RotateEncryptionKey - Amazon Redshift

RotateEncryptionKey

Rotates the encryption keys for a cluster.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

ClusterIdentifier

The unique identifier of the cluster that you want to rotate the encryption keys for.

Constraints: Must be the name of valid cluster that has encryption enabled.

Type: String

Length Constraints: Maximum length of 2147483647.

Required: Yes

Response Elements

The following element is returned by the service.

Cluster

Describes a cluster.

Type: Cluster object

Errors

For information about the errors that are common to all actions, see Common Errors.

ClusterNotFound

The ClusterIdentifier parameter does not refer to an existing cluster.

HTTP Status Code: 404

DependentServiceRequestThrottlingFault

The request cannot be completed because a dependent service is throttling requests made by Amazon Redshift on your behalf. Wait and retry the request.

HTTP Status Code: 400

InvalidClusterState

The specified cluster is not in the available state.

HTTP Status Code: 400

UnsupportedOperation

The requested operation isn't supported.

HTTP Status Code: 400

Examples

Example

This example illustrates one usage of RotateEncryptionKey.

Sample Request

https://redshift.us-east-2.amazonaws.com/ ?Action=RotateEncryptionKey &ClusterIdentifier=mycluster &SignatureMethod=HmacSHA256&SignatureVersion=4 &Version=2012-12-01 &X-Amz-Algorithm=AWS4-HMAC-SHA256 &X-Amz-Credential=AKIAIOSFODNN7EXAMPLE/20190817/us-east-2/redshift/aws4_request &X-Amz-Date=20190825T160000Z &X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date &X-Amz-Signature=0aa1234bb5cc678ddddd901ee2ff3aa45678b90c12d345e6ff789012345a6b7b

Sample Response

<RotateEncryptionKeyResponse xmlns="http://redshift.amazonaws.com/doc/2012-12-01/"> <RotateEncryptionKeyResult> <Cluster> <AllowVersionUpgrade>true</AllowVersionUpgrade> <ClusterIdentifier>mycluster</ClusterIdentifier> <NumberOfNodes>1</NumberOfNodes> <AvailabilityZone>us-east-2a</AvailabilityZone> <ClusterVersion>1.0</ClusterVersion> <ManualSnapshotRetentionPeriod>-1</ManualSnapshotRetentionPeriod> <ClusterAvailabilityStatus>Modifying</ClusterAvailabilityStatus> <Endpoint> <Port>5439</Port> <Address>mycluster.cmeaswqeuae.us-east-2.redshift.amazonaws.com</Address> </Endpoint> <VpcId>vpc-a1abc1a1</VpcId> <PubliclyAccessible>false</PubliclyAccessible> <ClusterCreateTime>2019-12-25T11:21:49.458Z</ClusterCreateTime> <MasterUsername>adminuser</MasterUsername> <DBName>dev</DBName> <EnhancedVpcRouting>false</EnhancedVpcRouting> <IamRoles> <ClusterIamRole> <IamRoleArn>arn:aws:iam::123456789012:role/myRedshiftRole</IamRoleArn> <ApplyStatus>in-sync</ApplyStatus> </ClusterIamRole> </IamRoles> <ClusterSecurityGroups/> <NodeType>dc2.large</NodeType> <ClusterSubnetGroupName>default</ClusterSubnetGroupName> <NextMaintenanceWindowStartTime>2019-12-28T16:00:00Z</NextMaintenanceWindowStartTime> <DeferredMaintenanceWindows/> <Tags/> <VpcSecurityGroups> <VpcSecurityGroup> <VpcSecurityGroupId>sh-a1a123ab</VpcSecurityGroupId> <Status>active</Status> </VpcSecurityGroup> </VpcSecurityGroups> <ClusterParameterGroups> <ClusterParameterGroup> <ParameterGroupName>default.redshift-1.0</ParameterGroupName> <ParameterApplyStatus>in-sync</ParameterApplyStatus> </ClusterParameterGroup> </ClusterParameterGroups> <Encrypted>true</Encrypted> <MaintenanceTrackName>current</MaintenanceTrackName> <PendingModifiedValues/> <PreferredMaintenanceWindow>sat:16:00-sat:16:30</PreferredMaintenanceWindow> <KmsKeyId>arn:aws:kms:us-east-2:123456789012:key/bPxRfih3yCo8nvbEXAMPLEKEY</KmsKeyId> <AutomatedSnapshotRetentionPeriod>1</AutomatedSnapshotRetentionPeriod> <ClusterStatus>rotating-keys</ClusterStatus> </Cluster> </RotateEncryptionKeyResult> <ResponseMetadata> <RequestId>0cdb408d-28f7-11ea-8a28-2fd1719d0e86</RequestId> </ResponseMetadata> </RotateEncryptionKeyResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: