在密钥管理服务(KMS)中,您的每个主密钥都拥有启用(Enabled)、禁用(Disabled)、待删除(PendingDeletion)三个状态。
如果密钥是外部密钥(用户自带密钥,即DescribeKey中Origin为EXTERNAL的),还可能处于待导入(PendingImport)状态。
通常情况下,新建的主密钥默认处于启用状态。当新建一个外部密钥时会处于等待导入状态。
只有处于启用状态的密钥才可以用于加密、解密操作。其它API根据密钥状态的不同,会有不同的返回结果。
处于待删除(PendingDeletion)状态的密钥,在预删除时间过后,会被永久删除。
密钥状态与API调用期望返回结果如下表所示。
| 期望结果 | HttpStatusCode |
|---|---|
| Success | 200 |
| Rejected.Enabled | 409 |
| Rejected.Disabled | 409 |
| Rejected.PendingDeletion | 409 |
| Rejected.PendingImport | 409 |
| Rejected.StateModifiedFailed | 409 |
普通API
| API | 启用(Enabled) | 禁用(Disabled) | 待删除(PendingDeletion) | 待导入(PendingImport) |
|---|---|---|---|---|
| CreateKey | Success | Success | Success | Success |
| GenerateDataKey | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
| GenerateDataKeyWithoutPlaintext | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
| Encrypt | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
| Decrypt | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
| ListKeys | Success | Success | Success | Success |
| DescribeKey | Success | Success | Success | Success |
| UpdateKeyDescription | Success | Success | Rejected.PendingDeletion | Success |
| EnableKey | Success | Success | Rejected.StateModifiedFailed | Rejected.StateModifiedFailed |
| DisableKey | Success | Success | Rejected.StateModifiedFailed | Rejected.StateModifiedFailed |
| ScheduleKeyDeletion | Success | Success | Rejected.StateModifiedFailed | Success |
| CancelKeyDeletion | Rejected.StateModifiedFailed | Rejected.StateModifiedFailed | Success | Rejected.StateModifiedFailed |
| CreateAlias | Success | Success | Rejected.StateModifiedFailed | Success |
| DeleteAlias | Success | Success | Success | Success |
| ListAliases | Success | Success | Success | Success |
| TagResource | Success | Success | Rejected.PendingDeletion | Success |
| UntagResource | Success | Success | Rejected.PendingDeletion | Success |
| ListResourceTags | Success | Success | Success | Success |
| DescribeKeyVersion | Success | Success | Success | Success |
| ListKeyVersions | Success | Success | Success | Success |
| UpdateRotationPolicy | Success | Rejected.Disabled | Rejected.PendingDeletion | Rejected.PendingImport |
特殊API
UpdateAlias:
- 只受到目标密钥的状态影响,与原密钥状态无关。
- 当目标密钥处于待删除状态时,返回
Rejected.PendingDeletion,否则返回Success。
外部密钥专属API
| API | 启用(Enabled) | 禁用(Disabled) | 待删除(PendingDeletion) | 待导入(PendingImport) |
|---|---|---|---|---|
| GetParametersForImport | Success | Success | Success | Success |
| ImportKeyMaterial | Success | Success | Rejected.StateModifiedFailed | Success |
| DeleteKeyMaterial | Success | Success | Success | Success |