kms_schedule_key_deletion: Schedules the deletion of a KMS key

In paws.security.identity: 'Amazon Web Services' Security, Identity, & Compliance Services

Schedules the deletion of a KMS key

Description

Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use cancel_key_deletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it.

See https://www.paws-r-sdk.com/docs/kms_schedule_key_deletion/ for full documentation.

Usage

kms_schedule_key_deletion(KeyId, PendingWindowInDays = NULL)

Arguments

KeyId

[required] The unique identifier of the KMS key to delete. Specify the key ID or key ARN of the KMS key. For example: Key ID: ⁠1234abcd-12ab-34cd-56ef-1234567890ab⁠ Key ARN: ⁠arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab⁠ To get the key ID and key ARN for a KMS key, use list_keys or describe_key.

PendingWindowInDays

The waiting period, specified in number of days. After the waiting period ends, KMS deletes the KMS key. If the KMS key is a multi-Region primary key with replica keys, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately. This value is optional. If you include a value, it must be between 7 and 30, inclusive. If you do not include a value, it defaults to 30. You can use the kms:ScheduleKeyDeletionPendingWindowInDays condition key to further constrain the values that principals can specify in the PendingWindowInDays parameter.

paws.security.identity documentation built on Sept. 12, 2023, 1:10 a.m.