disassociate_kms_key

CloudWatchLogs.Client.disassociate_kms_key(**kwargs)

Disassociates the associated KMS key from the specified log group.

After the KMS key is disassociated from the log group, CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and CloudWatch Logs requires permissions for the KMS key whenever the encrypted data is requested.

Note that it can take up to 5 minutes for this operation to take effect.

See also: AWS API Documentation

Request Syntax

response = client.disassociate_kms_key(
    logGroupName='string'
)
Parameters
logGroupName (string) --

[REQUIRED]

The name of the log group.

Returns
None

Exceptions

  • CloudWatchLogs.Client.exceptions.InvalidParameterException
  • CloudWatchLogs.Client.exceptions.ResourceNotFoundException
  • CloudWatchLogs.Client.exceptions.OperationAbortedException
  • CloudWatchLogs.Client.exceptions.ServiceUnavailableException