Deletes a specified customer master key (CMK).
During the scheduled period, the CMK is in the PendingDeletion state and cannot be used to encrypt data, decrypt data, or generate data keys.
After a CMK is deleted, it cannot be recovered. Data that is encrypted and data keys that are generated by using the CMK cannot be decrypted. To prevent accidental deletion of CMKs, Key Management Service (KMS) allows you to only schedule key deletion tasks. You cannot directly delete CMKs. If you want to delete a CMK, call the DisableKey operation to disable the CMK.
When you call this operation, you must specify a scheduled period between 7 days to 366 days. The scheduled period starts from the time when you submit the request. You can call the CancelKeyDeletion operation to cancel the key deletion task before the scheduled period ends.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | ScheduleKeyDeletion | The operation that you want to perform. Set the value to ScheduleKeyDeletion. |
KeyId | String | Yes | 7906979c-8e06-46a2-be2d-68e3ccbc**** | The ID of the customer master key (CMK). The ID must be globally unique. |
PendingWindowInDays | Integer | Yes | 7 | The scheduled period after which the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the key deletion task. Valid values: 7 to 366. Unit: days. |
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 3da5b8cc-8107-40ac-a170-793cd181d7b7 | The ID of the request, which is used to locate and troubleshoot issues. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=ScheduleKeyDeletion
&KeyId=7906979c-8e06-46a2-be2d-68e3ccbc****
&PendingWindowInDays=7
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<ScheduleKeyDeletionResponse>
<RequestId>3da5b8cc-8107-40ac-a170-793cd181d7b7</RequestId>
</ScheduleKeyDeletionResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "3da5b8cc-8107-40ac-a170-793cd181d7b7"
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidParameter | The specified parameter is not valid. | The error message returned because an invalid value is specified for the parameter. |
404 | InvalidAccessKeyId.NotFound | The Access Key ID provided does not exist in our records. | The error message returned because the specified AccessKey ID does not exist. |
For a list of error codes, visit the API Error Center.