Amazon Web Services (AWS) - Delete Key Management Service (KMS) key using AWS CLI
by
Jeremy Canfield |
Updated: August 03 2023
| Amazon Web Services (AWS) articles
This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.
The aws kms list-keys command can be used to list your KMS keys. This will return both:
- AWS managed keys
- Customer managed keys
~]$ aws kms list-keys
{
"Keys": [
{
"KeyId": "2b32ca5b-ccaf-493b-b95f-d780d8e65eda",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/2b32ca5b-ccaf-493b-b95f-d780d8e65eda"
},
{
"KeyId": "6ad1f21e-efa1-4884-bba2-fa3fbd1110ec",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/6ad1f21e-efa1-4884-bba2-fa3fbd1110ec"
},
{
"KeyId": "a8cd1fa6-a162-47ef-8cf9-a5cc95bc8cd7",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/a8cd1fa6-a162-47ef-8cf9-a5cc95bc8cd7"
},
{
"KeyId": "cb5302aa-e14b-4ad1-9d4b-4794a64f0b65",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/cb5302aa-e14b-4ad1-9d4b-4794a64f0b65"
},
{
"KeyId": "f0c9f7f5-1956-4b8d-bb2f-e0f9aa951309",
"KeyArn": "arn:aws:kms:us-east-1:123456789012:key/f0c9f7f5-1956-4b8d-bb2f-e0f9aa951309"
}
]
}
The aws kms schedule-key-deletion command can be used to schedule a customer managed key to be deleted, using the Amazon Resource Number (ARN) of the key. Pending window in days must be between 7 to 30 days.
~]$ aws kms schedule-key-deletion --key-id arn:aws:kms:us-east-1:123456789012:key/cb5302aa-e14b-4ad1-9d4b-4794a64f0b65 --pending-window-in-days 7
{
"KeyId": "arn:aws:kms:us-east-1:123456789012:key/cb5302aa-e14b-4ad1-9d4b-4794a64f0b65",
"DeletionDate": "2023-06-22T21:07:50.625000-05:00",
"KeyState": "PendingDeletion",
"PendingWindowInDays": 7
}
Did you find this article helpful?
If so, consider buying me a coffee over at 