Updates the automatic rotation policy of a key.
After automatic rotation is enabled, a new key version is created and set to the primary version after the last rotation time plus the rotation period.
Limits:
- Only symmetric keys in KMS instances of the software key management type support key rotation.
- Only keys in the Enabled state support key rotation. If a key is in the Disabled or Pending Deletion state, the key rotation feature is disabled. If the key re-enters the Enabled state, the key rotation feature is enabled.
- Each key version of a key consumes the key quota. For example, if a key has three key versions, such as V1, V2, and V3, the key quota is deducted by 3.
In this example, automatic key rotation is enabled for a key whose ID is key-hzz62f1cb66fa42qo****
. The automatic rotation period is 30 days.
Debugging
Request parameters
Parameter |
Type |
Required |
Example |
Description |
Action | String | Yes | UpdateRotationPolicy | The operation that you want to perform. Set the value to UpdateRotationPolicy. |
KeyId | String | Yes | key-hzz62f1cb66fa42qo**** | The globally unique ID of the key. |
EnableAutomaticRotation | Boolean | Yes | true | Specifies whether to enable automatic key rotation. Valid values:
|
RotationInterval | String | No | 30d | The period of automatic key rotation. Specify the value in the integer[unit] format. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day period. Valid values: 7 to 365 days. Note
If EnableAutomaticRotation is set to true, you must configure this parameter. If EnableAutomaticRotation is not set to true, you do not need to configure this parameter. |
Response parameters
Parameter |
Type |
Example |
Description |
RequestId | String | efb1cbbd-a093-4278-bc03-639dd4fcc207 | The request ID. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=UpdateRotationPolicy
&KeyId=key-hzz62f1cb66fa42qo****
&EnableAutomaticRotation=true
&RotationInterval=30d
&<Common request parameters>
Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<UpdateRotationPolicyResponse>
<RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>
</UpdateRotationPolicyResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "efb1cbbd-a093-4278-bc03-639dd4fcc207"
}
Error codes
HttpCode |
Error code |
Error message |
Description |
400 | InvalidParameter | The specified parameter is not valid. | The error message returned because the specified parameter is invalid. |
404 | InvalidAccessKeyId.NotFound | The Access Key ID provided does not exist in our records. | The error message returned because the specified AccessKey ID is not found. |
404 | Forbidden.KeyNotFound | The specified Key is not found. | The error message returned because the specified key does not exist. |
For a list of error codes, see Service error codes.