aws-sdk-kms 1.12.0 → 1.13.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-kms.rb +1 -1
- data/lib/aws-sdk-kms/client.rb +722 -113
- data/lib/aws-sdk-kms/client_api.rb +172 -0
- data/lib/aws-sdk-kms/types.rb +493 -48
- metadata +2 -2
@@ -22,24 +22,50 @@ module Aws::KMS
|
|
22
22
|
CancelKeyDeletionRequest = Shapes::StructureShape.new(name: 'CancelKeyDeletionRequest')
|
23
23
|
CancelKeyDeletionResponse = Shapes::StructureShape.new(name: 'CancelKeyDeletionResponse')
|
24
24
|
CiphertextType = Shapes::BlobShape.new(name: 'CiphertextType')
|
25
|
+
CloudHsmClusterIdType = Shapes::StringShape.new(name: 'CloudHsmClusterIdType')
|
26
|
+
CloudHsmClusterInUseException = Shapes::StructureShape.new(name: 'CloudHsmClusterInUseException')
|
27
|
+
CloudHsmClusterInvalidConfigurationException = Shapes::StructureShape.new(name: 'CloudHsmClusterInvalidConfigurationException')
|
28
|
+
CloudHsmClusterNotActiveException = Shapes::StructureShape.new(name: 'CloudHsmClusterNotActiveException')
|
29
|
+
CloudHsmClusterNotFoundException = Shapes::StructureShape.new(name: 'CloudHsmClusterNotFoundException')
|
30
|
+
CloudHsmClusterNotRelatedException = Shapes::StructureShape.new(name: 'CloudHsmClusterNotRelatedException')
|
31
|
+
ConnectCustomKeyStoreRequest = Shapes::StructureShape.new(name: 'ConnectCustomKeyStoreRequest')
|
32
|
+
ConnectCustomKeyStoreResponse = Shapes::StructureShape.new(name: 'ConnectCustomKeyStoreResponse')
|
33
|
+
ConnectionErrorCodeType = Shapes::StringShape.new(name: 'ConnectionErrorCodeType')
|
34
|
+
ConnectionStateType = Shapes::StringShape.new(name: 'ConnectionStateType')
|
25
35
|
CreateAliasRequest = Shapes::StructureShape.new(name: 'CreateAliasRequest')
|
36
|
+
CreateCustomKeyStoreRequest = Shapes::StructureShape.new(name: 'CreateCustomKeyStoreRequest')
|
37
|
+
CreateCustomKeyStoreResponse = Shapes::StructureShape.new(name: 'CreateCustomKeyStoreResponse')
|
26
38
|
CreateGrantRequest = Shapes::StructureShape.new(name: 'CreateGrantRequest')
|
27
39
|
CreateGrantResponse = Shapes::StructureShape.new(name: 'CreateGrantResponse')
|
28
40
|
CreateKeyRequest = Shapes::StructureShape.new(name: 'CreateKeyRequest')
|
29
41
|
CreateKeyResponse = Shapes::StructureShape.new(name: 'CreateKeyResponse')
|
42
|
+
CustomKeyStoreHasCMKsException = Shapes::StructureShape.new(name: 'CustomKeyStoreHasCMKsException')
|
43
|
+
CustomKeyStoreIdType = Shapes::StringShape.new(name: 'CustomKeyStoreIdType')
|
44
|
+
CustomKeyStoreInvalidStateException = Shapes::StructureShape.new(name: 'CustomKeyStoreInvalidStateException')
|
45
|
+
CustomKeyStoreNameInUseException = Shapes::StructureShape.new(name: 'CustomKeyStoreNameInUseException')
|
46
|
+
CustomKeyStoreNameType = Shapes::StringShape.new(name: 'CustomKeyStoreNameType')
|
47
|
+
CustomKeyStoreNotFoundException = Shapes::StructureShape.new(name: 'CustomKeyStoreNotFoundException')
|
48
|
+
CustomKeyStoresList = Shapes::ListShape.new(name: 'CustomKeyStoresList')
|
49
|
+
CustomKeyStoresListEntry = Shapes::StructureShape.new(name: 'CustomKeyStoresListEntry')
|
30
50
|
DataKeySpec = Shapes::StringShape.new(name: 'DataKeySpec')
|
31
51
|
DateType = Shapes::TimestampShape.new(name: 'DateType')
|
32
52
|
DecryptRequest = Shapes::StructureShape.new(name: 'DecryptRequest')
|
33
53
|
DecryptResponse = Shapes::StructureShape.new(name: 'DecryptResponse')
|
34
54
|
DeleteAliasRequest = Shapes::StructureShape.new(name: 'DeleteAliasRequest')
|
55
|
+
DeleteCustomKeyStoreRequest = Shapes::StructureShape.new(name: 'DeleteCustomKeyStoreRequest')
|
56
|
+
DeleteCustomKeyStoreResponse = Shapes::StructureShape.new(name: 'DeleteCustomKeyStoreResponse')
|
35
57
|
DeleteImportedKeyMaterialRequest = Shapes::StructureShape.new(name: 'DeleteImportedKeyMaterialRequest')
|
36
58
|
DependencyTimeoutException = Shapes::StructureShape.new(name: 'DependencyTimeoutException')
|
59
|
+
DescribeCustomKeyStoresRequest = Shapes::StructureShape.new(name: 'DescribeCustomKeyStoresRequest')
|
60
|
+
DescribeCustomKeyStoresResponse = Shapes::StructureShape.new(name: 'DescribeCustomKeyStoresResponse')
|
37
61
|
DescribeKeyRequest = Shapes::StructureShape.new(name: 'DescribeKeyRequest')
|
38
62
|
DescribeKeyResponse = Shapes::StructureShape.new(name: 'DescribeKeyResponse')
|
39
63
|
DescriptionType = Shapes::StringShape.new(name: 'DescriptionType')
|
40
64
|
DisableKeyRequest = Shapes::StructureShape.new(name: 'DisableKeyRequest')
|
41
65
|
DisableKeyRotationRequest = Shapes::StructureShape.new(name: 'DisableKeyRotationRequest')
|
42
66
|
DisabledException = Shapes::StructureShape.new(name: 'DisabledException')
|
67
|
+
DisconnectCustomKeyStoreRequest = Shapes::StructureShape.new(name: 'DisconnectCustomKeyStoreRequest')
|
68
|
+
DisconnectCustomKeyStoreResponse = Shapes::StructureShape.new(name: 'DisconnectCustomKeyStoreResponse')
|
43
69
|
EnableKeyRequest = Shapes::StructureShape.new(name: 'EnableKeyRequest')
|
44
70
|
EnableKeyRotationRequest = Shapes::StructureShape.new(name: 'EnableKeyRotationRequest')
|
45
71
|
EncryptRequest = Shapes::StructureShape.new(name: 'EncryptRequest')
|
@@ -74,6 +100,7 @@ module Aws::KMS
|
|
74
100
|
ImportKeyMaterialRequest = Shapes::StructureShape.new(name: 'ImportKeyMaterialRequest')
|
75
101
|
ImportKeyMaterialResponse = Shapes::StructureShape.new(name: 'ImportKeyMaterialResponse')
|
76
102
|
IncorrectKeyMaterialException = Shapes::StructureShape.new(name: 'IncorrectKeyMaterialException')
|
103
|
+
IncorrectTrustAnchorException = Shapes::StructureShape.new(name: 'IncorrectTrustAnchorException')
|
77
104
|
InvalidAliasNameException = Shapes::StructureShape.new(name: 'InvalidAliasNameException')
|
78
105
|
InvalidArnException = Shapes::StructureShape.new(name: 'InvalidArnException')
|
79
106
|
InvalidCiphertextException = Shapes::StructureShape.new(name: 'InvalidCiphertextException')
|
@@ -90,6 +117,7 @@ module Aws::KMS
|
|
90
117
|
KeyManagerType = Shapes::StringShape.new(name: 'KeyManagerType')
|
91
118
|
KeyMetadata = Shapes::StructureShape.new(name: 'KeyMetadata')
|
92
119
|
KeyState = Shapes::StringShape.new(name: 'KeyState')
|
120
|
+
KeyStorePasswordType = Shapes::StringShape.new(name: 'KeyStorePasswordType')
|
93
121
|
KeyUnavailableException = Shapes::StructureShape.new(name: 'KeyUnavailableException')
|
94
122
|
KeyUsageType = Shapes::StringShape.new(name: 'KeyUsageType')
|
95
123
|
LimitExceededException = Shapes::StructureShape.new(name: 'LimitExceededException')
|
@@ -130,9 +158,12 @@ module Aws::KMS
|
|
130
158
|
TagList = Shapes::ListShape.new(name: 'TagList')
|
131
159
|
TagResourceRequest = Shapes::StructureShape.new(name: 'TagResourceRequest')
|
132
160
|
TagValueType = Shapes::StringShape.new(name: 'TagValueType')
|
161
|
+
TrustAnchorCertificateType = Shapes::StringShape.new(name: 'TrustAnchorCertificateType')
|
133
162
|
UnsupportedOperationException = Shapes::StructureShape.new(name: 'UnsupportedOperationException')
|
134
163
|
UntagResourceRequest = Shapes::StructureShape.new(name: 'UntagResourceRequest')
|
135
164
|
UpdateAliasRequest = Shapes::StructureShape.new(name: 'UpdateAliasRequest')
|
165
|
+
UpdateCustomKeyStoreRequest = Shapes::StructureShape.new(name: 'UpdateCustomKeyStoreRequest')
|
166
|
+
UpdateCustomKeyStoreResponse = Shapes::StructureShape.new(name: 'UpdateCustomKeyStoreResponse')
|
136
167
|
UpdateKeyDescriptionRequest = Shapes::StructureShape.new(name: 'UpdateKeyDescriptionRequest')
|
137
168
|
WrappingKeySpec = Shapes::StringShape.new(name: 'WrappingKeySpec')
|
138
169
|
|
@@ -149,10 +180,24 @@ module Aws::KMS
|
|
149
180
|
CancelKeyDeletionResponse.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, location_name: "KeyId"))
|
150
181
|
CancelKeyDeletionResponse.struct_class = Types::CancelKeyDeletionResponse
|
151
182
|
|
183
|
+
ConnectCustomKeyStoreRequest.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, required: true, location_name: "CustomKeyStoreId"))
|
184
|
+
ConnectCustomKeyStoreRequest.struct_class = Types::ConnectCustomKeyStoreRequest
|
185
|
+
|
186
|
+
ConnectCustomKeyStoreResponse.struct_class = Types::ConnectCustomKeyStoreResponse
|
187
|
+
|
152
188
|
CreateAliasRequest.add_member(:alias_name, Shapes::ShapeRef.new(shape: AliasNameType, required: true, location_name: "AliasName"))
|
153
189
|
CreateAliasRequest.add_member(:target_key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "TargetKeyId"))
|
154
190
|
CreateAliasRequest.struct_class = Types::CreateAliasRequest
|
155
191
|
|
192
|
+
CreateCustomKeyStoreRequest.add_member(:custom_key_store_name, Shapes::ShapeRef.new(shape: CustomKeyStoreNameType, required: true, location_name: "CustomKeyStoreName"))
|
193
|
+
CreateCustomKeyStoreRequest.add_member(:cloud_hsm_cluster_id, Shapes::ShapeRef.new(shape: CloudHsmClusterIdType, required: true, location_name: "CloudHsmClusterId"))
|
194
|
+
CreateCustomKeyStoreRequest.add_member(:trust_anchor_certificate, Shapes::ShapeRef.new(shape: TrustAnchorCertificateType, required: true, location_name: "TrustAnchorCertificate"))
|
195
|
+
CreateCustomKeyStoreRequest.add_member(:key_store_password, Shapes::ShapeRef.new(shape: KeyStorePasswordType, required: true, location_name: "KeyStorePassword"))
|
196
|
+
CreateCustomKeyStoreRequest.struct_class = Types::CreateCustomKeyStoreRequest
|
197
|
+
|
198
|
+
CreateCustomKeyStoreResponse.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, location_name: "CustomKeyStoreId"))
|
199
|
+
CreateCustomKeyStoreResponse.struct_class = Types::CreateCustomKeyStoreResponse
|
200
|
+
|
156
201
|
CreateGrantRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
|
157
202
|
CreateGrantRequest.add_member(:grantee_principal, Shapes::ShapeRef.new(shape: PrincipalIdType, required: true, location_name: "GranteePrincipal"))
|
158
203
|
CreateGrantRequest.add_member(:retiring_principal, Shapes::ShapeRef.new(shape: PrincipalIdType, location_name: "RetiringPrincipal"))
|
@@ -170,6 +215,7 @@ module Aws::KMS
|
|
170
215
|
CreateKeyRequest.add_member(:description, Shapes::ShapeRef.new(shape: DescriptionType, location_name: "Description"))
|
171
216
|
CreateKeyRequest.add_member(:key_usage, Shapes::ShapeRef.new(shape: KeyUsageType, location_name: "KeyUsage"))
|
172
217
|
CreateKeyRequest.add_member(:origin, Shapes::ShapeRef.new(shape: OriginType, location_name: "Origin"))
|
218
|
+
CreateKeyRequest.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, location_name: "CustomKeyStoreId"))
|
173
219
|
CreateKeyRequest.add_member(:bypass_policy_lockout_safety_check, Shapes::ShapeRef.new(shape: BooleanType, location_name: "BypassPolicyLockoutSafetyCheck"))
|
174
220
|
CreateKeyRequest.add_member(:tags, Shapes::ShapeRef.new(shape: TagList, location_name: "Tags"))
|
175
221
|
CreateKeyRequest.struct_class = Types::CreateKeyRequest
|
@@ -177,6 +223,17 @@ module Aws::KMS
|
|
177
223
|
CreateKeyResponse.add_member(:key_metadata, Shapes::ShapeRef.new(shape: KeyMetadata, location_name: "KeyMetadata"))
|
178
224
|
CreateKeyResponse.struct_class = Types::CreateKeyResponse
|
179
225
|
|
226
|
+
CustomKeyStoresList.member = Shapes::ShapeRef.new(shape: CustomKeyStoresListEntry)
|
227
|
+
|
228
|
+
CustomKeyStoresListEntry.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, location_name: "CustomKeyStoreId"))
|
229
|
+
CustomKeyStoresListEntry.add_member(:custom_key_store_name, Shapes::ShapeRef.new(shape: CustomKeyStoreNameType, location_name: "CustomKeyStoreName"))
|
230
|
+
CustomKeyStoresListEntry.add_member(:cloud_hsm_cluster_id, Shapes::ShapeRef.new(shape: CloudHsmClusterIdType, location_name: "CloudHsmClusterId"))
|
231
|
+
CustomKeyStoresListEntry.add_member(:trust_anchor_certificate, Shapes::ShapeRef.new(shape: TrustAnchorCertificateType, location_name: "TrustAnchorCertificate"))
|
232
|
+
CustomKeyStoresListEntry.add_member(:connection_state, Shapes::ShapeRef.new(shape: ConnectionStateType, location_name: "ConnectionState"))
|
233
|
+
CustomKeyStoresListEntry.add_member(:connection_error_code, Shapes::ShapeRef.new(shape: ConnectionErrorCodeType, location_name: "ConnectionErrorCode"))
|
234
|
+
CustomKeyStoresListEntry.add_member(:creation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "CreationDate"))
|
235
|
+
CustomKeyStoresListEntry.struct_class = Types::CustomKeyStoresListEntry
|
236
|
+
|
180
237
|
DecryptRequest.add_member(:ciphertext_blob, Shapes::ShapeRef.new(shape: CiphertextType, required: true, location_name: "CiphertextBlob"))
|
181
238
|
DecryptRequest.add_member(:encryption_context, Shapes::ShapeRef.new(shape: EncryptionContextType, location_name: "EncryptionContext"))
|
182
239
|
DecryptRequest.add_member(:grant_tokens, Shapes::ShapeRef.new(shape: GrantTokenList, location_name: "GrantTokens"))
|
@@ -189,9 +246,25 @@ module Aws::KMS
|
|
189
246
|
DeleteAliasRequest.add_member(:alias_name, Shapes::ShapeRef.new(shape: AliasNameType, required: true, location_name: "AliasName"))
|
190
247
|
DeleteAliasRequest.struct_class = Types::DeleteAliasRequest
|
191
248
|
|
249
|
+
DeleteCustomKeyStoreRequest.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, required: true, location_name: "CustomKeyStoreId"))
|
250
|
+
DeleteCustomKeyStoreRequest.struct_class = Types::DeleteCustomKeyStoreRequest
|
251
|
+
|
252
|
+
DeleteCustomKeyStoreResponse.struct_class = Types::DeleteCustomKeyStoreResponse
|
253
|
+
|
192
254
|
DeleteImportedKeyMaterialRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
|
193
255
|
DeleteImportedKeyMaterialRequest.struct_class = Types::DeleteImportedKeyMaterialRequest
|
194
256
|
|
257
|
+
DescribeCustomKeyStoresRequest.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, location_name: "CustomKeyStoreId"))
|
258
|
+
DescribeCustomKeyStoresRequest.add_member(:custom_key_store_name, Shapes::ShapeRef.new(shape: CustomKeyStoreNameType, location_name: "CustomKeyStoreName"))
|
259
|
+
DescribeCustomKeyStoresRequest.add_member(:limit, Shapes::ShapeRef.new(shape: LimitType, location_name: "Limit"))
|
260
|
+
DescribeCustomKeyStoresRequest.add_member(:marker, Shapes::ShapeRef.new(shape: MarkerType, location_name: "Marker"))
|
261
|
+
DescribeCustomKeyStoresRequest.struct_class = Types::DescribeCustomKeyStoresRequest
|
262
|
+
|
263
|
+
DescribeCustomKeyStoresResponse.add_member(:custom_key_stores, Shapes::ShapeRef.new(shape: CustomKeyStoresList, location_name: "CustomKeyStores"))
|
264
|
+
DescribeCustomKeyStoresResponse.add_member(:next_marker, Shapes::ShapeRef.new(shape: MarkerType, location_name: "NextMarker"))
|
265
|
+
DescribeCustomKeyStoresResponse.add_member(:truncated, Shapes::ShapeRef.new(shape: BooleanType, location_name: "Truncated"))
|
266
|
+
DescribeCustomKeyStoresResponse.struct_class = Types::DescribeCustomKeyStoresResponse
|
267
|
+
|
195
268
|
DescribeKeyRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
|
196
269
|
DescribeKeyRequest.add_member(:grant_tokens, Shapes::ShapeRef.new(shape: GrantTokenList, location_name: "GrantTokens"))
|
197
270
|
DescribeKeyRequest.struct_class = Types::DescribeKeyRequest
|
@@ -205,6 +278,11 @@ module Aws::KMS
|
|
205
278
|
DisableKeyRotationRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
|
206
279
|
DisableKeyRotationRequest.struct_class = Types::DisableKeyRotationRequest
|
207
280
|
|
281
|
+
DisconnectCustomKeyStoreRequest.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, required: true, location_name: "CustomKeyStoreId"))
|
282
|
+
DisconnectCustomKeyStoreRequest.struct_class = Types::DisconnectCustomKeyStoreRequest
|
283
|
+
|
284
|
+
DisconnectCustomKeyStoreResponse.struct_class = Types::DisconnectCustomKeyStoreResponse
|
285
|
+
|
208
286
|
EnableKeyRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
|
209
287
|
EnableKeyRequest.struct_class = Types::EnableKeyRequest
|
210
288
|
|
@@ -248,6 +326,7 @@ module Aws::KMS
|
|
248
326
|
GenerateDataKeyWithoutPlaintextResponse.struct_class = Types::GenerateDataKeyWithoutPlaintextResponse
|
249
327
|
|
250
328
|
GenerateRandomRequest.add_member(:number_of_bytes, Shapes::ShapeRef.new(shape: NumberOfBytesType, location_name: "NumberOfBytes"))
|
329
|
+
GenerateRandomRequest.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, location_name: "CustomKeyStoreId"))
|
251
330
|
GenerateRandomRequest.struct_class = Types::GenerateRandomRequest
|
252
331
|
|
253
332
|
GenerateRandomResponse.add_member(:plaintext, Shapes::ShapeRef.new(shape: PlaintextType, location_name: "Plaintext"))
|
@@ -324,6 +403,8 @@ module Aws::KMS
|
|
324
403
|
KeyMetadata.add_member(:deletion_date, Shapes::ShapeRef.new(shape: DateType, location_name: "DeletionDate"))
|
325
404
|
KeyMetadata.add_member(:valid_to, Shapes::ShapeRef.new(shape: DateType, location_name: "ValidTo"))
|
326
405
|
KeyMetadata.add_member(:origin, Shapes::ShapeRef.new(shape: OriginType, location_name: "Origin"))
|
406
|
+
KeyMetadata.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, location_name: "CustomKeyStoreId"))
|
407
|
+
KeyMetadata.add_member(:cloud_hsm_cluster_id, Shapes::ShapeRef.new(shape: CloudHsmClusterIdType, location_name: "CloudHsmClusterId"))
|
327
408
|
KeyMetadata.add_member(:expiration_model, Shapes::ShapeRef.new(shape: ExpirationModelType, location_name: "ExpirationModel"))
|
328
409
|
KeyMetadata.add_member(:key_manager, Shapes::ShapeRef.new(shape: KeyManagerType, location_name: "KeyManager"))
|
329
410
|
KeyMetadata.struct_class = Types::KeyMetadata
|
@@ -439,6 +520,14 @@ module Aws::KMS
|
|
439
520
|
UpdateAliasRequest.add_member(:target_key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "TargetKeyId"))
|
440
521
|
UpdateAliasRequest.struct_class = Types::UpdateAliasRequest
|
441
522
|
|
523
|
+
UpdateCustomKeyStoreRequest.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, required: true, location_name: "CustomKeyStoreId"))
|
524
|
+
UpdateCustomKeyStoreRequest.add_member(:new_custom_key_store_name, Shapes::ShapeRef.new(shape: CustomKeyStoreNameType, location_name: "NewCustomKeyStoreName"))
|
525
|
+
UpdateCustomKeyStoreRequest.add_member(:key_store_password, Shapes::ShapeRef.new(shape: KeyStorePasswordType, location_name: "KeyStorePassword"))
|
526
|
+
UpdateCustomKeyStoreRequest.add_member(:cloud_hsm_cluster_id, Shapes::ShapeRef.new(shape: CloudHsmClusterIdType, location_name: "CloudHsmClusterId"))
|
527
|
+
UpdateCustomKeyStoreRequest.struct_class = Types::UpdateCustomKeyStoreRequest
|
528
|
+
|
529
|
+
UpdateCustomKeyStoreResponse.struct_class = Types::UpdateCustomKeyStoreResponse
|
530
|
+
|
442
531
|
UpdateKeyDescriptionRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
|
443
532
|
UpdateKeyDescriptionRequest.add_member(:description, Shapes::ShapeRef.new(shape: DescriptionType, required: true, location_name: "Description"))
|
444
533
|
UpdateKeyDescriptionRequest.struct_class = Types::UpdateKeyDescriptionRequest
|
@@ -475,6 +564,19 @@ module Aws::KMS
|
|
475
564
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
476
565
|
end)
|
477
566
|
|
567
|
+
api.add_operation(:connect_custom_key_store, Seahorse::Model::Operation.new.tap do |o|
|
568
|
+
o.name = "ConnectCustomKeyStore"
|
569
|
+
o.http_method = "POST"
|
570
|
+
o.http_request_uri = "/"
|
571
|
+
o.input = Shapes::ShapeRef.new(shape: ConnectCustomKeyStoreRequest)
|
572
|
+
o.output = Shapes::ShapeRef.new(shape: ConnectCustomKeyStoreResponse)
|
573
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterNotActiveException)
|
574
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreInvalidStateException)
|
575
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreNotFoundException)
|
576
|
+
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
577
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterInvalidConfigurationException)
|
578
|
+
end)
|
579
|
+
|
478
580
|
api.add_operation(:create_alias, Seahorse::Model::Operation.new.tap do |o|
|
479
581
|
o.name = "CreateAlias"
|
480
582
|
o.http_method = "POST"
|
@@ -490,6 +592,21 @@ module Aws::KMS
|
|
490
592
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
491
593
|
end)
|
492
594
|
|
595
|
+
api.add_operation(:create_custom_key_store, Seahorse::Model::Operation.new.tap do |o|
|
596
|
+
o.name = "CreateCustomKeyStore"
|
597
|
+
o.http_method = "POST"
|
598
|
+
o.http_request_uri = "/"
|
599
|
+
o.input = Shapes::ShapeRef.new(shape: CreateCustomKeyStoreRequest)
|
600
|
+
o.output = Shapes::ShapeRef.new(shape: CreateCustomKeyStoreResponse)
|
601
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterInUseException)
|
602
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreNameInUseException)
|
603
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterNotFoundException)
|
604
|
+
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
605
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterNotActiveException)
|
606
|
+
o.errors << Shapes::ShapeRef.new(shape: IncorrectTrustAnchorException)
|
607
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterInvalidConfigurationException)
|
608
|
+
end)
|
609
|
+
|
493
610
|
api.add_operation(:create_grant, Seahorse::Model::Operation.new.tap do |o|
|
494
611
|
o.name = "CreateGrant"
|
495
612
|
o.http_method = "POST"
|
@@ -519,6 +636,9 @@ module Aws::KMS
|
|
519
636
|
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
520
637
|
o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
|
521
638
|
o.errors << Shapes::ShapeRef.new(shape: TagException)
|
639
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreNotFoundException)
|
640
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreInvalidStateException)
|
641
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterInvalidConfigurationException)
|
522
642
|
end)
|
523
643
|
|
524
644
|
api.add_operation(:decrypt, Seahorse::Model::Operation.new.tap do |o|
|
@@ -549,6 +669,18 @@ module Aws::KMS
|
|
549
669
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
550
670
|
end)
|
551
671
|
|
672
|
+
api.add_operation(:delete_custom_key_store, Seahorse::Model::Operation.new.tap do |o|
|
673
|
+
o.name = "DeleteCustomKeyStore"
|
674
|
+
o.http_method = "POST"
|
675
|
+
o.http_request_uri = "/"
|
676
|
+
o.input = Shapes::ShapeRef.new(shape: DeleteCustomKeyStoreRequest)
|
677
|
+
o.output = Shapes::ShapeRef.new(shape: DeleteCustomKeyStoreResponse)
|
678
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreHasCMKsException)
|
679
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreInvalidStateException)
|
680
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreNotFoundException)
|
681
|
+
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
682
|
+
end)
|
683
|
+
|
552
684
|
api.add_operation(:delete_imported_key_material, Seahorse::Model::Operation.new.tap do |o|
|
553
685
|
o.name = "DeleteImportedKeyMaterial"
|
554
686
|
o.http_method = "POST"
|
@@ -563,6 +695,16 @@ module Aws::KMS
|
|
563
695
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
564
696
|
end)
|
565
697
|
|
698
|
+
api.add_operation(:describe_custom_key_stores, Seahorse::Model::Operation.new.tap do |o|
|
699
|
+
o.name = "DescribeCustomKeyStores"
|
700
|
+
o.http_method = "POST"
|
701
|
+
o.http_request_uri = "/"
|
702
|
+
o.input = Shapes::ShapeRef.new(shape: DescribeCustomKeyStoresRequest)
|
703
|
+
o.output = Shapes::ShapeRef.new(shape: DescribeCustomKeyStoresResponse)
|
704
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreNotFoundException)
|
705
|
+
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
706
|
+
end)
|
707
|
+
|
566
708
|
api.add_operation(:describe_key, Seahorse::Model::Operation.new.tap do |o|
|
567
709
|
o.name = "DescribeKey"
|
568
710
|
o.http_method = "POST"
|
@@ -603,6 +745,17 @@ module Aws::KMS
|
|
603
745
|
o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
|
604
746
|
end)
|
605
747
|
|
748
|
+
api.add_operation(:disconnect_custom_key_store, Seahorse::Model::Operation.new.tap do |o|
|
749
|
+
o.name = "DisconnectCustomKeyStore"
|
750
|
+
o.http_method = "POST"
|
751
|
+
o.http_request_uri = "/"
|
752
|
+
o.input = Shapes::ShapeRef.new(shape: DisconnectCustomKeyStoreRequest)
|
753
|
+
o.output = Shapes::ShapeRef.new(shape: DisconnectCustomKeyStoreResponse)
|
754
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreInvalidStateException)
|
755
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreNotFoundException)
|
756
|
+
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
757
|
+
end)
|
758
|
+
|
606
759
|
api.add_operation(:enable_key, Seahorse::Model::Operation.new.tap do |o|
|
607
760
|
o.name = "EnableKey"
|
608
761
|
o.http_method = "POST"
|
@@ -688,6 +841,8 @@ module Aws::KMS
|
|
688
841
|
o.output = Shapes::ShapeRef.new(shape: GenerateRandomResponse)
|
689
842
|
o.errors << Shapes::ShapeRef.new(shape: DependencyTimeoutException)
|
690
843
|
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
844
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreNotFoundException)
|
845
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreInvalidStateException)
|
691
846
|
end)
|
692
847
|
|
693
848
|
api.add_operation(:get_key_policy, Seahorse::Model::Operation.new.tap do |o|
|
@@ -758,6 +913,8 @@ module Aws::KMS
|
|
758
913
|
o.errors << Shapes::ShapeRef.new(shape: DependencyTimeoutException)
|
759
914
|
o.errors << Shapes::ShapeRef.new(shape: InvalidMarkerException)
|
760
915
|
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
916
|
+
o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
|
917
|
+
o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
|
761
918
|
o[:pager] = Aws::Pager.new(
|
762
919
|
more_results: "truncated",
|
763
920
|
limit_key: "limit",
|
@@ -965,6 +1122,21 @@ module Aws::KMS
|
|
965
1122
|
o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
|
966
1123
|
end)
|
967
1124
|
|
1125
|
+
api.add_operation(:update_custom_key_store, Seahorse::Model::Operation.new.tap do |o|
|
1126
|
+
o.name = "UpdateCustomKeyStore"
|
1127
|
+
o.http_method = "POST"
|
1128
|
+
o.http_request_uri = "/"
|
1129
|
+
o.input = Shapes::ShapeRef.new(shape: UpdateCustomKeyStoreRequest)
|
1130
|
+
o.output = Shapes::ShapeRef.new(shape: UpdateCustomKeyStoreResponse)
|
1131
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreNotFoundException)
|
1132
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterNotFoundException)
|
1133
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterNotRelatedException)
|
1134
|
+
o.errors << Shapes::ShapeRef.new(shape: CustomKeyStoreInvalidStateException)
|
1135
|
+
o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
|
1136
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterNotActiveException)
|
1137
|
+
o.errors << Shapes::ShapeRef.new(shape: CloudHsmClusterInvalidConfigurationException)
|
1138
|
+
end)
|
1139
|
+
|
968
1140
|
api.add_operation(:update_key_description, Seahorse::Model::Operation.new.tap do |o|
|
969
1141
|
o.name = "UpdateKeyDescription"
|
970
1142
|
o.http_method = "POST"
|
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -74,6 +74,30 @@ module Aws::KMS
|
|
74
74
|
include Aws::Structure
|
75
75
|
end
|
76
76
|
|
77
|
+
# @note When making an API call, you may pass ConnectCustomKeyStoreRequest
|
78
|
+
# data as a hash:
|
79
|
+
#
|
80
|
+
# {
|
81
|
+
# custom_key_store_id: "CustomKeyStoreIdType", # required
|
82
|
+
# }
|
83
|
+
#
|
84
|
+
# @!attribute [rw] custom_key_store_id
|
85
|
+
# Enter the key store ID of the custom key store that you want to
|
86
|
+
# connect. To find the ID of a custom key store, use the
|
87
|
+
# DescribeCustomKeyStores operation.
|
88
|
+
# @return [String]
|
89
|
+
#
|
90
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStoreRequest AWS API Documentation
|
91
|
+
#
|
92
|
+
class ConnectCustomKeyStoreRequest < Struct.new(
|
93
|
+
:custom_key_store_id)
|
94
|
+
include Aws::Structure
|
95
|
+
end
|
96
|
+
|
97
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStoreResponse AWS API Documentation
|
98
|
+
#
|
99
|
+
class ConnectCustomKeyStoreResponse < Aws::EmptyStructure; end
|
100
|
+
|
77
101
|
# @note When making an API call, you may pass CreateAliasRequest
|
78
102
|
# data as a hash:
|
79
103
|
#
|
@@ -83,10 +107,9 @@ module Aws::KMS
|
|
83
107
|
# }
|
84
108
|
#
|
85
109
|
# @!attribute [rw] alias_name
|
86
|
-
#
|
87
|
-
# followed by
|
88
|
-
#
|
89
|
-
# for AWS managed CMKs.
|
110
|
+
# String that contains the display name. The name must start with the
|
111
|
+
# word "alias" followed by a forward slash (alias/). Aliases that
|
112
|
+
# begin with "alias/AWS" are reserved.
|
90
113
|
# @return [String]
|
91
114
|
#
|
92
115
|
# @!attribute [rw] target_key_id
|
@@ -114,6 +137,76 @@ module Aws::KMS
|
|
114
137
|
include Aws::Structure
|
115
138
|
end
|
116
139
|
|
140
|
+
# @note When making an API call, you may pass CreateCustomKeyStoreRequest
|
141
|
+
# data as a hash:
|
142
|
+
#
|
143
|
+
# {
|
144
|
+
# custom_key_store_name: "CustomKeyStoreNameType", # required
|
145
|
+
# cloud_hsm_cluster_id: "CloudHsmClusterIdType", # required
|
146
|
+
# trust_anchor_certificate: "TrustAnchorCertificateType", # required
|
147
|
+
# key_store_password: "KeyStorePasswordType", # required
|
148
|
+
# }
|
149
|
+
#
|
150
|
+
# @!attribute [rw] custom_key_store_name
|
151
|
+
# Specifies a friendly name for the custom key store. The name must be
|
152
|
+
# unique in your AWS account.
|
153
|
+
# @return [String]
|
154
|
+
#
|
155
|
+
# @!attribute [rw] cloud_hsm_cluster_id
|
156
|
+
# Identifies the AWS CloudHSM cluster for the custom key store. Enter
|
157
|
+
# the cluster ID of any active AWS CloudHSM cluster that is not
|
158
|
+
# already associated with a custom key store. To find the cluster ID,
|
159
|
+
# use the [DescribeClusters][1] operation.
|
160
|
+
#
|
161
|
+
#
|
162
|
+
#
|
163
|
+
# [1]: http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
164
|
+
# @return [String]
|
165
|
+
#
|
166
|
+
# @!attribute [rw] trust_anchor_certificate
|
167
|
+
# Enter the content of the trust anchor certificate for the cluster.
|
168
|
+
# This is the content of the `customerCA.crt` file that you created
|
169
|
+
# when you [initialized the cluster][1].
|
170
|
+
#
|
171
|
+
#
|
172
|
+
#
|
173
|
+
# [1]: http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html
|
174
|
+
# @return [String]
|
175
|
+
#
|
176
|
+
# @!attribute [rw] key_store_password
|
177
|
+
# Enter the password of the [ `kmsuser` crypto user (CU) account][1]
|
178
|
+
# in the specified AWS CloudHSM cluster. AWS KMS logs into the cluster
|
179
|
+
# as this user to manage key material on your behalf.
|
180
|
+
#
|
181
|
+
# This parameter tells AWS KMS the `kmsuser` account password; it does
|
182
|
+
# not change the password in the AWS CloudHSM cluster.
|
183
|
+
#
|
184
|
+
#
|
185
|
+
#
|
186
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser
|
187
|
+
# @return [String]
|
188
|
+
#
|
189
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStoreRequest AWS API Documentation
|
190
|
+
#
|
191
|
+
class CreateCustomKeyStoreRequest < Struct.new(
|
192
|
+
:custom_key_store_name,
|
193
|
+
:cloud_hsm_cluster_id,
|
194
|
+
:trust_anchor_certificate,
|
195
|
+
:key_store_password)
|
196
|
+
include Aws::Structure
|
197
|
+
end
|
198
|
+
|
199
|
+
# @!attribute [rw] custom_key_store_id
|
200
|
+
# A unique identifier for the new custom key store.
|
201
|
+
# @return [String]
|
202
|
+
#
|
203
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStoreResponse AWS API Documentation
|
204
|
+
#
|
205
|
+
class CreateCustomKeyStoreResponse < Struct.new(
|
206
|
+
:custom_key_store_id)
|
207
|
+
include Aws::Structure
|
208
|
+
end
|
209
|
+
|
117
210
|
# @note When making an API call, you may pass CreateGrantRequest
|
118
211
|
# data as a hash:
|
119
212
|
#
|
@@ -214,8 +307,7 @@ module Aws::KMS
|
|
214
307
|
#
|
215
308
|
# @!attribute [rw] name
|
216
309
|
# A friendly name for identifying the grant. Use this value to prevent
|
217
|
-
#
|
218
|
-
# request.
|
310
|
+
# unintended creation of duplicate grants when retrying this request.
|
219
311
|
#
|
220
312
|
# When this value is absent, all `CreateGrant` requests result in a
|
221
313
|
# new grant with a unique `GrantId` even if all the supplied
|
@@ -276,7 +368,8 @@ module Aws::KMS
|
|
276
368
|
# policy: "PolicyType",
|
277
369
|
# description: "DescriptionType",
|
278
370
|
# key_usage: "ENCRYPT_DECRYPT", # accepts ENCRYPT_DECRYPT
|
279
|
-
# origin: "AWS_KMS", # accepts AWS_KMS, EXTERNAL
|
371
|
+
# origin: "AWS_KMS", # accepts AWS_KMS, EXTERNAL, AWS_CLOUDHSM
|
372
|
+
# custom_key_store_id: "CustomKeyStoreIdType",
|
280
373
|
# bypass_policy_lockout_safety_check: false,
|
281
374
|
# tags: [
|
282
375
|
# {
|
@@ -302,11 +395,11 @@ module Aws::KMS
|
|
302
395
|
# principals. The principals in the key policy must exist and be
|
303
396
|
# visible to AWS KMS. When you create a new AWS principal (for
|
304
397
|
# example, an IAM user or role), you might need to enforce a delay
|
305
|
-
# before including the new principal in a key policy
|
306
|
-
#
|
307
|
-
#
|
308
|
-
#
|
309
|
-
#
|
398
|
+
# before including the new principal in a key policy because the new
|
399
|
+
# principal might not be immediately visible to AWS KMS. For more
|
400
|
+
# information, see [Changes that I make are not always immediately
|
401
|
+
# visible][2] in the *AWS Identity and Access Management User
|
402
|
+
# Guide*.
|
310
403
|
#
|
311
404
|
# If you do not provide a key policy, AWS KMS attaches a default key
|
312
405
|
# policy to the CMK. For more information, see [Default Key Policy][3]
|
@@ -335,21 +428,52 @@ module Aws::KMS
|
|
335
428
|
# @return [String]
|
336
429
|
#
|
337
430
|
# @!attribute [rw] origin
|
338
|
-
# The source of the CMK's key material.
|
431
|
+
# The source of the CMK's key material. You cannot change the origin
|
432
|
+
# after you create the CMK.
|
339
433
|
#
|
340
434
|
# The default is `AWS_KMS`, which means AWS KMS creates the key
|
341
|
-
# material
|
342
|
-
# creates a CMK without key material so that you can import key
|
343
|
-
# material from your existing key management infrastructure. For more
|
344
|
-
# information about importing key material into AWS KMS, see
|
345
|
-
# [Importing Key Material][1] in the *AWS Key Management Service
|
346
|
-
# Developer Guide*.
|
435
|
+
# material in its own key store.
|
347
436
|
#
|
348
|
-
#
|
437
|
+
# When the parameter value is `EXTERNAL`, AWS KMS creates a CMK
|
438
|
+
# without key material so that you can import key material from your
|
439
|
+
# existing key management infrastructure. For more information about
|
440
|
+
# importing key material into AWS KMS, see [Importing Key Material][1]
|
441
|
+
# in the *AWS Key Management Service Developer Guide*.
|
442
|
+
#
|
443
|
+
# When the parameter value is `AWS_CLOUDHSM`, AWS KMS creates the CMK
|
444
|
+
# in a AWS KMS [custom key store][2] and creates its key material in
|
445
|
+
# the associated AWS CloudHSM cluster. You must also use the
|
446
|
+
# `CustomKeyStoreId` parameter to identify the custom key store.
|
349
447
|
#
|
350
448
|
#
|
351
449
|
#
|
352
450
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
|
451
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html
|
452
|
+
# @return [String]
|
453
|
+
#
|
454
|
+
# @!attribute [rw] custom_key_store_id
|
455
|
+
# Creates the CMK in the specified [custom key store][1] and the key
|
456
|
+
# material in its associated AWS CloudHSM cluster. To create a CMK in
|
457
|
+
# a custom key store, you must also specify the `Origin` parameter
|
458
|
+
# with a value of `AWS_CLOUDHSM`. The AWS CloudHSM cluster that is
|
459
|
+
# associated with the custom key store must have at least two active
|
460
|
+
# HSMs, each in a different Availability Zone in the Region.
|
461
|
+
#
|
462
|
+
# To find the ID of a custom key store, use the
|
463
|
+
# DescribeCustomKeyStores operation.
|
464
|
+
#
|
465
|
+
# The response includes the custom key store ID and the ID of the AWS
|
466
|
+
# CloudHSM cluster.
|
467
|
+
#
|
468
|
+
# This operation is part of the [Custom Key Store feature][2] feature
|
469
|
+
# in AWS KMS, which combines the convenience and extensive integration
|
470
|
+
# of AWS KMS with the isolation and control of a single-tenant key
|
471
|
+
# store.
|
472
|
+
#
|
473
|
+
#
|
474
|
+
#
|
475
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html
|
476
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
353
477
|
# @return [String]
|
354
478
|
#
|
355
479
|
# @!attribute [rw] bypass_policy_lockout_safety_check
|
@@ -391,6 +515,7 @@ module Aws::KMS
|
|
391
515
|
:description,
|
392
516
|
:key_usage,
|
393
517
|
:origin,
|
518
|
+
:custom_key_store_id,
|
394
519
|
:bypass_policy_lockout_safety_check,
|
395
520
|
:tags)
|
396
521
|
include Aws::Structure
|
@@ -407,6 +532,103 @@ module Aws::KMS
|
|
407
532
|
include Aws::Structure
|
408
533
|
end
|
409
534
|
|
535
|
+
# Contains information about each custom key store in the custom key
|
536
|
+
# store list.
|
537
|
+
#
|
538
|
+
# @!attribute [rw] custom_key_store_id
|
539
|
+
# A unique identifier for the custom key store.
|
540
|
+
# @return [String]
|
541
|
+
#
|
542
|
+
# @!attribute [rw] custom_key_store_name
|
543
|
+
# The user-specified friendly name for the custom key store.
|
544
|
+
# @return [String]
|
545
|
+
#
|
546
|
+
# @!attribute [rw] cloud_hsm_cluster_id
|
547
|
+
# A unique identifier for the AWS CloudHSM cluster that is associated
|
548
|
+
# with the custom key store.
|
549
|
+
# @return [String]
|
550
|
+
#
|
551
|
+
# @!attribute [rw] trust_anchor_certificate
|
552
|
+
# The trust anchor certificate of the associated AWS CloudHSM cluster.
|
553
|
+
# When you [initialize the cluster][1], you create this certificate
|
554
|
+
# and save it in the `customerCA.crt` file.
|
555
|
+
#
|
556
|
+
#
|
557
|
+
#
|
558
|
+
# [1]: http://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr
|
559
|
+
# @return [String]
|
560
|
+
#
|
561
|
+
# @!attribute [rw] connection_state
|
562
|
+
# Indicates whether the custom key store is connected to its AWS
|
563
|
+
# CloudHSM cluster.
|
564
|
+
#
|
565
|
+
# You can create and use CMKs in your custom key stores only when its
|
566
|
+
# connection state is `CONNECTED`.
|
567
|
+
#
|
568
|
+
# The value is `DISCONNECTED` if the key store has never been
|
569
|
+
# connected or you use the DisconnectCustomKeyStore operation to
|
570
|
+
# disconnect it. If the value is `CONNECTED` but you are having
|
571
|
+
# trouble using the custom key store, make sure that its associated
|
572
|
+
# AWS CloudHSM cluster is active and contains at least one active HSM.
|
573
|
+
#
|
574
|
+
# A value of `FAILED` indicates that an attempt to connect was
|
575
|
+
# unsuccessful. For help resolving a connection failure, see
|
576
|
+
# [Troubleshooting a Custom Key Store][1] in the *AWS Key Management
|
577
|
+
# Service Developer Guide*.
|
578
|
+
#
|
579
|
+
#
|
580
|
+
#
|
581
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
|
582
|
+
# @return [String]
|
583
|
+
#
|
584
|
+
# @!attribute [rw] connection_error_code
|
585
|
+
# Describes the connection error. Valid values are:
|
586
|
+
#
|
587
|
+
# * `CLUSTER_NOT_FOUND` - AWS KMS cannot find the AWS CloudHSM cluster
|
588
|
+
# with the specified cluster ID.
|
589
|
+
#
|
590
|
+
# * `INSUFFICIENT_CLOUDHSM_HSMS` - The associated AWS CloudHSM cluster
|
591
|
+
# does not contain any active HSMs. To connect a custom key store to
|
592
|
+
# its AWS CloudHSM cluster, the cluster must contain at least one
|
593
|
+
# active HSM.
|
594
|
+
#
|
595
|
+
# * `INVALID_CREDENTIALS` - AWS KMS does not have the correct password
|
596
|
+
# for the `kmsuser` crypto user in the AWS CloudHSM cluster.
|
597
|
+
#
|
598
|
+
# * `NETWORK_ERRORS` - Network errors are preventing AWS KMS from
|
599
|
+
# connecting to the custom key store.
|
600
|
+
#
|
601
|
+
# * `USER_LOCKED_OUT` - The `kmsuser` CU account is locked out of the
|
602
|
+
# associated AWS CloudHSM cluster due to too many failed password
|
603
|
+
# attempts. Before you can connect your custom key store to its AWS
|
604
|
+
# CloudHSM cluster, you must change the `kmsuser` account password
|
605
|
+
# and update the password value for the custom key store.
|
606
|
+
#
|
607
|
+
# For help with connection failures, see [Troubleshooting Custom Key
|
608
|
+
# Stores][1] in the *AWS Key Management Service Developer Guide*.
|
609
|
+
#
|
610
|
+
#
|
611
|
+
#
|
612
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
|
613
|
+
# @return [String]
|
614
|
+
#
|
615
|
+
# @!attribute [rw] creation_date
|
616
|
+
# The date and time when the custom key store was created.
|
617
|
+
# @return [Time]
|
618
|
+
#
|
619
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoresListEntry AWS API Documentation
|
620
|
+
#
|
621
|
+
class CustomKeyStoresListEntry < Struct.new(
|
622
|
+
:custom_key_store_id,
|
623
|
+
:custom_key_store_name,
|
624
|
+
:cloud_hsm_cluster_id,
|
625
|
+
:trust_anchor_certificate,
|
626
|
+
:connection_state,
|
627
|
+
:connection_error_code,
|
628
|
+
:creation_date)
|
629
|
+
include Aws::Structure
|
630
|
+
end
|
631
|
+
|
410
632
|
# @note When making an API call, you may pass DecryptRequest
|
411
633
|
# data as a hash:
|
412
634
|
#
|
@@ -459,7 +681,7 @@ module Aws::KMS
|
|
459
681
|
#
|
460
682
|
# @!attribute [rw] plaintext
|
461
683
|
# Decrypted plaintext data. When you use the HTTP API or the AWS CLI,
|
462
|
-
# the value is Base64-
|
684
|
+
# the value is Base64-encdoded. Otherwise, it is not encoded.
|
463
685
|
# @return [String]
|
464
686
|
#
|
465
687
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptResponse AWS API Documentation
|
@@ -490,6 +712,29 @@ module Aws::KMS
|
|
490
712
|
include Aws::Structure
|
491
713
|
end
|
492
714
|
|
715
|
+
# @note When making an API call, you may pass DeleteCustomKeyStoreRequest
|
716
|
+
# data as a hash:
|
717
|
+
#
|
718
|
+
# {
|
719
|
+
# custom_key_store_id: "CustomKeyStoreIdType", # required
|
720
|
+
# }
|
721
|
+
#
|
722
|
+
# @!attribute [rw] custom_key_store_id
|
723
|
+
# Enter the ID of the custom key store you want to delete. To find the
|
724
|
+
# ID of a custom key store, use the DescribeCustomKeyStores operation.
|
725
|
+
# @return [String]
|
726
|
+
#
|
727
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStoreRequest AWS API Documentation
|
728
|
+
#
|
729
|
+
class DeleteCustomKeyStoreRequest < Struct.new(
|
730
|
+
:custom_key_store_id)
|
731
|
+
include Aws::Structure
|
732
|
+
end
|
733
|
+
|
734
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStoreResponse AWS API Documentation
|
735
|
+
#
|
736
|
+
class DeleteCustomKeyStoreResponse < Aws::EmptyStructure; end
|
737
|
+
|
493
738
|
# @note When making an API call, you may pass DeleteImportedKeyMaterialRequest
|
494
739
|
# data as a hash:
|
495
740
|
#
|
@@ -521,6 +766,83 @@ module Aws::KMS
|
|
521
766
|
include Aws::Structure
|
522
767
|
end
|
523
768
|
|
769
|
+
# @note When making an API call, you may pass DescribeCustomKeyStoresRequest
|
770
|
+
# data as a hash:
|
771
|
+
#
|
772
|
+
# {
|
773
|
+
# custom_key_store_id: "CustomKeyStoreIdType",
|
774
|
+
# custom_key_store_name: "CustomKeyStoreNameType",
|
775
|
+
# limit: 1,
|
776
|
+
# marker: "MarkerType",
|
777
|
+
# }
|
778
|
+
#
|
779
|
+
# @!attribute [rw] custom_key_store_id
|
780
|
+
# Gets only information about the specified custom key store. Enter
|
781
|
+
# the key store ID.
|
782
|
+
#
|
783
|
+
# By default, this operation gets information about all custom key
|
784
|
+
# stores in the account and region. To limit the output to a
|
785
|
+
# particular custom key store, you can use either the
|
786
|
+
# `CustomKeyStoreId` or `CustomKeyStoreName` parameter, but not both.
|
787
|
+
# @return [String]
|
788
|
+
#
|
789
|
+
# @!attribute [rw] custom_key_store_name
|
790
|
+
# Gets only information about the specified custom key store. Enter
|
791
|
+
# the friendly name of the custom key store.
|
792
|
+
#
|
793
|
+
# By default, this operation gets information about all custom key
|
794
|
+
# stores in the account and region. To limit the output to a
|
795
|
+
# particular custom key store, you can use either the
|
796
|
+
# `CustomKeyStoreId` or `CustomKeyStoreName` parameter, but not both.
|
797
|
+
# @return [String]
|
798
|
+
#
|
799
|
+
# @!attribute [rw] limit
|
800
|
+
# Use this parameter to specify the maximum number of items to return.
|
801
|
+
# When this value is present, AWS KMS does not return more than the
|
802
|
+
# specified number of items, but it might return fewer.
|
803
|
+
# @return [Integer]
|
804
|
+
#
|
805
|
+
# @!attribute [rw] marker
|
806
|
+
# Use this parameter in a subsequent request after you receive a
|
807
|
+
# response with truncated results. Set it to the value of `NextMarker`
|
808
|
+
# from the truncated response you just received.
|
809
|
+
# @return [String]
|
810
|
+
#
|
811
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStoresRequest AWS API Documentation
|
812
|
+
#
|
813
|
+
class DescribeCustomKeyStoresRequest < Struct.new(
|
814
|
+
:custom_key_store_id,
|
815
|
+
:custom_key_store_name,
|
816
|
+
:limit,
|
817
|
+
:marker)
|
818
|
+
include Aws::Structure
|
819
|
+
end
|
820
|
+
|
821
|
+
# @!attribute [rw] custom_key_stores
|
822
|
+
# Contains metadata about each custom key store.
|
823
|
+
# @return [Array<Types::CustomKeyStoresListEntry>]
|
824
|
+
#
|
825
|
+
# @!attribute [rw] next_marker
|
826
|
+
# When `Truncated` is true, this element is present and contains the
|
827
|
+
# value to use for the `Marker` parameter in a subsequent request.
|
828
|
+
# @return [String]
|
829
|
+
#
|
830
|
+
# @!attribute [rw] truncated
|
831
|
+
# A flag that indicates whether there are more items in the list. When
|
832
|
+
# this value is true, the list in this response is truncated. To get
|
833
|
+
# more items, pass the value of the `NextMarker` element in this
|
834
|
+
# response to the `Marker` parameter in a subsequent request.
|
835
|
+
# @return [Boolean]
|
836
|
+
#
|
837
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStoresResponse AWS API Documentation
|
838
|
+
#
|
839
|
+
class DescribeCustomKeyStoresResponse < Struct.new(
|
840
|
+
:custom_key_stores,
|
841
|
+
:next_marker,
|
842
|
+
:truncated)
|
843
|
+
include Aws::Structure
|
844
|
+
end
|
845
|
+
|
524
846
|
# @note When making an API call, you may pass DescribeKeyRequest
|
525
847
|
# data as a hash:
|
526
848
|
#
|
@@ -538,7 +860,7 @@ module Aws::KMS
|
|
538
860
|
#
|
539
861
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
540
862
|
# name, or alias ARN. When using an alias name, prefix it with
|
541
|
-
#
|
863
|
+
# "alias/". To specify a CMK in a different AWS account, you must
|
542
864
|
# use the key ARN or alias ARN.
|
543
865
|
#
|
544
866
|
# For example:
|
@@ -650,6 +972,30 @@ module Aws::KMS
|
|
650
972
|
include Aws::Structure
|
651
973
|
end
|
652
974
|
|
975
|
+
# @note When making an API call, you may pass DisconnectCustomKeyStoreRequest
|
976
|
+
# data as a hash:
|
977
|
+
#
|
978
|
+
# {
|
979
|
+
# custom_key_store_id: "CustomKeyStoreIdType", # required
|
980
|
+
# }
|
981
|
+
#
|
982
|
+
# @!attribute [rw] custom_key_store_id
|
983
|
+
# Enter the ID of the custom key store you want to disconnect. To find
|
984
|
+
# the ID of a custom key store, use the DescribeCustomKeyStores
|
985
|
+
# operation.
|
986
|
+
# @return [String]
|
987
|
+
#
|
988
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStoreRequest AWS API Documentation
|
989
|
+
#
|
990
|
+
class DisconnectCustomKeyStoreRequest < Struct.new(
|
991
|
+
:custom_key_store_id)
|
992
|
+
include Aws::Structure
|
993
|
+
end
|
994
|
+
|
995
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStoreResponse AWS API Documentation
|
996
|
+
#
|
997
|
+
class DisconnectCustomKeyStoreResponse < Aws::EmptyStructure; end
|
998
|
+
|
653
999
|
# @note When making an API call, you may pass EnableKeyRequest
|
654
1000
|
# data as a hash:
|
655
1001
|
#
|
@@ -727,7 +1073,7 @@ module Aws::KMS
|
|
727
1073
|
#
|
728
1074
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
729
1075
|
# name, or alias ARN. When using an alias name, prefix it with
|
730
|
-
#
|
1076
|
+
# "alias/". To specify a CMK in a different AWS account, you must
|
731
1077
|
# use the key ARN or alias ARN.
|
732
1078
|
#
|
733
1079
|
# For example:
|
@@ -783,7 +1129,7 @@ module Aws::KMS
|
|
783
1129
|
|
784
1130
|
# @!attribute [rw] ciphertext_blob
|
785
1131
|
# The encrypted plaintext. When you use the HTTP API or the AWS CLI,
|
786
|
-
# the value is Base64-
|
1132
|
+
# the value is Base64-encdoded. Otherwise, it is not encoded.
|
787
1133
|
# @return [String]
|
788
1134
|
#
|
789
1135
|
# @!attribute [rw] key_id
|
@@ -817,7 +1163,7 @@ module Aws::KMS
|
|
817
1163
|
#
|
818
1164
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
819
1165
|
# name, or alias ARN. When using an alias name, prefix it with
|
820
|
-
#
|
1166
|
+
# "alias/". To specify a CMK in a different AWS account, you must
|
821
1167
|
# use the key ARN or alias ARN.
|
822
1168
|
#
|
823
1169
|
# For example:
|
@@ -884,12 +1230,12 @@ module Aws::KMS
|
|
884
1230
|
|
885
1231
|
# @!attribute [rw] ciphertext_blob
|
886
1232
|
# The encrypted data encryption key. When you use the HTTP API or the
|
887
|
-
# AWS CLI, the value is Base64-
|
1233
|
+
# AWS CLI, the value is Base64-encdoded. Otherwise, it is not encoded.
|
888
1234
|
# @return [String]
|
889
1235
|
#
|
890
1236
|
# @!attribute [rw] plaintext
|
891
1237
|
# The data encryption key. When you use the HTTP API or the AWS CLI,
|
892
|
-
# the value is Base64-
|
1238
|
+
# the value is Base64-encdoded. Otherwise, it is not encoded. Use this
|
893
1239
|
# data key for local encryption and decryption, then remove it from
|
894
1240
|
# memory as soon as possible.
|
895
1241
|
# @return [String]
|
@@ -927,7 +1273,7 @@ module Aws::KMS
|
|
927
1273
|
#
|
928
1274
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
929
1275
|
# name, or alias ARN. When using an alias name, prefix it with
|
930
|
-
#
|
1276
|
+
# "alias/". To specify a CMK in a different AWS account, you must
|
931
1277
|
# use the key ARN or alias ARN.
|
932
1278
|
#
|
933
1279
|
# For example:
|
@@ -994,7 +1340,7 @@ module Aws::KMS
|
|
994
1340
|
|
995
1341
|
# @!attribute [rw] ciphertext_blob
|
996
1342
|
# The encrypted data encryption key. When you use the HTTP API or the
|
997
|
-
# AWS CLI, the value is Base64-
|
1343
|
+
# AWS CLI, the value is Base64-encdoded. Otherwise, it is not encoded.
|
998
1344
|
# @return [String]
|
999
1345
|
#
|
1000
1346
|
# @!attribute [rw] key_id
|
@@ -1015,22 +1361,34 @@ module Aws::KMS
|
|
1015
1361
|
#
|
1016
1362
|
# {
|
1017
1363
|
# number_of_bytes: 1,
|
1364
|
+
# custom_key_store_id: "CustomKeyStoreIdType",
|
1018
1365
|
# }
|
1019
1366
|
#
|
1020
1367
|
# @!attribute [rw] number_of_bytes
|
1021
1368
|
# The length of the byte string.
|
1022
1369
|
# @return [Integer]
|
1023
1370
|
#
|
1371
|
+
# @!attribute [rw] custom_key_store_id
|
1372
|
+
# Generates the random byte string in the AWS CloudHSM cluster that is
|
1373
|
+
# associated with the specified [custom key store][1]. To find the ID
|
1374
|
+
# of a custom key store, use the DescribeCustomKeyStores operation.
|
1375
|
+
#
|
1376
|
+
#
|
1377
|
+
#
|
1378
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html
|
1379
|
+
# @return [String]
|
1380
|
+
#
|
1024
1381
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomRequest AWS API Documentation
|
1025
1382
|
#
|
1026
1383
|
class GenerateRandomRequest < Struct.new(
|
1027
|
-
:number_of_bytes
|
1384
|
+
:number_of_bytes,
|
1385
|
+
:custom_key_store_id)
|
1028
1386
|
include Aws::Structure
|
1029
1387
|
end
|
1030
1388
|
|
1031
1389
|
# @!attribute [rw] plaintext
|
1032
1390
|
# The random byte string. When you use the HTTP API or the AWS CLI,
|
1033
|
-
# the value is Base64-
|
1391
|
+
# the value is Base64-encdoded. Otherwise, it is not encoded.
|
1034
1392
|
# @return [String]
|
1035
1393
|
#
|
1036
1394
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomResponse AWS API Documentation
|
@@ -1157,10 +1515,10 @@ module Aws::KMS
|
|
1157
1515
|
# @return [String]
|
1158
1516
|
#
|
1159
1517
|
# @!attribute [rw] wrapping_algorithm
|
1160
|
-
# The algorithm you use to encrypt the key material before
|
1161
|
-
# it with ImportKeyMaterial. For more information, see
|
1162
|
-
# Key Material][1] in the *AWS Key Management Service
|
1163
|
-
# Guide*.
|
1518
|
+
# The algorithm you will use to encrypt the key material before
|
1519
|
+
# importing it with ImportKeyMaterial. For more information, see
|
1520
|
+
# [Encrypt the Key Material][1] in the *AWS Key Management Service
|
1521
|
+
# Developer Guide*.
|
1164
1522
|
#
|
1165
1523
|
#
|
1166
1524
|
#
|
@@ -1214,7 +1572,7 @@ module Aws::KMS
|
|
1214
1572
|
end
|
1215
1573
|
|
1216
1574
|
# A structure that you can use to allow certain operations in the grant
|
1217
|
-
# only when the
|
1575
|
+
# only when the desired encryption context is present. For more
|
1218
1576
|
# information about encryption context, see [Encryption Context][1] in
|
1219
1577
|
# the *AWS Key Management Service Developer Guide*.
|
1220
1578
|
#
|
@@ -1222,7 +1580,7 @@ module Aws::KMS
|
|
1222
1580
|
# context as input. For example, the ` DescribeKey ` operation does not
|
1223
1581
|
# accept encryption context as input. A grant that allows the
|
1224
1582
|
# `DescribeKey` operation does so regardless of the grant constraints.
|
1225
|
-
# In
|
1583
|
+
# In constrast, the ` Encrypt ` operation accepts encryption context as
|
1226
1584
|
# input. A grant that allows the `Encrypt` operation does so only when
|
1227
1585
|
# the encryption context of the `Encrypt` operation satisfies the grant
|
1228
1586
|
# constraints.
|
@@ -1472,8 +1830,7 @@ module Aws::KMS
|
|
1472
1830
|
#
|
1473
1831
|
# @!attribute [rw] deletion_date
|
1474
1832
|
# The date and time after which AWS KMS deletes the CMK. This value is
|
1475
|
-
# present only when `KeyState` is `PendingDeletion
|
1476
|
-
# value is omitted.
|
1833
|
+
# present only when `KeyState` is `PendingDeletion`.
|
1477
1834
|
# @return [Time]
|
1478
1835
|
#
|
1479
1836
|
# @!attribute [rw] valid_to
|
@@ -1488,7 +1845,31 @@ module Aws::KMS
|
|
1488
1845
|
# The source of the CMK's key material. When this value is `AWS_KMS`,
|
1489
1846
|
# AWS KMS created the key material. When this value is `EXTERNAL`, the
|
1490
1847
|
# key material was imported from your existing key management
|
1491
|
-
# infrastructure or the CMK lacks key material.
|
1848
|
+
# infrastructure or the CMK lacks key material. When this value is
|
1849
|
+
# `AWS_CLOUDHSM`, the key material was created in the AWS CloudHSM
|
1850
|
+
# cluster associated with a custom key store.
|
1851
|
+
# @return [String]
|
1852
|
+
#
|
1853
|
+
# @!attribute [rw] custom_key_store_id
|
1854
|
+
# A unique identifier for the [custom key store][1] that contains the
|
1855
|
+
# CMK. This value is present only when the CMK is created in a custom
|
1856
|
+
# key store.
|
1857
|
+
#
|
1858
|
+
#
|
1859
|
+
#
|
1860
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html
|
1861
|
+
# @return [String]
|
1862
|
+
#
|
1863
|
+
# @!attribute [rw] cloud_hsm_cluster_id
|
1864
|
+
# The cluster ID of the AWS CloudHSM cluster that contains the key
|
1865
|
+
# material for the CMK. When you create a CMK in a [custom key
|
1866
|
+
# store][1], AWS KMS creates the key material for the CMK in the
|
1867
|
+
# associated AWS CloudHSM cluster. This value is present only when the
|
1868
|
+
# CMK is created in a custom key store.
|
1869
|
+
#
|
1870
|
+
#
|
1871
|
+
#
|
1872
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html
|
1492
1873
|
# @return [String]
|
1493
1874
|
#
|
1494
1875
|
# @!attribute [rw] expiration_model
|
@@ -1498,7 +1879,7 @@ module Aws::KMS
|
|
1498
1879
|
# @return [String]
|
1499
1880
|
#
|
1500
1881
|
# @!attribute [rw] key_manager
|
1501
|
-
# The CMK's manager. CMKs are either customer
|
1882
|
+
# The CMK's manager. CMKs are either customer-managed or AWS-managed.
|
1502
1883
|
# For more information about the difference, see [Customer Master
|
1503
1884
|
# Keys][1] in the *AWS Key Management Service Developer Guide*.
|
1504
1885
|
#
|
@@ -1521,6 +1902,8 @@ module Aws::KMS
|
|
1521
1902
|
:deletion_date,
|
1522
1903
|
:valid_to,
|
1523
1904
|
:origin,
|
1905
|
+
:custom_key_store_id,
|
1906
|
+
:cloud_hsm_cluster_id,
|
1524
1907
|
:expiration_model,
|
1525
1908
|
:key_manager)
|
1526
1909
|
include Aws::Structure
|
@@ -1982,11 +2365,11 @@ module Aws::KMS
|
|
1982
2365
|
# principals. The principals in the key policy must exist and be
|
1983
2366
|
# visible to AWS KMS. When you create a new AWS principal (for
|
1984
2367
|
# example, an IAM user or role), you might need to enforce a delay
|
1985
|
-
# before including the new principal in a key policy
|
1986
|
-
#
|
1987
|
-
#
|
1988
|
-
#
|
1989
|
-
#
|
2368
|
+
# before including the new principal in a key policy because the new
|
2369
|
+
# principal might not be immediately visible to AWS KMS. For more
|
2370
|
+
# information, see [Changes that I make are not always immediately
|
2371
|
+
# visible][2] in the *AWS Identity and Access Management User
|
2372
|
+
# Guide*.
|
1990
2373
|
#
|
1991
2374
|
# The key policy size limit is 32 kilobytes (32768 bytes).
|
1992
2375
|
#
|
@@ -2057,7 +2440,7 @@ module Aws::KMS
|
|
2057
2440
|
#
|
2058
2441
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
2059
2442
|
# name, or alias ARN. When using an alias name, prefix it with
|
2060
|
-
#
|
2443
|
+
# "alias/". To specify a CMK in a different AWS account, you must
|
2061
2444
|
# use the key ARN or alias ARN.
|
2062
2445
|
#
|
2063
2446
|
# For example:
|
@@ -2103,7 +2486,7 @@ module Aws::KMS
|
|
2103
2486
|
|
2104
2487
|
# @!attribute [rw] ciphertext_blob
|
2105
2488
|
# The reencrypted data. When you use the HTTP API or the AWS CLI, the
|
2106
|
-
# value is Base64-
|
2489
|
+
# value is Base64-encdoded. Otherwise, it is not encoded.
|
2107
2490
|
# @return [String]
|
2108
2491
|
#
|
2109
2492
|
# @!attribute [rw] source_key_id
|
@@ -2413,6 +2796,68 @@ module Aws::KMS
|
|
2413
2796
|
include Aws::Structure
|
2414
2797
|
end
|
2415
2798
|
|
2799
|
+
# @note When making an API call, you may pass UpdateCustomKeyStoreRequest
|
2800
|
+
# data as a hash:
|
2801
|
+
#
|
2802
|
+
# {
|
2803
|
+
# custom_key_store_id: "CustomKeyStoreIdType", # required
|
2804
|
+
# new_custom_key_store_name: "CustomKeyStoreNameType",
|
2805
|
+
# key_store_password: "KeyStorePasswordType",
|
2806
|
+
# cloud_hsm_cluster_id: "CloudHsmClusterIdType",
|
2807
|
+
# }
|
2808
|
+
#
|
2809
|
+
# @!attribute [rw] custom_key_store_id
|
2810
|
+
# Identifies the custom key store that you want to update. Enter the
|
2811
|
+
# ID of the custom key store. To find the ID of a custom key store,
|
2812
|
+
# use the DescribeCustomKeyStores operation.
|
2813
|
+
# @return [String]
|
2814
|
+
#
|
2815
|
+
# @!attribute [rw] new_custom_key_store_name
|
2816
|
+
# Changes the friendly name of the custom key store to the value that
|
2817
|
+
# you specify. The custom key store name must be unique in the AWS
|
2818
|
+
# account.
|
2819
|
+
# @return [String]
|
2820
|
+
#
|
2821
|
+
# @!attribute [rw] key_store_password
|
2822
|
+
# Enter the current password of the `kmsuser` crypto user (CU) in the
|
2823
|
+
# AWS CloudHSM cluster that is associated with the custom key store.
|
2824
|
+
#
|
2825
|
+
# This parameter tells AWS KMS the current password of the `kmsuser`
|
2826
|
+
# crypto user (CU). It does not set or change the password of any
|
2827
|
+
# users in the AWS CloudHSM cluster.
|
2828
|
+
# @return [String]
|
2829
|
+
#
|
2830
|
+
# @!attribute [rw] cloud_hsm_cluster_id
|
2831
|
+
# Associates the custom key store with a related AWS CloudHSM cluster.
|
2832
|
+
#
|
2833
|
+
# Enter the cluster ID of the cluster that you used to create the
|
2834
|
+
# custom key store or a cluster that shares a backup history with the
|
2835
|
+
# original cluster. You cannot use this parameter to associate a
|
2836
|
+
# custom key store with a different cluster.
|
2837
|
+
#
|
2838
|
+
# Clusters that share a backup history have the same cluster
|
2839
|
+
# certificate. To view the cluster certificate of a cluster, use the
|
2840
|
+
# [DescribeClusters][1] operation.
|
2841
|
+
#
|
2842
|
+
#
|
2843
|
+
#
|
2844
|
+
# [1]: http://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
2845
|
+
# @return [String]
|
2846
|
+
#
|
2847
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStoreRequest AWS API Documentation
|
2848
|
+
#
|
2849
|
+
class UpdateCustomKeyStoreRequest < Struct.new(
|
2850
|
+
:custom_key_store_id,
|
2851
|
+
:new_custom_key_store_name,
|
2852
|
+
:key_store_password,
|
2853
|
+
:cloud_hsm_cluster_id)
|
2854
|
+
include Aws::Structure
|
2855
|
+
end
|
2856
|
+
|
2857
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStoreResponse AWS API Documentation
|
2858
|
+
#
|
2859
|
+
class UpdateCustomKeyStoreResponse < Aws::EmptyStructure; end
|
2860
|
+
|
2416
2861
|
# @note When making an API call, you may pass UpdateKeyDescriptionRequest
|
2417
2862
|
# data as a hash:
|
2418
2863
|
#
|