DeleteKey - Amazon Key Management Service
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅 中国的 Amazon Web Services 服务入门 (PDF)

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

DeleteKey

这些示例显示了在删除 KMS 密钥时生成的 Amazon CloudTrail 日志条目。要删除 KMS 密钥,请使用ScheduleKeyDeletion操作。在指定的等待期到期后,Amazon KMS删除 KMS 密钥并在 CloudTrail 日志中记录类似以下内容的条目以记录该事件。

CloudTrail 2022 年 12 月或之后记录的此操作的日志条目在responseElements.keyId值中包含受影响 KMS 密钥的密钥 ARN,即使此操作不返回密钥 ARN。

有关ScheduleKeyDeletion操作 CloudTrail 日志条目的示例,请参见ScheduleKeyDeletion。有关删除 KMS 密钥的信息,请参阅 删除 Amazon KMS keys

以下示例 CloudTrail 日志条目记录了包含密钥材料的 KMS 密钥的DeleteKey操作Amazon KMS。

{
    "eventVersion": "1.08",
    "userIdentity": {
        "accountId": "111122223333",
        "invokedBy": "Amazon Internal"
    },
    "eventTime": "2020-07-31T00:07:00Z",
    "eventSource": "kms.amazonaws.com",
    "eventName": "DeleteKey",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "Amazon Internal",
    "userAgent": "Amazon Internal",
    "requestParameters": null,
    "responseElements": null,
    "eventID": "b25f9cda-74e1-4458-847b-4972a0bf9668",
    "readOnly": false,
    "resources": [
        {
            "accountId": "111122223333",
            "type": "AWS::KMS::Key",
            "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
        }
    ],
    "eventType": "AwsServiceEvent",
    "recipientAccountId": "111122223333",
     "managementEvent": true,
    "eventCategory": "Management"
}

以下 CloudTrail 日志条目记录了Amazon CloudHSM自定义密钥存储库中 KMS 密钥DeleteKey操作。

{
    "eventVersion": "1.08",
    "userIdentity": {
        "accountId": "111122223333",
        "invokedBy": "Amazon Internal"
    },
    "eventTime": "2021-10-26T23:41:27Z",
    "eventSource": "kms.amazonaws.com",
    "eventName": "DeleteKey",
    "awsRegion": "us-east-1",
    "sourceIPAddress": "Amazon Internal",
    "userAgent": "Amazon Internal",
    "requestParameters": null,
    "responseElements": {
        "keyId":"arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
    },
    "additionalEventData": {
        "customKeyStoreId": "cks-1234567890abcdef0",
        "clusterId": "cluster-1a23b4cdefg",
        "backingKeys": "[{\"keyHandle\":\"01\",\"backingKeyId\":\"backing-key-id\"}]",
        "backingKeysDeletionStatus": "[{\"keyHandle\":\"01\",\"backingKeyId\":\"backing-key-id\",\"deletionStatus\":\"SUCCESS\"}]"
    },
    "eventID": "1234585c-4b0c-4340-ab11-662414b79239",
    "readOnly": false,
    "resources": [
        {
            "accountId": "111122223333",
            "type": "AWS::KMS::Key",
            "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
        }
    ],
    "eventType": "AwsServiceEvent",
    "recipientAccountId": "111122223333",
    "managementEvent": true,
    "eventCategory": "Management"
}