Status: IN
Multiple AWS services make KMS key decisions irrevocable through different mechanisms — DynamoDB archives data after 7 days if a CMK is disabled, CloudTrail Lake KMS keys cannot be changed or removed — creating a cross-cutting pattern where encryption key management permanently constrains operational flexibility across unrelated service tiers