You can call this operation to update a key rotation policy.

When automatic key rotation is enabled, KMS automatically creates a new key version after the preset rotation period from the last rotation task and sets it as the primary key version. No automatic rotation policy can be defined in the follow cases:
  • The specified CMK is a key managed by KMS for other cloud services.
  • The specified CMK is a BYOK (an external key imported into KMS).
  • The specified CMK is not in the Enabled state.

Request parameters

Parameter Type Required Description
KeyId String Yes The globally unique ID of the CMK.
EnableAutomaticRotation Boolean Yes Specifies whether to enable automatic key rotation. Valid values: true and false.
RotationInterval String No The period of automatic key rotation. It must be in the integer[unit] format. The unit can be d (day), h (hour), m (minute), or s (second). For example, both 7d and 604800s represent a seven-day period. Valid values: 7 to 730 days.
  • When Enablecustomization is set to true, this parameter is required.
  • When Enablecustomization is set to false, this parameter is ignored.

Response parameters

Parameter Type Description
RequestId String The ID of the request.


Sample requests
&KeyId=<key id>
&<Common request parameters>

Sample responses

JSON format

//json response
        "RequestId": "80b4eac8-9f51-452a-a859-0c9b06b283c1"

XML format

//xml response