Disabling One or More CMKs
This section describes how to use the KMS console to disable one or more custom keys, thereby protecting data in urgent cases.
After being disabled, a custom key cannot be used to encrypt or decrypt any data. Before using a disabled CMK to encrypt or decrypt data, you must enable it by following instructions in Enabling One or More CMKs.
Prerequisites
The CMK you want to disable is in Enabled status.
Constraints
- Default keys created by KMS cannot be disabled.
- A disabled CMK is still billable. It will stop incurring charges if it is deleted.
Procedure
- Log in to the management console.
- Click in the upper left corner of the management console and select a region or project.
- Click . Choose .
- In the row containing the target CMK, click Disable.
- In the displayed dialog box, select I understand the impact of disabling keys, and click OK.
To disable multiple CMKs at a time, select them and click Disable in the upper left corner of the list.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.