ScheduleKeyDeletion - AWS Key Management Service

本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。

ScheduleKeyDeletion

這些例子顯示 AWS CloudTrail ScheduleKeyDeletion作業的記錄項目。

如需刪除金鑰時所寫入之 CloudTrail 記錄項目的範例,請參閱DeleteKey。有關刪除的資訊 AWS KMS keys,請參閱刪除 AWS KMS keys

下列範例會記錄單一區域KMS金鑰的ScheduleKeyDeletion要求。

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2021-03-23T18:58:30Z", "eventSource": "kms.amazonaws.com", "eventName": "ScheduleKeyDeletion", "awsRegion": "us-east-1", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "pendingWindowInDays": 20, "keyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "responseElements": { "keyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "keyState": "PendingDeletion", "deletionDate": "Apr 12, 2021 18:58:30 PM" }, "requestID": "ee408f36-ea01-422b-ac14-b0f147c68334", "eventID": "3c4226b0-1e81-48a8-a333-7fa5f3cbd118", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" } ], "eventType": "AwsApiCall", "recipientAccountId": "111122223333" }

下列範例會記錄具有複本金鑰之多區域KMS金鑰的ScheduleKeyDeletion要求。

因為 AWS KMS 在刪除所有複本密鑰之前,不會刪除多區域密鑰,在responseElements字段中keyStatePendingReplicaDeletiondeletionDate字段被省略。

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2021-10-28T17:59:05Z", "eventSource": "kms.amazonaws.com", "eventName": "ScheduleKeyDeletion", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "pendingWindowInDays": 30, "keyId": "mrk-1234abcd12ab34cd56ef1234567890ab" }, "responseElements": { "keyId": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "keyState": "PendingReplicaDeletion", "pendingWindowInDays": 30 }, "requestID": "12341411-d846-42a6-a476-b1cbe3011f89", "eventID": "abcda5f-396d-494c-9380-0c47860df5f1", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }

下列範例會記錄ScheduleKeyDeletion索KMS引鍵的要求 AWS CloudHSM 自訂金鑰存放區

{ "eventVersion": "1.08", "userIdentity": { "type": "IAMUser", "principalId": "EX_PRINCIPAL_ID", "arn": "arn:aws:iam::111122223333:user/Alice", "accountId": "111122223333", "accessKeyId": "EXAMPLE_KEY_ID", "userName": "Alice" }, "eventTime": "2021-10-26T23:25:25Z", "eventSource": "kms.amazonaws.com", "eventName": "ScheduleKeyDeletion", "awsRegion": "us-west-2", "sourceIPAddress": "192.0.2.0", "userAgent": "AWS Internal", "requestParameters": { "keyId": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", "pendingWindowInDays": 30 }, "responseElements": { "keyId": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", "deletionDate": "Nov 2, 2021, 11:25:25 PM", "keyState": "PendingDeletion", "pendingWindowInDays": 30 }, "additionalEventData": { "customKeyStoreId": "cks-1234567890abcdef0", "clusterId": "cluster-1a23b4cdefg", "backingKeys": "[{\"backingKeyId\":\"backing-key-id\"}]" }, "requestID": "abcd9f60-2c9c-4a0b-a456-d5d998f7f321", "eventID": "ca01996a-01b0-4edd-bbbb-25d7b6d1a6fa", "readOnly": false, "resources": [ { "accountId": "111122223333", "type": "AWS::KMS::Key", "ARN": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321" } ], "eventType": "AwsApiCall", "managementEvent": true, "recipientAccountId": "111122223333", "eventCategory": "Management" }