Enables or disables deletion protection for a customer master key (CMK).
Usage notes:
- After you enable deletion protection for a CMK, you cannot delete the CMK. If you want to delete the CMK, you must first disable deletion protection for the CMK.
- Before you can call the SetDeletionProtection operation, make sure that the required CMK is not in the Pending Deletion state. You can call the DescribeKey operation to query the CMK status, which is specified by the KeyState parameter.
You can enable deletion protection for the CMK whose Alibaba Cloud Resource Name (ARN)
is acs:kms:cn-hangzhou:123213123****:key/0225f411-b21d-46d1-be5b-93931c82****
by using parameter settings provided in this topic. The CMK ARN is specified by the
ProtectedResourceArn parameter.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | SetDeletionProtection |
The operation that you want to perform. Set the value to SetDeletionProtection. |
ProtectedResourceArn | String | Yes | acs:kms:cn-hangzhou:123213123****:key/0225f411-b21d-46d1-be5b-93931c82**** |
The ARN of the CMK for which you want to set deletion protection. You can call the DescribeKey operation to query the CMK ARN. |
EnableDeletionProtection | Boolean | Yes | true |
Specifies whether to enable deletion protection. Valid values:
|
DeletionProtectionDescription | String | No | The CMK is being used by XXX. Deletion protection is enabled. |
The description of deletion protection. Note This parameter takes effect only when you set the EnableDeletionProtection parameter
to true.
|
For more information about common request parameters, see Common parameters.
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 3455b9b4-95c1-419d-b310-db6a53b09a39 |
The ID of the request, which is used to locate and troubleshoot issues. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=SetDeletionProtection
&ProtectedResourceArn=acs:kms:cn-hangzhou:123213123****:key/0225f411-b21d-46d1-be5b-93931c82****
&EnableDeletionProtection=true
"DeletionProtectionDescription" : "The CMK is being used by XXX. Deletion protection is enabled.
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<SetDeletionProtectionResponse>
<RequestId>3455b9b4-95c1-419d-b310-db6a53b09a39</RequestId>
</SetDeletionProtectionResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "3455b9b4-95c1-419d-b310-db6a53b09a39"
}
Error codes
For a list of error codes, visit the API Error Center.