KMS / Client / cancel_key_deletion

cancel_key_deletion#

KMS.Client.cancel_key_deletion(**kwargs)#

Cancels the deletion of a KMS key. When this operation succeeds, the key state of the KMS key is Disabled. To enable the KMS key, use EnableKey.

For more information about scheduling and canceling deletion of a KMS key, see Deleting KMS keys in the Key Management Service Developer Guide.

The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.

Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions: kms:CancelKeyDeletion (key policy)

Related operations: ScheduleKeyDeletion

Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

See also: AWS API Documentation

Request Syntax

response = client.cancel_key_deletion(
    KeyId='string'
)
Parameters:

KeyId (string) –

[REQUIRED]

Identifies the KMS key whose deletion is being canceled.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

Return type:

dict

Returns:

Response Syntax

{
    'KeyId': 'string'
}

Response Structure

  • (dict) –

    • KeyId (string) –

      The Amazon Resource Name ( key ARN) of the KMS key whose deletion is canceled.

Exceptions

  • KMS.Client.exceptions.NotFoundException

  • KMS.Client.exceptions.InvalidArnException

  • KMS.Client.exceptions.DependencyTimeoutException

  • KMS.Client.exceptions.KMSInternalException

  • KMS.Client.exceptions.KMSInvalidStateException

Examples

The following example cancels deletion of the specified KMS key.

response = client.cancel_key_deletion(
    # The identifier of the KMS key whose deletion you are canceling. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
    KeyId='1234abcd-12ab-34cd-56ef-1234567890ab',
)

print(response)

Expected Output:

{
    # The ARN of the KMS key whose deletion you canceled.
    'KeyId': 'arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab',
    'ResponseMetadata': {
        '...': '...',
    },
}