Editing keys - AWS Key Management Service

Editing keys

You can change the following properties of your customer managed keys in the AWS KMS console and by using AWS KMS API.

You cannot edit any properties of AWS managed keys or AWS owned keys. These keys are managed by the AWS services that created them.

Description

You can change the description of your customer managed key on the details page for the KMS key or by using the UpdateKeyDescription operation.

To edit the key description in the console, in the upper right corner of the details page for the KMS key, choose Edit.

Key policy

You can change the key policy on the Key policy tab of the details page for the customer managed key or by using the PutKeyPolicy operation.

For details, see Changing a key policy.

Tags

You can create and delete tags on the Customer managed keys page of the AWS KMS console, or on the Tags tab of the details page for the customer managed key. Or you can use the TagResource and UntagResource operations.

For details, see Tagging keys.

Enable and disable

You can enable and disable KMS keys on the Customer managed keys page of the AWS KMS console, or on the details page for the customer managed key. Or you can use the EnableKey and DisableKey operations.

For details, see Enabling and disabling keys.

Automatic key rotation

You can enable and disable automatic key rotation on the Key rotation tab of the details page for the customer managed key or by using the EnableKeyRotation and DisableKeyRotation operations.

For details, see Rotating AWS KMS keys.

See also

Updating aliases