@aws-sdk/client-kms 3.28.0 → 3.32.0

package/dist/types/commands/ReEncryptCommand.d.ts

@@ -7,77 +7,73 @@ export interface ReEncryptCommandInput extends ReEncryptRequest {
 export interface ReEncryptCommandOutput extends ReEncryptResponse, __MetadataBearer {
 }
 /**
- * <p>Decrypts ciphertext and then reencrypts it entirely within AWS KMS. You can use this
- *       operation to change the customer master key (CMK) under which data is encrypted, such as when
- *       you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually">manually rotate</a> a CMK or change the CMK that protects a ciphertext. You can also
- *       use it to reencrypt ciphertext under the same CMK, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
+ * <p>Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this
+ *       operation to change the KMS key under which data is encrypted, such as when
+ *       you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually">manually rotate</a> a KMS key or change the KMS key that protects a ciphertext. You can also
+ *       use it to reencrypt ciphertext under the same KMS key, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
  *         context</a> of a ciphertext.</p>
  *          <p>The <code>ReEncrypt</code> operation can decrypt ciphertext that was encrypted by using an
- *       AWS KMS CMK in an AWS KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the
- *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric CMK</a> outside
- *       of AWS KMS. However, it cannot decrypt ciphertext produced by other libraries, such as the
- *         <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">AWS Encryption SDK</a> or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3 client-side
- *         encryption</a>. These libraries return a ciphertext format that is incompatible with
- *       AWS KMS.</p>
+ *       KMS KMS key in an KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the
+ *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS key</a> outside of KMS. However, it cannot decrypt ciphertext
+ *       produced by other libraries, such as the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a> or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3 client-side encryption</a>.
+ *       These libraries return a ciphertext format that is incompatible with KMS.</p>
  *          <p>When you use the <code>ReEncrypt</code> operation, you need to provide information for the
  *       decrypt operation and the subsequent encrypt operation.</p>
  *          <ul>
  *             <li>
- *                <p>If your ciphertext was encrypted under an asymmetric CMK, you must use the
- *             <code>SourceKeyId</code> parameter to identify the CMK that encrypted the ciphertext.
+ *                <p>If your ciphertext was encrypted under an asymmetric KMS key, you must use the
+ *             <code>SourceKeyId</code> parameter to identify the KMS key that encrypted the ciphertext.
  *           You must also supply the encryption algorithm that was used. This information is required
  *           to decrypt the data.</p>
  *             </li>
  *             <li>
- *                <p>If your ciphertext was encrypted under a symmetric CMK, the <code>SourceKeyId</code>
- *           parameter is optional. AWS KMS can get this information from metadata that it adds to the
+ *                <p>If your ciphertext was encrypted under a symmetric KMS key, the <code>SourceKeyId</code>
+ *           parameter is optional. KMS can get this information from metadata that it adds to the
  *           symmetric ciphertext blob. This feature adds durability to your implementation by ensuring
  *           that authorized users can decrypt ciphertext decades after it was encrypted, even if
- *           they've lost track of the CMK ID. However, specifying the source CMK is always recommended
- *           as a best practice. When you use the <code>SourceKeyId</code> parameter to specify a CMK,
- *           AWS KMS uses only the CMK you specify. If the ciphertext was encrypted under a different
- *           CMK, the <code>ReEncrypt</code> operation fails. This practice ensures that you use the
- *           CMK that you intend.</p>
+ *           they've lost track of the key ID. However, specifying the source KMS key is always recommended
+ *           as a best practice. When you use the <code>SourceKeyId</code> parameter to specify a KMS key,
+ *           KMS uses only the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the <code>ReEncrypt</code> operation fails. This practice ensures that you use the KMS key that you intend.</p>
  *             </li>
  *             <li>
  *                <p>To reencrypt the data, you must use the <code>DestinationKeyId</code> parameter
- *           specify the CMK that re-encrypts the data after it is decrypted. You can select a
- *           symmetric or asymmetric CMK. If the destination CMK is an asymmetric CMK, you must also
+ *           specify the KMS key that re-encrypts the data after it is decrypted. You can select a
+ *           symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you must also
  *           provide the encryption algorithm. The algorithm that you choose must be compatible with
- *           the CMK.</p>
+ *           the KMS key.</p>
  *
  *                <important>
- *                   <p>When you use an asymmetric CMK to encrypt or reencrypt data, be sure to record the CMK and encryption algorithm that you choose. You will be required to provide the same CMK and encryption algorithm when you decrypt the data. If the CMK and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p>
- *                   <p>You are not required to supply the CMK ID and encryption algorithm when you decrypt with symmetric CMKs because AWS KMS stores this information in the ciphertext blob. AWS KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p>
+ *                   <p>When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p>
+ *                   <p>You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p>
  *                </important>
  *             </li>
  *          </ul>
  *
  *
  *
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. The source CMK and destination
- *       CMK can be in different AWS accounts. Either or both CMKs can be in a different account than
- *       the caller.</p>
+ *             <b>Cross-account use</b>: Yes. The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both KMS keys can be in a different account than
+ *       the caller. To specify a KMS key in a different account, you must use its key ARN or alias
+ *       ARN.</p>
  *
  *          <p>
  *             <b>Required permissions</b>:</p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptFrom</a> permission on the source CMK (key policy)</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptFrom</a> permission on the source KMS key (key policy)</p>
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptTo</a> permission on the destination CMK (key policy)</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptTo</a> permission on the destination KMS key (key policy)</p>
  *             </li>
  *          </ul>
- *          <p>To permit reencryption from or to a CMK, include the <code>"kms:ReEncrypt*"</code>
+ *          <p>To permit reencryption from or to a KMS key, include the <code>"kms:ReEncrypt*"</code>
  *       permission in your <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key policy</a>. This permission is
- *       automatically included in the key policy when you use the console to create a CMK. But you
- *       must include it manually when you create a CMK programmatically or when you use the <a>PutKeyPolicy</a> operation to set a key policy.</p>
+ *       automatically included in the key policy when you use the console to create a KMS key. But you
+ *       must include it manually when you create a KMS key programmatically or when you use the <a>PutKeyPolicy</a> operation to set a key policy.</p>
  *
  *          <p>
  *             <b>Related operations:</b>

package/dist/types/commands/ReplicateKeyCommand.d.ts

@@ -9,24 +9,24 @@ export interface ReplicateKeyCommandOutput extends ReplicateKeyResponse, __Metad
 /**
  * <p>Replicates a multi-Region key into the specified Region. This operation creates a
  *       multi-Region replica key based on a multi-Region primary key in a different Region of the same
- *       AWS partition. You can create multiple replicas of a primary key, but each must be in a
+ *       Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a
  *       different Region. To create a multi-Region primary key, use the <a>CreateKey</a>
  *       operation.</p>
- *          <p>This operation supports <i>multi-Region keys</i>, an AWS KMS feature that lets you create multiple
- *       interoperable CMKs in different AWS Regions. Because these CMKs have the same key ID, key
- *       material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt
- *       it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
- *          <p>A <i>replica key</i> is a fully-functional CMK that can be used
+ *          <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
+ *       interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
+ *       material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
+ *       it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>A <i>replica key</i> is a fully-functional KMS key that can be used
  *       independently of its primary and peer replica keys. A primary key and its replica keys share
  *       properties that make them interoperable. They have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id">key ID</a> and key material. They also
  *       have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec">key
  *         spec</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage">key
  *         usage</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin">key
- *         material origin</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic key rotation status</a>. AWS KMS automatically synchronizes these shared
+ *         material origin</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic key rotation status</a>. KMS automatically synchronizes these shared
  *       properties among related multi-Region keys. All other properties of a replica key can differ,
  *       including its <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key
  *         policy</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">tags</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">aliases</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">key
- *         state</a>. AWS KMS pricing and quotas for CMKs apply to each primary key and replica
+ *         state</a>. KMS pricing and quotas for KMS keys apply to each primary key and replica
  *       key.</p>
  *          <p>When this operation completes, the new replica key has a transient key state of
  *         <code>Creating</code>. This key state changes to <code>Enabled</code> (or
@@ -35,31 +35,31 @@ export interface ReplicateKeyCommandOutput extends ReplicateKeyResponse, __Metad
  *       cannot yet use it in cryptographic operations. If you are creating and using the replica key
  *       programmatically, retry on <code>KMSInvalidStateException</code> or call
  *         <code>DescribeKey</code> to check its <code>KeyState</code> value before using it. For
- *       details about the <code>Creating</code> key state, see <a href="kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the
- *       <i>AWS Key Management Service Developer Guide</i>.</p>
- *          <p>The AWS CloudTrail log of a <code>ReplicateKey</code> operation records a
+ *       details about the <code>Creating</code> key state, see <a href="kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the
+ *       <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>The CloudTrail log of a <code>ReplicateKey</code> operation records a
  *       <code>ReplicateKey</code> operation in the primary key's Region and a <a>CreateKey</a> operation in the replica key's Region.</p>
  *          <p>If you replicate a multi-Region primary key with imported key material, the replica key is
  *       created with no key material. You must import the same key material that you imported into the
- *       primary key. For details, see <a href="kms/latest/developerguide/multi-region-keys-import.html">Importing key material into multi-Region keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       primary key. For details, see <a href="kms/latest/developerguide/multi-region-keys-import.html">Importing key material into multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>To convert a replica key to a primary key, use the <a>UpdatePrimaryRegion</a>
  *       operation.</p>
  *          <note>
  *             <p>
  *                <code>ReplicateKey</code> uses different default values for the <code>KeyPolicy</code> and
- *           <code>Tags</code> parameters than those used in the AWS KMS console. For details, see the
+ *           <code>Tags</code> parameters than those used in the KMS console. For details, see the
  *         parameter descriptions.</p>
  *          </note>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot use this operation to
- *       create a CMK in a different AWS account. </p>
+ *       create a replica key in a different Amazon Web Services account. </p>
  *          <p>
  *             <b>Required permissions</b>: </p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <code>kms:ReplicateKey</code> on the primary CMK (in the primary CMK's Region). Include this
- *           permission in the primary CMK's key policy.</p>
+ *                   <code>kms:ReplicateKey</code> on the primary key (in the primary key's Region). Include this
+ *           permission in the primary key's key policy.</p>
  *             </li>
  *             <li>
  *                <p>

package/dist/types/commands/RetireGrantCommand.d.ts

@@ -9,24 +9,24 @@ export interface RetireGrantCommandOutput extends __MetadataBearer {
 /**
  * <p>Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To
  *       identify the grant to retire, use a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">grant token</a>, or both the grant ID and a
- *       key identifier (key ID or key ARN) of the customer master key (CMK). The <a>CreateGrant</a> operation returns both values.</p>
+ *       key identifier (key ID or key ARN) of the KMS key. The <a>CreateGrant</a> operation returns both values.</p>
  *          <p>This operation can be called by the <i>retiring principal</i> for a grant,
  *       by the <i>grantee principal</i> if the grant allows the <code>RetireGrant</code>
- *       operation, and by the AWS account (root user) in which the grant is created. It can also be
+ *       operation, and by the Amazon Web Services account (root user) in which the grant is created. It can also be
  *       called by principals to whom permission for retiring a grant is delegated. For details, see
- *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and
- *         revoking grants</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and
+ *         revoking grants</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
  *         <i>
- *                <i>AWS Key Management Service Developer Guide</i>
+ *                <i>Key Management Service Developer Guide</i>
  *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>.</p>
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. You can retire a grant on a CMK
- *       in a different AWS account.</p>
+ *             <b>Cross-account use</b>: Yes. You can retire a grant on a KMS key
+ *       in a different Amazon Web Services account.</p>
  *          <p>
  *             <b>Required permissions:</b>:Permission to retire a grant is
- *       determined primarily by the grant. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and revoking grants</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       determined primarily by the grant. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and revoking grants</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>

package/dist/types/commands/RevokeGrantCommand.d.ts

@@ -11,14 +11,19 @@ export interface RevokeGrantCommandOutput extends __MetadataBearer {
  *       grant allows. For more
  *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/managing-grants.html#grant-delete">Retiring and revoking grants</a> in
  *       the <i>
- *                <i>AWS Key Management Service Developer Guide</i>
+ *                <i>Key Management Service Developer Guide</i>
  *             </i>.</p>
- *          <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout AWS KMS. This state is known as <i>eventual consistency</i>. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency">Eventual consistency</a> in
+ *          <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as <i>eventual consistency</i>. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency">Eventual consistency</a> in
  *       the <i>
- *                <i>AWS Key Management Service Developer Guide</i>
+ *                <i>Key Management Service Developer Guide</i>
  *             </i>. </p>
+ *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
+ *         <i>
+ *                <i>Key Management Service Developer Guide</i>
+ *             </i>. For examples of working with grants in several
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation on a CMK in a different AWS account, specify the key
+ *             <b>Cross-account use</b>: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
  *   ARN in the value of the <code>KeyId</code> parameter.</p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:RevokeGrant</a> (key policy).</p>

package/dist/types/commands/ScheduleKeyDeletionCommand.d.ts

@@ -7,38 +7,38 @@ export interface ScheduleKeyDeletionCommandInput extends ScheduleKeyDeletionRequ
 export interface ScheduleKeyDeletionCommandOutput extends ScheduleKeyDeletionResponse, __MetadataBearer {
 }
 /**
- * <p>Schedules the deletion of a customer master key (CMK). By default, AWS KMS applies a waiting
+ * <p>Schedules the deletion of a KMS key. By default, KMS applies a waiting
  *       period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is
- *       successful, the key state of the CMK changes to <code>PendingDeletion</code> and the key can't
+ *       successful, the key state of the KMS key changes to <code>PendingDeletion</code> and the key can't
  *       be used in any cryptographic operations. It remains in this state for the duration of the
- *       waiting period. Before the waiting period ends, you can use <a>CancelKeyDeletion</a> to cancel the deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK,
- *       its key material, and all AWS KMS data associated with it, including all aliases that refer to
+ *       waiting period. Before the waiting period ends, you can use <a>CancelKeyDeletion</a> to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key,
+ *       its key material, and all KMS data associated with it, including all aliases that refer to
  *       it.</p>
  *          <important>
- *             <p>Deleting a CMK is a destructive and potentially dangerous operation. When a CMK is
- *         deleted, all data that was encrypted under the CMK is unrecoverable. (The only exception is
- *         a multi-Region replica key.) To prevent the use of a CMK without deleting it, use <a>DisableKey</a>. </p>
+ *             <p>Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is
+ *         deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is
+ *         a multi-Region replica key.) To prevent the use of a KMS key without deleting it, use <a>DisableKey</a>. </p>
  *          </important>
- *          <p>If you schedule deletion of a CMK from a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, when the waiting period
- *       expires, <code>ScheduleKeyDeletion</code> deletes the CMK from AWS KMS. Then AWS KMS makes a best
- *       effort to delete the key material from the associated AWS CloudHSM cluster. However, you might need
+ *          <p>If you schedule deletion of a KMS key from a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, when the waiting period
+ *       expires, <code>ScheduleKeyDeletion</code> deletes the KMS key from KMS. Then KMS makes a best
+ *       effort to delete the key material from the associated CloudHSM cluster. However, you might need
  *       to manually <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key">delete the orphaned key
  *         material</a> from the cluster and its backups.</p>
  *          <p>You can schedule the deletion of a multi-Region primary key and its replica keys at any
- *       time. However, AWS KMS will not delete a multi-Region primary key with existing replica keys. If
+ *       time. However, KMS will not delete a multi-Region primary key with existing replica keys. If
  *       you schedule the deletion of a primary key with replicas, its key state changes to
  *         <code>PendingReplicaDeletion</code> and it cannot be replicated or used in cryptographic
  *       operations. This status can continue indefinitely. When the last of its replicas keys is
  *       deleted (not just scheduled), the key state of the primary key changes to
  *         <code>PendingDeletion</code> and its waiting period (<code>PendingWindowInDays</code>)
- *       begins. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html">Deleting multi-Region keys</a> in the <i>AWS Key Management Service Developer Guide</i>. </p>
- *          <p>For more information about scheduling a CMK for deletion, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting Customer Master Keys</a> in the
- *       <i>AWS Key Management Service Developer Guide</i>.</p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       begins. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html">Deleting multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>. </p>
+ *          <p>For more information about scheduling a KMS key for deletion, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting KMS keys</a> in the
+ *       <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *
  *          <p>

package/dist/types/commands/SignCommand.d.ts

@@ -8,21 +8,20 @@ export interface SignCommandOutput extends SignResponse, __MetadataBearer {
 }
 /**
  * <p>Creates a <a href="https://en.wikipedia.org/wiki/Digital_signature">digital
- *         signature</a> for a message or message digest by using the private key in an asymmetric
- *       CMK. To verify the signature, use the <a>Verify</a> operation, or use the public
- *       key in the same asymmetric CMK outside of AWS KMS. For information about symmetric and asymmetric CMKs, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *         signature</a> for a message or message digest by using the private key in an asymmetric KMS key. To verify the signature, use the <a>Verify</a> operation, or use the public
+ *       key in the same asymmetric KMS key outside of KMS. For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>Digital signatures are generated and verified by using asymmetric key pair, such as an RSA
- *       or ECC pair that is represented by an asymmetric customer master key (CMK). The key owner (or
+ *       or ECC pair that is represented by an asymmetric KMS key. The key owner (or
  *       an authorized user) uses their private key to sign a message. Anyone with the public key can
  *       verify that the message was signed with that particular private key and that the message
  *       hasn't changed since it was signed. </p>
  *          <p>To use the <code>Sign</code> operation, provide the following information:</p>
  *          <ul>
  *             <li>
- *                <p>Use the <code>KeyId</code> parameter to identify an asymmetric CMK with a
+ *                <p>Use the <code>KeyId</code> parameter to identify an asymmetric KMS key with a
  *             <code>KeyUsage</code> value of <code>SIGN_VERIFY</code>. To get the
- *             <code>KeyUsage</code> value of a CMK, use the <a>DescribeKey</a> operation.
- *           The caller must have <code>kms:Sign</code> permission on the CMK.</p>
+ *             <code>KeyUsage</code> value of a KMS key, use the <a>DescribeKey</a> operation.
+ *           The caller must have <code>kms:Sign</code> permission on the KMS key.</p>
  *             </li>
  *             <li>
  *                <p>Use the <code>Message</code> parameter to specify the message or message digest to
@@ -32,20 +31,20 @@ export interface SignCommandOutput extends SignResponse, __MetadataBearer {
  *             <code>MessageType</code> parameter.</p>
  *             </li>
  *             <li>
- *                <p>Choose a signing algorithm that is compatible with the CMK. </p>
+ *                <p>Choose a signing algorithm that is compatible with the KMS key. </p>
  *             </li>
  *          </ul>
  *          <important>
- *             <p>When signing a message, be sure to record the CMK and the signing algorithm. This
+ *             <p>When signing a message, be sure to record the KMS key and the signing algorithm. This
  *         information is required to verify the signature.</p>
  *          </important>
  *          <p>To verify the signature that this operation generates, use the <a>Verify</a>
  *       operation. Or use the <a>GetPublicKey</a> operation to download the public key and
- *       then use the public key to verify the signature outside of AWS KMS. </p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       then use the public key to verify the signature outside of KMS. </p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation with a CMK in a different AWS account, specify
+ *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
  *
  *          <p>

package/dist/types/commands/TagResourceCommand.d.ts

@@ -7,26 +7,24 @@ export interface TagResourceCommandInput extends TagResourceRequest {
 export interface TagResourceCommandOutput extends __MetadataBearer {
 }
 /**
- * <p>Adds or edits tags on a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed CMK</a>.</p>
+ * <p>Adds or edits tags on a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a>.</p>
  *          <note>
- *             <p>Tagging or untagging a CMK can allow or deny permission to the
- *                 CMK. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in AWS KMS</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *             <p>Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          </note>
  *          <p>Each tag consists of a tag key and a tag value, both of which are case-sensitive strings.
  *       The tag value can be an empty (null) string. To add a tag, specify a new tag key and a tag
  *       value. To edit a tag, specify an existing tag key and a new tag value.</p>
- *          <p>You can use this operation to tag a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed CMK</a>, but you cannot
- *       tag an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">AWS
- *         managed CMK</a>, an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">AWS owned CMK</a>, a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#keystore-concept">custom key store</a>, or
+ *          <p>You can use this operation to tag a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a>, but you cannot
+ *       tag an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed key</a>, an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned key</a>, a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#keystore-concept">custom key store</a>, or
  *       an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept">alias</a>.</p>
- *          <p>You can also add tags to a CMK while creating it (<a>CreateKey</a>) or replicating it (<a>ReplicateKey</a>).</p>
- *          <p>For information about using tags in AWS KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging keys</a>. For general information about
- *       tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging AWS resources</a> in the <i>Amazon
+ *          <p>You can also add tags to a KMS key while creating it (<a>CreateKey</a>) or replicating it (<a>ReplicateKey</a>).</p>
+ *          <p>For information about using tags in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging keys</a>. For general information about
+ *       tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a> in the <i>Amazon
  *         Web Services General Reference</i>. </p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No.  You cannot perform this operation on a CMK in a different AWS account. </p>
+ *             <b>Cross-account use</b>: No.  You cannot perform this operation on a KMS key in a different Amazon Web Services account. </p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> (key policy)</p>

package/dist/types/commands/UntagResourceCommand.d.ts

@@ -7,23 +7,22 @@ export interface UntagResourceCommandInput extends UntagResourceRequest {
 export interface UntagResourceCommandOutput extends __MetadataBearer {
 }
 /**
- * <p>Deletes tags from a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed CMK</a>. To delete a tag,
- *       specify the tag key and the CMK.</p>
+ * <p>Deletes tags from a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a>. To delete a tag,
+ *       specify the tag key and the KMS key.</p>
  *          <note>
- *             <p>Tagging or untagging a CMK can allow or deny permission to the
- *                 CMK. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in AWS KMS</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *             <p>Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          </note>
  *          <p>When it succeeds, the <code>UntagResource</code> operation doesn't return any output.
- *       Also, if the specified tag key isn't found on the CMK, it doesn't throw an exception or return
+ *       Also, if the specified tag key isn't found on the KMS key, it doesn't throw an exception or return
  *       a response. To confirm that the operation worked, use the <a>ListResourceTags</a> operation.</p>
  *
- *          <p>For information about using tags in AWS KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging keys</a>. For general information about
- *       tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging AWS resources</a> in the <i>Amazon
+ *          <p>For information about using tags in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging keys</a>. For general information about
+ *       tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a> in the <i>Amazon
  *         Web Services General Reference</i>. </p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No.  You cannot perform this operation on a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No.  You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UntagResource</a> (key policy)</p>

package/dist/types/commands/UpdateAliasCommand.d.ts

@@ -7,27 +7,27 @@ export interface UpdateAliasCommandInput extends UpdateAliasRequest {
 export interface UpdateAliasCommandOutput extends __MetadataBearer {
 }
 /**
- * <p>Associates an existing AWS KMS alias with a different customer master key (CMK). Each alias
- *       is associated with only one CMK at a time, although a CMK can have multiple aliases. The alias
- *       and the CMK must be in the same AWS account and Region.</p>
+ * <p>Associates an existing KMS alias with a different KMS key. Each alias
+ *       is associated with only one KMS key at a time, although a KMS key can have multiple aliases. The alias
+ *       and the KMS key must be in the same Amazon Web Services account and Region.</p>
  *          <note>
- *             <p>Adding, deleting, or updating an alias can allow or deny permission to the CMK. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in AWS KMS</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *             <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          </note>
- *          <p>The current and new CMK must be the same type (both symmetric or both asymmetric), and
+ *          <p>The current and new KMS key must be the same type (both symmetric or both asymmetric), and
  *       they must have the same key usage (<code>ENCRYPT_DECRYPT</code> or <code>SIGN_VERIFY</code>).
  *       This restriction prevents errors in code that uses aliases. If you must assign an alias to a
- *       different type of CMK, use <a>DeleteAlias</a> to delete the old alias and <a>CreateAlias</a> to create a new alias.</p>
+ *       different type of KMS key, use <a>DeleteAlias</a> to delete the old alias and <a>CreateAlias</a> to create a new alias.</p>
  *          <p>You cannot use <code>UpdateAlias</code> to change an alias name. To change an alias name,
  *       use <a>DeleteAlias</a> to delete the old alias and <a>CreateAlias</a> to
  *       create a new alias.</p>
- *          <p>Because an alias is not a property of a CMK, you can create, update, and delete the
- *       aliases of a CMK without affecting the CMK. Also, aliases do not appear in the response from
- *       the <a>DescribeKey</a> operation. To get the aliases of all CMKs in the account,
+ *          <p>Because an alias is not a property of a KMS key, you can create, update, and delete the
+ *       aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from
+ *       the <a>DescribeKey</a> operation. To get the aliases of all KMS keys in the account,
  *       use the <a>ListAliases</a> operation. </p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account. </p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. </p>
  *          <p>
  *             <b>Required permissions</b>
  *          </p>
@@ -38,14 +38,14 @@ export interface UpdateAliasCommandOutput extends __MetadataBearer {
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UpdateAlias</a> on the current CMK (key policy).</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UpdateAlias</a> on the current KMS key (key policy).</p>
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UpdateAlias</a> on the new CMK (key policy).</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UpdateAlias</a> on the new KMS key (key policy).</p>
  *             </li>
  *          </ul>
- *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>

package/dist/types/commands/UpdateCustomKeyStoreCommand.d.ts

@@ -24,30 +24,30 @@ export interface UpdateCustomKeyStoreCommandOutput extends UpdateCustomKeyStoreR
  *                <p> </p>
  *             </li>
  *             <li>
- *                <p>Use the <b>KeyStorePassword</b> parameter tell AWS KMS the
+ *                <p>Use the <b>KeyStorePassword</b> parameter tell KMS the
  *           current password of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser">
  *                      <code>kmsuser</code> crypto
- *             user (CU)</a> in the associated AWS CloudHSM cluster. You can use this parameter to <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password">fix
- *             connection failures</a> that occur when AWS KMS cannot log into the associated cluster
+ *             user (CU)</a> in the associated CloudHSM cluster. You can use this parameter to <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password">fix
+ *             connection failures</a> that occur when KMS cannot log into the associated cluster
  *           because the <code>kmsuser</code> password has changed. This value does not change the
- *           password in the AWS CloudHSM cluster.</p>
+ *           password in the CloudHSM cluster.</p>
  *                <p> </p>
  *             </li>
  *             <li>
  *                <p>Use the <b>CloudHsmClusterId</b> parameter to associate the
- *           custom key store with a different, but related, AWS CloudHSM cluster. You can use this parameter
- *           to repair a custom key store if its AWS CloudHSM cluster becomes corrupted or is deleted, or when
+ *           custom key store with a different, but related, CloudHSM cluster. You can use this parameter
+ *           to repair a custom key store if its CloudHSM cluster becomes corrupted or is deleted, or when
  *           you need to create or restore a cluster from a backup. </p>
  *             </li>
  *          </ul>
  *          <p>If the operation succeeds, it returns a JSON object with no
  * properties.</p>
- *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in AWS KMS, which
- * combines the convenience and extensive integration of AWS KMS with the isolation and control of a
+ *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in KMS, which
+ * combines the convenience and extensive integration of KMS with the isolation and control of a
  * single-tenant key store.</p>
  *
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different AWS account. </p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account. </p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UpdateCustomKeyStore</a> (IAM policy)</p>
  *          <p>

package/dist/types/commands/UpdateKeyDescriptionCommand.d.ts

@@ -7,12 +7,12 @@ export interface UpdateKeyDescriptionCommandInput extends UpdateKeyDescriptionRe
 export interface UpdateKeyDescriptionCommandOutput extends __MetadataBearer {
 }
 /**
- * <p>Updates the description of a customer master key (CMK). To see the description of a CMK,
+ * <p>Updates the description of a KMS key. To see the description of a KMS key,
  *       use <a>DescribeKey</a>. </p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No.  You cannot perform this operation on a CMK in a different AWS account. </p>
+ *             <b>Cross-account use</b>: No.  You cannot perform this operation on a KMS key in a different Amazon Web Services account. </p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UpdateKeyDescription</a> (key policy)</p>