Unable to delete the KMS Customer managed keys

Hi,

After analyzing a few similar threads the best thing you can do is opening an aws support case, it looks like they can help you restore access to the key.

See the answer from Jeremy:

https://repost.aws/questions/QUV7ubqz8ETRCOxHSuSH6zDQ/unable-to-delete-kms-customer-managed-key-cmk-using-administratoraccess-role-or-root-login-credentials

If access to the specific key is completely inaccessible AWS does have a method to recover access if you submit a support ticket. They do make extra steps to make sure this method is not used to circumvent security.

Each case may be different but general steps are as follows; however, you will get specific detailed instructions in the ticket.

    Create an IAM user which a specific name including the KMS Key ID to be recovered and has the IAM policy provided in the ticket
    The ticket will provide you with a one time code which AWS will contact by phone at the number on the account owning the key
    AWS internal team will verify key is inaccessible and if confirmed will recover access to the provided IAM user

After AWS has recovered the key you can then use the IAM user to either make necessary changes to the key.

Sincerely Heiko