aws-sdk-kms 1.72.0 → 1.96.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +120 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-kms/client.rb +1071 -186
- data/lib/aws-sdk-kms/client_api.rb +131 -2
- data/lib/aws-sdk-kms/endpoint_parameters.rb +9 -6
- data/lib/aws-sdk-kms/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-kms/endpoints.rb +2 -698
- data/lib/aws-sdk-kms/errors.rb +16 -0
- data/lib/aws-sdk-kms/plugins/endpoints.rb +23 -114
- data/lib/aws-sdk-kms/types.rb +509 -74
- data/lib/aws-sdk-kms.rb +15 -11
- data/sig/client.rbs +804 -0
- data/sig/errors.rbs +160 -0
- data/sig/resource.rbs +83 -0
- data/sig/types.rbs +1036 -0
- data/sig/waiters.rbs +13 -0
- metadata +16 -11
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -242,6 +242,21 @@ module Aws::KMS
|
|
242
242
|
include Aws::Structure
|
243
243
|
end
|
244
244
|
|
245
|
+
# The request was rejected because an automatic rotation of this key is
|
246
|
+
# currently in progress or scheduled to begin within the next 20
|
247
|
+
# minutes.
|
248
|
+
#
|
249
|
+
# @!attribute [rw] message
|
250
|
+
# @return [String]
|
251
|
+
#
|
252
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConflictException AWS API Documentation
|
253
|
+
#
|
254
|
+
class ConflictException < Struct.new(
|
255
|
+
:message)
|
256
|
+
SENSITIVE = []
|
257
|
+
include Aws::Structure
|
258
|
+
end
|
259
|
+
|
245
260
|
# @!attribute [rw] custom_key_store_id
|
246
261
|
# Enter the key store ID of the custom key store that you want to
|
247
262
|
# connect. To find the ID of a custom key store, use the
|
@@ -418,7 +433,7 @@ module Aws::KMS
|
|
418
433
|
#
|
419
434
|
# * An external key store with `PUBLIC_ENDPOINT` connectivity cannot
|
420
435
|
# use the same `XksProxyUriEndpoint` value as an external key store
|
421
|
-
# with `VPC_ENDPOINT_SERVICE` connectivity in
|
436
|
+
# with `VPC_ENDPOINT_SERVICE` connectivity in this Amazon Web
|
422
437
|
# Services Region.
|
423
438
|
#
|
424
439
|
# * Each external key store with `VPC_ENDPOINT_SERVICE` connectivity
|
@@ -826,14 +841,17 @@ module Aws::KMS
|
|
826
841
|
#
|
827
842
|
# * For HMAC KMS keys (symmetric), specify `GENERATE_VERIFY_MAC`.
|
828
843
|
#
|
829
|
-
# * For asymmetric KMS keys with RSA key
|
844
|
+
# * For asymmetric KMS keys with RSA key pairs, specify
|
830
845
|
# `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
|
831
846
|
#
|
832
|
-
# * For asymmetric KMS keys with
|
847
|
+
# * For asymmetric KMS keys with NIST-recommended elliptic curve key
|
848
|
+
# pairs, specify `SIGN_VERIFY` or `KEY_AGREEMENT`.
|
849
|
+
#
|
850
|
+
# * For asymmetric KMS keys with `ECC_SECG_P256K1` key pairs specify
|
833
851
|
# `SIGN_VERIFY`.
|
834
852
|
#
|
835
|
-
# * For asymmetric KMS keys with SM2 key
|
836
|
-
#
|
853
|
+
# * For asymmetric KMS keys with SM2 key pairs (China Regions only),
|
854
|
+
# specify `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `KEY_AGREEMENT`.
|
837
855
|
#
|
838
856
|
#
|
839
857
|
#
|
@@ -878,7 +896,6 @@ module Aws::KMS
|
|
878
896
|
# * `SYMMETRIC_DEFAULT`
|
879
897
|
#
|
880
898
|
# ^
|
881
|
-
#
|
882
899
|
# * HMAC keys (symmetric)
|
883
900
|
#
|
884
901
|
# * `HMAC_224`
|
@@ -888,33 +905,33 @@ module Aws::KMS
|
|
888
905
|
# * `HMAC_384`
|
889
906
|
#
|
890
907
|
# * `HMAC_512`
|
891
|
-
#
|
892
|
-
#
|
908
|
+
# * Asymmetric RSA key pairs (encryption and decryption -or- signing
|
909
|
+
# and verification)
|
893
910
|
#
|
894
911
|
# * `RSA_2048`
|
895
912
|
#
|
896
913
|
# * `RSA_3072`
|
897
914
|
#
|
898
915
|
# * `RSA_4096`
|
899
|
-
#
|
900
|
-
#
|
916
|
+
# * Asymmetric NIST-recommended elliptic curve key pairs (signing and
|
917
|
+
# verification -or- deriving shared secrets)
|
901
918
|
#
|
902
919
|
# * `ECC_NIST_P256` (secp256r1)
|
903
920
|
#
|
904
921
|
# * `ECC_NIST_P384` (secp384r1)
|
905
922
|
#
|
906
923
|
# * `ECC_NIST_P521` (secp521r1)
|
907
|
-
#
|
908
|
-
#
|
924
|
+
# * Other asymmetric elliptic curve key pairs (signing and
|
925
|
+
# verification)
|
909
926
|
#
|
910
927
|
# * `ECC_SECG_P256K1` (secp256k1), commonly used for
|
911
928
|
# cryptocurrencies.
|
912
929
|
#
|
913
930
|
# ^
|
931
|
+
# * SM2 key pairs (encryption and decryption -or- signing and
|
932
|
+
# verification -or- deriving shared secrets)
|
914
933
|
#
|
915
|
-
#
|
916
|
-
#
|
917
|
-
# * `SM2`
|
934
|
+
# * `SM2` (China Regions only)
|
918
935
|
#
|
919
936
|
# ^
|
920
937
|
#
|
@@ -992,12 +1009,13 @@ module Aws::KMS
|
|
992
1009
|
# Management Service Developer Guide*.
|
993
1010
|
#
|
994
1011
|
# Use this parameter only when you intend to prevent the principal
|
995
|
-
# that is making the request from making a subsequent
|
996
|
-
# request on the KMS key.
|
1012
|
+
# that is making the request from making a subsequent
|
1013
|
+
# [PutKeyPolicy][2] request on the KMS key.
|
997
1014
|
#
|
998
1015
|
#
|
999
1016
|
#
|
1000
1017
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
|
1018
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html
|
1001
1019
|
# @return [Boolean]
|
1002
1020
|
#
|
1003
1021
|
# @!attribute [rw] tags
|
@@ -1429,7 +1447,6 @@ module Aws::KMS
|
|
1429
1447
|
#
|
1430
1448
|
# * The [TLS certificate][6] specifies the private DNS hostname at
|
1431
1449
|
# which the endpoint is reachable.
|
1432
|
-
#
|
1433
1450
|
# * `XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND` — KMS can't find the VPC
|
1434
1451
|
# endpoint service that it uses to communicate with the external key
|
1435
1452
|
# store proxy. Verify that the `XksProxyVpcEndpointServiceName` is
|
@@ -1596,7 +1613,7 @@ module Aws::KMS
|
|
1596
1613
|
#
|
1597
1614
|
#
|
1598
1615
|
#
|
1599
|
-
# [1]: https://docs.aws.amazon.com/
|
1616
|
+
# [1]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-concepts.html#term-attestdoc
|
1600
1617
|
# [2]: https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk
|
1601
1618
|
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
1602
1619
|
# @return [Types::RecipientInfo]
|
@@ -1745,6 +1762,195 @@ module Aws::KMS
|
|
1745
1762
|
include Aws::Structure
|
1746
1763
|
end
|
1747
1764
|
|
1765
|
+
# @!attribute [rw] key_id
|
1766
|
+
# Identifies an asymmetric NIST-recommended ECC or SM2 (China Regions
|
1767
|
+
# only) KMS key. KMS uses the private key in the specified key pair to
|
1768
|
+
# derive the shared secret. The key usage of the KMS key must be
|
1769
|
+
# `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS key, use the
|
1770
|
+
# DescribeKey operation.
|
1771
|
+
#
|
1772
|
+
# To specify a KMS key, use its key ID, key ARN, alias name, or alias
|
1773
|
+
# ARN. When using an alias name, prefix it with `"alias/"`. To specify
|
1774
|
+
# a KMS key in a different Amazon Web Services account, you must use
|
1775
|
+
# the key ARN or alias ARN.
|
1776
|
+
#
|
1777
|
+
# For example:
|
1778
|
+
#
|
1779
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
1780
|
+
#
|
1781
|
+
# * Key ARN:
|
1782
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
1783
|
+
#
|
1784
|
+
# * Alias name: `alias/ExampleAlias`
|
1785
|
+
#
|
1786
|
+
# * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
|
1787
|
+
#
|
1788
|
+
# To get the key ID and key ARN for a KMS key, use ListKeys or
|
1789
|
+
# DescribeKey. To get the alias name and alias ARN, use ListAliases.
|
1790
|
+
# @return [String]
|
1791
|
+
#
|
1792
|
+
# @!attribute [rw] key_agreement_algorithm
|
1793
|
+
# Specifies the key agreement algorithm used to derive the shared
|
1794
|
+
# secret. The only valid value is `ECDH`.
|
1795
|
+
# @return [String]
|
1796
|
+
#
|
1797
|
+
# @!attribute [rw] public_key
|
1798
|
+
# Specifies the public key in your peer's NIST-recommended elliptic
|
1799
|
+
# curve (ECC) or SM2 (China Regions only) key pair.
|
1800
|
+
#
|
1801
|
+
# The public key must be a DER-encoded X.509 public key, also known as
|
1802
|
+
# `SubjectPublicKeyInfo` (SPKI), as defined in [RFC 5280][1].
|
1803
|
+
#
|
1804
|
+
# GetPublicKey returns the public key of an asymmetric KMS key pair in
|
1805
|
+
# the required DER-encoded format.
|
1806
|
+
#
|
1807
|
+
# <note markdown="1"> If you use [Amazon Web Services CLI version 1][2], you must provide
|
1808
|
+
# the DER-encoded X.509 public key in a file. Otherwise, the Amazon
|
1809
|
+
# Web Services CLI Base64-encodes the public key a second time,
|
1810
|
+
# resulting in a `ValidationException`.
|
1811
|
+
#
|
1812
|
+
# </note>
|
1813
|
+
#
|
1814
|
+
# You can specify the public key as binary data in a file using fileb
|
1815
|
+
# (`fileb://<path-to-file>`) or in-line using a Base64 encoded string.
|
1816
|
+
#
|
1817
|
+
#
|
1818
|
+
#
|
1819
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
1820
|
+
# [2]: https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-welcome.html
|
1821
|
+
# @return [String]
|
1822
|
+
#
|
1823
|
+
# @!attribute [rw] grant_tokens
|
1824
|
+
# A list of grant tokens.
|
1825
|
+
#
|
1826
|
+
# Use a grant token when your permission to call this operation comes
|
1827
|
+
# from a new grant that has not yet achieved *eventual consistency*.
|
1828
|
+
# For more information, see [Grant token][1] and [Using a grant
|
1829
|
+
# token][2] in the *Key Management Service Developer Guide*.
|
1830
|
+
#
|
1831
|
+
#
|
1832
|
+
#
|
1833
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
|
1834
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
1835
|
+
# @return [Array<String>]
|
1836
|
+
#
|
1837
|
+
# @!attribute [rw] dry_run
|
1838
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
1839
|
+
# parameter.
|
1840
|
+
#
|
1841
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
1842
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
1843
|
+
#
|
1844
|
+
#
|
1845
|
+
#
|
1846
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
1847
|
+
# @return [Boolean]
|
1848
|
+
#
|
1849
|
+
# @!attribute [rw] recipient
|
1850
|
+
# A signed [attestation document][1] from an Amazon Web Services Nitro
|
1851
|
+
# enclave and the encryption algorithm to use with the enclave's
|
1852
|
+
# public key. The only valid encryption algorithm is
|
1853
|
+
# `RSAES_OAEP_SHA_256`.
|
1854
|
+
#
|
1855
|
+
# This parameter only supports attestation documents for Amazon Web
|
1856
|
+
# Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon
|
1857
|
+
# Web Services Nitro Enclaves, use the [Amazon Web Services Nitro
|
1858
|
+
# Enclaves SDK][2] to generate the attestation document and then use
|
1859
|
+
# the Recipient parameter from any Amazon Web Services SDK to provide
|
1860
|
+
# the attestation document for the enclave.
|
1861
|
+
#
|
1862
|
+
# When you use this parameter, instead of returning a plaintext copy
|
1863
|
+
# of the shared secret, KMS encrypts the plaintext shared secret under
|
1864
|
+
# the public key in the attestation document, and returns the
|
1865
|
+
# resulting ciphertext in the `CiphertextForRecipient` field in the
|
1866
|
+
# response. This ciphertext can be decrypted only with the private key
|
1867
|
+
# in the enclave. The `CiphertextBlob` field in the response contains
|
1868
|
+
# the encrypted shared secret derived from the KMS key specified by
|
1869
|
+
# the `KeyId` parameter and public key specified by the `PublicKey`
|
1870
|
+
# parameter. The `SharedSecret` field in the response is null or
|
1871
|
+
# empty.
|
1872
|
+
#
|
1873
|
+
# For information about the interaction between KMS and Amazon Web
|
1874
|
+
# Services Nitro Enclaves, see [How Amazon Web Services Nitro Enclaves
|
1875
|
+
# uses KMS][3] in the *Key Management Service Developer Guide*.
|
1876
|
+
#
|
1877
|
+
#
|
1878
|
+
#
|
1879
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc
|
1880
|
+
# [2]: https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk
|
1881
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
1882
|
+
# @return [Types::RecipientInfo]
|
1883
|
+
#
|
1884
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecretRequest AWS API Documentation
|
1885
|
+
#
|
1886
|
+
class DeriveSharedSecretRequest < Struct.new(
|
1887
|
+
:key_id,
|
1888
|
+
:key_agreement_algorithm,
|
1889
|
+
:public_key,
|
1890
|
+
:grant_tokens,
|
1891
|
+
:dry_run,
|
1892
|
+
:recipient)
|
1893
|
+
SENSITIVE = []
|
1894
|
+
include Aws::Structure
|
1895
|
+
end
|
1896
|
+
|
1897
|
+
# @!attribute [rw] key_id
|
1898
|
+
# Identifies the KMS key used to derive the shared secret.
|
1899
|
+
# @return [String]
|
1900
|
+
#
|
1901
|
+
# @!attribute [rw] shared_secret
|
1902
|
+
# The raw secret derived from the specified key agreement algorithm,
|
1903
|
+
# private key in the asymmetric KMS key, and your peer's public key.
|
1904
|
+
#
|
1905
|
+
# If the response includes the `CiphertextForRecipient` field, the
|
1906
|
+
# `SharedSecret` field is null or empty.
|
1907
|
+
# @return [String]
|
1908
|
+
#
|
1909
|
+
# @!attribute [rw] ciphertext_for_recipient
|
1910
|
+
# The plaintext shared secret encrypted with the public key in the
|
1911
|
+
# attestation document.
|
1912
|
+
#
|
1913
|
+
# This field is included in the response only when the `Recipient`
|
1914
|
+
# parameter in the request includes a valid attestation document from
|
1915
|
+
# an Amazon Web Services Nitro enclave. For information about the
|
1916
|
+
# interaction between KMS and Amazon Web Services Nitro Enclaves, see
|
1917
|
+
# [How Amazon Web Services Nitro Enclaves uses KMS][1] in the *Key
|
1918
|
+
# Management Service Developer Guide*.
|
1919
|
+
#
|
1920
|
+
#
|
1921
|
+
#
|
1922
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
1923
|
+
# @return [String]
|
1924
|
+
#
|
1925
|
+
# @!attribute [rw] key_agreement_algorithm
|
1926
|
+
# Identifies the key agreement algorithm used to derive the shared
|
1927
|
+
# secret.
|
1928
|
+
# @return [String]
|
1929
|
+
#
|
1930
|
+
# @!attribute [rw] key_origin
|
1931
|
+
# The source of the key material for the specified KMS key.
|
1932
|
+
#
|
1933
|
+
# When this value is `AWS_KMS`, KMS created the key material. When
|
1934
|
+
# this value is `EXTERNAL`, the key material was imported or the KMS
|
1935
|
+
# key doesn't have any key material.
|
1936
|
+
#
|
1937
|
+
# The only valid values for DeriveSharedSecret are `AWS_KMS` and
|
1938
|
+
# `EXTERNAL`. DeriveSharedSecret does not support KMS keys with a
|
1939
|
+
# `KeyOrigin` value of `AWS_CLOUDHSM` or `EXTERNAL_KEY_STORE`.
|
1940
|
+
# @return [String]
|
1941
|
+
#
|
1942
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecretResponse AWS API Documentation
|
1943
|
+
#
|
1944
|
+
class DeriveSharedSecretResponse < Struct.new(
|
1945
|
+
:key_id,
|
1946
|
+
:shared_secret,
|
1947
|
+
:ciphertext_for_recipient,
|
1948
|
+
:key_agreement_algorithm,
|
1949
|
+
:key_origin)
|
1950
|
+
SENSITIVE = [:shared_secret]
|
1951
|
+
include Aws::Structure
|
1952
|
+
end
|
1953
|
+
|
1748
1954
|
# @!attribute [rw] custom_key_store_id
|
1749
1955
|
# Gets only information about the specified custom key store. Enter
|
1750
1956
|
# the key store ID.
|
@@ -1800,8 +2006,8 @@ module Aws::KMS
|
|
1800
2006
|
# @!attribute [rw] truncated
|
1801
2007
|
# A flag that indicates whether there are more items in the list. When
|
1802
2008
|
# this value is true, the list in this response is truncated. To get
|
1803
|
-
# more items, pass the value of the `NextMarker` element in
|
1804
|
-
#
|
2009
|
+
# more items, pass the value of the `NextMarker` element in this
|
2010
|
+
# response to the `Marker` parameter in a subsequent request.
|
1805
2011
|
# @return [Boolean]
|
1806
2012
|
#
|
1807
2013
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStoresResponse AWS API Documentation
|
@@ -2035,10 +2241,31 @@ module Aws::KMS
|
|
2035
2241
|
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate
|
2036
2242
|
# @return [String]
|
2037
2243
|
#
|
2244
|
+
# @!attribute [rw] rotation_period_in_days
|
2245
|
+
# Use this parameter to specify a custom period of time between each
|
2246
|
+
# rotation date. If no value is specified, the default value is 365
|
2247
|
+
# days.
|
2248
|
+
#
|
2249
|
+
# The rotation period defines the number of days after you enable
|
2250
|
+
# automatic key rotation that KMS will rotate your key material, and
|
2251
|
+
# the number of days between each automatic rotation thereafter.
|
2252
|
+
#
|
2253
|
+
# You can use the [ `kms:RotationPeriodInDays` ][1] condition key to
|
2254
|
+
# further constrain the values that principals can specify in the
|
2255
|
+
# `RotationPeriodInDays` parameter.
|
2256
|
+
#
|
2257
|
+
#
|
2258
|
+
#
|
2259
|
+
#
|
2260
|
+
#
|
2261
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days
|
2262
|
+
# @return [Integer]
|
2263
|
+
#
|
2038
2264
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotationRequest AWS API Documentation
|
2039
2265
|
#
|
2040
2266
|
class EnableKeyRotationRequest < Struct.new(
|
2041
|
-
:key_id
|
2267
|
+
:key_id,
|
2268
|
+
:rotation_period_in_days)
|
2042
2269
|
SENSITIVE = []
|
2043
2270
|
include Aws::Structure
|
2044
2271
|
end
|
@@ -2280,8 +2507,11 @@ module Aws::KMS
|
|
2280
2507
|
# `RSAES_OAEP_SHA_256`.
|
2281
2508
|
#
|
2282
2509
|
# This parameter only supports attestation documents for Amazon Web
|
2283
|
-
# Services Nitro Enclaves. To
|
2284
|
-
# Web Services Nitro Enclaves
|
2510
|
+
# Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon
|
2511
|
+
# Web Services Nitro Enclaves, use the [Amazon Web Services Nitro
|
2512
|
+
# Enclaves SDK][2] to generate the attestation document and then use
|
2513
|
+
# the Recipient parameter from any Amazon Web Services SDK to provide
|
2514
|
+
# the attestation document for the enclave.
|
2285
2515
|
#
|
2286
2516
|
# When you use this parameter, instead of returning a plaintext copy
|
2287
2517
|
# of the private data key, KMS encrypts the plaintext private data key
|
@@ -3047,7 +3277,8 @@ module Aws::KMS
|
|
3047
3277
|
# @return [String]
|
3048
3278
|
#
|
3049
3279
|
# @!attribute [rw] policy_name
|
3050
|
-
# Specifies the name of the key policy.
|
3280
|
+
# Specifies the name of the key policy. If no policy name is
|
3281
|
+
# specified, the default value is `default`. The only valid name is
|
3051
3282
|
# `default`. To get the names of key policies, use ListKeyPolicies.
|
3052
3283
|
# @return [String]
|
3053
3284
|
#
|
@@ -3064,10 +3295,15 @@ module Aws::KMS
|
|
3064
3295
|
# A key policy document in JSON format.
|
3065
3296
|
# @return [String]
|
3066
3297
|
#
|
3298
|
+
# @!attribute [rw] policy_name
|
3299
|
+
# The name of the key policy. The only valid value is `default`.
|
3300
|
+
# @return [String]
|
3301
|
+
#
|
3067
3302
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicyResponse AWS API Documentation
|
3068
3303
|
#
|
3069
3304
|
class GetKeyPolicyResponse < Struct.new(
|
3070
|
-
:policy
|
3305
|
+
:policy,
|
3306
|
+
:policy_name)
|
3071
3307
|
SENSITIVE = []
|
3072
3308
|
include Aws::Structure
|
3073
3309
|
end
|
@@ -3102,10 +3338,42 @@ module Aws::KMS
|
|
3102
3338
|
# A Boolean value that specifies whether key rotation is enabled.
|
3103
3339
|
# @return [Boolean]
|
3104
3340
|
#
|
3341
|
+
# @!attribute [rw] key_id
|
3342
|
+
# Identifies the specified symmetric encryption KMS key.
|
3343
|
+
# @return [String]
|
3344
|
+
#
|
3345
|
+
# @!attribute [rw] rotation_period_in_days
|
3346
|
+
# The number of days between each automatic rotation. The default
|
3347
|
+
# value is 365 days.
|
3348
|
+
# @return [Integer]
|
3349
|
+
#
|
3350
|
+
# @!attribute [rw] next_rotation_date
|
3351
|
+
# The next date that KMS will automatically rotate the key material.
|
3352
|
+
# @return [Time]
|
3353
|
+
#
|
3354
|
+
# @!attribute [rw] on_demand_rotation_start_date
|
3355
|
+
# Identifies the date and time that an in progress on-demand rotation
|
3356
|
+
# was initiated.
|
3357
|
+
#
|
3358
|
+
# The KMS API follows an [eventual consistency][1] model due to the
|
3359
|
+
# distributed nature of the system. As a result, there might be a
|
3360
|
+
# slight delay between initiating on-demand key rotation and the
|
3361
|
+
# rotation's completion. Once the on-demand rotation is complete, use
|
3362
|
+
# ListKeyRotations to view the details of the on-demand rotation.
|
3363
|
+
#
|
3364
|
+
#
|
3365
|
+
#
|
3366
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html
|
3367
|
+
# @return [Time]
|
3368
|
+
#
|
3105
3369
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatusResponse AWS API Documentation
|
3106
3370
|
#
|
3107
3371
|
class GetKeyRotationStatusResponse < Struct.new(
|
3108
|
-
:key_rotation_enabled
|
3372
|
+
:key_rotation_enabled,
|
3373
|
+
:key_id,
|
3374
|
+
:rotation_period_in_days,
|
3375
|
+
:next_rotation_date,
|
3376
|
+
:on_demand_rotation_start_date)
|
3109
3377
|
SENSITIVE = []
|
3110
3378
|
include Aws::Structure
|
3111
3379
|
end
|
@@ -3167,8 +3435,8 @@ module Aws::KMS
|
|
3167
3435
|
# You cannot use the RSAES\_OAEP\_SHA\_1 wrapping algorithm with the
|
3168
3436
|
# RSA\_2048 wrapping key spec to wrap ECC\_NIST\_P521 key material.
|
3169
3437
|
#
|
3170
|
-
# * **RSAES\_PKCS1\_V1\_5** (Deprecated) —
|
3171
|
-
#
|
3438
|
+
# * **RSAES\_PKCS1\_V1\_5** (Deprecated) — As of October 10, 2023, KMS
|
3439
|
+
# does not support the RSAES\_PKCS1\_V1\_5 wrapping algorithm.
|
3172
3440
|
# @return [String]
|
3173
3441
|
#
|
3174
3442
|
# @!attribute [rw] wrapping_key_spec
|
@@ -3313,12 +3581,12 @@ module Aws::KMS
|
|
3313
3581
|
# @return [String]
|
3314
3582
|
#
|
3315
3583
|
# @!attribute [rw] key_usage
|
3316
|
-
# The permitted use of the public key. Valid values
|
3317
|
-
# `ENCRYPT_DECRYPT`
|
3584
|
+
# The permitted use of the public key. Valid values for asymmetric key
|
3585
|
+
# pairs are `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, and `KEY_AGREEMENT`.
|
3318
3586
|
#
|
3319
|
-
# This information is critical.
|
3320
|
-
# usage encrypts data outside of KMS, the ciphertext
|
3321
|
-
# decrypted.
|
3587
|
+
# This information is critical. For example, if a public key with
|
3588
|
+
# `SIGN_VERIFY` key usage encrypts data outside of KMS, the ciphertext
|
3589
|
+
# cannot be decrypted.
|
3322
3590
|
# @return [String]
|
3323
3591
|
#
|
3324
3592
|
# @!attribute [rw] encryption_algorithms
|
@@ -3339,6 +3607,12 @@ module Aws::KMS
|
|
3339
3607
|
# public key is `SIGN_VERIFY`.
|
3340
3608
|
# @return [Array<String>]
|
3341
3609
|
#
|
3610
|
+
# @!attribute [rw] key_agreement_algorithms
|
3611
|
+
# The key agreement algorithm used to derive a shared secret. This
|
3612
|
+
# field is present only when the KMS key has a `KeyUsage` value of
|
3613
|
+
# `KEY_AGREEMENT`.
|
3614
|
+
# @return [Array<String>]
|
3615
|
+
#
|
3342
3616
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKeyResponse AWS API Documentation
|
3343
3617
|
#
|
3344
3618
|
class GetPublicKeyResponse < Struct.new(
|
@@ -3348,7 +3622,8 @@ module Aws::KMS
|
|
3348
3622
|
:key_spec,
|
3349
3623
|
:key_usage,
|
3350
3624
|
:encryption_algorithms,
|
3351
|
-
:signing_algorithms
|
3625
|
+
:signing_algorithms,
|
3626
|
+
:key_agreement_algorithms)
|
3352
3627
|
SENSITIVE = []
|
3353
3628
|
include Aws::Structure
|
3354
3629
|
end
|
@@ -3736,8 +4011,9 @@ module Aws::KMS
|
|
3736
4011
|
# the `KeyUsage` must be `ENCRYPT_DECRYPT`. For signing and verifying
|
3737
4012
|
# messages, the `KeyUsage` must be `SIGN_VERIFY`. For generating and
|
3738
4013
|
# verifying message authentication codes (MACs), the `KeyUsage` must be
|
3739
|
-
# `GENERATE_VERIFY_MAC`.
|
3740
|
-
#
|
4014
|
+
# `GENERATE_VERIFY_MAC`. For deriving key agreement secrets, the
|
4015
|
+
# `KeyUsage` must be `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS
|
4016
|
+
# key, use the DescribeKey operation.
|
3741
4017
|
#
|
3742
4018
|
# To find the encryption or signing algorithms supported for a
|
3743
4019
|
# particular KMS key, use the DescribeKey operation.
|
@@ -4016,6 +4292,10 @@ module Aws::KMS
|
|
4016
4292
|
# `SIGN_VERIFY`.
|
4017
4293
|
# @return [Array<String>]
|
4018
4294
|
#
|
4295
|
+
# @!attribute [rw] key_agreement_algorithms
|
4296
|
+
# The key agreement algorithm used to derive a shared secret.
|
4297
|
+
# @return [Array<String>]
|
4298
|
+
#
|
4019
4299
|
# @!attribute [rw] multi_region
|
4020
4300
|
# Indicates whether the KMS key is a multi-Region (`True`) or regional
|
4021
4301
|
# (`False`) key. This value is `True` for multi-Region primary and
|
@@ -4109,6 +4389,7 @@ module Aws::KMS
|
|
4109
4389
|
:key_spec,
|
4110
4390
|
:encryption_algorithms,
|
4111
4391
|
:signing_algorithms,
|
4392
|
+
:key_agreement_algorithms,
|
4112
4393
|
:multi_region,
|
4113
4394
|
:multi_region_configuration,
|
4114
4395
|
:pending_deletion_window_in_days,
|
@@ -4209,8 +4490,8 @@ module Aws::KMS
|
|
4209
4490
|
# @!attribute [rw] truncated
|
4210
4491
|
# A flag that indicates whether there are more items in the list. When
|
4211
4492
|
# this value is true, the list in this response is truncated. To get
|
4212
|
-
# more items, pass the value of the `NextMarker` element in
|
4213
|
-
#
|
4493
|
+
# more items, pass the value of the `NextMarker` element in this
|
4494
|
+
# response to the `Marker` parameter in a subsequent request.
|
4214
4495
|
# @return [Boolean]
|
4215
4496
|
#
|
4216
4497
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesResponse AWS API Documentation
|
@@ -4292,8 +4573,8 @@ module Aws::KMS
|
|
4292
4573
|
# @!attribute [rw] truncated
|
4293
4574
|
# A flag that indicates whether there are more items in the list. When
|
4294
4575
|
# this value is true, the list in this response is truncated. To get
|
4295
|
-
# more items, pass the value of the `NextMarker` element in
|
4296
|
-
#
|
4576
|
+
# more items, pass the value of the `NextMarker` element in this
|
4577
|
+
# response to the `Marker` parameter in a subsequent request.
|
4297
4578
|
# @return [Boolean]
|
4298
4579
|
#
|
4299
4580
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsResponse AWS API Documentation
|
@@ -4362,8 +4643,8 @@ module Aws::KMS
|
|
4362
4643
|
# @!attribute [rw] truncated
|
4363
4644
|
# A flag that indicates whether there are more items in the list. When
|
4364
4645
|
# this value is true, the list in this response is truncated. To get
|
4365
|
-
# more items, pass the value of the `NextMarker` element in
|
4366
|
-
#
|
4646
|
+
# more items, pass the value of the `NextMarker` element in this
|
4647
|
+
# response to the `Marker` parameter in a subsequent request.
|
4367
4648
|
# @return [Boolean]
|
4368
4649
|
#
|
4369
4650
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesResponse AWS API Documentation
|
@@ -4376,6 +4657,74 @@ module Aws::KMS
|
|
4376
4657
|
include Aws::Structure
|
4377
4658
|
end
|
4378
4659
|
|
4660
|
+
# @!attribute [rw] key_id
|
4661
|
+
# Gets the key rotations for the specified KMS key.
|
4662
|
+
#
|
4663
|
+
# Specify the key ID or key ARN of the KMS key.
|
4664
|
+
#
|
4665
|
+
# For example:
|
4666
|
+
#
|
4667
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
4668
|
+
#
|
4669
|
+
# * Key ARN:
|
4670
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
4671
|
+
#
|
4672
|
+
# To get the key ID and key ARN for a KMS key, use ListKeys or
|
4673
|
+
# DescribeKey.
|
4674
|
+
# @return [String]
|
4675
|
+
#
|
4676
|
+
# @!attribute [rw] limit
|
4677
|
+
# Use this parameter to specify the maximum number of items to return.
|
4678
|
+
# When this value is present, KMS does not return more than the
|
4679
|
+
# specified number of items, but it might return fewer.
|
4680
|
+
#
|
4681
|
+
# This value is optional. If you include a value, it must be between 1
|
4682
|
+
# and 1000, inclusive. If you do not include a value, it defaults to
|
4683
|
+
# 100.
|
4684
|
+
# @return [Integer]
|
4685
|
+
#
|
4686
|
+
# @!attribute [rw] marker
|
4687
|
+
# Use this parameter in a subsequent request after you receive a
|
4688
|
+
# response with truncated results. Set it to the value of `NextMarker`
|
4689
|
+
# from the truncated response you just received.
|
4690
|
+
# @return [String]
|
4691
|
+
#
|
4692
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyRotationsRequest AWS API Documentation
|
4693
|
+
#
|
4694
|
+
class ListKeyRotationsRequest < Struct.new(
|
4695
|
+
:key_id,
|
4696
|
+
:limit,
|
4697
|
+
:marker)
|
4698
|
+
SENSITIVE = []
|
4699
|
+
include Aws::Structure
|
4700
|
+
end
|
4701
|
+
|
4702
|
+
# @!attribute [rw] rotations
|
4703
|
+
# A list of completed key material rotations.
|
4704
|
+
# @return [Array<Types::RotationsListEntry>]
|
4705
|
+
#
|
4706
|
+
# @!attribute [rw] next_marker
|
4707
|
+
# When `Truncated` is true, this element is present and contains the
|
4708
|
+
# value to use for the `Marker` parameter in a subsequent request.
|
4709
|
+
# @return [String]
|
4710
|
+
#
|
4711
|
+
# @!attribute [rw] truncated
|
4712
|
+
# A flag that indicates whether there are more items in the list. When
|
4713
|
+
# this value is true, the list in this response is truncated. To get
|
4714
|
+
# more items, pass the value of the `NextMarker` element in this
|
4715
|
+
# response to the `Marker` parameter in a subsequent request.
|
4716
|
+
# @return [Boolean]
|
4717
|
+
#
|
4718
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyRotationsResponse AWS API Documentation
|
4719
|
+
#
|
4720
|
+
class ListKeyRotationsResponse < Struct.new(
|
4721
|
+
:rotations,
|
4722
|
+
:next_marker,
|
4723
|
+
:truncated)
|
4724
|
+
SENSITIVE = []
|
4725
|
+
include Aws::Structure
|
4726
|
+
end
|
4727
|
+
|
4379
4728
|
# @!attribute [rw] limit
|
4380
4729
|
# Use this parameter to specify the maximum number of items to return.
|
4381
4730
|
# When this value is present, KMS does not return more than the
|
@@ -4413,8 +4762,8 @@ module Aws::KMS
|
|
4413
4762
|
# @!attribute [rw] truncated
|
4414
4763
|
# A flag that indicates whether there are more items in the list. When
|
4415
4764
|
# this value is true, the list in this response is truncated. To get
|
4416
|
-
# more items, pass the value of the `NextMarker` element in
|
4417
|
-
#
|
4765
|
+
# more items, pass the value of the `NextMarker` element in this
|
4766
|
+
# response to the `Marker` parameter in a subsequent request.
|
4418
4767
|
# @return [Boolean]
|
4419
4768
|
#
|
4420
4769
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysResponse AWS API Documentation
|
@@ -4495,8 +4844,8 @@ module Aws::KMS
|
|
4495
4844
|
# @!attribute [rw] truncated
|
4496
4845
|
# A flag that indicates whether there are more items in the list. When
|
4497
4846
|
# this value is true, the list in this response is truncated. To get
|
4498
|
-
# more items, pass the value of the `NextMarker` element in
|
4499
|
-
#
|
4847
|
+
# more items, pass the value of the `NextMarker` element in this
|
4848
|
+
# response to the `Marker` parameter in a subsequent request.
|
4500
4849
|
# @return [Boolean]
|
4501
4850
|
#
|
4502
4851
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTagsResponse AWS API Documentation
|
@@ -4649,7 +4998,8 @@ module Aws::KMS
|
|
4649
4998
|
# @return [String]
|
4650
4999
|
#
|
4651
5000
|
# @!attribute [rw] policy_name
|
4652
|
-
# The name of the key policy.
|
5001
|
+
# The name of the key policy. If no policy name is specified, the
|
5002
|
+
# default value is `default`. The only valid value is `default`.
|
4653
5003
|
# @return [String]
|
4654
5004
|
#
|
4655
5005
|
# @!attribute [rw] policy
|
@@ -4710,12 +5060,13 @@ module Aws::KMS
|
|
4710
5060
|
# Management Service Developer Guide*.
|
4711
5061
|
#
|
4712
5062
|
# Use this parameter only when you intend to prevent the principal
|
4713
|
-
# that is making the request from making a subsequent
|
4714
|
-
# request on the KMS key.
|
5063
|
+
# that is making the request from making a subsequent
|
5064
|
+
# [PutKeyPolicy][2] request on the KMS key.
|
4715
5065
|
#
|
4716
5066
|
#
|
4717
5067
|
#
|
4718
5068
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
|
5069
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html
|
4719
5070
|
# @return [Boolean]
|
4720
5071
|
#
|
4721
5072
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyRequest AWS API Documentation
|
@@ -5107,12 +5458,13 @@ module Aws::KMS
|
|
5107
5458
|
# Management Service Developer Guide*.
|
5108
5459
|
#
|
5109
5460
|
# Use this parameter only when you intend to prevent the principal
|
5110
|
-
# that is making the request from making a subsequent
|
5111
|
-
# request on the KMS key.
|
5461
|
+
# that is making the request from making a subsequent
|
5462
|
+
# [PutKeyPolicy][2] request on the KMS key.
|
5112
5463
|
#
|
5113
5464
|
#
|
5114
5465
|
#
|
5115
5466
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
|
5467
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html
|
5116
5468
|
# @return [Boolean]
|
5117
5469
|
#
|
5118
5470
|
# @!attribute [rw] description
|
@@ -5317,6 +5669,87 @@ module Aws::KMS
|
|
5317
5669
|
include Aws::Structure
|
5318
5670
|
end
|
5319
5671
|
|
5672
|
+
# @!attribute [rw] key_id
|
5673
|
+
# Identifies a symmetric encryption KMS key. You cannot perform
|
5674
|
+
# on-demand rotation of [asymmetric KMS keys][1], [HMAC KMS keys][2],
|
5675
|
+
# KMS keys with [imported key material][3], or KMS keys in a [custom
|
5676
|
+
# key store][4]. To perform on-demand rotation of a set of related
|
5677
|
+
# [multi-Region keys][5], invoke the on-demand rotation on the primary
|
5678
|
+
# key.
|
5679
|
+
#
|
5680
|
+
# Specify the key ID or key ARN of the KMS key.
|
5681
|
+
#
|
5682
|
+
# For example:
|
5683
|
+
#
|
5684
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
5685
|
+
#
|
5686
|
+
# * Key ARN:
|
5687
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
5688
|
+
#
|
5689
|
+
# To get the key ID and key ARN for a KMS key, use ListKeys or
|
5690
|
+
# DescribeKey.
|
5691
|
+
#
|
5692
|
+
#
|
5693
|
+
#
|
5694
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
|
5695
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html
|
5696
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
|
5697
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
5698
|
+
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate
|
5699
|
+
# @return [String]
|
5700
|
+
#
|
5701
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotateKeyOnDemandRequest AWS API Documentation
|
5702
|
+
#
|
5703
|
+
class RotateKeyOnDemandRequest < Struct.new(
|
5704
|
+
:key_id)
|
5705
|
+
SENSITIVE = []
|
5706
|
+
include Aws::Structure
|
5707
|
+
end
|
5708
|
+
|
5709
|
+
# @!attribute [rw] key_id
|
5710
|
+
# Identifies the symmetric encryption KMS key that you initiated
|
5711
|
+
# on-demand rotation on.
|
5712
|
+
# @return [String]
|
5713
|
+
#
|
5714
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotateKeyOnDemandResponse AWS API Documentation
|
5715
|
+
#
|
5716
|
+
class RotateKeyOnDemandResponse < Struct.new(
|
5717
|
+
:key_id)
|
5718
|
+
SENSITIVE = []
|
5719
|
+
include Aws::Structure
|
5720
|
+
end
|
5721
|
+
|
5722
|
+
# Contains information about completed key material rotations.
|
5723
|
+
#
|
5724
|
+
# @!attribute [rw] key_id
|
5725
|
+
# Unique identifier of the key.
|
5726
|
+
# @return [String]
|
5727
|
+
#
|
5728
|
+
# @!attribute [rw] rotation_date
|
5729
|
+
# Date and time that the key material rotation completed. Formatted as
|
5730
|
+
# Unix time.
|
5731
|
+
# @return [Time]
|
5732
|
+
#
|
5733
|
+
# @!attribute [rw] rotation_type
|
5734
|
+
# Identifies whether the key material rotation was a scheduled
|
5735
|
+
# [automatic rotation][1] or an [on-demand rotation][2].
|
5736
|
+
#
|
5737
|
+
#
|
5738
|
+
#
|
5739
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable
|
5740
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand
|
5741
|
+
# @return [String]
|
5742
|
+
#
|
5743
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotationsListEntry AWS API Documentation
|
5744
|
+
#
|
5745
|
+
class RotationsListEntry < Struct.new(
|
5746
|
+
:key_id,
|
5747
|
+
:rotation_date,
|
5748
|
+
:rotation_type)
|
5749
|
+
SENSITIVE = []
|
5750
|
+
include Aws::Structure
|
5751
|
+
end
|
5752
|
+
|
5320
5753
|
# @!attribute [rw] key_id
|
5321
5754
|
# The unique identifier of the KMS key to delete.
|
5322
5755
|
#
|
@@ -6243,9 +6676,9 @@ module Aws::KMS
|
|
6243
6676
|
end
|
6244
6677
|
|
6245
6678
|
# The request was rejected because the (`XksKeyId`) is already
|
6246
|
-
# associated with
|
6247
|
-
# an external key store must be associated with a different
|
6248
|
-
# key.
|
6679
|
+
# associated with another KMS key in this external key store. Each KMS
|
6680
|
+
# key in an external key store must be associated with a different
|
6681
|
+
# external key.
|
6249
6682
|
#
|
6250
6683
|
# @!attribute [rw] message
|
6251
6684
|
# @return [String]
|
@@ -6424,9 +6857,9 @@ module Aws::KMS
|
|
6424
6857
|
include Aws::Structure
|
6425
6858
|
end
|
6426
6859
|
|
6427
|
-
# The request was rejected because the
|
6428
|
-
#
|
6429
|
-
#
|
6860
|
+
# The request was rejected because the external key store proxy is not
|
6861
|
+
# configured correctly. To identify the cause, see the error message
|
6862
|
+
# that accompanies the exception.
|
6430
6863
|
#
|
6431
6864
|
# @!attribute [rw] message
|
6432
6865
|
# @return [String]
|
@@ -6455,11 +6888,10 @@ module Aws::KMS
|
|
6455
6888
|
include Aws::Structure
|
6456
6889
|
end
|
6457
6890
|
|
6458
|
-
# The request was rejected because the
|
6459
|
-
#
|
6460
|
-
#
|
6461
|
-
#
|
6462
|
-
# address.
|
6891
|
+
# The request was rejected because the `XksProxyUriEndpoint` is already
|
6892
|
+
# associated with another external key store in this Amazon Web Services
|
6893
|
+
# Region. To identify the cause, see the error message that accompanies
|
6894
|
+
# the exception.
|
6463
6895
|
#
|
6464
6896
|
# @!attribute [rw] message
|
6465
6897
|
# @return [String]
|
@@ -6474,9 +6906,9 @@ module Aws::KMS
|
|
6474
6906
|
|
6475
6907
|
# The request was rejected because the concatenation of the
|
6476
6908
|
# `XksProxyUriEndpoint` and `XksProxyUriPath` is already associated with
|
6477
|
-
#
|
6478
|
-
#
|
6479
|
-
#
|
6909
|
+
# another external key store in this Amazon Web Services Region. Each
|
6910
|
+
# external key store in a Region must use a unique external key store
|
6911
|
+
# proxy API address.
|
6480
6912
|
#
|
6481
6913
|
# @!attribute [rw] message
|
6482
6914
|
# @return [String]
|
@@ -6509,10 +6941,9 @@ module Aws::KMS
|
|
6509
6941
|
end
|
6510
6942
|
|
6511
6943
|
# The request was rejected because the specified Amazon VPC endpoint
|
6512
|
-
# service is already associated with
|
6513
|
-
# Web Services
|
6514
|
-
#
|
6515
|
-
# endpoint service.
|
6944
|
+
# service is already associated with another external key store in this
|
6945
|
+
# Amazon Web Services Region. Each external key store in a Region must
|
6946
|
+
# use a different Amazon VPC endpoint service.
|
6516
6947
|
#
|
6517
6948
|
# @!attribute [rw] message
|
6518
6949
|
# @return [String]
|
@@ -6527,10 +6958,13 @@ module Aws::KMS
|
|
6527
6958
|
|
6528
6959
|
# The request was rejected because the Amazon VPC endpoint service
|
6529
6960
|
# configuration does not fulfill the requirements for an external key
|
6530
|
-
# store
|
6531
|
-
# requirements]
|
6532
|
-
#
|
6533
|
-
#
|
6961
|
+
# store. To identify the cause, see the error message that accompanies
|
6962
|
+
# the exception and [review the requirements][1] for Amazon VPC endpoint
|
6963
|
+
# service connectivity for an external key store.
|
6964
|
+
#
|
6965
|
+
#
|
6966
|
+
#
|
6967
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements
|
6534
6968
|
#
|
6535
6969
|
# @!attribute [rw] message
|
6536
6970
|
# @return [String]
|
@@ -6563,3 +6997,4 @@ module Aws::KMS
|
|
6563
6997
|
|
6564
6998
|
end
|
6565
6999
|
end
|
7000
|
+
|