exceptions.NotFoundException

• KMS.Client.exceptions.KMSInternalException

• KMS.Client.exceptions.KMSInvalidStateException

Examples

The following example deletes the specified alias.

response = client.delete_alias(
    # The alias to delete.
    AliasName='alias/ExampleAlias',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}