Aliases

An alias is a globally unique, DNS-like string that is associated with a destination resource. You can establish a session to a target by referencing its alias, instead of having to provide a target ID or target name and scope ID.

For example, if you have an alias boundary.dev, you can use it to connect to a target with the following command: boundary connect ssh boundary.dev.

Background

When you create a resource in Boundary, it assigns the resource a randomly generated identifier. You must use those IDs to perform actions in Boundary. When you connect to a target using the terminal, you must reference the target ID or target name and scope name.

As an example, to SSH to a target, you can execute the command boundary connect ssh -target-id ttcp_123456789.

Since it can be difficult to remember the unique IDs, users frequently have to look up the identifiers for any resources they want to operate on.

Aliases simplify this process. When you create an alias and associate it with a target, you can later use the alias value instead of the target ID in commands. Boundary automatically resolves to the target that the alias references.

Permissions

The existence of an alias for a Boundary resource does not change how permissions function. Anyone can attempt to use an alias to access a target, but if you do not have permission to access the target, the attempt fails. You can create an alias for a target, even if you do not have permission to access the target.

Separating the permissions from aliases and destination resources means a different set of people can manage the aliases than the people who have permission to operate on targets. For example, you may have a project with a sensitive set of targets. You can configure Boundary to allow a select few users to manage those targets, while a different group of users manage the aliases.

More information

Refer to Overview of aliases to learn about configuring aliases.