@aws-sdk/client-kms 3.28.0 → 3.32.0

package/dist/es/commands/GetParametersForImportCommand.js

@@ -5,23 +5,23 @@ import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
  * <p>Returns the items you need to import key material into a symmetric, customer managed
- *       customer master key (CMK). For more information about importing key material into AWS KMS, see
+ *       KMS key. For more information about importing key material into KMS, see
  *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key
- *         Material</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *         Material</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>This operation returns a public key and an import token. Use the public key to encrypt the
  *       symmetric key material. Store the import token to send with a subsequent <a>ImportKeyMaterial</a> request.</p>
- *          <p>You must specify the key ID of the symmetric CMK into which you will import key material.
- *       This CMK's <code>Origin</code> must be <code>EXTERNAL</code>. You must also specify the
+ *          <p>You must specify the key ID of the symmetric KMS key into which you will import key material.
+ *       This KMS key's <code>Origin</code> must be <code>EXTERNAL</code>. You must also specify the
  *       wrapping algorithm and type of wrapping key (public key) that you will use to encrypt the key
- *       material. You cannot perform this operation on an asymmetric CMK or on any CMK in a different AWS account.</p>
+ *       material. You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account.</p>
  *          <p>To import key material, you must use the public key and import token from the same
  *       response. These items are valid for 24 hours. The expiration date and time appear in the
  *         <code>GetParametersForImport</code> response. You cannot use an expired token in an <a>ImportKeyMaterial</a> request. If your key and token expire, send another
  *         <code>GetParametersForImport</code> request.</p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:GetParametersForImport</a> (key policy)</p>

package/dist/es/commands/GetPublicKeyCommand.js

@@ -4,22 +4,22 @@ import { deserializeAws_json1_1GetPublicKeyCommand, serializeAws_json1_1GetPubli
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Returns the public key of an asymmetric CMK. Unlike the private key of a asymmetric CMK,
- *       which never leaves AWS KMS unencrypted, callers with <code>kms:GetPublicKey</code> permission
- *       can download the public key of an asymmetric CMK. You can share the public key to allow others
- *       to encrypt messages and verify signatures outside of AWS KMS. For information about symmetric and asymmetric CMKs, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ * <p>Returns the public key of an asymmetric KMS key. Unlike the private key of a asymmetric KMS key,
+ *       which never leaves KMS unencrypted, callers with <code>kms:GetPublicKey</code> permission
+ *       can download the public key of an asymmetric KMS key. You can share the public key to allow others
+ *       to encrypt messages and verify signatures outside of KMS. For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>You do not need to download the public key. Instead, you can use the public key within
- *       AWS KMS by calling the <a>Encrypt</a>, <a>ReEncrypt</a>, or <a>Verify</a> operations with the identifier of an asymmetric CMK. When you use the
- *       public key within AWS KMS, you benefit from the authentication, authorization, and logging that
- *       are part of every AWS KMS operation. You also reduce of risk of encrypting data that cannot be
- *       decrypted. These features are not effective outside of AWS KMS. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/download-public-key.html#download-public-key-considerations">Special
+ *       KMS by calling the <a>Encrypt</a>, <a>ReEncrypt</a>, or <a>Verify</a> operations with the identifier of an asymmetric KMS key. When you use the
+ *       public key within KMS, you benefit from the authentication, authorization, and logging that
+ *       are part of every KMS operation. You also reduce of risk of encrypting data that cannot be
+ *       decrypted. These features are not effective outside of KMS. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/download-public-key.html#download-public-key-considerations">Special
  *         Considerations for Downloading Public Keys</a>.</p>
- *          <p>To help you use the public key safely outside of AWS KMS, <code>GetPublicKey</code> returns
+ *          <p>To help you use the public key safely outside of KMS, <code>GetPublicKey</code> returns
  *       important information about the public key in the response, including:</p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-CustomerMasterKeySpec">CustomerMasterKeySpec</a>: The type of key material in the public key, such as
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeySpec">KeySpec</a>: The type of key material in the public key, such as
  *             <code>RSA_4096</code> or <code>ECC_NIST_P521</code>.</p>
  *             </li>
  *             <li>
@@ -32,16 +32,16 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
  *           algorithms for the key.</p>
  *             </li>
  *          </ul>
- *          <p>Although AWS KMS cannot enforce these restrictions on external operations, it is crucial
+ *          <p>Although KMS cannot enforce these restrictions on external operations, it is crucial
  *       that you use this information to prevent the public key from being used improperly. For
  *       example, you can prevent a public signing key from being used encrypt data, or prevent a
- *       public key from being used with an encryption algorithm that is not supported by AWS KMS. You
+ *       public key from being used with an encryption algorithm that is not supported by KMS. You
  *       can also avoid errors, such as using the wrong signing algorithm in a verification
  *       operation.</p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a CMK in a different AWS account, specify
+ *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
  *
  *          <p>

package/dist/es/commands/ImportKeyMaterialCommand.js

@@ -4,13 +4,13 @@ import { deserializeAws_json1_1ImportKeyMaterialCommand, serializeAws_json1_1Imp
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Imports key material into an existing symmetric AWS KMS customer master key (CMK) that was
- *       created without key material. After you successfully import key material into a CMK, you can
- *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material">reimport the same key material</a> into that CMK, but you cannot import different key
+ * <p>Imports key material into an existing symmetric KMS KMS key that was
+ *       created without key material. After you successfully import key material into a KMS key, you can
+ *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material">reimport the same key material</a> into that KMS key, but you cannot import different key
  *       material. </p>
- *          <p>You cannot perform this operation on an asymmetric CMK or on any CMK in a different AWS account. For more information about creating CMKs with no key material and
+ *          <p>You cannot perform this operation on an asymmetric KMS key or on any KMS key in a different Amazon Web Services account. For more information about creating KMS keys with no key material and
  *       then importing key material, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a> in the
- *       <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>Before using this operation, call <a>GetParametersForImport</a>. Its response
  *       includes a public key and an import token. Use the public key to encrypt the key material.
  *       Then, submit the import token from the same <code>GetParametersForImport</code>
@@ -18,11 +18,11 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
  *          <p>When calling this operation, you must specify the following values:</p>
  *          <ul>
  *             <li>
- *                <p>The key ID or key ARN of a CMK with no key material. Its <code>Origin</code> must be
+ *                <p>The key ID or key ARN of a KMS key with no key material. Its <code>Origin</code> must be
  *             <code>EXTERNAL</code>.</p>
- *                <p>To create a CMK with no key material, call <a>CreateKey</a> and set the
+ *                <p>To create a KMS key with no key material, call <a>CreateKey</a> and set the
  *           value of its <code>Origin</code> parameter to <code>EXTERNAL</code>. To get the
- *             <code>Origin</code> of a CMK, call <a>DescribeKey</a>.)</p>
+ *             <code>Origin</code> of a KMS key, call <a>DescribeKey</a>.)</p>
  *             </li>
  *             <li>
  *                <p>The encrypted key material. To get the public key to encrypt the key material, call
@@ -33,23 +33,23 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
  *           a public key and token from the same <code>GetParametersForImport</code> response.</p>
  *             </li>
  *             <li>
- *                <p>Whether the key material expires and if so, when. If you set an expiration date, AWS KMS
- *           deletes the key material from the CMK on the specified date, and the CMK becomes unusable.
- *           To use the CMK again, you must reimport the same key material. The only way to change an
+ *                <p>Whether the key material expires and if so, when. If you set an expiration date, KMS
+ *           deletes the key material from the KMS key on the specified date, and the KMS key becomes unusable.
+ *           To use the KMS key again, you must reimport the same key material. The only way to change an
  *           expiration date is by reimporting the same key material and specifying a new expiration
  *           date. </p>
  *             </li>
  *          </ul>
- *          <p>When this operation is successful, the key state of the CMK changes from
- *         <code>PendingImport</code> to <code>Enabled</code>, and you can use the CMK.</p>
+ *          <p>When this operation is successful, the key state of the KMS key changes from
+ *         <code>PendingImport</code> to <code>Enabled</code>, and you can use the KMS key.</p>
  *          <p>If this operation fails, use the exception to help determine the problem. If the error is
- *       related to the key material, the import token, or wrapping key, use <a>GetParametersForImport</a> to get a new public key and import token for the CMK and
+ *       related to the key material, the import token, or wrapping key, use <a>GetParametersForImport</a> to get a new public key and import token for the KMS key and
  *       repeat the import procedure. For help, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#importing-keys-overview">How To Import Key
- *         Material</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *         Material</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ImportKeyMaterial</a> (key policy)</p>

package/dist/es/commands/ListAliasesCommand.js

@@ -4,28 +4,26 @@ import { deserializeAws_json1_1ListAliasesCommand, serializeAws_json1_1ListAlias
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Gets a list of aliases in the caller's AWS account and region. For more information about
+ * <p>Gets a list of aliases in the caller's Amazon Web Services account and region. For more information about
  *       aliases, see <a>CreateAlias</a>.</p>
  *          <p>By default, the <code>ListAliases</code> operation returns all aliases in the account and
- *       region. To get only the aliases associated with a particular customer master key (CMK), use
+ *       region. To get only the aliases associated with a particular KMS key, use
  *       the <code>KeyId</code> parameter.</p>
  *          <p>The <code>ListAliases</code> response can include aliases that you created and associated
- *       with your customer managed CMKs, and aliases that AWS created and associated with AWS managed
- *       CMKs in your account. You can recognize AWS aliases because their names have the format
+ *       with your customer managed keys, and aliases that Amazon Web Services created and associated with Amazon Web Services managed keys in your account. You can recognize Amazon Web Services aliases because their names have the format
  *         <code>aws/<service-name></code>, such as <code>aws/dynamodb</code>.</p>
  *          <p>The response might also include aliases that have no <code>TargetKeyId</code> field. These
- *       are predefined aliases that AWS has created but has not yet associated with a CMK. Aliases
- *       that AWS creates in your account, including predefined aliases, do not count against your
- *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit">AWS KMS aliases
+ *       are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key. Aliases
+ *       that Amazon Web Services creates in your account, including predefined aliases, do not count against your
+ *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit">KMS aliases
  *         quota</a>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. <code>ListAliases</code> does not
- *       return aliases in other AWS accounts.</p>
- *
+ *       return aliases in other Amazon Web Services accounts.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListAliases</a> (IAM policy)</p>
- *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>

package/dist/es/commands/ListAliasesCommand.js.map

@@ -1 +1 @@
-{"version":3,"file":"ListAliasesCommand.js","sourceRoot":"","sources":["../../../commands/ListAliasesCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EACL,wCAAwC,EACxC,sCAAsC,GACvC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAyDG;AACH;IAAwC,sCAIvC;IACC,oCAAoC;IACpC,kCAAkC;IAElC,4BAAqB,KAA8B;QAAnD;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAyB;;QAGjD,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,8CAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAE1F,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,oBAAoB,CAAC;QACzC,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,kBAAkB,CAAC,kBAAkB;YAC9D,wBAAwB,EAAE,mBAAmB,CAAC,kBAAkB;SACjE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,sCAAS,GAAjB,UAAkB,KAA8B,EAAE,OAAuB;QACvE,OAAO,sCAAsC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAChE,CAAC;IAEO,wCAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,wCAAwC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAIH,yBAAC;AAAD,CAAC,AAtDD,CAAwC,QAAQ,GAsD/C"}
+{"version":3,"file":"ListAliasesCommand.js","sourceRoot":"","sources":["../../../commands/ListAliasesCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,kBAAkB,EAAE,mBAAmB,EAAE,MAAM,oBAAoB,CAAC;AAC7E,OAAO,EACL,wCAAwC,EACxC,sCAAsC,GACvC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAuDG;AACH;IAAwC,sCAIvC;IACC,oCAAoC;IACpC,kCAAkC;IAElC,4BAAqB,KAA8B;QAAnD;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAyB;;QAGjD,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,8CAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAE1F,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,oBAAoB,CAAC;QACzC,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,kBAAkB,CAAC,kBAAkB;YAC9D,wBAAwB,EAAE,mBAAmB,CAAC,kBAAkB;SACjE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,sCAAS,GAAjB,UAAkB,KAA8B,EAAE,OAAuB;QACvE,OAAO,sCAAsC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAChE,CAAC;IAEO,wCAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,wCAAwC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACnE,CAAC;IAIH,yBAAC;AAAD,CAAC,AAtDD,CAAwC,QAAQ,GAsD/C"}

package/dist/es/commands/ListGrantsCommand.js

@@ -4,18 +4,23 @@ import { deserializeAws_json1_1ListGrantsCommand, serializeAws_json1_1ListGrants
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Gets a list of all grants for the specified customer master key (CMK). </p>
- *          <p>You must specify the CMK in all requests. You can filter the grant list by grant ID
+ * <p>Gets a list of all grants for the specified KMS key. </p>
+ *          <p>You must specify the KMS key in all requests. You can filter the grant list by grant ID
  *       or grantee principal.</p>
+ *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
+ *         <i>
+ *                <i>Key Management Service Developer Guide</i>
+ *             </i>. For examples of working with grants in several
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
  *          <note>
  *             <p>The <code>GranteePrincipal</code> field in the <code>ListGrants</code> response usually contains the
  *         user or role designated as the grantee principal in the grant. However, when the grantee
- *         principal in the grant is an AWS service, the <code>GranteePrincipal</code> field contains
+ *         principal in the grant is an Amazon Web Services service, the <code>GranteePrincipal</code> field contains
  *         the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services">service
  *           principal</a>, which might represent several different grantee principals.</p>
  *          </note>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation on a CMK in a different AWS account, specify the key
+ *             <b>Cross-account use</b>: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
  *   ARN in the value of the <code>KeyId</code> parameter.</p>
  *
  *          <p>

package/dist/es/commands/ListGrantsCommand.js.map

@@ -1 +1 @@
-{"version":3,"file":"ListGrantsCommand.js","sourceRoot":"","sources":["../../../commands/ListGrantsCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC3E,OAAO,EACL,uCAAuC,EACvC,qCAAqC,GACtC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAwDG;AACH;IAAuC,qCAItC;IACC,oCAAoC;IACpC,kCAAkC;IAElC,2BAAqB,KAA6B;QAAlD;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAwB;;QAGhD,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,6CAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAE1F,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,mBAAmB,CAAC;QACxC,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,iBAAiB,CAAC,kBAAkB;YAC7D,wBAAwB,EAAE,kBAAkB,CAAC,kBAAkB;SAChE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,qCAAS,GAAjB,UAAkB,KAA6B,EAAE,OAAuB;QACtE,OAAO,qCAAqC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC/D,CAAC;IAEO,uCAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,uCAAuC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClE,CAAC;IAIH,wBAAC;AAAD,CAAC,AAtDD,CAAuC,QAAQ,GAsD9C"}
+{"version":3,"file":"ListGrantsCommand.js","sourceRoot":"","sources":["../../../commands/ListGrantsCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,iBAAiB,EAAE,kBAAkB,EAAE,MAAM,oBAAoB,CAAC;AAC3E,OAAO,EACL,uCAAuC,EACvC,qCAAqC,GACtC,MAAM,0BAA0B,CAAC;AAClC,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA6DG;AACH;IAAuC,qCAItC;IACC,oCAAoC;IACpC,kCAAkC;IAElC,2BAAqB,KAA6B;QAAlD;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAwB;;QAGhD,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,6CAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAE1F,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,mBAAmB,CAAC;QACxC,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,iBAAiB,CAAC,kBAAkB;YAC7D,wBAAwB,EAAE,kBAAkB,CAAC,kBAAkB;SAChE,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,qCAAS,GAAjB,UAAkB,KAA6B,EAAE,OAAuB;QACtE,OAAO,qCAAqC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC/D,CAAC;IAEO,uCAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,uCAAuC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IAClE,CAAC;IAIH,wBAAC;AAAD,CAAC,AAtDD,CAAuC,QAAQ,GAsD9C"}

package/dist/es/commands/ListKeyPoliciesCommand.js

@@ -4,11 +4,11 @@ import { deserializeAws_json1_1ListKeyPoliciesCommand, serializeAws_json1_1ListK
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Gets the names of the key policies that are attached to a customer master key (CMK). This
+ * <p>Gets the names of the key policies that are attached to a KMS key. This
  *       operation is designed to get policy names that you can use in a <a>GetKeyPolicy</a>
  *       operation. However, the only valid policy name is <code>default</code>. </p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListKeyPolicies</a> (key policy)</p>

package/dist/es/commands/ListKeysCommand.js

@@ -4,10 +4,10 @@ import { deserializeAws_json1_1ListKeysCommand, serializeAws_json1_1ListKeysComm
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Gets a list of all customer master keys (CMKs) in the caller's AWS account and
+ * <p>Gets a list of all KMS keys in the caller's Amazon Web Services account and
  *       Region.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListKeys</a> (IAM policy)</p>

package/dist/es/commands/ListResourceTagsCommand.js

@@ -4,13 +4,13 @@ import { deserializeAws_json1_1ListResourceTagsCommand, serializeAws_json1_1List
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Returns all tags on the specified customer master key (CMK).</p>
- *          <p>For general information about tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging AWS resources</a> in
+ * <p>Returns all tags on the specified KMS key.</p>
+ *          <p>For general information about tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a> in
  *       the <i>Amazon Web Services General Reference</i>. For information about using
- *       tags in AWS KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging
+ *       tags in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging
  *         keys</a>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListResourceTags</a> (key policy)</p>

package/dist/es/commands/ListRetirableGrantsCommand.js

@@ -4,24 +4,24 @@ import { deserializeAws_json1_1ListRetirableGrantsCommand, serializeAws_json1_1L
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Returns information about all grants in the AWS account and Region that have the specified
- *       retiring principal. For more information about grants, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Grants</a> in the
- *       <i>
- *                <i>AWS Key Management Service Developer Guide</i>
- *             </i>.</p>
- *          <p>You can specify any principal in your AWS account. The grants that are returned include
- *       grants for CMKs in your AWS account and other AWS accounts.</p>
- *          <p>You might use this operation to determine which grants you may retire. To retire a grant,
- *       use the <a>RetireGrant</a> operation.</p>
+ * <p>Returns information about all grants in the Amazon Web Services account and Region that have the specified
+ *       retiring principal. </p>
+ *          <p>You can specify any principal in your Amazon Web Services account. The grants that are returned include
+ *       grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to
+ *       determine which grants you may retire. To retire a grant, use the <a>RetireGrant</a> operation.</p>
+ *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
+ *         <i>
+ *                <i>Key Management Service Developer Guide</i>
+ *             </i>. For examples of working with grants in several
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
  *          <p>
  *             <b>Cross-account use</b>: You must specify a principal in your
- *       AWS account. However, this operation can return grants in any AWS account. You do not need
- *         <code>kms:ListRetirableGrants</code> permission (or any other additional permission) in any
- *       AWS account other than your own.</p>
+ *       Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need
+ *       <code>kms:ListRetirableGrants</code> permission (or any other additional permission) in any
+ *       Amazon Web Services account other than your own.</p>
  *
  *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListRetirableGrants</a> (IAM policy) in your AWS
- *       account.</p>
+ *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListRetirableGrants</a> (IAM policy) in your Amazon Web Services account.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>

package/dist/es/commands/PutKeyPolicyCommand.js

@@ -4,14 +4,14 @@ import { deserializeAws_json1_1PutKeyPolicyCommand, serializeAws_json1_1PutKeyPo
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Attaches a key policy to the specified customer master key (CMK). </p>
- *          <p>For more information about key policies, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">Key Policies</a> in the <i>AWS Key Management Service Developer Guide</i>.
+ * <p>Attaches a key policy to the specified KMS key. </p>
+ *          <p>For more information about key policies, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">Key Policies</a> in the <i>Key Management Service Developer Guide</i>.
  *       For help writing and formatting a JSON policy document, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM JSON Policy Reference</a> in the <i>
- *                <i>IAM User Guide</i>
+ *                <i>Identity and Access Management User Guide</i>
  *             </i>. For examples of adding a key policy in multiple programming languages,
- *       see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy">Setting a key policy</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy">Setting a key policy</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:PutKeyPolicy</a> (key policy)</p>

package/dist/es/commands/ReEncryptCommand.js

@@ -4,77 +4,73 @@ import { deserializeAws_json1_1ReEncryptCommand, serializeAws_json1_1ReEncryptCo
 import { getSerdePlugin } from "@aws-sdk/middleware-serde";
 import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
- * <p>Decrypts ciphertext and then reencrypts it entirely within AWS KMS. You can use this
- *       operation to change the customer master key (CMK) under which data is encrypted, such as when
- *       you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually">manually rotate</a> a CMK or change the CMK that protects a ciphertext. You can also
- *       use it to reencrypt ciphertext under the same CMK, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
+ * <p>Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this
+ *       operation to change the KMS key under which data is encrypted, such as when
+ *       you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually">manually rotate</a> a KMS key or change the KMS key that protects a ciphertext. You can also
+ *       use it to reencrypt ciphertext under the same KMS key, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
  *         context</a> of a ciphertext.</p>
  *          <p>The <code>ReEncrypt</code> operation can decrypt ciphertext that was encrypted by using an
- *       AWS KMS CMK in an AWS KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the
- *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric CMK</a> outside
- *       of AWS KMS. However, it cannot decrypt ciphertext produced by other libraries, such as the
- *         <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">AWS Encryption SDK</a> or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3 client-side
- *         encryption</a>. These libraries return a ciphertext format that is incompatible with
- *       AWS KMS.</p>
+ *       KMS KMS key in an KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the
+ *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS key</a> outside of KMS. However, it cannot decrypt ciphertext
+ *       produced by other libraries, such as the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a> or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3 client-side encryption</a>.
+ *       These libraries return a ciphertext format that is incompatible with KMS.</p>
  *          <p>When you use the <code>ReEncrypt</code> operation, you need to provide information for the
  *       decrypt operation and the subsequent encrypt operation.</p>
  *          <ul>
  *             <li>
- *                <p>If your ciphertext was encrypted under an asymmetric CMK, you must use the
- *             <code>SourceKeyId</code> parameter to identify the CMK that encrypted the ciphertext.
+ *                <p>If your ciphertext was encrypted under an asymmetric KMS key, you must use the
+ *             <code>SourceKeyId</code> parameter to identify the KMS key that encrypted the ciphertext.
  *           You must also supply the encryption algorithm that was used. This information is required
  *           to decrypt the data.</p>
  *             </li>
  *             <li>
- *                <p>If your ciphertext was encrypted under a symmetric CMK, the <code>SourceKeyId</code>
- *           parameter is optional. AWS KMS can get this information from metadata that it adds to the
+ *                <p>If your ciphertext was encrypted under a symmetric KMS key, the <code>SourceKeyId</code>
+ *           parameter is optional. KMS can get this information from metadata that it adds to the
  *           symmetric ciphertext blob. This feature adds durability to your implementation by ensuring
  *           that authorized users can decrypt ciphertext decades after it was encrypted, even if
- *           they've lost track of the CMK ID. However, specifying the source CMK is always recommended
- *           as a best practice. When you use the <code>SourceKeyId</code> parameter to specify a CMK,
- *           AWS KMS uses only the CMK you specify. If the ciphertext was encrypted under a different
- *           CMK, the <code>ReEncrypt</code> operation fails. This practice ensures that you use the
- *           CMK that you intend.</p>
+ *           they've lost track of the key ID. However, specifying the source KMS key is always recommended
+ *           as a best practice. When you use the <code>SourceKeyId</code> parameter to specify a KMS key,
+ *           KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the <code>ReEncrypt</code> operation fails. This practice ensures that you use the KMS key that you intend.</p>
  *             </li>
  *             <li>
  *                <p>To reencrypt the data, you must use the <code>DestinationKeyId</code> parameter
- *           specify the CMK that re-encrypts the data after it is decrypted. You can select a
- *           symmetric or asymmetric CMK. If the destination CMK is an asymmetric CMK, you must also
+ *           specify the KMS key that re-encrypts the data after it is decrypted. You can select a
+ *           symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you must also
  *           provide the encryption algorithm. The algorithm that you choose must be compatible with
- *           the CMK.</p>
+ *           the KMS key.</p>
  *
  *                <important>
- *                   <p>When you use an asymmetric CMK to encrypt or reencrypt data, be sure to record the CMK and encryption algorithm that you choose. You will be required to provide the same CMK and encryption algorithm when you decrypt the data. If the CMK and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p>
- *                   <p>You are not required to supply the CMK ID and encryption algorithm when you decrypt with symmetric CMKs because AWS KMS stores this information in the ciphertext blob. AWS KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p>
+ *                   <p>When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p>
+ *                   <p>You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p>
  *                </important>
  *             </li>
  *          </ul>
  *
  *
  *
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. The source CMK and destination
- *       CMK can be in different AWS accounts. Either or both CMKs can be in a different account than
- *       the caller.</p>
+ *             <b>Cross-account use</b>: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than
+ *       the caller. To specify a KMS key in a different account, you must use its key ARN or alias
+ *       ARN.</p>
  *
  *          <p>
  *             <b>Required permissions</b>:</p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptFrom</a> permission on the source CMK (key policy)</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptFrom</a> permission on the source KMS key (key policy)</p>
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptTo</a> permission on the destination CMK (key policy)</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptTo</a> permission on the destination KMS key (key policy)</p>
  *             </li>
  *          </ul>
- *          <p>To permit reencryption from or to a CMK, include the <code>"kms:ReEncrypt*"</code>
+ *          <p>To permit reencryption from or to a KMS key, include the <code>"kms:ReEncrypt*"</code>
  *       permission in your <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key policy</a>. This permission is
- *       automatically included in the key policy when you use the console to create a CMK. But you
- *       must include it manually when you create a CMK programmatically or when you use the <a>PutKeyPolicy</a> operation to set a key policy.</p>
+ *       automatically included in the key policy when you use the console to create a KMS key. But you
+ *       must include it manually when you create a KMS key programmatically or when you use the <a>PutKeyPolicy</a> operation to set a key policy.</p>
  *
  *          <p>
  *             <b>Related operations:</b>

package/dist/es/commands/ReEncryptCommand.js.map

@@ -1 +1 @@
-{"version":3,"file":"ReEncryptCommand.js","sourceRoot":"","sources":["../../../commands/ReEncryptCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACzE,OAAO,EAAE,sCAAsC,EAAE,oCAAoC,EAAE,MAAM,0BAA0B,CAAC;AACxH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAgHG;AACH;IAAsC,oCAAgF;IACpH,oCAAoC;IACpC,kCAAkC;IAElC,0BAAqB,KAA4B;QAAjD;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAuB;;QAG/C,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,4CAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAE1F,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,kBAAkB,CAAC;QACvC,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,gBAAgB,CAAC,kBAAkB;YAC5D,wBAAwB,EAAE,iBAAiB,CAAC,kBAAkB;SAC/D,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,oCAAS,GAAjB,UAAkB,KAA4B,EAAE,OAAuB;QACrE,OAAO,oCAAoC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAEO,sCAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,sCAAsC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjE,CAAC;IAIH,uBAAC;AAAD,CAAC,AAlDD,CAAsC,QAAQ,GAkD7C"}
+{"version":3,"file":"ReEncryptCommand.js","sourceRoot":"","sources":["../../../commands/ReEncryptCommand.ts"],"names":[],"mappings":";AACA,OAAO,EAAE,gBAAgB,EAAE,iBAAiB,EAAE,MAAM,oBAAoB,CAAC;AACzE,OAAO,EAAE,sCAAsC,EAAE,oCAAoC,EAAE,MAAM,0BAA0B,CAAC;AACxH,OAAO,EAAE,cAAc,EAAE,MAAM,2BAA2B,CAAC;AAE3D,OAAO,EAAE,OAAO,IAAI,QAAQ,EAAE,MAAM,wBAAwB,CAAC;AAc7D;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4GG;AACH;IAAsC,oCAAgF;IACpH,oCAAoC;IACpC,kCAAkC;IAElC,0BAAqB,KAA4B;QAAjD;QACE,qCAAqC;QACrC,iBAAO,SAER;QAJoB,WAAK,GAAL,KAAK,CAAuB;;QAG/C,mCAAmC;IACrC,CAAC;IAED;;OAEG;IACH,4CAAiB,GAAjB,UACE,WAAmE,EACnE,aAAsC,EACtC,OAA8B;QAE9B,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,cAAc,CAAC,aAAa,EAAE,IAAI,CAAC,SAAS,EAAE,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC;QAE1F,IAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,IAAI,CAAC,eAAe,CAAC,CAAC;QAE/C,IAAA,MAAM,GAAK,aAAa,OAAlB,CAAmB;QACjC,IAAM,UAAU,GAAG,WAAW,CAAC;QAC/B,IAAM,WAAW,GAAG,kBAAkB,CAAC;QACvC,IAAM,uBAAuB,GAA4B;YACvD,MAAM,QAAA;YACN,UAAU,YAAA;YACV,WAAW,aAAA;YACX,uBAAuB,EAAE,gBAAgB,CAAC,kBAAkB;YAC5D,wBAAwB,EAAE,iBAAiB,CAAC,kBAAkB;SAC/D,CAAC;QACM,IAAA,cAAc,GAAK,aAAa,eAAlB,CAAmB;QACzC,OAAO,KAAK,CAAC,OAAO,CAClB,UAAC,OAAsC;YACrC,OAAA,cAAc,CAAC,MAAM,CAAC,OAAO,CAAC,OAAwB,EAAE,OAAO,IAAI,EAAE,CAAC;QAAtE,CAAsE,EACxE,uBAAuB,CACxB,CAAC;IACJ,CAAC;IAEO,oCAAS,GAAjB,UAAkB,KAA4B,EAAE,OAAuB;QACrE,OAAO,oCAAoC,CAAC,KAAK,EAAE,OAAO,CAAC,CAAC;IAC9D,CAAC;IAEO,sCAAW,GAAnB,UAAoB,MAAsB,EAAE,OAAuB;QACjE,OAAO,sCAAsC,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;IACjE,CAAC;IAIH,uBAAC;AAAD,CAAC,AAlDD,CAAsC,QAAQ,GAkD7C"}

package/dist/es/commands/ReplicateKeyCommand.js

@@ -6,24 +6,24 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
 /**
  * <p>Replicates a multi-Region key into the specified Region. This operation creates a
  *       multi-Region replica key based on a multi-Region primary key in a different Region of the same
- *       AWS partition. You can create multiple replicas of a primary key, but each must be in a
+ *       Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a
  *       different Region. To create a multi-Region primary key, use the <a>CreateKey</a>
  *       operation.</p>
- *          <p>This operation supports <i>multi-Region keys</i>, an AWS KMS feature that lets you create multiple
- *       interoperable CMKs in different AWS Regions. Because these CMKs have the same key ID, key
- *       material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt
- *       it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
- *          <p>A <i>replica key</i> is a fully-functional CMK that can be used
+ *          <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
+ *       interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
+ *       material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
+ *       it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>A <i>replica key</i> is a fully-functional KMS key that can be used
  *       independently of its primary and peer replica keys. A primary key and its replica keys share
  *       properties that make them interoperable. They have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id">key ID</a> and key material. They also
  *       have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec">key
  *         spec</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage">key
  *         usage</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin">key
- *         material origin</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic key rotation status</a>. AWS KMS automatically synchronizes these shared
+ *         material origin</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic key rotation status</a>. KMS automatically synchronizes these shared
  *       properties among related multi-Region keys. All other properties of a replica key can differ,
  *       including its <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key
  *         policy</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">tags</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">aliases</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">key
- *         state</a>. AWS KMS pricing and quotas for CMKs apply to each primary key and replica
+ *         state</a>. KMS pricing and quotas for KMS keys apply to each primary key and replica
  *       key.</p>
  *          <p>When this operation completes, the new replica key has a transient key state of
  *         <code>Creating</code>. This key state changes to <code>Enabled</code> (or
@@ -32,31 +32,31 @@ import { Command as $Command } from "@aws-sdk/smithy-client";
  *       cannot yet use it in cryptographic operations. If you are creating and using the replica key
  *       programmatically, retry on <code>KMSInvalidStateException</code> or call
  *         <code>DescribeKey</code> to check its <code>KeyState</code> value before using it. For
- *       details about the <code>Creating</code> key state, see <a href="kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the
- *       <i>AWS Key Management Service Developer Guide</i>.</p>
- *          <p>The AWS CloudTrail log of a <code>ReplicateKey</code> operation records a
+ *       details about the <code>Creating</code> key state, see <a href="kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the
+ *       <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>The CloudTrail log of a <code>ReplicateKey</code> operation records a
  *       <code>ReplicateKey</code> operation in the primary key's Region and a <a>CreateKey</a> operation in the replica key's Region.</p>
  *          <p>If you replicate a multi-Region primary key with imported key material, the replica key is
  *       created with no key material. You must import the same key material that you imported into the
- *       primary key. For details, see <a href="kms/latest/developerguide/multi-region-keys-import.html">Importing key material into multi-Region keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       primary key. For details, see <a href="kms/latest/developerguide/multi-region-keys-import.html">Importing key material into multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>To convert a replica key to a primary key, use the <a>UpdatePrimaryRegion</a>
  *       operation.</p>
  *          <note>
  *             <p>
  *                <code>ReplicateKey</code> uses different default values for the <code>KeyPolicy</code> and
- *           <code>Tags</code> parameters than those used in the AWS KMS console. For details, see the
+ *           <code>Tags</code> parameters than those used in the KMS console. For details, see the
  *         parameter descriptions.</p>
  *          </note>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot use this operation to
- *       create a CMK in a different AWS account. </p>
+ *       create a replica key in a different Amazon Web Services account. </p>
  *          <p>
  *             <b>Required permissions</b>: </p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <code>kms:ReplicateKey</code> on the primary CMK (in the primary CMK's Region). Include this
- *           permission in the primary CMK's key policy.</p>
+ *                   <code>kms:ReplicateKey</code> on the primary key (in the primary key's Region). Include this
+ *           permission in the primary key's key policy.</p>
  *             </li>
  *             <li>
  *                <p>