Creates a version for a key.
You can call the operation only for symmetric keys in KMS instances of the software key management type. To call the operation, keys must be enabled. You can call the DescribeKey operation to query the key status.
Each time a key version is created, one is deducted from the key quota value.
This topic provides an example on how to create a version for a key whose key ID is key-hzz62f1cb66fa42qo****
.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
Action | String | Yes | CreateKeyVersion | The operation that you want to perform. Set the value to CreateKeyVersion. |
KeyId | String | Yes | key-hzz62f1cb66fa42qo*** | The globally unique ID of the key. |
Response parameters
Parameter | Type | Example | Description |
RequestId | String | b96f250a-4b75-498c-91be-22c6928f85be | The ID of the request, which is used to locate and troubleshoot issues. |
KeyVersion | Object | The metadata of the key version. | |
KeyId | String | key-hzz62f1cb66fa42qo**** | The ID of the key. |
KeyVersionId | String | key-hzz62f1cb66fa42qo****-20v29b**** | The version ID of the key. |
CreationDate | String | 2023-07-02T10:38:27Z | The date and time when the version was created. The time is displayed in UTC. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=CreateKeyVersion
&KeyId=key-hzz62f1cb66fa42qo***
&<Common request parameters>
Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<CreateKeyVersionResponse>
<RequestId>b96f250a-4b75-498c-91be-22c6928f85be</RequestId>
<KeyVersion>
<KeyId>key-hzz62f1cb66fa42qo****</KeyId>
<KeyVersionId>key-hzz62f1cb66fa42qo****-20v29b****</KeyVersionId>
<CreationDate>2023-07-02T10:38:27Z</CreationDate>
</KeyVersion>
</CreateKeyVersionResponse>
JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "b96f250a-4b75-498c-91be-22c6928f85be",
"KeyVersion" : {
"KeyId" : "key-hzz62f1cb66fa42qo****",
"KeyVersionId" : "key-hzz62f1cb66fa42qo****-20v29b****",
"CreationDate" : "2023-07-02T10:38:27Z"
}
}
Error codes
HTTP status code | Error code | Error message | Description |
400 | Rejected.UnsupportedOperation | Unsupported operation. | The operation is not supported. |
404 | Forbidden.AliasNotFound | The specified Alias is not found. | The specified alias is not found. |
404 | Forbidden.KeyNotFound | The specified Key is not found. | The specified key does not exist. |
409 | Rejected.Disabled | The request was rejected because the key state is Disabled. | The request is denied because the key is disabled. |
409 | Rejected.Unavailable | The request was rejected because the key state is Unavailable. | The request is denied because the key is unavailable. |
409 | Rejected.PendingDeletion | The request was rejected because the key state is PendingDeletion. | The request is denied because the key is in the Pending Deletion state. |
For a list of error codes, see Service error codes.