aws-sdk-kms 1.39.0 → 1.40.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/aws-sdk-kms.rb +1 -1
- data/lib/aws-sdk-kms/client.rb +954 -229
- data/lib/aws-sdk-kms/client_api.rb +2 -0
- data/lib/aws-sdk-kms/types.rb +123 -55
- metadata +2 -2
@@ -194,6 +194,8 @@ module Aws::KMS
|
|
194
194
|
AliasListEntry.add_member(:alias_name, Shapes::ShapeRef.new(shape: AliasNameType, location_name: "AliasName"))
|
195
195
|
AliasListEntry.add_member(:alias_arn, Shapes::ShapeRef.new(shape: ArnType, location_name: "AliasArn"))
|
196
196
|
AliasListEntry.add_member(:target_key_id, Shapes::ShapeRef.new(shape: KeyIdType, location_name: "TargetKeyId"))
|
197
|
+
AliasListEntry.add_member(:creation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "CreationDate"))
|
198
|
+
AliasListEntry.add_member(:last_updated_date, Shapes::ShapeRef.new(shape: DateType, location_name: "LastUpdatedDate"))
|
197
199
|
AliasListEntry.struct_class = Types::AliasListEntry
|
198
200
|
|
199
201
|
AlreadyExistsException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessageType, location_name: "message"))
|
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -21,15 +21,28 @@ module Aws::KMS
|
|
21
21
|
# @return [String]
|
22
22
|
#
|
23
23
|
# @!attribute [rw] target_key_id
|
24
|
-
# String that contains the key identifier
|
24
|
+
# String that contains the key identifier of the CMK associated with
|
25
|
+
# the alias.
|
25
26
|
# @return [String]
|
26
27
|
#
|
28
|
+
# @!attribute [rw] creation_date
|
29
|
+
# Date and time that the alias was most recently created in the
|
30
|
+
# account and Region. Formatted as Unix time.
|
31
|
+
# @return [Time]
|
32
|
+
#
|
33
|
+
# @!attribute [rw] last_updated_date
|
34
|
+
# Date and time that the alias was most recently associated with a CMK
|
35
|
+
# in the account and Region. Formatted as Unix time.
|
36
|
+
# @return [Time]
|
37
|
+
#
|
27
38
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/AliasListEntry AWS API Documentation
|
28
39
|
#
|
29
40
|
class AliasListEntry < Struct.new(
|
30
41
|
:alias_name,
|
31
42
|
:alias_arn,
|
32
|
-
:target_key_id
|
43
|
+
:target_key_id,
|
44
|
+
:creation_date,
|
45
|
+
:last_updated_date)
|
33
46
|
SENSITIVE = []
|
34
47
|
include Aws::Structure
|
35
48
|
end
|
@@ -274,21 +287,45 @@ module Aws::KMS
|
|
274
287
|
#
|
275
288
|
# @!attribute [rw] alias_name
|
276
289
|
# Specifies the alias name. This value must begin with `alias/`
|
277
|
-
# followed by a name, such as `alias/ExampleAlias`.
|
278
|
-
#
|
279
|
-
#
|
290
|
+
# followed by a name, such as `alias/ExampleAlias`.
|
291
|
+
#
|
292
|
+
# The `AliasName` value must be string of 1-256 characters. It can
|
293
|
+
# contain only alphanumeric characters, forward slashes (/),
|
294
|
+
# underscores (\_), and dashes (-). The alias name cannot begin with
|
295
|
+
# `alias/aws/`. The `alias/aws/` prefix is reserved for [AWS managed
|
296
|
+
# CMKs][1].
|
297
|
+
#
|
298
|
+
#
|
299
|
+
#
|
300
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
280
301
|
# @return [String]
|
281
302
|
#
|
282
303
|
# @!attribute [rw] target_key_id
|
283
|
-
#
|
284
|
-
#
|
285
|
-
# another alias. For help finding the key ID and ARN, see [Finding the
|
286
|
-
# Key ID and ARN][1] in the *AWS Key Management Service Developer
|
287
|
-
# Guide*.
|
304
|
+
# Associates the alias with the specified [customer managed CMK][1].
|
305
|
+
# The CMK must be in the same AWS Region.
|
288
306
|
#
|
307
|
+
# A valid CMK ID is required. If you supply a null or empty string
|
308
|
+
# value, this operation returns an error.
|
289
309
|
#
|
310
|
+
# For help finding the key ID and ARN, see [Finding the Key ID and
|
311
|
+
# ARN][2] in the *AWS Key Management Service Developer Guide*.
|
290
312
|
#
|
291
|
-
#
|
313
|
+
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
314
|
+
#
|
315
|
+
# For example:
|
316
|
+
#
|
317
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
318
|
+
#
|
319
|
+
# * Key ARN:
|
320
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
321
|
+
#
|
322
|
+
# To get the key ID and key ARN for a CMK, use ListKeys or
|
323
|
+
# DescribeKey.
|
324
|
+
#
|
325
|
+
#
|
326
|
+
#
|
327
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
328
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn
|
292
329
|
# @return [String]
|
293
330
|
#
|
294
331
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAliasRequest AWS API Documentation
|
@@ -458,6 +495,11 @@ module Aws::KMS
|
|
458
495
|
# [Encryption Context][2] in the <i> <i>AWS Key Management Service
|
459
496
|
# Developer Guide</i> </i>.
|
460
497
|
#
|
498
|
+
# Grant constraints are not applied to operations that do not support
|
499
|
+
# an encryption context, such as cryptographic operations with
|
500
|
+
# asymmetric CMKs and management operations, such as DescribeKey or
|
501
|
+
# RetireGrant.
|
502
|
+
#
|
461
503
|
#
|
462
504
|
#
|
463
505
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
|
@@ -476,9 +518,8 @@ module Aws::KMS
|
|
476
518
|
# @return [Array<String>]
|
477
519
|
#
|
478
520
|
# @!attribute [rw] name
|
479
|
-
# A friendly name for
|
480
|
-
#
|
481
|
-
# request.
|
521
|
+
# A friendly name for the grant. Use this value to prevent the
|
522
|
+
# unintended creation of duplicate grants when retrying this request.
|
482
523
|
#
|
483
524
|
# When this value is absent, all `CreateGrant` requests result in a
|
484
525
|
# new grant with a unique `GrantId` even if all the supplied
|
@@ -489,8 +530,8 @@ module Aws::KMS
|
|
489
530
|
# with identical parameters; if the grant already exists, the original
|
490
531
|
# `GrantId` is returned without creating a new grant. Note that the
|
491
532
|
# returned grant token is unique with every `CreateGrant` request,
|
492
|
-
# even when a duplicate `GrantId` is returned. All grant tokens
|
493
|
-
#
|
533
|
+
# even when a duplicate `GrantId` is returned. All grant tokens for
|
534
|
+
# the same grant ID can be used interchangeably.
|
494
535
|
# @return [String]
|
495
536
|
#
|
496
537
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrantRequest AWS API Documentation
|
@@ -582,11 +623,15 @@ module Aws::KMS
|
|
582
623
|
#
|
583
624
|
# The key policy size quota is 32 kilobytes (32768 bytes).
|
584
625
|
#
|
626
|
+
# For help writing and formatting a JSON policy document, see the [IAM
|
627
|
+
# JSON Policy Reference][4] in the <i> <i>IAM User Guide</i> </i>.
|
628
|
+
#
|
585
629
|
#
|
586
630
|
#
|
587
631
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam
|
588
632
|
# [2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
|
589
633
|
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
|
634
|
+
# [4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
|
590
635
|
# @return [String]
|
591
636
|
#
|
592
637
|
# @!attribute [rw] description
|
@@ -765,9 +810,13 @@ module Aws::KMS
|
|
765
810
|
# Use this parameter to tag the CMK when it is created. To add tags to
|
766
811
|
# an existing CMK, use the TagResource operation.
|
767
812
|
#
|
813
|
+
# To use this parameter, you must have [kms:TagResource][2] permission
|
814
|
+
# in an IAM policy.
|
815
|
+
#
|
768
816
|
#
|
769
817
|
#
|
770
818
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html
|
819
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html
|
771
820
|
# @return [Array<Types::Tag>]
|
772
821
|
#
|
773
822
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKeyRequest AWS API Documentation
|
@@ -1059,23 +1108,20 @@ module Aws::KMS
|
|
1059
1108
|
# @return [Array<String>]
|
1060
1109
|
#
|
1061
1110
|
# @!attribute [rw] key_id
|
1062
|
-
# Specifies the customer master key (CMK) that AWS KMS
|
1063
|
-
#
|
1064
|
-
#
|
1065
|
-
#
|
1066
|
-
# If you specify a `KeyId` value, the `Decrypt` operation succeeds
|
1067
|
-
# only if the specified CMK was used to encrypt the ciphertext.
|
1111
|
+
# Specifies the customer master key (CMK) that AWS KMS uses to decrypt
|
1112
|
+
# the ciphertext. Enter a key ID of the CMK that was used to encrypt
|
1113
|
+
# the ciphertext.
|
1068
1114
|
#
|
1069
1115
|
# This parameter is required only when the ciphertext was encrypted
|
1070
|
-
# under an asymmetric CMK.
|
1071
|
-
#
|
1072
|
-
#
|
1073
|
-
#
|
1074
|
-
# ciphertext.
|
1116
|
+
# under an asymmetric CMK. If you used a symmetric CMK, AWS KMS can
|
1117
|
+
# get the CMK from metadata that it adds to the symmetric ciphertext
|
1118
|
+
# blob. However, it is always recommended as a best practice. This
|
1119
|
+
# practice ensures that you use the CMK that you intend.
|
1075
1120
|
#
|
1076
1121
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1077
1122
|
# name, or alias ARN. When using an alias name, prefix it with
|
1078
|
-
# `"alias/"`.
|
1123
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
1124
|
+
# use the key ARN or alias ARN.
|
1079
1125
|
#
|
1080
1126
|
# For example:
|
1081
1127
|
#
|
@@ -1424,8 +1470,8 @@ module Aws::KMS
|
|
1424
1470
|
#
|
1425
1471
|
# @!attribute [rw] key_id
|
1426
1472
|
# Identifies a symmetric customer master key (CMK). You cannot enable
|
1427
|
-
# automatic rotation of [asymmetric CMKs][1], CMKs with
|
1428
|
-
# material][2], or CMKs in a [custom key store][3].
|
1473
|
+
# or disable automatic rotation of [asymmetric CMKs][1], CMKs with
|
1474
|
+
# [imported key material][2], or CMKs in a [custom key store][3].
|
1429
1475
|
#
|
1430
1476
|
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
1431
1477
|
#
|
@@ -1869,7 +1915,8 @@ module Aws::KMS
|
|
1869
1915
|
#
|
1870
1916
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1871
1917
|
# name, or alias ARN. When using an alias name, prefix it with
|
1872
|
-
# `"alias/"`.
|
1918
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
1919
|
+
# use the key ARN or alias ARN.
|
1873
1920
|
#
|
1874
1921
|
# For example:
|
1875
1922
|
#
|
@@ -2549,7 +2596,7 @@ module Aws::KMS
|
|
2549
2596
|
# operations with a [symmetric CMK][3]. Grant constraints are not
|
2550
2597
|
# applied to operations that do not support an encryption context, such
|
2551
2598
|
# as cryptographic operations with asymmetric CMKs and management
|
2552
|
-
# operations, such as DescribeKey or
|
2599
|
+
# operations, such as DescribeKey or RetireGrant.
|
2553
2600
|
#
|
2554
2601
|
# In a cryptographic operation, the encryption context in the decryption
|
2555
2602
|
# operation must be an exact, case-sensitive match for the keys and
|
@@ -3221,13 +3268,23 @@ module Aws::KMS
|
|
3221
3268
|
# }
|
3222
3269
|
#
|
3223
3270
|
# @!attribute [rw] key_id
|
3224
|
-
# Lists only aliases that
|
3225
|
-
#
|
3226
|
-
# in the caller's account and region. You cannot use an alias name or
|
3227
|
-
# alias ARN in this value.
|
3271
|
+
# Lists only aliases that are associated with the specified CMK. Enter
|
3272
|
+
# a CMK in your AWS account.
|
3228
3273
|
#
|
3229
3274
|
# This parameter is optional. If you omit it, `ListAliases` returns
|
3230
|
-
# all aliases in the account and
|
3275
|
+
# all aliases in the account and Region.
|
3276
|
+
#
|
3277
|
+
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
3278
|
+
#
|
3279
|
+
# For example:
|
3280
|
+
#
|
3281
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
3282
|
+
#
|
3283
|
+
# * Key ARN:
|
3284
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
3285
|
+
#
|
3286
|
+
# To get the key ID and key ARN for a CMK, use ListKeys or
|
3287
|
+
# DescribeKey.
|
3231
3288
|
# @return [String]
|
3232
3289
|
#
|
3233
3290
|
# @!attribute [rw] limit
|
@@ -3605,7 +3662,8 @@ module Aws::KMS
|
|
3605
3662
|
# @return [String]
|
3606
3663
|
#
|
3607
3664
|
# @!attribute [rw] retiring_principal
|
3608
|
-
# The retiring principal for which to list grants.
|
3665
|
+
# The retiring principal for which to list grants. Enter a principal
|
3666
|
+
# in your AWS account.
|
3609
3667
|
#
|
3610
3668
|
# To specify the retiring principal, use the [Amazon Resource Name
|
3611
3669
|
# (ARN)][1] of an AWS principal. Valid AWS principals include AWS
|
@@ -3798,23 +3856,20 @@ module Aws::KMS
|
|
3798
3856
|
# @return [Hash<String,String>]
|
3799
3857
|
#
|
3800
3858
|
# @!attribute [rw] source_key_id
|
3801
|
-
#
|
3802
|
-
# ciphertext before it
|
3859
|
+
# Specifies the customer master key (CMK) that AWS KMS will use to
|
3860
|
+
# decrypt the ciphertext before it is re-encrypted. Enter a key ID of
|
3861
|
+
# the CMK that was used to encrypt the ciphertext.
|
3803
3862
|
#
|
3804
3863
|
# This parameter is required only when the ciphertext was encrypted
|
3805
|
-
# under an asymmetric CMK.
|
3806
|
-
#
|
3807
|
-
#
|
3808
|
-
#
|
3809
|
-
# ciphertext before it is reencrypted.
|
3810
|
-
#
|
3811
|
-
# If you specify a `KeyId` value, the decrypt part of the `ReEncrypt`
|
3812
|
-
# operation succeeds only if the specified CMK was used to encrypt the
|
3813
|
-
# ciphertext.
|
3864
|
+
# under an asymmetric CMK. If you used a symmetric CMK, AWS KMS can
|
3865
|
+
# get the CMK from metadata that it adds to the symmetric ciphertext
|
3866
|
+
# blob. However, it is always recommended as a best practice. This
|
3867
|
+
# practice ensures that you use the CMK that you intend.
|
3814
3868
|
#
|
3815
3869
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
3816
3870
|
# name, or alias ARN. When using an alias name, prefix it with
|
3817
|
-
# `"alias/"`.
|
3871
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
3872
|
+
# use the key ARN or alias ARN.
|
3818
3873
|
#
|
3819
3874
|
# For example:
|
3820
3875
|
#
|
@@ -4300,7 +4355,7 @@ module Aws::KMS
|
|
4300
4355
|
# }
|
4301
4356
|
#
|
4302
4357
|
# @!attribute [rw] key_id
|
4303
|
-
#
|
4358
|
+
# Identifies a customer managed CMK in the account and Region.
|
4304
4359
|
#
|
4305
4360
|
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
4306
4361
|
#
|
@@ -4316,7 +4371,14 @@ module Aws::KMS
|
|
4316
4371
|
# @return [String]
|
4317
4372
|
#
|
4318
4373
|
# @!attribute [rw] tags
|
4319
|
-
# One or more tags.
|
4374
|
+
# One or more tags.
|
4375
|
+
#
|
4376
|
+
# Each tag consists of a tag key and a tag value. The tag value can be
|
4377
|
+
# an empty (null) string.
|
4378
|
+
#
|
4379
|
+
# You cannot have more than one tag on a CMK with the same tag key. If
|
4380
|
+
# you specify an existing tag key with a different tag value, AWS KMS
|
4381
|
+
# replaces the current tag value with the specified one.
|
4320
4382
|
# @return [Array<Types::Tag>]
|
4321
4383
|
#
|
4322
4384
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResourceRequest AWS API Documentation
|
@@ -4351,7 +4413,7 @@ module Aws::KMS
|
|
4351
4413
|
# }
|
4352
4414
|
#
|
4353
4415
|
# @!attribute [rw] key_id
|
4354
|
-
#
|
4416
|
+
# Identifies the CMK from which you are removing tags.
|
4355
4417
|
#
|
4356
4418
|
# Specify the key ID or the Amazon Resource Name (ARN) of the CMK.
|
4357
4419
|
#
|
@@ -4395,8 +4457,9 @@ module Aws::KMS
|
|
4395
4457
|
# @return [String]
|
4396
4458
|
#
|
4397
4459
|
# @!attribute [rw] target_key_id
|
4398
|
-
# Identifies the CMK to associate with the
|
4399
|
-
#
|
4460
|
+
# Identifies the [customer managed CMK][1] to associate with the
|
4461
|
+
# alias. You don't have permission to associate an alias with an [AWS
|
4462
|
+
# managed CMK][2].
|
4400
4463
|
#
|
4401
4464
|
# The CMK must be in the same AWS account and Region as the alias.
|
4402
4465
|
# Also, the new target CMK must be the same type as the current target
|
@@ -4417,6 +4480,11 @@ module Aws::KMS
|
|
4417
4480
|
#
|
4418
4481
|
# To verify that the alias is mapped to the correct CMK, use
|
4419
4482
|
# ListAliases.
|
4483
|
+
#
|
4484
|
+
#
|
4485
|
+
#
|
4486
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
|
4487
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
|
4420
4488
|
# @return [String]
|
4421
4489
|
#
|
4422
4490
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAliasRequest AWS API Documentation
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-kms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.40.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2020-
|
11
|
+
date: 2020-12-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|