KMS.Client.cancel_key_deletion(**kwargs)¶Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS key is Disabled . To enable the KMS key, use EnableKey.
For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the Key Management Service Developer Guide .
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide .
Cross-account use : No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions : kms:CancelKeyDeletion (key policy)
Related operations : ScheduleKeyDeletion
See also: AWS API Documentation
Request Syntax
response = client.cancel_key_deletion(
KeyId='string'
)
[REQUIRED]
Identifies the KMS key whose deletion is being canceled.
Specify the key ID or key ARN of the KMS key.
For example:
1234abcd-12ab-34cd-56ef-1234567890abarn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890abTo get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
{
'KeyId': 'string'
}
Response Structure
The Amazon Resource Name ( key ARN ) of the KMS key whose deletion is canceled.
Exceptions
KMS.Client.exceptions.NotFoundExceptionKMS.Client.exceptions.InvalidArnExceptionKMS.Client.exceptions.DependencyTimeoutExceptionKMS.Client.exceptions.KMSInternalExceptionKMS.Client.exceptions.KMSInvalidStateExceptionExamples
The following example cancels deletion of the specified KMS key.
response = client.cancel_key_deletion(
# The identifier of the KMS key whose deletion you are canceling. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
KeyId='1234abcd-12ab-34cd-56ef-1234567890ab',
)
print(response)
Expected Output:
{
# The ARN of the KMS key whose deletion you canceled.
'KeyId': 'arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
'ResponseMetadata': {
'...': '...',
},
}