Examples of Amazon KMS log entries
Amazon KMS writes entries to your CloudTrail log when you call an Amazon KMS operation and when an Amazon service calls an operation on your behalf. Amazon KMS also writes an entry when it calls an operation for you. For example, it writes an entry when it deletes a KMS key that you scheduled for deletion.
The following topics display examples of CloudTrail log entries for Amazon KMS operations.
For examples of CloudTrail log entries of requests to Amazon KMS from Amazon Nitro Enclaves, see Monitoring requests for Nitro enclaves.
Topics
- CancelKeyDeletion
- ConnectCustomKeyStore
- CreateAlias
- CreateCustomKeyStore
- CreateGrant
- CreateKey
- Decrypt
- DeleteAlias
- DeleteCustomKeyStore
- DeleteExpiredKeyMaterial
- DeleteImportedKeyMaterial
- DeleteKey
- DescribeCustomKeyStores
- DescribeKey
- DisableKey
- DisableKeyRotation
- DisconnectCustomKeyStore
- EnableKey
- EnableKeyRotation
- Encrypt
- GenerateDataKey
- GenerateDataKeyPair
- GenerateDataKeyPairWithoutPlaintext
- GenerateDataKeyWithoutPlaintext
- GenerateMac
- GenerateRandom
- GetKeyPolicy
- GetKeyRotationStatus
- GetParametersForImport
- ImportKeyMaterial
- ListAliases
- ListGrants
- ListKeyRotations
- PutKeyPolicy
- ReEncrypt
- ReplicateKey
- RetireGrant
- RevokeGrant
- RotateKey
- RotateKeyOnDemand
- ScheduleKeyDeletion
- Sign
- SynchronizeMultiRegionKey
- TagResource
- UntagResource
- UpdateAlias
- UpdateCustomKeyStore
- UpdateKeyDescription
- UpdatePrimaryRegion
- VerifyMac
- Verify
- Amazon EC2 example one
- Amazon EC2 example two