Menu
AWS Key Management Service
Developer Guide

Editing Keys

You can use the IAM section of the AWS Management Console to change permissions, enable or disable annual rotation of key material, and add and remove tags for customer master keys (CMKs). You start by viewing the key details page for the CMK.

To view the key details page for a CMK

  1. Open the Encryption Keys section of the Identity and Access Management (IAM) console at https://console.aws.amazon.com/iam/home#encryptionKeys.

  2. For Region, choose the appropriate AWS region. Do not use the region selector in the navigation bar (top right corner).

  3. Choose the alias of the CMK whose details you want to see.

    Note

    You cannot edit AWS-managed CMKs, which are denoted by the orange AWS icon.

On the key details page, you can view metadata about the CMK, and you can edit the CMK in the following ways:

Modify the description

Use the Description field in the Summary section of the page. When you are finished, choose Save Changes.


            Summary section of the console's key details page
Add and remove key administrators, and allow or disallow key administrators to delete the CMK

Use the controls in the Key Administrators area in the Key Policy section of the page.


            Key administrators area in the console's key policy section
Add and remove key users, and allow and disallow external AWS accounts to use the CMK

Use the controls in the Key Users area in the Key Policy section of the page.


            Key users area in the console's key policy section
Add, edit, and remove tags

Use the controls in the Tags section of the page.


            Tags section of the console's key details page
Enable or disable rotation

Use the controls in the Key Rotation section of the page.


            Key rotation section of the console's key details page