Editing keys
You can change the following properties of your customer managed keys in the Amazon KMS console and by using Amazon KMS API.
You cannot edit any properties of Amazon managed keys or Amazon owned keys. These keys are managed by the Amazon services that created them.
- Description
You can change the description of your customer managed key on the details page for the KMS key or by using the UpdateKeyDescription operation.
To edit the key description in the console, in the upper right corner of the details page for the KMS key, choose Edit.
- Key policy
You can change the key policy on the Key policy tab of the details page for the customer managed key or by using the PutKeyPolicy operation.
For details, see Changing a key policy.
- Tags
-
You can create and delete tags on the Customer managed keys page of the Amazon KMS console, or on the Tags tab of the details page for the customer managed key. Or you can use the TagResource and UntagResource operations.
For details, see Tagging keys.
- Enable and disable
-
You can enable and disable KMS keys on the Customer managed keys page of the Amazon KMS console, or on the details page for the customer managed key. Or you can use the EnableKey and DisableKey operations.
For details, see Enabling and disabling keys.
- Automatic key rotation
-
You can enable and disable automatic key rotation on the Key rotation tab of the details page for the customer managed key or by using the EnableKeyRotation and DisableKeyRotation operations.
For details, see Rotating Amazon KMS keys.