After you delete a customer master key (CMK), you cannot decrypt the content encrypted through the CMK or the DEKs that are generated by using the CMK. To prevent CMKs from being accidentally deleted, KMS allows you to only schedule key deletion tasks. You cannot immediately delete CMKs. If you are no longer using a CMK, you can disable keys.
Operation Steps
1. Log in to the KMS console;
2. In the navigation bar at the top of the page, select the area where the key is located.
3. In the left navigation bar, click KMS to enter the key list.
4. Locate the key to be deleted and go to More > Scheduled Key Deletion in the operation column.
5. In the Scheduled Key Deletion dialog box, enter the scheduled deletion period and click OK. Scheduled Deletion Period Values: 7-30 days;
6. The key status changes from Enabling to Pending Deletion. Keys in the Pending Deletion state cannot be used for encryption and decryption, or generating DEKs.
7. If a key is in the Pending Deletion state, you can cancel key deletion in More > Cancel Scheduled Key Deletion in the right operation column.
8. In the pop-up dialog box, click OK to cancel the scheduled deletion and the key becomes available again,