KMS.Client.
enable_key
(**kwargs)¶Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide .
Cross-account use : No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions : kms:EnableKey (key policy)
Related operations : DisableKey
See also: AWS API Documentation
Request Syntax
response = client.enable_key(
KeyId='string'
)
[REQUIRED]
Identifies the KMS key to enable.
Specify the key ID or key ARN of the KMS key.
For example:
1234abcd-12ab-34cd-56ef-1234567890ab
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
Exceptions
KMS.Client.exceptions.NotFoundException
KMS.Client.exceptions.InvalidArnException
KMS.Client.exceptions.DependencyTimeoutException
KMS.Client.exceptions.KMSInternalException
KMS.Client.exceptions.LimitExceededException
KMS.Client.exceptions.KMSInvalidStateException
Examples
The following example enables the specified KMS key.
response = client.enable_key(
# The identifier of the KMS key to enable. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
KeyId='1234abcd-12ab-34cd-56ef-1234567890ab',
)
print(response)
Expected Output:
{
'ResponseMetadata': {
'...': '...',
},
}