aws-sdk-kms 1.17.0 → 1.19.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-kms.rb +1 -1
- data/lib/aws-sdk-kms/client.rb +343 -399
- data/lib/aws-sdk-kms/types.rb +196 -176
- metadata +2 -2
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -11,7 +11,7 @@ module Aws::KMS
|
|
11
11
|
# Contains information about an alias.
|
12
12
|
#
|
13
13
|
# @!attribute [rw] alias_name
|
14
|
-
# String that contains the alias.
|
14
|
+
# String that contains the alias. This value begins with `alias/`.
|
15
15
|
# @return [String]
|
16
16
|
#
|
17
17
|
# @!attribute [rw] alias_arn
|
@@ -107,26 +107,22 @@ module Aws::KMS
|
|
107
107
|
# }
|
108
108
|
#
|
109
109
|
# @!attribute [rw] alias_name
|
110
|
-
#
|
111
|
-
#
|
112
|
-
# begin with
|
110
|
+
# Specifies the alias name. This value must begin with `alias/`
|
111
|
+
# followed by a name, such as `alias/ExampleAlias`. The alias name
|
112
|
+
# cannot begin with `alias/aws/`. The `alias/aws/` prefix is reserved
|
113
|
+
# for AWS managed CMKs.
|
113
114
|
# @return [String]
|
114
115
|
#
|
115
116
|
# @!attribute [rw] target_key_id
|
116
|
-
# Identifies the CMK
|
117
|
-
#
|
118
|
-
#
|
119
|
-
#
|
120
|
-
#
|
121
|
-
# For example:
|
117
|
+
# Identifies the CMK to which the alias refers. Specify the key ID or
|
118
|
+
# the Amazon Resource Name (ARN) of the CMK. You cannot specify
|
119
|
+
# another alias. For help finding the key ID and ARN, see [Finding the
|
120
|
+
# Key ID and ARN][1] in the *AWS Key Management Service Developer
|
121
|
+
# Guide*.
|
122
122
|
#
|
123
|
-
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
124
123
|
#
|
125
|
-
# * Key ARN:
|
126
|
-
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
127
124
|
#
|
128
|
-
#
|
129
|
-
# DescribeKey.
|
125
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn
|
130
126
|
# @return [String]
|
131
127
|
#
|
132
128
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAliasRequest AWS API Documentation
|
@@ -160,7 +156,7 @@ module Aws::KMS
|
|
160
156
|
#
|
161
157
|
#
|
162
158
|
#
|
163
|
-
# [1]:
|
159
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
164
160
|
# @return [String]
|
165
161
|
#
|
166
162
|
# @!attribute [rw] trust_anchor_certificate
|
@@ -170,7 +166,7 @@ module Aws::KMS
|
|
170
166
|
#
|
171
167
|
#
|
172
168
|
#
|
173
|
-
# [1]:
|
169
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html
|
174
170
|
# @return [String]
|
175
171
|
#
|
176
172
|
# @!attribute [rw] key_store_password
|
@@ -183,7 +179,7 @@ module Aws::KMS
|
|
183
179
|
#
|
184
180
|
#
|
185
181
|
#
|
186
|
-
# [1]:
|
182
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser
|
187
183
|
# @return [String]
|
188
184
|
#
|
189
185
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStoreRequest AWS API Documentation
|
@@ -258,8 +254,8 @@ module Aws::KMS
|
|
258
254
|
#
|
259
255
|
#
|
260
256
|
#
|
261
|
-
# [1]:
|
262
|
-
# [2]:
|
257
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
258
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
|
263
259
|
# @return [String]
|
264
260
|
#
|
265
261
|
# @!attribute [rw] retiring_principal
|
@@ -275,8 +271,8 @@ module Aws::KMS
|
|
275
271
|
#
|
276
272
|
#
|
277
273
|
#
|
278
|
-
# [1]:
|
279
|
-
# [2]:
|
274
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
275
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
|
280
276
|
# @return [String]
|
281
277
|
#
|
282
278
|
# @!attribute [rw] operations
|
@@ -284,14 +280,15 @@ module Aws::KMS
|
|
284
280
|
# @return [Array<String>]
|
285
281
|
#
|
286
282
|
# @!attribute [rw] constraints
|
287
|
-
#
|
288
|
-
#
|
289
|
-
# information about encryption context, see
|
290
|
-
# the
|
283
|
+
# Allows a cryptographic operation only when the encryption context
|
284
|
+
# matches or includes the encryption context specified in this
|
285
|
+
# structure. For more information about encryption context, see
|
286
|
+
# [Encryption Context][1] in the <i> <i>AWS Key Management Service
|
287
|
+
# Developer Guide</i> </i>.
|
291
288
|
#
|
292
289
|
#
|
293
290
|
#
|
294
|
-
# [1]:
|
291
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
295
292
|
# @return [Types::GrantConstraints]
|
296
293
|
#
|
297
294
|
# @!attribute [rw] grant_tokens
|
@@ -302,12 +299,13 @@ module Aws::KMS
|
|
302
299
|
#
|
303
300
|
#
|
304
301
|
#
|
305
|
-
# [1]:
|
302
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
306
303
|
# @return [Array<String>]
|
307
304
|
#
|
308
305
|
# @!attribute [rw] name
|
309
306
|
# A friendly name for identifying the grant. Use this value to prevent
|
310
|
-
# unintended creation of duplicate grants when retrying this
|
307
|
+
# the unintended creation of duplicate grants when retrying this
|
308
|
+
# request.
|
311
309
|
#
|
312
310
|
# When this value is absent, all `CreateGrant` requests result in a
|
313
311
|
# new grant with a unique `GrantId` even if all the supplied
|
@@ -343,7 +341,7 @@ module Aws::KMS
|
|
343
341
|
#
|
344
342
|
#
|
345
343
|
#
|
346
|
-
# [1]:
|
344
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
347
345
|
# @return [String]
|
348
346
|
#
|
349
347
|
# @!attribute [rw] grant_id
|
@@ -389,7 +387,8 @@ module Aws::KMS
|
|
389
387
|
# request to make a subsequent PutKeyPolicy request on the CMK. This
|
390
388
|
# reduces the risk that the CMK becomes unmanageable. For more
|
391
389
|
# information, refer to the scenario in the [Default Key Policy][1]
|
392
|
-
# section of the
|
390
|
+
# section of the <i> <i>AWS Key Management Service Developer
|
391
|
+
# Guide</i> </i>.
|
393
392
|
#
|
394
393
|
# * Each statement in the key policy must contain one or more
|
395
394
|
# principals. The principals in the key policy must exist and be
|
@@ -409,9 +408,9 @@ module Aws::KMS
|
|
409
408
|
#
|
410
409
|
#
|
411
410
|
#
|
412
|
-
# [1]:
|
413
|
-
# [2]:
|
414
|
-
# [3]:
|
411
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
412
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
|
413
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
415
414
|
# @return [String]
|
416
415
|
#
|
417
416
|
# @!attribute [rw] description
|
@@ -422,14 +421,14 @@ module Aws::KMS
|
|
422
421
|
# @return [String]
|
423
422
|
#
|
424
423
|
# @!attribute [rw] key_usage
|
425
|
-
# The
|
426
|
-
#
|
427
|
-
#
|
424
|
+
# The cryptographic operations for which you can use the CMK. The only
|
425
|
+
# valid value is `ENCRYPT_DECRYPT`, which means you can use the CMK to
|
426
|
+
# encrypt and decrypt data.
|
428
427
|
# @return [String]
|
429
428
|
#
|
430
429
|
# @!attribute [rw] origin
|
431
|
-
# The source of the
|
432
|
-
# after you create the CMK.
|
430
|
+
# The source of the key material for the CMK. You cannot change the
|
431
|
+
# origin after you create the CMK.
|
433
432
|
#
|
434
433
|
# The default is `AWS_KMS`, which means AWS KMS creates the key
|
435
434
|
# material in its own key store.
|
@@ -441,14 +440,14 @@ module Aws::KMS
|
|
441
440
|
# in the *AWS Key Management Service Developer Guide*.
|
442
441
|
#
|
443
442
|
# When the parameter value is `AWS_CLOUDHSM`, AWS KMS creates the CMK
|
444
|
-
# in
|
443
|
+
# in an AWS KMS [custom key store][2] and creates its key material in
|
445
444
|
# the associated AWS CloudHSM cluster. You must also use the
|
446
445
|
# `CustomKeyStoreId` parameter to identify the custom key store.
|
447
446
|
#
|
448
447
|
#
|
449
448
|
#
|
450
|
-
# [1]:
|
451
|
-
# [2]:
|
449
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
|
450
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
452
451
|
# @return [String]
|
453
452
|
#
|
454
453
|
# @!attribute [rw] custom_key_store_id
|
@@ -465,15 +464,14 @@ module Aws::KMS
|
|
465
464
|
# The response includes the custom key store ID and the ID of the AWS
|
466
465
|
# CloudHSM cluster.
|
467
466
|
#
|
468
|
-
# This operation is part of the [Custom Key Store feature][
|
467
|
+
# This operation is part of the [Custom Key Store feature][1] feature
|
469
468
|
# in AWS KMS, which combines the convenience and extensive integration
|
470
469
|
# of AWS KMS with the isolation and control of a single-tenant key
|
471
470
|
# store.
|
472
471
|
#
|
473
472
|
#
|
474
473
|
#
|
475
|
-
# [1]:
|
476
|
-
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
474
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
477
475
|
# @return [String]
|
478
476
|
#
|
479
477
|
# @!attribute [rw] bypass_policy_lockout_safety_check
|
@@ -484,8 +482,8 @@ module Aws::KMS
|
|
484
482
|
# unmanageable. Do not set this value to true indiscriminately.
|
485
483
|
#
|
486
484
|
# For more information, refer to the scenario in the [Default Key
|
487
|
-
# Policy][1] section in the
|
488
|
-
# Guide
|
485
|
+
# Policy][1] section in the <i> <i>AWS Key Management Service
|
486
|
+
# Developer Guide</i> </i>.
|
489
487
|
#
|
490
488
|
# Use this parameter only when you include a policy in the request and
|
491
489
|
# you intend to prevent the principal that is making the request from
|
@@ -495,7 +493,7 @@ module Aws::KMS
|
|
495
493
|
#
|
496
494
|
#
|
497
495
|
#
|
498
|
-
# [1]:
|
496
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
499
497
|
# @return [Boolean]
|
500
498
|
#
|
501
499
|
# @!attribute [rw] tags
|
@@ -555,7 +553,7 @@ module Aws::KMS
|
|
555
553
|
#
|
556
554
|
#
|
557
555
|
#
|
558
|
-
# [1]:
|
556
|
+
# [1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr
|
559
557
|
# @return [String]
|
560
558
|
#
|
561
559
|
# @!attribute [rw] connection_state
|
@@ -578,7 +576,7 @@ module Aws::KMS
|
|
578
576
|
#
|
579
577
|
#
|
580
578
|
#
|
581
|
-
# [1]:
|
579
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
|
582
580
|
# @return [String]
|
583
581
|
#
|
584
582
|
# @!attribute [rw] connection_error_code
|
@@ -592,6 +590,11 @@ module Aws::KMS
|
|
592
590
|
# its AWS CloudHSM cluster, the cluster must contain at least one
|
593
591
|
# active HSM.
|
594
592
|
#
|
593
|
+
# * `INTERNAL_ERROR` - AWS KMS could not complete the request due to
|
594
|
+
# an internal error. Retry the request. For `ConnectCustomKeyStore`
|
595
|
+
# requests, disconnect the custom key store before trying to connect
|
596
|
+
# again.
|
597
|
+
#
|
595
598
|
# * `INVALID_CREDENTIALS` - AWS KMS does not have the correct password
|
596
599
|
# for the `kmsuser` crypto user in the AWS CloudHSM cluster.
|
597
600
|
#
|
@@ -609,7 +612,7 @@ module Aws::KMS
|
|
609
612
|
#
|
610
613
|
#
|
611
614
|
#
|
612
|
-
# [1]:
|
615
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
|
613
616
|
# @return [String]
|
614
617
|
#
|
615
618
|
# @!attribute [rw] creation_date
|
@@ -651,7 +654,7 @@ module Aws::KMS
|
|
651
654
|
#
|
652
655
|
#
|
653
656
|
#
|
654
|
-
# [1]:
|
657
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
655
658
|
# @return [Hash<String,String>]
|
656
659
|
#
|
657
660
|
# @!attribute [rw] grant_tokens
|
@@ -662,7 +665,7 @@ module Aws::KMS
|
|
662
665
|
#
|
663
666
|
#
|
664
667
|
#
|
665
|
-
# [1]:
|
668
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
666
669
|
# @return [Array<String>]
|
667
670
|
#
|
668
671
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptRequest AWS API Documentation
|
@@ -681,7 +684,7 @@ module Aws::KMS
|
|
681
684
|
#
|
682
685
|
# @!attribute [rw] plaintext
|
683
686
|
# Decrypted plaintext data. When you use the HTTP API or the AWS CLI,
|
684
|
-
# the value is Base64-
|
687
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
685
688
|
# @return [String]
|
686
689
|
#
|
687
690
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DecryptResponse AWS API Documentation
|
@@ -700,9 +703,8 @@ module Aws::KMS
|
|
700
703
|
# }
|
701
704
|
#
|
702
705
|
# @!attribute [rw] alias_name
|
703
|
-
# The alias to be deleted. The name must
|
704
|
-
# followed by
|
705
|
-
# "alias/aws" are reserved.
|
706
|
+
# The alias to be deleted. The alias name must begin with `alias/`
|
707
|
+
# followed by the alias name, such as `alias/ExampleAlias`.
|
706
708
|
# @return [String]
|
707
709
|
#
|
708
710
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAliasRequest AWS API Documentation
|
@@ -743,8 +745,8 @@ module Aws::KMS
|
|
743
745
|
# }
|
744
746
|
#
|
745
747
|
# @!attribute [rw] key_id
|
746
|
-
#
|
747
|
-
# `Origin` must be `EXTERNAL`.
|
748
|
+
# Identifies the CMK from which you are deleting imported key
|
749
|
+
# material. The `Origin` of the CMK must be `EXTERNAL`.
|
748
750
|
#
|
749
751
|
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
750
752
|
#
|
@@ -830,8 +832,8 @@ module Aws::KMS
|
|
830
832
|
# @!attribute [rw] truncated
|
831
833
|
# A flag that indicates whether there are more items in the list. When
|
832
834
|
# this value is true, the list in this response is truncated. To get
|
833
|
-
# more items, pass the value of the `NextMarker` element in
|
834
|
-
#
|
835
|
+
# more items, pass the value of the `NextMarker` element in
|
836
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
835
837
|
# @return [Boolean]
|
836
838
|
#
|
837
839
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStoresResponse AWS API Documentation
|
@@ -860,7 +862,7 @@ module Aws::KMS
|
|
860
862
|
#
|
861
863
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
862
864
|
# name, or alias ARN. When using an alias name, prefix it with
|
863
|
-
# "alias/"
|
865
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
864
866
|
# use the key ARN or alias ARN.
|
865
867
|
#
|
866
868
|
# For example:
|
@@ -879,7 +881,7 @@ module Aws::KMS
|
|
879
881
|
#
|
880
882
|
#
|
881
883
|
#
|
882
|
-
# [1]:
|
884
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
|
883
885
|
# @return [String]
|
884
886
|
#
|
885
887
|
# @!attribute [rw] grant_tokens
|
@@ -890,7 +892,7 @@ module Aws::KMS
|
|
890
892
|
#
|
891
893
|
#
|
892
894
|
#
|
893
|
-
# [1]:
|
895
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
894
896
|
# @return [Array<String>]
|
895
897
|
#
|
896
898
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKeyRequest AWS API Documentation
|
@@ -1073,7 +1075,7 @@ module Aws::KMS
|
|
1073
1075
|
#
|
1074
1076
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1075
1077
|
# name, or alias ARN. When using an alias name, prefix it with
|
1076
|
-
# "alias/"
|
1078
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
1077
1079
|
# use the key ARN or alias ARN.
|
1078
1080
|
#
|
1079
1081
|
# For example:
|
@@ -1103,7 +1105,7 @@ module Aws::KMS
|
|
1103
1105
|
#
|
1104
1106
|
#
|
1105
1107
|
#
|
1106
|
-
# [1]:
|
1108
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1107
1109
|
# @return [Hash<String,String>]
|
1108
1110
|
#
|
1109
1111
|
# @!attribute [rw] grant_tokens
|
@@ -1114,7 +1116,7 @@ module Aws::KMS
|
|
1114
1116
|
#
|
1115
1117
|
#
|
1116
1118
|
#
|
1117
|
-
# [1]:
|
1119
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
1118
1120
|
# @return [Array<String>]
|
1119
1121
|
#
|
1120
1122
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EncryptRequest AWS API Documentation
|
@@ -1129,7 +1131,7 @@ module Aws::KMS
|
|
1129
1131
|
|
1130
1132
|
# @!attribute [rw] ciphertext_blob
|
1131
1133
|
# The encrypted plaintext. When you use the HTTP API or the AWS CLI,
|
1132
|
-
# the value is Base64-
|
1134
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
1133
1135
|
# @return [String]
|
1134
1136
|
#
|
1135
1137
|
# @!attribute [rw] key_id
|
@@ -1158,12 +1160,11 @@ module Aws::KMS
|
|
1158
1160
|
# }
|
1159
1161
|
#
|
1160
1162
|
# @!attribute [rw] key_id
|
1161
|
-
#
|
1162
|
-
# data encryption key.
|
1163
|
+
# An identifier for the CMK that encrypts the data key.
|
1163
1164
|
#
|
1164
1165
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1165
1166
|
# name, or alias ARN. When using an alias name, prefix it with
|
1166
|
-
# "alias/"
|
1167
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
1167
1168
|
# use the key ARN or alias ARN.
|
1168
1169
|
#
|
1169
1170
|
# For example:
|
@@ -1190,20 +1191,19 @@ module Aws::KMS
|
|
1190
1191
|
#
|
1191
1192
|
#
|
1192
1193
|
#
|
1193
|
-
# [1]:
|
1194
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1194
1195
|
# @return [Hash<String,String>]
|
1195
1196
|
#
|
1196
1197
|
# @!attribute [rw] number_of_bytes
|
1197
|
-
# The length of the data
|
1198
|
-
#
|
1199
|
-
#
|
1200
|
-
#
|
1198
|
+
# The length of the data key in bytes. For example, use the value 64
|
1199
|
+
# to generate a 512-bit data key (64 bytes is 512 bits). For common
|
1200
|
+
# key lengths (128-bit and 256-bit symmetric keys), we recommend that
|
1201
|
+
# you use the `KeySpec` field instead of this one.
|
1201
1202
|
# @return [Integer]
|
1202
1203
|
#
|
1203
1204
|
# @!attribute [rw] key_spec
|
1204
|
-
# The length of the data
|
1205
|
-
#
|
1206
|
-
# key.
|
1205
|
+
# The length of the data key. Use `AES_128` to generate a 128-bit
|
1206
|
+
# symmetric key, or `AES_256` to generate a 256-bit symmetric key.
|
1207
1207
|
# @return [String]
|
1208
1208
|
#
|
1209
1209
|
# @!attribute [rw] grant_tokens
|
@@ -1214,7 +1214,7 @@ module Aws::KMS
|
|
1214
1214
|
#
|
1215
1215
|
#
|
1216
1216
|
#
|
1217
|
-
# [1]:
|
1217
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
1218
1218
|
# @return [Array<String>]
|
1219
1219
|
#
|
1220
1220
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyRequest AWS API Documentation
|
@@ -1229,20 +1229,19 @@ module Aws::KMS
|
|
1229
1229
|
end
|
1230
1230
|
|
1231
1231
|
# @!attribute [rw] ciphertext_blob
|
1232
|
-
# The encrypted data
|
1233
|
-
# AWS CLI, the value is Base64-
|
1232
|
+
# The encrypted copy of the data key. When you use the HTTP API or the
|
1233
|
+
# AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.
|
1234
1234
|
# @return [String]
|
1235
1235
|
#
|
1236
1236
|
# @!attribute [rw] plaintext
|
1237
|
-
# The data
|
1238
|
-
# the value is Base64-
|
1239
|
-
# data key
|
1237
|
+
# The plaintext data key. When you use the HTTP API or the AWS CLI,
|
1238
|
+
# the value is Base64-encoded. Otherwise, it is not encoded. Use this
|
1239
|
+
# data key to encrypt your data outside of KMS. Then, remove it from
|
1240
1240
|
# memory as soon as possible.
|
1241
1241
|
# @return [String]
|
1242
1242
|
#
|
1243
1243
|
# @!attribute [rw] key_id
|
1244
|
-
# The identifier of the CMK
|
1245
|
-
# generated and encrypted.
|
1244
|
+
# The identifier of the CMK that encrypted the data key.
|
1246
1245
|
# @return [String]
|
1247
1246
|
#
|
1248
1247
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyResponse AWS API Documentation
|
@@ -1268,12 +1267,12 @@ module Aws::KMS
|
|
1268
1267
|
# }
|
1269
1268
|
#
|
1270
1269
|
# @!attribute [rw] key_id
|
1271
|
-
# The identifier of the customer master key (CMK)
|
1272
|
-
#
|
1270
|
+
# The identifier of the customer master key (CMK) that encrypts the
|
1271
|
+
# data key.
|
1273
1272
|
#
|
1274
1273
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1275
1274
|
# name, or alias ARN. When using an alias name, prefix it with
|
1276
|
-
# "alias/"
|
1275
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
1277
1276
|
# use the key ARN or alias ARN.
|
1278
1277
|
#
|
1279
1278
|
# For example:
|
@@ -1300,20 +1299,19 @@ module Aws::KMS
|
|
1300
1299
|
#
|
1301
1300
|
#
|
1302
1301
|
#
|
1303
|
-
# [1]:
|
1302
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1304
1303
|
# @return [Hash<String,String>]
|
1305
1304
|
#
|
1306
1305
|
# @!attribute [rw] key_spec
|
1307
|
-
# The length of the data
|
1308
|
-
#
|
1309
|
-
# key.
|
1306
|
+
# The length of the data key. Use `AES_128` to generate a 128-bit
|
1307
|
+
# symmetric key, or `AES_256` to generate a 256-bit symmetric key.
|
1310
1308
|
# @return [String]
|
1311
1309
|
#
|
1312
1310
|
# @!attribute [rw] number_of_bytes
|
1313
|
-
# The length of the data
|
1314
|
-
#
|
1315
|
-
#
|
1316
|
-
#
|
1311
|
+
# The length of the data key in bytes. For example, use the value 64
|
1312
|
+
# to generate a 512-bit data key (64 bytes is 512 bits). For common
|
1313
|
+
# key lengths (128-bit and 256-bit symmetric keys), we recommend that
|
1314
|
+
# you use the `KeySpec` field instead of this one.
|
1317
1315
|
# @return [Integer]
|
1318
1316
|
#
|
1319
1317
|
# @!attribute [rw] grant_tokens
|
@@ -1324,7 +1322,7 @@ module Aws::KMS
|
|
1324
1322
|
#
|
1325
1323
|
#
|
1326
1324
|
#
|
1327
|
-
# [1]:
|
1325
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
1328
1326
|
# @return [Array<String>]
|
1329
1327
|
#
|
1330
1328
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextRequest AWS API Documentation
|
@@ -1339,13 +1337,12 @@ module Aws::KMS
|
|
1339
1337
|
end
|
1340
1338
|
|
1341
1339
|
# @!attribute [rw] ciphertext_blob
|
1342
|
-
# The encrypted data
|
1343
|
-
#
|
1340
|
+
# The encrypted data key. When you use the HTTP API or the AWS CLI,
|
1341
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
1344
1342
|
# @return [String]
|
1345
1343
|
#
|
1346
1344
|
# @!attribute [rw] key_id
|
1347
|
-
# The identifier of the CMK
|
1348
|
-
# generated and encrypted.
|
1345
|
+
# The identifier of the CMK that encrypted the data key.
|
1349
1346
|
# @return [String]
|
1350
1347
|
#
|
1351
1348
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintextResponse AWS API Documentation
|
@@ -1375,7 +1372,7 @@ module Aws::KMS
|
|
1375
1372
|
#
|
1376
1373
|
#
|
1377
1374
|
#
|
1378
|
-
# [1]:
|
1375
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
1379
1376
|
# @return [String]
|
1380
1377
|
#
|
1381
1378
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomRequest AWS API Documentation
|
@@ -1388,7 +1385,7 @@ module Aws::KMS
|
|
1388
1385
|
|
1389
1386
|
# @!attribute [rw] plaintext
|
1390
1387
|
# The random byte string. When you use the HTTP API or the AWS CLI,
|
1391
|
-
# the value is Base64-
|
1388
|
+
# the value is Base64-encoded. Otherwise, it is not encoded.
|
1392
1389
|
# @return [String]
|
1393
1390
|
#
|
1394
1391
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandomResponse AWS API Documentation
|
@@ -1522,7 +1519,7 @@ module Aws::KMS
|
|
1522
1519
|
#
|
1523
1520
|
#
|
1524
1521
|
#
|
1525
|
-
# [1]:
|
1522
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html
|
1526
1523
|
# @return [String]
|
1527
1524
|
#
|
1528
1525
|
# @!attribute [rw] wrapping_key_spec
|
@@ -1571,23 +1568,46 @@ module Aws::KMS
|
|
1571
1568
|
include Aws::Structure
|
1572
1569
|
end
|
1573
1570
|
|
1574
|
-
#
|
1575
|
-
#
|
1576
|
-
#
|
1577
|
-
#
|
1571
|
+
# Use this structure to allow cryptographic operations in the grant only
|
1572
|
+
# when the operation request includes the specified [encryption
|
1573
|
+
# context][1].
|
1574
|
+
#
|
1575
|
+
# AWS KMS applies the grant constraints only when the grant allows a
|
1576
|
+
# cryptographic operation that accepts an encryption context as input,
|
1577
|
+
# such as the following.
|
1578
|
+
#
|
1579
|
+
# * Encrypt
|
1580
|
+
#
|
1581
|
+
# * Decrypt
|
1582
|
+
#
|
1583
|
+
# * GenerateDataKey
|
1584
|
+
#
|
1585
|
+
# * GenerateDataKeyWithoutPlaintext
|
1586
|
+
#
|
1587
|
+
# * ReEncrypt
|
1578
1588
|
#
|
1579
|
-
#
|
1580
|
-
#
|
1581
|
-
# accept encryption context as input. A grant that allows the
|
1582
|
-
# `DescribeKey` operation does so regardless of the grant constraints.
|
1583
|
-
# In constrast, the ` Encrypt ` operation accepts encryption context as
|
1584
|
-
# input. A grant that allows the `Encrypt` operation does so only when
|
1585
|
-
# the encryption context of the `Encrypt` operation satisfies the grant
|
1586
|
-
# constraints.
|
1589
|
+
# AWS KMS does not apply the grant constraints to other operations, such
|
1590
|
+
# as DescribeKey or ScheduleKeyDeletion.
|
1587
1591
|
#
|
1592
|
+
# In a cryptographic operation, the encryption context in the decryption
|
1593
|
+
# operation must be an exact, case-sensitive match for the keys and
|
1594
|
+
# values in the encryption context of the encryption operation. Only the
|
1595
|
+
# order of the pairs can vary.
|
1588
1596
|
#
|
1597
|
+
# However, in a grant constraint, the key in each key-value pair is not
|
1598
|
+
# case sensitive, but the value is case sensitive.
|
1589
1599
|
#
|
1590
|
-
#
|
1600
|
+
# To avoid confusion, do not use multiple encryption context pairs that
|
1601
|
+
# differ only by case. To require a fully case-sensitive encryption
|
1602
|
+
# context, use the `kms:EncryptionContext:` and
|
1603
|
+
# `kms:EncryptionContextKeys` conditions in an IAM or key policy. For
|
1604
|
+
# details, see [kms:EncryptionContext:][2] in the <i> <i>AWS Key
|
1605
|
+
# Management Service Developer Guide</i> </i>.
|
1606
|
+
#
|
1607
|
+
#
|
1608
|
+
#
|
1609
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
|
1610
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context
|
1591
1611
|
#
|
1592
1612
|
# @note When making an API call, you may pass GrantConstraints
|
1593
1613
|
# data as a hash:
|
@@ -1602,20 +1622,18 @@ module Aws::KMS
|
|
1602
1622
|
# }
|
1603
1623
|
#
|
1604
1624
|
# @!attribute [rw] encryption_context_subset
|
1605
|
-
# A list of key-value pairs
|
1606
|
-
#
|
1607
|
-
#
|
1608
|
-
#
|
1609
|
-
#
|
1610
|
-
# does not allow the operation.
|
1625
|
+
# A list of key-value pairs that must be included in the encryption
|
1626
|
+
# context of the cryptographic operation request. The grant allows the
|
1627
|
+
# cryptographic operation only when the encryption context in the
|
1628
|
+
# request includes the key-value pairs specified in this constraint,
|
1629
|
+
# although it can include additional key-value pairs.
|
1611
1630
|
# @return [Hash<String,String>]
|
1612
1631
|
#
|
1613
1632
|
# @!attribute [rw] encryption_context_equals
|
1614
|
-
# A list of key-value pairs that must
|
1615
|
-
#
|
1616
|
-
#
|
1617
|
-
# encryption context
|
1618
|
-
# operation. Otherwise, the grant does not allow the operation.
|
1633
|
+
# A list of key-value pairs that must match the encryption context in
|
1634
|
+
# the cryptographic operation request. The grant allows the operation
|
1635
|
+
# only when the encryption context in the request is the same as the
|
1636
|
+
# encryption context specified in this constraint.
|
1619
1637
|
# @return [Hash<String,String>]
|
1620
1638
|
#
|
1621
1639
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GrantConstraints AWS API Documentation
|
@@ -1794,7 +1812,7 @@ module Aws::KMS
|
|
1794
1812
|
#
|
1795
1813
|
#
|
1796
1814
|
#
|
1797
|
-
# [1]:
|
1815
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms
|
1798
1816
|
# @return [String]
|
1799
1817
|
#
|
1800
1818
|
# @!attribute [rw] creation_date
|
@@ -1811,9 +1829,9 @@ module Aws::KMS
|
|
1811
1829
|
# @return [String]
|
1812
1830
|
#
|
1813
1831
|
# @!attribute [rw] key_usage
|
1814
|
-
# The cryptographic operations for which you can use the CMK.
|
1815
|
-
#
|
1816
|
-
#
|
1832
|
+
# The cryptographic operations for which you can use the CMK. The only
|
1833
|
+
# valid value is `ENCRYPT_DECRYPT`, which means you can use the CMK to
|
1834
|
+
# encrypt and decrypt data.
|
1817
1835
|
# @return [String]
|
1818
1836
|
#
|
1819
1837
|
# @!attribute [rw] key_state
|
@@ -1825,7 +1843,7 @@ module Aws::KMS
|
|
1825
1843
|
#
|
1826
1844
|
#
|
1827
1845
|
#
|
1828
|
-
# [1]:
|
1846
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1829
1847
|
# @return [String]
|
1830
1848
|
#
|
1831
1849
|
# @!attribute [rw] deletion_date
|
@@ -1857,7 +1875,7 @@ module Aws::KMS
|
|
1857
1875
|
#
|
1858
1876
|
#
|
1859
1877
|
#
|
1860
|
-
# [1]:
|
1878
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
1861
1879
|
# @return [String]
|
1862
1880
|
#
|
1863
1881
|
# @!attribute [rw] cloud_hsm_cluster_id
|
@@ -1869,7 +1887,7 @@ module Aws::KMS
|
|
1869
1887
|
#
|
1870
1888
|
#
|
1871
1889
|
#
|
1872
|
-
# [1]:
|
1890
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
1873
1891
|
# @return [String]
|
1874
1892
|
#
|
1875
1893
|
# @!attribute [rw] expiration_model
|
@@ -1879,13 +1897,14 @@ module Aws::KMS
|
|
1879
1897
|
# @return [String]
|
1880
1898
|
#
|
1881
1899
|
# @!attribute [rw] key_manager
|
1882
|
-
# The CMK
|
1883
|
-
# For more information about the difference,
|
1884
|
-
# Keys][1] in the *AWS Key Management Service
|
1900
|
+
# The manager of the CMK. CMKs in your AWS account are either customer
|
1901
|
+
# managed or AWS managed. For more information about the difference,
|
1902
|
+
# see [Customer Master Keys][1] in the *AWS Key Management Service
|
1903
|
+
# Developer Guide*.
|
1885
1904
|
#
|
1886
1905
|
#
|
1887
1906
|
#
|
1888
|
-
# [1]:
|
1907
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
|
1889
1908
|
# @return [String]
|
1890
1909
|
#
|
1891
1910
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/KeyMetadata AWS API Documentation
|
@@ -1965,8 +1984,8 @@ module Aws::KMS
|
|
1965
1984
|
# @!attribute [rw] truncated
|
1966
1985
|
# A flag that indicates whether there are more items in the list. When
|
1967
1986
|
# this value is true, the list in this response is truncated. To get
|
1968
|
-
# more items, pass the value of the `NextMarker` element in
|
1969
|
-
#
|
1987
|
+
# more items, pass the value of the `NextMarker` element in
|
1988
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
1970
1989
|
# @return [Boolean]
|
1971
1990
|
#
|
1972
1991
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesResponse AWS API Documentation
|
@@ -2041,8 +2060,8 @@ module Aws::KMS
|
|
2041
2060
|
# @!attribute [rw] truncated
|
2042
2061
|
# A flag that indicates whether there are more items in the list. When
|
2043
2062
|
# this value is true, the list in this response is truncated. To get
|
2044
|
-
# more items, pass the value of the `NextMarker` element in
|
2045
|
-
#
|
2063
|
+
# more items, pass the value of the `NextMarker` element in
|
2064
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
2046
2065
|
# @return [Boolean]
|
2047
2066
|
#
|
2048
2067
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsResponse AWS API Documentation
|
@@ -2088,7 +2107,7 @@ module Aws::KMS
|
|
2088
2107
|
# and 1000, inclusive. If you do not include a value, it defaults to
|
2089
2108
|
# 100.
|
2090
2109
|
#
|
2091
|
-
#
|
2110
|
+
# Only one policy can be attached to a key.
|
2092
2111
|
# @return [Integer]
|
2093
2112
|
#
|
2094
2113
|
# @!attribute [rw] marker
|
@@ -2107,8 +2126,7 @@ module Aws::KMS
|
|
2107
2126
|
end
|
2108
2127
|
|
2109
2128
|
# @!attribute [rw] policy_names
|
2110
|
-
# A list of key policy names.
|
2111
|
-
# per CMK and it is always named `default`.
|
2129
|
+
# A list of key policy names. The only valid value is `default`.
|
2112
2130
|
# @return [Array<String>]
|
2113
2131
|
#
|
2114
2132
|
# @!attribute [rw] next_marker
|
@@ -2119,8 +2137,8 @@ module Aws::KMS
|
|
2119
2137
|
# @!attribute [rw] truncated
|
2120
2138
|
# A flag that indicates whether there are more items in the list. When
|
2121
2139
|
# this value is true, the list in this response is truncated. To get
|
2122
|
-
# more items, pass the value of the `NextMarker` element in
|
2123
|
-
#
|
2140
|
+
# more items, pass the value of the `NextMarker` element in
|
2141
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
2124
2142
|
# @return [Boolean]
|
2125
2143
|
#
|
2126
2144
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesResponse AWS API Documentation
|
@@ -2176,8 +2194,8 @@ module Aws::KMS
|
|
2176
2194
|
# @!attribute [rw] truncated
|
2177
2195
|
# A flag that indicates whether there are more items in the list. When
|
2178
2196
|
# this value is true, the list in this response is truncated. To get
|
2179
|
-
# more items, pass the value of the `NextMarker` element in
|
2180
|
-
#
|
2197
|
+
# more items, pass the value of the `NextMarker` element in
|
2198
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
2181
2199
|
# @return [Boolean]
|
2182
2200
|
#
|
2183
2201
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysResponse AWS API Documentation
|
@@ -2255,8 +2273,8 @@ module Aws::KMS
|
|
2255
2273
|
# @!attribute [rw] truncated
|
2256
2274
|
# A flag that indicates whether there are more items in the list. When
|
2257
2275
|
# this value is true, the list in this response is truncated. To get
|
2258
|
-
# more items, pass the value of the `NextMarker` element in
|
2259
|
-
#
|
2276
|
+
# more items, pass the value of the `NextMarker` element in
|
2277
|
+
# thisresponse to the `Marker` parameter in a subsequent request.
|
2260
2278
|
# @return [Boolean]
|
2261
2279
|
#
|
2262
2280
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTagsResponse AWS API Documentation
|
@@ -2305,8 +2323,8 @@ module Aws::KMS
|
|
2305
2323
|
#
|
2306
2324
|
#
|
2307
2325
|
#
|
2308
|
-
# [1]:
|
2309
|
-
# [2]:
|
2326
|
+
# [1]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html
|
2327
|
+
# [2]: https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
|
2310
2328
|
# @return [String]
|
2311
2329
|
#
|
2312
2330
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrantsRequest AWS API Documentation
|
@@ -2375,8 +2393,8 @@ module Aws::KMS
|
|
2375
2393
|
#
|
2376
2394
|
#
|
2377
2395
|
#
|
2378
|
-
# [1]:
|
2379
|
-
# [2]:
|
2396
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
2397
|
+
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
|
2380
2398
|
# @return [String]
|
2381
2399
|
#
|
2382
2400
|
# @!attribute [rw] bypass_policy_lockout_safety_check
|
@@ -2398,7 +2416,7 @@ module Aws::KMS
|
|
2398
2416
|
#
|
2399
2417
|
#
|
2400
2418
|
#
|
2401
|
-
# [1]:
|
2419
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
2402
2420
|
# @return [Boolean]
|
2403
2421
|
#
|
2404
2422
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyRequest AWS API Documentation
|
@@ -2440,7 +2458,7 @@ module Aws::KMS
|
|
2440
2458
|
#
|
2441
2459
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
2442
2460
|
# name, or alias ARN. When using an alias name, prefix it with
|
2443
|
-
# "alias/"
|
2461
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
2444
2462
|
# use the key ARN or alias ARN.
|
2445
2463
|
#
|
2446
2464
|
# For example:
|
@@ -2470,7 +2488,7 @@ module Aws::KMS
|
|
2470
2488
|
#
|
2471
2489
|
#
|
2472
2490
|
#
|
2473
|
-
# [1]:
|
2491
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
|
2474
2492
|
# @return [Array<String>]
|
2475
2493
|
#
|
2476
2494
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncryptRequest AWS API Documentation
|
@@ -2486,7 +2504,7 @@ module Aws::KMS
|
|
2486
2504
|
|
2487
2505
|
# @!attribute [rw] ciphertext_blob
|
2488
2506
|
# The reencrypted data. When you use the HTTP API or the AWS CLI, the
|
2489
|
-
# value is Base64-
|
2507
|
+
# value is Base64-encoded. Otherwise, it is not encoded.
|
2490
2508
|
# @return [String]
|
2491
2509
|
#
|
2492
2510
|
# @!attribute [rw] source_key_id
|
@@ -2651,7 +2669,7 @@ module Aws::KMS
|
|
2651
2669
|
#
|
2652
2670
|
#
|
2653
2671
|
#
|
2654
|
-
# [1]:
|
2672
|
+
# [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html
|
2655
2673
|
#
|
2656
2674
|
# @note When making an API call, you may pass Tag
|
2657
2675
|
# data as a hash:
|
@@ -2763,14 +2781,15 @@ module Aws::KMS
|
|
2763
2781
|
# }
|
2764
2782
|
#
|
2765
2783
|
# @!attribute [rw] alias_name
|
2766
|
-
#
|
2767
|
-
#
|
2768
|
-
#
|
2784
|
+
# Specifies the name of the alias to change. This value must begin
|
2785
|
+
# with `alias/` followed by the alias name, such as
|
2786
|
+
# `alias/ExampleAlias`.
|
2769
2787
|
# @return [String]
|
2770
2788
|
#
|
2771
2789
|
# @!attribute [rw] target_key_id
|
2772
|
-
# Unique identifier of the customer master key to be mapped to
|
2773
|
-
# alias.
|
2790
|
+
# Unique identifier of the customer master key (CMK) to be mapped to
|
2791
|
+
# the alias. When the update operation completes, the alias will point
|
2792
|
+
# to this CMK.
|
2774
2793
|
#
|
2775
2794
|
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
2776
2795
|
#
|
@@ -2831,17 +2850,18 @@ module Aws::KMS
|
|
2831
2850
|
# Associates the custom key store with a related AWS CloudHSM cluster.
|
2832
2851
|
#
|
2833
2852
|
# Enter the cluster ID of the cluster that you used to create the
|
2834
|
-
# custom key store or a cluster that shares a backup history
|
2835
|
-
# original cluster. You cannot use
|
2836
|
-
# custom key store with
|
2837
|
-
#
|
2838
|
-
#
|
2839
|
-
#
|
2840
|
-
# [DescribeClusters][
|
2853
|
+
# custom key store or a cluster that shares a backup history and has
|
2854
|
+
# the same cluster certificate as the original cluster. You cannot use
|
2855
|
+
# this parameter to associate a custom key store with an unrelated
|
2856
|
+
# cluster. In addition, the replacement cluster must [fulfill the
|
2857
|
+
# requirements][1] for a cluster associated with a custom key store.
|
2858
|
+
# To view the cluster certificate of a cluster, use the
|
2859
|
+
# [DescribeClusters][2] operation.
|
2841
2860
|
#
|
2842
2861
|
#
|
2843
2862
|
#
|
2844
|
-
# [1]:
|
2863
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore
|
2864
|
+
# [2]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
|
2845
2865
|
# @return [String]
|
2846
2866
|
#
|
2847
2867
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStoreRequest AWS API Documentation
|