* Gets a Boolean value that indicates whether automatic rotation of the key material is enabled for the specified KMS * key. *
** When you enable automatic rotation for customer managed KMS keys, KMS rotates the key material of the KMS key * one year (approximately 365 days) from the enable date and every year * thereafter. You can monitor rotation of the key material for your KMS keys in * CloudTrail and Amazon CloudWatch. *
** Automatic key rotation is supported only on symmetric encryption KMS keys. You cannot enable automatic rotation of * asymmetric KMS keys, HMAC * KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of * related multi-Region keys, set the property on the primary key.. *
*
* You can enable (EnableKeyRotation) and disable automatic rotation
* (DisableKeyRotation) of the key material in customer managed KMS keys.
* Key material rotation of Amazon Web Services managed KMS keys is not configurable. KMS always
* rotates the key material in Amazon Web Services managed KMS keys every year.
* The key rotation status for Amazon Web Services managed KMS keys is always
* true.
*
* In May 2022, KMS changed the rotation schedule for Amazon Web Services * managed keys from every three years to every year. For details, see * EnableKeyRotation. *
** The KMS key that you use for this operation must be in a compatible key * state. For details, see Key states of KMS keys in the Key Management Service Developer * Guide. *
** Disabled: The key rotation status does not change when you disable a KMS key. * However, while the KMS key is disabled, KMS does not rotate the key material. * When you re-enable the KMS key, rotation resumes. If the key material in the * re-enabled KMS key hasn't been rotated in one year, KMS rotates it * immediately, and every year thereafter. If it's been less than a year since * the key material in the re-enabled KMS key was rotated, the KMS key resumes * its prior rotation schedule. *
*
* Pending deletion: While a KMS key is pending deletion, its key rotation
* status is false and KMS does not rotate the key material. If you
* cancel the deletion, the original key rotation status returns to
* true.
*
* Cross-account use: Yes. To perform this operation on a KMS key in a
* different Amazon Web Services account, specify the key ARN in the value of
* the KeyId parameter.
*
* Required permissions: kms:GetKeyRotationStatus (key policy) *
** Related operations: *
** Gets the rotation status for the specified KMS key. *
** Specify the key ID or key ARN of the KMS key. To specify a KMS key in a * different Amazon Web Services account, you must use the key ARN. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
*
* Constraints:
* Length: 1 - 2048
*/
private String keyId;
/**
*
* Gets the rotation status for the specified KMS key. *
** Specify the key ID or key ARN of the KMS key. To specify a KMS key in a * different Amazon Web Services account, you must use the key ARN. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
*
* Constraints:
* Length: 1 - 2048
*
* @return
* Gets the rotation status for the specified KMS key. *
** Specify the key ID or key ARN of the KMS key. To specify a KMS * key in a different Amazon Web Services account, you must use the * key ARN. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys * or DescribeKey. *
*/ public String getKeyId() { return keyId; } /** ** Gets the rotation status for the specified KMS key. *
** Specify the key ID or key ARN of the KMS key. To specify a KMS key in a * different Amazon Web Services account, you must use the key ARN. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
*
* Constraints:
* Length: 1 - 2048
*
* @param keyId
* Gets the rotation status for the specified KMS key. *
** Specify the key ID or key ARN of the KMS key. To specify a KMS * key in a different Amazon Web Services account, you must use * the key ARN. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. *
*/ public void setKeyId(String keyId) { this.keyId = keyId; } /** ** Gets the rotation status for the specified KMS key. *
** Specify the key ID or key ARN of the KMS key. To specify a KMS key in a * different Amazon Web Services account, you must use the key ARN. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *
** Returns a reference to this object so that method calls can be chained * together. *
* Constraints:
* Length: 1 - 2048
*
* @param keyId
* Gets the rotation status for the specified KMS key. *
** Specify the key ID or key ARN of the KMS key. To specify a KMS * key in a different Amazon Web Services account, you must use * the key ARN. *
** For example: *
*
* Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
*
* Key ARN:
* arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
*
* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. *
* @return A reference to this updated object so that method calls can be * chained together. */ public GetKeyRotationStatusRequest withKeyId(String keyId) { this.keyId = keyId; return this; } /** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getKeyId() != null) sb.append("KeyId: " + getKeyId()); sb.append("}"); return sb.toString(); } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode()); return hashCode; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof GetKeyRotationStatusRequest == false) return false; GetKeyRotationStatusRequest other = (GetKeyRotationStatusRequest) obj; if (other.getKeyId() == null ^ this.getKeyId() == null) return false; if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == false) return false; return true; } }