Skip to content

Remove Key Replication Regions

paymentcryptographycontrolplane_remove_key_replication_regions R Documentation

Removes Replication Regions from an existing Amazon Web Services Payment Cryptography key, disabling the key's availability for cryptographic operations in the specified Amazon Web Services Regions

Description

Removes Replication Regions from an existing Amazon Web Services Payment Cryptography key, disabling the key's availability for cryptographic operations in the specified Amazon Web Services Regions.

When you remove Replication Regions, the key material is securely deleted from those regions and can no longer be used for cryptographic operations there. This operation is irreversible for the specified Amazon Web Services Regions. For more information, see Multi-Region key replication.

Ensure that no active cryptographic operations or applications depend on the key in the regions you're removing before performing this operation.

Cross-account use: This operation supports cross-account use when the key has a resource-based policy that grants access. For more information, see Resource-based policies.

Related operations:

  • add_key_replication_regions

  • disable_default_key_replication_regions

Usage

paymentcryptographycontrolplane_remove_key_replication_regions(
  KeyIdentifier, ReplicationRegions)

Arguments

KeyIdentifier

[required] The key identifier (ARN or alias) of the key from which to remove replication regions.

This key must exist and have replication enabled in the specified regions.
ReplicationRegions

[required] The list of Amazon Web Services Regions to remove from the key's replication configuration.

The key will no longer be available for cryptographic operations in these regions after removal. Ensure no active operations depend on the key in these regions before removal.

Value

A list with the following syntax:

list(
  Key = list(
    KeyArn = "string",
    KeyAttributes = list(
      KeyUsage = "TR31_B0_BASE_DERIVATION_KEY"|"TR31_C0_CARD_VERIFICATION_KEY"|"TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"|"TR31_D1_ASYMMETRIC_KEY_FOR_DATA_ENCRYPTION"|"TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"|"TR31_E1_EMV_MKEY_CONFIDENTIALITY"|"TR31_E2_EMV_MKEY_INTEGRITY"|"TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"|"TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"|"TR31_E6_EMV_MKEY_OTHER"|"TR31_K0_KEY_ENCRYPTION_KEY"|"TR31_K1_KEY_BLOCK_PROTECTION_KEY"|"TR31_K3_ASYMMETRIC_KEY_FOR_KEY_AGREEMENT"|"TR31_M0_ISO_16609_MAC_KEY"|"TR31_M3_ISO_9797_3_MAC_KEY"|"TR31_M1_ISO_9797_1_MAC_KEY"|"TR31_M6_ISO_9797_5_CMAC_KEY"|"TR31_M7_HMAC_KEY"|"TR31_P0_PIN_ENCRYPTION_KEY"|"TR31_P1_PIN_GENERATION_KEY"|"TR31_S0_ASYMMETRIC_KEY_FOR_DIGITAL_SIGNATURE"|"TR31_V1_IBM3624_PIN_VERIFICATION_KEY"|"TR31_V2_VISA_PIN_VERIFICATION_KEY"|"TR31_K2_TR34_ASYMMETRIC_KEY",
      KeyClass = "SYMMETRIC_KEY"|"ASYMMETRIC_KEY_PAIR"|"PRIVATE_KEY"|"PUBLIC_KEY",
      KeyAlgorithm = "TDES_2KEY"|"TDES_3KEY"|"AES_128"|"AES_192"|"AES_256"|"HMAC_SHA256"|"HMAC_SHA384"|"HMAC_SHA512"|"HMAC_SHA224"|"RSA_2048"|"RSA_3072"|"RSA_4096"|"ECC_NIST_P256"|"ECC_NIST_P384"|"ECC_NIST_P521",
      KeyModesOfUse = list(
        Encrypt = TRUE|FALSE,
        Decrypt = TRUE|FALSE,
        Wrap = TRUE|FALSE,
        Unwrap = TRUE|FALSE,
        Generate = TRUE|FALSE,
        Sign = TRUE|FALSE,
        Verify = TRUE|FALSE,
        DeriveKey = TRUE|FALSE,
        NoRestrictions = TRUE|FALSE
      )
    ),
    KeyCheckValue = "string",
    KeyCheckValueAlgorithm = "CMAC"|"ANSI_X9_24"|"HMAC"|"SHA_1",
    Enabled = TRUE|FALSE,
    Exportable = TRUE|FALSE,
    KeyState = "CREATE_IN_PROGRESS"|"CREATE_COMPLETE"|"DELETE_PENDING"|"DELETE_COMPLETE",
    KeyOrigin = "EXTERNAL"|"AWS_PAYMENT_CRYPTOGRAPHY",
    CreateTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    UsageStartTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    UsageStopTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    DeletePendingTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    DeleteTimestamp = as.POSIXct(
      "2015-01-01"
    ),
    DeriveKeyUsage = "TR31_B0_BASE_DERIVATION_KEY"|"TR31_C0_CARD_VERIFICATION_KEY"|"TR31_D0_SYMMETRIC_DATA_ENCRYPTION_KEY"|"TR31_E0_EMV_MKEY_APP_CRYPTOGRAMS"|"TR31_E1_EMV_MKEY_CONFIDENTIALITY"|"TR31_E2_EMV_MKEY_INTEGRITY"|"TR31_E4_EMV_MKEY_DYNAMIC_NUMBERS"|"TR31_E5_EMV_MKEY_CARD_PERSONALIZATION"|"TR31_E6_EMV_MKEY_OTHER"|"TR31_K0_KEY_ENCRYPTION_KEY"|"TR31_K1_KEY_BLOCK_PROTECTION_KEY"|"TR31_M3_ISO_9797_3_MAC_KEY"|"TR31_M1_ISO_9797_1_MAC_KEY"|"TR31_M6_ISO_9797_5_CMAC_KEY"|"TR31_M7_HMAC_KEY"|"TR31_P0_PIN_ENCRYPTION_KEY"|"TR31_P1_PIN_GENERATION_KEY"|"TR31_V1_IBM3624_PIN_VERIFICATION_KEY"|"TR31_V2_VISA_PIN_VERIFICATION_KEY",
    MultiRegionKeyType = "PRIMARY"|"REPLICA",
    PrimaryRegion = "string",
    ReplicationStatus = list(
      list(
        Status = "IN_PROGRESS"|"DELETE_IN_PROGRESS"|"FAILED"|"SYNCHRONIZED",
        StatusMessage = "string"
      )
    ),
    UsingDefaultReplicationRegions = TRUE|FALSE,
    MpaStatus = list(
      MpaSessionArn = "string",
      Status = "PENDING"|"APPROVED"|"FAILED"|"CANCELLED",
      InitiationDate = as.POSIXct(
        "2015-01-01"
      ),
      StatusMessage = "string"
    )
  )
)

Request syntax

svc$remove_key_replication_regions(
  KeyIdentifier = "string",
  ReplicationRegions = list(
    "string"
  )
)