aws-sdk-kms 1.6.0 → 1.7.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/lib/aws-sdk-kms.rb +1 -1
- data/lib/aws-sdk-kms/client.rb +271 -90
- data/lib/aws-sdk-kms/client_api.rb +1 -0
- data/lib/aws-sdk-kms/types.rb +49 -27
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 02b4c1a040a3b1632123afdee50ccb74154d6257
|
4
|
+
data.tar.gz: 879cf2a11b299d42c2c9dc5a9b3c8de43b204e2b
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 217a4c15d6457790ff8fa99b7284cea7efe7d6955ec0f045b1ec94e7a9a32fd976da9566ecbe95ac0141407e67ce86180077c81672e92784df8a8b88b65d4363
|
7
|
+
data.tar.gz: a78b35a29899e6ee1586d371605850c85d19b5fe7048939ef06f68ecd1b6a480d4b2500fca1f0ae05dab25718ceadab35da34232c943eab1d23a1e64649f341f
|
data/lib/aws-sdk-kms.rb
CHANGED
data/lib/aws-sdk-kms/client.rb
CHANGED
@@ -175,9 +175,14 @@ module Aws::KMS
|
|
175
175
|
# see [Deleting Customer Master Keys][1] in the *AWS Key Management
|
176
176
|
# Service Developer Guide*.
|
177
177
|
#
|
178
|
+
# The result of this operation varies with the key state of the CMK. For
|
179
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
180
|
+
# in the *AWS Key Management Service Developer Guide*.
|
181
|
+
#
|
178
182
|
#
|
179
183
|
#
|
180
184
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html
|
185
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
181
186
|
#
|
182
187
|
# @option params [required, String] :key_id
|
183
188
|
# The unique identifier for the customer master key (CMK) for which to
|
@@ -231,9 +236,9 @@ module Aws::KMS
|
|
231
236
|
req.send_request(options)
|
232
237
|
end
|
233
238
|
|
234
|
-
# Creates a display name for a customer master key
|
235
|
-
# alias to identify a CMK in selected operations,
|
236
|
-
# GenerateDataKey.
|
239
|
+
# Creates a display name for a customer-managed customer master key
|
240
|
+
# (CMK). You can use an alias to identify a CMK in selected operations,
|
241
|
+
# such as Encrypt and GenerateDataKey.
|
237
242
|
#
|
238
243
|
# Each CMK can have multiple aliases, but each alias points to only one
|
239
244
|
# CMK. The alias name must be unique in the AWS account and region. To
|
@@ -245,11 +250,10 @@ module Aws::KMS
|
|
245
250
|
# appear in the response from the DescribeKey operation. To get the
|
246
251
|
# aliases of all CMKs, use the ListAliases operation.
|
247
252
|
#
|
248
|
-
#
|
249
|
-
# (
|
250
|
-
#
|
251
|
-
#
|
252
|
-
# Web Services (AWS).
|
253
|
+
# The alias name can contain only alphanumeric characters, forward
|
254
|
+
# slashes (/), underscores (\_), and dashes (-). Alias names cannot
|
255
|
+
# begin with **aws/**. That alias name prefix is reserved for AWS
|
256
|
+
# managed CMKs.
|
253
257
|
#
|
254
258
|
# The alias and the CMK it is mapped to must be in the same AWS account
|
255
259
|
# and the same region. You cannot perform this operation on an alias in
|
@@ -257,10 +261,19 @@ module Aws::KMS
|
|
257
261
|
#
|
258
262
|
# To map an existing alias to a different CMK, call UpdateAlias.
|
259
263
|
#
|
264
|
+
# The result of this operation varies with the key state of the CMK. For
|
265
|
+
# details, see [How Key State Affects Use of a Customer Master Key][1]
|
266
|
+
# in the *AWS Key Management Service Developer Guide*.
|
267
|
+
#
|
268
|
+
#
|
269
|
+
#
|
270
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
271
|
+
#
|
260
272
|
# @option params [required, String] :alias_name
|
261
|
-
#
|
262
|
-
#
|
263
|
-
# begin with
|
273
|
+
# Specifies the alias name. This value must begin with `alias/` followed
|
274
|
+
# by the alias name, such as `alias/ExampleAlias`. The alias name cannot
|
275
|
+
# begin with `aws/`. The `alias/aws/` prefix is reserved for AWS managed
|
276
|
+
# CMKs.
|
264
277
|
#
|
265
278
|
# @option params [required, String] :target_key_id
|
266
279
|
# Identifies the CMK for which you are creating the alias. This value
|
@@ -310,13 +323,18 @@ module Aws::KMS
|
|
310
323
|
# grants are an alternative to key policies.
|
311
324
|
#
|
312
325
|
# To perform this operation on a CMK in a different AWS account, specify
|
313
|
-
# the key ARN in the value of the KeyId parameter. For more
|
314
|
-
# about grants, see [Grants][1] in the *AWS Key Management
|
315
|
-
# Developer Guide*.
|
326
|
+
# the key ARN in the value of the `KeyId` parameter. For more
|
327
|
+
# information about grants, see [Grants][1] in the *AWS Key Management
|
328
|
+
# Service Developer Guide*.
|
329
|
+
#
|
330
|
+
# The result of this operation varies with the key state of the CMK. For
|
331
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
332
|
+
# in the *AWS Key Management Service Developer Guide*.
|
316
333
|
#
|
317
334
|
#
|
318
335
|
#
|
319
336
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/grants.html
|
337
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
320
338
|
#
|
321
339
|
# @option params [required, String] :key_id
|
322
340
|
# The unique identifier for the customer master key (CMK) that the grant
|
@@ -391,7 +409,8 @@ module Aws::KMS
|
|
391
409
|
#
|
392
410
|
# @option params [String] :name
|
393
411
|
# A friendly name for identifying the grant. Use this value to prevent
|
394
|
-
# unintended creation of duplicate grants when retrying this
|
412
|
+
# the unintended creation of duplicate grants when retrying this
|
413
|
+
# request.
|
395
414
|
#
|
396
415
|
# When this value is absent, all `CreateGrant` requests result in a new
|
397
416
|
# grant with a unique `GrantId` even if all the supplied parameters are
|
@@ -467,7 +486,7 @@ module Aws::KMS
|
|
467
486
|
# Creates a customer master key (CMK) in the caller's AWS account.
|
468
487
|
#
|
469
488
|
# You can use a CMK to encrypt small amounts of data (4 KiB or less)
|
470
|
-
# directly
|
489
|
+
# directly. But CMKs are more commonly used to encrypt data encryption
|
471
490
|
# keys (DEKs), which are used to encrypt raw data. For more information
|
472
491
|
# about DEKs and the difference between CMKs and DEKs, see the
|
473
492
|
# following:
|
@@ -500,10 +519,11 @@ module Aws::KMS
|
|
500
519
|
# principals. The principals in the key policy must exist and be
|
501
520
|
# visible to AWS KMS. When you create a new AWS principal (for
|
502
521
|
# example, an IAM user or role), you might need to enforce a delay
|
503
|
-
# before including the new principal in a key policy
|
504
|
-
# principal might not be immediately visible to
|
505
|
-
# information, see [Changes that I make are not
|
506
|
-
# visible][2] in the *AWS Identity and Access
|
522
|
+
# before including the new principal in a key policy. The reason for
|
523
|
+
# this is that the new principal might not be immediately visible to
|
524
|
+
# AWS KMS. For more information, see [Changes that I make are not
|
525
|
+
# always immediately visible][2] in the *AWS Identity and Access
|
526
|
+
# Management User Guide*.
|
507
527
|
#
|
508
528
|
# If you do not provide a key policy, AWS KMS attaches a default key
|
509
529
|
# policy to the CMK. For more information, see [Default Key Policy][3]
|
@@ -658,15 +678,22 @@ module Aws::KMS
|
|
658
678
|
#
|
659
679
|
# * Encrypt
|
660
680
|
#
|
661
|
-
#
|
662
|
-
#
|
663
|
-
#
|
664
|
-
#
|
665
|
-
#
|
666
|
-
#
|
667
|
-
#
|
668
|
-
#
|
669
|
-
#
|
681
|
+
# Whenever possible, use key policies to give users permission to call
|
682
|
+
# the Decrypt operation on the CMK, instead of IAM policies. Otherwise,
|
683
|
+
# you might create an IAM user policy that gives the user Decrypt
|
684
|
+
# permission on all CMKs. This user could decrypt ciphertext that was
|
685
|
+
# encrypted by CMKs in other accounts if the key policy for the
|
686
|
+
# cross-account CMK permits it. If you must use an IAM policy for
|
687
|
+
# `Decrypt` permissions, limit the user to particular CMKs or particular
|
688
|
+
# trusted accounts.
|
689
|
+
#
|
690
|
+
# The result of this operation varies with the key state of the CMK. For
|
691
|
+
# details, see [How Key State Affects Use of a Customer Master Key][1]
|
692
|
+
# in the *AWS Key Management Service Developer Guide*.
|
693
|
+
#
|
694
|
+
#
|
695
|
+
#
|
696
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
670
697
|
#
|
671
698
|
# @option params [required, String, IO] :ciphertext_blob
|
672
699
|
# Ciphertext to be decrypted. The blob includes metadata.
|
@@ -791,9 +818,14 @@ module Aws::KMS
|
|
791
818
|
# After you delete key material, you can use ImportKeyMaterial to
|
792
819
|
# reimport the same key material into the CMK.
|
793
820
|
#
|
821
|
+
# The result of this operation varies with the key state of the CMK. For
|
822
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
823
|
+
# in the *AWS Key Management Service Developer Guide*.
|
824
|
+
#
|
794
825
|
#
|
795
826
|
#
|
796
827
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
|
828
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
797
829
|
#
|
798
830
|
# @option params [required, String] :key_id
|
799
831
|
# The identifier of the CMK whose key material to delete. The CMK's
|
@@ -839,15 +871,28 @@ module Aws::KMS
|
|
839
871
|
# Provides detailed information about the specified customer master key
|
840
872
|
# (CMK).
|
841
873
|
#
|
874
|
+
# You can use `DescribeKey` on a predefined AWS alias, that is, an AWS
|
875
|
+
# alias with no key ID. When you do, AWS KMS associates the alias with
|
876
|
+
# an [AWS managed CMK][1] and returns its `KeyId` and `Arn` in the
|
877
|
+
# response.
|
878
|
+
#
|
842
879
|
# To perform this operation on a CMK in a different AWS account, specify
|
843
880
|
# the key ARN or alias ARN in the value of the KeyId parameter.
|
844
881
|
#
|
882
|
+
#
|
883
|
+
#
|
884
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
|
885
|
+
#
|
845
886
|
# @option params [required, String] :key_id
|
846
|
-
#
|
887
|
+
# Describes the specified customer master key (CMK).
|
888
|
+
#
|
889
|
+
# If you specify a predefined AWS alias (an AWS alias with no key ID),
|
890
|
+
# KMS associates the alias with an [AWS managed CMK][1] and returns its
|
891
|
+
# `KeyId` and `Arn` in the response.
|
847
892
|
#
|
848
893
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
849
894
|
# name, or alias ARN. When using an alias name, prefix it with
|
850
|
-
# "alias/"
|
895
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must use
|
851
896
|
# the key ARN or alias ARN.
|
852
897
|
#
|
853
898
|
# For example:
|
@@ -864,6 +909,10 @@ module Aws::KMS
|
|
864
909
|
# To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
|
865
910
|
# To get the alias name and alias ARN, use ListAliases.
|
866
911
|
#
|
912
|
+
#
|
913
|
+
#
|
914
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
|
915
|
+
#
|
867
916
|
# @option params [Array<String>] :grant_tokens
|
868
917
|
# A list of grant tokens.
|
869
918
|
#
|
@@ -943,6 +992,10 @@ module Aws::KMS
|
|
943
992
|
# [How Key State Affects the Use of a Customer Master Key][1] in the
|
944
993
|
# *AWS Key Management Service Developer Guide*.
|
945
994
|
#
|
995
|
+
# The result of this operation varies with the key state of the CMK. For
|
996
|
+
# details, see [How Key State Affects Use of a Customer Master Key][1]
|
997
|
+
# in the *AWS Key Management Service Developer Guide*.
|
998
|
+
#
|
946
999
|
#
|
947
1000
|
#
|
948
1001
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
@@ -987,10 +1040,19 @@ module Aws::KMS
|
|
987
1040
|
req.send_request(options)
|
988
1041
|
end
|
989
1042
|
|
990
|
-
# Disables automatic rotation of the key material for the specified
|
1043
|
+
# Disables [automatic rotation of the key material][1] for the specified
|
991
1044
|
# customer master key (CMK). You cannot perform this operation on a CMK
|
992
1045
|
# in a different AWS account.
|
993
1046
|
#
|
1047
|
+
# The result of this operation varies with the key state of the CMK. For
|
1048
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
1049
|
+
# in the *AWS Key Management Service Developer Guide*.
|
1050
|
+
#
|
1051
|
+
#
|
1052
|
+
#
|
1053
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
|
1054
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1055
|
+
#
|
994
1056
|
# @option params [required, String] :key_id
|
995
1057
|
# A unique identifier for the customer master key (CMK).
|
996
1058
|
#
|
@@ -1035,6 +1097,14 @@ module Aws::KMS
|
|
1035
1097
|
# permitting its use for cryptographic operations. You cannot perform
|
1036
1098
|
# this operation on a CMK in a different AWS account.
|
1037
1099
|
#
|
1100
|
+
# The result of this operation varies with the key state of the CMK. For
|
1101
|
+
# details, see [How Key State Affects Use of a Customer Master Key][1]
|
1102
|
+
# in the *AWS Key Management Service Developer Guide*.
|
1103
|
+
#
|
1104
|
+
#
|
1105
|
+
#
|
1106
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1107
|
+
#
|
1038
1108
|
# @option params [required, String] :key_id
|
1039
1109
|
# A unique identifier for the customer master key (CMK).
|
1040
1110
|
#
|
@@ -1075,10 +1145,19 @@ module Aws::KMS
|
|
1075
1145
|
req.send_request(options)
|
1076
1146
|
end
|
1077
1147
|
|
1078
|
-
# Enables automatic rotation of the key material for the specified
|
1148
|
+
# Enables [automatic rotation of the key material][1] for the specified
|
1079
1149
|
# customer master key (CMK). You cannot perform this operation on a CMK
|
1080
1150
|
# in a different AWS account.
|
1081
1151
|
#
|
1152
|
+
# The result of this operation varies with the key state of the CMK. For
|
1153
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
1154
|
+
# in the *AWS Key Management Service Developer Guide*.
|
1155
|
+
#
|
1156
|
+
#
|
1157
|
+
#
|
1158
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
|
1159
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1160
|
+
#
|
1082
1161
|
# @option params [required, String] :key_id
|
1083
1162
|
# A unique identifier for the customer master key (CMK).
|
1084
1163
|
#
|
@@ -1126,32 +1205,38 @@ module Aws::KMS
|
|
1126
1205
|
# such as an RSA key, a database password, or other sensitive
|
1127
1206
|
# information.
|
1128
1207
|
#
|
1129
|
-
# *
|
1130
|
-
#
|
1131
|
-
#
|
1132
|
-
#
|
1133
|
-
#
|
1134
|
-
#
|
1208
|
+
# * You can use the `Encrypt` operation to move encrypted data from one
|
1209
|
+
# AWS region to another. In the first region, generate a data key and
|
1210
|
+
# use the plaintext key to encrypt the data. Then, in the new region,
|
1211
|
+
# call the `Encrypt` method on same plaintext data key. Now, you can
|
1212
|
+
# safely move the encrypted data and encrypted data key to the new
|
1213
|
+
# region, and decrypt in the new region when necessary.
|
1214
|
+
#
|
1215
|
+
# You don't need use this operation to encrypt a data key within a
|
1216
|
+
# region. The GenerateDataKey and GenerateDataKeyWithoutPlaintext
|
1217
|
+
# operations return an encrypted data key.
|
1218
|
+
#
|
1219
|
+
# Also, you don't need to use this operation to encrypt data in your
|
1220
|
+
# application. You can use the plaintext and encrypted data keys that
|
1221
|
+
# the `GenerateDataKey` operation returns.
|
1222
|
+
#
|
1223
|
+
# The result of this operation varies with the key state of the CMK. For
|
1224
|
+
# details, see [How Key State Affects Use of a Customer Master Key][1]
|
1225
|
+
# in the *AWS Key Management Service Developer Guide*.
|
1135
1226
|
#
|
1136
1227
|
# To perform this operation on a CMK in a different AWS account, specify
|
1137
1228
|
# the key ARN or alias ARN in the value of the KeyId parameter.
|
1138
1229
|
#
|
1139
|
-
# Unless you are moving encrypted data from one region to another, you
|
1140
|
-
# don't use this operation to encrypt a generated data key within a
|
1141
|
-
# region. To get data keys that are already encrypted, call the
|
1142
|
-
# GenerateDataKey or GenerateDataKeyWithoutPlaintext operation. Data
|
1143
|
-
# keys don't need to be encrypted again by calling `Encrypt`.
|
1144
1230
|
#
|
1145
|
-
#
|
1146
|
-
#
|
1147
|
-
# key encrypted under the CMK of your choosing.
|
1231
|
+
#
|
1232
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1148
1233
|
#
|
1149
1234
|
# @option params [required, String] :key_id
|
1150
1235
|
# A unique identifier for the customer master key (CMK).
|
1151
1236
|
#
|
1152
1237
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1153
1238
|
# name, or alias ARN. When using an alias name, prefix it with
|
1154
|
-
# "alias/"
|
1239
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must use
|
1155
1240
|
# the key ARN or alias ARN.
|
1156
1241
|
#
|
1157
1242
|
# For example:
|
@@ -1286,9 +1371,14 @@ module Aws::KMS
|
|
1286
1371
|
# information, see [Encryption Context][1] in the *AWS Key Management
|
1287
1372
|
# Service Developer Guide*.
|
1288
1373
|
#
|
1374
|
+
# The result of this operation varies with the key state of the CMK. For
|
1375
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
1376
|
+
# in the *AWS Key Management Service Developer Guide*.
|
1377
|
+
#
|
1289
1378
|
#
|
1290
1379
|
#
|
1291
1380
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html
|
1381
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1292
1382
|
#
|
1293
1383
|
# @option params [required, String] :key_id
|
1294
1384
|
# The identifier of the CMK under which to generate and encrypt the data
|
@@ -1296,7 +1386,7 @@ module Aws::KMS
|
|
1296
1386
|
#
|
1297
1387
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1298
1388
|
# name, or alias ARN. When using an alias name, prefix it with
|
1299
|
-
# "alias/"
|
1389
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must use
|
1300
1390
|
# the key ARN or alias ARN.
|
1301
1391
|
#
|
1302
1392
|
# For example:
|
@@ -1413,17 +1503,25 @@ module Aws::KMS
|
|
1413
1503
|
# then stores it in the container. Later, a different component of the
|
1414
1504
|
# system, called the *data plane*, puts encrypted data into the
|
1415
1505
|
# containers. To do this, it passes the encrypted data key to the
|
1416
|
-
# Decrypt operation
|
1417
|
-
# encrypt data
|
1506
|
+
# Decrypt operation. It then uses the returned plaintext data key to
|
1507
|
+
# encrypt data and finally stores the encrypted data in the container.
|
1418
1508
|
# In this system, the control plane never sees the plaintext data key.
|
1419
1509
|
#
|
1510
|
+
# The result of this operation varies with the key state of the CMK. For
|
1511
|
+
# details, see [How Key State Affects Use of a Customer Master Key][1]
|
1512
|
+
# in the *AWS Key Management Service Developer Guide*.
|
1513
|
+
#
|
1514
|
+
#
|
1515
|
+
#
|
1516
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1517
|
+
#
|
1420
1518
|
# @option params [required, String] :key_id
|
1421
1519
|
# The identifier of the customer master key (CMK) under which to
|
1422
1520
|
# generate and encrypt the data encryption key.
|
1423
1521
|
#
|
1424
1522
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
1425
1523
|
# name, or alias ARN. When using an alias name, prefix it with
|
1426
|
-
# "alias/"
|
1524
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must use
|
1427
1525
|
# the key ARN or alias ARN.
|
1428
1526
|
#
|
1429
1527
|
# For example:
|
@@ -1629,11 +1727,30 @@ module Aws::KMS
|
|
1629
1727
|
req.send_request(options)
|
1630
1728
|
end
|
1631
1729
|
|
1632
|
-
# Gets a Boolean value that indicates whether automatic rotation of the
|
1633
|
-
# key material is enabled for the specified customer master key
|
1730
|
+
# Gets a Boolean value that indicates whether [automatic rotation of the
|
1731
|
+
# key material][1] is enabled for the specified customer master key
|
1732
|
+
# (CMK).
|
1733
|
+
#
|
1734
|
+
# The result of this operation varies with the key state of the CMK. For
|
1735
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
1736
|
+
# in the *AWS Key Management Service Developer Guide*.
|
1737
|
+
#
|
1738
|
+
# * Disabled: The key rotation status does not change when you disable a
|
1739
|
+
# CMK. However, while the CMK is disabled, AWS KMS does not rotate the
|
1740
|
+
# backing key.
|
1741
|
+
#
|
1742
|
+
# * Pending deletion: While a CMK is pending deletion, its key rotation
|
1743
|
+
# status is `false` and AWS KMS does not rotate the backing key. If
|
1744
|
+
# you cancel the deletion, the original key rotation status is
|
1745
|
+
# restored.
|
1634
1746
|
#
|
1635
1747
|
# To perform this operation on a CMK in a different AWS account, specify
|
1636
|
-
# the key ARN in the value of the KeyId parameter.
|
1748
|
+
# the key ARN in the value of the `KeyId` parameter.
|
1749
|
+
#
|
1750
|
+
#
|
1751
|
+
#
|
1752
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
|
1753
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1637
1754
|
#
|
1638
1755
|
# @option params [required, String] :key_id
|
1639
1756
|
# A unique identifier for the customer master key (CMK).
|
@@ -1707,9 +1824,14 @@ module Aws::KMS
|
|
1707
1824
|
# subsequent ImportKeyMaterial request. To get new ones, send another
|
1708
1825
|
# `GetParametersForImport` request.
|
1709
1826
|
#
|
1827
|
+
# The result of this operation varies with the key state of the CMK. For
|
1828
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
1829
|
+
# in the *AWS Key Management Service Developer Guide*.
|
1830
|
+
#
|
1710
1831
|
#
|
1711
1832
|
#
|
1712
1833
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
|
1834
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1713
1835
|
#
|
1714
1836
|
# @option params [required, String] :key_id
|
1715
1837
|
# The identifier of the CMK into which you will import key material. The
|
@@ -1727,10 +1849,9 @@ module Aws::KMS
|
|
1727
1849
|
# To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
|
1728
1850
|
#
|
1729
1851
|
# @option params [required, String] :wrapping_algorithm
|
1730
|
-
# The algorithm you
|
1731
|
-
#
|
1732
|
-
#
|
1733
|
-
# Developer Guide*.
|
1852
|
+
# The algorithm you use to encrypt the key material before importing it
|
1853
|
+
# with ImportKeyMaterial. For more information, see [Encrypt the Key
|
1854
|
+
# Material][1] in the *AWS Key Management Service Developer Guide*.
|
1734
1855
|
#
|
1735
1856
|
#
|
1736
1857
|
#
|
@@ -1831,9 +1952,14 @@ module Aws::KMS
|
|
1831
1952
|
# key material into that CMK, but you cannot import different key
|
1832
1953
|
# material.
|
1833
1954
|
#
|
1955
|
+
# The result of this operation varies with the key state of the CMK. For
|
1956
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
1957
|
+
# in the *AWS Key Management Service Developer Guide*.
|
1958
|
+
#
|
1834
1959
|
#
|
1835
1960
|
#
|
1836
1961
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
|
1962
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
1837
1963
|
#
|
1838
1964
|
# @option params [required, String] :key_id
|
1839
1965
|
# The identifier of the CMK to import the key material into. The CMK's
|
@@ -1907,20 +2033,39 @@ module Aws::KMS
|
|
1907
2033
|
req.send_request(options)
|
1908
2034
|
end
|
1909
2035
|
|
1910
|
-
# Gets a list of
|
1911
|
-
#
|
2036
|
+
# Gets a list of aliases in the caller's AWS account and region. You
|
2037
|
+
# cannot list aliases in other accounts. For more information about
|
1912
2038
|
# aliases, see CreateAlias.
|
1913
2039
|
#
|
1914
|
-
#
|
1915
|
-
#
|
1916
|
-
#
|
1917
|
-
#
|
1918
|
-
#
|
2040
|
+
# By default, the ListAliases command returns all aliases in the account
|
2041
|
+
# and region. To get only the aliases that point to a particular
|
2042
|
+
# customer master key (CMK), use the `KeyId` parameter.
|
2043
|
+
#
|
2044
|
+
# The `ListAliases` response can include aliases that you created and
|
2045
|
+
# associated with your customer managed CMKs, and aliases that AWS
|
2046
|
+
# created and associated with AWS managed CMKs in your account. You can
|
2047
|
+
# recognize AWS aliases because their names have the format
|
2048
|
+
# `aws/<service-name>`, such as `aws/dynamodb`.
|
2049
|
+
#
|
2050
|
+
# The response might also include aliases that have no `TargetKeyId`
|
2051
|
+
# field. These are predefined aliases that AWS has created but has not
|
2052
|
+
# yet associated with a CMK. Aliases that AWS creates in your account,
|
2053
|
+
# including predefined aliases, do not count against your [AWS KMS
|
2054
|
+
# aliases limit][1].
|
1919
2055
|
#
|
1920
2056
|
#
|
1921
2057
|
#
|
1922
2058
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit
|
1923
2059
|
#
|
2060
|
+
# @option params [String] :key_id
|
2061
|
+
# Lists only aliases that refer to the specified CMK. The value of this
|
2062
|
+
# parameter can be the ID or Amazon Resource Name (ARN) of a CMK in the
|
2063
|
+
# caller's account and region. You cannot use an alias name or alias
|
2064
|
+
# ARN in this value.
|
2065
|
+
#
|
2066
|
+
# This parameter is optional. If you omit it, `ListAliases` returns all
|
2067
|
+
# aliases in the account and region.
|
2068
|
+
#
|
1924
2069
|
# @option params [Integer] :limit
|
1925
2070
|
# Use this parameter to specify the maximum number of items to return.
|
1926
2071
|
# When this value is present, AWS KMS does not return more than the
|
@@ -1998,6 +2143,7 @@ module Aws::KMS
|
|
1998
2143
|
# @example Request syntax with placeholder values
|
1999
2144
|
#
|
2000
2145
|
# resp = client.list_aliases({
|
2146
|
+
# key_id: "KeyIdType",
|
2001
2147
|
# limit: 1,
|
2002
2148
|
# marker: "MarkerType",
|
2003
2149
|
# })
|
@@ -2023,7 +2169,7 @@ module Aws::KMS
|
|
2023
2169
|
# Gets a list of all grants for the specified customer master key (CMK).
|
2024
2170
|
#
|
2025
2171
|
# To perform this operation on a CMK in a different AWS account, specify
|
2026
|
-
# the key ARN in the value of the KeyId parameter.
|
2172
|
+
# the key ARN in the value of the `KeyId` parameter.
|
2027
2173
|
#
|
2028
2174
|
# @option params [Integer] :limit
|
2029
2175
|
# Use this parameter to specify the maximum number of items to return.
|
@@ -2576,10 +2722,11 @@ module Aws::KMS
|
|
2576
2722
|
# principals. The principals in the key policy must exist and be
|
2577
2723
|
# visible to AWS KMS. When you create a new AWS principal (for
|
2578
2724
|
# example, an IAM user or role), you might need to enforce a delay
|
2579
|
-
# before including the new principal in a key policy
|
2580
|
-
# principal might not be immediately visible to
|
2581
|
-
# information, see [Changes that I make are not
|
2582
|
-
# visible][2] in the *AWS Identity and Access
|
2725
|
+
# before including the new principal in a key policy. The reason for
|
2726
|
+
# this is that the new principal might not be immediately visible to
|
2727
|
+
# AWS KMS. For more information, see [Changes that I make are not
|
2728
|
+
# always immediately visible][2] in the *AWS Identity and Access
|
2729
|
+
# Management User Guide*.
|
2583
2730
|
#
|
2584
2731
|
# The key policy size limit is 32 kilobytes (32768 bytes).
|
2585
2732
|
#
|
@@ -2652,13 +2799,18 @@ module Aws::KMS
|
|
2652
2799
|
# destination CMK. We recommend that you include the `"kms:ReEncrypt*"`
|
2653
2800
|
# permission in your [key policies][1] to permit reencryption from or to
|
2654
2801
|
# the CMK. This permission is automatically included in the key policy
|
2655
|
-
# when you create a CMK through the console
|
2802
|
+
# when you create a CMK through the console. But you must include it
|
2656
2803
|
# manually when you create a CMK programmatically or when you set a key
|
2657
2804
|
# policy with the PutKeyPolicy operation.
|
2658
2805
|
#
|
2806
|
+
# The result of this operation varies with the key state of the CMK. For
|
2807
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
2808
|
+
# in the *AWS Key Management Service Developer Guide*.
|
2809
|
+
#
|
2659
2810
|
#
|
2660
2811
|
#
|
2661
2812
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html
|
2813
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
2662
2814
|
#
|
2663
2815
|
# @option params [required, String, IO] :ciphertext_blob
|
2664
2816
|
# Ciphertext of the data to reencrypt.
|
@@ -2672,7 +2824,7 @@ module Aws::KMS
|
|
2672
2824
|
#
|
2673
2825
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
2674
2826
|
# name, or alias ARN. When using an alias name, prefix it with
|
2675
|
-
# "alias/"
|
2827
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must use
|
2676
2828
|
# the key ARN or alias ARN.
|
2677
2829
|
#
|
2678
2830
|
# For example:
|
@@ -2824,7 +2976,7 @@ module Aws::KMS
|
|
2824
2976
|
# on it.
|
2825
2977
|
#
|
2826
2978
|
# To perform this operation on a CMK in a different AWS account, specify
|
2827
|
-
# the key ARN in the value of the KeyId parameter.
|
2979
|
+
# the key ARN in the value of the `KeyId` parameter.
|
2828
2980
|
#
|
2829
2981
|
# @option params [required, String] :key_id
|
2830
2982
|
# A unique identifier for the customer master key associated with the
|
@@ -2893,9 +3045,14 @@ module Aws::KMS
|
|
2893
3045
|
# [Deleting Customer Master Keys][1] in the *AWS Key Management Service
|
2894
3046
|
# Developer Guide*.
|
2895
3047
|
#
|
3048
|
+
# The result of this operation varies with the key state of the CMK. For
|
3049
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
3050
|
+
# in the *AWS Key Management Service Developer Guide*.
|
3051
|
+
#
|
2896
3052
|
#
|
2897
3053
|
#
|
2898
3054
|
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html
|
3055
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
2899
3056
|
#
|
2900
3057
|
# @option params [required, String] :key_id
|
2901
3058
|
# The unique identifier of the customer master key (CMK) to delete.
|
@@ -2960,27 +3117,28 @@ module Aws::KMS
|
|
2960
3117
|
req.send_request(options)
|
2961
3118
|
end
|
2962
3119
|
|
2963
|
-
# Adds or
|
2964
|
-
#
|
2965
|
-
# AWS account.
|
3120
|
+
# Adds or edits tags for a customer master key (CMK). You cannot perform
|
3121
|
+
# this operation on a CMK in a different AWS account.
|
2966
3122
|
#
|
2967
3123
|
# Each tag consists of a tag key and a tag value. Tag keys and tag
|
2968
3124
|
# values are both required, but tag values can be empty (null) strings.
|
2969
3125
|
#
|
2970
|
-
# You
|
2971
|
-
#
|
2972
|
-
# is `Test`. If you send a `TagResource` request for this CMK with a tag
|
2973
|
-
# key of `Purpose` and a tag value of `Prod`, it does not create a
|
2974
|
-
# second tag. Instead, the original tag is overwritten with the new tag
|
3126
|
+
# You can only use a tag key once for each CMK. If you use the tag key
|
3127
|
+
# again, AWS KMS replaces the current tag value with the specified
|
2975
3128
|
# value.
|
2976
3129
|
#
|
2977
3130
|
# For information about the rules that apply to tag keys and tag values,
|
2978
3131
|
# see [User-Defined Tag Restrictions][1] in the *AWS Billing and Cost
|
2979
3132
|
# Management User Guide*.
|
2980
3133
|
#
|
3134
|
+
# The result of this operation varies with the key state of the CMK. For
|
3135
|
+
# details, see [How Key State Affects Use of a Customer Master Key][2]
|
3136
|
+
# in the *AWS Key Management Service Developer Guide*.
|
3137
|
+
#
|
2981
3138
|
#
|
2982
3139
|
#
|
2983
3140
|
# [1]: http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html
|
3141
|
+
# [2]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
2984
3142
|
#
|
2985
3143
|
# @option params [required, String] :key_id
|
2986
3144
|
# A unique identifier for the CMK you are tagging.
|
@@ -3037,13 +3195,20 @@ module Aws::KMS
|
|
3037
3195
|
req.send_request(options)
|
3038
3196
|
end
|
3039
3197
|
|
3040
|
-
# Removes the specified
|
3041
|
-
#
|
3042
|
-
#
|
3198
|
+
# Removes the specified tags from the specified customer master key
|
3199
|
+
# (CMK). You cannot perform this operation on a CMK in a different AWS
|
3200
|
+
# account.
|
3201
|
+
#
|
3202
|
+
# To remove a tag, specify the tag key. To change the tag value of an
|
3203
|
+
# existing tag key, use TagResource.
|
3204
|
+
#
|
3205
|
+
# The result of this operation varies with the key state of the CMK. For
|
3206
|
+
# details, see [How Key State Affects Use of a Customer Master Key][1]
|
3207
|
+
# in the *AWS Key Management Service Developer Guide*.
|
3208
|
+
#
|
3209
|
+
#
|
3043
3210
|
#
|
3044
|
-
#
|
3045
|
-
# do not specify the tag value. To overwrite the tag value for an
|
3046
|
-
# existing tag, use TagResource.
|
3211
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
3047
3212
|
#
|
3048
3213
|
# @option params [required, String] :key_id
|
3049
3214
|
# A unique identifier for the CMK from which you are removing tags.
|
@@ -3116,6 +3281,14 @@ module Aws::KMS
|
|
3116
3281
|
# `aws`; that alias name prefix is reserved by Amazon Web Services
|
3117
3282
|
# (AWS).
|
3118
3283
|
#
|
3284
|
+
# The result of this operation varies with the key state of the CMK. For
|
3285
|
+
# details, see [How Key State Affects Use of a Customer Master Key][1]
|
3286
|
+
# in the *AWS Key Management Service Developer Guide*.
|
3287
|
+
#
|
3288
|
+
#
|
3289
|
+
#
|
3290
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
3291
|
+
#
|
3119
3292
|
# @option params [required, String] :alias_name
|
3120
3293
|
# String that contains the name of the alias to be modified. The name
|
3121
3294
|
# must start with the word "alias" followed by a forward slash
|
@@ -3168,10 +3341,18 @@ module Aws::KMS
|
|
3168
3341
|
end
|
3169
3342
|
|
3170
3343
|
# Updates the description of a customer master key (CMK). To see the
|
3171
|
-
#
|
3344
|
+
# description of a CMK, use DescribeKey.
|
3172
3345
|
#
|
3173
3346
|
# You cannot perform this operation on a CMK in a different AWS account.
|
3174
3347
|
#
|
3348
|
+
# The result of this operation varies with the key state of the CMK. For
|
3349
|
+
# details, see [How Key State Affects Use of a Customer Master Key][1]
|
3350
|
+
# in the *AWS Key Management Service Developer Guide*.
|
3351
|
+
#
|
3352
|
+
#
|
3353
|
+
#
|
3354
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
|
3355
|
+
#
|
3175
3356
|
# @option params [required, String] :key_id
|
3176
3357
|
# A unique identifier for the customer master key (CMK).
|
3177
3358
|
#
|
@@ -3230,7 +3411,7 @@ module Aws::KMS
|
|
3230
3411
|
params: params,
|
3231
3412
|
config: config)
|
3232
3413
|
context[:gem_name] = 'aws-sdk-kms'
|
3233
|
-
context[:gem_version] = '1.
|
3414
|
+
context[:gem_version] = '1.7.0'
|
3234
3415
|
Seahorse::Client::Request.new(handlers, context)
|
3235
3416
|
end
|
3236
3417
|
|
@@ -328,6 +328,7 @@ module Aws::KMS
|
|
328
328
|
KeyMetadata.add_member(:key_manager, Shapes::ShapeRef.new(shape: KeyManagerType, location_name: "KeyManager"))
|
329
329
|
KeyMetadata.struct_class = Types::KeyMetadata
|
330
330
|
|
331
|
+
ListAliasesRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, location_name: "KeyId"))
|
331
332
|
ListAliasesRequest.add_member(:limit, Shapes::ShapeRef.new(shape: LimitType, location_name: "Limit"))
|
332
333
|
ListAliasesRequest.add_member(:marker, Shapes::ShapeRef.new(shape: MarkerType, location_name: "Marker"))
|
333
334
|
ListAliasesRequest.struct_class = Types::ListAliasesRequest
|
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -83,9 +83,10 @@ module Aws::KMS
|
|
83
83
|
# }
|
84
84
|
#
|
85
85
|
# @!attribute [rw] alias_name
|
86
|
-
#
|
87
|
-
#
|
88
|
-
# begin with
|
86
|
+
# Specifies the alias name. This value must begin with `alias/`
|
87
|
+
# followed by the alias name, such as `alias/ExampleAlias`. The alias
|
88
|
+
# name cannot begin with `aws/`. The `alias/aws/` prefix is reserved
|
89
|
+
# for AWS managed CMKs.
|
89
90
|
# @return [String]
|
90
91
|
#
|
91
92
|
# @!attribute [rw] target_key_id
|
@@ -213,7 +214,8 @@ module Aws::KMS
|
|
213
214
|
#
|
214
215
|
# @!attribute [rw] name
|
215
216
|
# A friendly name for identifying the grant. Use this value to prevent
|
216
|
-
# unintended creation of duplicate grants when retrying this
|
217
|
+
# the unintended creation of duplicate grants when retrying this
|
218
|
+
# request.
|
217
219
|
#
|
218
220
|
# When this value is absent, all `CreateGrant` requests result in a
|
219
221
|
# new grant with a unique `GrantId` even if all the supplied
|
@@ -300,11 +302,11 @@ module Aws::KMS
|
|
300
302
|
# principals. The principals in the key policy must exist and be
|
301
303
|
# visible to AWS KMS. When you create a new AWS principal (for
|
302
304
|
# example, an IAM user or role), you might need to enforce a delay
|
303
|
-
# before including the new principal in a key policy
|
304
|
-
# principal might not be immediately visible to
|
305
|
-
# information, see [Changes that I make are not
|
306
|
-
# visible][2] in the *AWS Identity and Access
|
307
|
-
# Guide*.
|
305
|
+
# before including the new principal in a key policy. The reason for
|
306
|
+
# this is that the new principal might not be immediately visible to
|
307
|
+
# AWS KMS. For more information, see [Changes that I make are not
|
308
|
+
# always immediately visible][2] in the *AWS Identity and Access
|
309
|
+
# Management User Guide*.
|
308
310
|
#
|
309
311
|
# If you do not provide a key policy, AWS KMS attaches a default key
|
310
312
|
# policy to the CMK. For more information, see [Default Key Policy][3]
|
@@ -528,11 +530,15 @@ module Aws::KMS
|
|
528
530
|
# }
|
529
531
|
#
|
530
532
|
# @!attribute [rw] key_id
|
531
|
-
#
|
533
|
+
# Describes the specified customer master key (CMK).
|
534
|
+
#
|
535
|
+
# If you specify a predefined AWS alias (an AWS alias with no key ID),
|
536
|
+
# KMS associates the alias with an [AWS managed CMK][1] and returns
|
537
|
+
# its `KeyId` and `Arn` in the response.
|
532
538
|
#
|
533
539
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
534
540
|
# name, or alias ARN. When using an alias name, prefix it with
|
535
|
-
# "alias/"
|
541
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
536
542
|
# use the key ARN or alias ARN.
|
537
543
|
#
|
538
544
|
# For example:
|
@@ -548,6 +554,10 @@ module Aws::KMS
|
|
548
554
|
#
|
549
555
|
# To get the key ID and key ARN for a CMK, use ListKeys or
|
550
556
|
# DescribeKey. To get the alias name and alias ARN, use ListAliases.
|
557
|
+
#
|
558
|
+
#
|
559
|
+
#
|
560
|
+
# [1]: http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys
|
551
561
|
# @return [String]
|
552
562
|
#
|
553
563
|
# @!attribute [rw] grant_tokens
|
@@ -717,7 +727,7 @@ module Aws::KMS
|
|
717
727
|
#
|
718
728
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
719
729
|
# name, or alias ARN. When using an alias name, prefix it with
|
720
|
-
# "alias/"
|
730
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
721
731
|
# use the key ARN or alias ARN.
|
722
732
|
#
|
723
733
|
# For example:
|
@@ -807,7 +817,7 @@ module Aws::KMS
|
|
807
817
|
#
|
808
818
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
809
819
|
# name, or alias ARN. When using an alias name, prefix it with
|
810
|
-
# "alias/"
|
820
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
811
821
|
# use the key ARN or alias ARN.
|
812
822
|
#
|
813
823
|
# For example:
|
@@ -917,7 +927,7 @@ module Aws::KMS
|
|
917
927
|
#
|
918
928
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
919
929
|
# name, or alias ARN. When using an alias name, prefix it with
|
920
|
-
# "alias/"
|
930
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
921
931
|
# use the key ARN or alias ARN.
|
922
932
|
#
|
923
933
|
# For example:
|
@@ -1147,10 +1157,10 @@ module Aws::KMS
|
|
1147
1157
|
# @return [String]
|
1148
1158
|
#
|
1149
1159
|
# @!attribute [rw] wrapping_algorithm
|
1150
|
-
# The algorithm you
|
1151
|
-
#
|
1152
|
-
#
|
1153
|
-
#
|
1160
|
+
# The algorithm you use to encrypt the key material before importing
|
1161
|
+
# it with ImportKeyMaterial. For more information, see [Encrypt the
|
1162
|
+
# Key Material][1] in the *AWS Key Management Service Developer
|
1163
|
+
# Guide*.
|
1154
1164
|
#
|
1155
1165
|
#
|
1156
1166
|
#
|
@@ -1204,7 +1214,7 @@ module Aws::KMS
|
|
1204
1214
|
end
|
1205
1215
|
|
1206
1216
|
# A structure that you can use to allow certain operations in the grant
|
1207
|
-
# only when the
|
1217
|
+
# only when the preferred encryption context is present. For more
|
1208
1218
|
# information about encryption context, see [Encryption Context][1] in
|
1209
1219
|
# the *AWS Key Management Service Developer Guide*.
|
1210
1220
|
#
|
@@ -1212,7 +1222,7 @@ module Aws::KMS
|
|
1212
1222
|
# context as input. For example, the ` DescribeKey ` operation does not
|
1213
1223
|
# accept encryption context as input. A grant that allows the
|
1214
1224
|
# `DescribeKey` operation does so regardless of the grant constraints.
|
1215
|
-
# In
|
1225
|
+
# In contrast, the ` Encrypt ` operation accepts encryption context as
|
1216
1226
|
# input. A grant that allows the `Encrypt` operation does so only when
|
1217
1227
|
# the encryption context of the `Encrypt` operation satisfies the grant
|
1218
1228
|
# constraints.
|
@@ -1488,7 +1498,7 @@ module Aws::KMS
|
|
1488
1498
|
# @return [String]
|
1489
1499
|
#
|
1490
1500
|
# @!attribute [rw] key_manager
|
1491
|
-
# The CMK's manager. CMKs are either customer
|
1501
|
+
# The CMK's manager. CMKs are either customer managed or AWS managed.
|
1492
1502
|
# For more information about the difference, see [Customer Master
|
1493
1503
|
# Keys][1] in the *AWS Key Management Service Developer Guide*.
|
1494
1504
|
#
|
@@ -1520,10 +1530,21 @@ module Aws::KMS
|
|
1520
1530
|
# data as a hash:
|
1521
1531
|
#
|
1522
1532
|
# {
|
1533
|
+
# key_id: "KeyIdType",
|
1523
1534
|
# limit: 1,
|
1524
1535
|
# marker: "MarkerType",
|
1525
1536
|
# }
|
1526
1537
|
#
|
1538
|
+
# @!attribute [rw] key_id
|
1539
|
+
# Lists only aliases that refer to the specified CMK. The value of
|
1540
|
+
# this parameter can be the ID or Amazon Resource Name (ARN) of a CMK
|
1541
|
+
# in the caller's account and region. You cannot use an alias name or
|
1542
|
+
# alias ARN in this value.
|
1543
|
+
#
|
1544
|
+
# This parameter is optional. If you omit it, `ListAliases` returns
|
1545
|
+
# all aliases in the account and region.
|
1546
|
+
# @return [String]
|
1547
|
+
#
|
1527
1548
|
# @!attribute [rw] limit
|
1528
1549
|
# Use this parameter to specify the maximum number of items to return.
|
1529
1550
|
# When this value is present, AWS KMS does not return more than the
|
@@ -1543,6 +1564,7 @@ module Aws::KMS
|
|
1543
1564
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesRequest AWS API Documentation
|
1544
1565
|
#
|
1545
1566
|
class ListAliasesRequest < Struct.new(
|
1567
|
+
:key_id,
|
1546
1568
|
:limit,
|
1547
1569
|
:marker)
|
1548
1570
|
include Aws::Structure
|
@@ -1960,11 +1982,11 @@ module Aws::KMS
|
|
1960
1982
|
# principals. The principals in the key policy must exist and be
|
1961
1983
|
# visible to AWS KMS. When you create a new AWS principal (for
|
1962
1984
|
# example, an IAM user or role), you might need to enforce a delay
|
1963
|
-
# before including the new principal in a key policy
|
1964
|
-
# principal might not be immediately visible to
|
1965
|
-
# information, see [Changes that I make are not
|
1966
|
-
# visible][2] in the *AWS Identity and Access
|
1967
|
-
# Guide*.
|
1985
|
+
# before including the new principal in a key policy. The reason for
|
1986
|
+
# this is that the new principal might not be immediately visible to
|
1987
|
+
# AWS KMS. For more information, see [Changes that I make are not
|
1988
|
+
# always immediately visible][2] in the *AWS Identity and Access
|
1989
|
+
# Management User Guide*.
|
1968
1990
|
#
|
1969
1991
|
# The key policy size limit is 32 kilobytes (32768 bytes).
|
1970
1992
|
#
|
@@ -2035,7 +2057,7 @@ module Aws::KMS
|
|
2035
2057
|
#
|
2036
2058
|
# To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias
|
2037
2059
|
# name, or alias ARN. When using an alias name, prefix it with
|
2038
|
-
# "alias/"
|
2060
|
+
# `"alias/"`. To specify a CMK in a different AWS account, you must
|
2039
2061
|
# use the key ARN or alias ARN.
|
2040
2062
|
#
|
2041
2063
|
# For example:
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: aws-sdk-kms
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.7.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Amazon Web Services
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-07-31 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: aws-sdk-core
|