The following example shows an AWS CloudTrail log entry for the RotateKeyOnDemand operation. For an example of the CloudTrail log entry that is written when the key is rotated, see RotateKey. For more information about on-demand rotation of key material for a KMS key, see Perform on-demand key rotation.
{
"eventVersion": "1.08",
"userIdentity": {
"type": "IAMUser",
"principalId": "EX_PRINCIPAL_ID",
"arn": "arn:aws:iam::111122223333:user/Alice",
"accountId": "111122223333",
"accessKeyId": "EXAMPLE_KEY_ID",
"userName": "Alice"
},
"eventTime": "2024-02-20T17:41:57Z",
"eventSource": "kms.amazonaws.com",
"eventName": "RotateKeyOnDemand",
"awsRegion": "us-east-1",
"sourceIPAddress": "192.0.2.0",
"userAgent": "AWS Internal",
"requestParameters": {
"keyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
},
"responseElements": {
"keyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
},
"requestID": "9e1dee86-eb84-42fd-8f25-e3fc7dbb32c8",
"eventID": "00a09fbc-20d6-4a58-9b92-7da85984ab77",
"readOnly": false,
"resources": [
{
"accountId": "111122223333",
"type": "AWS::KMS::Key",
"ARN": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}
],
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "111122223333",
"eventCategory": "Management",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES256-GCM-SHA384",
"clientProvidedHostHeader": "kms.us-east-1.amazonaws.com"
}
}RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4