Options
All
  • Public
  • Public/Protected
  • All
Menu

Class AssociateKmsKeyCommand

Associates the specified Key Management Service customer master key (CMK) with the specified log group.

Associating an KMS CMK with a log group overrides any existing associations between the log group and a CMK. After a CMK is associated with a log group, all newly ingested data for the log group is encrypted using the CMK. This association is stored as long as the data encrypted with the CMK is still within CloudWatch Logs. This enables CloudWatch Logs to decrypt this data whenever it is requested.

CloudWatch Logs supports only symmetric CMKs. Do not use an associate an asymmetric CMK with your log group. For more information, see Using Symmetric and Asymmetric Keys.

It can take up to 5 minutes for this operation to take effect.

If you attempt to associate a CMK with a log group but the CMK does not exist or the CMK is disabled, you receive an InvalidParameterException error.

example

Use a bare-bones client and the command you need to make an API call.

import { CloudWatchLogsClient, AssociateKmsKeyCommand } from "@aws-sdk/client-cloudwatch-logs"; // ES Modules import
// const { CloudWatchLogsClient, AssociateKmsKeyCommand } = require("@aws-sdk/client-cloudwatch-logs"); // CommonJS import
const client = new CloudWatchLogsClient(config);
const command = new AssociateKmsKeyCommand(input);
const response = await client.send(command);
see

AssociateKmsKeyCommandInput for command's input shape.

see

AssociateKmsKeyCommandOutput for command's response shape.

see

config for CloudWatchLogsClient's config shape.

Hierarchy

Implements

Index

Constructors

constructor

Properties

Readonly input

input: AssociateKmsKeyCommandInput

Readonly middlewareStack

middlewareStack: IMiddlewareStack<AssociateKmsKeyCommandInput, AssociateKmsKeyCommandOutput>

Methods

Static getEndpointParameterInstructions