Remove tags associated with a KMS key
Tags help identify and organize your Amazon resources. You can remove the tags associated with your customer managed KMS keys in the Amazon KMS console or by using the UntagResource operation. You cannot edit or remove the tags of an Amazon managed key.
The following procedures demonstrate how to remove tags from a KMS key. The
Amazon KMS API examples use the Amazon Command Line Interface (Amazon CLI)
-
Sign in to the Amazon Web Services Management Console and open the Amazon Key Management Service (Amazon KMS) console at https://console.amazonaws.cn/kms
. -
To change the Amazon Web Services Region, use the Region selector in the upper-right corner of the page.
-
In the navigation pane, choose Customer managed keys. (You cannot manage the tags of an Amazon managed key)
-
You can use the table filter to display only KMS keys with particular tags. For details, see View tags using the Amazon KMS console.
-
Select the check box next to the alias of a KMS key.
-
Choose Key actions, Add or edit tags.
-
On the details page for KMS key, choose the Tags tab.
-
To delete a tag, choose Edit. On the tag row, choose Remove, and then choose Save.
-
-
To save your changes, choose Save changes.
The UntagResource operation deletes tags from a KMS key. To identify the tags to delete, specify the tag keys. You cannot use this operation to delete tags from KMS keys a different Amazon Web Services account.
When it succeeds, the UntagResource operation doesn't return any output.
Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception
or return a response. To confirm that the operation worked, use the ListResourceTags operation.
For example, this command deletes the Purpose tag and its value
from the specified KMS key.
$aws kms untag-resource --key-id 1234abcd-12ab-34cd-56ef-1234567890ab --tag-keys Purpose