RotateKeyOnDemand - AWS Key Management Service

RotateKeyOnDemand

The following example shows an AWS CloudTrail log entry for the RotateKeyOnDemand operation. For an example of the CloudTrail log entry that is written when the key is rotated, see RotateKey. For more information about on-demand rotation of key material for a KMS key, see Perform on-demand key rotation.

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2024-02-20T17:41:57Z", "eventSource": "kms.amazonaws.com", "eventName": "RotateKeyOnDemand", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "responseElements": { "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "requestID": "9e1dee86-eb84-42fd-8f25-e3fc7dbb32c8", "eventID": "00a09fbc-20d6-4a58-9b92-7da85984ab77", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES256-GCM-SHA384", "clientProvidedHostHeader": "kms.us-east-1.amazonaws.com" } }