@aws-sdk/client-kms 3.28.0 → 3.32.0

package/dist/types/ts3.4/KMSClient.d.ts

@@ -162,22 +162,23 @@ declare type KMSClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpH
 export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {
 }
 /**
- * <fullname>AWS Key Management Service</fullname>
- *          <p>AWS Key Management Service (AWS KMS) is an encryption and key management web service. This guide describes
- *       the AWS KMS operations that you can call programmatically. For general information about AWS KMS,
+ * <fullname>Key Management Service</fullname>
+ *          <p>Key Management Service (KMS) is an encryption and key management web service. This guide describes
+ *       the KMS operations that you can call programmatically. For general information about KMS,
  *       see the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/">
- *                <i>AWS Key Management Service Developer Guide</i>
+ *                <i>Key Management Service Developer Guide</i>
  *             </a>.</p>
  *          <note>
- *             <p>AWS provides SDKs that consist of libraries and sample code for various programming
+ *             <p>KMS is replacing the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
+ *             <p>Amazon Web Services provides SDKs that consist of libraries and sample code for various programming
  *         languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a
- *         convenient way to create programmatic access to AWS KMS and other AWS services. For example,
+ *         convenient way to create programmatic access to KMS and other Amazon Web Services services. For example,
  *         the SDKs take care of tasks such as signing requests (see below), managing errors, and
- *         retrying requests automatically. For more information about the AWS SDKs, including how to
+ *         retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to
  *         download and install them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web
  *           Services</a>.</p>
  *          </note>
- *          <p>We recommend that you use the AWS SDKs to make programmatic API calls to AWS KMS.</p>
+ *          <p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.</p>
  *          <p>Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients
  *       must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral
  *       Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems
@@ -186,19 +187,18 @@ export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {
  *             <b>Signing Requests</b>
  *          </p>
  *          <p>Requests must be signed by using an access key ID and a secret access key. We strongly
- *       recommend that you <i>do not</i> use your AWS account (root) access key ID and
- *       secret key for everyday work with AWS KMS. Instead, use the access key ID and secret access key
- *       for an IAM user. You can also use the AWS Security Token Service to generate temporary
+ *       recommend that you <i>do not</i> use your Amazon Web Services account (root) access key ID and
+ *       secret key for everyday work with KMS. Instead, use the access key ID and secret access key
+ *       for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary
  *       security credentials that you can use to sign requests.</p>
- *          <p>All AWS KMS operations require <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
+ *          <p>All KMS operations require <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
  *          <p>
  *             <b>Logging API Requests</b>
  *          </p>
- *          <p>AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS
- *       account and delivers them to an Amazon S3 bucket that you specify. By using the information
- *       collected by CloudTrail, you can determine what requests were made to AWS KMS, who made the request,
+ *          <p>KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information
+ *       collected by CloudTrail, you can determine what requests were made to KMS, who made the request,
  *       when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find
- *       your log files, see the <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/">AWS CloudTrail User Guide</a>.</p>
+ *       your log files, see the <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/">CloudTrail User Guide</a>.</p>
  *          <p>
  *             <b>Additional Resources</b>
  *          </p>
@@ -206,9 +206,9 @@ export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {
  *          <ul>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html">AWS Security
+ *                   <a href="https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html">Amazon Web Services Security
  *             Credentials</a> - This topic provides general information about the types of
- *           credentials used for accessing AWS.</p>
+ *           credentials used to access Amazon Web Services.</p>
  *             </li>
  *             <li>
  *                <p>

package/dist/types/ts3.4/commands/CancelKeyDeletionCommand.d.ts

@@ -7,14 +7,13 @@ export interface CancelKeyDeletionCommandInput extends CancelKeyDeletionRequest
 export interface CancelKeyDeletionCommandOutput extends CancelKeyDeletionResponse, __MetadataBearer {
 }
 /**
- * <p>Cancels the deletion of a customer master key (CMK). When this operation succeeds, the key
- *       state of the CMK is <code>Disabled</code>. To enable the CMK, use <a>EnableKey</a>. </p>
- *          <p>For more information about scheduling and canceling deletion of a CMK, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting Customer Master
- *         Keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ * <p>Cancels the deletion of a KMS key. When this operation succeeds, the key
+ *       state of the KMS key is <code>Disabled</code>. To enable the KMS key, use <a>EnableKey</a>. </p>
+ *          <p>For more information about scheduling and canceling deletion of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CancelKeyDeletion</a> (key policy)</p>
  *          <p>

package/dist/types/ts3.4/commands/ConnectCustomKeyStoreCommand.d.ts

@@ -7,24 +7,24 @@ export interface ConnectCustomKeyStoreCommandInput extends ConnectCustomKeyStore
 export interface ConnectCustomKeyStoreCommandOutput extends ConnectCustomKeyStoreResponse, __MetadataBearer {
 }
 /**
- * <p>Connects or reconnects a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> to its associated AWS CloudHSM cluster.</p>
- *          <p>The custom key store must be connected before you can create customer master keys (CMKs)
- *       in the key store or use the CMKs it contains. You can disconnect and reconnect a custom key
+ * <p>Connects or reconnects a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> to its associated CloudHSM cluster.</p>
+ *          <p>The custom key store must be connected before you can create KMS keys
+ *       in the key store or use the KMS keys it contains. You can disconnect and reconnect a custom key
  *       store at any time.</p>
- *          <p>To connect a custom key store, its associated AWS CloudHSM cluster must have at least one active
+ *          <p>To connect a custom key store, its associated CloudHSM cluster must have at least one active
  *       HSM. To get the number of active HSMs in a cluster, use the <a href="https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html">DescribeClusters</a> operation. To add HSMs
  *       to the cluster, use the <a href="https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html">CreateHsm</a> operation. Also, the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser">
  *                <code>kmsuser</code> crypto
- *         user</a> (CU) must not be logged into the cluster. This prevents AWS KMS from using this
+ *         user</a> (CU) must not be logged into the cluster. This prevents KMS from using this
  *       account to log in.</p>
  *          <p>The connection process can take an extended amount of time to complete; up to 20 minutes.
  *       This operation starts the connection process, but it does not wait for it to complete. When it
  *       succeeds, this operation quickly returns an HTTP 200 response and a JSON object with no
  *       properties. However, this response does not indicate that the custom key store is connected.
  *       To get the connection state of the custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
- *          <p>During the connection process, AWS KMS finds the AWS CloudHSM cluster that is associated with the
+ *          <p>During the connection process, KMS finds the CloudHSM cluster that is associated with the
  *       custom key store, creates the connection infrastructure, connects to the cluster, logs into
- *       the AWS CloudHSM client as the <code>kmsuser</code> CU, and rotates its password.</p>
+ *       the CloudHSM client as the <code>kmsuser</code> CU, and rotates its password.</p>
  *          <p>The <code>ConnectCustomKeyStore</code> operation might fail for various reasons. To find
  *       the reason, use the <a>DescribeCustomKeyStores</a> operation and see the
  *         <code>ConnectionErrorCode</code> in the response. For help interpreting the
@@ -33,9 +33,9 @@ export interface ConnectCustomKeyStoreCommandOutput extends ConnectCustomKeyStor
  *       disconnect the custom key store, correct the error, use the <a>UpdateCustomKeyStore</a> operation if necessary, and then use
  *         <code>ConnectCustomKeyStore</code> again.</p>
  *          <p>If you are having trouble connecting or disconnecting a custom key store, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html">Troubleshooting a Custom Key
- *         Store</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *         Store</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ConnectCustomKeyStore</a> (IAM policy)</p>

package/dist/types/ts3.4/commands/CreateAliasCommand.d.ts

@@ -7,26 +7,25 @@ export interface CreateAliasCommandInput extends CreateAliasRequest {
 export interface CreateAliasCommandOutput extends __MetadataBearer {
 }
 /**
- * <p>Creates a friendly name for a customer master key (CMK). </p>
+ * <p>Creates a friendly name for a KMS key. </p>
  *          <note>
- *             <p>Adding, deleting, or updating an alias can allow or deny permission to the CMK. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in AWS KMS</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *             <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          </note>
- *          <p>You can use an alias to identify a CMK in the AWS KMS console, in the <a>DescribeKey</a> operation and in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>, such as <a>Encrypt</a> and
- *         <a>GenerateDataKey</a>. You can also change the CMK that's associated with the
+ *          <p>You can use an alias to identify a KMS key in the KMS console, in the <a>DescribeKey</a> operation and in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>, such as <a>Encrypt</a> and
+ *         <a>GenerateDataKey</a>. You can also change the KMS key that's associated with the
  *       alias (<a>UpdateAlias</a>) or delete the alias (<a>DeleteAlias</a>) at
- *       any time. These operations don't affect the underlying CMK. </p>
- *          <p>You can associate the alias with any customer managed CMK in the same AWS Region. Each
- *       alias is associated with only one CMK at a time, but a CMK can have multiple aliases. A valid
- *       CMK is required. You can't create an alias without a CMK.</p>
+ *       any time. These operations don't affect the underlying KMS key. </p>
+ *          <p>You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each
+ *       alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. A valid KMS key is required. You can't create an alias without a KMS key.</p>
  *          <p>The alias must be unique in the account and Region, but you can have aliases with the same
  *       name in different Regions. For detailed information about aliases, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">Using aliases</a> in the
- *       <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>This operation does not return a response. To get the alias that you created, use the
  *         <a>ListAliases</a> operation.</p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on an alias in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on an alias in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>
@@ -38,10 +37,10 @@ export interface CreateAliasCommandOutput extends __MetadataBearer {
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateAlias</a> on the CMK (key policy).</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateAlias</a> on the KMS key (key policy).</p>
  *             </li>
  *          </ul>
- *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>

package/dist/types/ts3.4/commands/CreateCustomKeyStoreCommand.d.ts

@@ -7,24 +7,24 @@ export interface CreateCustomKeyStoreCommandInput extends CreateCustomKeyStoreRe
 export interface CreateCustomKeyStoreCommandOutput extends CreateCustomKeyStoreResponse, __MetadataBearer {
 }
 /**
- * <p>Creates a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> that is associated with an <a href="https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html">AWS CloudHSM cluster</a> that you own and
+ * <p>Creates a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> that is associated with an <a href="https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html">CloudHSM cluster</a> that you own and
  *     manage.</p>
- *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in AWS KMS, which
- * combines the convenience and extensive integration of AWS KMS with the isolation and control of a
+ *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in KMS, which
+ * combines the convenience and extensive integration of KMS with the isolation and control of a
  * single-tenant key store.</p>
  *          <p>Before you create the custom key store, you must assemble
- *       the required elements, including an AWS CloudHSM cluster that fulfills the requirements for a custom
+ *       the required elements, including an CloudHSM cluster that fulfills the requirements for a custom
  *       key store. For details about the required elements, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore">Assemble the Prerequisites</a>
- *       in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>When the operation completes successfully, it returns the ID of the new custom key store.
- *       Before you can use your new custom key store, you need to use the <a>ConnectCustomKeyStore</a> operation to connect the new key store to its AWS CloudHSM
+ *       Before you can use your new custom key store, you need to use the <a>ConnectCustomKeyStore</a> operation to connect the new key store to its CloudHSM
  *       cluster. Even if you are not going to use your custom key store immediately, you might want to
  *       connect it to verify that all settings are correct and then disconnect it until you are ready
  *       to use it.</p>
  *          <p>For help with failures, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html">Troubleshooting a Custom Key Store</a> in the
- *       <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateCustomKeyStore</a> (IAM policy).</p>
  *          <p>

package/dist/types/ts3.4/commands/CreateGrantCommand.d.ts

@@ -7,45 +7,38 @@ export interface CreateGrantCommandInput extends CreateGrantRequest {
 export interface CreateGrantCommandOutput extends CreateGrantResponse, __MetadataBearer {
 }
 /**
- * <p>Adds a grant to a customer master key (CMK). </p>
- *          <p>A <i>grant</i> is a policy instrument that allows AWS principals to use AWS
- *       KMS customer master keys (CMKs) in cryptographic operations. It also can allow them to view a
- *       CMK (<a>DescribeKey</a>) and create and manage grants. When authorizing access to a
- *       CMK, grants are considered along with key policies and IAM policies. Grants are often used for
+ * <p>Adds a grant to a KMS key. </p>
+ *          <p>A <i>grant</i> is a policy instrument that allows Amazon Web Services principals to use KMS keys in cryptographic operations. It also can allow them to view a KMS key (<a>DescribeKey</a>) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies. Grants are often used for
  *       temporary permissions because you can create one, use its permissions, and delete it without
  *       changing your key policies or IAM policies. </p>
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
  *         <i>
- *                <i>AWS Key Management Service Developer Guide</i>
+ *                <i>Key Management Service Developer Guide</i>
  *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>.</p>
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
  *          <p>The <code>CreateGrant</code> operation returns a <code>GrantToken</code> and a
- *         <code>GrantId</code>.</p>
+ *       <code>GrantId</code>.</p>
  *          <ul>
  *             <li>
- *                <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout AWS KMS. This state is known as <i>eventual consistency</i>. Once the grant has achieved eventual consistency, the grantee principal
- *           can use the permissions in the grant without identifying the grant. </p>
+ *                <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as <i>eventual consistency</i>. Once the grant has achieved eventual consistency, the grantee principal
+ *         can use the permissions in the grant without identifying the grant. </p>
  *                <p>However, to use the permissions in the grant immediately, use the
- *             <code>GrantToken</code> that <code>CreateGrant</code> returns. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using a grant
+ *           <code>GrantToken</code> that <code>CreateGrant</code> returns. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant
  *             token</a> in the <i>
- *                      <i>AWS Key Management Service Developer Guide</i>
+ *                      <i>Key Management Service Developer Guide</i>
  *                   </i>.</p>
  *             </li>
  *             <li>
  *                <p>The <code>CreateGrant</code> operation also returns a <code>GrantId</code>. You can use the
- *             <code>GrantId</code> and a key identifier to identify the grant in the <a>RetireGrant</a> and <a>RevokeGrant</a> operations. To find the grant
- *           ID, use the <a>ListGrants</a> or <a>ListRetirableGrants</a>
- *           operations.</p>
+ *         <code>GrantId</code> and a key identifier to identify the grant in the <a>RetireGrant</a> and <a>RevokeGrant</a> operations. To find the grant
+ *         ID, use the <a>ListGrants</a> or <a>ListRetirableGrants</a>
+ *         operations.</p>
  *             </li>
  *          </ul>
- *          <p>For information about symmetric and asymmetric CMKs, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>. For more information about grants, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Grants</a> in the
- *       <i>
- *                <i>AWS Key Management Service Developer Guide</i>
- *             </i>.</p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. To perform this operation on a CMK in a different AWS account, specify the key
+ *             <b>Cross-account use</b>: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
  *   ARN in the value of the <code>KeyId</code> parameter. </p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateGrant</a> (key policy)</p>

package/dist/types/ts3.4/commands/CreateKeyCommand.d.ts

@@ -7,109 +7,109 @@ export interface CreateKeyCommandInput extends CreateKeyRequest {
 export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBearer {
 }
 /**
- * <p>Creates a unique customer managed <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master-keys">customer master key</a> (CMK) in your AWS
- *       account and Region.</p>
+ * <p>Creates a unique customer managed <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys">KMS key</a> in your Amazon Web Services account and Region.</p>
+ *          <note>
+ *             <p>KMS is replacing the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
+ *          </note>
  *
- *          <p>You can use the <code>CreateKey</code> operation to create symmetric or asymmetric
- *       CMKs.</p>
+ *          <p>You can use the <code>CreateKey</code> operation to create symmetric or asymmetric KMS keys.</p>
  *          <ul>
  *             <li>
  *                <p>
- *                   <b>Symmetric CMKs</b> contain a 256-bit symmetric key that
- *           never leaves AWS KMS unencrypted. To use the CMK, you must call AWS KMS. You can use a
- *           symmetric CMK to encrypt and decrypt small amounts of data, but they are typically used to
+ *                   <b>Symmetric KMS keys</b> contain a 256-bit symmetric key that
+ *           never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use a
+ *           symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically used to
  *           generate <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys">data
  *             keys</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-key-pairs">data keys pairs</a>. For details,
  *           see <a>GenerateDataKey</a> and <a>GenerateDataKeyPair</a>.</p>
  *             </li>
  *             <li>
  *                <p>
- *                   <b>Asymmetric CMKs</b> can contain an RSA key pair or an
- *           Elliptic Curve (ECC) key pair. The private key in an asymmetric CMK never leaves AWS KMS
+ *                   <b>Asymmetric KMS keys</b> can contain an RSA key pair or an
+ *           Elliptic Curve (ECC) key pair. The private key in an asymmetric KMS key never leaves KMS
  *           unencrypted. However, you can use the <a>GetPublicKey</a> operation to download
- *           the public key so it can be used outside of AWS KMS. CMKs with RSA key pairs can be used to
- *           encrypt or decrypt data or sign and verify messages (but not both). CMKs with ECC key
+ *           the public key so it can be used outside of KMS. KMS keys with RSA key pairs can be used to
+ *           encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key
  *           pairs can be used only to sign and verify messages.</p>
  *             </li>
  *          </ul>
- *          <p>For information about symmetric and asymmetric CMKs, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *
  *
- *          <p>To create different types of CMKs, use the following guidance:</p>
+ *          <p>To create different types of KMS keys, use the following guidance:</p>
  *
  *          <dl>
- *             <dt>Asymmetric CMKs</dt>
+ *             <dt>Asymmetric KMS keys</dt>
  *             <dd>
- *                <p>To create an asymmetric CMK, use the <code>CustomerMasterKeySpec</code> parameter to
- *             specify the type of key material in the CMK. Then, use the <code>KeyUsage</code>
- *             parameter to determine whether the CMK will be used to encrypt and decrypt or sign and
- *             verify. You can't change these properties after the CMK is created.</p>
+ *                <p>To create an asymmetric KMS key, use the <code>KeySpec</code> parameter to specify
+ *             the type of key material in the KMS key. Then, use the <code>KeyUsage</code> parameter
+ *             to determine whether the KMS key will be used to encrypt and decrypt or sign and verify.
+ *             You can't change these properties after the KMS key is created.</p>
  *                <p> </p>
  *             </dd>
- *             <dt>Symmetric CMKs</dt>
+ *             <dt>Symmetric KMS keys</dt>
  *             <dd>
- *                <p>When creating a symmetric CMK, you don't need to specify the
- *               <code>CustomerMasterKeySpec</code> or <code>KeyUsage</code> parameters. The default
- *             value for <code>CustomerMasterKeySpec</code>, <code>SYMMETRIC_DEFAULT</code>, and the
- *             default value for <code>KeyUsage</code>, <code>ENCRYPT_DECRYPT</code>, are the only
- *             valid values for symmetric CMKs. </p>
+ *                <p>When creating a symmetric KMS key, you don't need to specify the
+ *               <code>KeySpec</code> or <code>KeyUsage</code> parameters. The default value for
+ *               <code>KeySpec</code>, <code>SYMMETRIC_DEFAULT</code>, and the default value for
+ *               <code>KeyUsage</code>, <code>ENCRYPT_DECRYPT</code>, are the only valid values for
+ *             symmetric KMS keys. </p>
  *                <p> </p>
  *             </dd>
  *             <dt>Multi-Region primary keys</dt>
  *             <dt>Imported key material</dt>
  *             <dd>
- *                <p>To create a multi-Region <i>primary key</i> in the local AWS Region,
+ *                <p>To create a multi-Region <i>primary key</i> in the local Amazon Web Services Region,
  *             use the <code>MultiRegion</code> parameter with a value of <code>True</code>. To create
- *             a multi-Region <i>replica key</i>, that is, a CMK with the same key ID and
- *             key material as a primary key, but in a different AWS Region, use the <a>ReplicateKey</a> operation. To change a replica key to a primary key, and its
+ *             a multi-Region <i>replica key</i>, that is, a KMS key with the same key ID and
+ *             key material as a primary key, but in a different Amazon Web Services Region, use the <a>ReplicateKey</a> operation. To change a replica key to a primary key, and its
  *             primary key to a replica key, use the <a>UpdatePrimaryRegion</a>
  *             operation.</p>
- *                <p>This operation supports <i>multi-Region keys</i>, an AWS KMS feature that lets you create multiple
- *       interoperable CMKs in different AWS Regions. Because these CMKs have the same key ID, key
- *       material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt
- *       it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *                <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
+ *       interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
+ *       material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
+ *       it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *                <p>You can create symmetric and asymmetric multi-Region keys and multi-Region keys with
  *             imported key material. You cannot create multi-Region keys in a custom key store.</p>
  *                <p> </p>
  *             </dd>
  *             <dd>
- *                <p>To import your own key material, begin by creating a symmetric CMK with no key
+ *                <p>To import your own key material, begin by creating a symmetric KMS key with no key
  *             material. To do this, use the <code>Origin</code> parameter of <code>CreateKey</code>
  *             with a value of <code>EXTERNAL</code>. Next, use <a>GetParametersForImport</a> operation to get a public key and import token, and use the public key to encrypt
  *             your key material. Then, use <a>ImportKeyMaterial</a> with your import token
  *             to import the key material. For step-by-step instructions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a> in the <i>
- *                      <i>AWS Key Management Service Developer Guide</i>
+ *                      <i>Key Management Service Developer Guide</i>
  *                   </i>. You
- *             cannot import the key material into an asymmetric CMK.</p>
+ *             cannot import the key material into an asymmetric KMS key.</p>
  *                <p>To create a multi-Region primary key with imported key material, use the
  *               <code>Origin</code> parameter of <code>CreateKey</code> with a value of
  *               <code>EXTERNAL</code> and the <code>MultiRegion</code> parameter with a value of
- *               <code>True</code>. To create replicas of the multi-Region primary key, use the <a>ReplicateKey</a> operation. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *               <code>True</code>. To create replicas of the multi-Region primary key, use the <a>ReplicateKey</a> operation. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *                <p> </p>
  *             </dd>
  *             <dt>Custom key store</dt>
  *             <dd>
- *                <p>To create a symmetric CMK in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, use the
+ *                <p>To create a symmetric KMS key in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, use the
  *               <code>CustomKeyStoreId</code> parameter to specify the custom key store. You must also
  *             use the <code>Origin</code> parameter with a value of <code>AWS_CLOUDHSM</code>. The
- *             AWS CloudHSM cluster that is associated with the custom key store must have at least two active
- *             HSMs in different Availability Zones in the AWS Region. </p>
- *                <p>You cannot create an asymmetric CMK or a multi-Region CMK in a custom key store. For
- *             information about custom key stores in AWS KMS see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Using Custom Key Stores</a> in
+ *             CloudHSM cluster that is associated with the custom key store must have at least two active
+ *             HSMs in different Availability Zones in the Amazon Web Services Region. </p>
+ *                <p>You cannot create an asymmetric KMS key in a custom key store. For information about
+ *             custom key stores in KMS see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Using Custom Key Stores</a> in
  *             the <i>
- *                      <i>AWS Key Management Service Developer Guide</i>
+ *                      <i>Key Management Service Developer Guide</i>
  *                   </i>.</p>
  *             </dd>
  *          </dl>
  *          <p>
  *             <b>Cross-account use</b>:  No. You cannot use this operation to
- *       create a CMK in a different AWS account.</p>
+ *       create a KMS key in a different Amazon Web Services account.</p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateKey</a> (IAM policy). To use the
  *         <code>Tags</code> parameter, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> (IAM policy). For examples and information about related
- *       permissions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key">Allow a user to create
- *         CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       permissions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key">Allow a user to create KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>

package/dist/types/ts3.4/commands/DecryptCommand.d.ts

@@ -7,7 +7,7 @@ export interface DecryptCommandInput extends DecryptRequest {
 export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer {
 }
 /**
- * <p>Decrypts ciphertext that was encrypted by a AWS KMS customer master key (CMK) using any of
+ * <p>Decrypts ciphertext that was encrypted by a KMS key using any of
  *       the following operations:</p>
  *          <ul>
  *             <li>
@@ -37,33 +37,34 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer
  *             </li>
  *          </ul>
  *          <p>You can use this operation to decrypt ciphertext that was encrypted under a symmetric or
- *       asymmetric CMK. When the CMK is asymmetric, you must specify the CMK and the encryption
- *       algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric CMKs, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
- *          <p>The Decrypt operation also decrypts ciphertext that was encrypted outside of AWS KMS by the
- *       public key in an AWS KMS asymmetric CMK. However, it cannot decrypt ciphertext produced by other
- *       libraries, such as the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">AWS Encryption
+ *       asymmetric KMS key. When the KMS key is asymmetric, you must specify the KMS key and the encryption
+ *       algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the
+ *       public key in an KMS asymmetric KMS key. However, it cannot decrypt ciphertext produced by other
+ *       libraries, such as the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption
  *         SDK</a> or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3 client-side encryption</a>. These libraries return a ciphertext format that
- *       is incompatible with AWS KMS.</p>
- *          <p>If the ciphertext was encrypted under a symmetric CMK, the <code>KeyId</code> parameter is
- *       optional. AWS KMS can get this information from metadata that it adds to the symmetric
+ *       is incompatible with KMS.</p>
+ *          <p>If the ciphertext was encrypted under a symmetric KMS key, the <code>KeyId</code> parameter is
+ *       optional. KMS can get this information from metadata that it adds to the symmetric
  *       ciphertext blob. This feature adds durability to your implementation by ensuring that
  *       authorized users can decrypt ciphertext decades after it was encrypted, even if they've lost
- *       track of the CMK ID. However, specifying the CMK is always recommended as a best practice.
- *       When you use the <code>KeyId</code> parameter to specify a CMK, AWS KMS only uses the CMK you
- *       specify. If the ciphertext was encrypted under a different CMK, the <code>Decrypt</code>
- *       operation fails. This practice ensures that you use the CMK that you intend.</p>
+ *       track of the key ID. However, specifying the KMS key is always recommended as a best practice.
+ *       When you use the <code>KeyId</code> parameter to specify a KMS key, KMS only uses the KMS key you
+ *       specify. If the ciphertext was encrypted under a different KMS key, the <code>Decrypt</code>
+ *       operation fails. This practice ensures that you use the KMS key that you intend.</p>
  *          <p>Whenever possible, use key policies to give users permission to call the
- *         <code>Decrypt</code> operation on a particular CMK, instead of using IAM policies.
+ *         <code>Decrypt</code> operation on a particular KMS key, instead of using IAM policies.
  *       Otherwise, you might create an IAM user policy that gives the user <code>Decrypt</code>
- *       permission on all CMKs. This user could decrypt ciphertext that was encrypted by CMKs in other
- *       accounts if the key policy for the cross-account CMK permits it. If you must use an IAM policy
- *       for <code>Decrypt</code> permissions, limit the user to particular CMKs or particular trusted
- *       accounts. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices">Best practices for IAM policies</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
- *          <p>The CMK that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *       permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys in other
+ *       accounts if the key policy for the cross-account KMS key permits it. If you must use an IAM policy
+ *       for <code>Decrypt</code> permissions, limit the user to particular KMS keys or particular trusted
+ *       accounts. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices">Best practices for IAM policies</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>Applications in Amazon Web Services Nitro Enclaves can call this operation by using the <a href="https://github.com/aws/aws-nitro-enclaves-sdk-c">Amazon Web Services Nitro Enclaves Development Kit</a>. For information about the supporting parameters, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves use KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes. You can decrypt a ciphertext
- *       using a CMK in a different AWS account.</p>
+ *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter. </p>
  *
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:Decrypt</a> (key policy)</p>

package/dist/types/ts3.4/commands/DeleteAliasCommand.d.ts

@@ -9,15 +9,14 @@ export interface DeleteAliasCommandOutput extends __MetadataBearer {
 /**
  * <p>Deletes the specified alias.  </p>
  *          <note>
- *             <p>Adding, deleting, or updating an alias can allow or deny permission to the CMK. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in AWS KMS</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *             <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          </note>
- *          <p>Because an alias is not a property of a CMK, you can delete and change the aliases of a
- *       CMK without affecting the CMK. Also, aliases do not appear in the response from the <a>DescribeKey</a> operation. To get the aliases of all CMKs, use the <a>ListAliases</a> operation. </p>
- *          <p>Each CMK can have multiple aliases. To change the alias of a CMK, use <a>DeleteAlias</a> to delete the current alias and <a>CreateAlias</a> to
- *       create a new alias. To associate an existing alias with a different customer master key (CMK),
+ *          <p>Because an alias is not a property of a KMS key, you can delete and change the aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the <a>DescribeKey</a> operation. To get the aliases of all KMS keys, use the <a>ListAliases</a> operation. </p>
+ *          <p>Each KMS key can have multiple aliases. To change the alias of a KMS key, use <a>DeleteAlias</a> to delete the current alias and <a>CreateAlias</a> to
+ *       create a new alias. To associate an existing alias with a different KMS key,
  *       call <a>UpdateAlias</a>.</p>
  *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on an alias in a different AWS account.</p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on an alias in a different Amazon Web Services account.</p>
  *          <p>
  *             <b>Required permissions</b>
  *          </p>
@@ -28,10 +27,10 @@ export interface DeleteAliasCommandOutput extends __MetadataBearer {
  *             </li>
  *             <li>
  *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteAlias</a> on the CMK (key policy).</p>
+ *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteAlias</a> on the KMS key (key policy).</p>
  *             </li>
  *          </ul>
- *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
+ *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>