All Products
Document Center

Elastic Compute Service:ModifyDiskDefaultKMSKeyId

Last Updated:Jan 14, 2025

Changes the Key Management Service (KMS) key used by the Account-level Elastic Block Storage (EBS) Default Encryption feature in a region.

Operation description

  • Only Alibaba Cloud accounts can call this operation.
  • Before you can call this operation in a region, make sure that the Account-level EBS Default Encryption feature is enabled in the region.
  • The first time you use a customer master key (CMK), you must use the AliyunECSDiskEncryptDefaultRole role to grant Elastic Compute Service (ECS) access to KMS resources. For more information, see Grant access to KMS keys through RAM roles.


You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters


The region ID. You can call the DescribeRegions operation to query the most recent region list.


The ID of the new KMS key.


Response parameters


Schema of Response


The request ID.



Sample success responses


  "RequestId": "473469C7-AA6F-4DC5-B3DB-A3DC0DE3C83E"

Error codes

HTTP status codeError codeError messageDescription
400InvalidParameter.KMSKeyId.CMKNotEnabledThe CMK needs to be enabled.The customer master key (CMK) is not enabled when KMSKeyId is specified for an encrypted disk. You can call the DescribeKey operation of KMS to query information about the specified CMK.
400InvalidParameter.Encrypted.KmsNotEnabledKMS must be enabled for encrypted disks.KMS is not activated. You must activate KMS before you can encrypt disks.
403Abs.InvalidAction.RegionNotSupportThis region does not support this action.The operation is not supported in the region.
403InvalidParameter.RegionIdNotExistsThe specified region does not exists.The region does not exist.
403InvalidParameter.KMSKeyId.KMSUnauthorizedECS service have no right to access your KMS.ECS is not authorized to access your KMS resources.
403InvalidOperation.KMSKeyIdNotFoundThe specified KMSKeyId not found, %s.The associated KMS encryption key cannot be found. Verify that the KMS encryption key is valid.
403InvalidOperation.KMSServiceNotOpenKMS service is currently not open.The KMS service has not been enabled.
403UserNotInTheWhiteListThe user is not in disk white list.You are not authorized to manage the disk. Try again when you are authorized.
403InvalidDefaultEncryption.NotFoundYou have not configured default encryption setting in this region.Cloud disk encryption by default has not been enabled for the region.

For a list of error codes, visit the Service error codes.