RotateEncryptionKey
Rotates the encryption keys for a cluster.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- ClusterIdentifier
- 
               The unique identifier of the cluster that you want to rotate the encryption keys for. Constraints: Must be the name of valid cluster that has encryption enabled. Type: String Length Constraints: Maximum length of 2147483647. Required: Yes 
Response Elements
The following element is returned by the service.
- Cluster
- 
               Describes a cluster. Type: Cluster object 
Errors
For information about the errors that are common to all actions, see Common Errors.
- ClusterNotFound
- 
               The ClusterIdentifierparameter does not refer to an existing cluster.HTTP Status Code: 404 
- DependentServiceRequestThrottlingFault
- 
               The request cannot be completed because a dependent service is throttling requests made by Amazon Redshift on your behalf. Wait and retry the request. HTTP Status Code: 400 
- InvalidClusterState
- 
               The specified cluster is not in the availablestate.HTTP Status Code: 400 
- UnsupportedOperation
- 
               The requested operation isn't supported. HTTP Status Code: 400 
Examples
Example
This example illustrates one usage of RotateEncryptionKey.
Sample Request
https://redshift.us-east-2.amazonaws.com/
       ?Action=RotateEncryptionKey
&ClusterIdentifier=mycluster
&SignatureMethod=HmacSHA256&SignatureVersion=4
&Version=2012-12-01
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE/20190817/us-east-2/redshift/aws4_request
&X-Amz-Date=20190825T160000Z
&X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
&X-Amz-Signature=0aa1234bb5cc678ddddd901ee2ff3aa45678b90c12d345e6ff789012345a6b7bSample Response
<RotateEncryptionKeyResponse xmlns="http://redshift.amazonaws.com/doc/2012-12-01/">
  <RotateEncryptionKeyResult>
    <Cluster>
      <AllowVersionUpgrade>true</AllowVersionUpgrade>
      <ClusterIdentifier>mycluster</ClusterIdentifier>
      <NumberOfNodes>1</NumberOfNodes>
      <AvailabilityZone>us-east-2a</AvailabilityZone>
      <ClusterVersion>1.0</ClusterVersion>
      <ManualSnapshotRetentionPeriod>-1</ManualSnapshotRetentionPeriod>
      <ClusterAvailabilityStatus>Modifying</ClusterAvailabilityStatus>
      <Endpoint>
        <Port>5439</Port>
        <Address>mycluster.cmeaswqeuae.us-east-2.redshift.amazonaws.com</Address>
      </Endpoint>
      <VpcId>vpc-a1abc1a1</VpcId>
      <PubliclyAccessible>false</PubliclyAccessible>
      <ClusterCreateTime>2019-12-25T11:21:49.458Z</ClusterCreateTime>
      <MasterUsername>adminuser</MasterUsername>
      <DBName>dev</DBName>
      <EnhancedVpcRouting>false</EnhancedVpcRouting>
      <IamRoles>
        <ClusterIamRole>
          <IamRoleArn>arn:aws:iam::123456789012:role/myRedshiftRole</IamRoleArn>
          <ApplyStatus>in-sync</ApplyStatus>
        </ClusterIamRole>
      </IamRoles>
      <ClusterSecurityGroups/>
      <NodeType>dc2.large</NodeType>
      <ClusterSubnetGroupName>default</ClusterSubnetGroupName>
      <NextMaintenanceWindowStartTime>2019-12-28T16:00:00Z</NextMaintenanceWindowStartTime>
      <DeferredMaintenanceWindows/>
      <Tags/>
      <VpcSecurityGroups>
        <VpcSecurityGroup>
          <VpcSecurityGroupId>sh-a1a123ab</VpcSecurityGroupId>
          <Status>active</Status>
        </VpcSecurityGroup>
      </VpcSecurityGroups>
      <ClusterParameterGroups>
        <ClusterParameterGroup>
          <ParameterGroupName>default.redshift-1.0</ParameterGroupName>
          <ParameterApplyStatus>in-sync</ParameterApplyStatus>
        </ClusterParameterGroup>
      </ClusterParameterGroups>
      <Encrypted>true</Encrypted>
      <MaintenanceTrackName>current</MaintenanceTrackName>
      <PendingModifiedValues/>
      <PreferredMaintenanceWindow>sat:16:00-sat:16:30</PreferredMaintenanceWindow>
      <KmsKeyId>arn:aws:kms:us-east-2:123456789012:key/bPxRfih3yCo8nvbEXAMPLEKEY</KmsKeyId>
      <AutomatedSnapshotRetentionPeriod>1</AutomatedSnapshotRetentionPeriod>
      <ClusterStatus>rotating-keys</ClusterStatus>
    </Cluster>
  </RotateEncryptionKeyResult>
  <ResponseMetadata>
    <RequestId>0cdb408d-28f7-11ea-8a28-2fd1719d0e86</RequestId>
  </ResponseMetadata>
</RotateEncryptionKeyResponse>
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: