aws-sdk-kms 1.16.0 → 1.24.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-kms.rb +1 -1
- data/lib/aws-sdk-kms/client.rb +388 -397
- data/lib/aws-sdk-kms/client_api.rb +93 -0
- data/lib/aws-sdk-kms/errors.rb +496 -0
- data/lib/aws-sdk-kms/types.rb +713 -176
- metadata +5 -5
data/lib/aws-sdk-kms/types.rb
CHANGED
|
@@ -11,7 +11,7 @@ module Aws::KMS
|
|
|
11
11
|
# Contains information about an alias.
|
|
12
12
|
#
|
|
13
13
|
# @!attribute [rw] alias_name
|
|
14
|
-
# String that contains the alias.
|
|
14
|
+
# String that contains the alias. This value begins with `alias/`.
|
|
15
15
|
# @return [String]
|
|
16
16
|
#
|
|
17
17
|
# @!attribute [rw] alias_arn
|
|
@@ -31,6 +31,19 @@ module Aws::KMS
|
|
|
31
31
|
include Aws::Structure
|
|
32
32
|
end
|
|
33
33
|
|
|
34
|
+
# The request was rejected because it attempted to create a resource
|
|
35
|
+
# that already exists.
|
|
36
|
+
#
|
|
37
|
+
# @!attribute [rw] message
|
|
38
|
+
# @return [String]
|
|
39
|
+
#
|
|
40
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/AlreadyExistsException AWS API Documentation
|
|
41
|
+
#
|
|
42
|
+
class AlreadyExistsException < Struct.new(
|
|
43
|
+
:message)
|
|
44
|
+
include Aws::Structure
|
|
45
|
+
end
|
|
46
|
+
|
|
34
47
|
# @note When making an API call, you may pass CancelKeyDeletionRequest
|
|
35
48
|
# data as a hash:
|
|
36
49
|
#
|
|
@@ -74,6 +87,143 @@ module Aws::KMS
|
|
|
74
87
|
include Aws::Structure
|
|
75
88
|
end
|
|
76
89
|
|
|
90
|
+
# The request was rejected because the specified AWS CloudHSM cluster is
|
|
91
|
+
# already associated with a custom key store or it shares a backup
|
|
92
|
+
# history with a cluster that is associated with a custom key store.
|
|
93
|
+
# Each custom key store must be associated with a different AWS CloudHSM
|
|
94
|
+
# cluster.
|
|
95
|
+
#
|
|
96
|
+
# Clusters that share a backup history have the same cluster
|
|
97
|
+
# certificate. To view the cluster certificate of a cluster, use the
|
|
98
|
+
# [DescribeClusters][1] operation.
|
|
99
|
+
#
|
|
100
|
+
#
|
|
101
|
+
#
|
|
102
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
|
103
|
+
#
|
|
104
|
+
# @!attribute [rw] message
|
|
105
|
+
# @return [String]
|
|
106
|
+
#
|
|
107
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterInUseException AWS API Documentation
|
|
108
|
+
#
|
|
109
|
+
class CloudHsmClusterInUseException < Struct.new(
|
|
110
|
+
:message)
|
|
111
|
+
include Aws::Structure
|
|
112
|
+
end
|
|
113
|
+
|
|
114
|
+
# The request was rejected because the associated AWS CloudHSM cluster
|
|
115
|
+
# did not meet the configuration requirements for a custom key store.
|
|
116
|
+
#
|
|
117
|
+
# * The cluster must be configured with private subnets in at least two
|
|
118
|
+
# different Availability Zones in the Region.
|
|
119
|
+
#
|
|
120
|
+
# * The [security group for the cluster][1]
|
|
121
|
+
# (cloudhsm-cluster-*<cluster-id>*-sg) must include inbound
|
|
122
|
+
# rules and outbound rules that allow TCP traffic on ports 2223-2225.
|
|
123
|
+
# The **Source** in the inbound rules and the **Destination** in the
|
|
124
|
+
# outbound rules must match the security group ID. These rules are set
|
|
125
|
+
# by default when you create the cluster. Do not delete or change
|
|
126
|
+
# them. To get information about a particular security group, use the
|
|
127
|
+
# [DescribeSecurityGroups][2] operation.
|
|
128
|
+
#
|
|
129
|
+
# * The cluster must contain at least as many HSMs as the operation
|
|
130
|
+
# requires. To add HSMs, use the AWS CloudHSM [CreateHsm][3]
|
|
131
|
+
# operation.
|
|
132
|
+
#
|
|
133
|
+
# For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
|
|
134
|
+
# operations, the AWS CloudHSM cluster must have at least two active
|
|
135
|
+
# HSMs, each in a different Availability Zone. For the
|
|
136
|
+
# ConnectCustomKeyStore operation, the AWS CloudHSM must contain at
|
|
137
|
+
# least one active HSM.
|
|
138
|
+
#
|
|
139
|
+
# For information about the requirements for an AWS CloudHSM cluster
|
|
140
|
+
# that is associated with a custom key store, see [Assemble the
|
|
141
|
+
# Prerequisites][4] in the *AWS Key Management Service Developer Guide*.
|
|
142
|
+
# For information about creating a private subnet for an AWS CloudHSM
|
|
143
|
+
# cluster, see [Create a Private Subnet][5] in the *AWS CloudHSM User
|
|
144
|
+
# Guide*. For information about cluster security groups, see [Configure
|
|
145
|
+
# a Default Security Group][1] in the <i> <i>AWS CloudHSM User Guide</i>
|
|
146
|
+
# </i>.
|
|
147
|
+
#
|
|
148
|
+
#
|
|
149
|
+
#
|
|
150
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html
|
|
151
|
+
# [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html
|
|
152
|
+
# [3]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html
|
|
153
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore
|
|
154
|
+
# [5]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html
|
|
155
|
+
#
|
|
156
|
+
# @!attribute [rw] message
|
|
157
|
+
# @return [String]
|
|
158
|
+
#
|
|
159
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterInvalidConfigurationException AWS API Documentation
|
|
160
|
+
#
|
|
161
|
+
class CloudHsmClusterInvalidConfigurationException < Struct.new(
|
|
162
|
+
:message)
|
|
163
|
+
include Aws::Structure
|
|
164
|
+
end
|
|
165
|
+
|
|
166
|
+
# The request was rejected because the AWS CloudHSM cluster that is
|
|
167
|
+
# associated with the custom key store is not active. Initialize and
|
|
168
|
+
# activate the cluster and try the command again. For detailed
|
|
169
|
+
# instructions, see [Getting Started][1] in the *AWS CloudHSM User
|
|
170
|
+
# Guide*.
|
|
171
|
+
#
|
|
172
|
+
#
|
|
173
|
+
#
|
|
174
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html
|
|
175
|
+
#
|
|
176
|
+
# @!attribute [rw] message
|
|
177
|
+
# @return [String]
|
|
178
|
+
#
|
|
179
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterNotActiveException AWS API Documentation
|
|
180
|
+
#
|
|
181
|
+
class CloudHsmClusterNotActiveException < Struct.new(
|
|
182
|
+
:message)
|
|
183
|
+
include Aws::Structure
|
|
184
|
+
end
|
|
185
|
+
|
|
186
|
+
# The request was rejected because AWS KMS cannot find the AWS CloudHSM
|
|
187
|
+
# cluster with the specified cluster ID. Retry the request with a
|
|
188
|
+
# different cluster ID.
|
|
189
|
+
#
|
|
190
|
+
# @!attribute [rw] message
|
|
191
|
+
# @return [String]
|
|
192
|
+
#
|
|
193
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterNotFoundException AWS API Documentation
|
|
194
|
+
#
|
|
195
|
+
class CloudHsmClusterNotFoundException < Struct.new(
|
|
196
|
+
:message)
|
|
197
|
+
include Aws::Structure
|
|
198
|
+
end
|
|
199
|
+
|
|
200
|
+
# The request was rejected because the specified AWS CloudHSM cluster
|
|
201
|
+
# has a different cluster certificate than the original cluster. You
|
|
202
|
+
# cannot use the operation to specify an unrelated cluster.
|
|
203
|
+
#
|
|
204
|
+
# Specify a cluster that shares a backup history with the original
|
|
205
|
+
# cluster. This includes clusters that were created from a backup of the
|
|
206
|
+
# current cluster, and clusters that were created from the same backup
|
|
207
|
+
# that produced the current cluster.
|
|
208
|
+
#
|
|
209
|
+
# Clusters that share a backup history have the same cluster
|
|
210
|
+
# certificate. To view the cluster certificate of a cluster, use the
|
|
211
|
+
# [DescribeClusters][1] operation.
|
|
212
|
+
#
|
|
213
|
+
#
|
|
214
|
+
#
|
|
215
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
|
216
|
+
#
|
|
217
|
+
# @!attribute [rw] message
|
|
218
|
+
# @return [String]
|
|
219
|
+
#
|
|
220
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterNotRelatedException AWS API Documentation
|
|
221
|
+
#
|
|
222
|
+
class CloudHsmClusterNotRelatedException < Struct.new(
|
|
223
|
+
:message)
|
|
224
|
+
include Aws::Structure
|
|
225
|
+
end
|
|
226
|
+
|
|
77
227
|
# @note When making an API call, you may pass ConnectCustomKeyStoreRequest
|
|
78
228
|
# data as a hash:
|
|
79
229
|
#
|
|
@@ -107,26 +257,22 @@ module Aws::KMS
|
|
|
107
257
|
# }
|
|
108
258
|
#
|
|
109
259
|
# @!attribute [rw] alias_name
|
|
110
|
-
#
|
|
111
|
-
#
|
|
112
|
-
# begin with
|
|
260
|
+
# Specifies the alias name. This value must begin with `alias/`
|
|
261
|
+
# followed by a name, such as `alias/ExampleAlias`. The alias name
|
|
262
|
+
# cannot begin with `alias/aws/`. The `alias/aws/` prefix is reserved
|
|
263
|
+
# for AWS managed CMKs.
|
|
113
264
|
# @return [String]
|
|
114
265
|
#
|
|
115
266
|
# @!attribute [rw] target_key_id
|
|
116
|
-
# Identifies the CMK
|
|
117
|
-
#
|
|
118
|
-
#
|
|
119
|
-
#
|
|
120
|
-
#
|
|
121
|
-
# For example:
|
|
267
|
+
# Identifies the CMK to which the alias refers. Specify the key ID or
|
|
268
|
+
# the Amazon Resource Name (ARN) of the CMK. You cannot specify
|
|
269
|
+
# another alias. For help finding the key ID and ARN, see [Finding the
|
|
270
|
+
# Key ID and ARN][1] in the *AWS Key Management Service Developer
|
|
271
|
+
# Guide*.
|
|
122
272
|
#
|
|
123
|
-
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
|
124
273
|
#
|
|
125
|
-
# * Key ARN:
|
|
126
|
-
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
|
127
274
|
#
|
|
128
|
-
#
|
|
129
|
-
# DescribeKey.
|
|
275
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn
|
|
130
276
|
# @return [String]
|
|
131
277
|
#
|
|
132
278
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAliasRequest AWS API Documentation
|
|
@@ -160,7 +306,7 @@ module Aws::KMS
|
|
|
160
306
|
#
|
|
161
307
|
#
|
|
162
308
|
#
|
|
163
|
-
# [1]:
|
|
309
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
|
164
310
|
# @return [String]
|
|
165
311
|
#
|
|
166
312
|
# @!attribute [rw] trust_anchor_certificate
|
|
@@ -170,7 +316,7 @@ module Aws::KMS
|
|
|
170
316
|
#
|
|
171
317
|
#
|
|
172
318
|
#
|
|
173
|
-
# [1]:
|
|
319
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html
|
|
174
320
|
# @return [String]
|
|
175
321
|
#
|
|
176
322
|
# @!attribute [rw] key_store_password
|
|
@@ -183,7 +329,7 @@ module Aws::KMS
|
|
|
183
329
|
#
|
|
184
330
|
#
|
|
185
331
|
#
|
|
186
|
-
# [1]:
|
|
332
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser
|
|
187
333
|
# @return [String]
|
|
188
334
|
#
|
|
189
335
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStoreRequest AWS API Documentation
|
|
@@ -258,8 +404,8 @@ module Aws::KMS
|
|
|
258
404
|
#
|
|
259
405
|
#
|
|
260
406
|
#
|
|
261
|
-
# [1]:
|
|
262
|
-
# [2]:
|
|
407
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
|
408
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
|
|
263
409
|
# @return [String]
|
|
264
410
|
#
|
|
265
411
|
# @!attribute [rw] retiring_principal
|
|
@@ -275,8 +421,8 @@ module Aws::KMS
|
|
|
275
421
|
#
|
|
276
422
|
#
|
|
277
423
|
#
|
|
278
|
-
# [1]:
|
|
279
|
-
# [2]:
|
|
424
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
|
425
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
|
|
280
426
|
# @return [String]
|
|
281
427
|
#
|
|
282
428
|
# @!attribute [rw] operations
|
|
@@ -284,14 +430,15 @@ module Aws::KMS
|
|
|
284
430
|
# @return [Array<String>]
|
|
285
431
|
#
|
|
286
432
|
# @!attribute [rw] constraints
|
|
287
|
-
#
|
|
288
|
-
#
|
|
289
|
-
# information about encryption context, see
|
|
290
|
-
# the
|
|
433
|
+
# Allows a cryptographic operation only when the encryption context
|
|
434
|
+
# matches or includes the encryption context specified in this
|
|
435
|
+
# structure. For more information about encryption context, see
|
|
436
|
+
# [Encryption Context][1] in the <i> <i>AWS Key Management Service
|
|
437
|
+
# Developer Guide</i> </i>.
|
|
291
438
|
#
|
|
292
439
|
#
|
|
293
440
|
#
|
|
294
|
-
# [1]:
|
|
441
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
|
295
442
|
# @return [Types::GrantConstraints]
|
|
296
443
|
#
|
|
297
444
|
# @!attribute [rw] grant_tokens
|
|
@@ -302,12 +449,13 @@ module Aws::KMS
|
|
|
302
449
|
#
|
|
303
450
|
#
|
|
304
451
|
#
|
|
305
|
-
# [1]:
|
|
452
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
|
306
453
|
# @return [Array<String>]
|
|
307
454
|
#
|
|
308
455
|
# @!attribute [rw] name
|
|
309
456
|
# A friendly name for identifying the grant. Use this value to prevent
|
|
310
|
-
# unintended creation of duplicate grants when retrying this
|
|
457
|
+
# the unintended creation of duplicate grants when retrying this
|
|
458
|
+
# request.
|
|
311
459
|
#
|
|
312
460
|
# When this value is absent, all `CreateGrant` requests result in a
|
|
313
461
|
# new grant with a unique `GrantId` even if all the supplied
|
|
@@ -343,7 +491,7 @@ module Aws::KMS
|
|
|
343
491
|
#
|
|
344
492
|
#
|
|
345
493
|
#
|
|
346
|
-
# [1]:
|
|
494
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
|
347
495
|
# @return [String]
|
|
348
496
|
#
|
|
349
497
|
# @!attribute [rw] grant_id
|
|
@@ -389,7 +537,8 @@ module Aws::KMS
|
|
|
389
537
|
# request to make a subsequent PutKeyPolicy request on the CMK. This
|
|
390
538
|
# reduces the risk that the CMK becomes unmanageable. For more
|
|
391
539
|
# information, refer to the scenario in the [Default Key Policy][1]
|
|
392
|
-
# section of the
|
|
540
|
+
# section of the <i> <i>AWS Key Management Service Developer
|
|
541
|
+
# Guide</i> </i>.
|
|
393
542
|
#
|
|
394
543
|
# * Each statement in the key policy must contain one or more
|
|
395
544
|
# principals. The principals in the key policy must exist and be
|
|
@@ -409,9 +558,9 @@ module Aws::KMS
|
|
|
409
558
|
#
|
|
410
559
|
#
|
|
411
560
|
#
|
|
412
|
-
# [1]:
|
|
413
|
-
# [2]:
|
|
414
|
-
# [3]:
|
|
561
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
|
562
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
|
|
563
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
|
415
564
|
# @return [String]
|
|
416
565
|
#
|
|
417
566
|
# @!attribute [rw] description
|
|
@@ -422,14 +571,14 @@ module Aws::KMS
|
|
|
422
571
|
# @return [String]
|
|
423
572
|
#
|
|
424
573
|
# @!attribute [rw] key_usage
|
|
425
|
-
# The
|
|
426
|
-
#
|
|
427
|
-
#
|
|
574
|
+
# The cryptographic operations for which you can use the CMK. The only
|
|
575
|
+
# valid value is `ENCRYPT_DECRYPT`, which means you can use the CMK to
|
|
576
|
+
# encrypt and decrypt data.
|
|
428
577
|
# @return [String]
|
|
429
578
|
#
|
|
430
579
|
# @!attribute [rw] origin
|
|
431
|
-
# The source of the
|
|
432
|
-
# after you create the CMK.
|
|
580
|
+
# The source of the key material for the CMK. You cannot change the
|
|
581
|
+
# origin after you create the CMK.
|
|
433
582
|
#
|
|
434
583
|
# The default is `AWS_KMS`, which means AWS KMS creates the key
|
|
435
584
|
# material in its own key store.
|
|
@@ -441,14 +590,14 @@ module Aws::KMS
|
|
|
441
590
|
# in the *AWS Key Management Service Developer Guide*.
|
|
442
591
|
#
|
|
443
592
|
# When the parameter value is `AWS_CLOUDHSM`, AWS KMS creates the CMK
|
|
444
|
-
# in
|
|
593
|
+
# in an AWS KMS [custom key store][2] and creates its key material in
|
|
445
594
|
# the associated AWS CloudHSM cluster. You must also use the
|
|
446
595
|
# `CustomKeyStoreId` parameter to identify the custom key store.
|
|
447
596
|
#
|
|
448
597
|
#
|
|
449
598
|
#
|
|
450
|
-
# [1]:
|
|
451
|
-
# [2]:
|
|
599
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
|
|
600
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
|
452
601
|
# @return [String]
|
|
453
602
|
#
|
|
454
603
|
# @!attribute [rw] custom_key_store_id
|
|
@@ -465,15 +614,14 @@ module Aws::KMS
|
|
|
465
614
|
# The response includes the custom key store ID and the ID of the AWS
|
|
466
615
|
# CloudHSM cluster.
|
|
467
616
|
#
|
|
468
|
-
# This operation is part of the [Custom Key Store feature][
|
|
617
|
+
# This operation is part of the [Custom Key Store feature][1] feature
|
|
469
618
|
# in AWS KMS, which combines the convenience and extensive integration
|
|
470
619
|
# of AWS KMS with the isolation and control of a single-tenant key
|
|
471
620
|
# store.
|
|
472
621
|
#
|
|
473
622
|
#
|
|
474
623
|
#
|
|
475
|
-
# [1]:
|
|
476
|
-
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
|
624
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
|
477
625
|
# @return [String]
|
|
478
626
|
#
|
|
479
627
|
# @!attribute [rw] bypass_policy_lockout_safety_check
|
|
@@ -484,8 +632,8 @@ module Aws::KMS
|
|
|
484
632
|
# unmanageable. Do not set this value to true indiscriminately.
|
|
485
633
|
#
|
|
486
634
|
# For more information, refer to the scenario in the [Default Key
|
|
487
|
-
# Policy][1] section in the
|
|
488
|
-
# Guide
|
|
635
|
+
# Policy][1] section in the <i> <i>AWS Key Management Service
|
|
636
|
+
# Developer Guide</i> </i>.
|
|
489
637
|
#
|
|
490
638
|
# Use this parameter only when you include a policy in the request and
|
|
491
639
|
# you intend to prevent the principal that is making the request from
|
|
@@ -495,7 +643,7 @@ module Aws::KMS
|
|
|
495
643
|
#
|
|
496
644
|
#
|
|
497
645
|
#
|
|
498
|
-
# [1]:
|
|
646
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
|
499
647
|
# @return [Boolean]
|
|
500
648
|
#
|
|
501
649
|
# @!attribute [rw] tags
|
|
@@ -532,6 +680,77 @@ module Aws::KMS
|
|
|
532
680
|
include Aws::Structure
|
|
533
681
|
end
|
|
534
682
|
|
|
683
|
+
# The request was rejected because the custom key store contains AWS KMS
|
|
684
|
+
# customer master keys (CMKs). After verifying that you do not need to
|
|
685
|
+
# use the CMKs, use the ScheduleKeyDeletion operation to delete the
|
|
686
|
+
# CMKs. After they are deleted, you can delete the custom key store.
|
|
687
|
+
#
|
|
688
|
+
# @!attribute [rw] message
|
|
689
|
+
# @return [String]
|
|
690
|
+
#
|
|
691
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoreHasCMKsException AWS API Documentation
|
|
692
|
+
#
|
|
693
|
+
class CustomKeyStoreHasCMKsException < Struct.new(
|
|
694
|
+
:message)
|
|
695
|
+
include Aws::Structure
|
|
696
|
+
end
|
|
697
|
+
|
|
698
|
+
# The request was rejected because of the `ConnectionState` of the
|
|
699
|
+
# custom key store. To get the `ConnectionState` of a custom key store,
|
|
700
|
+
# use the DescribeCustomKeyStores operation.
|
|
701
|
+
#
|
|
702
|
+
# This exception is thrown under the following conditions:
|
|
703
|
+
#
|
|
704
|
+
# * You requested the CreateKey or GenerateRandom operation in a custom
|
|
705
|
+
# key store that is not connected. These operations are valid only
|
|
706
|
+
# when the custom key store `ConnectionState` is `CONNECTED`.
|
|
707
|
+
#
|
|
708
|
+
# * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore
|
|
709
|
+
# operation on a custom key store that is not disconnected. This
|
|
710
|
+
# operation is valid only when the custom key store `ConnectionState`
|
|
711
|
+
# is `DISCONNECTED`.
|
|
712
|
+
#
|
|
713
|
+
# * You requested the ConnectCustomKeyStore operation on a custom key
|
|
714
|
+
# store with a `ConnectionState` of `DISCONNECTING` or `FAILED`. This
|
|
715
|
+
# operation is valid for all other `ConnectionState` values.
|
|
716
|
+
#
|
|
717
|
+
# @!attribute [rw] message
|
|
718
|
+
# @return [String]
|
|
719
|
+
#
|
|
720
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoreInvalidStateException AWS API Documentation
|
|
721
|
+
#
|
|
722
|
+
class CustomKeyStoreInvalidStateException < Struct.new(
|
|
723
|
+
:message)
|
|
724
|
+
include Aws::Structure
|
|
725
|
+
end
|
|
726
|
+
|
|
727
|
+
# The request was rejected because the specified custom key store name
|
|
728
|
+
# is already assigned to another custom key store in the account. Try
|
|
729
|
+
# again with a custom key store name that is unique in the account.
|
|
730
|
+
#
|
|
731
|
+
# @!attribute [rw] message
|
|
732
|
+
# @return [String]
|
|
733
|
+
#
|
|
734
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoreNameInUseException AWS API Documentation
|
|
735
|
+
#
|
|
736
|
+
class CustomKeyStoreNameInUseException < Struct.new(
|
|
737
|
+
:message)
|
|
738
|
+
include Aws::Structure
|
|
739
|
+
end
|
|
740
|
+
|
|
741
|
+
# The request was rejected because AWS KMS cannot find a custom key
|
|
742
|
+
# store with the specified key store name or ID.
|
|
743
|
+
#
|
|
744
|
+
# @!attribute [rw] message
|
|
745
|
+
# @return [String]
|
|
746
|
+
#
|
|
747
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoreNotFoundException AWS API Documentation
|
|
748
|
+
#
|
|
749
|
+
class CustomKeyStoreNotFoundException < Struct.new(
|
|
750
|
+
:message)
|
|
751
|
+
include Aws::Structure
|
|
752
|
+
end
|
|
753
|
+
|
|
535
754
|
# Contains information about each custom key store in the custom key
|
|
536
755
|
# store list.
|
|
537
756
|
#
|
|
@@ -555,7 +774,7 @@ module Aws::KMS
|
|
|
555
774
|
#
|
|
556
775
|
#
|
|
557
776
|
#
|
|
558
|
-
# [1]:
|
|
777
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr
|
|
559
778
|
# @return [String]
|
|
560
779
|
#
|
|
561
780
|
# @!attribute [rw] connection_state
|
|
@@ -578,7 +797,7 @@ module Aws::KMS
|
|
|
578
797
|
#
|
|
579
798
|
#
|
|
580
799
|
#
|
|
581
|
-
# [1]:
|
|
800
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
|
|
582
801
|
# @return [String]
|
|
583
802
|
#
|
|
584
803
|
# @!attribute [rw] connection_error_code
|
|
@@ -592,6 +811,11 @@ module Aws::KMS
|
|
|
592
811
|
# its AWS CloudHSM cluster, the cluster must contain at least one
|
|
593
812
|
# active HSM.
|
|
594
813
|
#
|
|
814
|
+
# * `INTERNAL_ERROR` - AWS KMS could not complete the request due to
|
|
815
|
+
# an internal error. Retry the request. For `ConnectCustomKeyStore`
|
|
816
|
+
# requests, disconnect the custom key store before trying to connect
|
|
817
|
+
# again.
|
|
818
|
+
#
|
|
595
819
|
# * `INVALID_CREDENTIALS` - AWS KMS does not have the correct password
|
|
596
820
|
# for the `kmsuser` crypto user in the AWS CloudHSM cluster.
|
|
597
821
|
#
|
|
@@ -609,7 +833,7 @@ module Aws::KMS
|
|
|
609
833
|
#
|
|
610
834
|
#
|
|
611
835
|
#
|
|
612
|
-
# [1]:
|
|
836
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
|
|
613
837
|
# @return [String]
|
|
614
838
|
#
|
|
615
839
|
# @!attribute [rw] creation_date
|
|
@@ -651,7 +875,7 @@ module Aws::KMS
|
|
|
651
875
|
#
|
|
652
876
|
#
|
|
653
877
|
#
|
|
654
|
-
# [1]:
|
|
878
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
|
655
879
|
# @return [Hash<String,String>]
|
|
656
880
|
#
|
|
657
881
|
# @!attribute [rw] grant_tokens
|
|
@@ -662,7 +886,7 @@ module Aws::KMS
|
|
|
662
886
|
#
|
|
663
887
|
#
|
|
664
888
|
#
|
|
665
|
-
# [1]:
|
|
889
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
|
666
890
|
# @return [Array<String>]
|
|
667
891
|
#
|
|
668
892
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptRequest AWS API Documentation
|
|
@@ -681,7 +905,7 @@ module Aws::KMS
|
|
|
681
905
|
#
|
|
682
906
|
# @!attribute [rw] plaintext
|
|
683
907
|
# Decrypted plaintext data. When you use the HTTP API or the AWS CLI,
|
|
684
|
-
# the value is Base64-
|
|
908
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
|
685
909
|
# @return [String]
|
|
686
910
|
#
|
|
687
911
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptResponse AWS API Documentation
|
|
@@ -700,9 +924,8 @@ module Aws::KMS
|
|
|
700
924
|
# }
|
|
701
925
|
#
|
|
702
926
|
# @!attribute [rw] alias_name
|
|
703
|
-
# The alias to be deleted. The name must
|
|
704
|
-
# followed by
|
|
705
|
-
# "alias/aws" are reserved.
|
|
927
|
+
# The alias to be deleted. The alias name must begin with `alias/`
|
|
928
|
+
# followed by the alias name, such as `alias/ExampleAlias`.
|
|
706
929
|
# @return [String]
|
|
707
930
|
#
|
|
708
931
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAliasRequest AWS API Documentation
|
|
@@ -743,8 +966,8 @@ module Aws::KMS
|
|
|
743
966
|
# }
|
|
744
967
|
#
|
|
745
968
|
# @!attribute [rw] key_id
|
|
746
|
-
#
|
|
747
|
-
# `Origin` must be `EXTERNAL`.
|
|
969
|
+
# Identifies the CMK from which you are deleting imported key
|
|
970
|
+
# material. The `Origin` of the CMK must be `EXTERNAL`.
|
|
748
971
|
#
|
|
749
972
|
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
|
750
973
|
#
|
|
@@ -766,6 +989,19 @@ module Aws::KMS
|
|
|
766
989
|
include Aws::Structure
|
|
767
990
|
end
|
|
768
991
|
|
|
992
|
+
# The system timed out while trying to fulfill the request. The request
|
|
993
|
+
# can be retried.
|
|
994
|
+
#
|
|
995
|
+
# @!attribute [rw] message
|
|
996
|
+
# @return [String]
|
|
997
|
+
#
|
|
998
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DependencyTimeoutException AWS API Documentation
|
|
999
|
+
#
|
|
1000
|
+
class DependencyTimeoutException < Struct.new(
|
|
1001
|
+
:message)
|
|
1002
|
+
include Aws::Structure
|
|
1003
|
+
end
|
|
1004
|
+
|
|
769
1005
|
# @note When making an API call, you may pass DescribeCustomKeyStoresRequest
|
|
770
1006
|
# data as a hash:
|
|
771
1007
|
#
|
|
@@ -830,8 +1066,8 @@ module Aws::KMS
|
|
|
830
1066
|
# @!attribute [rw] truncated
|
|
831
1067
|
# A flag that indicates whether there are more items in the list. When
|
|
832
1068
|
# this value is true, the list in this response is truncated. To get
|
|
833
|
-
# more items, pass the value of the `NextMarker` element in
|
|
834
|
-
#
|
|
1069
|
+
# more items, pass the value of the `NextMarker` element in
|
|
1070
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
|
835
1071
|
# @return [Boolean]
|
|
836
1072
|
#
|
|
837
1073
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStoresResponse AWS API Documentation
|
|
@@ -860,7 +1096,7 @@ module Aws::KMS
|
|
|
860
1096
|
#
|
|
861
1097
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
|
862
1098
|
# name, or alias ARN. When using an alias name, prefix it with
|
|
863
|
-
# "alias/"
|
|
1099
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
|
864
1100
|
# use the key ARN or alias ARN.
|
|
865
1101
|
#
|
|
866
1102
|
# For example:
|
|
@@ -879,7 +1115,7 @@ module Aws::KMS
|
|
|
879
1115
|
#
|
|
880
1116
|
#
|
|
881
1117
|
#
|
|
882
|
-
# [1]:
|
|
1118
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
|
|
883
1119
|
# @return [String]
|
|
884
1120
|
#
|
|
885
1121
|
# @!attribute [rw] grant_tokens
|
|
@@ -890,7 +1126,7 @@ module Aws::KMS
|
|
|
890
1126
|
#
|
|
891
1127
|
#
|
|
892
1128
|
#
|
|
893
|
-
# [1]:
|
|
1129
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
|
894
1130
|
# @return [Array<String>]
|
|
895
1131
|
#
|
|
896
1132
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKeyRequest AWS API Documentation
|
|
@@ -972,6 +1208,18 @@ module Aws::KMS
|
|
|
972
1208
|
include Aws::Structure
|
|
973
1209
|
end
|
|
974
1210
|
|
|
1211
|
+
# The request was rejected because the specified CMK is not enabled.
|
|
1212
|
+
#
|
|
1213
|
+
# @!attribute [rw] message
|
|
1214
|
+
# @return [String]
|
|
1215
|
+
#
|
|
1216
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisabledException AWS API Documentation
|
|
1217
|
+
#
|
|
1218
|
+
class DisabledException < Struct.new(
|
|
1219
|
+
:message)
|
|
1220
|
+
include Aws::Structure
|
|
1221
|
+
end
|
|
1222
|
+
|
|
975
1223
|
# @note When making an API call, you may pass DisconnectCustomKeyStoreRequest
|
|
976
1224
|
# data as a hash:
|
|
977
1225
|
#
|
|
@@ -1073,7 +1321,7 @@ module Aws::KMS
|
|
|
1073
1321
|
#
|
|
1074
1322
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
|
1075
1323
|
# name, or alias ARN. When using an alias name, prefix it with
|
|
1076
|
-
# "alias/"
|
|
1324
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
|
1077
1325
|
# use the key ARN or alias ARN.
|
|
1078
1326
|
#
|
|
1079
1327
|
# For example:
|
|
@@ -1103,7 +1351,7 @@ module Aws::KMS
|
|
|
1103
1351
|
#
|
|
1104
1352
|
#
|
|
1105
1353
|
#
|
|
1106
|
-
# [1]:
|
|
1354
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
|
1107
1355
|
# @return [Hash<String,String>]
|
|
1108
1356
|
#
|
|
1109
1357
|
# @!attribute [rw] grant_tokens
|
|
@@ -1114,7 +1362,7 @@ module Aws::KMS
|
|
|
1114
1362
|
#
|
|
1115
1363
|
#
|
|
1116
1364
|
#
|
|
1117
|
-
# [1]:
|
|
1365
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
|
1118
1366
|
# @return [Array<String>]
|
|
1119
1367
|
#
|
|
1120
1368
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptRequest AWS API Documentation
|
|
@@ -1129,7 +1377,7 @@ module Aws::KMS
|
|
|
1129
1377
|
|
|
1130
1378
|
# @!attribute [rw] ciphertext_blob
|
|
1131
1379
|
# The encrypted plaintext. When you use the HTTP API or the AWS CLI,
|
|
1132
|
-
# the value is Base64-
|
|
1380
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
|
1133
1381
|
# @return [String]
|
|
1134
1382
|
#
|
|
1135
1383
|
# @!attribute [rw] key_id
|
|
@@ -1144,6 +1392,21 @@ module Aws::KMS
|
|
|
1144
1392
|
include Aws::Structure
|
|
1145
1393
|
end
|
|
1146
1394
|
|
|
1395
|
+
# The request was rejected because the provided import token is expired.
|
|
1396
|
+
# Use GetParametersForImport to get a new import token and public key,
|
|
1397
|
+
# use the new public key to encrypt the key material, and then try the
|
|
1398
|
+
# request again.
|
|
1399
|
+
#
|
|
1400
|
+
# @!attribute [rw] message
|
|
1401
|
+
# @return [String]
|
|
1402
|
+
#
|
|
1403
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ExpiredImportTokenException AWS API Documentation
|
|
1404
|
+
#
|
|
1405
|
+
class ExpiredImportTokenException < Struct.new(
|
|
1406
|
+
:message)
|
|
1407
|
+
include Aws::Structure
|
|
1408
|
+
end
|
|
1409
|
+
|
|
1147
1410
|
# @note When making an API call, you may pass GenerateDataKeyRequest
|
|
1148
1411
|
# data as a hash:
|
|
1149
1412
|
#
|
|
@@ -1158,12 +1421,11 @@ module Aws::KMS
|
|
|
1158
1421
|
# }
|
|
1159
1422
|
#
|
|
1160
1423
|
# @!attribute [rw] key_id
|
|
1161
|
-
#
|
|
1162
|
-
# data encryption key.
|
|
1424
|
+
# An identifier for the CMK that encrypts the data key.
|
|
1163
1425
|
#
|
|
1164
1426
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
|
1165
1427
|
# name, or alias ARN. When using an alias name, prefix it with
|
|
1166
|
-
# "alias/"
|
|
1428
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
|
1167
1429
|
# use the key ARN or alias ARN.
|
|
1168
1430
|
#
|
|
1169
1431
|
# For example:
|
|
@@ -1190,20 +1452,19 @@ module Aws::KMS
|
|
|
1190
1452
|
#
|
|
1191
1453
|
#
|
|
1192
1454
|
#
|
|
1193
|
-
# [1]:
|
|
1455
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
|
1194
1456
|
# @return [Hash<String,String>]
|
|
1195
1457
|
#
|
|
1196
1458
|
# @!attribute [rw] number_of_bytes
|
|
1197
|
-
# The length of the data
|
|
1198
|
-
#
|
|
1199
|
-
#
|
|
1200
|
-
#
|
|
1459
|
+
# The length of the data key in bytes. For example, use the value 64
|
|
1460
|
+
# to generate a 512-bit data key (64 bytes is 512 bits). For common
|
|
1461
|
+
# key lengths (128-bit and 256-bit symmetric keys), we recommend that
|
|
1462
|
+
# you use the `KeySpec` field instead of this one.
|
|
1201
1463
|
# @return [Integer]
|
|
1202
1464
|
#
|
|
1203
1465
|
# @!attribute [rw] key_spec
|
|
1204
|
-
# The length of the data
|
|
1205
|
-
#
|
|
1206
|
-
# key.
|
|
1466
|
+
# The length of the data key. Use `AES_128` to generate a 128-bit
|
|
1467
|
+
# symmetric key, or `AES_256` to generate a 256-bit symmetric key.
|
|
1207
1468
|
# @return [String]
|
|
1208
1469
|
#
|
|
1209
1470
|
# @!attribute [rw] grant_tokens
|
|
@@ -1214,7 +1475,7 @@ module Aws::KMS
|
|
|
1214
1475
|
#
|
|
1215
1476
|
#
|
|
1216
1477
|
#
|
|
1217
|
-
# [1]:
|
|
1478
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
|
1218
1479
|
# @return [Array<String>]
|
|
1219
1480
|
#
|
|
1220
1481
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyRequest AWS API Documentation
|
|
@@ -1229,20 +1490,19 @@ module Aws::KMS
|
|
|
1229
1490
|
end
|
|
1230
1491
|
|
|
1231
1492
|
# @!attribute [rw] ciphertext_blob
|
|
1232
|
-
# The encrypted data
|
|
1233
|
-
# AWS CLI, the value is Base64-
|
|
1493
|
+
# The encrypted copy of the data key. When you use the HTTP API or the
|
|
1494
|
+
# AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.
|
|
1234
1495
|
# @return [String]
|
|
1235
1496
|
#
|
|
1236
1497
|
# @!attribute [rw] plaintext
|
|
1237
|
-
# The data
|
|
1238
|
-
# the value is Base64-
|
|
1239
|
-
# data key
|
|
1498
|
+
# The plaintext data key. When you use the HTTP API or the AWS CLI,
|
|
1499
|
+
# the value is Base64-encoded. Otherwise, it is not encoded. Use this
|
|
1500
|
+
# data key to encrypt your data outside of KMS. Then, remove it from
|
|
1240
1501
|
# memory as soon as possible.
|
|
1241
1502
|
# @return [String]
|
|
1242
1503
|
#
|
|
1243
1504
|
# @!attribute [rw] key_id
|
|
1244
|
-
# The identifier of the CMK
|
|
1245
|
-
# generated and encrypted.
|
|
1505
|
+
# The identifier of the CMK that encrypted the data key.
|
|
1246
1506
|
# @return [String]
|
|
1247
1507
|
#
|
|
1248
1508
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyResponse AWS API Documentation
|
|
@@ -1268,12 +1528,12 @@ module Aws::KMS
|
|
|
1268
1528
|
# }
|
|
1269
1529
|
#
|
|
1270
1530
|
# @!attribute [rw] key_id
|
|
1271
|
-
# The identifier of the customer master key (CMK)
|
|
1272
|
-
#
|
|
1531
|
+
# The identifier of the customer master key (CMK) that encrypts the
|
|
1532
|
+
# data key.
|
|
1273
1533
|
#
|
|
1274
1534
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
|
1275
1535
|
# name, or alias ARN. When using an alias name, prefix it with
|
|
1276
|
-
# "alias/"
|
|
1536
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
|
1277
1537
|
# use the key ARN or alias ARN.
|
|
1278
1538
|
#
|
|
1279
1539
|
# For example:
|
|
@@ -1300,20 +1560,19 @@ module Aws::KMS
|
|
|
1300
1560
|
#
|
|
1301
1561
|
#
|
|
1302
1562
|
#
|
|
1303
|
-
# [1]:
|
|
1563
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
|
1304
1564
|
# @return [Hash<String,String>]
|
|
1305
1565
|
#
|
|
1306
1566
|
# @!attribute [rw] key_spec
|
|
1307
|
-
# The length of the data
|
|
1308
|
-
#
|
|
1309
|
-
# key.
|
|
1567
|
+
# The length of the data key. Use `AES_128` to generate a 128-bit
|
|
1568
|
+
# symmetric key, or `AES_256` to generate a 256-bit symmetric key.
|
|
1310
1569
|
# @return [String]
|
|
1311
1570
|
#
|
|
1312
1571
|
# @!attribute [rw] number_of_bytes
|
|
1313
|
-
# The length of the data
|
|
1314
|
-
#
|
|
1315
|
-
#
|
|
1316
|
-
#
|
|
1572
|
+
# The length of the data key in bytes. For example, use the value 64
|
|
1573
|
+
# to generate a 512-bit data key (64 bytes is 512 bits). For common
|
|
1574
|
+
# key lengths (128-bit and 256-bit symmetric keys), we recommend that
|
|
1575
|
+
# you use the `KeySpec` field instead of this one.
|
|
1317
1576
|
# @return [Integer]
|
|
1318
1577
|
#
|
|
1319
1578
|
# @!attribute [rw] grant_tokens
|
|
@@ -1324,7 +1583,7 @@ module Aws::KMS
|
|
|
1324
1583
|
#
|
|
1325
1584
|
#
|
|
1326
1585
|
#
|
|
1327
|
-
# [1]:
|
|
1586
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
|
1328
1587
|
# @return [Array<String>]
|
|
1329
1588
|
#
|
|
1330
1589
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextRequest AWS API Documentation
|
|
@@ -1339,13 +1598,12 @@ module Aws::KMS
|
|
|
1339
1598
|
end
|
|
1340
1599
|
|
|
1341
1600
|
# @!attribute [rw] ciphertext_blob
|
|
1342
|
-
# The encrypted data
|
|
1343
|
-
#
|
|
1601
|
+
# The encrypted data key. When you use the HTTP API or the AWS CLI,
|
|
1602
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
|
1344
1603
|
# @return [String]
|
|
1345
1604
|
#
|
|
1346
1605
|
# @!attribute [rw] key_id
|
|
1347
|
-
# The identifier of the CMK
|
|
1348
|
-
# generated and encrypted.
|
|
1606
|
+
# The identifier of the CMK that encrypted the data key.
|
|
1349
1607
|
# @return [String]
|
|
1350
1608
|
#
|
|
1351
1609
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextResponse AWS API Documentation
|
|
@@ -1375,7 +1633,7 @@ module Aws::KMS
|
|
|
1375
1633
|
#
|
|
1376
1634
|
#
|
|
1377
1635
|
#
|
|
1378
|
-
# [1]:
|
|
1636
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
|
1379
1637
|
# @return [String]
|
|
1380
1638
|
#
|
|
1381
1639
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomRequest AWS API Documentation
|
|
@@ -1388,7 +1646,7 @@ module Aws::KMS
|
|
|
1388
1646
|
|
|
1389
1647
|
# @!attribute [rw] plaintext
|
|
1390
1648
|
# The random byte string. When you use the HTTP API or the AWS CLI,
|
|
1391
|
-
# the value is Base64-
|
|
1649
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
|
1392
1650
|
# @return [String]
|
|
1393
1651
|
#
|
|
1394
1652
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomResponse AWS API Documentation
|
|
@@ -1522,7 +1780,7 @@ module Aws::KMS
|
|
|
1522
1780
|
#
|
|
1523
1781
|
#
|
|
1524
1782
|
#
|
|
1525
|
-
# [1]:
|
|
1783
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html
|
|
1526
1784
|
# @return [String]
|
|
1527
1785
|
#
|
|
1528
1786
|
# @!attribute [rw] wrapping_key_spec
|
|
@@ -1571,23 +1829,46 @@ module Aws::KMS
|
|
|
1571
1829
|
include Aws::Structure
|
|
1572
1830
|
end
|
|
1573
1831
|
|
|
1574
|
-
#
|
|
1575
|
-
#
|
|
1576
|
-
#
|
|
1577
|
-
#
|
|
1832
|
+
# Use this structure to allow cryptographic operations in the grant only
|
|
1833
|
+
# when the operation request includes the specified [encryption
|
|
1834
|
+
# context][1].
|
|
1835
|
+
#
|
|
1836
|
+
# AWS KMS applies the grant constraints only when the grant allows a
|
|
1837
|
+
# cryptographic operation that accepts an encryption context as input,
|
|
1838
|
+
# such as the following.
|
|
1839
|
+
#
|
|
1840
|
+
# * Encrypt
|
|
1841
|
+
#
|
|
1842
|
+
# * Decrypt
|
|
1843
|
+
#
|
|
1844
|
+
# * GenerateDataKey
|
|
1845
|
+
#
|
|
1846
|
+
# * GenerateDataKeyWithoutPlaintext
|
|
1847
|
+
#
|
|
1848
|
+
# * ReEncrypt
|
|
1849
|
+
#
|
|
1850
|
+
# AWS KMS does not apply the grant constraints to other operations, such
|
|
1851
|
+
# as DescribeKey or ScheduleKeyDeletion.
|
|
1852
|
+
#
|
|
1853
|
+
# In a cryptographic operation, the encryption context in the decryption
|
|
1854
|
+
# operation must be an exact, case-sensitive match for the keys and
|
|
1855
|
+
# values in the encryption context of the encryption operation. Only the
|
|
1856
|
+
# order of the pairs can vary.
|
|
1857
|
+
#
|
|
1858
|
+
# However, in a grant constraint, the key in each key-value pair is not
|
|
1859
|
+
# case sensitive, but the value is case sensitive.
|
|
1578
1860
|
#
|
|
1579
|
-
#
|
|
1580
|
-
#
|
|
1581
|
-
#
|
|
1582
|
-
# `
|
|
1583
|
-
#
|
|
1584
|
-
#
|
|
1585
|
-
# the encryption context of the `Encrypt` operation satisfies the grant
|
|
1586
|
-
# constraints.
|
|
1861
|
+
# To avoid confusion, do not use multiple encryption context pairs that
|
|
1862
|
+
# differ only by case. To require a fully case-sensitive encryption
|
|
1863
|
+
# context, use the `kms:EncryptionContext:` and
|
|
1864
|
+
# `kms:EncryptionContextKeys` conditions in an IAM or key policy. For
|
|
1865
|
+
# details, see [kms:EncryptionContext:][2] in the <i> <i>AWS Key
|
|
1866
|
+
# Management Service Developer Guide</i> </i>.
|
|
1587
1867
|
#
|
|
1588
1868
|
#
|
|
1589
1869
|
#
|
|
1590
|
-
# [1]:
|
|
1870
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
|
1871
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context
|
|
1591
1872
|
#
|
|
1592
1873
|
# @note When making an API call, you may pass GrantConstraints
|
|
1593
1874
|
# data as a hash:
|
|
@@ -1602,20 +1883,18 @@ module Aws::KMS
|
|
|
1602
1883
|
# }
|
|
1603
1884
|
#
|
|
1604
1885
|
# @!attribute [rw] encryption_context_subset
|
|
1605
|
-
# A list of key-value pairs
|
|
1606
|
-
#
|
|
1607
|
-
#
|
|
1608
|
-
#
|
|
1609
|
-
#
|
|
1610
|
-
# does not allow the operation.
|
|
1886
|
+
# A list of key-value pairs that must be included in the encryption
|
|
1887
|
+
# context of the cryptographic operation request. The grant allows the
|
|
1888
|
+
# cryptographic operation only when the encryption context in the
|
|
1889
|
+
# request includes the key-value pairs specified in this constraint,
|
|
1890
|
+
# although it can include additional key-value pairs.
|
|
1611
1891
|
# @return [Hash<String,String>]
|
|
1612
1892
|
#
|
|
1613
1893
|
# @!attribute [rw] encryption_context_equals
|
|
1614
|
-
# A list of key-value pairs that must
|
|
1615
|
-
#
|
|
1616
|
-
#
|
|
1617
|
-
# encryption context
|
|
1618
|
-
# operation. Otherwise, the grant does not allow the operation.
|
|
1894
|
+
# A list of key-value pairs that must match the encryption context in
|
|
1895
|
+
# the cryptographic operation request. The grant allows the operation
|
|
1896
|
+
# only when the encryption context in the request is the same as the
|
|
1897
|
+
# encryption context specified in this constraint.
|
|
1619
1898
|
# @return [Hash<String,String>]
|
|
1620
1899
|
#
|
|
1621
1900
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantConstraints AWS API Documentation
|
|
@@ -1756,6 +2035,180 @@ module Aws::KMS
|
|
|
1756
2035
|
#
|
|
1757
2036
|
class ImportKeyMaterialResponse < Aws::EmptyStructure; end
|
|
1758
2037
|
|
|
2038
|
+
# The request was rejected because the provided key material is invalid
|
|
2039
|
+
# or is not the same key material that was previously imported into this
|
|
2040
|
+
# customer master key (CMK).
|
|
2041
|
+
#
|
|
2042
|
+
# @!attribute [rw] message
|
|
2043
|
+
# @return [String]
|
|
2044
|
+
#
|
|
2045
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/IncorrectKeyMaterialException AWS API Documentation
|
|
2046
|
+
#
|
|
2047
|
+
class IncorrectKeyMaterialException < Struct.new(
|
|
2048
|
+
:message)
|
|
2049
|
+
include Aws::Structure
|
|
2050
|
+
end
|
|
2051
|
+
|
|
2052
|
+
# The request was rejected because the trust anchor certificate in the
|
|
2053
|
+
# request is not the trust anchor certificate for the specified AWS
|
|
2054
|
+
# CloudHSM cluster.
|
|
2055
|
+
#
|
|
2056
|
+
# When you [initialize the cluster][1], you create the trust anchor
|
|
2057
|
+
# certificate and save it in the `customerCA.crt` file.
|
|
2058
|
+
#
|
|
2059
|
+
#
|
|
2060
|
+
#
|
|
2061
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr
|
|
2062
|
+
#
|
|
2063
|
+
# @!attribute [rw] message
|
|
2064
|
+
# @return [String]
|
|
2065
|
+
#
|
|
2066
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/IncorrectTrustAnchorException AWS API Documentation
|
|
2067
|
+
#
|
|
2068
|
+
class IncorrectTrustAnchorException < Struct.new(
|
|
2069
|
+
:message)
|
|
2070
|
+
include Aws::Structure
|
|
2071
|
+
end
|
|
2072
|
+
|
|
2073
|
+
# The request was rejected because the specified alias name is not
|
|
2074
|
+
# valid.
|
|
2075
|
+
#
|
|
2076
|
+
# @!attribute [rw] message
|
|
2077
|
+
# @return [String]
|
|
2078
|
+
#
|
|
2079
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidAliasNameException AWS API Documentation
|
|
2080
|
+
#
|
|
2081
|
+
class InvalidAliasNameException < Struct.new(
|
|
2082
|
+
:message)
|
|
2083
|
+
include Aws::Structure
|
|
2084
|
+
end
|
|
2085
|
+
|
|
2086
|
+
# The request was rejected because a specified ARN, or an ARN in a key
|
|
2087
|
+
# policy, is not valid.
|
|
2088
|
+
#
|
|
2089
|
+
# @!attribute [rw] message
|
|
2090
|
+
# @return [String]
|
|
2091
|
+
#
|
|
2092
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidArnException AWS API Documentation
|
|
2093
|
+
#
|
|
2094
|
+
class InvalidArnException < Struct.new(
|
|
2095
|
+
:message)
|
|
2096
|
+
include Aws::Structure
|
|
2097
|
+
end
|
|
2098
|
+
|
|
2099
|
+
# The request was rejected because the specified ciphertext, or
|
|
2100
|
+
# additional authenticated data incorporated into the ciphertext, such
|
|
2101
|
+
# as the encryption context, is corrupted, missing, or otherwise
|
|
2102
|
+
# invalid.
|
|
2103
|
+
#
|
|
2104
|
+
# @!attribute [rw] message
|
|
2105
|
+
# @return [String]
|
|
2106
|
+
#
|
|
2107
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidCiphertextException AWS API Documentation
|
|
2108
|
+
#
|
|
2109
|
+
class InvalidCiphertextException < Struct.new(
|
|
2110
|
+
:message)
|
|
2111
|
+
include Aws::Structure
|
|
2112
|
+
end
|
|
2113
|
+
|
|
2114
|
+
# The request was rejected because the specified `GrantId` is not valid.
|
|
2115
|
+
#
|
|
2116
|
+
# @!attribute [rw] message
|
|
2117
|
+
# @return [String]
|
|
2118
|
+
#
|
|
2119
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidGrantIdException AWS API Documentation
|
|
2120
|
+
#
|
|
2121
|
+
class InvalidGrantIdException < Struct.new(
|
|
2122
|
+
:message)
|
|
2123
|
+
include Aws::Structure
|
|
2124
|
+
end
|
|
2125
|
+
|
|
2126
|
+
# The request was rejected because the specified grant token is not
|
|
2127
|
+
# valid.
|
|
2128
|
+
#
|
|
2129
|
+
# @!attribute [rw] message
|
|
2130
|
+
# @return [String]
|
|
2131
|
+
#
|
|
2132
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidGrantTokenException AWS API Documentation
|
|
2133
|
+
#
|
|
2134
|
+
class InvalidGrantTokenException < Struct.new(
|
|
2135
|
+
:message)
|
|
2136
|
+
include Aws::Structure
|
|
2137
|
+
end
|
|
2138
|
+
|
|
2139
|
+
# The request was rejected because the provided import token is invalid
|
|
2140
|
+
# or is associated with a different customer master key (CMK).
|
|
2141
|
+
#
|
|
2142
|
+
# @!attribute [rw] message
|
|
2143
|
+
# @return [String]
|
|
2144
|
+
#
|
|
2145
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidImportTokenException AWS API Documentation
|
|
2146
|
+
#
|
|
2147
|
+
class InvalidImportTokenException < Struct.new(
|
|
2148
|
+
:message)
|
|
2149
|
+
include Aws::Structure
|
|
2150
|
+
end
|
|
2151
|
+
|
|
2152
|
+
# The request was rejected because the specified `KeySpec` value is not
|
|
2153
|
+
# valid.
|
|
2154
|
+
#
|
|
2155
|
+
# @!attribute [rw] message
|
|
2156
|
+
# @return [String]
|
|
2157
|
+
#
|
|
2158
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidKeyUsageException AWS API Documentation
|
|
2159
|
+
#
|
|
2160
|
+
class InvalidKeyUsageException < Struct.new(
|
|
2161
|
+
:message)
|
|
2162
|
+
include Aws::Structure
|
|
2163
|
+
end
|
|
2164
|
+
|
|
2165
|
+
# The request was rejected because the marker that specifies where
|
|
2166
|
+
# pagination should next begin is not valid.
|
|
2167
|
+
#
|
|
2168
|
+
# @!attribute [rw] message
|
|
2169
|
+
# @return [String]
|
|
2170
|
+
#
|
|
2171
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidMarkerException AWS API Documentation
|
|
2172
|
+
#
|
|
2173
|
+
class InvalidMarkerException < Struct.new(
|
|
2174
|
+
:message)
|
|
2175
|
+
include Aws::Structure
|
|
2176
|
+
end
|
|
2177
|
+
|
|
2178
|
+
# The request was rejected because an internal exception occurred. The
|
|
2179
|
+
# request can be retried.
|
|
2180
|
+
#
|
|
2181
|
+
# @!attribute [rw] message
|
|
2182
|
+
# @return [String]
|
|
2183
|
+
#
|
|
2184
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KMSInternalException AWS API Documentation
|
|
2185
|
+
#
|
|
2186
|
+
class KMSInternalException < Struct.new(
|
|
2187
|
+
:message)
|
|
2188
|
+
include Aws::Structure
|
|
2189
|
+
end
|
|
2190
|
+
|
|
2191
|
+
# The request was rejected because the state of the specified resource
|
|
2192
|
+
# is not valid for this request.
|
|
2193
|
+
#
|
|
2194
|
+
# For more information about how key state affects the use of a CMK, see
|
|
2195
|
+
# [How Key State Affects Use of a Customer Master Key][1] in the *AWS
|
|
2196
|
+
# Key Management Service Developer Guide*.
|
|
2197
|
+
#
|
|
2198
|
+
#
|
|
2199
|
+
#
|
|
2200
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
|
2201
|
+
#
|
|
2202
|
+
# @!attribute [rw] message
|
|
2203
|
+
# @return [String]
|
|
2204
|
+
#
|
|
2205
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KMSInvalidStateException AWS API Documentation
|
|
2206
|
+
#
|
|
2207
|
+
class KMSInvalidStateException < Struct.new(
|
|
2208
|
+
:message)
|
|
2209
|
+
include Aws::Structure
|
|
2210
|
+
end
|
|
2211
|
+
|
|
1759
2212
|
# Contains information about each entry in the key list.
|
|
1760
2213
|
#
|
|
1761
2214
|
# @!attribute [rw] key_id
|
|
@@ -1794,7 +2247,7 @@ module Aws::KMS
|
|
|
1794
2247
|
#
|
|
1795
2248
|
#
|
|
1796
2249
|
#
|
|
1797
|
-
# [1]:
|
|
2250
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms
|
|
1798
2251
|
# @return [String]
|
|
1799
2252
|
#
|
|
1800
2253
|
# @!attribute [rw] creation_date
|
|
@@ -1811,9 +2264,9 @@ module Aws::KMS
|
|
|
1811
2264
|
# @return [String]
|
|
1812
2265
|
#
|
|
1813
2266
|
# @!attribute [rw] key_usage
|
|
1814
|
-
# The cryptographic operations for which you can use the CMK.
|
|
1815
|
-
#
|
|
1816
|
-
#
|
|
2267
|
+
# The cryptographic operations for which you can use the CMK. The only
|
|
2268
|
+
# valid value is `ENCRYPT_DECRYPT`, which means you can use the CMK to
|
|
2269
|
+
# encrypt and decrypt data.
|
|
1817
2270
|
# @return [String]
|
|
1818
2271
|
#
|
|
1819
2272
|
# @!attribute [rw] key_state
|
|
@@ -1825,7 +2278,7 @@ module Aws::KMS
|
|
|
1825
2278
|
#
|
|
1826
2279
|
#
|
|
1827
2280
|
#
|
|
1828
|
-
# [1]:
|
|
2281
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
|
1829
2282
|
# @return [String]
|
|
1830
2283
|
#
|
|
1831
2284
|
# @!attribute [rw] deletion_date
|
|
@@ -1857,7 +2310,7 @@ module Aws::KMS
|
|
|
1857
2310
|
#
|
|
1858
2311
|
#
|
|
1859
2312
|
#
|
|
1860
|
-
# [1]:
|
|
2313
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
|
1861
2314
|
# @return [String]
|
|
1862
2315
|
#
|
|
1863
2316
|
# @!attribute [rw] cloud_hsm_cluster_id
|
|
@@ -1869,7 +2322,7 @@ module Aws::KMS
|
|
|
1869
2322
|
#
|
|
1870
2323
|
#
|
|
1871
2324
|
#
|
|
1872
|
-
# [1]:
|
|
2325
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
|
1873
2326
|
# @return [String]
|
|
1874
2327
|
#
|
|
1875
2328
|
# @!attribute [rw] expiration_model
|
|
@@ -1879,13 +2332,14 @@ module Aws::KMS
|
|
|
1879
2332
|
# @return [String]
|
|
1880
2333
|
#
|
|
1881
2334
|
# @!attribute [rw] key_manager
|
|
1882
|
-
# The CMK
|
|
1883
|
-
# For more information about the difference,
|
|
1884
|
-
# Keys][1] in the *AWS Key Management Service
|
|
2335
|
+
# The manager of the CMK. CMKs in your AWS account are either customer
|
|
2336
|
+
# managed or AWS managed. For more information about the difference,
|
|
2337
|
+
# see [Customer Master Keys][1] in the *AWS Key Management Service
|
|
2338
|
+
# Developer Guide*.
|
|
1885
2339
|
#
|
|
1886
2340
|
#
|
|
1887
2341
|
#
|
|
1888
|
-
# [1]:
|
|
2342
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
|
|
1889
2343
|
# @return [String]
|
|
1890
2344
|
#
|
|
1891
2345
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KeyMetadata AWS API Documentation
|
|
@@ -1909,6 +2363,37 @@ module Aws::KMS
|
|
|
1909
2363
|
include Aws::Structure
|
|
1910
2364
|
end
|
|
1911
2365
|
|
|
2366
|
+
# The request was rejected because the specified CMK was not available.
|
|
2367
|
+
# The request can be retried.
|
|
2368
|
+
#
|
|
2369
|
+
# @!attribute [rw] message
|
|
2370
|
+
# @return [String]
|
|
2371
|
+
#
|
|
2372
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KeyUnavailableException AWS API Documentation
|
|
2373
|
+
#
|
|
2374
|
+
class KeyUnavailableException < Struct.new(
|
|
2375
|
+
:message)
|
|
2376
|
+
include Aws::Structure
|
|
2377
|
+
end
|
|
2378
|
+
|
|
2379
|
+
# The request was rejected because a limit was exceeded. For more
|
|
2380
|
+
# information, see [Limits][1] in the *AWS Key Management Service
|
|
2381
|
+
# Developer Guide*.
|
|
2382
|
+
#
|
|
2383
|
+
#
|
|
2384
|
+
#
|
|
2385
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/limits.html
|
|
2386
|
+
#
|
|
2387
|
+
# @!attribute [rw] message
|
|
2388
|
+
# @return [String]
|
|
2389
|
+
#
|
|
2390
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/LimitExceededException AWS API Documentation
|
|
2391
|
+
#
|
|
2392
|
+
class LimitExceededException < Struct.new(
|
|
2393
|
+
:message)
|
|
2394
|
+
include Aws::Structure
|
|
2395
|
+
end
|
|
2396
|
+
|
|
1912
2397
|
# @note When making an API call, you may pass ListAliasesRequest
|
|
1913
2398
|
# data as a hash:
|
|
1914
2399
|
#
|
|
@@ -1965,8 +2450,8 @@ module Aws::KMS
|
|
|
1965
2450
|
# @!attribute [rw] truncated
|
|
1966
2451
|
# A flag that indicates whether there are more items in the list. When
|
|
1967
2452
|
# this value is true, the list in this response is truncated. To get
|
|
1968
|
-
# more items, pass the value of the `NextMarker` element in
|
|
1969
|
-
#
|
|
2453
|
+
# more items, pass the value of the `NextMarker` element in
|
|
2454
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
|
1970
2455
|
# @return [Boolean]
|
|
1971
2456
|
#
|
|
1972
2457
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesResponse AWS API Documentation
|
|
@@ -2041,8 +2526,8 @@ module Aws::KMS
|
|
|
2041
2526
|
# @!attribute [rw] truncated
|
|
2042
2527
|
# A flag that indicates whether there are more items in the list. When
|
|
2043
2528
|
# this value is true, the list in this response is truncated. To get
|
|
2044
|
-
# more items, pass the value of the `NextMarker` element in
|
|
2045
|
-
#
|
|
2529
|
+
# more items, pass the value of the `NextMarker` element in
|
|
2530
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
|
2046
2531
|
# @return [Boolean]
|
|
2047
2532
|
#
|
|
2048
2533
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsResponse AWS API Documentation
|
|
@@ -2088,7 +2573,7 @@ module Aws::KMS
|
|
|
2088
2573
|
# and 1000, inclusive. If you do not include a value, it defaults to
|
|
2089
2574
|
# 100.
|
|
2090
2575
|
#
|
|
2091
|
-
#
|
|
2576
|
+
# Only one policy can be attached to a key.
|
|
2092
2577
|
# @return [Integer]
|
|
2093
2578
|
#
|
|
2094
2579
|
# @!attribute [rw] marker
|
|
@@ -2107,8 +2592,7 @@ module Aws::KMS
|
|
|
2107
2592
|
end
|
|
2108
2593
|
|
|
2109
2594
|
# @!attribute [rw] policy_names
|
|
2110
|
-
# A list of key policy names.
|
|
2111
|
-
# per CMK and it is always named `default`.
|
|
2595
|
+
# A list of key policy names. The only valid value is `default`.
|
|
2112
2596
|
# @return [Array<String>]
|
|
2113
2597
|
#
|
|
2114
2598
|
# @!attribute [rw] next_marker
|
|
@@ -2119,8 +2603,8 @@ module Aws::KMS
|
|
|
2119
2603
|
# @!attribute [rw] truncated
|
|
2120
2604
|
# A flag that indicates whether there are more items in the list. When
|
|
2121
2605
|
# this value is true, the list in this response is truncated. To get
|
|
2122
|
-
# more items, pass the value of the `NextMarker` element in
|
|
2123
|
-
#
|
|
2606
|
+
# more items, pass the value of the `NextMarker` element in
|
|
2607
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
|
2124
2608
|
# @return [Boolean]
|
|
2125
2609
|
#
|
|
2126
2610
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesResponse AWS API Documentation
|
|
@@ -2176,8 +2660,8 @@ module Aws::KMS
|
|
|
2176
2660
|
# @!attribute [rw] truncated
|
|
2177
2661
|
# A flag that indicates whether there are more items in the list. When
|
|
2178
2662
|
# this value is true, the list in this response is truncated. To get
|
|
2179
|
-
# more items, pass the value of the `NextMarker` element in
|
|
2180
|
-
#
|
|
2663
|
+
# more items, pass the value of the `NextMarker` element in
|
|
2664
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
|
2181
2665
|
# @return [Boolean]
|
|
2182
2666
|
#
|
|
2183
2667
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysResponse AWS API Documentation
|
|
@@ -2255,8 +2739,8 @@ module Aws::KMS
|
|
|
2255
2739
|
# @!attribute [rw] truncated
|
|
2256
2740
|
# A flag that indicates whether there are more items in the list. When
|
|
2257
2741
|
# this value is true, the list in this response is truncated. To get
|
|
2258
|
-
# more items, pass the value of the `NextMarker` element in
|
|
2259
|
-
#
|
|
2742
|
+
# more items, pass the value of the `NextMarker` element in
|
|
2743
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
|
2260
2744
|
# @return [Boolean]
|
|
2261
2745
|
#
|
|
2262
2746
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTagsResponse AWS API Documentation
|
|
@@ -2305,8 +2789,8 @@ module Aws::KMS
|
|
|
2305
2789
|
#
|
|
2306
2790
|
#
|
|
2307
2791
|
#
|
|
2308
|
-
# [1]:
|
|
2309
|
-
# [2]:
|
|
2792
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
|
2793
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
|
|
2310
2794
|
# @return [String]
|
|
2311
2795
|
#
|
|
2312
2796
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrantsRequest AWS API Documentation
|
|
@@ -2318,6 +2802,32 @@ module Aws::KMS
|
|
|
2318
2802
|
include Aws::Structure
|
|
2319
2803
|
end
|
|
2320
2804
|
|
|
2805
|
+
# The request was rejected because the specified policy is not
|
|
2806
|
+
# syntactically or semantically correct.
|
|
2807
|
+
#
|
|
2808
|
+
# @!attribute [rw] message
|
|
2809
|
+
# @return [String]
|
|
2810
|
+
#
|
|
2811
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/MalformedPolicyDocumentException AWS API Documentation
|
|
2812
|
+
#
|
|
2813
|
+
class MalformedPolicyDocumentException < Struct.new(
|
|
2814
|
+
:message)
|
|
2815
|
+
include Aws::Structure
|
|
2816
|
+
end
|
|
2817
|
+
|
|
2818
|
+
# The request was rejected because the specified entity or resource
|
|
2819
|
+
# could not be found.
|
|
2820
|
+
#
|
|
2821
|
+
# @!attribute [rw] message
|
|
2822
|
+
# @return [String]
|
|
2823
|
+
#
|
|
2824
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/NotFoundException AWS API Documentation
|
|
2825
|
+
#
|
|
2826
|
+
class NotFoundException < Struct.new(
|
|
2827
|
+
:message)
|
|
2828
|
+
include Aws::Structure
|
|
2829
|
+
end
|
|
2830
|
+
|
|
2321
2831
|
# @note When making an API call, you may pass PutKeyPolicyRequest
|
|
2322
2832
|
# data as a hash:
|
|
2323
2833
|
#
|
|
@@ -2375,8 +2885,8 @@ module Aws::KMS
|
|
|
2375
2885
|
#
|
|
2376
2886
|
#
|
|
2377
2887
|
#
|
|
2378
|
-
# [1]:
|
|
2379
|
-
# [2]:
|
|
2888
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
|
2889
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
|
|
2380
2890
|
# @return [String]
|
|
2381
2891
|
#
|
|
2382
2892
|
# @!attribute [rw] bypass_policy_lockout_safety_check
|
|
@@ -2398,7 +2908,7 @@ module Aws::KMS
|
|
|
2398
2908
|
#
|
|
2399
2909
|
#
|
|
2400
2910
|
#
|
|
2401
|
-
# [1]:
|
|
2911
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
|
2402
2912
|
# @return [Boolean]
|
|
2403
2913
|
#
|
|
2404
2914
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyRequest AWS API Documentation
|
|
@@ -2440,7 +2950,7 @@ module Aws::KMS
|
|
|
2440
2950
|
#
|
|
2441
2951
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
|
2442
2952
|
# name, or alias ARN. When using an alias name, prefix it with
|
|
2443
|
-
# "alias/"
|
|
2953
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
|
2444
2954
|
# use the key ARN or alias ARN.
|
|
2445
2955
|
#
|
|
2446
2956
|
# For example:
|
|
@@ -2470,7 +2980,7 @@ module Aws::KMS
|
|
|
2470
2980
|
#
|
|
2471
2981
|
#
|
|
2472
2982
|
#
|
|
2473
|
-
# [1]:
|
|
2983
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
|
2474
2984
|
# @return [Array<String>]
|
|
2475
2985
|
#
|
|
2476
2986
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncryptRequest AWS API Documentation
|
|
@@ -2486,7 +2996,7 @@ module Aws::KMS
|
|
|
2486
2996
|
|
|
2487
2997
|
# @!attribute [rw] ciphertext_blob
|
|
2488
2998
|
# The reencrypted data. When you use the HTTP API or the AWS CLI, the
|
|
2489
|
-
# value is Base64-
|
|
2999
|
+
# value is Base64-encoded. Otherwise, it is not encoded.
|
|
2490
3000
|
# @return [String]
|
|
2491
3001
|
#
|
|
2492
3002
|
# @!attribute [rw] source_key_id
|
|
@@ -2651,7 +3161,7 @@ module Aws::KMS
|
|
|
2651
3161
|
#
|
|
2652
3162
|
#
|
|
2653
3163
|
#
|
|
2654
|
-
# [1]:
|
|
3164
|
+
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html
|
|
2655
3165
|
#
|
|
2656
3166
|
# @note When making an API call, you may pass Tag
|
|
2657
3167
|
# data as a hash:
|
|
@@ -2677,6 +3187,18 @@ module Aws::KMS
|
|
|
2677
3187
|
include Aws::Structure
|
|
2678
3188
|
end
|
|
2679
3189
|
|
|
3190
|
+
# The request was rejected because one or more tags are not valid.
|
|
3191
|
+
#
|
|
3192
|
+
# @!attribute [rw] message
|
|
3193
|
+
# @return [String]
|
|
3194
|
+
#
|
|
3195
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagException AWS API Documentation
|
|
3196
|
+
#
|
|
3197
|
+
class TagException < Struct.new(
|
|
3198
|
+
:message)
|
|
3199
|
+
include Aws::Structure
|
|
3200
|
+
end
|
|
3201
|
+
|
|
2680
3202
|
# @note When making an API call, you may pass TagResourceRequest
|
|
2681
3203
|
# data as a hash:
|
|
2682
3204
|
#
|
|
@@ -2718,6 +3240,19 @@ module Aws::KMS
|
|
|
2718
3240
|
include Aws::Structure
|
|
2719
3241
|
end
|
|
2720
3242
|
|
|
3243
|
+
# The request was rejected because a specified parameter is not
|
|
3244
|
+
# supported or a specified resource is not valid for this operation.
|
|
3245
|
+
#
|
|
3246
|
+
# @!attribute [rw] message
|
|
3247
|
+
# @return [String]
|
|
3248
|
+
#
|
|
3249
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UnsupportedOperationException AWS API Documentation
|
|
3250
|
+
#
|
|
3251
|
+
class UnsupportedOperationException < Struct.new(
|
|
3252
|
+
:message)
|
|
3253
|
+
include Aws::Structure
|
|
3254
|
+
end
|
|
3255
|
+
|
|
2721
3256
|
# @note When making an API call, you may pass UntagResourceRequest
|
|
2722
3257
|
# data as a hash:
|
|
2723
3258
|
#
|
|
@@ -2763,14 +3298,15 @@ module Aws::KMS
|
|
|
2763
3298
|
# }
|
|
2764
3299
|
#
|
|
2765
3300
|
# @!attribute [rw] alias_name
|
|
2766
|
-
#
|
|
2767
|
-
#
|
|
2768
|
-
#
|
|
3301
|
+
# Specifies the name of the alias to change. This value must begin
|
|
3302
|
+
# with `alias/` followed by the alias name, such as
|
|
3303
|
+
# `alias/ExampleAlias`.
|
|
2769
3304
|
# @return [String]
|
|
2770
3305
|
#
|
|
2771
3306
|
# @!attribute [rw] target_key_id
|
|
2772
|
-
# Unique identifier of the customer master key to be mapped to
|
|
2773
|
-
# alias.
|
|
3307
|
+
# Unique identifier of the customer master key (CMK) to be mapped to
|
|
3308
|
+
# the alias. When the update operation completes, the alias will point
|
|
3309
|
+
# to this CMK.
|
|
2774
3310
|
#
|
|
2775
3311
|
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
|
2776
3312
|
#
|
|
@@ -2831,17 +3367,18 @@ module Aws::KMS
|
|
|
2831
3367
|
# Associates the custom key store with a related AWS CloudHSM cluster.
|
|
2832
3368
|
#
|
|
2833
3369
|
# Enter the cluster ID of the cluster that you used to create the
|
|
2834
|
-
# custom key store or a cluster that shares a backup history
|
|
2835
|
-
# original cluster. You cannot use
|
|
2836
|
-
# custom key store with
|
|
2837
|
-
#
|
|
2838
|
-
#
|
|
2839
|
-
#
|
|
2840
|
-
# [DescribeClusters][
|
|
3370
|
+
# custom key store or a cluster that shares a backup history and has
|
|
3371
|
+
# the same cluster certificate as the original cluster. You cannot use
|
|
3372
|
+
# this parameter to associate a custom key store with an unrelated
|
|
3373
|
+
# cluster. In addition, the replacement cluster must [fulfill the
|
|
3374
|
+
# requirements][1] for a cluster associated with a custom key store.
|
|
3375
|
+
# To view the cluster certificate of a cluster, use the
|
|
3376
|
+
# [DescribeClusters][2] operation.
|
|
2841
3377
|
#
|
|
2842
3378
|
#
|
|
2843
3379
|
#
|
|
2844
|
-
# [1]:
|
|
3380
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore
|
|
3381
|
+
# [2]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
|
2845
3382
|
# @return [String]
|
|
2846
3383
|
#
|
|
2847
3384
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStoreRequest AWS API Documentation
|