Cancel key deletion - Amazon Key Management Service
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Cancel key deletion

After you schedule a KMS key for deletion, you can cancel the key deletion while it is still in the pending deletion state. You can cancel key deletion in the Amazon KMS console or by using the CancelKeyDeletion operation. After you cancel the pending deletion of a KMS key, the key state of the KMS key is Disabled. For more information on enabling the KMS key, see Enable and disable keys.

To cancel key deletion

  1. Open the Amazon KMS console at https://console.amazonaws.cn/kms.

  2. To change the Amazon Web Services Region, use the Region selector in the upper-right corner of the page.

  3. In the navigation pane, choose Customer managed keys.

  4. Choose the check box next to the KMS key that you want to recover.

  5. Choose Key actions, Cancel key deletion.

The KMS key status changes from Pending deletion to Disabled. To use the KMS key, you must enable it.

Use the aws kms cancel-key-deletion command to cancel key deletion from the Amazon CLI as shown in the following example.

$ aws kms cancel-key-deletion --key-id 1234abcd-12ab-34cd-56ef-1234567890ab

When used successfully, the Amazon CLI returns output like the output shown in the following example:

{
    "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}

The status of the KMS key changes from Pending Deletion to Disabled. To use the KMS key, you must enable it.