POST /#X-Amz-Target=TrentService.DisconnectCustomKeyStore
Disconnects the custom key store from its backing key store. This operation disconnects an CloudHSM key store from its associated CloudHSM cluster or disconnects an external key store from the external key store proxy that communicates with your external key manager.
This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.
While a custom key store is disconnected, you can manage the custom key store and its KMS keys, but you cannot create or use its KMS keys. You can reconnect the custom key store at any time.
While a custom key store is disconnected, all attempts to create KMS keys in the custom key store or to use existing KMS keys in cryptographic operations will fail. This action can prevent users from storing and accessing sensitive data.
When you disconnect a custom key store, its ConnectionState changes to Disconnected. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation. To reconnect a custom key store, use the ConnectCustomKeyStore operation.
If the operation succeeds, it returns a JSON object with no properties.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:DisconnectCustomKeyStore (IAM policy)
Related operations:
-
ConnectCustomKeyStore
-
CreateCustomKeyStore
-
DeleteCustomKeyStore
-
DescribeCustomKeyStores
-
UpdateCustomKeyStore
Servers
- https://kms.{region}.amazonaws.com
- https://kms.{region}.amazonaws.com.cn
Request headers
| Name | Type | Required | Description |
|---|---|---|---|
X-Amz-Content-Sha256 |
String | No | |
X-Amz-Credential |
String | No | |
X-Amz-Target |
String | Yes |
Valid values:
|
Content-Type |
String | Yes |
The media type of the request body.
Default value: "application/json" |
X-Amz-Date |
String | No | |
X-Amz-Algorithm |
String | No | |
X-Amz-SignedHeaders |
String | No | |
X-Amz-Security-Token |
String | No | |
X-Amz-Signature |
String | No |
Request body fields
| Name | Type | Required | Description |
|---|---|---|---|
CustomKeyStoreId |
String | Yes |
Enter the ID of the custom key store you want to disconnect. To find the ID of a custom key store, use the DescribeCustomKeyStores operation. |
How to start integrating
- Add HTTP Task to your workflow definition.
- Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
- Click Test request to test run your request to the API and see the API's response.