After you create an application access point (AAP) for a dedicated KMS instance, you can view Dedicated KMS in Scope of the AAP policies. You can update an AAP, delete an AAP, or delete a client key based on your business requirements.
Update an AAP
To change the permissions on the dedicated KMS instance for an AAP, you can update the policies of the AAP. This enables different applications to access the required instances.
- Log on to the KMS console.
- In the top navigation bar, select the region for the application access point that you want to create.
- In the left-side navigation pane, click Applications.
- Click the name of an AAP. On the page that appears, click Update in the upper-right corner.
- In the Update Application Access Point dialog box, update the policies.
- Enter a description and click Update.
Delete an AAP
An AAP is the credential that is required to use a dedicated KMS instance. If you delete an AAP, you can no longer use the dedicated KMS instance. Exercise caution when you delete an AAP. After an AAP is deleted, all the client keys that are bound to the AAP are deleted.
- In the left-side navigation pane, click Applications.
- Find the AAP that you want to delete and click Delete in the Actions column.
- In the Delete Application Access Point message, click OK.
Delete a client key
A client key is used to authenticate applications. When you create the client key, you must save the PKCS 12 file of the client key. If the PKCS 12 file is lost, you must delete the client key and create a different client key. For more information about how to create a client key, see Create an AAP.
To delete a client key, perform the following steps:
- In the left-side navigation pane, click Applications.
- Click the name of the AAP to which the client key belongs.
- In the Client Key section, find the client key and click Delete in the Actions column.
- In the Delete Client Key message, click OK.