aws-sdk-kms 1.0.0.rc2 → 1.0.0.rc3

data/lib/aws-sdk-kms/client_api.rb

@@ -101,6 +101,8 @@ module Aws::KMS
     ListKeyPoliciesResponse = Shapes::StructureShape.new(name: 'ListKeyPoliciesResponse')
     ListKeysRequest = Shapes::StructureShape.new(name: 'ListKeysRequest')
     ListKeysResponse = Shapes::StructureShape.new(name: 'ListKeysResponse')
+    ListResourceTagsRequest = Shapes::StructureShape.new(name: 'ListResourceTagsRequest')
+    ListResourceTagsResponse = Shapes::StructureShape.new(name: 'ListResourceTagsResponse')
     ListRetirableGrantsRequest = Shapes::StructureShape.new(name: 'ListRetirableGrantsRequest')
     MalformedPolicyDocumentException = Shapes::StructureShape.new(name: 'MalformedPolicyDocumentException')
     MarkerType = Shapes::StringShape.new(name: 'MarkerType')
@@ -120,7 +122,15 @@ module Aws::KMS
     RevokeGrantRequest = Shapes::StructureShape.new(name: 'RevokeGrantRequest')
     ScheduleKeyDeletionRequest = Shapes::StructureShape.new(name: 'ScheduleKeyDeletionRequest')
     ScheduleKeyDeletionResponse = Shapes::StructureShape.new(name: 'ScheduleKeyDeletionResponse')
+    Tag = Shapes::StructureShape.new(name: 'Tag')
+    TagException = Shapes::StructureShape.new(name: 'TagException')
+    TagKeyList = Shapes::ListShape.new(name: 'TagKeyList')
+    TagKeyType = Shapes::StringShape.new(name: 'TagKeyType')
+    TagList = Shapes::ListShape.new(name: 'TagList')
+    TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
+    TagValueType = Shapes::StringShape.new(name: 'TagValueType')
     UnsupportedOperationException = Shapes::StructureShape.new(name: 'UnsupportedOperationException')
+    UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
     UpdateAliasRequest = Shapes::StructureShape.new(name: 'UpdateAliasRequest')
     UpdateKeyDescriptionRequest = Shapes::StructureShape.new(name: 'UpdateKeyDescriptionRequest')
     WrappingKeySpec = Shapes::StringShape.new(name: 'WrappingKeySpec')
@@ -160,6 +170,7 @@ module Aws::KMS
     CreateKeyRequest.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsageType, location_name: "KeyUsage"))
     CreateKeyRequest.add_member(:origin, Shapes::ShapeRef.new(shape: OriginType, location_name: "Origin"))
     CreateKeyRequest.add_member(:bypass_policy_lockout_safety_check, Shapes::ShapeRef.new(shape: BooleanType, location_name: "BypassPolicyLockoutSafetyCheck"))
+    CreateKeyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
     CreateKeyRequest.struct_class = Types::CreateKeyRequest
 
     CreateKeyResponse.add_member(:key_metadata, Shapes::ShapeRef.new(shape: KeyMetadata, location_name: "KeyMetadata"))
@@ -353,6 +364,16 @@ module Aws::KMS
     ListKeysResponse.add_member(:truncated, Shapes::ShapeRef.new(shape: BooleanType, location_name: "Truncated"))
     ListKeysResponse.struct_class = Types::ListKeysResponse
 
+    ListResourceTagsRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
+    ListResourceTagsRequest.add_member(:limit, Shapes::ShapeRef.new(shape: LimitType, location_name: "Limit"))
+    ListResourceTagsRequest.add_member(:marker, Shapes::ShapeRef.new(shape: MarkerType, location_name: "Marker"))
+    ListResourceTagsRequest.struct_class = Types::ListResourceTagsRequest
+
+    ListResourceTagsResponse.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
+    ListResourceTagsResponse.add_member(:next_marker, Shapes::ShapeRef.new(shape: MarkerType, location_name: "NextMarker"))
+    ListResourceTagsResponse.add_member(:truncated, Shapes::ShapeRef.new(shape: BooleanType, location_name: "Truncated"))
+    ListResourceTagsResponse.struct_class = Types::ListResourceTagsResponse
+
     ListRetirableGrantsRequest.add_member(:limit, Shapes::ShapeRef.new(shape: LimitType, location_name: "Limit"))
     ListRetirableGrantsRequest.add_member(:marker, Shapes::ShapeRef.new(shape: MarkerType, location_name: "Marker"))
     ListRetirableGrantsRequest.add_member(:retiring_principal, Shapes::ShapeRef.new(shape: PrincipalIdType, required: true, location_name: "RetiringPrincipal"))
@@ -395,6 +416,22 @@ module Aws::KMS
     ScheduleKeyDeletionResponse.add_member(:deletion_date, Shapes::ShapeRef.new(shape: DateType, location_name: "DeletionDate"))
     ScheduleKeyDeletionResponse.struct_class = Types::ScheduleKeyDeletionResponse
 
+    Tag.add_member(:tag_key, Shapes::ShapeRef.new(shape: TagKeyType, required: true, location_name: "TagKey"))
+    Tag.add_member(:tag_value, Shapes::ShapeRef.new(shape: TagValueType, required: true, location_name: "TagValue"))
+    Tag.struct_class = Types::Tag
+
+    TagKeyList.member = Shapes::ShapeRef.new(shape: TagKeyType)
+
+    TagList.member = Shapes::ShapeRef.new(shape: Tag)
+
+    TagResourceRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
+    TagResourceRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, required: true, location_name: "Tags"))
+    TagResourceRequest.struct_class = Types::TagResourceRequest
+
+    UntagResourceRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
+    UntagResourceRequest.add_member(:tag_keys, Shapes::ShapeRef.new(shape: TagKeyList, required: true, location_name: "TagKeys"))
+    UntagResourceRequest.struct_class = Types::UntagResourceRequest
+
     UpdateAliasRequest.add_member(:alias_name, Shapes::ShapeRef.new(shape: AliasNameType, required: true, location_name: "AliasName"))
     UpdateAliasRequest.add_member(:target_key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "TargetKeyId"))
     UpdateAliasRequest.struct_class = Types::UpdateAliasRequest
@@ -474,6 +511,7 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
         o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
         o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: TagException)
       end)
 
       api.add_operation(:decrypt, Seahorse::Model::Operation.new.tap do |o|
@@ -781,6 +819,18 @@ module Aws::KMS
         )
       end)
 
+      api.add_operation(:list_resource_tags, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListResourceTags"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListResourceTagsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListResourceTagsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
+        o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidMarkerException)
+      end)
+
       api.add_operation(:list_retirable_grants, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ListRetirableGrants"
         o.http_method = "POST"
@@ -868,6 +918,33 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
       end)
 
+      api.add_operation(:tag_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "TagResource"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: TagResourceRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
+        o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: TagException)
+      end)
+
+      api.add_operation(:untag_resource, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "UntagResource"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: UntagResourceRequest)
+        o.output = Shapes::ShapeRef.new(shape: Shapes::StructureShape.new(struct_class: Aws::EmptyStructure))
+        o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
+        o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
+        o.errors << Shapes::ShapeRef.new(shape: TagException)
+      end)
+
       api.add_operation(:update_alias, Seahorse::Model::Operation.new.tap do |o|
         o.name = "UpdateAlias"
         o.http_method = "POST"

data/lib/aws-sdk-kms/types.rb

@@ -22,6 +22,8 @@ module Aws::KMS
     #   String that contains the key identifier referred to by the alias.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/AliasListEntry AWS API Documentation
+    #
     class AliasListEntry < Struct.new(
       :alias_name,
       :alias_arn,
@@ -52,6 +54,8 @@ module Aws::KMS
     #   ListKeys or DescribeKey.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletionRequest AWS API Documentation
+    #
     class CancelKeyDeletionRequest < Struct.new(
       :key_id)
       include Aws::Structure
@@ -62,6 +66,8 @@ module Aws::KMS
     #   canceled.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletionResponse AWS API Documentation
+    #
     class CancelKeyDeletionResponse < Struct.new(
       :key_id)
       include Aws::Structure
@@ -93,6 +99,8 @@ module Aws::KMS
     #     12345678-1234-1234-1234-123456789012
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAliasRequest AWS API Documentation
+    #
     class CreateAliasRequest < Struct.new(
       :alias_name,
       :target_key_id)
@@ -212,6 +220,8 @@ module Aws::KMS
     #   obtained in this way can be used interchangeably.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrantRequest AWS API Documentation
+    #
     class CreateGrantRequest < Struct.new(
       :key_id,
       :grantee_principal,
@@ -241,6 +251,8 @@ module Aws::KMS
     #   operation.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrantResponse AWS API Documentation
+    #
     class CreateGrantResponse < Struct.new(
       :grant_token,
       :grant_id)
@@ -256,6 +268,12 @@ module Aws::KMS
     #         key_usage: "ENCRYPT_DECRYPT", # accepts ENCRYPT_DECRYPT
     #         origin: "AWS_KMS", # accepts AWS_KMS, EXTERNAL
     #         bypass_policy_lockout_safety_check: false,
+    #         tags: [
+    #           {
+    #             tag_key: "TagKeyType", # required
+    #             tag_value: "TagValueType", # required
+    #           },
+    #         ],
     #       }
     #
     # @!attribute [rw] policy
@@ -265,14 +283,14 @@ module Aws::KMS
     #   `BypassPolicyLockoutSafetyCheck` to true, the policy must meet the
     #   following criteria:
     #
-    #   * It must allow the principal making the `CreateKey` request to make
-    #     a subsequent PutKeyPolicy request on the CMK. This reduces the
-    #     likelihood that the CMK becomes unmanageable. For more
+    #   * It must allow the principal that is making the `CreateKey` request
+    #     to make a subsequent PutKeyPolicy request on the CMK. This reduces
+    #     the likelihood that the CMK becomes unmanageable. For more
     #     information, refer to the scenario in the [Default Key Policy][1]
     #     section in the *AWS Key Management Service Developer Guide*.
     #
-    #   * The principal(s) specified in the key policy must exist and be
-    #     visible to AWS KMS. When you create a new AWS principal (for
+    #   * The principals that are specified in the key policy must exist and
+    #     be visible to AWS KMS. When you create a new AWS principal (for
     #     example, an IAM user or role), you might need to enforce a delay
     #     before specifying the new principal in a key policy because the
     #     new principal might not immediately be visible to AWS KMS. For
@@ -336,8 +354,8 @@ module Aws::KMS
     #   Guide*.
     #
     #   Use this parameter only when you include a policy in the request and
-    #   you intend to prevent the principal making the request from making a
-    #   subsequent PutKeyPolicy request on the CMK.
+    #   you intend to prevent the principal that is making the request from
+    #   making a subsequent PutKeyPolicy request on the CMK.
     #
     #   The default value is false.
     #
@@ -346,12 +364,25 @@ module Aws::KMS
     #   [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
     #   @return [Boolean]
     #
+    # @!attribute [rw] tags
+    #   One or more tags. Each tag consists of a tag key and a tag value.
+    #   Tag keys and tag values are both required, but tag values can be
+    #   empty (null) strings.
+    #
+    #   Use this parameter to tag the CMK when it is created. Alternately,
+    #   you can omit this parameter and instead tag the CMK after it is
+    #   created using TagResource.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKeyRequest AWS API Documentation
+    #
     class CreateKeyRequest < Struct.new(
       :policy,
       :description,
       :key_usage,
       :origin,
-      :bypass_policy_lockout_safety_check)
+      :bypass_policy_lockout_safety_check,
+      :tags)
       include Aws::Structure
     end
 
@@ -359,6 +390,8 @@ module Aws::KMS
     #   Metadata associated with the CMK.
     #   @return [Types::KeyMetadata]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKeyResponse AWS API Documentation
+    #
     class CreateKeyResponse < Struct.new(
       :key_metadata)
       include Aws::Structure
@@ -400,6 +433,8 @@ module Aws::KMS
     #   [1]: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
     #   @return [Array<String>]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptRequest AWS API Documentation
+    #
     class DecryptRequest < Struct.new(
       :ciphertext_blob,
       :encryption_context,
@@ -418,6 +453,8 @@ module Aws::KMS
     #   permission to use it.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptResponse AWS API Documentation
+    #
     class DecryptResponse < Struct.new(
       :key_id,
       :plaintext)
@@ -437,6 +474,8 @@ module Aws::KMS
     #   "alias/AWS" are reserved.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAliasRequest AWS API Documentation
+    #
     class DeleteAliasRequest < Struct.new(
       :alias_name)
       include Aws::Structure
@@ -462,6 +501,8 @@ module Aws::KMS
     #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterialRequest AWS API Documentation
+    #
     class DeleteImportedKeyMaterialRequest < Struct.new(
       :key_id)
       include Aws::Structure
@@ -503,6 +544,8 @@ module Aws::KMS
     #   [1]: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
     #   @return [Array<String>]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKeyRequest AWS API Documentation
+    #
     class DescribeKeyRequest < Struct.new(
       :key_id,
       :grant_tokens)
@@ -513,6 +556,8 @@ module Aws::KMS
     #   Metadata associated with the key.
     #   @return [Types::KeyMetadata]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKeyResponse AWS API Documentation
+    #
     class DescribeKeyResponse < Struct.new(
       :key_metadata)
       include Aws::Structure
@@ -537,6 +582,8 @@ module Aws::KMS
     #     arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRequest AWS API Documentation
+    #
     class DisableKeyRequest < Struct.new(
       :key_id)
       include Aws::Structure
@@ -560,6 +607,8 @@ module Aws::KMS
     #     12345678-1234-1234-1234-123456789012
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotationRequest AWS API Documentation
+    #
     class DisableKeyRotationRequest < Struct.new(
       :key_id)
       include Aws::Structure
@@ -583,6 +632,8 @@ module Aws::KMS
     #     12345678-1234-1234-1234-123456789012
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRequest AWS API Documentation
+    #
     class EnableKeyRequest < Struct.new(
       :key_id)
       include Aws::Structure
@@ -606,6 +657,8 @@ module Aws::KMS
     #     12345678-1234-1234-1234-123456789012
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotationRequest AWS API Documentation
+    #
     class EnableKeyRotationRequest < Struct.new(
       :key_id)
       include Aws::Structure
@@ -666,6 +719,8 @@ module Aws::KMS
     #   [1]: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
     #   @return [Array<String>]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptRequest AWS API Documentation
+    #
     class EncryptRequest < Struct.new(
       :key_id,
       :plaintext,
@@ -683,6 +738,8 @@ module Aws::KMS
     #   The ID of the key used during encryption.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptResponse AWS API Documentation
+    #
     class EncryptResponse < Struct.new(
       :ciphertext_blob,
       :key_id)
@@ -756,6 +813,8 @@ module Aws::KMS
     #   [1]: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
     #   @return [Array<String>]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyRequest AWS API Documentation
+    #
     class GenerateDataKeyRequest < Struct.new(
       :key_id,
       :encryption_context,
@@ -779,6 +838,8 @@ module Aws::KMS
     #   generated and encrypted.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyResponse AWS API Documentation
+    #
     class GenerateDataKeyResponse < Struct.new(
       :ciphertext_blob,
       :plaintext,
@@ -853,6 +914,8 @@ module Aws::KMS
     #   [1]: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
     #   @return [Array<String>]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextRequest AWS API Documentation
+    #
     class GenerateDataKeyWithoutPlaintextRequest < Struct.new(
       :key_id,
       :encryption_context,
@@ -871,6 +934,8 @@ module Aws::KMS
     #   generated and encrypted.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextResponse AWS API Documentation
+    #
     class GenerateDataKeyWithoutPlaintextResponse < Struct.new(
       :ciphertext_blob,
       :key_id)
@@ -888,6 +953,8 @@ module Aws::KMS
     #   The length of the byte string.
     #   @return [Integer]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomRequest AWS API Documentation
+    #
     class GenerateRandomRequest < Struct.new(
       :number_of_bytes)
       include Aws::Structure
@@ -897,6 +964,8 @@ module Aws::KMS
     #   The unpredictable byte string.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomResponse AWS API Documentation
+    #
     class GenerateRandomResponse < Struct.new(
       :plaintext)
       include Aws::Structure
@@ -927,6 +996,8 @@ module Aws::KMS
     #   ListKeyPolicies.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicyRequest AWS API Documentation
+    #
     class GetKeyPolicyRequest < Struct.new(
       :key_id,
       :policy_name)
@@ -937,6 +1008,8 @@ module Aws::KMS
     #   A policy document in JSON format.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicyResponse AWS API Documentation
+    #
     class GetKeyPolicyResponse < Struct.new(
       :policy)
       include Aws::Structure
@@ -960,6 +1033,8 @@ module Aws::KMS
     #     12345678-1234-1234-1234-123456789012
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatusRequest AWS API Documentation
+    #
     class GetKeyRotationStatusRequest < Struct.new(
       :key_id)
       include Aws::Structure
@@ -969,6 +1044,8 @@ module Aws::KMS
     #   A Boolean value that specifies whether key rotation is enabled.
     #   @return [Boolean]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatusResponse AWS API Documentation
+    #
     class GetKeyRotationStatusResponse < Struct.new(
       :key_rotation_enabled)
       include Aws::Structure
@@ -1012,6 +1089,8 @@ module Aws::KMS
     #   Only 2048-bit RSA public keys are supported.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImportRequest AWS API Documentation
+    #
     class GetParametersForImportRequest < Struct.new(
       :key_id,
       :wrapping_algorithm,
@@ -1041,6 +1120,8 @@ module Aws::KMS
     #   `GetParametersForImport` request to retrieve new ones.
     #   @return [Time]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImportResponse AWS API Documentation
+    #
     class GetParametersForImportResponse < Struct.new(
       :key_id,
       :import_token,
@@ -1090,6 +1171,8 @@ module Aws::KMS
     #   operation. Otherwise, the operation is not allowed.
     #   @return [Hash<String,String>]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantConstraints AWS API Documentation
+    #
     class GrantConstraints < Struct.new(
       :encryption_context_subset,
       :encryption_context_equals)
@@ -1137,6 +1220,8 @@ module Aws::KMS
     #   The conditions under which the grant's operations are allowed.
     #   @return [Types::GrantConstraints]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantListEntry AWS API Documentation
+    #
     class GrantListEntry < Struct.new(
       :key_id,
       :grant_id,
@@ -1204,6 +1289,8 @@ module Aws::KMS
     #   parameter.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterialRequest AWS API Documentation
+    #
     class ImportKeyMaterialRequest < Struct.new(
       :key_id,
       :import_token,
@@ -1213,6 +1300,8 @@ module Aws::KMS
       include Aws::Structure
     end
 
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterialResponse AWS API Documentation
+    #
     class ImportKeyMaterialResponse < Aws::EmptyStructure; end
 
     # Contains information about each entry in the key list.
@@ -1225,6 +1314,8 @@ module Aws::KMS
     #   ARN of the key.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KeyListEntry AWS API Documentation
+    #
     class KeyListEntry < Struct.new(
       :key_id,
       :key_arn)
@@ -1312,6 +1403,8 @@ module Aws::KMS
     #   omitted.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KeyMetadata AWS API Documentation
+    #
     class KeyMetadata < Struct.new(
       :aws_account_id,
       :key_id,
@@ -1337,9 +1430,9 @@ module Aws::KMS
     #       }
     #
     # @!attribute [rw] limit
-    #   When paginating results, specify the maximum number of items to
-    #   return in the response. If additional items exist beyond the number
-    #   you specify, the `Truncated` element in the response is set to true.
+    #   Use this parameter to specify the maximum number of items to return.
+    #   When this value is present, AWS KMS does not return more than the
+    #   specified number of items, but it might return fewer.
     #
     #   This value is optional. If you include a value, it must be between 1
     #   and 100, inclusive. If you do not include a value, it defaults to
@@ -1347,12 +1440,13 @@ module Aws::KMS
     #   @return [Integer]
     #
     # @!attribute [rw] marker
-    #   Use this parameter only when paginating results and only in a
-    #   subsequent request after you receive a response with truncated
-    #   results. Set it to the value of `NextMarker` from the response you
-    #   just received.
+    #   Use this parameter in a subsequent request after you receive a
+    #   response with truncated results. Set it to the value of `NextMarker`
+    #   from the truncated response you just received.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesRequest AWS API Documentation
+    #
     class ListAliasesRequest < Struct.new(
       :limit,
       :marker)
@@ -1364,18 +1458,19 @@ module Aws::KMS
     #   @return [Array<Types::AliasListEntry>]
     #
     # @!attribute [rw] next_marker
-    #   When `Truncated` is true, this value is present and contains the
-    #   value to use for the `Marker` parameter in a subsequent pagination
-    #   request.
+    #   When `Truncated` is true, this element is present and contains the
+    #   value to use for the `Marker` parameter in a subsequent request.
     #   @return [String]
     #
     # @!attribute [rw] truncated
-    #   A flag that indicates whether there are more items in the list. If
-    #   your results were truncated, you can use the `Marker` parameter to
-    #   make a subsequent pagination request to retrieve more items in the
-    #   list.
+    #   A flag that indicates whether there are more items in the list. When
+    #   this value is true, the list in this response is truncated. To
+    #   retrieve more items, pass the value of the `NextMarker` element in
+    #   this response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesResponse AWS API Documentation
+    #
     class ListAliasesResponse < Struct.new(
       :aliases,
       :next_marker,
@@ -1393,9 +1488,9 @@ module Aws::KMS
     #       }
     #
     # @!attribute [rw] limit
-    #   When paginating results, specify the maximum number of items to
-    #   return in the response. If additional items exist beyond the number
-    #   you specify, the `Truncated` element in the response is set to true.
+    #   Use this parameter to specify the maximum number of items to return.
+    #   When this value is present, AWS KMS does not return more than the
+    #   specified number of items, but it might return fewer.
     #
     #   This value is optional. If you include a value, it must be between 1
     #   and 100, inclusive. If you do not include a value, it defaults to
@@ -1403,10 +1498,9 @@ module Aws::KMS
     #   @return [Integer]
     #
     # @!attribute [rw] marker
-    #   Use this parameter only when paginating results and only in a
-    #   subsequent request after you receive a response with truncated
-    #   results. Set it to the value of `NextMarker` from the response you
-    #   just received.
+    #   Use this parameter in a subsequent request after you receive a
+    #   response with truncated results. Set it to the value of `NextMarker`
+    #   from the truncated response you just received.
     #   @return [String]
     #
     # @!attribute [rw] key_id
@@ -1420,6 +1514,8 @@ module Aws::KMS
     #     12345678-1234-1234-1234-123456789012
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsRequest AWS API Documentation
+    #
     class ListGrantsRequest < Struct.new(
       :limit,
       :marker,
@@ -1432,18 +1528,19 @@ module Aws::KMS
     #   @return [Array<Types::GrantListEntry>]
     #
     # @!attribute [rw] next_marker
-    #   When `Truncated` is true, this value is present and contains the
-    #   value to use for the `Marker` parameter in a subsequent pagination
-    #   request.
+    #   When `Truncated` is true, this element is present and contains the
+    #   value to use for the `Marker` parameter in a subsequent request.
     #   @return [String]
     #
     # @!attribute [rw] truncated
-    #   A flag that indicates whether there are more items in the list. If
-    #   your results were truncated, you can use the `Marker` parameter to
-    #   make a subsequent pagination request to retrieve more items in the
-    #   list.
+    #   A flag that indicates whether there are more items in the list. When
+    #   this value is true, the list in this response is truncated. To
+    #   retrieve more items, pass the value of the `NextMarker` element in
+    #   this response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsResponse AWS API Documentation
+    #
     class ListGrantsResponse < Struct.new(
       :grants,
       :next_marker,
@@ -1472,9 +1569,9 @@ module Aws::KMS
     #   @return [String]
     #
     # @!attribute [rw] limit
-    #   When paginating results, specify the maximum number of items to
-    #   return in the response. If additional items exist beyond the number
-    #   you specify, the `Truncated` element in the response is set to true.
+    #   Use this parameter to specify the maximum number of items to return.
+    #   When this value is present, AWS KMS does not return more than the
+    #   specified number of items, but it might return fewer.
     #
     #   This value is optional. If you include a value, it must be between 1
     #   and 1000, inclusive. If you do not include a value, it defaults to
@@ -1484,12 +1581,13 @@ module Aws::KMS
     #   @return [Integer]
     #
     # @!attribute [rw] marker
-    #   Use this parameter only when paginating results and only in a
-    #   subsequent request after you receive a response with truncated
-    #   results. Set it to the value of `NextMarker` from the response you
-    #   just received.
+    #   Use this parameter in a subsequent request after you receive a
+    #   response with truncated results. Set it to the value of `NextMarker`
+    #   from the truncated response you just received.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesRequest AWS API Documentation
+    #
     class ListKeyPoliciesRequest < Struct.new(
       :key_id,
       :limit,
@@ -1503,18 +1601,19 @@ module Aws::KMS
     #   @return [Array<String>]
     #
     # @!attribute [rw] next_marker
-    #   When `Truncated` is true, this value is present and contains the
-    #   value to use for the `Marker` parameter in a subsequent pagination
-    #   request.
+    #   When `Truncated` is true, this element is present and contains the
+    #   value to use for the `Marker` parameter in a subsequent request.
     #   @return [String]
     #
     # @!attribute [rw] truncated
-    #   A flag that indicates whether there are more items in the list. If
-    #   your results were truncated, you can use the `Marker` parameter to
-    #   make a subsequent pagination request to retrieve more items in the
-    #   list.
+    #   A flag that indicates whether there are more items in the list. When
+    #   this value is true, the list in this response is truncated. To
+    #   retrieve more items, pass the value of the `NextMarker` element in
+    #   this response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesResponse AWS API Documentation
+    #
     class ListKeyPoliciesResponse < Struct.new(
       :policy_names,
       :next_marker,
@@ -1531,9 +1630,9 @@ module Aws::KMS
     #       }
     #
     # @!attribute [rw] limit
-    #   When paginating results, specify the maximum number of items to
-    #   return in the response. If additional items exist beyond the number
-    #   you specify, the `Truncated` element in the response is set to true.
+    #   Use this parameter to specify the maximum number of items to return.
+    #   When this value is present, AWS KMS does not return more than the
+    #   specified number of items, but it might return fewer.
     #
     #   This value is optional. If you include a value, it must be between 1
     #   and 1000, inclusive. If you do not include a value, it defaults to
@@ -1541,12 +1640,13 @@ module Aws::KMS
     #   @return [Integer]
     #
     # @!attribute [rw] marker
-    #   Use this parameter only when paginating results and only in a
-    #   subsequent request after you receive a response with truncated
-    #   results. Set it to the value of `NextMarker` from the response you
-    #   just received.
+    #   Use this parameter in a subsequent request after you receive a
+    #   response with truncated results. Set it to the value of `NextMarker`
+    #   from the truncated response you just received.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysRequest AWS API Documentation
+    #
     class ListKeysRequest < Struct.new(
       :limit,
       :marker)
@@ -1558,18 +1658,19 @@ module Aws::KMS
     #   @return [Array<Types::KeyListEntry>]
     #
     # @!attribute [rw] next_marker
-    #   When `Truncated` is true, this value is present and contains the
-    #   value to use for the `Marker` parameter in a subsequent pagination
-    #   request.
+    #   When `Truncated` is true, this element is present and contains the
+    #   value to use for the `Marker` parameter in a subsequent request.
     #   @return [String]
     #
     # @!attribute [rw] truncated
-    #   A flag that indicates whether there are more items in the list. If
-    #   your results were truncated, you can use the `Marker` parameter to
-    #   make a subsequent pagination request to retrieve more items in the
-    #   list.
+    #   A flag that indicates whether there are more items in the list. When
+    #   this value is true, the list in this response is truncated. To
+    #   retrieve more items, pass the value of the `NextMarker` element in
+    #   this response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysResponse AWS API Documentation
+    #
     class ListKeysResponse < Struct.new(
       :keys,
       :next_marker,
@@ -1577,6 +1678,80 @@ module Aws::KMS
       include Aws::Structure
     end
 
+    # @note When making an API call, you may pass ListResourceTagsRequest
+    #   data as a hash:
+    #
+    #       {
+    #         key_id: "KeyIdType", # required
+    #         limit: 1,
+    #         marker: "MarkerType",
+    #       }
+    #
+    # @!attribute [rw] key_id
+    #   A unique identifier for the CMK whose tags you are listing. You can
+    #   use the unique key ID or the Amazon Resource Name (ARN) of the CMK.
+    #   Examples:
+    #
+    #   * Unique key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   Use this parameter to specify the maximum number of items to return.
+    #   When this value is present, AWS KMS does not return more than the
+    #   specified number of items, but it might return fewer.
+    #
+    #   This value is optional. If you include a value, it must be between 1
+    #   and 50, inclusive. If you do not include a value, it defaults to 50.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter in a subsequent request after you receive a
+    #   response with truncated results. Set it to the value of `NextMarker`
+    #   from the truncated response you just received.
+    #
+    #   Do not attempt to construct this value. Use only the value of
+    #   `NextMarker` from the truncated response you just received.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTagsRequest AWS API Documentation
+    #
+    class ListResourceTagsRequest < Struct.new(
+      :key_id,
+      :limit,
+      :marker)
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] tags
+    #   A list of tags. Each tag consists of a tag key and a tag value.
+    #   @return [Array<Types::Tag>]
+    #
+    # @!attribute [rw] next_marker
+    #   When `Truncated` is true, this element is present and contains the
+    #   value to use for the `Marker` parameter in a subsequent request.
+    #
+    #   Do not assume or infer any information from this value.
+    #   @return [String]
+    #
+    # @!attribute [rw] truncated
+    #   A flag that indicates whether there are more items in the list. When
+    #   this value is true, the list in this response is truncated. To
+    #   retrieve more items, pass the value of the `NextMarker` element in
+    #   this response to the `Marker` parameter in a subsequent request.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTagsResponse AWS API Documentation
+    #
+    class ListResourceTagsResponse < Struct.new(
+      :tags,
+      :next_marker,
+      :truncated)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass ListRetirableGrantsRequest
     #   data as a hash:
     #
@@ -1587,9 +1762,9 @@ module Aws::KMS
     #       }
     #
     # @!attribute [rw] limit
-    #   When paginating results, specify the maximum number of items to
-    #   return in the response. If additional items exist beyond the number
-    #   you specify, the `Truncated` element in the response is set to true.
+    #   Use this parameter to specify the maximum number of items to return.
+    #   When this value is present, AWS KMS does not return more than the
+    #   specified number of items, but it might return fewer.
     #
     #   This value is optional. If you include a value, it must be between 1
     #   and 100, inclusive. If you do not include a value, it defaults to
@@ -1597,10 +1772,9 @@ module Aws::KMS
     #   @return [Integer]
     #
     # @!attribute [rw] marker
-    #   Use this parameter only when paginating results and only in a
-    #   subsequent request after you receive a response with truncated
-    #   results. Set it to the value of `NextMarker` from the response you
-    #   just received.
+    #   Use this parameter in a subsequent request after you receive a
+    #   response with truncated results. Set it to the value of `NextMarker`
+    #   from the truncated response you just received.
     #   @return [String]
     #
     # @!attribute [rw] retiring_principal
@@ -1619,6 +1793,8 @@ module Aws::KMS
     #   [2]: http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrantsRequest AWS API Documentation
+    #
     class ListRetirableGrantsRequest < Struct.new(
       :limit,
       :marker,
@@ -1660,14 +1836,15 @@ module Aws::KMS
     #   If you do not set `BypassPolicyLockoutSafetyCheck` to true, the
     #   policy must meet the following criteria:
     #
-    #   * It must allow the principal making the `PutKeyPolicy` request to
-    #     make a subsequent `PutKeyPolicy` request on the CMK. This reduces
-    #     the likelihood that the CMK becomes unmanageable. For more
-    #     information, refer to the scenario in the [Default Key Policy][1]
-    #     section in the *AWS Key Management Service Developer Guide*.
+    #   * It must allow the principal that is making the `PutKeyPolicy`
+    #     request to make a subsequent `PutKeyPolicy` request on the CMK.
+    #     This reduces the likelihood that the CMK becomes unmanageable. For
+    #     more information, refer to the scenario in the [Default Key
+    #     Policy][1] section in the *AWS Key Management Service Developer
+    #     Guide*.
     #
-    #   * The principal(s) specified in the key policy must exist and be
-    #     visible to AWS KMS. When you create a new AWS principal (for
+    #   * The principals that are specified in the key policy must exist and
+    #     be visible to AWS KMS. When you create a new AWS principal (for
     #     example, an IAM user or role), you might need to enforce a delay
     #     before specifying the new principal in a key policy because the
     #     new principal might not immediately be visible to AWS KMS. For
@@ -1695,8 +1872,8 @@ module Aws::KMS
     #   Guide*.
     #
     #   Use this parameter only when you intend to prevent the principal
-    #   making the request from making a subsequent `PutKeyPolicy` request
-    #   on the CMK.
+    #   that is making the request from making a subsequent `PutKeyPolicy`
+    #   request on the CMK.
     #
     #   The default value is false.
     #
@@ -1705,6 +1882,8 @@ module Aws::KMS
     #   [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
     #   @return [Boolean]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyRequest AWS API Documentation
+    #
     class PutKeyPolicyRequest < Struct.new(
       :key_id,
       :policy_name,
@@ -1769,6 +1948,8 @@ module Aws::KMS
     #   [1]: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
     #   @return [Array<String>]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncryptRequest AWS API Documentation
+    #
     class ReEncryptRequest < Struct.new(
       :ciphertext_blob,
       :source_encryption_context,
@@ -1790,6 +1971,8 @@ module Aws::KMS
     #   Unique identifier of the CMK used to reencrypt the data.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncryptResponse AWS API Documentation
+    #
     class ReEncryptResponse < Struct.new(
       :ciphertext_blob,
       :source_key_id,
@@ -1829,6 +2012,8 @@ module Aws::KMS
     #   ^
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrantRequest AWS API Documentation
+    #
     class RetireGrantRequest < Struct.new(
       :grant_token,
       :key_id,
@@ -1860,6 +2045,8 @@ module Aws::KMS
     #   Identifier of the grant to be revoked.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrantRequest AWS API Documentation
+    #
     class RevokeGrantRequest < Struct.new(
       :key_id,
       :grant_id)
@@ -1897,6 +2084,8 @@ module Aws::KMS
     #   and 30, inclusive. If you do not include a value, it defaults to 30.
     #   @return [Integer]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletionRequest AWS API Documentation
+    #
     class ScheduleKeyDeletionRequest < Struct.new(
       :key_id,
       :pending_window_in_days)
@@ -1913,12 +2102,109 @@ module Aws::KMS
     #   key (CMK).
     #   @return [Time]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletionResponse AWS API Documentation
+    #
     class ScheduleKeyDeletionResponse < Struct.new(
       :key_id,
       :deletion_date)
       include Aws::Structure
     end
 
+    # A key-value pair. A tag consists of a tag key and a tag value. Tag
+    # keys and tag values are both required, but tag values can be empty
+    # (null) strings.
+    #
+    # @note When making an API call, you may pass Tag
+    #   data as a hash:
+    #
+    #       {
+    #         tag_key: "TagKeyType", # required
+    #         tag_value: "TagValueType", # required
+    #       }
+    #
+    # @!attribute [rw] tag_key
+    #   The key of the tag.
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_value
+    #   The value of the tag.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Tag AWS API Documentation
+    #
+    class Tag < Struct.new(
+      :tag_key,
+      :tag_value)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass TagResourceRequest
+    #   data as a hash:
+    #
+    #       {
+    #         key_id: "KeyIdType", # required
+    #         tags: [ # required
+    #           {
+    #             tag_key: "TagKeyType", # required
+    #             tag_value: "TagValueType", # required
+    #           },
+    #         ],
+    #       }
+    #
+    # @!attribute [rw] key_id
+    #   A unique identifier for the CMK you are tagging. You can use the
+    #   unique key ID or the Amazon Resource Name (ARN) of the CMK.
+    #   Examples:
+    #
+    #   * Unique key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #   @return [String]
+    #
+    # @!attribute [rw] tags
+    #   One or more tags. Each tag consists of a tag key and a tag value.
+    #   @return [Array<Types::Tag>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResourceRequest AWS API Documentation
+    #
+    class TagResourceRequest < Struct.new(
+      :key_id,
+      :tags)
+      include Aws::Structure
+    end
+
+    # @note When making an API call, you may pass UntagResourceRequest
+    #   data as a hash:
+    #
+    #       {
+    #         key_id: "KeyIdType", # required
+    #         tag_keys: ["TagKeyType"], # required
+    #       }
+    #
+    # @!attribute [rw] key_id
+    #   A unique identifier for the CMK from which you are removing tags.
+    #   You can use the unique key ID or the Amazon Resource Name (ARN) of
+    #   the CMK. Examples:
+    #
+    #   * Unique key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #   @return [String]
+    #
+    # @!attribute [rw] tag_keys
+    #   One or more tag keys. Specify only the tag keys, not the tag values.
+    #   @return [Array<String>]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResourceRequest AWS API Documentation
+    #
+    class UntagResourceRequest < Struct.new(
+      :key_id,
+      :tag_keys)
+      include Aws::Structure
+    end
+
     # @note When making an API call, you may pass UpdateAliasRequest
     #   data as a hash:
     #
@@ -1948,6 +2234,8 @@ module Aws::KMS
     #   correct `TargetKeyId`.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAliasRequest AWS API Documentation
+    #
     class UpdateAliasRequest < Struct.new(
       :alias_name,
       :target_key_id)
@@ -1977,6 +2265,8 @@ module Aws::KMS
     #   New description for the CMK.
     #   @return [String]
     #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescriptionRequest AWS API Documentation
+    #
     class UpdateKeyDescriptionRequest < Struct.new(
       :key_id,
       :description)