keyId
The identifier of the KMS key that will be associated with the imported key material. This must be the same KMS key specified in the KeyID
parameter of the corresponding GetParametersForImport request. The Origin
of the KMS key must be EXTERNAL
and its KeyState
must be PendingImport
.
The KMS key can be a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key, including a kms/latest/developerguide/multi-region-keys-overview.html of any supported type. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account.
Specify the key ID or key ARN of the KMS key.
For example:
Key ID:
1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN:
arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.