DeleteKeyGroup - Amazon CloudFront
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Deletes a key group.

You cannot delete a key group that is referenced in a cache behavior. First update your distributions to remove the key group from all cache behaviors, then delete the key group.

To delete a key group, you must provide the key group's identifier and version. To get these values, use ListKeyGroups followed by GetKeyGroup or GetKeyGroupConfig.

Request Syntax

DELETE /2020-05-31/key-group/Id HTTP/1.1 If-Match: IfMatch

URI Request Parameters

The request uses the following URI parameters.


The identifier of the key group that you are deleting. To get the identifier, use ListKeyGroups.

Required: Yes


The version of the key group that you are deleting. The version is the key group's ETag value. To get the ETag, use GetKeyGroup or GetKeyGroupConfig.

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 204

Response Elements

If the action is successful, the service sends back an HTTP 204 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


The If-Match version is missing or not valid.

HTTP Status Code: 400


A resource that was specified is not valid.

HTTP Status Code: 404


The precondition in one or more of the request fields evaluated to false.

HTTP Status Code: 412


Cannot delete this resource because it is in use.

HTTP Status Code: 409

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: