Learn R Programming
paws.security.identity (version 0.1.12)

kms_get_key_rotation_status: Gets a Boolean value that indicates whether automatic rotation of the key material is enabled for the specified customer master key (CMK)

Description

Gets a Boolean value that indicates whether automatic rotation of the key material is enabled for the specified customer master key (CMK).

You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported key material, or CMKs in a custom key store. The key rotation status for these CMKs is always false.

The CMK that you use for this operation must be in a compatible key state. For details, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.

  • Disabled: The key rotation status does not change when you disable a CMK. However, while the CMK is disabled, AWS KMS does not rotate the backing key.

  • Pending deletion: While a CMK is pending deletion, its key rotation status is false and AWS KMS does not rotate the backing key. If you cancel the deletion, the original key rotation status is restored.

Cross-account use: Yes. To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the KeyId parameter.

Required permissions: kms:GetKeyRotationStatus (key policy)

Related operations:

  • disable_key_rotation

  • enable_key_rotation

Usage

kms_get_key_rotation_status(KeyId)

Value

A list with the following syntax:

list(
  KeyRotationEnabled = TRUE|FALSE
)

Arguments

KeyId

[required] A unique identifier for the customer master key (CMK).

Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a CMK, use list_keys or describe_key.

Request syntax

svc$get_key_rotation_status(
  KeyId = "string"
)

Examples

Run this code
if (FALSE) {
# The following example retrieves the status of automatic annual rotation
# of the key material for the specified CMK.
svc$get_key_rotation_status(
  KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab"
)
}

Run the code above in your browser using DataLab