All Products
Search
Document Center

Key Management Service:UpdateRotationPolicy

Last Updated:Sep 04, 2023

Updates the automatic rotation policy of a key.

After automatic rotation is enabled, a new key version is created and set to the primary version after the last rotation time plus the rotation period.

Limits:

  • Only symmetric keys in KMS instances of the software key management type support key rotation.
  • Only keys in the Enabled state support key rotation. If a key is in the Disabled or Pending Deletion state, the key rotation feature is disabled. If the key re-enters the Enabled state, the key rotation feature is enabled.
  • Each key version of a key consumes the key quota. For example, if a key has three key versions, such as V1, V2, and V3, the key quota is deducted by 3.

In this example, automatic key rotation is enabled for a key whose ID is key-hzz62f1cb66fa42qo****. The automatic rotation period is 30 days.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter

Type

Required

Example

Description

Action String Yes UpdateRotationPolicy

The operation that you want to perform. Set the value to UpdateRotationPolicy.

KeyId String Yes key-hzz62f1cb66fa42qo****

The globally unique ID of the key.

EnableAutomaticRotation Boolean Yes true

Specifies whether to enable automatic key rotation. Valid values:

  • true

  • false

RotationInterval String No 30d

The period of automatic key rotation. Specify the value in the integer[unit] format. The following units are supported: d (day), h (hour), m (minute), and s (second). For example, you can use either 7d or 604800s to specify a seven-day period. Valid values: 7 to 365 days.

Note

If EnableAutomaticRotation is set to true, you must configure this parameter. If EnableAutomaticRotation is not set to true, you do not need to configure this parameter.

Response parameters

Parameter

Type

Example

Description

RequestId String efb1cbbd-a093-4278-bc03-639dd4fcc207

The request ID.

Examples

Sample requests

http(s)://[Endpoint]/?Action=UpdateRotationPolicy
&KeyId=key-hzz62f1cb66fa42qo****
&EnableAutomaticRotation=true
&RotationInterval=30d
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<UpdateRotationPolicyResponse>
    <RequestId>efb1cbbd-a093-4278-bc03-639dd4fcc207</RequestId>
</UpdateRotationPolicyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "efb1cbbd-a093-4278-bc03-639dd4fcc207"
}

Error codes

HttpCode

Error code

Error message

Description

400 InvalidParameter The specified parameter is not valid. The error message returned because the specified parameter is invalid.
404 InvalidAccessKeyId.NotFound The Access Key ID provided does not exist in our records. The error message returned because the specified AccessKey ID is not found.
404 Forbidden.KeyNotFound The specified Key is not found. The error message returned because the specified key does not exist.

For a list of error codes, see Service error codes.