Posted On: Oct 15, 2015

AWS Key Management Service (KMS) is a managed service that makes it easy for you to create and control the encryption keys used to encrypt your data. You can create, enable, disable, rotate and, starting today, delete your keys in KMS giving you even greater control over the lifecycle of your keys.

Deleting a key makes all data encrypted under that key unrecoverable. You can schedule keys for deletion by specifying a configurable waiting period between 7 and 30 days. The waiting period is to give you time to verify if the keys are still needed to decrypt data. If necessary, you can cancel deletion before the waiting period ends and re-enable your key. After the waiting period ends, AWS KMS will delete the keys.

You can learn more about how to schedule deletion of keys by reading the blog post and KMS Developer Guide.