GetKeyRotationStatus
Gets the rotation status for a KMS key.
Description
The GetKeyRotationStatus operation retrieves the current status of automatic key rotation for a customer managed KMS key.
note
- This operation works only on symmetric encryption KMS keys. You cannot enable or disable automatic rotation of asymmetric KMS keys.
- Automatic key rotation is not available for KMS keys in custom key stores.
- The KMS key must be in a compatible key state to determine its rotation status.
- When automatic key rotation is enabled, QKMS automatically creates new cryptographic material for the KMS key one year after enabling and every year thereafter.
Request Syntax
Headers
| Name | Description | Required | Type |
|---|---|---|---|
| Content-Type | Must be "application/x-amz-json-1.1" | Yes | string |
| X-Amz-Target | Must be "TrentService.GetKeyRotationStatus" | Yes | string |
Request Body
| Name | Description | Required | Type |
|---|---|---|---|
| KeyId | The identifier of the KMS key to query. This can be the key ID or key ARN of the KMS key. | Yes | string |
POST / HTTP/1.1
Content-Type: application/x-amz-json-1.1
X-Amz-Target: TrentService.GetKeyRotationStatus
{
"KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
}
Values in italics indicate user input and should be replaced with actual values.
Response Elements
| Name | Description | Required | Type |
|---|---|---|---|
| KeyRotationEnabled | A Boolean value that specifies whether key rotation is enabled. | No | String |
Special Errors
| Error Code | Description |
|---|---|
| DependencyTimeoutException | The system timed out while trying to fulfill the request. |
| InvalidArnException | The request was rejected because a specified ARN was not valid. |
| KMSInternalException | An internal error occurred. |
| KMSInvalidStateException | The request was rejected because the key state is not valid for this operation. |
| NotFoundException | The request was rejected because the specified entity or resource could not be found. |
| UnsupportedOperationException | The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation. |
Permissions
To use the GetKeyRotationStatus operation, you must have the following permissions:
kms:GetKeyRotationStatuson the KMS key (specified in the policy)
Try It Out
Test GetKeyRotationStatus
Get the rotation status for a KMS key.
Coming Soon
This feature is currently under development and will be available soon.