aws-sdk-kms 1.16.0 → 1.24.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-kms.rb +1 -1
- data/lib/aws-sdk-kms/client.rb +388 -397
- data/lib/aws-sdk-kms/client_api.rb +93 -0
- data/lib/aws-sdk-kms/errors.rb +496 -0
- data/lib/aws-sdk-kms/types.rb +713 -176
- metadata +5 -5
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -11,7 +11,7 @@ module Aws::KMS
|
|
11
11
|
# Contains information about an alias.
|
12
12
|
#
|
13
13
|
# @!attribute [rw] alias_name
|
14
|
-
# String that contains the alias.
|
14
|
+
# String that contains the alias. This value begins with `alias/`.
|
15
15
|
# @return [String]
|
16
16
|
#
|
17
17
|
# @!attribute [rw] alias_arn
|
@@ -31,6 +31,19 @@ module Aws::KMS
|
|
31
31
|
include Aws::Structure
|
32
32
|
end
|
33
33
|
|
34
|
+
# The request was rejected because it attempted to create a resource
|
35
|
+
# that already exists.
|
36
|
+
#
|
37
|
+
# @!attribute [rw] message
|
38
|
+
# @return [String]
|
39
|
+
#
|
40
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/AlreadyExistsException AWS API Documentation
|
41
|
+
#
|
42
|
+
class AlreadyExistsException < Struct.new(
|
43
|
+
:message)
|
44
|
+
include Aws::Structure
|
45
|
+
end
|
46
|
+
|
34
47
|
# @note When making an API call, you may pass CancelKeyDeletionRequest
|
35
48
|
# data as a hash:
|
36
49
|
#
|
@@ -74,6 +87,143 @@ module Aws::KMS
|
|
74
87
|
include Aws::Structure
|
75
88
|
end
|
76
89
|
|
90
|
+
# The request was rejected because the specified AWS CloudHSM cluster is
|
91
|
+
# already associated with a custom key store or it shares a backup
|
92
|
+
# history with a cluster that is associated with a custom key store.
|
93
|
+
# Each custom key store must be associated with a different AWS CloudHSM
|
94
|
+
# cluster.
|
95
|
+
#
|
96
|
+
# Clusters that share a backup history have the same cluster
|
97
|
+
# certificate. To view the cluster certificate of a cluster, use the
|
98
|
+
# [DescribeClusters][1] operation.
|
99
|
+
#
|
100
|
+
#
|
101
|
+
#
|
102
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
103
|
+
#
|
104
|
+
# @!attribute [rw] message
|
105
|
+
# @return [String]
|
106
|
+
#
|
107
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterInUseException AWS API Documentation
|
108
|
+
#
|
109
|
+
class CloudHsmClusterInUseException < Struct.new(
|
110
|
+
:message)
|
111
|
+
include Aws::Structure
|
112
|
+
end
|
113
|
+
|
114
|
+
# The request was rejected because the associated AWS CloudHSM cluster
|
115
|
+
# did not meet the configuration requirements for a custom key store.
|
116
|
+
#
|
117
|
+
# * The cluster must be configured with private subnets in at least two
|
118
|
+
# different Availability Zones in the Region.
|
119
|
+
#
|
120
|
+
# * The [security group for the cluster][1]
|
121
|
+
# (cloudhsm-cluster-*<cluster-id>*-sg) must include inbound
|
122
|
+
# rules and outbound rules that allow TCP traffic on ports 2223-2225.
|
123
|
+
# The **Source** in the inbound rules and the **Destination** in the
|
124
|
+
# outbound rules must match the security group ID. These rules are set
|
125
|
+
# by default when you create the cluster. Do not delete or change
|
126
|
+
# them. To get information about a particular security group, use the
|
127
|
+
# [DescribeSecurityGroups][2] operation.
|
128
|
+
#
|
129
|
+
# * The cluster must contain at least as many HSMs as the operation
|
130
|
+
# requires. To add HSMs, use the AWS CloudHSM [CreateHsm][3]
|
131
|
+
# operation.
|
132
|
+
#
|
133
|
+
# For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey
|
134
|
+
# operations, the AWS CloudHSM cluster must have at least two active
|
135
|
+
# HSMs, each in a different Availability Zone. For the
|
136
|
+
# ConnectCustomKeyStore operation, the AWS CloudHSM must contain at
|
137
|
+
# least one active HSM.
|
138
|
+
#
|
139
|
+
# For information about the requirements for an AWS CloudHSM cluster
|
140
|
+
# that is associated with a custom key store, see [Assemble the
|
141
|
+
# Prerequisites][4] in the *AWS Key Management Service Developer Guide*.
|
142
|
+
# For information about creating a private subnet for an AWS CloudHSM
|
143
|
+
# cluster, see [Create a Private Subnet][5] in the *AWS CloudHSM User
|
144
|
+
# Guide*. For information about cluster security groups, see [Configure
|
145
|
+
# a Default Security Group][1] in the <i> <i>AWS CloudHSM User Guide</i>
|
146
|
+
# </i>.
|
147
|
+
#
|
148
|
+
#
|
149
|
+
#
|
150
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html
|
151
|
+
# [2]: https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html
|
152
|
+
# [3]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html
|
153
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore
|
154
|
+
# [5]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html
|
155
|
+
#
|
156
|
+
# @!attribute [rw] message
|
157
|
+
# @return [String]
|
158
|
+
#
|
159
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterInvalidConfigurationException AWS API Documentation
|
160
|
+
#
|
161
|
+
class CloudHsmClusterInvalidConfigurationException < Struct.new(
|
162
|
+
:message)
|
163
|
+
include Aws::Structure
|
164
|
+
end
|
165
|
+
|
166
|
+
# The request was rejected because the AWS CloudHSM cluster that is
|
167
|
+
# associated with the custom key store is not active. Initialize and
|
168
|
+
# activate the cluster and try the command again. For detailed
|
169
|
+
# instructions, see [Getting Started][1] in the *AWS CloudHSM User
|
170
|
+
# Guide*.
|
171
|
+
#
|
172
|
+
#
|
173
|
+
#
|
174
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html
|
175
|
+
#
|
176
|
+
# @!attribute [rw] message
|
177
|
+
# @return [String]
|
178
|
+
#
|
179
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterNotActiveException AWS API Documentation
|
180
|
+
#
|
181
|
+
class CloudHsmClusterNotActiveException < Struct.new(
|
182
|
+
:message)
|
183
|
+
include Aws::Structure
|
184
|
+
end
|
185
|
+
|
186
|
+
# The request was rejected because AWS KMS cannot find the AWS CloudHSM
|
187
|
+
# cluster with the specified cluster ID. Retry the request with a
|
188
|
+
# different cluster ID.
|
189
|
+
#
|
190
|
+
# @!attribute [rw] message
|
191
|
+
# @return [String]
|
192
|
+
#
|
193
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterNotFoundException AWS API Documentation
|
194
|
+
#
|
195
|
+
class CloudHsmClusterNotFoundException < Struct.new(
|
196
|
+
:message)
|
197
|
+
include Aws::Structure
|
198
|
+
end
|
199
|
+
|
200
|
+
# The request was rejected because the specified AWS CloudHSM cluster
|
201
|
+
# has a different cluster certificate than the original cluster. You
|
202
|
+
# cannot use the operation to specify an unrelated cluster.
|
203
|
+
#
|
204
|
+
# Specify a cluster that shares a backup history with the original
|
205
|
+
# cluster. This includes clusters that were created from a backup of the
|
206
|
+
# current cluster, and clusters that were created from the same backup
|
207
|
+
# that produced the current cluster.
|
208
|
+
#
|
209
|
+
# Clusters that share a backup history have the same cluster
|
210
|
+
# certificate. To view the cluster certificate of a cluster, use the
|
211
|
+
# [DescribeClusters][1] operation.
|
212
|
+
#
|
213
|
+
#
|
214
|
+
#
|
215
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
216
|
+
#
|
217
|
+
# @!attribute [rw] message
|
218
|
+
# @return [String]
|
219
|
+
#
|
220
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CloudHsmClusterNotRelatedException AWS API Documentation
|
221
|
+
#
|
222
|
+
class CloudHsmClusterNotRelatedException < Struct.new(
|
223
|
+
:message)
|
224
|
+
include Aws::Structure
|
225
|
+
end
|
226
|
+
|
77
227
|
# @note When making an API call, you may pass ConnectCustomKeyStoreRequest
|
78
228
|
# data as a hash:
|
79
229
|
#
|
@@ -107,26 +257,22 @@ module Aws::KMS
|
|
107
257
|
# }
|
108
258
|
#
|
109
259
|
# @!attribute [rw] alias_name
|
110
|
-
#
|
111
|
-
#
|
112
|
-
# begin with
|
260
|
+
# Specifies the alias name. This value must begin with `alias/`
|
261
|
+
# followed by a name, such as `alias/ExampleAlias`. The alias name
|
262
|
+
# cannot begin with `alias/aws/`. The `alias/aws/` prefix is reserved
|
263
|
+
# for AWS managed CMKs.
|
113
264
|
# @return [String]
|
114
265
|
#
|
115
266
|
# @!attribute [rw] target_key_id
|
116
|
-
# Identifies the CMK
|
117
|
-
#
|
118
|
-
#
|
119
|
-
#
|
120
|
-
#
|
121
|
-
# For example:
|
267
|
+
# Identifies the CMK to which the alias refers. Specify the key ID or
|
268
|
+
# the Amazon Resource Name (ARN) of the CMK. You cannot specify
|
269
|
+
# another alias. For help finding the key ID and ARN, see [Finding the
|
270
|
+
# Key ID and ARN][1] in the *AWS Key Management Service Developer
|
271
|
+
# Guide*.
|
122
272
|
#
|
123
|
-
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
124
273
|
#
|
125
|
-
# * Key ARN:
|
126
|
-
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
127
274
|
#
|
128
|
-
#
|
129
|
-
# DescribeKey.
|
275
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn
|
130
276
|
# @return [String]
|
131
277
|
#
|
132
278
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAliasRequest AWS API Documentation
|
@@ -160,7 +306,7 @@ module Aws::KMS
|
|
160
306
|
#
|
161
307
|
#
|
162
308
|
#
|
163
|
-
# [1]:
|
309
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
164
310
|
# @return [String]
|
165
311
|
#
|
166
312
|
# @!attribute [rw] trust_anchor_certificate
|
@@ -170,7 +316,7 @@ module Aws::KMS
|
|
170
316
|
#
|
171
317
|
#
|
172
318
|
#
|
173
|
-
# [1]:
|
319
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html
|
174
320
|
# @return [String]
|
175
321
|
#
|
176
322
|
# @!attribute [rw] key_store_password
|
@@ -183,7 +329,7 @@ module Aws::KMS
|
|
183
329
|
#
|
184
330
|
#
|
185
331
|
#
|
186
|
-
# [1]:
|
332
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser
|
187
333
|
# @return [String]
|
188
334
|
#
|
189
335
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStoreRequest AWS API Documentation
|
@@ -258,8 +404,8 @@ module Aws::KMS
|
|
258
404
|
#
|
259
405
|
#
|
260
406
|
#
|
261
|
-
# [1]:
|
262
|
-
# [2]:
|
407
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
408
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
|
263
409
|
# @return [String]
|
264
410
|
#
|
265
411
|
# @!attribute [rw] retiring_principal
|
@@ -275,8 +421,8 @@ module Aws::KMS
|
|
275
421
|
#
|
276
422
|
#
|
277
423
|
#
|
278
|
-
# [1]:
|
279
|
-
# [2]:
|
424
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
425
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
|
280
426
|
# @return [String]
|
281
427
|
#
|
282
428
|
# @!attribute [rw] operations
|
@@ -284,14 +430,15 @@ module Aws::KMS
|
|
284
430
|
# @return [Array<String>]
|
285
431
|
#
|
286
432
|
# @!attribute [rw] constraints
|
287
|
-
#
|
288
|
-
#
|
289
|
-
# information about encryption context, see
|
290
|
-
# the
|
433
|
+
# Allows a cryptographic operation only when the encryption context
|
434
|
+
# matches or includes the encryption context specified in this
|
435
|
+
# structure. For more information about encryption context, see
|
436
|
+
# [Encryption Context][1] in the <i> <i>AWS Key Management Service
|
437
|
+
# Developer Guide</i> </i>.
|
291
438
|
#
|
292
439
|
#
|
293
440
|
#
|
294
|
-
# [1]:
|
441
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
295
442
|
# @return [Types::GrantConstraints]
|
296
443
|
#
|
297
444
|
# @!attribute [rw] grant_tokens
|
@@ -302,12 +449,13 @@ module Aws::KMS
|
|
302
449
|
#
|
303
450
|
#
|
304
451
|
#
|
305
|
-
# [1]:
|
452
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
306
453
|
# @return [Array<String>]
|
307
454
|
#
|
308
455
|
# @!attribute [rw] name
|
309
456
|
# A friendly name for identifying the grant. Use this value to prevent
|
310
|
-
# unintended creation of duplicate grants when retrying this
|
457
|
+
# the unintended creation of duplicate grants when retrying this
|
458
|
+
# request.
|
311
459
|
#
|
312
460
|
# When this value is absent, all `CreateGrant` requests result in a
|
313
461
|
# new grant with a unique `GrantId` even if all the supplied
|
@@ -343,7 +491,7 @@ module Aws::KMS
|
|
343
491
|
#
|
344
492
|
#
|
345
493
|
#
|
346
|
-
# [1]:
|
494
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
347
495
|
# @return [String]
|
348
496
|
#
|
349
497
|
# @!attribute [rw] grant_id
|
@@ -389,7 +537,8 @@ module Aws::KMS
|
|
389
537
|
# request to make a subsequent PutKeyPolicy request on the CMK. This
|
390
538
|
# reduces the risk that the CMK becomes unmanageable. For more
|
391
539
|
# information, refer to the scenario in the [Default Key Policy][1]
|
392
|
-
# section of the
|
540
|
+
# section of the <i> <i>AWS Key Management Service Developer
|
541
|
+
# Guide</i> </i>.
|
393
542
|
#
|
394
543
|
# * Each statement in the key policy must contain one or more
|
395
544
|
# principals. The principals in the key policy must exist and be
|
@@ -409,9 +558,9 @@ module Aws::KMS
|
|
409
558
|
#
|
410
559
|
#
|
411
560
|
#
|
412
|
-
# [1]:
|
413
|
-
# [2]:
|
414
|
-
# [3]:
|
561
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
562
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
|
563
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
415
564
|
# @return [String]
|
416
565
|
#
|
417
566
|
# @!attribute [rw] description
|
@@ -422,14 +571,14 @@ module Aws::KMS
|
|
422
571
|
# @return [String]
|
423
572
|
#
|
424
573
|
# @!attribute [rw] key_usage
|
425
|
-
# The
|
426
|
-
#
|
427
|
-
#
|
574
|
+
# The cryptographic operations for which you can use the CMK. The only
|
575
|
+
# valid value is `ENCRYPT_DECRYPT`, which means you can use the CMK to
|
576
|
+
# encrypt and decrypt data.
|
428
577
|
# @return [String]
|
429
578
|
#
|
430
579
|
# @!attribute [rw] origin
|
431
|
-
# The source of the
|
432
|
-
# after you create the CMK.
|
580
|
+
# The source of the key material for the CMK. You cannot change the
|
581
|
+
# origin after you create the CMK.
|
433
582
|
#
|
434
583
|
# The default is `AWS_KMS`, which means AWS KMS creates the key
|
435
584
|
# material in its own key store.
|
@@ -441,14 +590,14 @@ module Aws::KMS
|
|
441
590
|
# in the *AWS Key Management Service Developer Guide*.
|
442
591
|
#
|
443
592
|
# When the parameter value is `AWS_CLOUDHSM`, AWS KMS creates the CMK
|
444
|
-
# in
|
593
|
+
# in an AWS KMS [custom key store][2] and creates its key material in
|
445
594
|
# the associated AWS CloudHSM cluster. You must also use the
|
446
595
|
# `CustomKeyStoreId` parameter to identify the custom key store.
|
447
596
|
#
|
448
597
|
#
|
449
598
|
#
|
450
|
-
# [1]:
|
451
|
-
# [2]:
|
599
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
|
600
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
452
601
|
# @return [String]
|
453
602
|
#
|
454
603
|
# @!attribute [rw] custom_key_store_id
|
@@ -465,15 +614,14 @@ module Aws::KMS
|
|
465
614
|
# The response includes the custom key store ID and the ID of the AWS
|
466
615
|
# CloudHSM cluster.
|
467
616
|
#
|
468
|
-
# This operation is part of the [Custom Key Store feature][
|
617
|
+
# This operation is part of the [Custom Key Store feature][1] feature
|
469
618
|
# in AWS KMS, which combines the convenience and extensive integration
|
470
619
|
# of AWS KMS with the isolation and control of a single-tenant key
|
471
620
|
# store.
|
472
621
|
#
|
473
622
|
#
|
474
623
|
#
|
475
|
-
# [1]:
|
476
|
-
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
624
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
477
625
|
# @return [String]
|
478
626
|
#
|
479
627
|
# @!attribute [rw] bypass_policy_lockout_safety_check
|
@@ -484,8 +632,8 @@ module Aws::KMS
|
|
484
632
|
# unmanageable. Do not set this value to true indiscriminately.
|
485
633
|
#
|
486
634
|
# For more information, refer to the scenario in the [Default Key
|
487
|
-
# Policy][1] section in the
|
488
|
-
# Guide
|
635
|
+
# Policy][1] section in the <i> <i>AWS Key Management Service
|
636
|
+
# Developer Guide</i> </i>.
|
489
637
|
#
|
490
638
|
# Use this parameter only when you include a policy in the request and
|
491
639
|
# you intend to prevent the principal that is making the request from
|
@@ -495,7 +643,7 @@ module Aws::KMS
|
|
495
643
|
#
|
496
644
|
#
|
497
645
|
#
|
498
|
-
# [1]:
|
646
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
499
647
|
# @return [Boolean]
|
500
648
|
#
|
501
649
|
# @!attribute [rw] tags
|
@@ -532,6 +680,77 @@ module Aws::KMS
|
|
532
680
|
include Aws::Structure
|
533
681
|
end
|
534
682
|
|
683
|
+
# The request was rejected because the custom key store contains AWS KMS
|
684
|
+
# customer master keys (CMKs). After verifying that you do not need to
|
685
|
+
# use the CMKs, use the ScheduleKeyDeletion operation to delete the
|
686
|
+
# CMKs. After they are deleted, you can delete the custom key store.
|
687
|
+
#
|
688
|
+
# @!attribute [rw] message
|
689
|
+
# @return [String]
|
690
|
+
#
|
691
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoreHasCMKsException AWS API Documentation
|
692
|
+
#
|
693
|
+
class CustomKeyStoreHasCMKsException < Struct.new(
|
694
|
+
:message)
|
695
|
+
include Aws::Structure
|
696
|
+
end
|
697
|
+
|
698
|
+
# The request was rejected because of the `ConnectionState` of the
|
699
|
+
# custom key store. To get the `ConnectionState` of a custom key store,
|
700
|
+
# use the DescribeCustomKeyStores operation.
|
701
|
+
#
|
702
|
+
# This exception is thrown under the following conditions:
|
703
|
+
#
|
704
|
+
# * You requested the CreateKey or GenerateRandom operation in a custom
|
705
|
+
# key store that is not connected. These operations are valid only
|
706
|
+
# when the custom key store `ConnectionState` is `CONNECTED`.
|
707
|
+
#
|
708
|
+
# * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore
|
709
|
+
# operation on a custom key store that is not disconnected. This
|
710
|
+
# operation is valid only when the custom key store `ConnectionState`
|
711
|
+
# is `DISCONNECTED`.
|
712
|
+
#
|
713
|
+
# * You requested the ConnectCustomKeyStore operation on a custom key
|
714
|
+
# store with a `ConnectionState` of `DISCONNECTING` or `FAILED`. This
|
715
|
+
# operation is valid for all other `ConnectionState` values.
|
716
|
+
#
|
717
|
+
# @!attribute [rw] message
|
718
|
+
# @return [String]
|
719
|
+
#
|
720
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoreInvalidStateException AWS API Documentation
|
721
|
+
#
|
722
|
+
class CustomKeyStoreInvalidStateException < Struct.new(
|
723
|
+
:message)
|
724
|
+
include Aws::Structure
|
725
|
+
end
|
726
|
+
|
727
|
+
# The request was rejected because the specified custom key store name
|
728
|
+
# is already assigned to another custom key store in the account. Try
|
729
|
+
# again with a custom key store name that is unique in the account.
|
730
|
+
#
|
731
|
+
# @!attribute [rw] message
|
732
|
+
# @return [String]
|
733
|
+
#
|
734
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoreNameInUseException AWS API Documentation
|
735
|
+
#
|
736
|
+
class CustomKeyStoreNameInUseException < Struct.new(
|
737
|
+
:message)
|
738
|
+
include Aws::Structure
|
739
|
+
end
|
740
|
+
|
741
|
+
# The request was rejected because AWS KMS cannot find a custom key
|
742
|
+
# store with the specified key store name or ID.
|
743
|
+
#
|
744
|
+
# @!attribute [rw] message
|
745
|
+
# @return [String]
|
746
|
+
#
|
747
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoreNotFoundException AWS API Documentation
|
748
|
+
#
|
749
|
+
class CustomKeyStoreNotFoundException < Struct.new(
|
750
|
+
:message)
|
751
|
+
include Aws::Structure
|
752
|
+
end
|
753
|
+
|
535
754
|
# Contains information about each custom key store in the custom key
|
536
755
|
# store list.
|
537
756
|
#
|
@@ -555,7 +774,7 @@ module Aws::KMS
|
|
555
774
|
#
|
556
775
|
#
|
557
776
|
#
|
558
|
-
# [1]:
|
777
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr
|
559
778
|
# @return [String]
|
560
779
|
#
|
561
780
|
# @!attribute [rw] connection_state
|
@@ -578,7 +797,7 @@ module Aws::KMS
|
|
578
797
|
#
|
579
798
|
#
|
580
799
|
#
|
581
|
-
# [1]:
|
800
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
|
582
801
|
# @return [String]
|
583
802
|
#
|
584
803
|
# @!attribute [rw] connection_error_code
|
@@ -592,6 +811,11 @@ module Aws::KMS
|
|
592
811
|
# its AWS CloudHSM cluster, the cluster must contain at least one
|
593
812
|
# active HSM.
|
594
813
|
#
|
814
|
+
# * `INTERNAL_ERROR` - AWS KMS could not complete the request due to
|
815
|
+
# an internal error. Retry the request. For `ConnectCustomKeyStore`
|
816
|
+
# requests, disconnect the custom key store before trying to connect
|
817
|
+
# again.
|
818
|
+
#
|
595
819
|
# * `INVALID_CREDENTIALS` - AWS KMS does not have the correct password
|
596
820
|
# for the `kmsuser` crypto user in the AWS CloudHSM cluster.
|
597
821
|
#
|
@@ -609,7 +833,7 @@ module Aws::KMS
|
|
609
833
|
#
|
610
834
|
#
|
611
835
|
#
|
612
|
-
# [1]:
|
836
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
|
613
837
|
# @return [String]
|
614
838
|
#
|
615
839
|
# @!attribute [rw] creation_date
|
@@ -651,7 +875,7 @@ module Aws::KMS
|
|
651
875
|
#
|
652
876
|
#
|
653
877
|
#
|
654
|
-
# [1]:
|
878
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
655
879
|
# @return [Hash<String,String>]
|
656
880
|
#
|
657
881
|
# @!attribute [rw] grant_tokens
|
@@ -662,7 +886,7 @@ module Aws::KMS
|
|
662
886
|
#
|
663
887
|
#
|
664
888
|
#
|
665
|
-
# [1]:
|
889
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
666
890
|
# @return [Array<String>]
|
667
891
|
#
|
668
892
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptRequest AWS API Documentation
|
@@ -681,7 +905,7 @@ module Aws::KMS
|
|
681
905
|
#
|
682
906
|
# @!attribute [rw] plaintext
|
683
907
|
# Decrypted plaintext data. When you use the HTTP API or the AWS CLI,
|
684
|
-
# the value is Base64-
|
908
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
685
909
|
# @return [String]
|
686
910
|
#
|
687
911
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptResponse AWS API Documentation
|
@@ -700,9 +924,8 @@ module Aws::KMS
|
|
700
924
|
# }
|
701
925
|
#
|
702
926
|
# @!attribute [rw] alias_name
|
703
|
-
# The alias to be deleted. The name must
|
704
|
-
# followed by
|
705
|
-
# "alias/aws" are reserved.
|
927
|
+
# The alias to be deleted. The alias name must begin with `alias/`
|
928
|
+
# followed by the alias name, such as `alias/ExampleAlias`.
|
706
929
|
# @return [String]
|
707
930
|
#
|
708
931
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAliasRequest AWS API Documentation
|
@@ -743,8 +966,8 @@ module Aws::KMS
|
|
743
966
|
# }
|
744
967
|
#
|
745
968
|
# @!attribute [rw] key_id
|
746
|
-
#
|
747
|
-
# `Origin` must be `EXTERNAL`.
|
969
|
+
# Identifies the CMK from which you are deleting imported key
|
970
|
+
# material. The `Origin` of the CMK must be `EXTERNAL`.
|
748
971
|
#
|
749
972
|
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
750
973
|
#
|
@@ -766,6 +989,19 @@ module Aws::KMS
|
|
766
989
|
include Aws::Structure
|
767
990
|
end
|
768
991
|
|
992
|
+
# The system timed out while trying to fulfill the request. The request
|
993
|
+
# can be retried.
|
994
|
+
#
|
995
|
+
# @!attribute [rw] message
|
996
|
+
# @return [String]
|
997
|
+
#
|
998
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DependencyTimeoutException AWS API Documentation
|
999
|
+
#
|
1000
|
+
class DependencyTimeoutException < Struct.new(
|
1001
|
+
:message)
|
1002
|
+
include Aws::Structure
|
1003
|
+
end
|
1004
|
+
|
769
1005
|
# @note When making an API call, you may pass DescribeCustomKeyStoresRequest
|
770
1006
|
# data as a hash:
|
771
1007
|
#
|
@@ -830,8 +1066,8 @@ module Aws::KMS
|
|
830
1066
|
# @!attribute [rw] truncated
|
831
1067
|
# A flag that indicates whether there are more items in the list. When
|
832
1068
|
# this value is true, the list in this response is truncated. To get
|
833
|
-
# more items, pass the value of the `NextMarker` element in
|
834
|
-
#
|
1069
|
+
# more items, pass the value of the `NextMarker` element in
|
1070
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
835
1071
|
# @return [Boolean]
|
836
1072
|
#
|
837
1073
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStoresResponse AWS API Documentation
|
@@ -860,7 +1096,7 @@ module Aws::KMS
|
|
860
1096
|
#
|
861
1097
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
862
1098
|
# name, or alias ARN. When using an alias name, prefix it with
|
863
|
-
# "alias/"
|
1099
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
864
1100
|
# use the key ARN or alias ARN.
|
865
1101
|
#
|
866
1102
|
# For example:
|
@@ -879,7 +1115,7 @@ module Aws::KMS
|
|
879
1115
|
#
|
880
1116
|
#
|
881
1117
|
#
|
882
|
-
# [1]:
|
1118
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
|
883
1119
|
# @return [String]
|
884
1120
|
#
|
885
1121
|
# @!attribute [rw] grant_tokens
|
@@ -890,7 +1126,7 @@ module Aws::KMS
|
|
890
1126
|
#
|
891
1127
|
#
|
892
1128
|
#
|
893
|
-
# [1]:
|
1129
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
894
1130
|
# @return [Array<String>]
|
895
1131
|
#
|
896
1132
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKeyRequest AWS API Documentation
|
@@ -972,6 +1208,18 @@ module Aws::KMS
|
|
972
1208
|
include Aws::Structure
|
973
1209
|
end
|
974
1210
|
|
1211
|
+
# The request was rejected because the specified CMK is not enabled.
|
1212
|
+
#
|
1213
|
+
# @!attribute [rw] message
|
1214
|
+
# @return [String]
|
1215
|
+
#
|
1216
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisabledException AWS API Documentation
|
1217
|
+
#
|
1218
|
+
class DisabledException < Struct.new(
|
1219
|
+
:message)
|
1220
|
+
include Aws::Structure
|
1221
|
+
end
|
1222
|
+
|
975
1223
|
# @note When making an API call, you may pass DisconnectCustomKeyStoreRequest
|
976
1224
|
# data as a hash:
|
977
1225
|
#
|
@@ -1073,7 +1321,7 @@ module Aws::KMS
|
|
1073
1321
|
#
|
1074
1322
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1075
1323
|
# name, or alias ARN. When using an alias name, prefix it with
|
1076
|
-
# "alias/"
|
1324
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
1077
1325
|
# use the key ARN or alias ARN.
|
1078
1326
|
#
|
1079
1327
|
# For example:
|
@@ -1103,7 +1351,7 @@ module Aws::KMS
|
|
1103
1351
|
#
|
1104
1352
|
#
|
1105
1353
|
#
|
1106
|
-
# [1]:
|
1354
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1107
1355
|
# @return [Hash<String,String>]
|
1108
1356
|
#
|
1109
1357
|
# @!attribute [rw] grant_tokens
|
@@ -1114,7 +1362,7 @@ module Aws::KMS
|
|
1114
1362
|
#
|
1115
1363
|
#
|
1116
1364
|
#
|
1117
|
-
# [1]:
|
1365
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
1118
1366
|
# @return [Array<String>]
|
1119
1367
|
#
|
1120
1368
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptRequest AWS API Documentation
|
@@ -1129,7 +1377,7 @@ module Aws::KMS
|
|
1129
1377
|
|
1130
1378
|
# @!attribute [rw] ciphertext_blob
|
1131
1379
|
# The encrypted plaintext. When you use the HTTP API or the AWS CLI,
|
1132
|
-
# the value is Base64-
|
1380
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
1133
1381
|
# @return [String]
|
1134
1382
|
#
|
1135
1383
|
# @!attribute [rw] key_id
|
@@ -1144,6 +1392,21 @@ module Aws::KMS
|
|
1144
1392
|
include Aws::Structure
|
1145
1393
|
end
|
1146
1394
|
|
1395
|
+
# The request was rejected because the provided import token is expired.
|
1396
|
+
# Use GetParametersForImport to get a new import token and public key,
|
1397
|
+
# use the new public key to encrypt the key material, and then try the
|
1398
|
+
# request again.
|
1399
|
+
#
|
1400
|
+
# @!attribute [rw] message
|
1401
|
+
# @return [String]
|
1402
|
+
#
|
1403
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ExpiredImportTokenException AWS API Documentation
|
1404
|
+
#
|
1405
|
+
class ExpiredImportTokenException < Struct.new(
|
1406
|
+
:message)
|
1407
|
+
include Aws::Structure
|
1408
|
+
end
|
1409
|
+
|
1147
1410
|
# @note When making an API call, you may pass GenerateDataKeyRequest
|
1148
1411
|
# data as a hash:
|
1149
1412
|
#
|
@@ -1158,12 +1421,11 @@ module Aws::KMS
|
|
1158
1421
|
# }
|
1159
1422
|
#
|
1160
1423
|
# @!attribute [rw] key_id
|
1161
|
-
#
|
1162
|
-
# data encryption key.
|
1424
|
+
# An identifier for the CMK that encrypts the data key.
|
1163
1425
|
#
|
1164
1426
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1165
1427
|
# name, or alias ARN. When using an alias name, prefix it with
|
1166
|
-
# "alias/"
|
1428
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
1167
1429
|
# use the key ARN or alias ARN.
|
1168
1430
|
#
|
1169
1431
|
# For example:
|
@@ -1190,20 +1452,19 @@ module Aws::KMS
|
|
1190
1452
|
#
|
1191
1453
|
#
|
1192
1454
|
#
|
1193
|
-
# [1]:
|
1455
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1194
1456
|
# @return [Hash<String,String>]
|
1195
1457
|
#
|
1196
1458
|
# @!attribute [rw] number_of_bytes
|
1197
|
-
# The length of the data
|
1198
|
-
#
|
1199
|
-
#
|
1200
|
-
#
|
1459
|
+
# The length of the data key in bytes. For example, use the value 64
|
1460
|
+
# to generate a 512-bit data key (64 bytes is 512 bits). For common
|
1461
|
+
# key lengths (128-bit and 256-bit symmetric keys), we recommend that
|
1462
|
+
# you use the `KeySpec` field instead of this one.
|
1201
1463
|
# @return [Integer]
|
1202
1464
|
#
|
1203
1465
|
# @!attribute [rw] key_spec
|
1204
|
-
# The length of the data
|
1205
|
-
#
|
1206
|
-
# key.
|
1466
|
+
# The length of the data key. Use `AES_128` to generate a 128-bit
|
1467
|
+
# symmetric key, or `AES_256` to generate a 256-bit symmetric key.
|
1207
1468
|
# @return [String]
|
1208
1469
|
#
|
1209
1470
|
# @!attribute [rw] grant_tokens
|
@@ -1214,7 +1475,7 @@ module Aws::KMS
|
|
1214
1475
|
#
|
1215
1476
|
#
|
1216
1477
|
#
|
1217
|
-
# [1]:
|
1478
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
1218
1479
|
# @return [Array<String>]
|
1219
1480
|
#
|
1220
1481
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyRequest AWS API Documentation
|
@@ -1229,20 +1490,19 @@ module Aws::KMS
|
|
1229
1490
|
end
|
1230
1491
|
|
1231
1492
|
# @!attribute [rw] ciphertext_blob
|
1232
|
-
# The encrypted data
|
1233
|
-
# AWS CLI, the value is Base64-
|
1493
|
+
# The encrypted copy of the data key. When you use the HTTP API or the
|
1494
|
+
# AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.
|
1234
1495
|
# @return [String]
|
1235
1496
|
#
|
1236
1497
|
# @!attribute [rw] plaintext
|
1237
|
-
# The data
|
1238
|
-
# the value is Base64-
|
1239
|
-
# data key
|
1498
|
+
# The plaintext data key. When you use the HTTP API or the AWS CLI,
|
1499
|
+
# the value is Base64-encoded. Otherwise, it is not encoded. Use this
|
1500
|
+
# data key to encrypt your data outside of KMS. Then, remove it from
|
1240
1501
|
# memory as soon as possible.
|
1241
1502
|
# @return [String]
|
1242
1503
|
#
|
1243
1504
|
# @!attribute [rw] key_id
|
1244
|
-
# The identifier of the CMK
|
1245
|
-
# generated and encrypted.
|
1505
|
+
# The identifier of the CMK that encrypted the data key.
|
1246
1506
|
# @return [String]
|
1247
1507
|
#
|
1248
1508
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyResponse AWS API Documentation
|
@@ -1268,12 +1528,12 @@ module Aws::KMS
|
|
1268
1528
|
# }
|
1269
1529
|
#
|
1270
1530
|
# @!attribute [rw] key_id
|
1271
|
-
# The identifier of the customer master key (CMK)
|
1272
|
-
#
|
1531
|
+
# The identifier of the customer master key (CMK) that encrypts the
|
1532
|
+
# data key.
|
1273
1533
|
#
|
1274
1534
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1275
1535
|
# name, or alias ARN. When using an alias name, prefix it with
|
1276
|
-
# "alias/"
|
1536
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
1277
1537
|
# use the key ARN or alias ARN.
|
1278
1538
|
#
|
1279
1539
|
# For example:
|
@@ -1300,20 +1560,19 @@ module Aws::KMS
|
|
1300
1560
|
#
|
1301
1561
|
#
|
1302
1562
|
#
|
1303
|
-
# [1]:
|
1563
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1304
1564
|
# @return [Hash<String,String>]
|
1305
1565
|
#
|
1306
1566
|
# @!attribute [rw] key_spec
|
1307
|
-
# The length of the data
|
1308
|
-
#
|
1309
|
-
# key.
|
1567
|
+
# The length of the data key. Use `AES_128` to generate a 128-bit
|
1568
|
+
# symmetric key, or `AES_256` to generate a 256-bit symmetric key.
|
1310
1569
|
# @return [String]
|
1311
1570
|
#
|
1312
1571
|
# @!attribute [rw] number_of_bytes
|
1313
|
-
# The length of the data
|
1314
|
-
#
|
1315
|
-
#
|
1316
|
-
#
|
1572
|
+
# The length of the data key in bytes. For example, use the value 64
|
1573
|
+
# to generate a 512-bit data key (64 bytes is 512 bits). For common
|
1574
|
+
# key lengths (128-bit and 256-bit symmetric keys), we recommend that
|
1575
|
+
# you use the `KeySpec` field instead of this one.
|
1317
1576
|
# @return [Integer]
|
1318
1577
|
#
|
1319
1578
|
# @!attribute [rw] grant_tokens
|
@@ -1324,7 +1583,7 @@ module Aws::KMS
|
|
1324
1583
|
#
|
1325
1584
|
#
|
1326
1585
|
#
|
1327
|
-
# [1]:
|
1586
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
1328
1587
|
# @return [Array<String>]
|
1329
1588
|
#
|
1330
1589
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextRequest AWS API Documentation
|
@@ -1339,13 +1598,12 @@ module Aws::KMS
|
|
1339
1598
|
end
|
1340
1599
|
|
1341
1600
|
# @!attribute [rw] ciphertext_blob
|
1342
|
-
# The encrypted data
|
1343
|
-
#
|
1601
|
+
# The encrypted data key. When you use the HTTP API or the AWS CLI,
|
1602
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
1344
1603
|
# @return [String]
|
1345
1604
|
#
|
1346
1605
|
# @!attribute [rw] key_id
|
1347
|
-
# The identifier of the CMK
|
1348
|
-
# generated and encrypted.
|
1606
|
+
# The identifier of the CMK that encrypted the data key.
|
1349
1607
|
# @return [String]
|
1350
1608
|
#
|
1351
1609
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextResponse AWS API Documentation
|
@@ -1375,7 +1633,7 @@ module Aws::KMS
|
|
1375
1633
|
#
|
1376
1634
|
#
|
1377
1635
|
#
|
1378
|
-
# [1]:
|
1636
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
1379
1637
|
# @return [String]
|
1380
1638
|
#
|
1381
1639
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomRequest AWS API Documentation
|
@@ -1388,7 +1646,7 @@ module Aws::KMS
|
|
1388
1646
|
|
1389
1647
|
# @!attribute [rw] plaintext
|
1390
1648
|
# The random byte string. When you use the HTTP API or the AWS CLI,
|
1391
|
-
# the value is Base64-
|
1649
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
1392
1650
|
# @return [String]
|
1393
1651
|
#
|
1394
1652
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomResponse AWS API Documentation
|
@@ -1522,7 +1780,7 @@ module Aws::KMS
|
|
1522
1780
|
#
|
1523
1781
|
#
|
1524
1782
|
#
|
1525
|
-
# [1]:
|
1783
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html
|
1526
1784
|
# @return [String]
|
1527
1785
|
#
|
1528
1786
|
# @!attribute [rw] wrapping_key_spec
|
@@ -1571,23 +1829,46 @@ module Aws::KMS
|
|
1571
1829
|
include Aws::Structure
|
1572
1830
|
end
|
1573
1831
|
|
1574
|
-
#
|
1575
|
-
#
|
1576
|
-
#
|
1577
|
-
#
|
1832
|
+
# Use this structure to allow cryptographic operations in the grant only
|
1833
|
+
# when the operation request includes the specified [encryption
|
1834
|
+
# context][1].
|
1835
|
+
#
|
1836
|
+
# AWS KMS applies the grant constraints only when the grant allows a
|
1837
|
+
# cryptographic operation that accepts an encryption context as input,
|
1838
|
+
# such as the following.
|
1839
|
+
#
|
1840
|
+
# * Encrypt
|
1841
|
+
#
|
1842
|
+
# * Decrypt
|
1843
|
+
#
|
1844
|
+
# * GenerateDataKey
|
1845
|
+
#
|
1846
|
+
# * GenerateDataKeyWithoutPlaintext
|
1847
|
+
#
|
1848
|
+
# * ReEncrypt
|
1849
|
+
#
|
1850
|
+
# AWS KMS does not apply the grant constraints to other operations, such
|
1851
|
+
# as DescribeKey or ScheduleKeyDeletion.
|
1852
|
+
#
|
1853
|
+
# In a cryptographic operation, the encryption context in the decryption
|
1854
|
+
# operation must be an exact, case-sensitive match for the keys and
|
1855
|
+
# values in the encryption context of the encryption operation. Only the
|
1856
|
+
# order of the pairs can vary.
|
1857
|
+
#
|
1858
|
+
# However, in a grant constraint, the key in each key-value pair is not
|
1859
|
+
# case sensitive, but the value is case sensitive.
|
1578
1860
|
#
|
1579
|
-
#
|
1580
|
-
#
|
1581
|
-
#
|
1582
|
-
# `
|
1583
|
-
#
|
1584
|
-
#
|
1585
|
-
# the encryption context of the `Encrypt` operation satisfies the grant
|
1586
|
-
# constraints.
|
1861
|
+
# To avoid confusion, do not use multiple encryption context pairs that
|
1862
|
+
# differ only by case. To require a fully case-sensitive encryption
|
1863
|
+
# context, use the `kms:EncryptionContext:` and
|
1864
|
+
# `kms:EncryptionContextKeys` conditions in an IAM or key policy. For
|
1865
|
+
# details, see [kms:EncryptionContext:][2] in the <i> <i>AWS Key
|
1866
|
+
# Management Service Developer Guide</i> </i>.
|
1587
1867
|
#
|
1588
1868
|
#
|
1589
1869
|
#
|
1590
|
-
# [1]:
|
1870
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1871
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context
|
1591
1872
|
#
|
1592
1873
|
# @note When making an API call, you may pass GrantConstraints
|
1593
1874
|
# data as a hash:
|
@@ -1602,20 +1883,18 @@ module Aws::KMS
|
|
1602
1883
|
# }
|
1603
1884
|
#
|
1604
1885
|
# @!attribute [rw] encryption_context_subset
|
1605
|
-
# A list of key-value pairs
|
1606
|
-
#
|
1607
|
-
#
|
1608
|
-
#
|
1609
|
-
#
|
1610
|
-
# does not allow the operation.
|
1886
|
+
# A list of key-value pairs that must be included in the encryption
|
1887
|
+
# context of the cryptographic operation request. The grant allows the
|
1888
|
+
# cryptographic operation only when the encryption context in the
|
1889
|
+
# request includes the key-value pairs specified in this constraint,
|
1890
|
+
# although it can include additional key-value pairs.
|
1611
1891
|
# @return [Hash<String,String>]
|
1612
1892
|
#
|
1613
1893
|
# @!attribute [rw] encryption_context_equals
|
1614
|
-
# A list of key-value pairs that must
|
1615
|
-
#
|
1616
|
-
#
|
1617
|
-
# encryption context
|
1618
|
-
# operation. Otherwise, the grant does not allow the operation.
|
1894
|
+
# A list of key-value pairs that must match the encryption context in
|
1895
|
+
# the cryptographic operation request. The grant allows the operation
|
1896
|
+
# only when the encryption context in the request is the same as the
|
1897
|
+
# encryption context specified in this constraint.
|
1619
1898
|
# @return [Hash<String,String>]
|
1620
1899
|
#
|
1621
1900
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantConstraints AWS API Documentation
|
@@ -1756,6 +2035,180 @@ module Aws::KMS
|
|
1756
2035
|
#
|
1757
2036
|
class ImportKeyMaterialResponse < Aws::EmptyStructure; end
|
1758
2037
|
|
2038
|
+
# The request was rejected because the provided key material is invalid
|
2039
|
+
# or is not the same key material that was previously imported into this
|
2040
|
+
# customer master key (CMK).
|
2041
|
+
#
|
2042
|
+
# @!attribute [rw] message
|
2043
|
+
# @return [String]
|
2044
|
+
#
|
2045
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/IncorrectKeyMaterialException AWS API Documentation
|
2046
|
+
#
|
2047
|
+
class IncorrectKeyMaterialException < Struct.new(
|
2048
|
+
:message)
|
2049
|
+
include Aws::Structure
|
2050
|
+
end
|
2051
|
+
|
2052
|
+
# The request was rejected because the trust anchor certificate in the
|
2053
|
+
# request is not the trust anchor certificate for the specified AWS
|
2054
|
+
# CloudHSM cluster.
|
2055
|
+
#
|
2056
|
+
# When you [initialize the cluster][1], you create the trust anchor
|
2057
|
+
# certificate and save it in the `customerCA.crt` file.
|
2058
|
+
#
|
2059
|
+
#
|
2060
|
+
#
|
2061
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr
|
2062
|
+
#
|
2063
|
+
# @!attribute [rw] message
|
2064
|
+
# @return [String]
|
2065
|
+
#
|
2066
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/IncorrectTrustAnchorException AWS API Documentation
|
2067
|
+
#
|
2068
|
+
class IncorrectTrustAnchorException < Struct.new(
|
2069
|
+
:message)
|
2070
|
+
include Aws::Structure
|
2071
|
+
end
|
2072
|
+
|
2073
|
+
# The request was rejected because the specified alias name is not
|
2074
|
+
# valid.
|
2075
|
+
#
|
2076
|
+
# @!attribute [rw] message
|
2077
|
+
# @return [String]
|
2078
|
+
#
|
2079
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidAliasNameException AWS API Documentation
|
2080
|
+
#
|
2081
|
+
class InvalidAliasNameException < Struct.new(
|
2082
|
+
:message)
|
2083
|
+
include Aws::Structure
|
2084
|
+
end
|
2085
|
+
|
2086
|
+
# The request was rejected because a specified ARN, or an ARN in a key
|
2087
|
+
# policy, is not valid.
|
2088
|
+
#
|
2089
|
+
# @!attribute [rw] message
|
2090
|
+
# @return [String]
|
2091
|
+
#
|
2092
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidArnException AWS API Documentation
|
2093
|
+
#
|
2094
|
+
class InvalidArnException < Struct.new(
|
2095
|
+
:message)
|
2096
|
+
include Aws::Structure
|
2097
|
+
end
|
2098
|
+
|
2099
|
+
# The request was rejected because the specified ciphertext, or
|
2100
|
+
# additional authenticated data incorporated into the ciphertext, such
|
2101
|
+
# as the encryption context, is corrupted, missing, or otherwise
|
2102
|
+
# invalid.
|
2103
|
+
#
|
2104
|
+
# @!attribute [rw] message
|
2105
|
+
# @return [String]
|
2106
|
+
#
|
2107
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidCiphertextException AWS API Documentation
|
2108
|
+
#
|
2109
|
+
class InvalidCiphertextException < Struct.new(
|
2110
|
+
:message)
|
2111
|
+
include Aws::Structure
|
2112
|
+
end
|
2113
|
+
|
2114
|
+
# The request was rejected because the specified `GrantId` is not valid.
|
2115
|
+
#
|
2116
|
+
# @!attribute [rw] message
|
2117
|
+
# @return [String]
|
2118
|
+
#
|
2119
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidGrantIdException AWS API Documentation
|
2120
|
+
#
|
2121
|
+
class InvalidGrantIdException < Struct.new(
|
2122
|
+
:message)
|
2123
|
+
include Aws::Structure
|
2124
|
+
end
|
2125
|
+
|
2126
|
+
# The request was rejected because the specified grant token is not
|
2127
|
+
# valid.
|
2128
|
+
#
|
2129
|
+
# @!attribute [rw] message
|
2130
|
+
# @return [String]
|
2131
|
+
#
|
2132
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidGrantTokenException AWS API Documentation
|
2133
|
+
#
|
2134
|
+
class InvalidGrantTokenException < Struct.new(
|
2135
|
+
:message)
|
2136
|
+
include Aws::Structure
|
2137
|
+
end
|
2138
|
+
|
2139
|
+
# The request was rejected because the provided import token is invalid
|
2140
|
+
# or is associated with a different customer master key (CMK).
|
2141
|
+
#
|
2142
|
+
# @!attribute [rw] message
|
2143
|
+
# @return [String]
|
2144
|
+
#
|
2145
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidImportTokenException AWS API Documentation
|
2146
|
+
#
|
2147
|
+
class InvalidImportTokenException < Struct.new(
|
2148
|
+
:message)
|
2149
|
+
include Aws::Structure
|
2150
|
+
end
|
2151
|
+
|
2152
|
+
# The request was rejected because the specified `KeySpec` value is not
|
2153
|
+
# valid.
|
2154
|
+
#
|
2155
|
+
# @!attribute [rw] message
|
2156
|
+
# @return [String]
|
2157
|
+
#
|
2158
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidKeyUsageException AWS API Documentation
|
2159
|
+
#
|
2160
|
+
class InvalidKeyUsageException < Struct.new(
|
2161
|
+
:message)
|
2162
|
+
include Aws::Structure
|
2163
|
+
end
|
2164
|
+
|
2165
|
+
# The request was rejected because the marker that specifies where
|
2166
|
+
# pagination should next begin is not valid.
|
2167
|
+
#
|
2168
|
+
# @!attribute [rw] message
|
2169
|
+
# @return [String]
|
2170
|
+
#
|
2171
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/InvalidMarkerException AWS API Documentation
|
2172
|
+
#
|
2173
|
+
class InvalidMarkerException < Struct.new(
|
2174
|
+
:message)
|
2175
|
+
include Aws::Structure
|
2176
|
+
end
|
2177
|
+
|
2178
|
+
# The request was rejected because an internal exception occurred. The
|
2179
|
+
# request can be retried.
|
2180
|
+
#
|
2181
|
+
# @!attribute [rw] message
|
2182
|
+
# @return [String]
|
2183
|
+
#
|
2184
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KMSInternalException AWS API Documentation
|
2185
|
+
#
|
2186
|
+
class KMSInternalException < Struct.new(
|
2187
|
+
:message)
|
2188
|
+
include Aws::Structure
|
2189
|
+
end
|
2190
|
+
|
2191
|
+
# The request was rejected because the state of the specified resource
|
2192
|
+
# is not valid for this request.
|
2193
|
+
#
|
2194
|
+
# For more information about how key state affects the use of a CMK, see
|
2195
|
+
# [How Key State Affects Use of a Customer Master Key][1] in the *AWS
|
2196
|
+
# Key Management Service Developer Guide*.
|
2197
|
+
#
|
2198
|
+
#
|
2199
|
+
#
|
2200
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
2201
|
+
#
|
2202
|
+
# @!attribute [rw] message
|
2203
|
+
# @return [String]
|
2204
|
+
#
|
2205
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KMSInvalidStateException AWS API Documentation
|
2206
|
+
#
|
2207
|
+
class KMSInvalidStateException < Struct.new(
|
2208
|
+
:message)
|
2209
|
+
include Aws::Structure
|
2210
|
+
end
|
2211
|
+
|
1759
2212
|
# Contains information about each entry in the key list.
|
1760
2213
|
#
|
1761
2214
|
# @!attribute [rw] key_id
|
@@ -1794,7 +2247,7 @@ module Aws::KMS
|
|
1794
2247
|
#
|
1795
2248
|
#
|
1796
2249
|
#
|
1797
|
-
# [1]:
|
2250
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms
|
1798
2251
|
# @return [String]
|
1799
2252
|
#
|
1800
2253
|
# @!attribute [rw] creation_date
|
@@ -1811,9 +2264,9 @@ module Aws::KMS
|
|
1811
2264
|
# @return [String]
|
1812
2265
|
#
|
1813
2266
|
# @!attribute [rw] key_usage
|
1814
|
-
# The cryptographic operations for which you can use the CMK.
|
1815
|
-
#
|
1816
|
-
#
|
2267
|
+
# The cryptographic operations for which you can use the CMK. The only
|
2268
|
+
# valid value is `ENCRYPT_DECRYPT`, which means you can use the CMK to
|
2269
|
+
# encrypt and decrypt data.
|
1817
2270
|
# @return [String]
|
1818
2271
|
#
|
1819
2272
|
# @!attribute [rw] key_state
|
@@ -1825,7 +2278,7 @@ module Aws::KMS
|
|
1825
2278
|
#
|
1826
2279
|
#
|
1827
2280
|
#
|
1828
|
-
# [1]:
|
2281
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1829
2282
|
# @return [String]
|
1830
2283
|
#
|
1831
2284
|
# @!attribute [rw] deletion_date
|
@@ -1857,7 +2310,7 @@ module Aws::KMS
|
|
1857
2310
|
#
|
1858
2311
|
#
|
1859
2312
|
#
|
1860
|
-
# [1]:
|
2313
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
1861
2314
|
# @return [String]
|
1862
2315
|
#
|
1863
2316
|
# @!attribute [rw] cloud_hsm_cluster_id
|
@@ -1869,7 +2322,7 @@ module Aws::KMS
|
|
1869
2322
|
#
|
1870
2323
|
#
|
1871
2324
|
#
|
1872
|
-
# [1]:
|
2325
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
1873
2326
|
# @return [String]
|
1874
2327
|
#
|
1875
2328
|
# @!attribute [rw] expiration_model
|
@@ -1879,13 +2332,14 @@ module Aws::KMS
|
|
1879
2332
|
# @return [String]
|
1880
2333
|
#
|
1881
2334
|
# @!attribute [rw] key_manager
|
1882
|
-
# The CMK
|
1883
|
-
# For more information about the difference,
|
1884
|
-
# Keys][1] in the *AWS Key Management Service
|
2335
|
+
# The manager of the CMK. CMKs in your AWS account are either customer
|
2336
|
+
# managed or AWS managed. For more information about the difference,
|
2337
|
+
# see [Customer Master Keys][1] in the *AWS Key Management Service
|
2338
|
+
# Developer Guide*.
|
1885
2339
|
#
|
1886
2340
|
#
|
1887
2341
|
#
|
1888
|
-
# [1]:
|
2342
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
|
1889
2343
|
# @return [String]
|
1890
2344
|
#
|
1891
2345
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KeyMetadata AWS API Documentation
|
@@ -1909,6 +2363,37 @@ module Aws::KMS
|
|
1909
2363
|
include Aws::Structure
|
1910
2364
|
end
|
1911
2365
|
|
2366
|
+
# The request was rejected because the specified CMK was not available.
|
2367
|
+
# The request can be retried.
|
2368
|
+
#
|
2369
|
+
# @!attribute [rw] message
|
2370
|
+
# @return [String]
|
2371
|
+
#
|
2372
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KeyUnavailableException AWS API Documentation
|
2373
|
+
#
|
2374
|
+
class KeyUnavailableException < Struct.new(
|
2375
|
+
:message)
|
2376
|
+
include Aws::Structure
|
2377
|
+
end
|
2378
|
+
|
2379
|
+
# The request was rejected because a limit was exceeded. For more
|
2380
|
+
# information, see [Limits][1] in the *AWS Key Management Service
|
2381
|
+
# Developer Guide*.
|
2382
|
+
#
|
2383
|
+
#
|
2384
|
+
#
|
2385
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/limits.html
|
2386
|
+
#
|
2387
|
+
# @!attribute [rw] message
|
2388
|
+
# @return [String]
|
2389
|
+
#
|
2390
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/LimitExceededException AWS API Documentation
|
2391
|
+
#
|
2392
|
+
class LimitExceededException < Struct.new(
|
2393
|
+
:message)
|
2394
|
+
include Aws::Structure
|
2395
|
+
end
|
2396
|
+
|
1912
2397
|
# @note When making an API call, you may pass ListAliasesRequest
|
1913
2398
|
# data as a hash:
|
1914
2399
|
#
|
@@ -1965,8 +2450,8 @@ module Aws::KMS
|
|
1965
2450
|
# @!attribute [rw] truncated
|
1966
2451
|
# A flag that indicates whether there are more items in the list. When
|
1967
2452
|
# this value is true, the list in this response is truncated. To get
|
1968
|
-
# more items, pass the value of the `NextMarker` element in
|
1969
|
-
#
|
2453
|
+
# more items, pass the value of the `NextMarker` element in
|
2454
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
1970
2455
|
# @return [Boolean]
|
1971
2456
|
#
|
1972
2457
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesResponse AWS API Documentation
|
@@ -2041,8 +2526,8 @@ module Aws::KMS
|
|
2041
2526
|
# @!attribute [rw] truncated
|
2042
2527
|
# A flag that indicates whether there are more items in the list. When
|
2043
2528
|
# this value is true, the list in this response is truncated. To get
|
2044
|
-
# more items, pass the value of the `NextMarker` element in
|
2045
|
-
#
|
2529
|
+
# more items, pass the value of the `NextMarker` element in
|
2530
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
2046
2531
|
# @return [Boolean]
|
2047
2532
|
#
|
2048
2533
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsResponse AWS API Documentation
|
@@ -2088,7 +2573,7 @@ module Aws::KMS
|
|
2088
2573
|
# and 1000, inclusive. If you do not include a value, it defaults to
|
2089
2574
|
# 100.
|
2090
2575
|
#
|
2091
|
-
#
|
2576
|
+
# Only one policy can be attached to a key.
|
2092
2577
|
# @return [Integer]
|
2093
2578
|
#
|
2094
2579
|
# @!attribute [rw] marker
|
@@ -2107,8 +2592,7 @@ module Aws::KMS
|
|
2107
2592
|
end
|
2108
2593
|
|
2109
2594
|
# @!attribute [rw] policy_names
|
2110
|
-
# A list of key policy names.
|
2111
|
-
# per CMK and it is always named `default`.
|
2595
|
+
# A list of key policy names. The only valid value is `default`.
|
2112
2596
|
# @return [Array<String>]
|
2113
2597
|
#
|
2114
2598
|
# @!attribute [rw] next_marker
|
@@ -2119,8 +2603,8 @@ module Aws::KMS
|
|
2119
2603
|
# @!attribute [rw] truncated
|
2120
2604
|
# A flag that indicates whether there are more items in the list. When
|
2121
2605
|
# this value is true, the list in this response is truncated. To get
|
2122
|
-
# more items, pass the value of the `NextMarker` element in
|
2123
|
-
#
|
2606
|
+
# more items, pass the value of the `NextMarker` element in
|
2607
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
2124
2608
|
# @return [Boolean]
|
2125
2609
|
#
|
2126
2610
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesResponse AWS API Documentation
|
@@ -2176,8 +2660,8 @@ module Aws::KMS
|
|
2176
2660
|
# @!attribute [rw] truncated
|
2177
2661
|
# A flag that indicates whether there are more items in the list. When
|
2178
2662
|
# this value is true, the list in this response is truncated. To get
|
2179
|
-
# more items, pass the value of the `NextMarker` element in
|
2180
|
-
#
|
2663
|
+
# more items, pass the value of the `NextMarker` element in
|
2664
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
2181
2665
|
# @return [Boolean]
|
2182
2666
|
#
|
2183
2667
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysResponse AWS API Documentation
|
@@ -2255,8 +2739,8 @@ module Aws::KMS
|
|
2255
2739
|
# @!attribute [rw] truncated
|
2256
2740
|
# A flag that indicates whether there are more items in the list. When
|
2257
2741
|
# this value is true, the list in this response is truncated. To get
|
2258
|
-
# more items, pass the value of the `NextMarker` element in
|
2259
|
-
#
|
2742
|
+
# more items, pass the value of the `NextMarker` element in
|
2743
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
2260
2744
|
# @return [Boolean]
|
2261
2745
|
#
|
2262
2746
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTagsResponse AWS API Documentation
|
@@ -2305,8 +2789,8 @@ module Aws::KMS
|
|
2305
2789
|
#
|
2306
2790
|
#
|
2307
2791
|
#
|
2308
|
-
# [1]:
|
2309
|
-
# [2]:
|
2792
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
2793
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
|
2310
2794
|
# @return [String]
|
2311
2795
|
#
|
2312
2796
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrantsRequest AWS API Documentation
|
@@ -2318,6 +2802,32 @@ module Aws::KMS
|
|
2318
2802
|
include Aws::Structure
|
2319
2803
|
end
|
2320
2804
|
|
2805
|
+
# The request was rejected because the specified policy is not
|
2806
|
+
# syntactically or semantically correct.
|
2807
|
+
#
|
2808
|
+
# @!attribute [rw] message
|
2809
|
+
# @return [String]
|
2810
|
+
#
|
2811
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/MalformedPolicyDocumentException AWS API Documentation
|
2812
|
+
#
|
2813
|
+
class MalformedPolicyDocumentException < Struct.new(
|
2814
|
+
:message)
|
2815
|
+
include Aws::Structure
|
2816
|
+
end
|
2817
|
+
|
2818
|
+
# The request was rejected because the specified entity or resource
|
2819
|
+
# could not be found.
|
2820
|
+
#
|
2821
|
+
# @!attribute [rw] message
|
2822
|
+
# @return [String]
|
2823
|
+
#
|
2824
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/NotFoundException AWS API Documentation
|
2825
|
+
#
|
2826
|
+
class NotFoundException < Struct.new(
|
2827
|
+
:message)
|
2828
|
+
include Aws::Structure
|
2829
|
+
end
|
2830
|
+
|
2321
2831
|
# @note When making an API call, you may pass PutKeyPolicyRequest
|
2322
2832
|
# data as a hash:
|
2323
2833
|
#
|
@@ -2375,8 +2885,8 @@ module Aws::KMS
|
|
2375
2885
|
#
|
2376
2886
|
#
|
2377
2887
|
#
|
2378
|
-
# [1]:
|
2379
|
-
# [2]:
|
2888
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
2889
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
|
2380
2890
|
# @return [String]
|
2381
2891
|
#
|
2382
2892
|
# @!attribute [rw] bypass_policy_lockout_safety_check
|
@@ -2398,7 +2908,7 @@ module Aws::KMS
|
|
2398
2908
|
#
|
2399
2909
|
#
|
2400
2910
|
#
|
2401
|
-
# [1]:
|
2911
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
2402
2912
|
# @return [Boolean]
|
2403
2913
|
#
|
2404
2914
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyRequest AWS API Documentation
|
@@ -2440,7 +2950,7 @@ module Aws::KMS
|
|
2440
2950
|
#
|
2441
2951
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
2442
2952
|
# name, or alias ARN. When using an alias name, prefix it with
|
2443
|
-
# "alias/"
|
2953
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
2444
2954
|
# use the key ARN or alias ARN.
|
2445
2955
|
#
|
2446
2956
|
# For example:
|
@@ -2470,7 +2980,7 @@ module Aws::KMS
|
|
2470
2980
|
#
|
2471
2981
|
#
|
2472
2982
|
#
|
2473
|
-
# [1]:
|
2983
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
2474
2984
|
# @return [Array<String>]
|
2475
2985
|
#
|
2476
2986
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncryptRequest AWS API Documentation
|
@@ -2486,7 +2996,7 @@ module Aws::KMS
|
|
2486
2996
|
|
2487
2997
|
# @!attribute [rw] ciphertext_blob
|
2488
2998
|
# The reencrypted data. When you use the HTTP API or the AWS CLI, the
|
2489
|
-
# value is Base64-
|
2999
|
+
# value is Base64-encoded. Otherwise, it is not encoded.
|
2490
3000
|
# @return [String]
|
2491
3001
|
#
|
2492
3002
|
# @!attribute [rw] source_key_id
|
@@ -2651,7 +3161,7 @@ module Aws::KMS
|
|
2651
3161
|
#
|
2652
3162
|
#
|
2653
3163
|
#
|
2654
|
-
# [1]:
|
3164
|
+
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html
|
2655
3165
|
#
|
2656
3166
|
# @note When making an API call, you may pass Tag
|
2657
3167
|
# data as a hash:
|
@@ -2677,6 +3187,18 @@ module Aws::KMS
|
|
2677
3187
|
include Aws::Structure
|
2678
3188
|
end
|
2679
3189
|
|
3190
|
+
# The request was rejected because one or more tags are not valid.
|
3191
|
+
#
|
3192
|
+
# @!attribute [rw] message
|
3193
|
+
# @return [String]
|
3194
|
+
#
|
3195
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagException AWS API Documentation
|
3196
|
+
#
|
3197
|
+
class TagException < Struct.new(
|
3198
|
+
:message)
|
3199
|
+
include Aws::Structure
|
3200
|
+
end
|
3201
|
+
|
2680
3202
|
# @note When making an API call, you may pass TagResourceRequest
|
2681
3203
|
# data as a hash:
|
2682
3204
|
#
|
@@ -2718,6 +3240,19 @@ module Aws::KMS
|
|
2718
3240
|
include Aws::Structure
|
2719
3241
|
end
|
2720
3242
|
|
3243
|
+
# The request was rejected because a specified parameter is not
|
3244
|
+
# supported or a specified resource is not valid for this operation.
|
3245
|
+
#
|
3246
|
+
# @!attribute [rw] message
|
3247
|
+
# @return [String]
|
3248
|
+
#
|
3249
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UnsupportedOperationException AWS API Documentation
|
3250
|
+
#
|
3251
|
+
class UnsupportedOperationException < Struct.new(
|
3252
|
+
:message)
|
3253
|
+
include Aws::Structure
|
3254
|
+
end
|
3255
|
+
|
2721
3256
|
# @note When making an API call, you may pass UntagResourceRequest
|
2722
3257
|
# data as a hash:
|
2723
3258
|
#
|
@@ -2763,14 +3298,15 @@ module Aws::KMS
|
|
2763
3298
|
# }
|
2764
3299
|
#
|
2765
3300
|
# @!attribute [rw] alias_name
|
2766
|
-
#
|
2767
|
-
#
|
2768
|
-
#
|
3301
|
+
# Specifies the name of the alias to change. This value must begin
|
3302
|
+
# with `alias/` followed by the alias name, such as
|
3303
|
+
# `alias/ExampleAlias`.
|
2769
3304
|
# @return [String]
|
2770
3305
|
#
|
2771
3306
|
# @!attribute [rw] target_key_id
|
2772
|
-
# Unique identifier of the customer master key to be mapped to
|
2773
|
-
# alias.
|
3307
|
+
# Unique identifier of the customer master key (CMK) to be mapped to
|
3308
|
+
# the alias. When the update operation completes, the alias will point
|
3309
|
+
# to this CMK.
|
2774
3310
|
#
|
2775
3311
|
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
2776
3312
|
#
|
@@ -2831,17 +3367,18 @@ module Aws::KMS
|
|
2831
3367
|
# Associates the custom key store with a related AWS CloudHSM cluster.
|
2832
3368
|
#
|
2833
3369
|
# Enter the cluster ID of the cluster that you used to create the
|
2834
|
-
# custom key store or a cluster that shares a backup history
|
2835
|
-
# original cluster. You cannot use
|
2836
|
-
# custom key store with
|
2837
|
-
#
|
2838
|
-
#
|
2839
|
-
#
|
2840
|
-
# [DescribeClusters][
|
3370
|
+
# custom key store or a cluster that shares a backup history and has
|
3371
|
+
# the same cluster certificate as the original cluster. You cannot use
|
3372
|
+
# this parameter to associate a custom key store with an unrelated
|
3373
|
+
# cluster. In addition, the replacement cluster must [fulfill the
|
3374
|
+
# requirements][1] for a cluster associated with a custom key store.
|
3375
|
+
# To view the cluster certificate of a cluster, use the
|
3376
|
+
# [DescribeClusters][2] operation.
|
2841
3377
|
#
|
2842
3378
|
#
|
2843
3379
|
#
|
2844
|
-
# [1]:
|
3380
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore
|
3381
|
+
# [2]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
2845
3382
|
# @return [String]
|
2846
3383
|
#
|
2847
3384
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStoreRequest AWS API Documentation
|