All Products
Search

This Product

    Key Management Service:ScheduleKeyDeletion

    Document Center

    Key Management Service:ScheduleKeyDeletion

    Last Updated:Jul 29, 2025

    Deletes a specified customer master key (CMK).

    Operation description

    During the scheduled period, the CMK is in the PendingDeletion state and cannot be used to encrypt data, decrypt data, or generate data keys.

    After a CMK is deleted, it cannot be recovered. Data that is encrypted and data keys that are generated by using the CMK cannot be decrypted. To prevent accidental deletion of CMKs, Key Management Service (KMS) allows you to only schedule key deletion tasks. You cannot directly delete CMKs. If you want to delete a CMK, call the DisableKey operation to disable the CMK.

    When you call this operation, you must specify a scheduled period between 7 days to 366 days. The scheduled period starts from the time when you submit the request. You can call the CancelKeyDeletion operation to cancel the key deletion task before the scheduled period ends.

    Debugging

    You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

    Authorization information

    There is currently no authorization information disclosed in the API.

    Request parameters

    ParameterTypeRequiredDescriptionExample
    KeyIdstringYes

    The ID of the customer master key (CMK). The ID must be globally unique.

    		7906979c-8e06-46a2-be2d-68e3ccbc****
    PendingWindowInDaysintegerYes

    The scheduled period after which the CMK is deleted. During this period, the CMK is in the PendingDeletion state. After this period ends, you cannot cancel the key deletion task.

    Valid values: 7 to 366.

    Unit: days.

    		7

    Response parameters

    ParameterTypeDescriptionExample
    object
    RequestIdstring

    The ID of the request, which is used to locate and troubleshoot issues.

    		3da5b8cc-8107-40ac-a170-793cd181d7b7

    Examples

    Sample success responses

    JSONformat

    {
  "RequestId": "3da5b8cc-8107-40ac-a170-793cd181d7b7"
}

    Error codes

    HTTP status codeError codeError messageDescription
    400InvalidParameterThe specified parameter is not valid.An invalid value is specified for the parameter.
    404InvalidAccessKeyId.NotFoundThe Access Key ID provided does not exist in our records.-

    For a list of error codes, visit the Service error codes.

    Change history

    Change timeSummary of changesOperation
    2022-08-18The internal configuration of the API is changed, but the call is not affectedView Change Details