KMS / Client / enable_key

enable_key#

KMS.Client.enable_key(**kwargs)#

Sets the key state of a KMS key to enabled. This allows you to use the KMS key for cryptographic operations.

The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions: kms:EnableKey (key policy)

Related operations: DisableKey

See also: AWS API Documentation

Request Syntax

response = client.enable_key(
    KeyId='string'
)
Parameters:

KeyId (string) –

[REQUIRED]

Identifies the KMS key to enable.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

Returns:

None

Exceptions

  • KMS.Client.exceptions.NotFoundException

  • KMS.Client.exceptions.InvalidArnException

  • KMS.Client.exceptions.DependencyTimeoutException

  • KMS.Client.exceptions.KMSInternalException

  • KMS.Client.exceptions.LimitExceededException

  • KMS.Client.exceptions.KMSInvalidStateException

Examples

The following example enables the specified KMS key.

response = client.enable_key(
    # The identifier of the KMS key to enable. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
    KeyId='1234abcd-12ab-34cd-56ef-1234567890ab',
)

print(response)

Expected Output:

{
    'ResponseMetadata': {
        '...': '...',
    },
}