Disassociates the associated AWS Key Management Service (AWS KMS) customer master key (CMK) from the specified log group.

After the AWS KMS CMK is disassociated from the log group, AWS CloudWatch Logs stops encrypting newly ingested data for the log group. All previously ingested data remains encrypted, and AWS CloudWatch Logs requires permissions for the CMK whenever the encrypted data is requested.

Note that it can take up to 5 minutes for this operation to take effect.

Request Syntax

{ "logGroupName": "string" }

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

The request accepts the following data in JSON format.


The name of the log group.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 512.

Pattern: [\.\-_/#A-Za-z0-9]+

Required: Yes

Response Elements

If the action is successful, the service sends back an HTTP 200 response with an empty HTTP body.


For information about the errors that are common to all actions, see Common Errors.


A parameter is specified incorrectly.

HTTP Status Code: 400


Multiple requests to update the same resource were in conflict.

HTTP Status Code: 400


The specified resource does not exist.

HTTP Status Code: 400


The service cannot complete the request.

HTTP Status Code: 500


To disassociate an AWS KMS CMK from a log group

The following example disassociates the associated AWS KMS CMK from the specified log group.

Sample Request

POST / HTTP/1.1 Host: logs.<region>.<domain> X-Amz-Date: <DATE> Authorization: AWS4-HMAC-SHA256 Credential=<Credential>, SignedHeaders=content-type;date;host;user-agent;x-amz-date;x-amz-target;x-amzn-requestid, Signature=<Signature> User-Agent: <UserAgentString> Accept: application/json Content-Type: application/x-amz-json-1.1 Content-Length: <PayloadSizeBytes> Connection: Keep-Alive X-Amz-Target: Logs_20140328.DisassociateKmsKey { "logGroupName": "my-log-group", }

Sample Response

HTTP/1.1 200 OK x-amzn-RequestId: <RequestId> Content-Type: application/x-amz-json-1.1 Content-Length: <PayloadSizeBytes> Date: <Date>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: