Smaws_Client_KMS.DisableKeyRotationval request :
Smaws_Lib.Context.t ->
disable_key_rotation_request ->
(unit,
[> Smaws_Lib.Protocols.AwsJson.error
| `DependencyTimeoutException of dependency_timeout_exception
| `DisabledException of disabled_exception
| `InvalidArnException of invalid_arn_exception
| `KMSInternalException of kms_internal_exception
| `KMSInvalidStateException of kms_invalid_state_exception
| `NotFoundException of not_found_exception
| `UnsupportedOperationException of unsupported_operation_exception ])
Stdlib.resultDisables automatic rotation of the key material of the specified symmetric encryption KMS key.
Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of asymmetric KMS keys, HMAC KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.
You can enable (EnableKeyRotation) and disable automatic rotation of the key material in customer managed KMS keys. Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always rotates the key material for every year. Rotation of Amazon Web Services owned KMS keys varies.
In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three years to every year. For details, see EnableKeyRotation.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:DisableKeyRotation (key policy)
Related operations:
EnableKeyRotationGetKeyRotationStatusListKeyRotationsRotateKeyOnDemandEventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.