aws-sdk-kms 1.60.0 → 1.62.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 2a70cf632c89bfa1f16881b26bade8894c7be5c33ccdb9e7f94917715c2213b5
-  data.tar.gz: 5f7bc75ae55a3caea477ad5f4f597f8363edd10c9215378120fd622ada2ddacc
+  metadata.gz: cc4f9ec57e4facf9bdd94a84c03b65e0243af436d1a71ae364a6cb131578211f
+  data.tar.gz: c28fd15ca65baf3524392da759ef126639959d84861c83ca0e735716e2df3b67
 SHA512:
-  metadata.gz: eac193813d2397a07d3862b60863cc54eb2805ffdb3a6515a77fef1ccb5af523a35b83d1663b6bef90a5add6bc82324541a6dcb71f586a3caa3bbb751d370e3b
-  data.tar.gz: 318757c3e984329a68bb292547463c12029f2fca8ec95d57285f929445d61da1944c3fbd01d1c38d2bb1713c2d9e881f51dcea40bb2e6a317eac964263b1f043
+  metadata.gz: 8ab2220117a3674e77af57eea5ec9ff78d228f9b1d1747f819386d0a7d121014f70d2291f0ed798993dc130660d5caba2666075d862b34d239191583d0953258
+  data.tar.gz: 22e21dd917f98b22977d2ad7818f1ff36f7aa362ae8734133ca59c9133293a123b119541e777f6790f8830d90ecdbf16fbf7863be34d6cc13cd9ecb206d1949b

data/CHANGELOG.md

@@ -1,6 +1,18 @@
 Unreleased Changes
 ------------------
 
+1.62.0 (2023-01-18)
+------------------
+
+* Feature - Code Generated Changes, see `./build_tools` or `aws-sdk-core`'s CHANGELOG.md for details.
+
+* Issue - Replace runtime endpoint resolution approach with generated ruby code.
+
+1.61.0 (2022-12-07)
+------------------
+
+* Feature - Updated examples and exceptions for External Key Store (XKS).
+
 1.60.0 (2022-11-29)
 ------------------
 
@@ -376,4 +388,4 @@ Unreleased Changes
 1.0.0.rc1 (2016-12-05)
 ------------------
 
-* Feature - Initial preview release of the `aws-sdk-kms` gem.
+* Feature - Initial preview release of the `aws-sdk-kms` gem.

data/VERSION

@@ -1 +1 @@
-1.60.0
+1.62.0

data/lib/aws-sdk-kms/client.rb

@@ -836,8 +836,6 @@ module Aws::KMS
     #   [1]: https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html
     #
     # @option params [String] :trust_anchor_certificate
-    #   * CreateCustom
-    #
     #   Specifies the certificate for an CloudHSM key store. This parameter is
     #   required for custom key stores with a `CustomKeyStoreType` of
     #   `AWS_CLOUDHSM`.
@@ -1014,6 +1012,66 @@ module Aws::KMS
     #
     #   * {Types::CreateCustomKeyStoreResponse#custom_key_store_id #custom_key_store_id} => String
     #
+    #
+    # @example Example: To create an AWS CloudHSM key store
+    #
+    #   # This example creates a custom key store that is associated with an AWS CloudHSM cluster.
+    #
+    #   resp = client.create_custom_key_store({
+    #     cloud_hsm_cluster_id: "cluster-1a23b4cdefg", # The ID of the CloudHSM cluster.
+    #     custom_key_store_name: "ExampleKeyStore", # A friendly name for the custom key store.
+    #     key_store_password: "kmsPswd", # The password for the kmsuser CU account in the specified cluster.
+    #     trust_anchor_certificate: "<certificate-goes-here>", # The content of the customerCA.crt file that you created when you initialized the cluster.
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     custom_key_store_id: "cks-1234567890abcdef0", # The ID of the new custom key store.
+    #   }
+    #
+    # @example Example: To create an external key store with VPC endpoint service connectivity
+    #
+    #   # This example creates an external key store that uses an Amazon VPC endpoint service to communicate with AWS KMS.
+    #
+    #   resp = client.create_custom_key_store({
+    #     custom_key_store_name: "ExampleVPCEndpointKeyStore", # A friendly name for the custom key store
+    #     custom_key_store_type: "EXTERNAL_KEY_STORE", # For external key stores, the value must be EXTERNAL_KEY_STORE
+    #     xks_proxy_authentication_credential: {
+    #       access_key_id: "ABCDE12345670EXAMPLE", 
+    #       raw_secret_access_key: "DXjSUawnel2fr6SKC7G25CNxTyWKE5PF9XX6H/u9pSo=", 
+    #     }, # The access key ID and secret access key that KMS uses to authenticate to your external key store proxy
+    #     xks_proxy_connectivity: "VPC_ENDPOINT_SERVICE", # Indicates how AWS KMS communicates with the external key store proxy
+    #     xks_proxy_uri_endpoint: "https://myproxy-private.xks.example.com", # The URI that AWS KMS uses to connect to the external key store proxy
+    #     xks_proxy_uri_path: "/example-prefix/kms/xks/v1", # The URI path to the external key store proxy APIs
+    #     xks_proxy_vpc_endpoint_service_name: "com.amazonaws.vpce.us-east-1.vpce-svc-example1", # The VPC endpoint service that KMS uses to communicate with the external key store proxy
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     custom_key_store_id: "cks-1234567890abcdef0", # The ID of the new custom key store.
+    #   }
+    #
+    # @example Example: To create an external key store with public endpoint connectivity
+    #
+    #   # This example creates an external key store with public endpoint connectivity.
+    #
+    #   resp = client.create_custom_key_store({
+    #     custom_key_store_name: "ExamplePublicEndpointKeyStore", # A friendly name for the custom key store
+    #     custom_key_store_type: "EXTERNAL_KEY_STORE", # For external key stores, the value must be EXTERNAL_KEY_STORE
+    #     xks_proxy_authentication_credential: {
+    #       access_key_id: "ABCDE12345670EXAMPLE", 
+    #       raw_secret_access_key: "DXjSUawnel2fr6SKC7G25CNxTyWKE5PF9XX6H/u9pSo=", 
+    #     }, # The access key ID and secret access key that KMS uses to authenticate to your external key store proxy
+    #     xks_proxy_connectivity: "PUBLIC_ENDPOINT", # Indicates how AWS KMS communicates with the external key store proxy
+    #     xks_proxy_uri_endpoint: "https://myproxy.xks.example.com", # The URI that AWS KMS uses to connect to the external key store proxy
+    #     xks_proxy_uri_path: "/kms/xks/v1", # The URI path to your external key store proxy API
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     custom_key_store_id: "cks-987654321abcdef0", # The ID of the new custom key store.
+    #   }
+    #
     # @example Request syntax with placeholder values
     #
     #   resp = client.create_custom_key_store({
@@ -2905,17 +2963,17 @@ module Aws::KMS
     # expiration date (if any) of the key material. It includes fields, like
     # `KeySpec`, that help you distinguish different types of KMS keys. It
     # also displays the key usage (encryption, signing, or generating and
-    # verifying MACs) and the algorithms that the KMS key supports. For
-    # [multi-Region
-    # keys](kms/latest/developerguide/multi-region-keys-overview.html), it
-    # displays the primary key and all related replica keys. For KMS keys in
-    # [CloudHSM key
+    # verifying MACs) and the algorithms that the KMS key supports.
+    #
+    # For [multi-Region
+    # keys](kms/latest/developerguide/multi-region-keys-overview.html),
+    # `DescribeKey` displays the primary key and all related replica keys.
+    # For KMS keys in [CloudHSM key
     # stores](kms/latest/developerguide/keystore-cloudhsm.html), it includes
-    # information about the custom key store, such as the key store ID and
-    # the CloudHSM cluster ID. For KMS key in [external key
+    # information about the key store, such as the key store ID and the
+    # CloudHSM cluster ID. For KMS keys in [external key
     # stores](kms/latest/developerguide/keystore-external.html), it includes
-    # the custom key store ID and the ID and status of the associated
-    # external key.
+    # the custom key store ID and the ID of the external key.
     #
     # `DescribeKey` does not return the following information:
     #
@@ -8331,29 +8389,29 @@ module Aws::KMS
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
-    # @example Example: To edit the password of an AWS CloudHSM key store
+    # @example Example: To edit the friendly name of a custom key store
     #
-    #   # This example tells AWS KMS the password for the kmsuser crypto user in the AWS CloudHSM cluster that is associated with
-    #   # the AWS KMS custom key store. (It does not change the password in the CloudHSM cluster.) This operation does not return
-    #   # any data.
+    #   # This example changes the friendly name of the AWS KMS custom key store to the name that you specify. This operation does
+    #   # not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.
     #
     #   resp = client.update_custom_key_store({
     #     custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
-    #     key_store_password: "ExamplePassword", # The password for the kmsuser crypto user in the CloudHSM cluster.
+    #     new_custom_key_store_name: "DevelopmentKeys", # A new friendly name for the custom key store.
     #   })
     #
     #   resp.to_h outputs the following:
     #   {
     #   }
     #
-    # @example Example: To edit the friendly name of a custom key store
+    # @example Example: To edit the password of an AWS CloudHSM key store
     #
-    #   # This example changes the friendly name of the AWS KMS custom key store to the name that you specify. This operation does
-    #   # not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.
+    #   # This example tells AWS KMS the password for the kmsuser crypto user in the AWS CloudHSM cluster that is associated with
+    #   # the AWS KMS custom key store. (It does not change the password in the CloudHSM cluster.) This operation does not return
+    #   # any data.
     #
     #   resp = client.update_custom_key_store({
     #     custom_key_store_id: "cks-1234567890abcdef0", # The ID of the custom key store that you are updating.
-    #     new_custom_key_store_name: "DevelopmentKeys", # A new friendly name for the custom key store.
+    #     key_store_password: "ExamplePassword", # The password for the kmsuser crypto user in the CloudHSM cluster.
     #   })
     #
     #   resp.to_h outputs the following:
@@ -8375,6 +8433,25 @@ module Aws::KMS
     #   {
     #   }
     #
+    # @example Example: To update the proxy authentication credential of an external key store
+    #
+    #   # To update the proxy authentication credential for your external key store, specify both the
+    #   # <code>RawSecretAccessKey</code> and the <code>AccessKeyId</code>, even if you are changing only one of the values. You
+    #   # can use this feature to fix an invalid credential or to change the credential when the external key store proxy rotates
+    #   # it.
+    #
+    #   resp = client.update_custom_key_store({
+    #     custom_key_store_id: "cks-1234567890abcdef0", # Identifies the custom key store
+    #     xks_proxy_authentication_credential: {
+    #       access_key_id: "ABCDE12345670EXAMPLE", 
+    #       raw_secret_access_key: "DXjSUawnel2fr6SKC7G25CNxTyWKE5PF9XX6H/u9pSo=", 
+    #     }, # Specifies the values in the proxy authentication credential
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #   }
+    #
     # @example Example: To edit the proxy URI path of an external key store.
     #
     #   # This example updates the proxy URI path for an external key store
@@ -8949,7 +9026,7 @@ module Aws::KMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-kms'
-      context[:gem_version] = '1.60.0'
+      context[:gem_version] = '1.62.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-kms/endpoint_provider.rb

@@ -9,103 +9,43 @@
 
 module Aws::KMS
   class EndpointProvider
-    def initialize(rule_set = nil)
-      @@rule_set ||= begin
-        endpoint_rules = Aws::Json.load(Base64.decode64(RULES))
-        Aws::Endpoints::RuleSet.new(
-          version: endpoint_rules['version'],
-          service_id: endpoint_rules['serviceId'],
-          parameters: endpoint_rules['parameters'],
-          rules: endpoint_rules['rules']
-        )
+    def resolve_endpoint(parameters)
+      region = parameters.region
+      use_dual_stack = parameters.use_dual_stack
+      use_fips = parameters.use_fips
+      endpoint = parameters.endpoint
+      if (partition_result = Aws::Endpoints::Matchers.aws_partition(region))
+        if Aws::Endpoints::Matchers.set?(endpoint)
+          if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+            raise ArgumentError, "Invalid Configuration: FIPS and custom endpoint are not supported"
+          end
+          if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+            raise ArgumentError, "Invalid Configuration: Dualstack and custom endpoint are not supported"
+          end
+          return Aws::Endpoints::Endpoint.new(url: endpoint, headers: {}, properties: {})
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true) && Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS")) && Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+            return Aws::Endpoints::Endpoint.new(url: "https://kms-fips.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          end
+          raise ArgumentError, "FIPS and DualStack are enabled, but this partition does not support one or both"
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(use_fips, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsFIPS"))
+            return Aws::Endpoints::Endpoint.new(url: "https://kms-fips.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
+          end
+          raise ArgumentError, "FIPS is enabled but this partition does not support FIPS"
+        end
+        if Aws::Endpoints::Matchers.boolean_equals?(use_dual_stack, true)
+          if Aws::Endpoints::Matchers.boolean_equals?(true, Aws::Endpoints::Matchers.attr(partition_result, "supportsDualStack"))
+            return Aws::Endpoints::Endpoint.new(url: "https://kms.#{region}.#{partition_result['dualStackDnsSuffix']}", headers: {}, properties: {})
+          end
+          raise ArgumentError, "DualStack is enabled but this partition does not support DualStack"
+        end
+        return Aws::Endpoints::Endpoint.new(url: "https://kms.#{region}.#{partition_result['dnsSuffix']}", headers: {}, properties: {})
       end
-      @provider = Aws::Endpoints::RulesProvider.new(rule_set || @@rule_set)
-    end
+      raise ArgumentError, 'No endpoint could be resolved'
 
-    def resolve_endpoint(parameters)
-      @provider.resolve_endpoint(parameters)
     end
-
-    # @api private
-    RULES = <<-JSON
-eyJ2ZXJzaW9uIjoiMS4wIiwicGFyYW1ldGVycyI6eyJSZWdpb24iOnsiYnVp
-bHRJbiI6IkFXUzo6UmVnaW9uIiwicmVxdWlyZWQiOnRydWUsImRvY3VtZW50
-YXRpb24iOiJUaGUgQVdTIHJlZ2lvbiB1c2VkIHRvIGRpc3BhdGNoIHRoZSBy
-ZXF1ZXN0LiIsInR5cGUiOiJTdHJpbmcifSwiVXNlRHVhbFN0YWNrIjp7ImJ1
-aWx0SW4iOiJBV1M6OlVzZUR1YWxTdGFjayIsInJlcXVpcmVkIjp0cnVlLCJk
-ZWZhdWx0IjpmYWxzZSwiZG9jdW1lbnRhdGlvbiI6IldoZW4gdHJ1ZSwgdXNl
-IHRoZSBkdWFsLXN0YWNrIGVuZHBvaW50LiBJZiB0aGUgY29uZmlndXJlZCBl
-bmRwb2ludCBkb2VzIG5vdCBzdXBwb3J0IGR1YWwtc3RhY2ssIGRpc3BhdGNo
-aW5nIHRoZSByZXF1ZXN0IE1BWSByZXR1cm4gYW4gZXJyb3IuIiwidHlwZSI6
-IkJvb2xlYW4ifSwiVXNlRklQUyI6eyJidWlsdEluIjoiQVdTOjpVc2VGSVBT
-IiwicmVxdWlyZWQiOnRydWUsImRlZmF1bHQiOmZhbHNlLCJkb2N1bWVudGF0
-aW9uIjoiV2hlbiB0cnVlLCBzZW5kIHRoaXMgcmVxdWVzdCB0byB0aGUgRklQ
-Uy1jb21wbGlhbnQgcmVnaW9uYWwgZW5kcG9pbnQuIElmIHRoZSBjb25maWd1
-cmVkIGVuZHBvaW50IGRvZXMgbm90IGhhdmUgYSBGSVBTIGNvbXBsaWFudCBl
-bmRwb2ludCwgZGlzcGF0Y2hpbmcgdGhlIHJlcXVlc3Qgd2lsbCByZXR1cm4g
-YW4gZXJyb3IuIiwidHlwZSI6IkJvb2xlYW4ifSwiRW5kcG9pbnQiOnsiYnVp
-bHRJbiI6IlNESzo6RW5kcG9pbnQiLCJyZXF1aXJlZCI6ZmFsc2UsImRvY3Vt
-ZW50YXRpb24iOiJPdmVycmlkZSB0aGUgZW5kcG9pbnQgdXNlZCB0byBzZW5k
-IHRoaXMgcmVxdWVzdCIsInR5cGUiOiJTdHJpbmcifX0sInJ1bGVzIjpbeyJj
-b25kaXRpb25zIjpbeyJmbiI6ImF3cy5wYXJ0aXRpb24iLCJhcmd2IjpbeyJy
-ZWYiOiJSZWdpb24ifV0sImFzc2lnbiI6IlBhcnRpdGlvblJlc3VsdCJ9XSwi
-dHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9ucyI6W3siZm4iOiJp
-c1NldCIsImFyZ3YiOlt7InJlZiI6IkVuZHBvaW50In1dfSx7ImZuIjoicGFy
-c2VVUkwiLCJhcmd2IjpbeyJyZWYiOiJFbmRwb2ludCJ9XSwiYXNzaWduIjoi
-dXJsIn1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpbeyJjb25kaXRpb25zIjpb
-eyJmbiI6ImJvb2xlYW5FcXVhbHMiLCJhcmd2IjpbeyJyZWYiOiJVc2VGSVBT
-In0sdHJ1ZV19XSwiZXJyb3IiOiJJbnZhbGlkIENvbmZpZ3VyYXRpb246IEZJ
-UFMgYW5kIGN1c3RvbSBlbmRwb2ludCBhcmUgbm90IHN1cHBvcnRlZCIsInR5
-cGUiOiJlcnJvciJ9LHsiY29uZGl0aW9ucyI6W10sInR5cGUiOiJ0cmVlIiwi
-cnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7ImZuIjoiYm9vbGVhbkVxdWFscyIs
-ImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxTdGFjayJ9LHRydWVdfV0sImVycm9y
-IjoiSW52YWxpZCBDb25maWd1cmF0aW9uOiBEdWFsc3RhY2sgYW5kIGN1c3Rv
-bSBlbmRwb2ludCBhcmUgbm90IHN1cHBvcnRlZCIsInR5cGUiOiJlcnJvciJ9
-LHsiY29uZGl0aW9ucyI6W10sImVuZHBvaW50Ijp7InVybCI6eyJyZWYiOiJF
-bmRwb2ludCJ9LCJwcm9wZXJ0aWVzIjp7fSwiaGVhZGVycyI6e319LCJ0eXBl
-IjoiZW5kcG9pbnQifV19XX0seyJjb25kaXRpb25zIjpbeyJmbiI6ImJvb2xl
-YW5FcXVhbHMiLCJhcmd2IjpbeyJyZWYiOiJVc2VGSVBTIn0sdHJ1ZV19LHsi
-Zm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRHVhbFN0
-YWNrIn0sdHJ1ZV19XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0
-aW9ucyI6W3siZm4iOiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3RydWUseyJm
-biI6ImdldEF0dHIiLCJhcmd2IjpbeyJyZWYiOiJQYXJ0aXRpb25SZXN1bHQi
-fSwic3VwcG9ydHNGSVBTIl19XX0seyJmbiI6ImJvb2xlYW5FcXVhbHMiLCJh
-cmd2IjpbdHJ1ZSx7ImZuIjoiZ2V0QXR0ciIsImFyZ3YiOlt7InJlZiI6IlBh
-cnRpdGlvblJlc3VsdCJ9LCJzdXBwb3J0c0R1YWxTdGFjayJdfV19XSwidHlw
-ZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0aW9ucyI6W10sImVuZHBvaW50
-Ijp7InVybCI6Imh0dHBzOi8va21zLWZpcHMue1JlZ2lvbn0ue1BhcnRpdGlv
-blJlc3VsdCNkdWFsU3RhY2tEbnNTdWZmaXh9IiwicHJvcGVydGllcyI6e30s
-ImhlYWRlcnMiOnt9fSwidHlwZSI6ImVuZHBvaW50In1dfSx7ImNvbmRpdGlv
-bnMiOltdLCJlcnJvciI6IkZJUFMgYW5kIER1YWxTdGFjayBhcmUgZW5hYmxl
-ZCwgYnV0IHRoaXMgcGFydGl0aW9uIGRvZXMgbm90IHN1cHBvcnQgb25lIG9y
-IGJvdGgiLCJ0eXBlIjoiZXJyb3IifV19LHsiY29uZGl0aW9ucyI6W3siZm4i
-OiJib29sZWFuRXF1YWxzIiwiYXJndiI6W3sicmVmIjoiVXNlRklQUyJ9LHRy
-dWVdfV0sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7
-ImZuIjoiYm9vbGVhbkVxdWFscyIsImFyZ3YiOlt0cnVlLHsiZm4iOiJnZXRB
-dHRyIiwiYXJndiI6W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0In0sInN1cHBv
-cnRzRklQUyJdfV19XSwidHlwZSI6InRyZWUiLCJydWxlcyI6W3siY29uZGl0
-aW9ucyI6W10sInR5cGUiOiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMi
-OltdLCJlbmRwb2ludCI6eyJ1cmwiOiJodHRwczovL2ttcy1maXBzLntSZWdp
-b259LntQYXJ0aXRpb25SZXN1bHQjZG5zU3VmZml4fSIsInByb3BlcnRpZXMi
-Ont9LCJoZWFkZXJzIjp7fX0sInR5cGUiOiJlbmRwb2ludCJ9XX1dfSx7ImNv
-bmRpdGlvbnMiOltdLCJlcnJvciI6IkZJUFMgaXMgZW5hYmxlZCBidXQgdGhp
-cyBwYXJ0aXRpb24gZG9lcyBub3Qgc3VwcG9ydCBGSVBTIiwidHlwZSI6ImVy
-cm9yIn1dfSx7ImNvbmRpdGlvbnMiOlt7ImZuIjoiYm9vbGVhbkVxdWFscyIs
-ImFyZ3YiOlt7InJlZiI6IlVzZUR1YWxTdGFjayJ9LHRydWVdfV0sInR5cGUi
-OiJ0cmVlIiwicnVsZXMiOlt7ImNvbmRpdGlvbnMiOlt7ImZuIjoiYm9vbGVh
-bkVxdWFscyIsImFyZ3YiOlt0cnVlLHsiZm4iOiJnZXRBdHRyIiwiYXJndiI6
-W3sicmVmIjoiUGFydGl0aW9uUmVzdWx0In0sInN1cHBvcnRzRHVhbFN0YWNr
-Il19XX1dLCJ0eXBlIjoidHJlZSIsInJ1bGVzIjpbeyJjb25kaXRpb25zIjpb
-XSwiZW5kcG9pbnQiOnsidXJsIjoiaHR0cHM6Ly9rbXMue1JlZ2lvbn0ue1Bh
-cnRpdGlvblJlc3VsdCNkdWFsU3RhY2tEbnNTdWZmaXh9IiwicHJvcGVydGll
-cyI6e30sImhlYWRlcnMiOnt9fSwidHlwZSI6ImVuZHBvaW50In1dfSx7ImNv
-bmRpdGlvbnMiOltdLCJlcnJvciI6IkR1YWxTdGFjayBpcyBlbmFibGVkIGJ1
-dCB0aGlzIHBhcnRpdGlvbiBkb2VzIG5vdCBzdXBwb3J0IER1YWxTdGFjayIs
-InR5cGUiOiJlcnJvciJ9XX0seyJjb25kaXRpb25zIjpbXSwiZW5kcG9pbnQi
-OnsidXJsIjoiaHR0cHM6Ly9rbXMue1JlZ2lvbn0ue1BhcnRpdGlvblJlc3Vs
-dCNkbnNTdWZmaXh9IiwicHJvcGVydGllcyI6e30sImhlYWRlcnMiOnt9fSwi
-dHlwZSI6ImVuZHBvaW50In1dfV19
-
-    JSON
   end
 end

data/lib/aws-sdk-kms/types.rb

@@ -61,13 +61,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass CancelKeyDeletionRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the KMS key whose deletion is being canceled.
     #
@@ -249,13 +242,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ConnectCustomKeyStoreRequest
-    #   data as a hash:
-    #
-    #       {
-    #         custom_key_store_id: "CustomKeyStoreIdType", # required
-    #       }
-    #
     # @!attribute [rw] custom_key_store_id
     #   Enter the key store ID of the custom key store that you want to
     #   connect. To find the ID of a custom key store, use the
@@ -274,14 +260,6 @@ module Aws::KMS
     #
     class ConnectCustomKeyStoreResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass CreateAliasRequest
-    #   data as a hash:
-    #
-    #       {
-    #         alias_name: "AliasNameType", # required
-    #         target_key_id: "KeyIdType", # required
-    #       }
-    #
     # @!attribute [rw] alias_name
     #   Specifies the alias name. This value must begin with `alias/`
     #   followed by a name, such as `alias/ExampleAlias`.
@@ -335,25 +313,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass CreateCustomKeyStoreRequest
-    #   data as a hash:
-    #
-    #       {
-    #         custom_key_store_name: "CustomKeyStoreNameType", # required
-    #         cloud_hsm_cluster_id: "CloudHsmClusterIdType",
-    #         trust_anchor_certificate: "TrustAnchorCertificateType",
-    #         key_store_password: "KeyStorePasswordType",
-    #         custom_key_store_type: "AWS_CLOUDHSM", # accepts AWS_CLOUDHSM, EXTERNAL_KEY_STORE
-    #         xks_proxy_uri_endpoint: "XksProxyUriEndpointType",
-    #         xks_proxy_uri_path: "XksProxyUriPathType",
-    #         xks_proxy_vpc_endpoint_service_name: "XksProxyVpcEndpointServiceNameType",
-    #         xks_proxy_authentication_credential: {
-    #           access_key_id: "XksProxyAuthenticationAccessKeyIdType", # required
-    #           raw_secret_access_key: "XksProxyAuthenticationRawSecretAccessKeyType", # required
-    #         },
-    #         xks_proxy_connectivity: "PUBLIC_ENDPOINT", # accepts PUBLIC_ENDPOINT, VPC_ENDPOINT_SERVICE
-    #       }
-    #
     # @!attribute [rw] custom_key_store_name
     #   Specifies a friendly name for the custom key store. The name must be
     #   unique in your Amazon Web Services account and Region. This
@@ -375,8 +334,6 @@ module Aws::KMS
     #   @return [String]
     #
     # @!attribute [rw] trust_anchor_certificate
-    #   * CreateCustom
-    #
     #   Specifies the certificate for an CloudHSM key store. This parameter
     #   is required for custom key stores with a `CustomKeyStoreType` of
     #   `AWS_CLOUDHSM`.
@@ -587,26 +544,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass CreateGrantRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         grantee_principal: "PrincipalIdType", # required
-    #         retiring_principal: "PrincipalIdType",
-    #         operations: ["Decrypt"], # required, accepts Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, Sign, Verify, GetPublicKey, CreateGrant, RetireGrant, DescribeKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateMac, VerifyMac
-    #         constraints: {
-    #           encryption_context_subset: {
-    #             "EncryptionContextKey" => "EncryptionContextValue",
-    #           },
-    #           encryption_context_equals: {
-    #             "EncryptionContextKey" => "EncryptionContextValue",
-    #           },
-    #         },
-    #         grant_tokens: ["GrantTokenType"],
-    #         name: "GrantNameType",
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the KMS key for the grant. The grant gives principals
     #   permission to use this KMS key.
@@ -799,28 +736,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass CreateKeyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         policy: "PolicyType",
-    #         description: "DescriptionType",
-    #         key_usage: "SIGN_VERIFY", # accepts SIGN_VERIFY, ENCRYPT_DECRYPT, GENERATE_VERIFY_MAC
-    #         customer_master_key_spec: "RSA_2048", # accepts RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, ECC_SECG_P256K1, SYMMETRIC_DEFAULT, HMAC_224, HMAC_256, HMAC_384, HMAC_512, SM2
-    #         key_spec: "RSA_2048", # accepts RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, ECC_SECG_P256K1, SYMMETRIC_DEFAULT, HMAC_224, HMAC_256, HMAC_384, HMAC_512, SM2
-    #         origin: "AWS_KMS", # accepts AWS_KMS, EXTERNAL, AWS_CLOUDHSM, EXTERNAL_KEY_STORE
-    #         custom_key_store_id: "CustomKeyStoreIdType",
-    #         bypass_policy_lockout_safety_check: false,
-    #         tags: [
-    #           {
-    #             tag_key: "TagKeyType", # required
-    #             tag_value: "TagValueType", # required
-    #           },
-    #         ],
-    #         multi_region: false,
-    #         xks_key_id: "XksKeyIdType",
-    #       }
-    #
     # @!attribute [rw] policy
     #   The key policy to attach to the KMS key.
     #
@@ -1544,19 +1459,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DecryptRequest
-    #   data as a hash:
-    #
-    #       {
-    #         ciphertext_blob: "data", # required
-    #         encryption_context: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #         grant_tokens: ["GrantTokenType"],
-    #         key_id: "KeyIdType",
-    #         encryption_algorithm: "SYMMETRIC_DEFAULT", # accepts SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, RSAES_OAEP_SHA_256, SM2PKE
-    #       }
-    #
     # @!attribute [rw] ciphertext_blob
     #   Ciphertext to be decrypted. The blob includes metadata.
     #   @return [String]
@@ -1687,13 +1589,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteAliasRequest
-    #   data as a hash:
-    #
-    #       {
-    #         alias_name: "AliasNameType", # required
-    #       }
-    #
     # @!attribute [rw] alias_name
     #   The alias to be deleted. The alias name must begin with `alias/`
     #   followed by the alias name, such as `alias/ExampleAlias`.
@@ -1707,13 +1602,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DeleteCustomKeyStoreRequest
-    #   data as a hash:
-    #
-    #       {
-    #         custom_key_store_id: "CustomKeyStoreIdType", # required
-    #       }
-    #
     # @!attribute [rw] custom_key_store_id
     #   Enter the ID of the custom key store you want to delete. To find the
     #   ID of a custom key store, use the DescribeCustomKeyStores operation.
@@ -1731,13 +1619,6 @@ module Aws::KMS
     #
     class DeleteCustomKeyStoreResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass DeleteImportedKeyMaterialRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the KMS key from which you are deleting imported key
     #   material. The `Origin` of the KMS key must be `EXTERNAL`.
@@ -1777,16 +1658,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeCustomKeyStoresRequest
-    #   data as a hash:
-    #
-    #       {
-    #         custom_key_store_id: "CustomKeyStoreIdType",
-    #         custom_key_store_name: "CustomKeyStoreNameType",
-    #         limit: 1,
-    #         marker: "MarkerType",
-    #       }
-    #
     # @!attribute [rw] custom_key_store_id
     #   Gets only information about the specified custom key store. Enter
     #   the key store ID.
@@ -1856,14 +1727,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DescribeKeyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Describes the specified KMS key.
     #
@@ -1931,13 +1794,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DisableKeyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the KMS key to disable.
     #
@@ -1962,13 +1818,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DisableKeyRotationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies a symmetric encryption KMS key. You cannot enable or
     #   disable automatic rotation of [asymmetric KMS keys][1], [HMAC KMS
@@ -2016,13 +1865,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass DisconnectCustomKeyStoreRequest
-    #   data as a hash:
-    #
-    #       {
-    #         custom_key_store_id: "CustomKeyStoreIdType", # required
-    #       }
-    #
     # @!attribute [rw] custom_key_store_id
     #   Enter the ID of the custom key store you want to disconnect. To find
     #   the ID of a custom key store, use the DescribeCustomKeyStores
@@ -2041,13 +1883,6 @@ module Aws::KMS
     #
     class DisconnectCustomKeyStoreResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass EnableKeyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the KMS key to enable.
     #
@@ -2072,13 +1907,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass EnableKeyRotationRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies a symmetric encryption KMS key. You cannot enable
     #   automatic rotation of [asymmetric KMS keys][1], [HMAC KMS keys][2],
@@ -2115,19 +1943,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass EncryptRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         plaintext: "data", # required
-    #         encryption_context: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #         grant_tokens: ["GrantTokenType"],
-    #         encryption_algorithm: "SYMMETRIC_DEFAULT", # accepts SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, RSAES_OAEP_SHA_256, SM2PKE
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the KMS key to use in the encryption operation. The KMS
     #   key must have a `KeyUsage` of `ENCRYPT_DECRYPT`. To find the
@@ -2266,18 +2081,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GenerateDataKeyPairRequest
-    #   data as a hash:
-    #
-    #       {
-    #         encryption_context: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #         key_id: "KeyIdType", # required
-    #         key_pair_spec: "RSA_2048", # required, accepts RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, ECC_SECG_P256K1, SM2
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] encryption_context
     #   Specifies the encryption context that will be used when encrypting
     #   the private key in the data key pair.
@@ -2403,18 +2206,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GenerateDataKeyPairWithoutPlaintextRequest
-    #   data as a hash:
-    #
-    #       {
-    #         encryption_context: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #         key_id: "KeyIdType", # required
-    #         key_pair_spec: "RSA_2048", # required, accepts RSA_2048, RSA_3072, RSA_4096, ECC_NIST_P256, ECC_NIST_P384, ECC_NIST_P521, ECC_SECG_P256K1, SM2
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] encryption_context
     #   Specifies the encryption context that will be used when encrypting
     #   the private key in the data key pair.
@@ -2533,19 +2324,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GenerateDataKeyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         encryption_context: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #         number_of_bytes: 1,
-    #         key_spec: "AES_256", # accepts AES_256, AES_128
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Specifies the symmetric encryption KMS key that encrypts the data
     #   key. You cannot specify an asymmetric KMS key or a KMS key in a
@@ -2670,19 +2448,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GenerateDataKeyWithoutPlaintextRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         encryption_context: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #         key_spec: "AES_256", # accepts AES_256, AES_128
-    #         number_of_bytes: 1,
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Specifies the symmetric encryption KMS key that encrypts the data
     #   key. You cannot specify an asymmetric KMS key or a KMS key in a
@@ -2792,16 +2557,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GenerateMacRequest
-    #   data as a hash:
-    #
-    #       {
-    #         message: "data", # required
-    #         key_id: "KeyIdType", # required
-    #         mac_algorithm: "HMAC_SHA_224", # required, accepts HMAC_SHA_224, HMAC_SHA_256, HMAC_SHA_384, HMAC_SHA_512
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] message
     #   The message to be hashed. Specify a message of up to 4,096 bytes.
     #
@@ -2885,14 +2640,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GenerateRandomRequest
-    #   data as a hash:
-    #
-    #       {
-    #         number_of_bytes: 1,
-    #         custom_key_store_id: "CustomKeyStoreIdType",
-    #       }
-    #
     # @!attribute [rw] number_of_bytes
     #   The length of the random byte string. This parameter is required.
     #   @return [Integer]
@@ -2930,14 +2677,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetKeyPolicyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         policy_name: "PolicyNameType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Gets the key policy for the specified KMS key.
     #
@@ -2980,13 +2719,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetKeyRotationStatusRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Gets the rotation status for the specified KMS key.
     #
@@ -3025,15 +2757,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetParametersForImportRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         wrapping_algorithm: "RSAES_PKCS1_V1_5", # required, accepts RSAES_PKCS1_V1_5, RSAES_OAEP_SHA_1, RSAES_OAEP_SHA_256
-    #         wrapping_key_spec: "RSA_2048", # required, accepts RSA_2048
-    #       }
-    #
     # @!attribute [rw] key_id
     #   The identifier of the symmetric encryption KMS key into which you
     #   will import key material. The `Origin` of the KMS key must be
@@ -3115,14 +2838,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass GetPublicKeyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the asymmetric KMS key that includes the public key.
     #
@@ -3279,18 +2994,6 @@ module Aws::KMS
     # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks
     # [4]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context
     #
-    # @note When making an API call, you may pass GrantConstraints
-    #   data as a hash:
-    #
-    #       {
-    #         encryption_context_subset: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #         encryption_context_equals: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #       }
-    #
     # @!attribute [rw] encryption_context_subset
     #   A list of key-value pairs that must be included in the encryption
     #   context of the [cryptographic operation][1] request. The grant
@@ -3391,17 +3094,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ImportKeyMaterialRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         import_token: "data", # required
-    #         encrypted_key_material: "data", # required
-    #         valid_to: Time.now,
-    #         expiration_model: "KEY_MATERIAL_EXPIRES", # accepts KEY_MATERIAL_EXPIRES, KEY_MATERIAL_DOES_NOT_EXPIRE
-    #       }
-    #
     # @!attribute [rw] key_id
     #   The identifier of the symmetric encryption KMS key that receives the
     #   imported key material. This must be the same KMS key specified in
@@ -4057,15 +3749,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListAliasesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType",
-    #         limit: 1,
-    #         marker: "MarkerType",
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Lists only aliases that are associated with the specified KMS key.
     #   Enter a KMS key in your Amazon Web Services account.
@@ -4138,17 +3821,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListGrantsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         limit: 1,
-    #         marker: "MarkerType",
-    #         key_id: "KeyIdType", # required
-    #         grant_id: "GrantIdType",
-    #         grantee_principal: "PrincipalIdType",
-    #       }
-    #
     # @!attribute [rw] limit
     #   Use this parameter to specify the maximum number of items to return.
     #   When this value is present, KMS does not return more than the
@@ -4232,15 +3904,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListKeyPoliciesRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         limit: 1,
-    #         marker: "MarkerType",
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Gets the names of key policies for the specified KMS key.
     #
@@ -4311,14 +3974,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListKeysRequest
-    #   data as a hash:
-    #
-    #       {
-    #         limit: 1,
-    #         marker: "MarkerType",
-    #       }
-    #
     # @!attribute [rw] limit
     #   Use this parameter to specify the maximum number of items to return.
     #   When this value is present, KMS does not return more than the
@@ -4370,15 +4025,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListResourceTagsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         limit: 1,
-    #         marker: "MarkerType",
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Gets tags on the specified KMS key.
     #
@@ -4461,15 +4107,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ListRetirableGrantsRequest
-    #   data as a hash:
-    #
-    #       {
-    #         limit: 1,
-    #         marker: "MarkerType",
-    #         retiring_principal: "PrincipalIdType", # required
-    #       }
-    #
     # @!attribute [rw] limit
     #   Use this parameter to specify the maximum number of items to return.
     #   When this value is present, KMS does not return more than the
@@ -4594,16 +4231,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass PutKeyPolicyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         policy_name: "PolicyNameType", # required
-    #         policy: "PolicyType", # required
-    #         bypass_policy_lockout_safety_check: false,
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Sets the key policy on the specified KMS key.
     #
@@ -4705,24 +4332,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ReEncryptRequest
-    #   data as a hash:
-    #
-    #       {
-    #         ciphertext_blob: "data", # required
-    #         source_encryption_context: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #         source_key_id: "KeyIdType",
-    #         destination_key_id: "KeyIdType", # required
-    #         destination_encryption_context: {
-    #           "EncryptionContextKey" => "EncryptionContextValue",
-    #         },
-    #         source_encryption_algorithm: "SYMMETRIC_DEFAULT", # accepts SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, RSAES_OAEP_SHA_256, SM2PKE
-    #         destination_encryption_algorithm: "SYMMETRIC_DEFAULT", # accepts SYMMETRIC_DEFAULT, RSAES_OAEP_SHA_1, RSAES_OAEP_SHA_256, SM2PKE
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] ciphertext_blob
     #   Ciphertext of the data to reencrypt.
     #   @return [String]
@@ -4928,23 +4537,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ReplicateKeyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         replica_region: "RegionType", # required
-    #         policy: "PolicyType",
-    #         bypass_policy_lockout_safety_check: false,
-    #         description: "DescriptionType",
-    #         tags: [
-    #           {
-    #             tag_key: "TagKeyType", # required
-    #             tag_value: "TagValueType", # required
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the multi-Region primary key that is being replicated. To
     #   determine whether a KMS key is a multi-Region primary key, use the
@@ -5170,15 +4762,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass RetireGrantRequest
-    #   data as a hash:
-    #
-    #       {
-    #         grant_token: "GrantTokenType",
-    #         key_id: "KeyIdType",
-    #         grant_id: "GrantIdType",
-    #       }
-    #
     # @!attribute [rw] grant_token
     #   Identifies the grant to be retired. You can use a grant token to
     #   identify a new grant even before it has achieved eventual
@@ -5222,14 +4805,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass RevokeGrantRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         grant_id: "GrantIdType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   A unique identifier for the KMS key associated with the grant. To
     #   get the key ID and key ARN for a KMS key, use ListKeys or
@@ -5264,14 +4839,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass ScheduleKeyDeletionRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         pending_window_in_days: 1,
-    #       }
-    #
     # @!attribute [rw] key_id
     #   The unique identifier of the KMS key to delete.
     #
@@ -5357,17 +4924,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass SignRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         message: "data", # required
-    #         message_type: "RAW", # accepts RAW, DIGEST
-    #         grant_tokens: ["GrantTokenType"],
-    #         signing_algorithm: "RSASSA_PSS_SHA_256", # required, accepts RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512, SM2DSA
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies an asymmetric KMS key. KMS uses the private key in the
     #   asymmetric KMS key to sign the message. The `KeyUsage` type of the
@@ -5497,14 +5053,6 @@ module Aws::KMS
     #
     # [1]: https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html
     #
-    # @note When making an API call, you may pass Tag
-    #   data as a hash:
-    #
-    #       {
-    #         tag_key: "TagKeyType", # required
-    #         tag_value: "TagValueType", # required
-    #       }
-    #
     # @!attribute [rw] tag_key
     #   The key of the tag.
     #   @return [String]
@@ -5535,19 +5083,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass TagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         tags: [ # required
-    #           {
-    #             tag_key: "TagKeyType", # required
-    #             tag_value: "TagValueType", # required
-    #           },
-    #         ],
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies a customer managed key in the account and Region.
     #
@@ -5598,14 +5133,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UntagResourceRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         tag_keys: ["TagKeyType"], # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the KMS key from which you are removing tags.
     #
@@ -5635,14 +5162,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UpdateAliasRequest
-    #   data as a hash:
-    #
-    #       {
-    #         alias_name: "AliasNameType", # required
-    #         target_key_id: "KeyIdType", # required
-    #       }
-    #
     # @!attribute [rw] alias_name
     #   Identifies the alias that is changing its KMS key. This value must
     #   begin with `alias/` followed by the alias name, such as
@@ -5690,24 +5209,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UpdateCustomKeyStoreRequest
-    #   data as a hash:
-    #
-    #       {
-    #         custom_key_store_id: "CustomKeyStoreIdType", # required
-    #         new_custom_key_store_name: "CustomKeyStoreNameType",
-    #         key_store_password: "KeyStorePasswordType",
-    #         cloud_hsm_cluster_id: "CloudHsmClusterIdType",
-    #         xks_proxy_uri_endpoint: "XksProxyUriEndpointType",
-    #         xks_proxy_uri_path: "XksProxyUriPathType",
-    #         xks_proxy_vpc_endpoint_service_name: "XksProxyVpcEndpointServiceNameType",
-    #         xks_proxy_authentication_credential: {
-    #           access_key_id: "XksProxyAuthenticationAccessKeyIdType", # required
-    #           raw_secret_access_key: "XksProxyAuthenticationRawSecretAccessKeyType", # required
-    #         },
-    #         xks_proxy_connectivity: "PUBLIC_ENDPOINT", # accepts PUBLIC_ENDPOINT, VPC_ENDPOINT_SERVICE
-    #       }
-    #
     # @!attribute [rw] custom_key_store_id
     #   Identifies the custom key store that you want to update. Enter the
     #   ID of the custom key store. To find the ID of a custom key store,
@@ -5863,14 +5364,6 @@ module Aws::KMS
     #
     class UpdateCustomKeyStoreResponse < Aws::EmptyStructure; end
 
-    # @note When making an API call, you may pass UpdateKeyDescriptionRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         description: "DescriptionType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Updates the description of the specified KMS key.
     #
@@ -5900,14 +5393,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass UpdatePrimaryRegionRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         primary_region: "RegionType", # required
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the current primary key. When the operation completes,
     #   this KMS key will be a replica key.
@@ -5943,17 +5428,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass VerifyMacRequest
-    #   data as a hash:
-    #
-    #       {
-    #         message: "data", # required
-    #         key_id: "KeyIdType", # required
-    #         mac_algorithm: "HMAC_SHA_224", # required, accepts HMAC_SHA_224, HMAC_SHA_256, HMAC_SHA_384, HMAC_SHA_512
-    #         mac: "data", # required
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] message
     #   The message that will be used in the verification. Enter the same
     #   message that was used to generate the HMAC.
@@ -6037,18 +5511,6 @@ module Aws::KMS
       include Aws::Structure
     end
 
-    # @note When making an API call, you may pass VerifyRequest
-    #   data as a hash:
-    #
-    #       {
-    #         key_id: "KeyIdType", # required
-    #         message: "data", # required
-    #         message_type: "RAW", # accepts RAW, DIGEST
-    #         signature: "data", # required
-    #         signing_algorithm: "RSASSA_PSS_SHA_256", # required, accepts RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512, SM2DSA
-    #         grant_tokens: ["GrantTokenType"],
-    #       }
-    #
     # @!attribute [rw] key_id
     #   Identifies the asymmetric KMS key that will be used to verify the
     #   signature. This must be the same KMS key that was used to generate
@@ -6182,7 +5644,7 @@ module Aws::KMS
     # Information about the [external key ][1]that is associated with a KMS
     # key in an external key store.
     #
-    # These fields appear in a CreateKey or DescribeKey response only for a
+    # This element appears in a CreateKey or DescribeKey response only for a
     # KMS key in an external key store.
     #
     # The *external key* is a symmetric encryption key that is hosted by an
@@ -6256,14 +5718,6 @@ module Aws::KMS
     #
     # The `XksProxyAuthenticationCredential` includes two required elements.
     #
-    # @note When making an API call, you may pass XksProxyAuthenticationCredentialType
-    #   data as a hash:
-    #
-    #       {
-    #         access_key_id: "XksProxyAuthenticationAccessKeyIdType", # required
-    #         raw_secret_access_key: "XksProxyAuthenticationRawSecretAccessKeyType", # required
-    #       }
-    #
     # @!attribute [rw] access_key_id
     #   A unique identifier for the raw secret access key.
     #   @return [String]

data/lib/aws-sdk-kms.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-kms/customizations'
 # @!group service
 module Aws::KMS
 
-  GEM_VERSION = '1.60.0'
+  GEM_VERSION = '1.62.0'
 
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-kms
 version: !ruby/object:Gem::Version
-  version: 1.60.0
+  version: 1.62.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2022-11-29 00:00:00.000000000 Z
+date: 2023-01-18 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core