RotateKey - Amazon Key Management Service
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

RotateKey

以下示例显示了轮换 Amazon KMS key 的操作的一个 Amazon CloudTrail 日志条目。Amazon KMS 在轮换启用了自动密钥轮替的 KMS 密钥时调用此操作。当您启用自动密钥轮换 (EnableKeyRotation) 时,Amazon KMS 会在启用日期 365 天后轮换 KMS 密钥,并在此后每隔 365 天轮换一次。

有关记录 EnableKeyRotation 操作的 CloudTrail 日志条目的示例,请参阅 EnableKeyRotation。有关轮换 KMS 密钥的信息,请参阅 轮换 Amazon KMS keys

{ "eventVersion": "1.05", "userIdentity": { "accountId": "111122223333", "invokedBy": "Amazon Internal" }, "eventTime": "2021-01-14T01:41:59Z", "eventSource": "kms.amazonaws.com", "eventName": "RotateKey", "awsRegion": "us-west-2", "sourceIPAddress": "Amazon Internal", "userAgent": "Amazon Internal", "requestParameters": null, "responseElements": null, "eventID": "a24b3967-ddad-417f-9b22-2332b918db06", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "111122223333", "serviceEventDetails": { "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab" } }