UpdatePrimaryRegion
Updates the primary region of a multi-Region key.
Description
The UpdatePrimaryRegion operation changes the primary region of a multi-Region key to a different region. When you update the primary region, KMS creates a new primary key in the specified region and updates the key material and metadata of all related multi-Region keys to match the new primary key.
note
- This operation is only valid for multi-Region keys.
- The specified Region must already have a replica key.
- You cannot perform this operation on a key in a Region that is scheduled for deletion.
- While the operation is in progress, the key state of all affected multi-Region keys is
UPDATING. - This operation can take several minutes to complete.
Request Syntax
Headers
| Name | Description | Required | Type |
|---|---|---|---|
| Content-Type | Must be "application/x-amz-json-1.1" | Yes | string |
| X-Amz-Target | Must be "TrentService.UpdatePrimaryRegion" | Yes | string |
Request Body
| Name | Description | Required | Type |
|---|---|---|---|
| KeyId | Identifies the current primary key. You can use the key ID or key ARN of the primary key. | Yes | string |
| PrimaryRegion | The Region of the current replica key that you want to make the primary key. | Yes | string |
POST / HTTP/1.1
Content-Type: application/x-amz-json-1.1
X-Amz-Target: TrentService.UpdatePrimaryRegion
{
"KeyId": "mrk-1234abcd12ab34cd56ef1234567890ab",
"PrimaryRegion": "us-west-2"
}
Values in italics indicate user input and should be replaced with actual values.
Response Elements
This operation returns no response data.
Special Errors
| Error Code | Description |
|---|---|
| DependencyTimeoutException | The system timed out while trying to fulfill the request. |
| InvalidArnException | The request was rejected because a specified ARN was not valid. |
| KMSInternalException | An internal error occurred. |
| KMSInvalidStateException | The request was rejected because the key state is not valid for this operation. |
| NotFoundException | The request was rejected because the specified entity or resource could not be found. |
| UnsupportedOperationException | The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation. |
Permissions
To use the UpdatePrimaryRegion operation, you must have the following permissions:
kms:UpdatePrimaryRegionon both the current primary key and the new primary key
Try It Out
Test UpdatePrimaryRegion
Update the primary region of a multi-Region key.
Coming Soon
This feature is currently under development and will be available soon.