aws-sdk-kms 1.72.0 → 1.96.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +120 -0
- data/VERSION +1 -1
- data/lib/aws-sdk-kms/client.rb +1071 -186
- data/lib/aws-sdk-kms/client_api.rb +131 -2
- data/lib/aws-sdk-kms/endpoint_parameters.rb +9 -6
- data/lib/aws-sdk-kms/endpoint_provider.rb +1 -1
- data/lib/aws-sdk-kms/endpoints.rb +2 -698
- data/lib/aws-sdk-kms/errors.rb +16 -0
- data/lib/aws-sdk-kms/plugins/endpoints.rb +23 -114
- data/lib/aws-sdk-kms/types.rb +509 -74
- data/lib/aws-sdk-kms.rb +15 -11
- data/sig/client.rbs +804 -0
- data/sig/errors.rbs +160 -0
- data/sig/resource.rbs +83 -0
- data/sig/types.rbs +1036 -0
- data/sig/waiters.rbs +13 -0
- metadata +16 -11
data/lib/aws-sdk-kms/types.rb
CHANGED
@@ -242,6 +242,21 @@ module Aws::KMS
|
|
242
242
|
include Aws::Structure
|
243
243
|
end
|
244
244
|
|
245
|
+
# The request was rejected because an automatic rotation of this key is
|
246
|
+
# currently in progress or scheduled to begin within the next 20
|
247
|
+
# minutes.
|
248
|
+
#
|
249
|
+
# @!attribute [rw] message
|
250
|
+
# @return [String]
|
251
|
+
#
|
252
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConflictException AWS API Documentation
|
253
|
+
#
|
254
|
+
class ConflictException < Struct.new(
|
255
|
+
:message)
|
256
|
+
SENSITIVE = []
|
257
|
+
include Aws::Structure
|
258
|
+
end
|
259
|
+
|
245
260
|
# @!attribute [rw] custom_key_store_id
|
246
261
|
# Enter the key store ID of the custom key store that you want to
|
247
262
|
# connect. To find the ID of a custom key store, use the
|
@@ -418,7 +433,7 @@ module Aws::KMS
|
|
418
433
|
#
|
419
434
|
# * An external key store with `PUBLIC_ENDPOINT` connectivity cannot
|
420
435
|
# use the same `XksProxyUriEndpoint` value as an external key store
|
421
|
-
# with `VPC_ENDPOINT_SERVICE` connectivity in
|
436
|
+
# with `VPC_ENDPOINT_SERVICE` connectivity in this Amazon Web
|
422
437
|
# Services Region.
|
423
438
|
#
|
424
439
|
# * Each external key store with `VPC_ENDPOINT_SERVICE` connectivity
|
@@ -826,14 +841,17 @@ module Aws::KMS
|
|
826
841
|
#
|
827
842
|
# * For HMAC KMS keys (symmetric), specify `GENERATE_VERIFY_MAC`.
|
828
843
|
#
|
829
|
-
# * For asymmetric KMS keys with RSA key
|
844
|
+
# * For asymmetric KMS keys with RSA key pairs, specify
|
830
845
|
# `ENCRYPT_DECRYPT` or `SIGN_VERIFY`.
|
831
846
|
#
|
832
|
-
# * For asymmetric KMS keys with
|
847
|
+
# * For asymmetric KMS keys with NIST-recommended elliptic curve key
|
848
|
+
# pairs, specify `SIGN_VERIFY` or `KEY_AGREEMENT`.
|
849
|
+
#
|
850
|
+
# * For asymmetric KMS keys with `ECC_SECG_P256K1` key pairs specify
|
833
851
|
# `SIGN_VERIFY`.
|
834
852
|
#
|
835
|
-
# * For asymmetric KMS keys with SM2 key
|
836
|
-
#
|
853
|
+
# * For asymmetric KMS keys with SM2 key pairs (China Regions only),
|
854
|
+
# specify `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or `KEY_AGREEMENT`.
|
837
855
|
#
|
838
856
|
#
|
839
857
|
#
|
@@ -878,7 +896,6 @@ module Aws::KMS
|
|
878
896
|
# * `SYMMETRIC_DEFAULT`
|
879
897
|
#
|
880
898
|
# ^
|
881
|
-
#
|
882
899
|
# * HMAC keys (symmetric)
|
883
900
|
#
|
884
901
|
# * `HMAC_224`
|
@@ -888,33 +905,33 @@ module Aws::KMS
|
|
888
905
|
# * `HMAC_384`
|
889
906
|
#
|
890
907
|
# * `HMAC_512`
|
891
|
-
#
|
892
|
-
#
|
908
|
+
# * Asymmetric RSA key pairs (encryption and decryption -or- signing
|
909
|
+
# and verification)
|
893
910
|
#
|
894
911
|
# * `RSA_2048`
|
895
912
|
#
|
896
913
|
# * `RSA_3072`
|
897
914
|
#
|
898
915
|
# * `RSA_4096`
|
899
|
-
#
|
900
|
-
#
|
916
|
+
# * Asymmetric NIST-recommended elliptic curve key pairs (signing and
|
917
|
+
# verification -or- deriving shared secrets)
|
901
918
|
#
|
902
919
|
# * `ECC_NIST_P256` (secp256r1)
|
903
920
|
#
|
904
921
|
# * `ECC_NIST_P384` (secp384r1)
|
905
922
|
#
|
906
923
|
# * `ECC_NIST_P521` (secp521r1)
|
907
|
-
#
|
908
|
-
#
|
924
|
+
# * Other asymmetric elliptic curve key pairs (signing and
|
925
|
+
# verification)
|
909
926
|
#
|
910
927
|
# * `ECC_SECG_P256K1` (secp256k1), commonly used for
|
911
928
|
# cryptocurrencies.
|
912
929
|
#
|
913
930
|
# ^
|
931
|
+
# * SM2 key pairs (encryption and decryption -or- signing and
|
932
|
+
# verification -or- deriving shared secrets)
|
914
933
|
#
|
915
|
-
#
|
916
|
-
#
|
917
|
-
# * `SM2`
|
934
|
+
# * `SM2` (China Regions only)
|
918
935
|
#
|
919
936
|
# ^
|
920
937
|
#
|
@@ -992,12 +1009,13 @@ module Aws::KMS
|
|
992
1009
|
# Management Service Developer Guide*.
|
993
1010
|
#
|
994
1011
|
# Use this parameter only when you intend to prevent the principal
|
995
|
-
# that is making the request from making a subsequent
|
996
|
-
# request on the KMS key.
|
1012
|
+
# that is making the request from making a subsequent
|
1013
|
+
# [PutKeyPolicy][2] request on the KMS key.
|
997
1014
|
#
|
998
1015
|
#
|
999
1016
|
#
|
1000
1017
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
|
1018
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html
|
1001
1019
|
# @return [Boolean]
|
1002
1020
|
#
|
1003
1021
|
# @!attribute [rw] tags
|
@@ -1429,7 +1447,6 @@ module Aws::KMS
|
|
1429
1447
|
#
|
1430
1448
|
# * The [TLS certificate][6] specifies the private DNS hostname at
|
1431
1449
|
# which the endpoint is reachable.
|
1432
|
-
#
|
1433
1450
|
# * `XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND` — KMS can't find the VPC
|
1434
1451
|
# endpoint service that it uses to communicate with the external key
|
1435
1452
|
# store proxy. Verify that the `XksProxyVpcEndpointServiceName` is
|
@@ -1596,7 +1613,7 @@ module Aws::KMS
|
|
1596
1613
|
#
|
1597
1614
|
#
|
1598
1615
|
#
|
1599
|
-
# [1]: https://docs.aws.amazon.com/
|
1616
|
+
# [1]: https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-concepts.html#term-attestdoc
|
1600
1617
|
# [2]: https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk
|
1601
1618
|
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
1602
1619
|
# @return [Types::RecipientInfo]
|
@@ -1745,6 +1762,195 @@ module Aws::KMS
|
|
1745
1762
|
include Aws::Structure
|
1746
1763
|
end
|
1747
1764
|
|
1765
|
+
# @!attribute [rw] key_id
|
1766
|
+
# Identifies an asymmetric NIST-recommended ECC or SM2 (China Regions
|
1767
|
+
# only) KMS key. KMS uses the private key in the specified key pair to
|
1768
|
+
# derive the shared secret. The key usage of the KMS key must be
|
1769
|
+
# `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS key, use the
|
1770
|
+
# DescribeKey operation.
|
1771
|
+
#
|
1772
|
+
# To specify a KMS key, use its key ID, key ARN, alias name, or alias
|
1773
|
+
# ARN. When using an alias name, prefix it with `"alias/"`. To specify
|
1774
|
+
# a KMS key in a different Amazon Web Services account, you must use
|
1775
|
+
# the key ARN or alias ARN.
|
1776
|
+
#
|
1777
|
+
# For example:
|
1778
|
+
#
|
1779
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
1780
|
+
#
|
1781
|
+
# * Key ARN:
|
1782
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
1783
|
+
#
|
1784
|
+
# * Alias name: `alias/ExampleAlias`
|
1785
|
+
#
|
1786
|
+
# * Alias ARN: `arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias`
|
1787
|
+
#
|
1788
|
+
# To get the key ID and key ARN for a KMS key, use ListKeys or
|
1789
|
+
# DescribeKey. To get the alias name and alias ARN, use ListAliases.
|
1790
|
+
# @return [String]
|
1791
|
+
#
|
1792
|
+
# @!attribute [rw] key_agreement_algorithm
|
1793
|
+
# Specifies the key agreement algorithm used to derive the shared
|
1794
|
+
# secret. The only valid value is `ECDH`.
|
1795
|
+
# @return [String]
|
1796
|
+
#
|
1797
|
+
# @!attribute [rw] public_key
|
1798
|
+
# Specifies the public key in your peer's NIST-recommended elliptic
|
1799
|
+
# curve (ECC) or SM2 (China Regions only) key pair.
|
1800
|
+
#
|
1801
|
+
# The public key must be a DER-encoded X.509 public key, also known as
|
1802
|
+
# `SubjectPublicKeyInfo` (SPKI), as defined in [RFC 5280][1].
|
1803
|
+
#
|
1804
|
+
# GetPublicKey returns the public key of an asymmetric KMS key pair in
|
1805
|
+
# the required DER-encoded format.
|
1806
|
+
#
|
1807
|
+
# <note markdown="1"> If you use [Amazon Web Services CLI version 1][2], you must provide
|
1808
|
+
# the DER-encoded X.509 public key in a file. Otherwise, the Amazon
|
1809
|
+
# Web Services CLI Base64-encodes the public key a second time,
|
1810
|
+
# resulting in a `ValidationException`.
|
1811
|
+
#
|
1812
|
+
# </note>
|
1813
|
+
#
|
1814
|
+
# You can specify the public key as binary data in a file using fileb
|
1815
|
+
# (`fileb://<path-to-file>`) or in-line using a Base64 encoded string.
|
1816
|
+
#
|
1817
|
+
#
|
1818
|
+
#
|
1819
|
+
# [1]: https://tools.ietf.org/html/rfc5280
|
1820
|
+
# [2]: https://docs.aws.amazon.com/cli/v1/userguide/cli-chap-welcome.html
|
1821
|
+
# @return [String]
|
1822
|
+
#
|
1823
|
+
# @!attribute [rw] grant_tokens
|
1824
|
+
# A list of grant tokens.
|
1825
|
+
#
|
1826
|
+
# Use a grant token when your permission to call this operation comes
|
1827
|
+
# from a new grant that has not yet achieved *eventual consistency*.
|
1828
|
+
# For more information, see [Grant token][1] and [Using a grant
|
1829
|
+
# token][2] in the *Key Management Service Developer Guide*.
|
1830
|
+
#
|
1831
|
+
#
|
1832
|
+
#
|
1833
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
|
1834
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
|
1835
|
+
# @return [Array<String>]
|
1836
|
+
#
|
1837
|
+
# @!attribute [rw] dry_run
|
1838
|
+
# Checks if your request will succeed. `DryRun` is an optional
|
1839
|
+
# parameter.
|
1840
|
+
#
|
1841
|
+
# To learn more about how to use this parameter, see [Testing your KMS
|
1842
|
+
# API calls][1] in the *Key Management Service Developer Guide*.
|
1843
|
+
#
|
1844
|
+
#
|
1845
|
+
#
|
1846
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
|
1847
|
+
# @return [Boolean]
|
1848
|
+
#
|
1849
|
+
# @!attribute [rw] recipient
|
1850
|
+
# A signed [attestation document][1] from an Amazon Web Services Nitro
|
1851
|
+
# enclave and the encryption algorithm to use with the enclave's
|
1852
|
+
# public key. The only valid encryption algorithm is
|
1853
|
+
# `RSAES_OAEP_SHA_256`.
|
1854
|
+
#
|
1855
|
+
# This parameter only supports attestation documents for Amazon Web
|
1856
|
+
# Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon
|
1857
|
+
# Web Services Nitro Enclaves, use the [Amazon Web Services Nitro
|
1858
|
+
# Enclaves SDK][2] to generate the attestation document and then use
|
1859
|
+
# the Recipient parameter from any Amazon Web Services SDK to provide
|
1860
|
+
# the attestation document for the enclave.
|
1861
|
+
#
|
1862
|
+
# When you use this parameter, instead of returning a plaintext copy
|
1863
|
+
# of the shared secret, KMS encrypts the plaintext shared secret under
|
1864
|
+
# the public key in the attestation document, and returns the
|
1865
|
+
# resulting ciphertext in the `CiphertextForRecipient` field in the
|
1866
|
+
# response. This ciphertext can be decrypted only with the private key
|
1867
|
+
# in the enclave. The `CiphertextBlob` field in the response contains
|
1868
|
+
# the encrypted shared secret derived from the KMS key specified by
|
1869
|
+
# the `KeyId` parameter and public key specified by the `PublicKey`
|
1870
|
+
# parameter. The `SharedSecret` field in the response is null or
|
1871
|
+
# empty.
|
1872
|
+
#
|
1873
|
+
# For information about the interaction between KMS and Amazon Web
|
1874
|
+
# Services Nitro Enclaves, see [How Amazon Web Services Nitro Enclaves
|
1875
|
+
# uses KMS][3] in the *Key Management Service Developer Guide*.
|
1876
|
+
#
|
1877
|
+
#
|
1878
|
+
#
|
1879
|
+
# [1]: https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave-how.html#term-attestdoc
|
1880
|
+
# [2]: https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk
|
1881
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
1882
|
+
# @return [Types::RecipientInfo]
|
1883
|
+
#
|
1884
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecretRequest AWS API Documentation
|
1885
|
+
#
|
1886
|
+
class DeriveSharedSecretRequest < Struct.new(
|
1887
|
+
:key_id,
|
1888
|
+
:key_agreement_algorithm,
|
1889
|
+
:public_key,
|
1890
|
+
:grant_tokens,
|
1891
|
+
:dry_run,
|
1892
|
+
:recipient)
|
1893
|
+
SENSITIVE = []
|
1894
|
+
include Aws::Structure
|
1895
|
+
end
|
1896
|
+
|
1897
|
+
# @!attribute [rw] key_id
|
1898
|
+
# Identifies the KMS key used to derive the shared secret.
|
1899
|
+
# @return [String]
|
1900
|
+
#
|
1901
|
+
# @!attribute [rw] shared_secret
|
1902
|
+
# The raw secret derived from the specified key agreement algorithm,
|
1903
|
+
# private key in the asymmetric KMS key, and your peer's public key.
|
1904
|
+
#
|
1905
|
+
# If the response includes the `CiphertextForRecipient` field, the
|
1906
|
+
# `SharedSecret` field is null or empty.
|
1907
|
+
# @return [String]
|
1908
|
+
#
|
1909
|
+
# @!attribute [rw] ciphertext_for_recipient
|
1910
|
+
# The plaintext shared secret encrypted with the public key in the
|
1911
|
+
# attestation document.
|
1912
|
+
#
|
1913
|
+
# This field is included in the response only when the `Recipient`
|
1914
|
+
# parameter in the request includes a valid attestation document from
|
1915
|
+
# an Amazon Web Services Nitro enclave. For information about the
|
1916
|
+
# interaction between KMS and Amazon Web Services Nitro Enclaves, see
|
1917
|
+
# [How Amazon Web Services Nitro Enclaves uses KMS][1] in the *Key
|
1918
|
+
# Management Service Developer Guide*.
|
1919
|
+
#
|
1920
|
+
#
|
1921
|
+
#
|
1922
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html
|
1923
|
+
# @return [String]
|
1924
|
+
#
|
1925
|
+
# @!attribute [rw] key_agreement_algorithm
|
1926
|
+
# Identifies the key agreement algorithm used to derive the shared
|
1927
|
+
# secret.
|
1928
|
+
# @return [String]
|
1929
|
+
#
|
1930
|
+
# @!attribute [rw] key_origin
|
1931
|
+
# The source of the key material for the specified KMS key.
|
1932
|
+
#
|
1933
|
+
# When this value is `AWS_KMS`, KMS created the key material. When
|
1934
|
+
# this value is `EXTERNAL`, the key material was imported or the KMS
|
1935
|
+
# key doesn't have any key material.
|
1936
|
+
#
|
1937
|
+
# The only valid values for DeriveSharedSecret are `AWS_KMS` and
|
1938
|
+
# `EXTERNAL`. DeriveSharedSecret does not support KMS keys with a
|
1939
|
+
# `KeyOrigin` value of `AWS_CLOUDHSM` or `EXTERNAL_KEY_STORE`.
|
1940
|
+
# @return [String]
|
1941
|
+
#
|
1942
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeriveSharedSecretResponse AWS API Documentation
|
1943
|
+
#
|
1944
|
+
class DeriveSharedSecretResponse < Struct.new(
|
1945
|
+
:key_id,
|
1946
|
+
:shared_secret,
|
1947
|
+
:ciphertext_for_recipient,
|
1948
|
+
:key_agreement_algorithm,
|
1949
|
+
:key_origin)
|
1950
|
+
SENSITIVE = [:shared_secret]
|
1951
|
+
include Aws::Structure
|
1952
|
+
end
|
1953
|
+
|
1748
1954
|
# @!attribute [rw] custom_key_store_id
|
1749
1955
|
# Gets only information about the specified custom key store. Enter
|
1750
1956
|
# the key store ID.
|
@@ -1800,8 +2006,8 @@ module Aws::KMS
|
|
1800
2006
|
# @!attribute [rw] truncated
|
1801
2007
|
# A flag that indicates whether there are more items in the list. When
|
1802
2008
|
# this value is true, the list in this response is truncated. To get
|
1803
|
-
# more items, pass the value of the `NextMarker` element in
|
1804
|
-
#
|
2009
|
+
# more items, pass the value of the `NextMarker` element in this
|
2010
|
+
# response to the `Marker` parameter in a subsequent request.
|
1805
2011
|
# @return [Boolean]
|
1806
2012
|
#
|
1807
2013
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStoresResponse AWS API Documentation
|
@@ -2035,10 +2241,31 @@ module Aws::KMS
|
|
2035
2241
|
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate
|
2036
2242
|
# @return [String]
|
2037
2243
|
#
|
2244
|
+
# @!attribute [rw] rotation_period_in_days
|
2245
|
+
# Use this parameter to specify a custom period of time between each
|
2246
|
+
# rotation date. If no value is specified, the default value is 365
|
2247
|
+
# days.
|
2248
|
+
#
|
2249
|
+
# The rotation period defines the number of days after you enable
|
2250
|
+
# automatic key rotation that KMS will rotate your key material, and
|
2251
|
+
# the number of days between each automatic rotation thereafter.
|
2252
|
+
#
|
2253
|
+
# You can use the [ `kms:RotationPeriodInDays` ][1] condition key to
|
2254
|
+
# further constrain the values that principals can specify in the
|
2255
|
+
# `RotationPeriodInDays` parameter.
|
2256
|
+
#
|
2257
|
+
#
|
2258
|
+
#
|
2259
|
+
#
|
2260
|
+
#
|
2261
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days
|
2262
|
+
# @return [Integer]
|
2263
|
+
#
|
2038
2264
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotationRequest AWS API Documentation
|
2039
2265
|
#
|
2040
2266
|
class EnableKeyRotationRequest < Struct.new(
|
2041
|
-
:key_id
|
2267
|
+
:key_id,
|
2268
|
+
:rotation_period_in_days)
|
2042
2269
|
SENSITIVE = []
|
2043
2270
|
include Aws::Structure
|
2044
2271
|
end
|
@@ -2280,8 +2507,11 @@ module Aws::KMS
|
|
2280
2507
|
# `RSAES_OAEP_SHA_256`.
|
2281
2508
|
#
|
2282
2509
|
# This parameter only supports attestation documents for Amazon Web
|
2283
|
-
# Services Nitro Enclaves. To
|
2284
|
-
# Web Services Nitro Enclaves
|
2510
|
+
# Services Nitro Enclaves. To call DeriveSharedSecret for an Amazon
|
2511
|
+
# Web Services Nitro Enclaves, use the [Amazon Web Services Nitro
|
2512
|
+
# Enclaves SDK][2] to generate the attestation document and then use
|
2513
|
+
# the Recipient parameter from any Amazon Web Services SDK to provide
|
2514
|
+
# the attestation document for the enclave.
|
2285
2515
|
#
|
2286
2516
|
# When you use this parameter, instead of returning a plaintext copy
|
2287
2517
|
# of the private data key, KMS encrypts the plaintext private data key
|
@@ -3047,7 +3277,8 @@ module Aws::KMS
|
|
3047
3277
|
# @return [String]
|
3048
3278
|
#
|
3049
3279
|
# @!attribute [rw] policy_name
|
3050
|
-
# Specifies the name of the key policy.
|
3280
|
+
# Specifies the name of the key policy. If no policy name is
|
3281
|
+
# specified, the default value is `default`. The only valid name is
|
3051
3282
|
# `default`. To get the names of key policies, use ListKeyPolicies.
|
3052
3283
|
# @return [String]
|
3053
3284
|
#
|
@@ -3064,10 +3295,15 @@ module Aws::KMS
|
|
3064
3295
|
# A key policy document in JSON format.
|
3065
3296
|
# @return [String]
|
3066
3297
|
#
|
3298
|
+
# @!attribute [rw] policy_name
|
3299
|
+
# The name of the key policy. The only valid value is `default`.
|
3300
|
+
# @return [String]
|
3301
|
+
#
|
3067
3302
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicyResponse AWS API Documentation
|
3068
3303
|
#
|
3069
3304
|
class GetKeyPolicyResponse < Struct.new(
|
3070
|
-
:policy
|
3305
|
+
:policy,
|
3306
|
+
:policy_name)
|
3071
3307
|
SENSITIVE = []
|
3072
3308
|
include Aws::Structure
|
3073
3309
|
end
|
@@ -3102,10 +3338,42 @@ module Aws::KMS
|
|
3102
3338
|
# A Boolean value that specifies whether key rotation is enabled.
|
3103
3339
|
# @return [Boolean]
|
3104
3340
|
#
|
3341
|
+
# @!attribute [rw] key_id
|
3342
|
+
# Identifies the specified symmetric encryption KMS key.
|
3343
|
+
# @return [String]
|
3344
|
+
#
|
3345
|
+
# @!attribute [rw] rotation_period_in_days
|
3346
|
+
# The number of days between each automatic rotation. The default
|
3347
|
+
# value is 365 days.
|
3348
|
+
# @return [Integer]
|
3349
|
+
#
|
3350
|
+
# @!attribute [rw] next_rotation_date
|
3351
|
+
# The next date that KMS will automatically rotate the key material.
|
3352
|
+
# @return [Time]
|
3353
|
+
#
|
3354
|
+
# @!attribute [rw] on_demand_rotation_start_date
|
3355
|
+
# Identifies the date and time that an in progress on-demand rotation
|
3356
|
+
# was initiated.
|
3357
|
+
#
|
3358
|
+
# The KMS API follows an [eventual consistency][1] model due to the
|
3359
|
+
# distributed nature of the system. As a result, there might be a
|
3360
|
+
# slight delay between initiating on-demand key rotation and the
|
3361
|
+
# rotation's completion. Once the on-demand rotation is complete, use
|
3362
|
+
# ListKeyRotations to view the details of the on-demand rotation.
|
3363
|
+
#
|
3364
|
+
#
|
3365
|
+
#
|
3366
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html
|
3367
|
+
# @return [Time]
|
3368
|
+
#
|
3105
3369
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatusResponse AWS API Documentation
|
3106
3370
|
#
|
3107
3371
|
class GetKeyRotationStatusResponse < Struct.new(
|
3108
|
-
:key_rotation_enabled
|
3372
|
+
:key_rotation_enabled,
|
3373
|
+
:key_id,
|
3374
|
+
:rotation_period_in_days,
|
3375
|
+
:next_rotation_date,
|
3376
|
+
:on_demand_rotation_start_date)
|
3109
3377
|
SENSITIVE = []
|
3110
3378
|
include Aws::Structure
|
3111
3379
|
end
|
@@ -3167,8 +3435,8 @@ module Aws::KMS
|
|
3167
3435
|
# You cannot use the RSAES\_OAEP\_SHA\_1 wrapping algorithm with the
|
3168
3436
|
# RSA\_2048 wrapping key spec to wrap ECC\_NIST\_P521 key material.
|
3169
3437
|
#
|
3170
|
-
# * **RSAES\_PKCS1\_V1\_5** (Deprecated) —
|
3171
|
-
#
|
3438
|
+
# * **RSAES\_PKCS1\_V1\_5** (Deprecated) — As of October 10, 2023, KMS
|
3439
|
+
# does not support the RSAES\_PKCS1\_V1\_5 wrapping algorithm.
|
3172
3440
|
# @return [String]
|
3173
3441
|
#
|
3174
3442
|
# @!attribute [rw] wrapping_key_spec
|
@@ -3313,12 +3581,12 @@ module Aws::KMS
|
|
3313
3581
|
# @return [String]
|
3314
3582
|
#
|
3315
3583
|
# @!attribute [rw] key_usage
|
3316
|
-
# The permitted use of the public key. Valid values
|
3317
|
-
# `ENCRYPT_DECRYPT`
|
3584
|
+
# The permitted use of the public key. Valid values for asymmetric key
|
3585
|
+
# pairs are `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, and `KEY_AGREEMENT`.
|
3318
3586
|
#
|
3319
|
-
# This information is critical.
|
3320
|
-
# usage encrypts data outside of KMS, the ciphertext
|
3321
|
-
# decrypted.
|
3587
|
+
# This information is critical. For example, if a public key with
|
3588
|
+
# `SIGN_VERIFY` key usage encrypts data outside of KMS, the ciphertext
|
3589
|
+
# cannot be decrypted.
|
3322
3590
|
# @return [String]
|
3323
3591
|
#
|
3324
3592
|
# @!attribute [rw] encryption_algorithms
|
@@ -3339,6 +3607,12 @@ module Aws::KMS
|
|
3339
3607
|
# public key is `SIGN_VERIFY`.
|
3340
3608
|
# @return [Array<String>]
|
3341
3609
|
#
|
3610
|
+
# @!attribute [rw] key_agreement_algorithms
|
3611
|
+
# The key agreement algorithm used to derive a shared secret. This
|
3612
|
+
# field is present only when the KMS key has a `KeyUsage` value of
|
3613
|
+
# `KEY_AGREEMENT`.
|
3614
|
+
# @return [Array<String>]
|
3615
|
+
#
|
3342
3616
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetPublicKeyResponse AWS API Documentation
|
3343
3617
|
#
|
3344
3618
|
class GetPublicKeyResponse < Struct.new(
|
@@ -3348,7 +3622,8 @@ module Aws::KMS
|
|
3348
3622
|
:key_spec,
|
3349
3623
|
:key_usage,
|
3350
3624
|
:encryption_algorithms,
|
3351
|
-
:signing_algorithms
|
3625
|
+
:signing_algorithms,
|
3626
|
+
:key_agreement_algorithms)
|
3352
3627
|
SENSITIVE = []
|
3353
3628
|
include Aws::Structure
|
3354
3629
|
end
|
@@ -3736,8 +4011,9 @@ module Aws::KMS
|
|
3736
4011
|
# the `KeyUsage` must be `ENCRYPT_DECRYPT`. For signing and verifying
|
3737
4012
|
# messages, the `KeyUsage` must be `SIGN_VERIFY`. For generating and
|
3738
4013
|
# verifying message authentication codes (MACs), the `KeyUsage` must be
|
3739
|
-
# `GENERATE_VERIFY_MAC`.
|
3740
|
-
#
|
4014
|
+
# `GENERATE_VERIFY_MAC`. For deriving key agreement secrets, the
|
4015
|
+
# `KeyUsage` must be `KEY_AGREEMENT`. To find the `KeyUsage` of a KMS
|
4016
|
+
# key, use the DescribeKey operation.
|
3741
4017
|
#
|
3742
4018
|
# To find the encryption or signing algorithms supported for a
|
3743
4019
|
# particular KMS key, use the DescribeKey operation.
|
@@ -4016,6 +4292,10 @@ module Aws::KMS
|
|
4016
4292
|
# `SIGN_VERIFY`.
|
4017
4293
|
# @return [Array<String>]
|
4018
4294
|
#
|
4295
|
+
# @!attribute [rw] key_agreement_algorithms
|
4296
|
+
# The key agreement algorithm used to derive a shared secret.
|
4297
|
+
# @return [Array<String>]
|
4298
|
+
#
|
4019
4299
|
# @!attribute [rw] multi_region
|
4020
4300
|
# Indicates whether the KMS key is a multi-Region (`True`) or regional
|
4021
4301
|
# (`False`) key. This value is `True` for multi-Region primary and
|
@@ -4109,6 +4389,7 @@ module Aws::KMS
|
|
4109
4389
|
:key_spec,
|
4110
4390
|
:encryption_algorithms,
|
4111
4391
|
:signing_algorithms,
|
4392
|
+
:key_agreement_algorithms,
|
4112
4393
|
:multi_region,
|
4113
4394
|
:multi_region_configuration,
|
4114
4395
|
:pending_deletion_window_in_days,
|
@@ -4209,8 +4490,8 @@ module Aws::KMS
|
|
4209
4490
|
# @!attribute [rw] truncated
|
4210
4491
|
# A flag that indicates whether there are more items in the list. When
|
4211
4492
|
# this value is true, the list in this response is truncated. To get
|
4212
|
-
# more items, pass the value of the `NextMarker` element in
|
4213
|
-
#
|
4493
|
+
# more items, pass the value of the `NextMarker` element in this
|
4494
|
+
# response to the `Marker` parameter in a subsequent request.
|
4214
4495
|
# @return [Boolean]
|
4215
4496
|
#
|
4216
4497
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesResponse AWS API Documentation
|
@@ -4292,8 +4573,8 @@ module Aws::KMS
|
|
4292
4573
|
# @!attribute [rw] truncated
|
4293
4574
|
# A flag that indicates whether there are more items in the list. When
|
4294
4575
|
# this value is true, the list in this response is truncated. To get
|
4295
|
-
# more items, pass the value of the `NextMarker` element in
|
4296
|
-
#
|
4576
|
+
# more items, pass the value of the `NextMarker` element in this
|
4577
|
+
# response to the `Marker` parameter in a subsequent request.
|
4297
4578
|
# @return [Boolean]
|
4298
4579
|
#
|
4299
4580
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsResponse AWS API Documentation
|
@@ -4362,8 +4643,8 @@ module Aws::KMS
|
|
4362
4643
|
# @!attribute [rw] truncated
|
4363
4644
|
# A flag that indicates whether there are more items in the list. When
|
4364
4645
|
# this value is true, the list in this response is truncated. To get
|
4365
|
-
# more items, pass the value of the `NextMarker` element in
|
4366
|
-
#
|
4646
|
+
# more items, pass the value of the `NextMarker` element in this
|
4647
|
+
# response to the `Marker` parameter in a subsequent request.
|
4367
4648
|
# @return [Boolean]
|
4368
4649
|
#
|
4369
4650
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesResponse AWS API Documentation
|
@@ -4376,6 +4657,74 @@ module Aws::KMS
|
|
4376
4657
|
include Aws::Structure
|
4377
4658
|
end
|
4378
4659
|
|
4660
|
+
# @!attribute [rw] key_id
|
4661
|
+
# Gets the key rotations for the specified KMS key.
|
4662
|
+
#
|
4663
|
+
# Specify the key ID or key ARN of the KMS key.
|
4664
|
+
#
|
4665
|
+
# For example:
|
4666
|
+
#
|
4667
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
4668
|
+
#
|
4669
|
+
# * Key ARN:
|
4670
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
4671
|
+
#
|
4672
|
+
# To get the key ID and key ARN for a KMS key, use ListKeys or
|
4673
|
+
# DescribeKey.
|
4674
|
+
# @return [String]
|
4675
|
+
#
|
4676
|
+
# @!attribute [rw] limit
|
4677
|
+
# Use this parameter to specify the maximum number of items to return.
|
4678
|
+
# When this value is present, KMS does not return more than the
|
4679
|
+
# specified number of items, but it might return fewer.
|
4680
|
+
#
|
4681
|
+
# This value is optional. If you include a value, it must be between 1
|
4682
|
+
# and 1000, inclusive. If you do not include a value, it defaults to
|
4683
|
+
# 100.
|
4684
|
+
# @return [Integer]
|
4685
|
+
#
|
4686
|
+
# @!attribute [rw] marker
|
4687
|
+
# Use this parameter in a subsequent request after you receive a
|
4688
|
+
# response with truncated results. Set it to the value of `NextMarker`
|
4689
|
+
# from the truncated response you just received.
|
4690
|
+
# @return [String]
|
4691
|
+
#
|
4692
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyRotationsRequest AWS API Documentation
|
4693
|
+
#
|
4694
|
+
class ListKeyRotationsRequest < Struct.new(
|
4695
|
+
:key_id,
|
4696
|
+
:limit,
|
4697
|
+
:marker)
|
4698
|
+
SENSITIVE = []
|
4699
|
+
include Aws::Structure
|
4700
|
+
end
|
4701
|
+
|
4702
|
+
# @!attribute [rw] rotations
|
4703
|
+
# A list of completed key material rotations.
|
4704
|
+
# @return [Array<Types::RotationsListEntry>]
|
4705
|
+
#
|
4706
|
+
# @!attribute [rw] next_marker
|
4707
|
+
# When `Truncated` is true, this element is present and contains the
|
4708
|
+
# value to use for the `Marker` parameter in a subsequent request.
|
4709
|
+
# @return [String]
|
4710
|
+
#
|
4711
|
+
# @!attribute [rw] truncated
|
4712
|
+
# A flag that indicates whether there are more items in the list. When
|
4713
|
+
# this value is true, the list in this response is truncated. To get
|
4714
|
+
# more items, pass the value of the `NextMarker` element in this
|
4715
|
+
# response to the `Marker` parameter in a subsequent request.
|
4716
|
+
# @return [Boolean]
|
4717
|
+
#
|
4718
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyRotationsResponse AWS API Documentation
|
4719
|
+
#
|
4720
|
+
class ListKeyRotationsResponse < Struct.new(
|
4721
|
+
:rotations,
|
4722
|
+
:next_marker,
|
4723
|
+
:truncated)
|
4724
|
+
SENSITIVE = []
|
4725
|
+
include Aws::Structure
|
4726
|
+
end
|
4727
|
+
|
4379
4728
|
# @!attribute [rw] limit
|
4380
4729
|
# Use this parameter to specify the maximum number of items to return.
|
4381
4730
|
# When this value is present, KMS does not return more than the
|
@@ -4413,8 +4762,8 @@ module Aws::KMS
|
|
4413
4762
|
# @!attribute [rw] truncated
|
4414
4763
|
# A flag that indicates whether there are more items in the list. When
|
4415
4764
|
# this value is true, the list in this response is truncated. To get
|
4416
|
-
# more items, pass the value of the `NextMarker` element in
|
4417
|
-
#
|
4765
|
+
# more items, pass the value of the `NextMarker` element in this
|
4766
|
+
# response to the `Marker` parameter in a subsequent request.
|
4418
4767
|
# @return [Boolean]
|
4419
4768
|
#
|
4420
4769
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysResponse AWS API Documentation
|
@@ -4495,8 +4844,8 @@ module Aws::KMS
|
|
4495
4844
|
# @!attribute [rw] truncated
|
4496
4845
|
# A flag that indicates whether there are more items in the list. When
|
4497
4846
|
# this value is true, the list in this response is truncated. To get
|
4498
|
-
# more items, pass the value of the `NextMarker` element in
|
4499
|
-
#
|
4847
|
+
# more items, pass the value of the `NextMarker` element in this
|
4848
|
+
# response to the `Marker` parameter in a subsequent request.
|
4500
4849
|
# @return [Boolean]
|
4501
4850
|
#
|
4502
4851
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTagsResponse AWS API Documentation
|
@@ -4649,7 +4998,8 @@ module Aws::KMS
|
|
4649
4998
|
# @return [String]
|
4650
4999
|
#
|
4651
5000
|
# @!attribute [rw] policy_name
|
4652
|
-
# The name of the key policy.
|
5001
|
+
# The name of the key policy. If no policy name is specified, the
|
5002
|
+
# default value is `default`. The only valid value is `default`.
|
4653
5003
|
# @return [String]
|
4654
5004
|
#
|
4655
5005
|
# @!attribute [rw] policy
|
@@ -4710,12 +5060,13 @@ module Aws::KMS
|
|
4710
5060
|
# Management Service Developer Guide*.
|
4711
5061
|
#
|
4712
5062
|
# Use this parameter only when you intend to prevent the principal
|
4713
|
-
# that is making the request from making a subsequent
|
4714
|
-
# request on the KMS key.
|
5063
|
+
# that is making the request from making a subsequent
|
5064
|
+
# [PutKeyPolicy][2] request on the KMS key.
|
4715
5065
|
#
|
4716
5066
|
#
|
4717
5067
|
#
|
4718
5068
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
|
5069
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html
|
4719
5070
|
# @return [Boolean]
|
4720
5071
|
#
|
4721
5072
|
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyRequest AWS API Documentation
|
@@ -5107,12 +5458,13 @@ module Aws::KMS
|
|
5107
5458
|
# Management Service Developer Guide*.
|
5108
5459
|
#
|
5109
5460
|
# Use this parameter only when you intend to prevent the principal
|
5110
|
-
# that is making the request from making a subsequent
|
5111
|
-
# request on the KMS key.
|
5461
|
+
# that is making the request from making a subsequent
|
5462
|
+
# [PutKeyPolicy][2] request on the KMS key.
|
5112
5463
|
#
|
5113
5464
|
#
|
5114
5465
|
#
|
5115
5466
|
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
|
5467
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html
|
5116
5468
|
# @return [Boolean]
|
5117
5469
|
#
|
5118
5470
|
# @!attribute [rw] description
|
@@ -5317,6 +5669,87 @@ module Aws::KMS
|
|
5317
5669
|
include Aws::Structure
|
5318
5670
|
end
|
5319
5671
|
|
5672
|
+
# @!attribute [rw] key_id
|
5673
|
+
# Identifies a symmetric encryption KMS key. You cannot perform
|
5674
|
+
# on-demand rotation of [asymmetric KMS keys][1], [HMAC KMS keys][2],
|
5675
|
+
# KMS keys with [imported key material][3], or KMS keys in a [custom
|
5676
|
+
# key store][4]. To perform on-demand rotation of a set of related
|
5677
|
+
# [multi-Region keys][5], invoke the on-demand rotation on the primary
|
5678
|
+
# key.
|
5679
|
+
#
|
5680
|
+
# Specify the key ID or key ARN of the KMS key.
|
5681
|
+
#
|
5682
|
+
# For example:
|
5683
|
+
#
|
5684
|
+
# * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
|
5685
|
+
#
|
5686
|
+
# * Key ARN:
|
5687
|
+
# `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
|
5688
|
+
#
|
5689
|
+
# To get the key ID and key ARN for a KMS key, use ListKeys or
|
5690
|
+
# DescribeKey.
|
5691
|
+
#
|
5692
|
+
#
|
5693
|
+
#
|
5694
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
|
5695
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html
|
5696
|
+
# [3]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
|
5697
|
+
# [4]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
|
5698
|
+
# [5]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate
|
5699
|
+
# @return [String]
|
5700
|
+
#
|
5701
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotateKeyOnDemandRequest AWS API Documentation
|
5702
|
+
#
|
5703
|
+
class RotateKeyOnDemandRequest < Struct.new(
|
5704
|
+
:key_id)
|
5705
|
+
SENSITIVE = []
|
5706
|
+
include Aws::Structure
|
5707
|
+
end
|
5708
|
+
|
5709
|
+
# @!attribute [rw] key_id
|
5710
|
+
# Identifies the symmetric encryption KMS key that you initiated
|
5711
|
+
# on-demand rotation on.
|
5712
|
+
# @return [String]
|
5713
|
+
#
|
5714
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotateKeyOnDemandResponse AWS API Documentation
|
5715
|
+
#
|
5716
|
+
class RotateKeyOnDemandResponse < Struct.new(
|
5717
|
+
:key_id)
|
5718
|
+
SENSITIVE = []
|
5719
|
+
include Aws::Structure
|
5720
|
+
end
|
5721
|
+
|
5722
|
+
# Contains information about completed key material rotations.
|
5723
|
+
#
|
5724
|
+
# @!attribute [rw] key_id
|
5725
|
+
# Unique identifier of the key.
|
5726
|
+
# @return [String]
|
5727
|
+
#
|
5728
|
+
# @!attribute [rw] rotation_date
|
5729
|
+
# Date and time that the key material rotation completed. Formatted as
|
5730
|
+
# Unix time.
|
5731
|
+
# @return [Time]
|
5732
|
+
#
|
5733
|
+
# @!attribute [rw] rotation_type
|
5734
|
+
# Identifies whether the key material rotation was a scheduled
|
5735
|
+
# [automatic rotation][1] or an [on-demand rotation][2].
|
5736
|
+
#
|
5737
|
+
#
|
5738
|
+
#
|
5739
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable
|
5740
|
+
# [2]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand
|
5741
|
+
# @return [String]
|
5742
|
+
#
|
5743
|
+
# @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotationsListEntry AWS API Documentation
|
5744
|
+
#
|
5745
|
+
class RotationsListEntry < Struct.new(
|
5746
|
+
:key_id,
|
5747
|
+
:rotation_date,
|
5748
|
+
:rotation_type)
|
5749
|
+
SENSITIVE = []
|
5750
|
+
include Aws::Structure
|
5751
|
+
end
|
5752
|
+
|
5320
5753
|
# @!attribute [rw] key_id
|
5321
5754
|
# The unique identifier of the KMS key to delete.
|
5322
5755
|
#
|
@@ -6243,9 +6676,9 @@ module Aws::KMS
|
|
6243
6676
|
end
|
6244
6677
|
|
6245
6678
|
# The request was rejected because the (`XksKeyId`) is already
|
6246
|
-
# associated with
|
6247
|
-
# an external key store must be associated with a different
|
6248
|
-
# key.
|
6679
|
+
# associated with another KMS key in this external key store. Each KMS
|
6680
|
+
# key in an external key store must be associated with a different
|
6681
|
+
# external key.
|
6249
6682
|
#
|
6250
6683
|
# @!attribute [rw] message
|
6251
6684
|
# @return [String]
|
@@ -6424,9 +6857,9 @@ module Aws::KMS
|
|
6424
6857
|
include Aws::Structure
|
6425
6858
|
end
|
6426
6859
|
|
6427
|
-
# The request was rejected because the
|
6428
|
-
#
|
6429
|
-
#
|
6860
|
+
# The request was rejected because the external key store proxy is not
|
6861
|
+
# configured correctly. To identify the cause, see the error message
|
6862
|
+
# that accompanies the exception.
|
6430
6863
|
#
|
6431
6864
|
# @!attribute [rw] message
|
6432
6865
|
# @return [String]
|
@@ -6455,11 +6888,10 @@ module Aws::KMS
|
|
6455
6888
|
include Aws::Structure
|
6456
6889
|
end
|
6457
6890
|
|
6458
|
-
# The request was rejected because the
|
6459
|
-
#
|
6460
|
-
#
|
6461
|
-
#
|
6462
|
-
# address.
|
6891
|
+
# The request was rejected because the `XksProxyUriEndpoint` is already
|
6892
|
+
# associated with another external key store in this Amazon Web Services
|
6893
|
+
# Region. To identify the cause, see the error message that accompanies
|
6894
|
+
# the exception.
|
6463
6895
|
#
|
6464
6896
|
# @!attribute [rw] message
|
6465
6897
|
# @return [String]
|
@@ -6474,9 +6906,9 @@ module Aws::KMS
|
|
6474
6906
|
|
6475
6907
|
# The request was rejected because the concatenation of the
|
6476
6908
|
# `XksProxyUriEndpoint` and `XksProxyUriPath` is already associated with
|
6477
|
-
#
|
6478
|
-
#
|
6479
|
-
#
|
6909
|
+
# another external key store in this Amazon Web Services Region. Each
|
6910
|
+
# external key store in a Region must use a unique external key store
|
6911
|
+
# proxy API address.
|
6480
6912
|
#
|
6481
6913
|
# @!attribute [rw] message
|
6482
6914
|
# @return [String]
|
@@ -6509,10 +6941,9 @@ module Aws::KMS
|
|
6509
6941
|
end
|
6510
6942
|
|
6511
6943
|
# The request was rejected because the specified Amazon VPC endpoint
|
6512
|
-
# service is already associated with
|
6513
|
-
# Web Services
|
6514
|
-
#
|
6515
|
-
# endpoint service.
|
6944
|
+
# service is already associated with another external key store in this
|
6945
|
+
# Amazon Web Services Region. Each external key store in a Region must
|
6946
|
+
# use a different Amazon VPC endpoint service.
|
6516
6947
|
#
|
6517
6948
|
# @!attribute [rw] message
|
6518
6949
|
# @return [String]
|
@@ -6527,10 +6958,13 @@ module Aws::KMS
|
|
6527
6958
|
|
6528
6959
|
# The request was rejected because the Amazon VPC endpoint service
|
6529
6960
|
# configuration does not fulfill the requirements for an external key
|
6530
|
-
# store
|
6531
|
-
# requirements]
|
6532
|
-
#
|
6533
|
-
#
|
6961
|
+
# store. To identify the cause, see the error message that accompanies
|
6962
|
+
# the exception and [review the requirements][1] for Amazon VPC endpoint
|
6963
|
+
# service connectivity for an external key store.
|
6964
|
+
#
|
6965
|
+
#
|
6966
|
+
#
|
6967
|
+
# [1]: https://docs.aws.amazon.com/kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements
|
6534
6968
|
#
|
6535
6969
|
# @!attribute [rw] message
|
6536
6970
|
# @return [String]
|
@@ -6563,3 +6997,4 @@ module Aws::KMS
|
|
6563
6997
|
|
6564
6998
|
end
|
6565
6999
|
end
|
7000
|
+
|