enable_key

KMS.Client.enable_key(**kwargs)

Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.

The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide .

Cross-account use : No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions : kms:EnableKey (key policy)

Related operations : DisableKey

See also: AWS API Documentation

Request Syntax

response = client.enable_key(
    KeyId='string'
)
Parameters
KeyId (string) --

[REQUIRED]

Identifies the KMS key to enable.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

Returns
None

Exceptions

  • KMS.Client.exceptions.NotFoundException
  • KMS.Client.exceptions.InvalidArnException
  • KMS.Client.exceptions.DependencyTimeoutException
  • KMS.Client.exceptions.KMSInternalException
  • KMS.Client.exceptions.LimitExceededException
  • KMS.Client.exceptions.KMSInvalidStateException

Examples

The following example enables the specified KMS key.

response = client.enable_key(
    # The identifier of the KMS key to enable. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
    KeyId='1234abcd-12ab-34cd-56ef-1234567890ab',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}