SetDeletionProtection - Key Management Service - Alibaba Cloud Documentation Center

Operation description

For more information about the access policy required for a RAM user or RAM role to call this API operation, see Resource Access Management.
After you enable deletion protection for a CMK, you cannot delete it. To delete the CMK, you must first disable deletion protection.
Before you call the SetDeletionProtection operation, ensure that the CMK is not in the PendingDeletion state. You can call the DescribeKey operation to query the status of the CMK.

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Parameter	Type	Required	Description	Example
ProtectedResourceArn	string	No	The ARN of the CMK for which you want to configure deletion protection. You can call the DescribeKey operation to query the ARN of the CMK.	acs:kms:cn-hangzhou:123213123**:key/0225f411-b21d-46d1-be5b-93931c82**
EnableDeletionProtection	boolean	Yes	Specifies whether to enable deletion protection. Valid values: true: enables deletion protection. false: disables deletion protection. This is the default value.	true
DeletionProtectionDescription	string	No	The description of deletion protection. Note This parameter is available only when EnableDeletionProtection is set to true.	This key is being used by XXX service. You are protected from deletion.
KeyId	string	No	The ID of the key.	key-hzz65f3a68554s6ms****

For more information about common request parameters, see Common parameters.

Parameter	Type	Description	Example
	object
RequestId	string	The ID of the request. The ID is a unique identifier that is generated by Alibaba Cloud for the request. You can use the ID to troubleshoot issues.	3455b9b4-95c1-419d-b310-db6a53b09a39

Success response

JSON format

{
  "RequestId": "3455b9b4-95c1-419d-b310-db6a53b09a39"
}

See Error Codes for a complete list.

See Release Notes for a complete list.