ScheduleKeyDeletion - AWS Key Management Service

本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。

ScheduleKeyDeletion

这些示例显示了ScheduleKeyDeletion操作的AWS CloudTrail日志条目。

有关删除密钥时写入的 CloudTrail 日志条目的示例,请参见DeleteKey。关于删除 AWS KMS keys 的信息,请查阅 删除 AWS KMS keys

以下示例记录对单区域 KMS 密钥的 ScheduleKeyDeletion 请求。

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2021-03-23T18:58:30Z", "eventSource": "kms.amazonaws.com", "eventName": "ScheduleKeyDeletion", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "pendingWindowInDays": 20, "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "responseElements": { "keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "keyState": "PendingDeletion", "deletionDate": "Apr 12, 2021 18:58:30 PM" }, "requestID": "ee408f36-ea01-422b-ac14-b0f147c68334", "eventID": "3c4226b0-1e81-48a8-a333-7fa5f3cbd118", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }

以下示例记录对拥有副本密钥的多区域 KMS 密钥的 ScheduleKeyDeletion 请求。

由于 AWS KMS 在删除所有副本密钥之前不会删除多区域密钥,在 responseElements 字段中,keyStatePendingReplicaDeletiondeletionDate 字段会被省略。

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2021-10-28T17:59:05Z", "eventSource": "kms.amazonaws.com", "eventName": "ScheduleKeyDeletion", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "pendingWindowInDays": 30, "keyId": "mrk-1234abcd12ab34cd56ef1234567890ab" }, "responseElements": { "keyId": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "keyState": "PendingReplicaDeletion", "pendingWindowInDays": 30 }, "requestID": "12341411-d846-42a6-a476-b1cbe3011f89", "eventID": "abcda5f-396d-494c-9380-0c47860df5f1", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }

以下示例在 AWS CloudHSM 自定义密钥存储中记录对 KMS 密钥的 ScheduleKeyDeletion 请求。

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2021-10-26T23:25:25Z", "eventSource": "kms.amazonaws.com", "eventName": "ScheduleKeyDeletion", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "keyId": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", "pendingWindowInDays": 30 }, "responseElements": { "keyId": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", "deletionDate": "Nov 2, 2021, 11:25:25 PM", "keyState": "PendingDeletion", "pendingWindowInDays": 30 }, "additionalEventData": { "customKeyStoreId": "cks-1234567890abcdef0", "clusterId": "cluster-1a23b4cdefg", "backingKeys": "[{\"keyHandle\":\"01\",\"backingKeyId\":\"backing-key-id\"}]" }, "requestID": "abcd9f60-2c9c-4a0b-a456-d5d998f7f321", "eventID": "ca01996a-01b0-4edd-bbbb-25d7b6d1a6fa", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }