RotateKey - AWS Key Management Service

RotateKey

The following example shows an AWS CloudTrail log entry of the operation that rotates an AWS KMS key. AWS KMS calls this operation when it is time to rotate a KMS key on which automatic key rotation is enabled. When you enable automatic key rotation (EnableKeyRotation), AWS KMS rotates the KMS key 365 days later and every 365 days thereafter.

For an example of the CloudTrail log entry that records the EnableKeyRotation operation, see EnableKeyRotation. For information about rotating KMS keys, see Rotating AWS KMS keys.

{ "eventVersion": "1.05", "userIdentity": { "accountId": "111122223333", "invokedBy": "AWS Internal" }, "eventTime": "2021-01-14T01:41:59Z", "eventSource": "kms.amazonaws.com", "eventName": "RotateKey", "awsRegion": "us-west-2", "sourceIPAddress": "AWS Internal", "userAgent": "AWS Internal", "requestParameters": null, "responseElements": null, "eventID": "a24b3967-ddad-417f-9b22-2332b918db06", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsServiceEvent", "recipientAccountId": "111122223333", "serviceEventDetails": { "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab" } }