Deletes a specified customer master key (CMK).

During the scheduled period, the CMK is in the PendingDeletion state and cannot be used to encrypt data, decrypt data, or generate data keys.

After a CMK is deleted, it cannot be recovered. Data that is encrypted and data keys that are generated by using the CMK cannot be decrypted. To prevent accidental deletion of CMKs, Key Management Service (KMS) allows you to only schedule key deletion tasks. You cannot directly delete CMKs. If you want to delete a CMK, call the DisableKey operation to disable the CMK.

When you call this operation, you must specify a scheduled period between 7 days to 366 days. The scheduled period starts from the time when you submit the request. You can call the CancelKeyDeletion operation to cancel the key deletion task before the scheduled period ends.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes ScheduleKeyDeletion

The operation that you want to perform. Set the value to ScheduleKeyDeletion.

KeyId String Yes 7906979c-8e06-46a2-be2d-68e3ccbc****

The ID of the customer master key (CMK). The ID must be globally unique.

PendingWindowInDays Integer Yes 7

The scheduled period after which the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the key deletion task.

Valid values: 7 to 366.

Unit: days.

Response parameters

Parameter Type Example Description
RequestId String 3da5b8cc-8107-40ac-a170-793cd181d7b7

The ID of the request, which is used to locate and troubleshoot issues.

Examples

Sample requests

http(s)://[Endpoint]/?Action=ScheduleKeyDeletion
&KeyId=7906979c-8e06-46a2-be2d-68e3ccbc****
&PendingWindowInDays=7
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<ScheduleKeyDeletionResponse>
    <RequestId>3da5b8cc-8107-40ac-a170-793cd181d7b7</RequestId>
</ScheduleKeyDeletionResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "RequestId" : "3da5b8cc-8107-40ac-a170-793cd181d7b7"
}

Error codes

HTTP status code Error code Error message Description
400 InvalidParameter The specified parameter is not valid. The error message returned because an invalid value is specified for the parameter.
404 InvalidAccessKeyId.NotFound The Access Key ID provided does not exist in our records. The error message returned because the specified AccessKey ID does not exist.

For a list of error codes, visit the API Error Center.