KMS / Client / enable_key
enable_key#
- KMS.Client.enable_key(**kwargs)#
Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:EnableKey (key policy)
Related operations: DisableKey
See also: AWS API Documentation
Request Syntax
response = client.enable_key( KeyId='string' )
- Parameters:
KeyId (string) –
[REQUIRED]
Identifies the KMS key to enable.
Specify the key ID or key ARN of the KMS key.
For example:
Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
- Returns:
None
Exceptions
KMS.Client.exceptions.NotFoundException
KMS.Client.exceptions.InvalidArnException
KMS.Client.exceptions.DependencyTimeoutException
KMS.Client.exceptions.KMSInternalException
KMS.Client.exceptions.LimitExceededException
KMS.Client.exceptions.KMSInvalidStateException
Examples
The following example enables the specified KMS key.
response = client.enable_key( # The identifier of the KMS key to enable. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key. KeyId='1234abcd-12ab-34cd-56ef-1234567890ab', ) print(response)
Expected Output:
{ 'ResponseMetadata': { '...': '...', }, }