RotateEncryptionKey
Rotates the encryption keys for a cluster.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- ClusterIdentifier
-
The unique identifier of the cluster that you want to rotate the encryption keys for.
Constraints: Must be the name of valid cluster that has encryption enabled.
Type: String
Length Constraints: Maximum length of 2147483647.
Required: Yes
Response Elements
The following element is returned by the service.
- Cluster
-
Describes a cluster.
Type: Cluster object
Errors
For information about the errors that are common to all actions, see Common Errors.
- ClusterNotFound
-
The
ClusterIdentifier
parameter does not refer to an existing cluster.HTTP Status Code: 404
- DependentServiceRequestThrottlingFault
-
The request cannot be completed because a dependent service is throttling requests made by Amazon Redshift on your behalf. Wait and retry the request.
HTTP Status Code: 400
- InvalidClusterState
-
The specified cluster is not in the
available
state.HTTP Status Code: 400
- UnsupportedOperation
-
The requested operation isn't supported.
HTTP Status Code: 400
Examples
Example
This example illustrates one usage of RotateEncryptionKey.
Sample Request
https://redshift.us-east-2.amazonaws.com/
?Action=RotateEncryptionKey
&ClusterIdentifier=mycluster
&SignatureMethod=HmacSHA256&SignatureVersion=4
&Version=2012-12-01
&X-Amz-Algorithm=AWS4-HMAC-SHA256
&X-Amz-Credential=AKIAIOSFODNN7EXAMPLE/20190817/us-east-2/redshift/aws4_request
&X-Amz-Date=20190825T160000Z
&X-Amz-SignedHeaders=content-type;host;user-agent;x-amz-content-sha256;x-amz-date
&X-Amz-Signature=0aa1234bb5cc678ddddd901ee2ff3aa45678b90c12d345e6ff789012345a6b7b
Sample Response
<RotateEncryptionKeyResponse xmlns="http://redshift.amazonaws.com/doc/2012-12-01/">
<RotateEncryptionKeyResult>
<Cluster>
<AllowVersionUpgrade>true</AllowVersionUpgrade>
<ClusterIdentifier>mycluster</ClusterIdentifier>
<NumberOfNodes>1</NumberOfNodes>
<AvailabilityZone>us-east-2a</AvailabilityZone>
<ClusterVersion>1.0</ClusterVersion>
<ManualSnapshotRetentionPeriod>-1</ManualSnapshotRetentionPeriod>
<ClusterAvailabilityStatus>Modifying</ClusterAvailabilityStatus>
<Endpoint>
<Port>5439</Port>
<Address>mycluster.cmeaswqeuae.us-east-2.redshift.amazonaws.com</Address>
</Endpoint>
<VpcId>vpc-a1abc1a1</VpcId>
<PubliclyAccessible>false</PubliclyAccessible>
<ClusterCreateTime>2019-12-25T11:21:49.458Z</ClusterCreateTime>
<MasterUsername>adminuser</MasterUsername>
<DBName>dev</DBName>
<EnhancedVpcRouting>false</EnhancedVpcRouting>
<IamRoles>
<ClusterIamRole>
<IamRoleArn>arn:aws:iam::123456789012:role/myRedshiftRole</IamRoleArn>
<ApplyStatus>in-sync</ApplyStatus>
</ClusterIamRole>
</IamRoles>
<ClusterSecurityGroups/>
<NodeType>dc2.large</NodeType>
<ClusterSubnetGroupName>default</ClusterSubnetGroupName>
<NextMaintenanceWindowStartTime>2019-12-28T16:00:00Z</NextMaintenanceWindowStartTime>
<DeferredMaintenanceWindows/>
<Tags/>
<VpcSecurityGroups>
<VpcSecurityGroup>
<VpcSecurityGroupId>sh-a1a123ab</VpcSecurityGroupId>
<Status>active</Status>
</VpcSecurityGroup>
</VpcSecurityGroups>
<ClusterParameterGroups>
<ClusterParameterGroup>
<ParameterGroupName>default.redshift-1.0</ParameterGroupName>
<ParameterApplyStatus>in-sync</ParameterApplyStatus>
</ClusterParameterGroup>
</ClusterParameterGroups>
<Encrypted>true</Encrypted>
<MaintenanceTrackName>current</MaintenanceTrackName>
<PendingModifiedValues/>
<PreferredMaintenanceWindow>sat:16:00-sat:16:30</PreferredMaintenanceWindow>
<KmsKeyId>arn:aws:kms:us-east-2:123456789012:key/bPxRfih3yCo8nvbEXAMPLEKEY</KmsKeyId>
<AutomatedSnapshotRetentionPeriod>1</AutomatedSnapshotRetentionPeriod>
<ClusterStatus>rotating-keys</ClusterStatus>
</Cluster>
</RotateEncryptionKeyResult>
<ResponseMetadata>
<RequestId>0cdb408d-28f7-11ea-8a28-2fd1719d0e86</RequestId>
</ResponseMetadata>
</RotateEncryptionKeyResponse>
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: