DeleteKey - AWS Key Management Service


The following example shows an AWS CloudTrail log entry generated when a KMS key is deleted. To delete a KMS key, you use the ScheduleKeyDeletion operation. After the specified waiting period expires, AWS KMS deletes the key. AWS KMS records an entry like the following one in your CloudTrail log to record that event.

For an example of the CloudTrail log entry for the ScheduleKeyDeletion operation, see ScheduleKeyDeletion. For information about deleting KMS keys, see Deleting AWS KMS keys.

{ "eventVersion": "1.05", "userIdentity": { "accountId": "111122223333", "invokedBy": "AWS Internal" }, "eventTime": "2020-07-31T00:07:00Z", "eventSource": "", "eventName": "DeleteKey", "awsRegion": "us-east-1", "sourceIPAddress": "AWS Internal", "userAgent": "AWS Internal", "requestParameters": null, "responseElements": null, "eventID": "b25f9cda-74e1-4458-847b-4972a0bf9668", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "111122223333", "serviceEventDetails": { "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab" } }