Examples of Amazon KMS log entries

Amazon KMS writes entries to your CloudTrail log when you call an Amazon KMS operation and when an Amazon service calls an operation on your behalf. Amazon KMS also writes an entry when it calls an operation for you. For example, it writes an entry when it deletes a KMS key that you scheduled for deletion.

The following topics display examples of CloudTrail log entries for Amazon KMS operations.

Topics

CancelKeyDeletion
ConnectCustomKeyStore
CreateAlias
CreateCustomKeyStore
CreateGrant
CreateKey
Decrypt
Decrypt (from an enclave)
DeleteAlias
DeleteCustomKeyStore
DeleteExpiredKeyMaterial
DeleteImportedKeyMaterial
DeleteKey
DescribeCustomKeyStores
DescribeKey
DisableKey
DisableKeyRotation
DisconnectCustomKeyStore
EnableKey
EnableKeyRotation
Encrypt
GenerateDataKey
GenerateDataKey (from an enclave)
GenerateDataKeyPair
GenerateDataKeyPairWithoutPlaintext
GenerateDataKeyWithoutPlaintext
GenerateMac
GenerateRandom
GenerateRandom (from an enclave)
GetKeyPolicy
GetKeyRotationStatus
GetParametersForImport
ImportKeyMaterial
ListAliases
ListGrants
PutKeyPolicy
ReEncrypt
ReplicateKey
RetireGrant
RevokeGrant
RotateKey
ScheduleKeyDeletion
Sign
SynchronizeMultiRegionKey
TagResource
UntagResource
UpdateAlias
UpdateCustomKeyStore
UpdateKeyDescription
UpdatePrimaryRegion
VerifyMac
Verify
Amazon EC2 example one
Amazon EC2 example two

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Logging with Amazon CloudTrail

CancelKeyDeletion