aws-sdk-kms 1.78.0 → 1.79.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: b05591dab1f1f02bba5a98334bf378b959226a3ac1c90e9cf58035224a2111a0
-  data.tar.gz: ffc4f9f1d05952fc2cb0728a9ce69da6c9530d28c14982c2327eb62efe347964
+  metadata.gz: bb0ea5ff70a205cb81c13f9eb12fb8c102c7d6ca4236bf9734d31f58e7bc7a13
+  data.tar.gz: 3c19d24f24485fe2e0191a68dbdee8eb339b295ecb85ad3c3f88b45f4c36efc5
 SHA512:
-  metadata.gz: c5e70d5a23bc7902eef9522451509e2a5574a29cca62c79c8999da1063b1bdb6b5689600c280d1838a9540a0da9a45765d023cfbb1274a553e31f82b4473212f
-  data.tar.gz: ec6634ec155cb7d20c65c7a977876eb2d5a376fd0de6a167470d3a632ef0072e9c862fea8ef4ef5d35b7a7cfe28611f80dda6ff03e65ff998af0a3a98d04909d
+  metadata.gz: 8e94f92e6eeb788d1574f75acb13f89073893991927054c01ba19948676541e213edc6d14dc0f6e817a2e9c8b84cb84ee688c2159e1e19aa7b9a67f9ae0f429d
+  data.tar.gz: dcdaa1ca50c6d7ae1f2bdafe17945045d0791de691ae48e20b142107a602509c1d16016fda26c29185e9c5b1cc10b0e346030b0524164ca7ddb2ebda1ae8fb21

data/CHANGELOG.md

@@ -1,6 +1,11 @@
 Unreleased Changes
 ------------------
 
+1.79.0 (2024-04-12)
+------------------
+
+* Feature - This feature supports the ability to specify a custom rotation period for automatic key rotations, the ability to perform on-demand key rotations, and visibility into your key material rotations.
+
 1.78.0 (2024-03-18)
 ------------------
 

data/VERSION

@@ -1 +1 @@
-1.78.0
+1.79.0

data/lib/aws-sdk-kms/client.rb

@@ -3619,6 +3619,10 @@ module Aws::KMS
     #
     # * GetKeyRotationStatus
     #
+    # * ListKeyRotations
+    #
+    # * RotateKeyOnDemand
+    #
     # **Eventual consistency**: The KMS API follows an eventual consistency
     # model. For more information, see [KMS eventual consistency][12].
     #
@@ -3851,12 +3855,20 @@ module Aws::KMS
     # Enables [automatic rotation of the key material][1] of the specified
     # symmetric encryption KMS key.
     #
-    # When you enable automatic rotation of a [customer managed KMS key][2],
-    # KMS rotates the key material of the KMS key one year (approximately
-    # 365 days) from the enable date and every year thereafter. You can
-    # monitor rotation of the key material for your KMS keys in CloudTrail
-    # and Amazon CloudWatch. To disable rotation of the key material in a
-    # customer managed KMS key, use the DisableKeyRotation operation.
+    # By default, when you enable automatic rotation of a [customer managed
+    # KMS key][2], KMS rotates the key material of the KMS key one year
+    # (approximately 365 days) from the enable date and every year
+    # thereafter. You can use the optional `RotationPeriodInDays` parameter
+    # to specify a custom rotation period when you enable key rotation, or
+    # you can use `RotationPeriodInDays` to modify the rotation period of a
+    # key that you previously enabled automatic key rotation on.
+    #
+    # You can monitor rotation of the key material for your KMS keys in
+    # CloudTrail and Amazon CloudWatch. To disable rotation of the key
+    # material in a customer managed KMS key, use the DisableKeyRotation
+    # operation. You can use the GetKeyRotationStatus operation to identify
+    # any in progress rotations. You can use the ListKeyRotations operation
+    # to view the details of completed rotations.
     #
     # Automatic key rotation is supported only on [symmetric encryption KMS
     # keys][3]. You cannot enable automatic rotation of [asymmetric KMS
@@ -3865,10 +3877,11 @@ module Aws::KMS
     # disable automatic rotation of a set of related [multi-Region keys][8],
     # set the property on the primary key.
     #
-    # You cannot enable or disable automatic rotation [Amazon Web Services
-    # managed KMS keys][9]. KMS always rotates the key material of Amazon
-    # Web Services managed keys every year. Rotation of [Amazon Web Services
-    # owned KMS keys][10] varies.
+    # You cannot enable or disable automatic rotation of [Amazon Web
+    # Services managed KMS keys][9]. KMS always rotates the key material of
+    # Amazon Web Services managed keys every year. Rotation of [Amazon Web
+    # Services owned KMS keys][10] is managed by the Amazon Web Services
+    # service that owns the key.
     #
     # <note markdown="1"> In May 2022, KMS changed the rotation schedule for Amazon Web Services
     # managed keys from every three years (approximately 1,095 days) to
@@ -3897,12 +3910,22 @@ module Aws::KMS
     #
     # * GetKeyRotationStatus
     #
+    # * ListKeyRotations
+    #
+    # * RotateKeyOnDemand
+    #
+    #   <note markdown="1"> You can perform on-demand (RotateKeyOnDemand) rotation of the key
+    #   material in customer managed KMS keys, regardless of whether or not
+    #   automatic key rotation is enabled.
+    #
+    #    </note>
+    #
     # **Eventual consistency**: The KMS API follows an eventual consistency
     # model. For more information, see [KMS eventual consistency][13].
     #
     #
     #
-    # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
+    # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable
     # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
     # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks
     # [4]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
@@ -3943,21 +3966,42 @@ module Aws::KMS
     #   [4]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
     #   [5]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate
     #
+    # @option params [Integer] :rotation_period_in_days
+    #   Use this parameter to specify a custom period of time between each
+    #   rotation date. If no value is specified, the default value is 365
+    #   days.
+    #
+    #   The rotation period defines the number of days after you enable
+    #   automatic key rotation that KMS will rotate your key material, and the
+    #   number of days between each automatic rotation thereafter.
+    #
+    #   You can use the [ `kms:RotationPeriodInDays` ][1] condition key to
+    #   further constrain the values that principals can specify in the
+    #   `RotationPeriodInDays` parameter.
+    #
+    #
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days
+    #
     # @return [Struct] Returns an empty {Seahorse::Client::Response response}.
     #
     #
     # @example Example: To enable automatic rotation of key material
     #
-    #   # The following example enables automatic annual rotation of the key material for the specified KMS key.
+    #   # The following example enables automatic rotation with a rotation period of 365 days for the specified KMS key.
     #
     #   resp = client.enable_key_rotation({
-    #     key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", # The identifier of the KMS key whose key material will be rotated annually. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
+    #     key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", # The identifier of the KMS key whose key material will be automatically rotated. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
+    #     rotation_period_in_days: 365, # The number of days between each rotation date. Specify a value between 9 and 2560. If no value is specified, the default value is 365 days.
     #   })
     #
     # @example Request syntax with placeholder values
     #
     #   resp = client.enable_key_rotation({
     #     key_id: "KeyIdType", # required
+    #     rotation_period_in_days: 1,
     #   })
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation AWS API Documentation
@@ -5629,14 +5673,10 @@ module Aws::KMS
       req.send_request(options)
     end
 
-    # Gets a Boolean value that indicates whether [automatic rotation of the
-    # key material][1] is enabled for the specified KMS key.
-    #
-    # When you enable automatic rotation for [customer managed KMS keys][2],
-    # KMS rotates the key material of the KMS key one year (approximately
-    # 365 days) from the enable date and every year thereafter. You can
-    # monitor rotation of the key material for your KMS keys in CloudTrail
-    # and Amazon CloudWatch.
+    # Provides detailed information about the rotation status for a KMS key,
+    # including whether [automatic rotation of the key material][1] is
+    # enabled for the specified KMS key, the [rotation period][2], and the
+    # next scheduled rotation date.
     #
     # Automatic key rotation is supported only on [symmetric encryption KMS
     # keys][3]. You cannot enable automatic rotation of [asymmetric KMS
@@ -5652,6 +5692,13 @@ module Aws::KMS
     # Services managed KMS keys every year. The key rotation status for
     # Amazon Web Services managed KMS keys is always `true`.
     #
+    # You can perform on-demand (RotateKeyOnDemand) rotation of the key
+    # material in customer managed KMS keys, regardless of whether or not
+    # automatic key rotation is enabled. You can use GetKeyRotationStatus to
+    # identify the date and time that an in progress on-demand rotation was
+    # initiated. You can use ListKeyRotations to view the details of
+    # completed rotations.
+    #
     # <note markdown="1"> In May 2022, KMS changed the rotation schedule for Amazon Web Services
     # managed keys from every three years to every year. For details, see
     # EnableKeyRotation.
@@ -5688,13 +5735,17 @@ module Aws::KMS
     #
     # * EnableKeyRotation
     #
+    # * ListKeyRotations
+    #
+    # * RotateKeyOnDemand
+    #
     # **Eventual consistency**: The KMS API follows an eventual consistency
     # model. For more information, see [KMS eventual consistency][12].
     #
     #
     #
     # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
-    # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
+    # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotation-period
     # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks
     # [4]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
     # [5]: https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html
@@ -5725,11 +5776,16 @@ module Aws::KMS
     # @return [Types::GetKeyRotationStatusResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
     #
     #   * {Types::GetKeyRotationStatusResponse#key_rotation_enabled #key_rotation_enabled} => Boolean
+    #   * {Types::GetKeyRotationStatusResponse#key_id #key_id} => String
+    #   * {Types::GetKeyRotationStatusResponse#rotation_period_in_days #rotation_period_in_days} => Integer
+    #   * {Types::GetKeyRotationStatusResponse#next_rotation_date #next_rotation_date} => Time
+    #   * {Types::GetKeyRotationStatusResponse#on_demand_rotation_start_date #on_demand_rotation_start_date} => Time
     #
     #
     # @example Example: To retrieve the rotation status for a KMS key
     #
-    #   # The following example retrieves the status of automatic annual rotation of the key material for the specified KMS key.
+    #   # The following example retrieves detailed information about the rotation status for a KMS key, including whether
+    #   # automatic key rotation is enabled for the specified KMS key, the rotation period, and the next scheduled rotation date.
     #
     #   resp = client.get_key_rotation_status({
     #     key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", # The identifier of the KMS key whose key material rotation status you want to retrieve. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
@@ -5737,7 +5793,11 @@ module Aws::KMS
     #
     #   resp.to_h outputs the following:
     #   {
-    #     key_rotation_enabled: true, # A boolean that indicates the key material rotation status. Returns true when automatic annual rotation of the key material is enabled, or false when it is not.
+    #     key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", # Identifies the specified symmetric encryption KMS key.
+    #     key_rotation_enabled: true, # A boolean that indicates the key material rotation status. Returns true when automatic rotation of the key material is enabled, or false when it is not.
+    #     next_rotation_date: Time.parse("2024-04-05T15:14:47.757000+00:00"), # The next date that the key material will be automatically rotated.
+    #     on_demand_rotation_start_date: Time.parse("2024-03-02T10:11:36.564000+00:00"), # Identifies the date and time that an in progress on-demand rotation was initiated.
+    #     rotation_period_in_days: 365, # The number of days between each automatic rotation. The default value is 365 days.
     #   }
     #
     # @example Request syntax with placeholder values
@@ -5749,6 +5809,10 @@ module Aws::KMS
     # @example Response structure
     #
     #   resp.key_rotation_enabled #=> Boolean
+    #   resp.key_id #=> String
+    #   resp.rotation_period_in_days #=> Integer
+    #   resp.next_rotation_date #=> Time
+    #   resp.on_demand_rotation_start_date #=> Time
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus AWS API Documentation
     #
@@ -6897,6 +6961,129 @@ module Aws::KMS
       req.send_request(options)
     end
 
+    # Returns information about all completed key material rotations for the
+    # specified KMS key.
+    #
+    # You must specify the KMS key in all requests. You can refine the key
+    # rotations list by limiting the number of rotations returned.
+    #
+    # For detailed information about automatic and on-demand key rotations,
+    # see [Rotating KMS keys][1] in the *Key Management Service Developer
+    # Guide*.
+    #
+    # **Cross-account use**: No. You cannot perform this operation on a KMS
+    # key in a different Amazon Web Services account.
+    #
+    # **Required permissions**: [kms:ListKeyRotations][2] (key policy)
+    #
+    # **Related operations:**
+    #
+    # * EnableKeyRotation
+    #
+    # * DisableKeyRotation
+    #
+    # * GetKeyRotationStatus
+    #
+    # * RotateKeyOnDemand
+    #
+    # **Eventual consistency**: The KMS API follows an eventual consistency
+    # model. For more information, see [KMS eventual consistency][3].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html
+    # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html
+    # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html
+    #
+    # @option params [required, String] :key_id
+    #   Gets the key rotations for the specified KMS key.
+    #
+    #   Specify the key ID or key ARN of the KMS key.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   To get the key ID and key ARN for a KMS key, use ListKeys or
+    #   DescribeKey.
+    #
+    # @option params [Integer] :limit
+    #   Use this parameter to specify the maximum number of items to return.
+    #   When this value is present, KMS does not return more than the
+    #   specified number of items, but it might return fewer.
+    #
+    #   This value is optional. If you include a value, it must be between 1
+    #   and 1000, inclusive. If you do not include a value, it defaults to
+    #   100.
+    #
+    # @option params [String] :marker
+    #   Use this parameter in a subsequent request after you receive a
+    #   response with truncated results. Set it to the value of `NextMarker`
+    #   from the truncated response you just received.
+    #
+    # @return [Types::ListKeyRotationsResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::ListKeyRotationsResponse#rotations #rotations} => Array&lt;Types::RotationsListEntry&gt;
+    #   * {Types::ListKeyRotationsResponse#next_marker #next_marker} => String
+    #   * {Types::ListKeyRotationsResponse#truncated #truncated} => Boolean
+    #
+    # The returned {Seahorse::Client::Response response} is a pageable response and is Enumerable. For details on usage see {Aws::PageableResponse PageableResponse}.
+    #
+    #
+    # @example Example: To retrieve information about all completed key material rotations
+    #
+    #   # The following example returns information about all completed key material rotations for the specified KMS key.
+    #
+    #   resp = client.list_key_rotations({
+    #     key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", 
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     rotations: [
+    #       {
+    #         key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", 
+    #         rotation_date: Time.parse("2024-03-02T10:11:36.564000+00:00"), 
+    #         rotation_type: "AUTOMATIC", 
+    #       }, 
+    #       {
+    #         key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", 
+    #         rotation_date: Time.parse("2024-04-05T15:14:47.757000+00:00"), 
+    #         rotation_type: "ON_DEMAND", 
+    #       }, 
+    #     ], # A list of key rotations.
+    #     truncated: false, # A flag that indicates whether there are more items in the list. When the value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in this response to the Marker parameter in a subsequent request.
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.list_key_rotations({
+    #     key_id: "KeyIdType", # required
+    #     limit: 1,
+    #     marker: "MarkerType",
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.rotations #=> Array
+    #   resp.rotations[0].key_id #=> String
+    #   resp.rotations[0].rotation_date #=> Time
+    #   resp.rotations[0].rotation_type #=> String, one of "AUTOMATIC", "ON_DEMAND"
+    #   resp.next_marker #=> String
+    #   resp.truncated #=> Boolean
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyRotations AWS API Documentation
+    #
+    # @overload list_key_rotations(params = {})
+    # @param [Hash] params ({})
+    def list_key_rotations(params = {}, options = {})
+      req = build_request(:list_key_rotations, params)
+      req.send_request(options)
+    end
+
     # Gets a list of all KMS keys in the caller's Amazon Web Services
     # account and Region.
     #
@@ -8372,6 +8559,147 @@ module Aws::KMS
       req.send_request(options)
     end
 
+    # Immediately initiates rotation of the key material of the specified
+    # symmetric encryption KMS key.
+    #
+    # You can perform [on-demand rotation][1] of the key material in
+    # customer managed KMS keys, regardless of whether or not [automatic key
+    # rotation][2] is enabled. On-demand rotations do not change existing
+    # automatic rotation schedules. For example, consider a KMS key that has
+    # automatic key rotation enabled with a rotation period of 730 days. If
+    # the key is scheduled to automatically rotate on April 14, 2024, and
+    # you perform an on-demand rotation on April 10, 2024, the key will
+    # automatically rotate, as scheduled, on April 14, 2024 and every 730
+    # days thereafter.
+    #
+    # <note markdown="1"> You can perform on-demand key rotation a **maximum of 10 times** per
+    # KMS key. You can use the KMS console to view the number of remaining
+    # on-demand rotations available for a KMS key.
+    #
+    #  </note>
+    #
+    # You can use GetKeyRotationStatus to identify any in progress on-demand
+    # rotations. You can use ListKeyRotations to identify the date that
+    # completed on-demand rotations were performed. You can monitor rotation
+    # of the key material for your KMS keys in CloudTrail and Amazon
+    # CloudWatch.
+    #
+    # On-demand key rotation is supported only on [symmetric encryption KMS
+    # keys][3]. You cannot perform on-demand rotation of [asymmetric KMS
+    # keys][4], [HMAC KMS keys][5], KMS keys with [imported key
+    # material][6], or KMS keys in a [custom key store][7]. To perform
+    # on-demand rotation of a set of related [multi-Region keys][8], invoke
+    # the on-demand rotation on the primary key.
+    #
+    # You cannot initiate on-demand rotation of [Amazon Web Services managed
+    # KMS keys][9]. KMS always rotates the key material of Amazon Web
+    # Services managed keys every year. Rotation of [Amazon Web Services
+    # owned KMS keys][10] is managed by the Amazon Web Services service that
+    # owns the key.
+    #
+    # The KMS key that you use for this operation must be in a compatible
+    # key state. For details, see [Key states of KMS keys][11] in the *Key
+    # Management Service Developer Guide*.
+    #
+    # **Cross-account use**: No. You cannot perform this operation on a KMS
+    # key in a different Amazon Web Services account.
+    #
+    # **Required permissions**: [kms:RotateKeyOnDemand][12] (key policy)
+    #
+    # **Related operations:**
+    #
+    # * EnableKeyRotation
+    #
+    # * DisableKeyRotation
+    #
+    # * GetKeyRotationStatus
+    #
+    # * ListKeyRotations
+    #
+    # **Eventual consistency**: The KMS API follows an eventual consistency
+    # model. For more information, see [KMS eventual consistency][13].
+    #
+    #
+    #
+    # [1]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand
+    # [2]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable
+    # [3]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks
+    # [4]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    # [5]: https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html
+    # [6]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
+    # [7]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
+    # [8]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate
+    # [9]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk
+    # [10]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk
+    # [11]: https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html
+    # [12]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html
+    # [13]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html
+    #
+    # @option params [required, String] :key_id
+    #   Identifies a symmetric encryption KMS key. You cannot perform
+    #   on-demand rotation of [asymmetric KMS keys][1], [HMAC KMS keys][2],
+    #   KMS keys with [imported key material][3], or KMS keys in a [custom key
+    #   store][4]. To perform on-demand rotation of a set of related
+    #   [multi-Region keys][5], invoke the on-demand rotation on the primary
+    #   key.
+    #
+    #   Specify the key ID or key ARN of the KMS key.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   To get the key ID and key ARN for a KMS key, use ListKeys or
+    #   DescribeKey.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
+    #   [4]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
+    #   [5]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate
+    #
+    # @return [Types::RotateKeyOnDemandResponse] Returns a {Seahorse::Client::Response response} object which responds to the following methods:
+    #
+    #   * {Types::RotateKeyOnDemandResponse#key_id #key_id} => String
+    #
+    #
+    # @example Example: To perform on-demand rotation of key material
+    #
+    #   # The following example immediately initiates rotation of the key material for the specified KMS key.
+    #
+    #   resp = client.rotate_key_on_demand({
+    #     key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", # The identifier of the KMS key whose key material you want to initiate on-demand rotation on. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
+    #   })
+    #
+    #   resp.to_h outputs the following:
+    #   {
+    #     key_id: "1234abcd-12ab-34cd-56ef-1234567890ab", # The KMS key that you initiated on-demand rotation on.
+    #   }
+    #
+    # @example Request syntax with placeholder values
+    #
+    #   resp = client.rotate_key_on_demand({
+    #     key_id: "KeyIdType", # required
+    #   })
+    #
+    # @example Response structure
+    #
+    #   resp.key_id #=> String
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotateKeyOnDemand AWS API Documentation
+    #
+    # @overload rotate_key_on_demand(params = {})
+    # @param [Hash] params ({})
+    def rotate_key_on_demand(params = {}, options = {})
+      req = build_request(:rotate_key_on_demand, params)
+      req.send_request(options)
+    end
+
     # Schedules the deletion of a KMS key. By default, KMS applies a waiting
     # period of 30 days, but you can specify a waiting period of 7-30 days.
     # When this operation is successful, the key state of the KMS key
@@ -10105,7 +10433,7 @@ module Aws::KMS
         params: params,
         config: config)
       context[:gem_name] = 'aws-sdk-kms'
-      context[:gem_version] = '1.78.0'
+      context[:gem_version] = '1.79.0'
       Seahorse::Client::Request.new(handlers, context)
     end
 

data/lib/aws-sdk-kms/client_api.rb

@@ -31,6 +31,7 @@ module Aws::KMS
     CloudHsmClusterNotActiveException = Shapes::StructureShape.new(name: 'CloudHsmClusterNotActiveException')
     CloudHsmClusterNotFoundException = Shapes::StructureShape.new(name: 'CloudHsmClusterNotFoundException')
     CloudHsmClusterNotRelatedException = Shapes::StructureShape.new(name: 'CloudHsmClusterNotRelatedException')
+    ConflictException = Shapes::StructureShape.new(name: 'ConflictException')
     ConnectCustomKeyStoreRequest = Shapes::StructureShape.new(name: 'ConnectCustomKeyStoreRequest')
     ConnectCustomKeyStoreResponse = Shapes::StructureShape.new(name: 'ConnectCustomKeyStoreResponse')
     ConnectionErrorCodeType = Shapes::StringShape.new(name: 'ConnectionErrorCodeType')
@@ -150,6 +151,8 @@ module Aws::KMS
     ListGrantsResponse = Shapes::StructureShape.new(name: 'ListGrantsResponse')
     ListKeyPoliciesRequest = Shapes::StructureShape.new(name: 'ListKeyPoliciesRequest')
     ListKeyPoliciesResponse = Shapes::StructureShape.new(name: 'ListKeyPoliciesResponse')
+    ListKeyRotationsRequest = Shapes::StructureShape.new(name: 'ListKeyRotationsRequest')
+    ListKeyRotationsResponse = Shapes::StructureShape.new(name: 'ListKeyRotationsResponse')
     ListKeysRequest = Shapes::StructureShape.new(name: 'ListKeysRequest')
     ListKeysResponse = Shapes::StructureShape.new(name: 'ListKeysResponse')
     ListResourceTagsRequest = Shapes::StructureShape.new(name: 'ListResourceTagsRequest')
@@ -184,6 +187,12 @@ module Aws::KMS
     ReplicateKeyResponse = Shapes::StructureShape.new(name: 'ReplicateKeyResponse')
     RetireGrantRequest = Shapes::StructureShape.new(name: 'RetireGrantRequest')
     RevokeGrantRequest = Shapes::StructureShape.new(name: 'RevokeGrantRequest')
+    RotateKeyOnDemandRequest = Shapes::StructureShape.new(name: 'RotateKeyOnDemandRequest')
+    RotateKeyOnDemandResponse = Shapes::StructureShape.new(name: 'RotateKeyOnDemandResponse')
+    RotationPeriodInDaysType = Shapes::IntegerShape.new(name: 'RotationPeriodInDaysType')
+    RotationType = Shapes::StringShape.new(name: 'RotationType')
+    RotationsList = Shapes::ListShape.new(name: 'RotationsList')
+    RotationsListEntry = Shapes::StructureShape.new(name: 'RotationsListEntry')
     ScheduleKeyDeletionRequest = Shapes::StructureShape.new(name: 'ScheduleKeyDeletionRequest')
     ScheduleKeyDeletionResponse = Shapes::StructureShape.new(name: 'ScheduleKeyDeletionResponse')
     SignRequest = Shapes::StructureShape.new(name: 'SignRequest')
@@ -266,6 +275,9 @@ module Aws::KMS
     CloudHsmClusterNotRelatedException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessageType, location_name: "message"))
     CloudHsmClusterNotRelatedException.struct_class = Types::CloudHsmClusterNotRelatedException
 
+    ConflictException.add_member(:message, Shapes::ShapeRef.new(shape: ErrorMessageType, location_name: "message"))
+    ConflictException.struct_class = Types::ConflictException
+
     ConnectCustomKeyStoreRequest.add_member(:custom_key_store_id, Shapes::ShapeRef.new(shape: CustomKeyStoreIdType, required: true, location_name: "CustomKeyStoreId"))
     ConnectCustomKeyStoreRequest.struct_class = Types::ConnectCustomKeyStoreRequest
 
@@ -413,6 +425,7 @@ module Aws::KMS
     EnableKeyRequest.struct_class = Types::EnableKeyRequest
 
     EnableKeyRotationRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
+    EnableKeyRotationRequest.add_member(:rotation_period_in_days, Shapes::ShapeRef.new(shape: RotationPeriodInDaysType, location_name: "RotationPeriodInDays"))
     EnableKeyRotationRequest.struct_class = Types::EnableKeyRotationRequest
 
     EncryptRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
@@ -525,6 +538,10 @@ module Aws::KMS
     GetKeyRotationStatusRequest.struct_class = Types::GetKeyRotationStatusRequest
 
     GetKeyRotationStatusResponse.add_member(:key_rotation_enabled, Shapes::ShapeRef.new(shape: BooleanType, location_name: "KeyRotationEnabled"))
+    GetKeyRotationStatusResponse.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, location_name: "KeyId"))
+    GetKeyRotationStatusResponse.add_member(:rotation_period_in_days, Shapes::ShapeRef.new(shape: RotationPeriodInDaysType, location_name: "RotationPeriodInDays"))
+    GetKeyRotationStatusResponse.add_member(:next_rotation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "NextRotationDate"))
+    GetKeyRotationStatusResponse.add_member(:on_demand_rotation_start_date, Shapes::ShapeRef.new(shape: DateType, location_name: "OnDemandRotationStartDate"))
     GetKeyRotationStatusResponse.struct_class = Types::GetKeyRotationStatusResponse
 
     GetParametersForImportRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
@@ -696,6 +713,16 @@ module Aws::KMS
     ListKeyPoliciesResponse.add_member(:truncated, Shapes::ShapeRef.new(shape: BooleanType, location_name: "Truncated"))
     ListKeyPoliciesResponse.struct_class = Types::ListKeyPoliciesResponse
 
+    ListKeyRotationsRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
+    ListKeyRotationsRequest.add_member(:limit, Shapes::ShapeRef.new(shape: LimitType, location_name: "Limit"))
+    ListKeyRotationsRequest.add_member(:marker, Shapes::ShapeRef.new(shape: MarkerType, location_name: "Marker"))
+    ListKeyRotationsRequest.struct_class = Types::ListKeyRotationsRequest
+
+    ListKeyRotationsResponse.add_member(:rotations, Shapes::ShapeRef.new(shape: RotationsList, location_name: "Rotations"))
+    ListKeyRotationsResponse.add_member(:next_marker, Shapes::ShapeRef.new(shape: MarkerType, location_name: "NextMarker"))
+    ListKeyRotationsResponse.add_member(:truncated, Shapes::ShapeRef.new(shape: BooleanType, location_name: "Truncated"))
+    ListKeyRotationsResponse.struct_class = Types::ListKeyRotationsResponse
+
     ListKeysRequest.add_member(:limit, Shapes::ShapeRef.new(shape: LimitType, location_name: "Limit"))
     ListKeysRequest.add_member(:marker, Shapes::ShapeRef.new(shape: MarkerType, location_name: "Marker"))
     ListKeysRequest.struct_class = Types::ListKeysRequest
@@ -793,6 +820,19 @@ module Aws::KMS
     RevokeGrantRequest.add_member(:dry_run, Shapes::ShapeRef.new(shape: NullableBooleanType, location_name: "DryRun"))
     RevokeGrantRequest.struct_class = Types::RevokeGrantRequest
 
+    RotateKeyOnDemandRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
+    RotateKeyOnDemandRequest.struct_class = Types::RotateKeyOnDemandRequest
+
+    RotateKeyOnDemandResponse.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, location_name: "KeyId"))
+    RotateKeyOnDemandResponse.struct_class = Types::RotateKeyOnDemandResponse
+
+    RotationsList.member = Shapes::ShapeRef.new(shape: RotationsListEntry)
+
+    RotationsListEntry.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, location_name: "KeyId"))
+    RotationsListEntry.add_member(:rotation_date, Shapes::ShapeRef.new(shape: DateType, location_name: "RotationDate"))
+    RotationsListEntry.add_member(:rotation_type, Shapes::ShapeRef.new(shape: RotationType, location_name: "RotationType"))
+    RotationsListEntry.struct_class = Types::RotationsListEntry
+
     ScheduleKeyDeletionRequest.add_member(:key_id, Shapes::ShapeRef.new(shape: KeyIdType, required: true, location_name: "KeyId"))
     ScheduleKeyDeletionRequest.add_member(:pending_window_in_days, Shapes::ShapeRef.new(shape: PendingWindowInDaysType, location_name: "PendingWindowInDays"))
     ScheduleKeyDeletionRequest.struct_class = Types::ScheduleKeyDeletionRequest
@@ -1132,6 +1172,7 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: InvalidMarkerException)
         o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
         o[:pager] = Aws::Pager.new(
+          more_results: "truncated",
           limit_key: "limit",
           tokens: {
             "next_marker" => "marker"
@@ -1424,6 +1465,7 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
         o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
         o[:pager] = Aws::Pager.new(
+          more_results: "truncated",
           limit_key: "limit",
           tokens: {
             "next_marker" => "marker"
@@ -1445,6 +1487,7 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
         o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
         o[:pager] = Aws::Pager.new(
+          more_results: "truncated",
           limit_key: "limit",
           tokens: {
             "next_marker" => "marker"
@@ -1464,6 +1507,28 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
         o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
         o[:pager] = Aws::Pager.new(
+          more_results: "truncated",
+          limit_key: "limit",
+          tokens: {
+            "next_marker" => "marker"
+          }
+        )
+      end)
+
+      api.add_operation(:list_key_rotations, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "ListKeyRotations"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: ListKeyRotationsRequest)
+        o.output = Shapes::ShapeRef.new(shape: ListKeyRotationsResponse)
+        o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidMarkerException)
+        o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
+        o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
+        o[:pager] = Aws::Pager.new(
+          more_results: "truncated",
           limit_key: "limit",
           tokens: {
             "next_marker" => "marker"
@@ -1481,6 +1546,7 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidMarkerException)
         o[:pager] = Aws::Pager.new(
+          more_results: "truncated",
           limit_key: "limit",
           tokens: {
             "next_marker" => "marker"
@@ -1499,6 +1565,7 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
         o.errors << Shapes::ShapeRef.new(shape: InvalidMarkerException)
         o[:pager] = Aws::Pager.new(
+          more_results: "truncated",
           limit_key: "limit",
           tokens: {
             "next_marker" => "marker"
@@ -1518,6 +1585,7 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
         o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
         o[:pager] = Aws::Pager.new(
+          more_results: "truncated",
           limit_key: "limit",
           tokens: {
             "next_marker" => "marker"
@@ -1609,6 +1677,23 @@ module Aws::KMS
         o.errors << Shapes::ShapeRef.new(shape: DryRunOperationException)
       end)
 
+      api.add_operation(:rotate_key_on_demand, Seahorse::Model::Operation.new.tap do |o|
+        o.name = "RotateKeyOnDemand"
+        o.http_method = "POST"
+        o.http_request_uri = "/"
+        o.input = Shapes::ShapeRef.new(shape: RotateKeyOnDemandRequest)
+        o.output = Shapes::ShapeRef.new(shape: RotateKeyOnDemandResponse)
+        o.errors << Shapes::ShapeRef.new(shape: NotFoundException)
+        o.errors << Shapes::ShapeRef.new(shape: DisabledException)
+        o.errors << Shapes::ShapeRef.new(shape: InvalidArnException)
+        o.errors << Shapes::ShapeRef.new(shape: DependencyTimeoutException)
+        o.errors << Shapes::ShapeRef.new(shape: KMSInternalException)
+        o.errors << Shapes::ShapeRef.new(shape: KMSInvalidStateException)
+        o.errors << Shapes::ShapeRef.new(shape: UnsupportedOperationException)
+        o.errors << Shapes::ShapeRef.new(shape: LimitExceededException)
+        o.errors << Shapes::ShapeRef.new(shape: ConflictException)
+      end)
+
       api.add_operation(:schedule_key_deletion, Seahorse::Model::Operation.new.tap do |o|
         o.name = "ScheduleKeyDeletion"
         o.http_method = "POST"

data/lib/aws-sdk-kms/endpoints.rb

@@ -460,6 +460,20 @@ module Aws::KMS
       end
     end
 
+    class ListKeyRotations
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::KMS::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class ListKeys
       def self.build(context)
         unless context.config.regional_endpoint
@@ -572,6 +586,20 @@ module Aws::KMS
       end
     end
 
+    class RotateKeyOnDemand
+      def self.build(context)
+        unless context.config.regional_endpoint
+          endpoint = context.config.endpoint.to_s
+        end
+        Aws::KMS::EndpointParameters.new(
+          region: context.config.region,
+          use_dual_stack: context.config.use_dualstack_endpoint,
+          use_fips: context.config.use_fips_endpoint,
+          endpoint: endpoint,
+        )
+      end
+    end
+
     class ScheduleKeyDeletion
       def self.build(context)
         unless context.config.regional_endpoint

data/lib/aws-sdk-kms/errors.rb

@@ -33,6 +33,7 @@ module Aws::KMS
   # * {CloudHsmClusterNotActiveException}
   # * {CloudHsmClusterNotFoundException}
   # * {CloudHsmClusterNotRelatedException}
+  # * {ConflictException}
   # * {CustomKeyStoreHasCMKsException}
   # * {CustomKeyStoreInvalidStateException}
   # * {CustomKeyStoreNameInUseException}
@@ -171,6 +172,21 @@ module Aws::KMS
       end
     end
 
+    class ConflictException < ServiceError
+
+      # @param [Seahorse::Client::RequestContext] context
+      # @param [String] message
+      # @param [Aws::KMS::Types::ConflictException] data
+      def initialize(context, message, data = Aws::EmptyStructure.new)
+        super(context, message, data)
+      end
+
+      # @return [String]
+      def message
+        @message || @data[:message]
+      end
+    end
+
     class CustomKeyStoreHasCMKsException < ServiceError
 
       # @param [Seahorse::Client::RequestContext] context

data/lib/aws-sdk-kms/plugins/endpoints.rb

@@ -122,6 +122,8 @@ module Aws::KMS
             Aws::KMS::Endpoints::ListGrants.build(context)
           when :list_key_policies
             Aws::KMS::Endpoints::ListKeyPolicies.build(context)
+          when :list_key_rotations
+            Aws::KMS::Endpoints::ListKeyRotations.build(context)
           when :list_keys
             Aws::KMS::Endpoints::ListKeys.build(context)
           when :list_resource_tags
@@ -138,6 +140,8 @@ module Aws::KMS
             Aws::KMS::Endpoints::RetireGrant.build(context)
           when :revoke_grant
             Aws::KMS::Endpoints::RevokeGrant.build(context)
+          when :rotate_key_on_demand
+            Aws::KMS::Endpoints::RotateKeyOnDemand.build(context)
           when :schedule_key_deletion
             Aws::KMS::Endpoints::ScheduleKeyDeletion.build(context)
           when :sign

data/lib/aws-sdk-kms/types.rb

@@ -242,6 +242,21 @@ module Aws::KMS
       include Aws::Structure
     end
 
+    # The request was rejected because an automatic rotation of this key is
+    # currently in progress or scheduled to begin within the next 20
+    # minutes.
+    #
+    # @!attribute [rw] message
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConflictException AWS API Documentation
+    #
+    class ConflictException < Struct.new(
+      :message)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] custom_key_store_id
     #   Enter the key store ID of the custom key store that you want to
     #   connect. To find the ID of a custom key store, use the
@@ -1801,8 +1816,8 @@ module Aws::KMS
     # @!attribute [rw] truncated
     #   A flag that indicates whether there are more items in the list. When
     #   this value is true, the list in this response is truncated. To get
-    #   more items, pass the value of the `NextMarker` element in
-    #   thisresponse to the `Marker` parameter in a subsequent request.
+    #   more items, pass the value of the `NextMarker` element in this
+    #   response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStoresResponse AWS API Documentation
@@ -2036,10 +2051,31 @@ module Aws::KMS
     #   [5]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate
     #   @return [String]
     #
+    # @!attribute [rw] rotation_period_in_days
+    #   Use this parameter to specify a custom period of time between each
+    #   rotation date. If no value is specified, the default value is 365
+    #   days.
+    #
+    #   The rotation period defines the number of days after you enable
+    #   automatic key rotation that KMS will rotate your key material, and
+    #   the number of days between each automatic rotation thereafter.
+    #
+    #   You can use the [ `kms:RotationPeriodInDays` ][1] condition key to
+    #   further constrain the values that principals can specify in the
+    #   `RotationPeriodInDays` parameter.
+    #
+    #
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-rotation-period-in-days
+    #   @return [Integer]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotationRequest AWS API Documentation
     #
     class EnableKeyRotationRequest < Struct.new(
-      :key_id)
+      :key_id,
+      :rotation_period_in_days)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -3109,10 +3145,42 @@ module Aws::KMS
     #   A Boolean value that specifies whether key rotation is enabled.
     #   @return [Boolean]
     #
+    # @!attribute [rw] key_id
+    #   Identifies the specified symmetric encryption KMS key.
+    #   @return [String]
+    #
+    # @!attribute [rw] rotation_period_in_days
+    #   The number of days between each automatic rotation. The default
+    #   value is 365 days.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] next_rotation_date
+    #   The next date that KMS will automatically rotate the key material.
+    #   @return [Time]
+    #
+    # @!attribute [rw] on_demand_rotation_start_date
+    #   Identifies the date and time that an in progress on-demand rotation
+    #   was initiated.
+    #
+    #   The KMS API follows an [eventual consistency][1] model due to the
+    #   distributed nature of the system. As a result, there might be a
+    #   slight delay between initiating on-demand key rotation and the
+    #   rotation's completion. Once the on-demand rotation is complete, use
+    #   ListKeyRotations to view the details of the on-demand rotation.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html
+    #   @return [Time]
+    #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatusResponse AWS API Documentation
     #
     class GetKeyRotationStatusResponse < Struct.new(
-      :key_rotation_enabled)
+      :key_rotation_enabled,
+      :key_id,
+      :rotation_period_in_days,
+      :next_rotation_date,
+      :on_demand_rotation_start_date)
       SENSITIVE = []
       include Aws::Structure
     end
@@ -4216,8 +4284,8 @@ module Aws::KMS
     # @!attribute [rw] truncated
     #   A flag that indicates whether there are more items in the list. When
     #   this value is true, the list in this response is truncated. To get
-    #   more items, pass the value of the `NextMarker` element in
-    #   thisresponse to the `Marker` parameter in a subsequent request.
+    #   more items, pass the value of the `NextMarker` element in this
+    #   response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliasesResponse AWS API Documentation
@@ -4299,8 +4367,8 @@ module Aws::KMS
     # @!attribute [rw] truncated
     #   A flag that indicates whether there are more items in the list. When
     #   this value is true, the list in this response is truncated. To get
-    #   more items, pass the value of the `NextMarker` element in
-    #   thisresponse to the `Marker` parameter in a subsequent request.
+    #   more items, pass the value of the `NextMarker` element in this
+    #   response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrantsResponse AWS API Documentation
@@ -4369,8 +4437,8 @@ module Aws::KMS
     # @!attribute [rw] truncated
     #   A flag that indicates whether there are more items in the list. When
     #   this value is true, the list in this response is truncated. To get
-    #   more items, pass the value of the `NextMarker` element in
-    #   thisresponse to the `Marker` parameter in a subsequent request.
+    #   more items, pass the value of the `NextMarker` element in this
+    #   response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPoliciesResponse AWS API Documentation
@@ -4383,6 +4451,74 @@ module Aws::KMS
       include Aws::Structure
     end
 
+    # @!attribute [rw] key_id
+    #   Gets the key rotations for the specified KMS key.
+    #
+    #   Specify the key ID or key ARN of the KMS key.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   To get the key ID and key ARN for a KMS key, use ListKeys or
+    #   DescribeKey.
+    #   @return [String]
+    #
+    # @!attribute [rw] limit
+    #   Use this parameter to specify the maximum number of items to return.
+    #   When this value is present, KMS does not return more than the
+    #   specified number of items, but it might return fewer.
+    #
+    #   This value is optional. If you include a value, it must be between 1
+    #   and 1000, inclusive. If you do not include a value, it defaults to
+    #   100.
+    #   @return [Integer]
+    #
+    # @!attribute [rw] marker
+    #   Use this parameter in a subsequent request after you receive a
+    #   response with truncated results. Set it to the value of `NextMarker`
+    #   from the truncated response you just received.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyRotationsRequest AWS API Documentation
+    #
+    class ListKeyRotationsRequest < Struct.new(
+      :key_id,
+      :limit,
+      :marker)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] rotations
+    #   A list of completed key material rotations.
+    #   @return [Array<Types::RotationsListEntry>]
+    #
+    # @!attribute [rw] next_marker
+    #   When `Truncated` is true, this element is present and contains the
+    #   value to use for the `Marker` parameter in a subsequent request.
+    #   @return [String]
+    #
+    # @!attribute [rw] truncated
+    #   A flag that indicates whether there are more items in the list. When
+    #   this value is true, the list in this response is truncated. To get
+    #   more items, pass the value of the `NextMarker` element in this
+    #   response to the `Marker` parameter in a subsequent request.
+    #   @return [Boolean]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyRotationsResponse AWS API Documentation
+    #
+    class ListKeyRotationsResponse < Struct.new(
+      :rotations,
+      :next_marker,
+      :truncated)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] limit
     #   Use this parameter to specify the maximum number of items to return.
     #   When this value is present, KMS does not return more than the
@@ -4420,8 +4556,8 @@ module Aws::KMS
     # @!attribute [rw] truncated
     #   A flag that indicates whether there are more items in the list. When
     #   this value is true, the list in this response is truncated. To get
-    #   more items, pass the value of the `NextMarker` element in
-    #   thisresponse to the `Marker` parameter in a subsequent request.
+    #   more items, pass the value of the `NextMarker` element in this
+    #   response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeysResponse AWS API Documentation
@@ -4502,8 +4638,8 @@ module Aws::KMS
     # @!attribute [rw] truncated
     #   A flag that indicates whether there are more items in the list. When
     #   this value is true, the list in this response is truncated. To get
-    #   more items, pass the value of the `NextMarker` element in
-    #   thisresponse to the `Marker` parameter in a subsequent request.
+    #   more items, pass the value of the `NextMarker` element in this
+    #   response to the `Marker` parameter in a subsequent request.
     #   @return [Boolean]
     #
     # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTagsResponse AWS API Documentation
@@ -5327,6 +5463,87 @@ module Aws::KMS
       include Aws::Structure
     end
 
+    # @!attribute [rw] key_id
+    #   Identifies a symmetric encryption KMS key. You cannot perform
+    #   on-demand rotation of [asymmetric KMS keys][1], [HMAC KMS keys][2],
+    #   KMS keys with [imported key material][3], or KMS keys in a [custom
+    #   key store][4]. To perform on-demand rotation of a set of related
+    #   [multi-Region keys][5], invoke the on-demand rotation on the primary
+    #   key.
+    #
+    #   Specify the key ID or key ARN of the KMS key.
+    #
+    #   For example:
+    #
+    #   * Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   * Key ARN:
+    #     `arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
+    #
+    #   To get the key ID and key ARN for a KMS key, use ListKeys or
+    #   DescribeKey.
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html
+    #   [3]: https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html
+    #   [4]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
+    #   [5]: https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotateKeyOnDemandRequest AWS API Documentation
+    #
+    class RotateKeyOnDemandRequest < Struct.new(
+      :key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # @!attribute [rw] key_id
+    #   Identifies the symmetric encryption KMS key that you initiated
+    #   on-demand rotation on.
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotateKeyOnDemandResponse AWS API Documentation
+    #
+    class RotateKeyOnDemandResponse < Struct.new(
+      :key_id)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
+    # Contains information about completed key material rotations.
+    #
+    # @!attribute [rw] key_id
+    #   Unique identifier of the key.
+    #   @return [String]
+    #
+    # @!attribute [rw] rotation_date
+    #   Date and time that the key material rotation completed. Formatted as
+    #   Unix time.
+    #   @return [Time]
+    #
+    # @!attribute [rw] rotation_type
+    #   Identifies whether the key material rotation was a scheduled
+    #   [automatic rotation][1] or an [on-demand rotation][2].
+    #
+    #
+    #
+    #   [1]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable
+    #   [2]: https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand
+    #   @return [String]
+    #
+    # @see http://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RotationsListEntry AWS API Documentation
+    #
+    class RotationsListEntry < Struct.new(
+      :key_id,
+      :rotation_date,
+      :rotation_type)
+      SENSITIVE = []
+      include Aws::Structure
+    end
+
     # @!attribute [rw] key_id
     #   The unique identifier of the KMS key to delete.
     #

data/lib/aws-sdk-kms.rb

@@ -52,6 +52,6 @@ require_relative 'aws-sdk-kms/customizations'
 # @!group service
 module Aws::KMS
 
-  GEM_VERSION = '1.78.0'
+  GEM_VERSION = '1.79.0'
 
 end

data/sig/client.rbs

@@ -265,7 +265,8 @@ module Aws
 
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#enable_key_rotation-instance_method
       def enable_key_rotation: (
-                                 key_id: ::String
+                                 key_id: ::String,
+                                 ?rotation_period_in_days: ::Integer
                                ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
@@ -411,6 +412,10 @@ module Aws
       interface _GetKeyRotationStatusResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::GetKeyRotationStatusResponse]
         def key_rotation_enabled: () -> bool
+        def key_id: () -> ::String
+        def rotation_period_in_days: () -> ::Integer
+        def next_rotation_date: () -> ::Time
+        def on_demand_rotation_start_date: () -> ::Time
       end
       # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#get_key_rotation_status-instance_method
       def get_key_rotation_status: (
@@ -507,6 +512,20 @@ module Aws
                              ) -> _ListKeyPoliciesResponseSuccess
                            | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListKeyPoliciesResponseSuccess
 
+      interface _ListKeyRotationsResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::ListKeyRotationsResponse]
+        def rotations: () -> ::Array[Types::RotationsListEntry]
+        def next_marker: () -> ::String
+        def truncated: () -> bool
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#list_key_rotations-instance_method
+      def list_key_rotations: (
+                                key_id: ::String,
+                                ?limit: ::Integer,
+                                ?marker: ::String
+                              ) -> _ListKeyRotationsResponseSuccess
+                            | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _ListKeyRotationsResponseSuccess
+
       interface _ListKeysResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::ListKeysResponse]
         def keys: () -> ::Array[Types::KeyListEntry]
@@ -618,6 +637,16 @@ module Aws
                         ) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
                       | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> ::Seahorse::Client::_ResponseSuccess[::Aws::EmptyStructure]
 
+      interface _RotateKeyOnDemandResponseSuccess
+        include ::Seahorse::Client::_ResponseSuccess[Types::RotateKeyOnDemandResponse]
+        def key_id: () -> ::String
+      end
+      # https://docs.aws.amazon.com/sdk-for-ruby/v3/api/Aws/KMS/Client.html#rotate_key_on_demand-instance_method
+      def rotate_key_on_demand: (
+                                  key_id: ::String
+                                ) -> _RotateKeyOnDemandResponseSuccess
+                              | (Hash[Symbol, untyped] params, ?Hash[Symbol, untyped] options) -> _RotateKeyOnDemandResponseSuccess
+
       interface _ScheduleKeyDeletionResponseSuccess
         include ::Seahorse::Client::_ResponseSuccess[Types::ScheduleKeyDeletionResponse]
         def key_id: () -> ::String

data/sig/errors.rbs

@@ -29,6 +29,9 @@ module Aws
       class CloudHsmClusterNotRelatedException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end
+      class ConflictException < ::Aws::Errors::ServiceError
+        def message: () -> ::String
+      end
       class CustomKeyStoreHasCMKsException < ::Aws::Errors::ServiceError
         def message: () -> ::String
       end

data/sig/types.rbs

@@ -57,6 +57,11 @@ module Aws::KMS
       SENSITIVE: []
     end
 
+    class ConflictException
+      attr_accessor message: ::String
+      SENSITIVE: []
+    end
+
     class ConnectCustomKeyStoreRequest
       attr_accessor custom_key_store_id: ::String
       SENSITIVE: []
@@ -264,6 +269,7 @@ module Aws::KMS
 
     class EnableKeyRotationRequest
       attr_accessor key_id: ::String
+      attr_accessor rotation_period_in_days: ::Integer
       SENSITIVE: []
     end
 
@@ -409,6 +415,10 @@ module Aws::KMS
 
     class GetKeyRotationStatusResponse
       attr_accessor key_rotation_enabled: bool
+      attr_accessor key_id: ::String
+      attr_accessor rotation_period_in_days: ::Integer
+      attr_accessor next_rotation_date: ::Time
+      attr_accessor on_demand_rotation_start_date: ::Time
       SENSITIVE: []
     end
 
@@ -638,6 +648,20 @@ module Aws::KMS
       SENSITIVE: []
     end
 
+    class ListKeyRotationsRequest
+      attr_accessor key_id: ::String
+      attr_accessor limit: ::Integer
+      attr_accessor marker: ::String
+      SENSITIVE: []
+    end
+
+    class ListKeyRotationsResponse
+      attr_accessor rotations: ::Array[Types::RotationsListEntry]
+      attr_accessor next_marker: ::String
+      attr_accessor truncated: bool
+      SENSITIVE: []
+    end
+
     class ListKeysRequest
       attr_accessor limit: ::Integer
       attr_accessor marker: ::String
@@ -763,6 +787,23 @@ module Aws::KMS
       SENSITIVE: []
     end
 
+    class RotateKeyOnDemandRequest
+      attr_accessor key_id: ::String
+      SENSITIVE: []
+    end
+
+    class RotateKeyOnDemandResponse
+      attr_accessor key_id: ::String
+      SENSITIVE: []
+    end
+
+    class RotationsListEntry
+      attr_accessor key_id: ::String
+      attr_accessor rotation_date: ::Time
+      attr_accessor rotation_type: ("AUTOMATIC" | "ON_DEMAND")
+      SENSITIVE: []
+    end
+
     class ScheduleKeyDeletionRequest
       attr_accessor key_id: ::String
       attr_accessor pending_window_in_days: ::Integer

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: aws-sdk-kms
 version: !ruby/object:Gem::Version
-  version: 1.78.0
+  version: 1.79.0
 platform: ruby
 authors:
 - Amazon Web Services
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-18 00:00:00.000000000 Z
+date: 2024-04-12 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: aws-sdk-core