ReEncrypt
The following example shows an Amazon CloudTrail log entry for the ReEncrypt operation. The
resources
field in this log entry specifies two Amazon KMS keys, the
source KMS key and the destination KMS key, in that order.
{ "eventVersion": "1.05", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2020-07-27T23:09:13Z", "eventSource": "kms.amazonaws.com", "eventName": "ReEncrypt", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "Amazon Internal", "requestParameters": { "sourceEncryptionAlgorithm": "SYMMETRIC_DEFAULT", "sourceEncryptionContext": { "Project": "Alpha", "Department": "Engineering" }, "destinationKeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "destinationEncryptionAlgorithm": "SYMMETRIC_DEFAULT", "destinationEncryptionContext": { "Level": "3A" } }, "responseElements": null, "requestID": "03769fd4-acf9-4b33-adf3-2ab8ca73aadf", "eventID": "542d9e04-0e8d-4e05-bf4b-4bdeb032e6ec", "readOnly": true, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }