- 新しい順
- 投票が多い順
- コメントが多い順
It would be one year after it was enabled.
When you enable automatic key rotation for a customer managed CMK, AWS KMS generates new cryptographic material for the CMK every year. AWS KMS also saves the CMK's older cryptographic material in perpetuity so it can be used to decrypt data that it encrypted. AWS KMS does not delete any rotated key material until you delete the CMK.
Key rotation changes only the CMK's backing key, which is the cryptographic material that is used in encryption operations. The CMK is the same logical resource, regardless of whether or how many times its backing key changes. The properties of the CMK do not change, as shown in the following image.
More details can be found at the documentation page below :
https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
関連するコンテンツ
- AWS公式更新しました 4ヶ月前