ReEncrypt - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.


The following example shows an Amazon CloudTrail log entry for the ReEncrypt operation. The resources field in this log entry specifies two Amazon KMS keys, the source KMS key and the destination KMS key, in that order.

{ "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2020-07-27T23:09:13Z", "eventSource": "", "eventName": "ReEncrypt", "awsRegion": "us-west-2", "sourceIPAddress": "", "userAgent": "Amazon Internal", "requestParameters": { "sourceEncryptionAlgorithm": "SYMMETRIC_DEFAULT", "sourceEncryptionContext": { "Project": "Alpha", "Department": "Engineering" }, "destinationKeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "destinationEncryptionAlgorithm": "SYMMETRIC_DEFAULT", "destinationEncryptionContext": { "Level": "3A" } }, "responseElements": null, "requestID": "03769fd4-acf9-4b33-adf3-2ab8ca73aadf", "eventID": "542d9e04-0e8d-4e05-bf4b-4bdeb032e6ec", "readOnly": true, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }