kms_get_key_rotation_status: Gets a Boolean value that indicates whether automatic rotation of the key material is enabled for the specified customer master key (CMK)

Description

Gets a Boolean value that indicates whether automatic rotation of the key material is enabled for the specified customer master key (CMK).

Usage

kms_get_key_rotation_status(KeyId)

Arguments

KeyId

[required] A unique identifier for the customer master key (CMK).

Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.

For example:

Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.

Request syntax

svc$get_key_rotation_status(
  KeyId = "string"
)

Details

You cannot enable automatic rotation of asymmetric CMKs, CMKs with imported key material, or CMKs in a custom key store. The key rotation status for these CMKs is always false.

The CMK that you use for this operation must be in a compatible key state. For details, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide.

Disabled: The key rotation status does not change when you disable a CMK. However, while the CMK is disabled, AWS KMS does not rotate the backing key.
Pending deletion: While a CMK is pending deletion, its key rotation status is false and AWS KMS does not rotate the backing key. If you cancel the deletion, the original key rotation status is restored.

To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the KeyId parameter.

Examples

Run this code

# NOT RUN {
# The following example retrieves the status of automatic annual rotation
# of the key material for the specified CMK.
svc$get_key_rotation_status(
  KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab"
)
# }
# NOT RUN {
# }

Run the code above in your browser using DataLab