Sign - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China.


These examples show Amazon CloudTrail log entries for the Sign operation.

The following example shows an CloudTrail log entry for a Sign operation that uses an asymmetric RSA KMS key to generate a digital signature for a file.

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2022-03-07T22:36:44Z", "eventSource": "", "eventName": "Sign", "awsRegion": "us-west-2", "sourceIPAddress": "", "userAgent": "Amazon Internal", "requestParameters": { "messageType": "RAW", "keyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "signingAlgorithm": "RSASSA_PKCS1_V1_5_SHA_256" }, "responseElements": null, "requestID": "8d0b35e0-46cf-48b9-be99-bf2ebc9ab9fb", "eventID": "107b3cac-b125-4556-9702-12a2b9afcff7", "readOnly": true, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }