@aws-sdk/client-kms 3.28.0 → 3.32.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (313) hide show
  1. package/CHANGELOG.md +35 -0
  2. package/KMS.ts +567 -572
  3. package/KMSClient.ts +18 -18
  4. package/README.md +18 -18
  5. package/commands/CancelKeyDeletionCommand.ts +6 -7
  6. package/commands/ConnectCustomKeyStoreCommand.ts +9 -9
  7. package/commands/CreateAliasCommand.ts +13 -14
  8. package/commands/CreateCustomKeyStoreCommand.ts +8 -8
  9. package/commands/CreateGrantCommand.ts +15 -22
  10. package/commands/CreateKeyCommand.ts +44 -44
  11. package/commands/DecryptCommand.ts +23 -22
  12. package/commands/DeleteAliasCommand.ts +7 -8
  13. package/commands/DeleteCustomKeyStoreCommand.ts +13 -13
  14. package/commands/DeleteImportedKeyMaterialCommand.ts +9 -9
  15. package/commands/DescribeCustomKeyStoresCommand.ts +6 -6
  16. package/commands/DescribeKeyCommand.ts +18 -19
  17. package/commands/DisableKeyCommand.ts +7 -7
  18. package/commands/DisableKeyRotationCommand.ts +5 -6
  19. package/commands/DisconnectCustomKeyStoreCommand.ts +6 -8
  20. package/commands/EnableKeyCommand.ts +4 -5
  21. package/commands/EnableKeyRotationCommand.ts +5 -5
  22. package/commands/EncryptCommand.ts +20 -21
  23. package/commands/GenerateDataKeyCommand.ts +17 -18
  24. package/commands/GenerateDataKeyPairCommand.ts +21 -15
  25. package/commands/GenerateDataKeyPairWithoutPlaintextCommand.ts +16 -12
  26. package/commands/GenerateDataKeyWithoutPlaintextCommand.ts +9 -9
  27. package/commands/GenerateRandomCommand.ts +4 -3
  28. package/commands/GetKeyPolicyCommand.ts +2 -2
  29. package/commands/GetKeyRotationStatusCommand.ts +9 -9
  30. package/commands/GetParametersForImportCommand.ts +8 -8
  31. package/commands/GetPublicKeyCommand.ts +15 -15
  32. package/commands/ImportKeyMaterialCommand.ts +18 -18
  33. package/commands/ListAliasesCommand.ts +8 -10
  34. package/commands/ListGrantsCommand.ts +9 -4
  35. package/commands/ListKeyPoliciesCommand.ts +2 -2
  36. package/commands/ListKeysCommand.ts +2 -2
  37. package/commands/ListResourceTagsCommand.ts +4 -4
  38. package/commands/ListRetirableGrantsCommand.ts +14 -14
  39. package/commands/PutKeyPolicyCommand.ts +5 -5
  40. package/commands/ReEncryptCommand.ts +30 -34
  41. package/commands/ReplicateKeyCommand.ts +16 -16
  42. package/commands/RetireGrantCommand.ts +9 -9
  43. package/commands/RevokeGrantCommand.ts +9 -4
  44. package/commands/ScheduleKeyDeletionCommand.ts +17 -17
  45. package/commands/SignCommand.ts +12 -13
  46. package/commands/TagResourceCommand.ts +10 -12
  47. package/commands/UntagResourceCommand.ts +9 -10
  48. package/commands/UpdateAliasCommand.ts +15 -15
  49. package/commands/UpdateCustomKeyStoreCommand.ts +9 -9
  50. package/commands/UpdateKeyDescriptionCommand.ts +4 -4
  51. package/commands/UpdatePrimaryRegionCommand.ts +13 -13
  52. package/commands/VerifyCommand.ts +14 -14
  53. package/dist/cjs/KMS.js +18 -18
  54. package/dist/cjs/KMS.js.map +1 -1
  55. package/dist/cjs/KMSClient.js +18 -18
  56. package/dist/cjs/commands/CancelKeyDeletionCommand.js +6 -7
  57. package/dist/cjs/commands/CancelKeyDeletionCommand.js.map +1 -1
  58. package/dist/cjs/commands/ConnectCustomKeyStoreCommand.js +9 -9
  59. package/dist/cjs/commands/CreateAliasCommand.js +13 -14
  60. package/dist/cjs/commands/CreateAliasCommand.js.map +1 -1
  61. package/dist/cjs/commands/CreateCustomKeyStoreCommand.js +8 -8
  62. package/dist/cjs/commands/CreateGrantCommand.js +15 -22
  63. package/dist/cjs/commands/CreateGrantCommand.js.map +1 -1
  64. package/dist/cjs/commands/CreateKeyCommand.js +44 -44
  65. package/dist/cjs/commands/DecryptCommand.js +23 -22
  66. package/dist/cjs/commands/DecryptCommand.js.map +1 -1
  67. package/dist/cjs/commands/DeleteAliasCommand.js +7 -8
  68. package/dist/cjs/commands/DeleteAliasCommand.js.map +1 -1
  69. package/dist/cjs/commands/DeleteCustomKeyStoreCommand.js +13 -13
  70. package/dist/cjs/commands/DeleteImportedKeyMaterialCommand.js +9 -9
  71. package/dist/cjs/commands/DescribeCustomKeyStoresCommand.js +6 -6
  72. package/dist/cjs/commands/DescribeKeyCommand.js +18 -19
  73. package/dist/cjs/commands/DescribeKeyCommand.js.map +1 -1
  74. package/dist/cjs/commands/DisableKeyCommand.js +7 -7
  75. package/dist/cjs/commands/DisableKeyRotationCommand.js +5 -6
  76. package/dist/cjs/commands/DisableKeyRotationCommand.js.map +1 -1
  77. package/dist/cjs/commands/DisconnectCustomKeyStoreCommand.js +6 -8
  78. package/dist/cjs/commands/DisconnectCustomKeyStoreCommand.js.map +1 -1
  79. package/dist/cjs/commands/EnableKeyCommand.js +4 -5
  80. package/dist/cjs/commands/EnableKeyCommand.js.map +1 -1
  81. package/dist/cjs/commands/EnableKeyRotationCommand.js +5 -5
  82. package/dist/cjs/commands/EncryptCommand.js +20 -21
  83. package/dist/cjs/commands/EncryptCommand.js.map +1 -1
  84. package/dist/cjs/commands/GenerateDataKeyCommand.js +17 -18
  85. package/dist/cjs/commands/GenerateDataKeyCommand.js.map +1 -1
  86. package/dist/cjs/commands/GenerateDataKeyPairCommand.js +21 -15
  87. package/dist/cjs/commands/GenerateDataKeyPairCommand.js.map +1 -1
  88. package/dist/cjs/commands/GenerateDataKeyPairWithoutPlaintextCommand.js +16 -12
  89. package/dist/cjs/commands/GenerateDataKeyPairWithoutPlaintextCommand.js.map +1 -1
  90. package/dist/cjs/commands/GenerateDataKeyWithoutPlaintextCommand.js +9 -9
  91. package/dist/cjs/commands/GenerateRandomCommand.js +4 -3
  92. package/dist/cjs/commands/GenerateRandomCommand.js.map +1 -1
  93. package/dist/cjs/commands/GetKeyPolicyCommand.js +2 -2
  94. package/dist/cjs/commands/GetKeyRotationStatusCommand.js +9 -9
  95. package/dist/cjs/commands/GetParametersForImportCommand.js +8 -8
  96. package/dist/cjs/commands/GetPublicKeyCommand.js +15 -15
  97. package/dist/cjs/commands/ImportKeyMaterialCommand.js +18 -18
  98. package/dist/cjs/commands/ListAliasesCommand.js +8 -10
  99. package/dist/cjs/commands/ListAliasesCommand.js.map +1 -1
  100. package/dist/cjs/commands/ListGrantsCommand.js +9 -4
  101. package/dist/cjs/commands/ListGrantsCommand.js.map +1 -1
  102. package/dist/cjs/commands/ListKeyPoliciesCommand.js +2 -2
  103. package/dist/cjs/commands/ListKeysCommand.js +2 -2
  104. package/dist/cjs/commands/ListResourceTagsCommand.js +4 -4
  105. package/dist/cjs/commands/ListRetirableGrantsCommand.js +14 -14
  106. package/dist/cjs/commands/PutKeyPolicyCommand.js +5 -5
  107. package/dist/cjs/commands/ReEncryptCommand.js +30 -34
  108. package/dist/cjs/commands/ReEncryptCommand.js.map +1 -1
  109. package/dist/cjs/commands/ReplicateKeyCommand.js +16 -16
  110. package/dist/cjs/commands/RetireGrantCommand.js +9 -9
  111. package/dist/cjs/commands/RevokeGrantCommand.js +9 -4
  112. package/dist/cjs/commands/RevokeGrantCommand.js.map +1 -1
  113. package/dist/cjs/commands/ScheduleKeyDeletionCommand.js +17 -17
  114. package/dist/cjs/commands/SignCommand.js +12 -13
  115. package/dist/cjs/commands/SignCommand.js.map +1 -1
  116. package/dist/cjs/commands/TagResourceCommand.js +10 -12
  117. package/dist/cjs/commands/TagResourceCommand.js.map +1 -1
  118. package/dist/cjs/commands/UntagResourceCommand.js +9 -10
  119. package/dist/cjs/commands/UntagResourceCommand.js.map +1 -1
  120. package/dist/cjs/commands/UpdateAliasCommand.js +15 -15
  121. package/dist/cjs/commands/UpdateCustomKeyStoreCommand.js +9 -9
  122. package/dist/cjs/commands/UpdateKeyDescriptionCommand.js +4 -4
  123. package/dist/cjs/commands/UpdatePrimaryRegionCommand.js +13 -13
  124. package/dist/cjs/commands/VerifyCommand.js +14 -14
  125. package/dist/cjs/models/models_0.js +14 -3
  126. package/dist/cjs/models/models_0.js.map +1 -1
  127. package/dist/cjs/package.json +31 -31
  128. package/dist/cjs/protocols/Aws_json1_1.js +16 -11
  129. package/dist/cjs/protocols/Aws_json1_1.js.map +1 -1
  130. package/dist/es/KMS.js +18 -18
  131. package/dist/es/KMS.js.map +1 -1
  132. package/dist/es/KMSClient.js +18 -18
  133. package/dist/es/commands/CancelKeyDeletionCommand.js +6 -7
  134. package/dist/es/commands/CancelKeyDeletionCommand.js.map +1 -1
  135. package/dist/es/commands/ConnectCustomKeyStoreCommand.js +9 -9
  136. package/dist/es/commands/CreateAliasCommand.js +13 -14
  137. package/dist/es/commands/CreateAliasCommand.js.map +1 -1
  138. package/dist/es/commands/CreateCustomKeyStoreCommand.js +8 -8
  139. package/dist/es/commands/CreateGrantCommand.js +15 -22
  140. package/dist/es/commands/CreateGrantCommand.js.map +1 -1
  141. package/dist/es/commands/CreateKeyCommand.js +44 -44
  142. package/dist/es/commands/DecryptCommand.js +23 -22
  143. package/dist/es/commands/DecryptCommand.js.map +1 -1
  144. package/dist/es/commands/DeleteAliasCommand.js +7 -8
  145. package/dist/es/commands/DeleteAliasCommand.js.map +1 -1
  146. package/dist/es/commands/DeleteCustomKeyStoreCommand.js +13 -13
  147. package/dist/es/commands/DeleteImportedKeyMaterialCommand.js +9 -9
  148. package/dist/es/commands/DescribeCustomKeyStoresCommand.js +6 -6
  149. package/dist/es/commands/DescribeKeyCommand.js +18 -19
  150. package/dist/es/commands/DescribeKeyCommand.js.map +1 -1
  151. package/dist/es/commands/DisableKeyCommand.js +7 -7
  152. package/dist/es/commands/DisableKeyRotationCommand.js +5 -6
  153. package/dist/es/commands/DisableKeyRotationCommand.js.map +1 -1
  154. package/dist/es/commands/DisconnectCustomKeyStoreCommand.js +6 -8
  155. package/dist/es/commands/DisconnectCustomKeyStoreCommand.js.map +1 -1
  156. package/dist/es/commands/EnableKeyCommand.js +4 -5
  157. package/dist/es/commands/EnableKeyCommand.js.map +1 -1
  158. package/dist/es/commands/EnableKeyRotationCommand.js +5 -5
  159. package/dist/es/commands/EncryptCommand.js +20 -21
  160. package/dist/es/commands/EncryptCommand.js.map +1 -1
  161. package/dist/es/commands/GenerateDataKeyCommand.js +17 -18
  162. package/dist/es/commands/GenerateDataKeyCommand.js.map +1 -1
  163. package/dist/es/commands/GenerateDataKeyPairCommand.js +21 -15
  164. package/dist/es/commands/GenerateDataKeyPairCommand.js.map +1 -1
  165. package/dist/es/commands/GenerateDataKeyPairWithoutPlaintextCommand.js +16 -12
  166. package/dist/es/commands/GenerateDataKeyPairWithoutPlaintextCommand.js.map +1 -1
  167. package/dist/es/commands/GenerateDataKeyWithoutPlaintextCommand.js +9 -9
  168. package/dist/es/commands/GenerateRandomCommand.js +4 -3
  169. package/dist/es/commands/GenerateRandomCommand.js.map +1 -1
  170. package/dist/es/commands/GetKeyPolicyCommand.js +2 -2
  171. package/dist/es/commands/GetKeyRotationStatusCommand.js +9 -9
  172. package/dist/es/commands/GetParametersForImportCommand.js +8 -8
  173. package/dist/es/commands/GetPublicKeyCommand.js +15 -15
  174. package/dist/es/commands/ImportKeyMaterialCommand.js +18 -18
  175. package/dist/es/commands/ListAliasesCommand.js +8 -10
  176. package/dist/es/commands/ListAliasesCommand.js.map +1 -1
  177. package/dist/es/commands/ListGrantsCommand.js +9 -4
  178. package/dist/es/commands/ListGrantsCommand.js.map +1 -1
  179. package/dist/es/commands/ListKeyPoliciesCommand.js +2 -2
  180. package/dist/es/commands/ListKeysCommand.js +2 -2
  181. package/dist/es/commands/ListResourceTagsCommand.js +4 -4
  182. package/dist/es/commands/ListRetirableGrantsCommand.js +14 -14
  183. package/dist/es/commands/PutKeyPolicyCommand.js +5 -5
  184. package/dist/es/commands/ReEncryptCommand.js +30 -34
  185. package/dist/es/commands/ReEncryptCommand.js.map +1 -1
  186. package/dist/es/commands/ReplicateKeyCommand.js +16 -16
  187. package/dist/es/commands/RetireGrantCommand.js +9 -9
  188. package/dist/es/commands/RevokeGrantCommand.js +9 -4
  189. package/dist/es/commands/RevokeGrantCommand.js.map +1 -1
  190. package/dist/es/commands/ScheduleKeyDeletionCommand.js +17 -17
  191. package/dist/es/commands/SignCommand.js +12 -13
  192. package/dist/es/commands/SignCommand.js.map +1 -1
  193. package/dist/es/commands/TagResourceCommand.js +10 -12
  194. package/dist/es/commands/TagResourceCommand.js.map +1 -1
  195. package/dist/es/commands/UntagResourceCommand.js +9 -10
  196. package/dist/es/commands/UntagResourceCommand.js.map +1 -1
  197. package/dist/es/commands/UpdateAliasCommand.js +15 -15
  198. package/dist/es/commands/UpdateCustomKeyStoreCommand.js +9 -9
  199. package/dist/es/commands/UpdateKeyDescriptionCommand.js +4 -4
  200. package/dist/es/commands/UpdatePrimaryRegionCommand.js +13 -13
  201. package/dist/es/commands/VerifyCommand.js +14 -14
  202. package/dist/es/endpoints.js +1 -2
  203. package/dist/es/endpoints.js.map +1 -1
  204. package/dist/es/models/models_0.js +11 -0
  205. package/dist/es/models/models_0.js.map +1 -1
  206. package/dist/es/package.json +31 -31
  207. package/dist/es/protocols/Aws_json1_1.js +18 -14
  208. package/dist/es/protocols/Aws_json1_1.js.map +1 -1
  209. package/dist/types/KMS.d.ts +567 -572
  210. package/dist/types/KMSClient.d.ts +18 -18
  211. package/dist/types/commands/CancelKeyDeletionCommand.d.ts +6 -7
  212. package/dist/types/commands/ConnectCustomKeyStoreCommand.d.ts +9 -9
  213. package/dist/types/commands/CreateAliasCommand.d.ts +13 -14
  214. package/dist/types/commands/CreateCustomKeyStoreCommand.d.ts +8 -8
  215. package/dist/types/commands/CreateGrantCommand.d.ts +15 -22
  216. package/dist/types/commands/CreateKeyCommand.d.ts +44 -44
  217. package/dist/types/commands/DecryptCommand.d.ts +23 -22
  218. package/dist/types/commands/DeleteAliasCommand.d.ts +7 -8
  219. package/dist/types/commands/DeleteCustomKeyStoreCommand.d.ts +13 -13
  220. package/dist/types/commands/DeleteImportedKeyMaterialCommand.d.ts +9 -9
  221. package/dist/types/commands/DescribeCustomKeyStoresCommand.d.ts +6 -6
  222. package/dist/types/commands/DescribeKeyCommand.d.ts +18 -19
  223. package/dist/types/commands/DisableKeyCommand.d.ts +7 -7
  224. package/dist/types/commands/DisableKeyRotationCommand.d.ts +5 -6
  225. package/dist/types/commands/DisconnectCustomKeyStoreCommand.d.ts +6 -8
  226. package/dist/types/commands/EnableKeyCommand.d.ts +4 -5
  227. package/dist/types/commands/EnableKeyRotationCommand.d.ts +5 -5
  228. package/dist/types/commands/EncryptCommand.d.ts +20 -21
  229. package/dist/types/commands/GenerateDataKeyCommand.d.ts +17 -18
  230. package/dist/types/commands/GenerateDataKeyPairCommand.d.ts +21 -15
  231. package/dist/types/commands/GenerateDataKeyPairWithoutPlaintextCommand.d.ts +16 -12
  232. package/dist/types/commands/GenerateDataKeyWithoutPlaintextCommand.d.ts +9 -9
  233. package/dist/types/commands/GenerateRandomCommand.d.ts +4 -3
  234. package/dist/types/commands/GetKeyPolicyCommand.d.ts +2 -2
  235. package/dist/types/commands/GetKeyRotationStatusCommand.d.ts +9 -9
  236. package/dist/types/commands/GetParametersForImportCommand.d.ts +8 -8
  237. package/dist/types/commands/GetPublicKeyCommand.d.ts +15 -15
  238. package/dist/types/commands/ImportKeyMaterialCommand.d.ts +18 -18
  239. package/dist/types/commands/ListAliasesCommand.d.ts +8 -10
  240. package/dist/types/commands/ListGrantsCommand.d.ts +9 -4
  241. package/dist/types/commands/ListKeyPoliciesCommand.d.ts +2 -2
  242. package/dist/types/commands/ListKeysCommand.d.ts +2 -2
  243. package/dist/types/commands/ListResourceTagsCommand.d.ts +4 -4
  244. package/dist/types/commands/ListRetirableGrantsCommand.d.ts +14 -14
  245. package/dist/types/commands/PutKeyPolicyCommand.d.ts +5 -5
  246. package/dist/types/commands/ReEncryptCommand.d.ts +30 -34
  247. package/dist/types/commands/ReplicateKeyCommand.d.ts +16 -16
  248. package/dist/types/commands/RetireGrantCommand.d.ts +9 -9
  249. package/dist/types/commands/RevokeGrantCommand.d.ts +9 -4
  250. package/dist/types/commands/ScheduleKeyDeletionCommand.d.ts +17 -17
  251. package/dist/types/commands/SignCommand.d.ts +12 -13
  252. package/dist/types/commands/TagResourceCommand.d.ts +10 -12
  253. package/dist/types/commands/UntagResourceCommand.d.ts +9 -10
  254. package/dist/types/commands/UpdateAliasCommand.d.ts +15 -15
  255. package/dist/types/commands/UpdateCustomKeyStoreCommand.d.ts +9 -9
  256. package/dist/types/commands/UpdateKeyDescriptionCommand.d.ts +4 -4
  257. package/dist/types/commands/UpdatePrimaryRegionCommand.d.ts +13 -13
  258. package/dist/types/commands/VerifyCommand.d.ts +14 -14
  259. package/dist/types/models/models_0.d.ts +584 -570
  260. package/dist/types/ts3.4/KMS.d.ts +567 -572
  261. package/dist/types/ts3.4/KMSClient.d.ts +18 -18
  262. package/dist/types/ts3.4/commands/CancelKeyDeletionCommand.d.ts +6 -7
  263. package/dist/types/ts3.4/commands/ConnectCustomKeyStoreCommand.d.ts +9 -9
  264. package/dist/types/ts3.4/commands/CreateAliasCommand.d.ts +13 -14
  265. package/dist/types/ts3.4/commands/CreateCustomKeyStoreCommand.d.ts +8 -8
  266. package/dist/types/ts3.4/commands/CreateGrantCommand.d.ts +15 -22
  267. package/dist/types/ts3.4/commands/CreateKeyCommand.d.ts +44 -44
  268. package/dist/types/ts3.4/commands/DecryptCommand.d.ts +23 -22
  269. package/dist/types/ts3.4/commands/DeleteAliasCommand.d.ts +7 -8
  270. package/dist/types/ts3.4/commands/DeleteCustomKeyStoreCommand.d.ts +13 -13
  271. package/dist/types/ts3.4/commands/DeleteImportedKeyMaterialCommand.d.ts +9 -9
  272. package/dist/types/ts3.4/commands/DescribeCustomKeyStoresCommand.d.ts +6 -6
  273. package/dist/types/ts3.4/commands/DescribeKeyCommand.d.ts +18 -19
  274. package/dist/types/ts3.4/commands/DisableKeyCommand.d.ts +7 -7
  275. package/dist/types/ts3.4/commands/DisableKeyRotationCommand.d.ts +5 -6
  276. package/dist/types/ts3.4/commands/DisconnectCustomKeyStoreCommand.d.ts +6 -8
  277. package/dist/types/ts3.4/commands/EnableKeyCommand.d.ts +4 -5
  278. package/dist/types/ts3.4/commands/EnableKeyRotationCommand.d.ts +5 -5
  279. package/dist/types/ts3.4/commands/EncryptCommand.d.ts +20 -21
  280. package/dist/types/ts3.4/commands/GenerateDataKeyCommand.d.ts +17 -18
  281. package/dist/types/ts3.4/commands/GenerateDataKeyPairCommand.d.ts +21 -15
  282. package/dist/types/ts3.4/commands/GenerateDataKeyPairWithoutPlaintextCommand.d.ts +16 -12
  283. package/dist/types/ts3.4/commands/GenerateDataKeyWithoutPlaintextCommand.d.ts +9 -9
  284. package/dist/types/ts3.4/commands/GenerateRandomCommand.d.ts +4 -3
  285. package/dist/types/ts3.4/commands/GetKeyPolicyCommand.d.ts +2 -2
  286. package/dist/types/ts3.4/commands/GetKeyRotationStatusCommand.d.ts +9 -9
  287. package/dist/types/ts3.4/commands/GetParametersForImportCommand.d.ts +8 -8
  288. package/dist/types/ts3.4/commands/GetPublicKeyCommand.d.ts +15 -15
  289. package/dist/types/ts3.4/commands/ImportKeyMaterialCommand.d.ts +18 -18
  290. package/dist/types/ts3.4/commands/ListAliasesCommand.d.ts +8 -10
  291. package/dist/types/ts3.4/commands/ListGrantsCommand.d.ts +9 -4
  292. package/dist/types/ts3.4/commands/ListKeyPoliciesCommand.d.ts +2 -2
  293. package/dist/types/ts3.4/commands/ListKeysCommand.d.ts +2 -2
  294. package/dist/types/ts3.4/commands/ListResourceTagsCommand.d.ts +4 -4
  295. package/dist/types/ts3.4/commands/ListRetirableGrantsCommand.d.ts +14 -14
  296. package/dist/types/ts3.4/commands/PutKeyPolicyCommand.d.ts +5 -5
  297. package/dist/types/ts3.4/commands/ReEncryptCommand.d.ts +30 -34
  298. package/dist/types/ts3.4/commands/ReplicateKeyCommand.d.ts +16 -16
  299. package/dist/types/ts3.4/commands/RetireGrantCommand.d.ts +9 -9
  300. package/dist/types/ts3.4/commands/RevokeGrantCommand.d.ts +9 -4
  301. package/dist/types/ts3.4/commands/ScheduleKeyDeletionCommand.d.ts +17 -17
  302. package/dist/types/ts3.4/commands/SignCommand.d.ts +12 -13
  303. package/dist/types/ts3.4/commands/TagResourceCommand.d.ts +10 -12
  304. package/dist/types/ts3.4/commands/UntagResourceCommand.d.ts +9 -10
  305. package/dist/types/ts3.4/commands/UpdateAliasCommand.d.ts +15 -15
  306. package/dist/types/ts3.4/commands/UpdateCustomKeyStoreCommand.d.ts +9 -9
  307. package/dist/types/ts3.4/commands/UpdateKeyDescriptionCommand.d.ts +4 -4
  308. package/dist/types/ts3.4/commands/UpdatePrimaryRegionCommand.d.ts +13 -13
  309. package/dist/types/ts3.4/commands/VerifyCommand.d.ts +14 -14
  310. package/dist/types/ts3.4/models/models_0.d.ts +584 -570
  311. package/models/models_0.ts +588 -570
  312. package/package.json +31 -31
  313. package/protocols/Aws_json1_1.ts +20 -12
package/KMSClient.ts CHANGED
@@ -385,22 +385,23 @@ type KMSClientResolvedConfigType = __SmithyResolvedConfiguration<__HttpHandlerOp
385
385
  export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {}
386
386
 
387
387
  /**
388
- * <fullname>AWS Key Management Service</fullname>
389
- * <p>AWS Key Management Service (AWS KMS) is an encryption and key management web service. This guide describes
390
- * the AWS KMS operations that you can call programmatically. For general information about AWS KMS,
388
+ * <fullname>Key Management Service</fullname>
389
+ * <p>Key Management Service (KMS) is an encryption and key management web service. This guide describes
390
+ * the KMS operations that you can call programmatically. For general information about KMS,
391
391
  * see the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/">
392
- * <i>AWS Key Management Service Developer Guide</i>
392
+ * <i>Key Management Service Developer Guide</i>
393
393
  * </a>.</p>
394
394
  * <note>
395
- * <p>AWS provides SDKs that consist of libraries and sample code for various programming
395
+ * <p>KMS is replacing the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
396
+ * <p>Amazon Web Services provides SDKs that consist of libraries and sample code for various programming
396
397
  * languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a
397
- * convenient way to create programmatic access to AWS KMS and other AWS services. For example,
398
+ * convenient way to create programmatic access to KMS and other Amazon Web Services services. For example,
398
399
  * the SDKs take care of tasks such as signing requests (see below), managing errors, and
399
- * retrying requests automatically. For more information about the AWS SDKs, including how to
400
+ * retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to
400
401
  * download and install them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web
401
402
  * Services</a>.</p>
402
403
  * </note>
403
- * <p>We recommend that you use the AWS SDKs to make programmatic API calls to AWS KMS.</p>
404
+ * <p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.</p>
404
405
  * <p>Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients
405
406
  * must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral
406
407
  * Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems
@@ -409,19 +410,18 @@ export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {}
409
410
  * <b>Signing Requests</b>
410
411
  * </p>
411
412
  * <p>Requests must be signed by using an access key ID and a secret access key. We strongly
412
- * recommend that you <i>do not</i> use your AWS account (root) access key ID and
413
- * secret key for everyday work with AWS KMS. Instead, use the access key ID and secret access key
414
- * for an IAM user. You can also use the AWS Security Token Service to generate temporary
413
+ * recommend that you <i>do not</i> use your Amazon Web Services account (root) access key ID and
414
+ * secret key for everyday work with KMS. Instead, use the access key ID and secret access key
415
+ * for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary
415
416
  * security credentials that you can use to sign requests.</p>
416
- * <p>All AWS KMS operations require <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
417
+ * <p>All KMS operations require <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
417
418
  * <p>
418
419
  * <b>Logging API Requests</b>
419
420
  * </p>
420
- * <p>AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS
421
- * account and delivers them to an Amazon S3 bucket that you specify. By using the information
422
- * collected by CloudTrail, you can determine what requests were made to AWS KMS, who made the request,
421
+ * <p>KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information
422
+ * collected by CloudTrail, you can determine what requests were made to KMS, who made the request,
423
423
  * when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find
424
- * your log files, see the <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/">AWS CloudTrail User Guide</a>.</p>
424
+ * your log files, see the <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/">CloudTrail User Guide</a>.</p>
425
425
  * <p>
426
426
  * <b>Additional Resources</b>
427
427
  * </p>
@@ -429,9 +429,9 @@ export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {}
429
429
  * <ul>
430
430
  * <li>
431
431
  * <p>
432
- * <a href="https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html">AWS Security
432
+ * <a href="https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html">Amazon Web Services Security
433
433
  * Credentials</a> - This topic provides general information about the types of
434
- * credentials used for accessing AWS.</p>
434
+ * credentials used to access Amazon Web Services.</p>
435
435
  * </li>
436
436
  * <li>
437
437
  * <p>
package/README.md CHANGED
@@ -7,23 +7,24 @@
7
7
 
8
8
  AWS SDK for JavaScript KMS Client for Node.js, Browser and React Native.
9
9
 
10
- <fullname>AWS Key Management Service</fullname>
10
+ <fullname>Key Management Service</fullname>
11
11
 
12
- <p>AWS Key Management Service (AWS KMS) is an encryption and key management web service. This guide describes
13
- the AWS KMS operations that you can call programmatically. For general information about AWS KMS,
12
+ <p>Key Management Service (KMS) is an encryption and key management web service. This guide describes
13
+ the KMS operations that you can call programmatically. For general information about KMS,
14
14
  see the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/">
15
- <i>AWS Key Management Service Developer Guide</i>
15
+ <i>Key Management Service Developer Guide</i>
16
16
  </a>.</p>
17
17
  <note>
18
- <p>AWS provides SDKs that consist of libraries and sample code for various programming
18
+ <p>KMS is replacing the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
19
+ <p>Amazon Web Services provides SDKs that consist of libraries and sample code for various programming
19
20
  languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a
20
- convenient way to create programmatic access to AWS KMS and other AWS services. For example,
21
+ convenient way to create programmatic access to KMS and other Amazon Web Services services. For example,
21
22
  the SDKs take care of tasks such as signing requests (see below), managing errors, and
22
- retrying requests automatically. For more information about the AWS SDKs, including how to
23
+ retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to
23
24
  download and install them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web
24
25
  Services</a>.</p>
25
26
  </note>
26
- <p>We recommend that you use the AWS SDKs to make programmatic API calls to AWS KMS.</p>
27
+ <p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.</p>
27
28
  <p>Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients
28
29
  must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral
29
30
  Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems
@@ -32,19 +33,18 @@ such as Java 7 and later support these modes.</p>
32
33
  <b>Signing Requests</b>
33
34
  </p>
34
35
  <p>Requests must be signed by using an access key ID and a secret access key. We strongly
35
- recommend that you <i>do not</i> use your AWS account (root) access key ID and
36
- secret key for everyday work with AWS KMS. Instead, use the access key ID and secret access key
37
- for an IAM user. You can also use the AWS Security Token Service to generate temporary
36
+ recommend that you <i>do not</i> use your Amazon Web Services account (root) access key ID and
37
+ secret key for everyday work with KMS. Instead, use the access key ID and secret access key
38
+ for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary
38
39
  security credentials that you can use to sign requests.</p>
39
- <p>All AWS KMS operations require <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
40
+ <p>All KMS operations require <a href="https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html">Signature Version 4</a>.</p>
40
41
  <p>
41
42
  <b>Logging API Requests</b>
42
43
  </p>
43
- <p>AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS
44
- account and delivers them to an Amazon S3 bucket that you specify. By using the information
45
- collected by CloudTrail, you can determine what requests were made to AWS KMS, who made the request,
44
+ <p>KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information
45
+ collected by CloudTrail, you can determine what requests were made to KMS, who made the request,
46
46
  when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find
47
- your log files, see the <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/">AWS CloudTrail User Guide</a>.</p>
47
+ your log files, see the <a href="https://docs.aws.amazon.com/awscloudtrail/latest/userguide/">CloudTrail User Guide</a>.</p>
48
48
  <p>
49
49
  <b>Additional Resources</b>
50
50
  </p>
@@ -52,9 +52,9 @@ your log files, see the <a href="https://docs.aws.amazon.com/awscloudtrail/lates
52
52
  <ul>
53
53
  <li>
54
54
  <p>
55
- <a href="https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html">AWS Security
55
+ <a href="https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html">Amazon Web Services Security
56
56
  Credentials</a> - This topic provides general information about the types of
57
- credentials used for accessing AWS.</p>
57
+ credentials used to access Amazon Web Services.</p>
58
58
  </li>
59
59
  <li>
60
60
  <p>
@@ -21,14 +21,13 @@ export interface CancelKeyDeletionCommandInput extends CancelKeyDeletionRequest
21
21
  export interface CancelKeyDeletionCommandOutput extends CancelKeyDeletionResponse, __MetadataBearer {}
22
22
 
23
23
  /**
24
- * <p>Cancels the deletion of a customer master key (CMK). When this operation succeeds, the key
25
- * state of the CMK is <code>Disabled</code>. To enable the CMK, use <a>EnableKey</a>. </p>
26
- * <p>For more information about scheduling and canceling deletion of a CMK, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting Customer Master
27
- * Keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
28
- * <p>The CMK that you use for this operation must be in a compatible key state. For
29
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
24
+ * <p>Cancels the deletion of a KMS key. When this operation succeeds, the key
25
+ * state of the KMS key is <code>Disabled</code>. To enable the KMS key, use <a>EnableKey</a>. </p>
26
+ * <p>For more information about scheduling and canceling deletion of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
27
+ * <p>The KMS key that you use for this operation must be in a compatible key state. For
28
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
30
29
  * <p>
31
- * <b>Cross-account use</b>: No. You cannot perform this operation on a CMK in a different AWS account.</p>
30
+ * <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
32
31
  * <p>
33
32
  * <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CancelKeyDeletion</a> (key policy)</p>
34
33
  * <p>
@@ -21,24 +21,24 @@ export interface ConnectCustomKeyStoreCommandInput extends ConnectCustomKeyStore
21
21
  export interface ConnectCustomKeyStoreCommandOutput extends ConnectCustomKeyStoreResponse, __MetadataBearer {}
22
22
 
23
23
  /**
24
- * <p>Connects or reconnects a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> to its associated AWS CloudHSM cluster.</p>
25
- * <p>The custom key store must be connected before you can create customer master keys (CMKs)
26
- * in the key store or use the CMKs it contains. You can disconnect and reconnect a custom key
24
+ * <p>Connects or reconnects a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> to its associated CloudHSM cluster.</p>
25
+ * <p>The custom key store must be connected before you can create KMS keys
26
+ * in the key store or use the KMS keys it contains. You can disconnect and reconnect a custom key
27
27
  * store at any time.</p>
28
- * <p>To connect a custom key store, its associated AWS CloudHSM cluster must have at least one active
28
+ * <p>To connect a custom key store, its associated CloudHSM cluster must have at least one active
29
29
  * HSM. To get the number of active HSMs in a cluster, use the <a href="https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html">DescribeClusters</a> operation. To add HSMs
30
30
  * to the cluster, use the <a href="https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html">CreateHsm</a> operation. Also, the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser">
31
31
  * <code>kmsuser</code> crypto
32
- * user</a> (CU) must not be logged into the cluster. This prevents AWS KMS from using this
32
+ * user</a> (CU) must not be logged into the cluster. This prevents KMS from using this
33
33
  * account to log in.</p>
34
34
  * <p>The connection process can take an extended amount of time to complete; up to 20 minutes.
35
35
  * This operation starts the connection process, but it does not wait for it to complete. When it
36
36
  * succeeds, this operation quickly returns an HTTP 200 response and a JSON object with no
37
37
  * properties. However, this response does not indicate that the custom key store is connected.
38
38
  * To get the connection state of the custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
39
- * <p>During the connection process, AWS KMS finds the AWS CloudHSM cluster that is associated with the
39
+ * <p>During the connection process, KMS finds the CloudHSM cluster that is associated with the
40
40
  * custom key store, creates the connection infrastructure, connects to the cluster, logs into
41
- * the AWS CloudHSM client as the <code>kmsuser</code> CU, and rotates its password.</p>
41
+ * the CloudHSM client as the <code>kmsuser</code> CU, and rotates its password.</p>
42
42
  * <p>The <code>ConnectCustomKeyStore</code> operation might fail for various reasons. To find
43
43
  * the reason, use the <a>DescribeCustomKeyStores</a> operation and see the
44
44
  * <code>ConnectionErrorCode</code> in the response. For help interpreting the
@@ -47,9 +47,9 @@ export interface ConnectCustomKeyStoreCommandOutput extends ConnectCustomKeyStor
47
47
  * disconnect the custom key store, correct the error, use the <a>UpdateCustomKeyStore</a> operation if necessary, and then use
48
48
  * <code>ConnectCustomKeyStore</code> again.</p>
49
49
  * <p>If you are having trouble connecting or disconnecting a custom key store, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html">Troubleshooting a Custom Key
50
- * Store</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
50
+ * Store</a> in the <i>Key Management Service Developer Guide</i>.</p>
51
51
  * <p>
52
- * <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different AWS account.</p>
52
+ * <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
53
53
  *
54
54
  * <p>
55
55
  * <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ConnectCustomKeyStore</a> (IAM policy)</p>
@@ -21,26 +21,25 @@ export interface CreateAliasCommandInput extends CreateAliasRequest {}
21
21
  export interface CreateAliasCommandOutput extends __MetadataBearer {}
22
22
 
23
23
  /**
24
- * <p>Creates a friendly name for a customer master key (CMK). </p>
24
+ * <p>Creates a friendly name for a KMS key. </p>
25
25
  * <note>
26
- * <p>Adding, deleting, or updating an alias can allow or deny permission to the CMK. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in AWS KMS</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
26
+ * <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
27
27
  * </note>
28
- * <p>You can use an alias to identify a CMK in the AWS KMS console, in the <a>DescribeKey</a> operation and in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>, such as <a>Encrypt</a> and
29
- * <a>GenerateDataKey</a>. You can also change the CMK that's associated with the
28
+ * <p>You can use an alias to identify a KMS key in the KMS console, in the <a>DescribeKey</a> operation and in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>, such as <a>Encrypt</a> and
29
+ * <a>GenerateDataKey</a>. You can also change the KMS key that's associated with the
30
30
  * alias (<a>UpdateAlias</a>) or delete the alias (<a>DeleteAlias</a>) at
31
- * any time. These operations don't affect the underlying CMK. </p>
32
- * <p>You can associate the alias with any customer managed CMK in the same AWS Region. Each
33
- * alias is associated with only one CMK at a time, but a CMK can have multiple aliases. A valid
34
- * CMK is required. You can't create an alias without a CMK.</p>
31
+ * any time. These operations don't affect the underlying KMS key. </p>
32
+ * <p>You can associate the alias with any customer managed key in the same Amazon Web Services Region. Each
33
+ * alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases. A valid KMS key is required. You can't create an alias without a KMS key.</p>
35
34
  * <p>The alias must be unique in the account and Region, but you can have aliases with the same
36
35
  * name in different Regions. For detailed information about aliases, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">Using aliases</a> in the
37
- * <i>AWS Key Management Service Developer Guide</i>.</p>
36
+ * <i>Key Management Service Developer Guide</i>.</p>
38
37
  * <p>This operation does not return a response. To get the alias that you created, use the
39
38
  * <a>ListAliases</a> operation.</p>
40
- * <p>The CMK that you use for this operation must be in a compatible key state. For
41
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
39
+ * <p>The KMS key that you use for this operation must be in a compatible key state. For
40
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
42
41
  * <p>
43
- * <b>Cross-account use</b>: No. You cannot perform this operation on an alias in a different AWS account.</p>
42
+ * <b>Cross-account use</b>: No. You cannot perform this operation on an alias in a different Amazon Web Services account.</p>
44
43
  *
45
44
  * <p>
46
45
  * <b>Required permissions</b>
@@ -52,10 +51,10 @@ export interface CreateAliasCommandOutput extends __MetadataBearer {}
52
51
  * </li>
53
52
  * <li>
54
53
  * <p>
55
- * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateAlias</a> on the CMK (key policy).</p>
54
+ * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateAlias</a> on the KMS key (key policy).</p>
56
55
  * </li>
57
56
  * </ul>
58
- * <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
57
+ * <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the <i>Key Management Service Developer Guide</i>.</p>
59
58
  * <p>
60
59
  * <b>Related operations:</b>
61
60
  * </p>
@@ -21,24 +21,24 @@ export interface CreateCustomKeyStoreCommandInput extends CreateCustomKeyStoreRe
21
21
  export interface CreateCustomKeyStoreCommandOutput extends CreateCustomKeyStoreResponse, __MetadataBearer {}
22
22
 
23
23
  /**
24
- * <p>Creates a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> that is associated with an <a href="https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html">AWS CloudHSM cluster</a> that you own and
24
+ * <p>Creates a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> that is associated with an <a href="https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html">CloudHSM cluster</a> that you own and
25
25
  * manage.</p>
26
- * <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in AWS KMS, which
27
- * combines the convenience and extensive integration of AWS KMS with the isolation and control of a
26
+ * <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in KMS, which
27
+ * combines the convenience and extensive integration of KMS with the isolation and control of a
28
28
  * single-tenant key store.</p>
29
29
  * <p>Before you create the custom key store, you must assemble
30
- * the required elements, including an AWS CloudHSM cluster that fulfills the requirements for a custom
30
+ * the required elements, including an CloudHSM cluster that fulfills the requirements for a custom
31
31
  * key store. For details about the required elements, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore">Assemble the Prerequisites</a>
32
- * in the <i>AWS Key Management Service Developer Guide</i>.</p>
32
+ * in the <i>Key Management Service Developer Guide</i>.</p>
33
33
  * <p>When the operation completes successfully, it returns the ID of the new custom key store.
34
- * Before you can use your new custom key store, you need to use the <a>ConnectCustomKeyStore</a> operation to connect the new key store to its AWS CloudHSM
34
+ * Before you can use your new custom key store, you need to use the <a>ConnectCustomKeyStore</a> operation to connect the new key store to its CloudHSM
35
35
  * cluster. Even if you are not going to use your custom key store immediately, you might want to
36
36
  * connect it to verify that all settings are correct and then disconnect it until you are ready
37
37
  * to use it.</p>
38
38
  * <p>For help with failures, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html">Troubleshooting a Custom Key Store</a> in the
39
- * <i>AWS Key Management Service Developer Guide</i>.</p>
39
+ * <i>Key Management Service Developer Guide</i>.</p>
40
40
  * <p>
41
- * <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different AWS account.</p>
41
+ * <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
42
42
  * <p>
43
43
  * <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateCustomKeyStore</a> (IAM policy).</p>
44
44
  * <p>
@@ -21,45 +21,38 @@ export interface CreateGrantCommandInput extends CreateGrantRequest {}
21
21
  export interface CreateGrantCommandOutput extends CreateGrantResponse, __MetadataBearer {}
22
22
 
23
23
  /**
24
- * <p>Adds a grant to a customer master key (CMK). </p>
25
- * <p>A <i>grant</i> is a policy instrument that allows AWS principals to use AWS
26
- * KMS customer master keys (CMKs) in cryptographic operations. It also can allow them to view a
27
- * CMK (<a>DescribeKey</a>) and create and manage grants. When authorizing access to a
28
- * CMK, grants are considered along with key policies and IAM policies. Grants are often used for
24
+ * <p>Adds a grant to a KMS key. </p>
25
+ * <p>A <i>grant</i> is a policy instrument that allows Amazon Web Services principals to use KMS keys in cryptographic operations. It also can allow them to view a KMS key (<a>DescribeKey</a>) and create and manage grants. When authorizing access to a KMS key, grants are considered along with key policies and IAM policies. Grants are often used for
29
26
  * temporary permissions because you can create one, use its permissions, and delete it without
30
27
  * changing your key policies or IAM policies. </p>
31
28
  * <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
32
29
  * <i>
33
- * <i>AWS Key Management Service Developer Guide</i>
30
+ * <i>Key Management Service Developer Guide</i>
34
31
  * </i>. For examples of working with grants in several
35
- * programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>.</p>
32
+ * programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
36
33
  * <p>The <code>CreateGrant</code> operation returns a <code>GrantToken</code> and a
37
- * <code>GrantId</code>.</p>
34
+ * <code>GrantId</code>.</p>
38
35
  * <ul>
39
36
  * <li>
40
- * <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout AWS KMS. This state is known as <i>eventual consistency</i>. Once the grant has achieved eventual consistency, the grantee principal
41
- * can use the permissions in the grant without identifying the grant. </p>
37
+ * <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as <i>eventual consistency</i>. Once the grant has achieved eventual consistency, the grantee principal
38
+ * can use the permissions in the grant without identifying the grant. </p>
42
39
  * <p>However, to use the permissions in the grant immediately, use the
43
- * <code>GrantToken</code> that <code>CreateGrant</code> returns. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using a grant
40
+ * <code>GrantToken</code> that <code>CreateGrant</code> returns. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a grant
44
41
  * token</a> in the <i>
45
- * <i>AWS Key Management Service Developer Guide</i>
42
+ * <i>Key Management Service Developer Guide</i>
46
43
  * </i>.</p>
47
44
  * </li>
48
45
  * <li>
49
46
  * <p>The <code>CreateGrant</code> operation also returns a <code>GrantId</code>. You can use the
50
- * <code>GrantId</code> and a key identifier to identify the grant in the <a>RetireGrant</a> and <a>RevokeGrant</a> operations. To find the grant
51
- * ID, use the <a>ListGrants</a> or <a>ListRetirableGrants</a>
52
- * operations.</p>
47
+ * <code>GrantId</code> and a key identifier to identify the grant in the <a>RetireGrant</a> and <a>RevokeGrant</a> operations. To find the grant
48
+ * ID, use the <a>ListGrants</a> or <a>ListRetirableGrants</a>
49
+ * operations.</p>
53
50
  * </li>
54
51
  * </ul>
55
- * <p>For information about symmetric and asymmetric CMKs, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>. For more information about grants, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Grants</a> in the
56
- * <i>
57
- * <i>AWS Key Management Service Developer Guide</i>
58
- * </i>.</p>
59
- * <p>The CMK that you use for this operation must be in a compatible key state. For
60
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your CMK</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
52
+ * <p>The KMS key that you use for this operation must be in a compatible key state. For
53
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
61
54
  * <p>
62
- * <b>Cross-account use</b>: Yes. To perform this operation on a CMK in a different AWS account, specify the key
55
+ * <b>Cross-account use</b>: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
63
56
  * ARN in the value of the <code>KeyId</code> parameter. </p>
64
57
  * <p>
65
58
  * <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateGrant</a> (key policy)</p>
@@ -18,109 +18,109 @@ export interface CreateKeyCommandInput extends CreateKeyRequest {}
18
18
  export interface CreateKeyCommandOutput extends CreateKeyResponse, __MetadataBearer {}
19
19
 
20
20
  /**
21
- * <p>Creates a unique customer managed <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master-keys">customer master key</a> (CMK) in your AWS
22
- * account and Region.</p>
21
+ * <p>Creates a unique customer managed <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys">KMS key</a> in your Amazon Web Services account and Region.</p>
22
+ * <note>
23
+ * <p>KMS is replacing the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
24
+ * </note>
23
25
  *
24
- * <p>You can use the <code>CreateKey</code> operation to create symmetric or asymmetric
25
- * CMKs.</p>
26
+ * <p>You can use the <code>CreateKey</code> operation to create symmetric or asymmetric KMS keys.</p>
26
27
  * <ul>
27
28
  * <li>
28
29
  * <p>
29
- * <b>Symmetric CMKs</b> contain a 256-bit symmetric key that
30
- * never leaves AWS KMS unencrypted. To use the CMK, you must call AWS KMS. You can use a
31
- * symmetric CMK to encrypt and decrypt small amounts of data, but they are typically used to
30
+ * <b>Symmetric KMS keys</b> contain a 256-bit symmetric key that
31
+ * never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use a
32
+ * symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically used to
32
33
  * generate <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys">data
33
34
  * keys</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-key-pairs">data keys pairs</a>. For details,
34
35
  * see <a>GenerateDataKey</a> and <a>GenerateDataKeyPair</a>.</p>
35
36
  * </li>
36
37
  * <li>
37
38
  * <p>
38
- * <b>Asymmetric CMKs</b> can contain an RSA key pair or an
39
- * Elliptic Curve (ECC) key pair. The private key in an asymmetric CMK never leaves AWS KMS
39
+ * <b>Asymmetric KMS keys</b> can contain an RSA key pair or an
40
+ * Elliptic Curve (ECC) key pair. The private key in an asymmetric KMS key never leaves KMS
40
41
  * unencrypted. However, you can use the <a>GetPublicKey</a> operation to download
41
- * the public key so it can be used outside of AWS KMS. CMKs with RSA key pairs can be used to
42
- * encrypt or decrypt data or sign and verify messages (but not both). CMKs with ECC key
42
+ * the public key so it can be used outside of KMS. KMS keys with RSA key pairs can be used to
43
+ * encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key
43
44
  * pairs can be used only to sign and verify messages.</p>
44
45
  * </li>
45
46
  * </ul>
46
- * <p>For information about symmetric and asymmetric CMKs, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
47
+ * <p>For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
47
48
  *
48
49
  *
49
- * <p>To create different types of CMKs, use the following guidance:</p>
50
+ * <p>To create different types of KMS keys, use the following guidance:</p>
50
51
  *
51
52
  * <dl>
52
- * <dt>Asymmetric CMKs</dt>
53
+ * <dt>Asymmetric KMS keys</dt>
53
54
  * <dd>
54
- * <p>To create an asymmetric CMK, use the <code>CustomerMasterKeySpec</code> parameter to
55
- * specify the type of key material in the CMK. Then, use the <code>KeyUsage</code>
56
- * parameter to determine whether the CMK will be used to encrypt and decrypt or sign and
57
- * verify. You can't change these properties after the CMK is created.</p>
55
+ * <p>To create an asymmetric KMS key, use the <code>KeySpec</code> parameter to specify
56
+ * the type of key material in the KMS key. Then, use the <code>KeyUsage</code> parameter
57
+ * to determine whether the KMS key will be used to encrypt and decrypt or sign and verify.
58
+ * You can't change these properties after the KMS key is created.</p>
58
59
  * <p> </p>
59
60
  * </dd>
60
- * <dt>Symmetric CMKs</dt>
61
+ * <dt>Symmetric KMS keys</dt>
61
62
  * <dd>
62
- * <p>When creating a symmetric CMK, you don't need to specify the
63
- * <code>CustomerMasterKeySpec</code> or <code>KeyUsage</code> parameters. The default
64
- * value for <code>CustomerMasterKeySpec</code>, <code>SYMMETRIC_DEFAULT</code>, and the
65
- * default value for <code>KeyUsage</code>, <code>ENCRYPT_DECRYPT</code>, are the only
66
- * valid values for symmetric CMKs. </p>
63
+ * <p>When creating a symmetric KMS key, you don't need to specify the
64
+ * <code>KeySpec</code> or <code>KeyUsage</code> parameters. The default value for
65
+ * <code>KeySpec</code>, <code>SYMMETRIC_DEFAULT</code>, and the default value for
66
+ * <code>KeyUsage</code>, <code>ENCRYPT_DECRYPT</code>, are the only valid values for
67
+ * symmetric KMS keys. </p>
67
68
  * <p> </p>
68
69
  * </dd>
69
70
  * <dt>Multi-Region primary keys</dt>
70
71
  * <dt>Imported key material</dt>
71
72
  * <dd>
72
- * <p>To create a multi-Region <i>primary key</i> in the local AWS Region,
73
+ * <p>To create a multi-Region <i>primary key</i> in the local Amazon Web Services Region,
73
74
  * use the <code>MultiRegion</code> parameter with a value of <code>True</code>. To create
74
- * a multi-Region <i>replica key</i>, that is, a CMK with the same key ID and
75
- * key material as a primary key, but in a different AWS Region, use the <a>ReplicateKey</a> operation. To change a replica key to a primary key, and its
75
+ * a multi-Region <i>replica key</i>, that is, a KMS key with the same key ID and
76
+ * key material as a primary key, but in a different Amazon Web Services Region, use the <a>ReplicateKey</a> operation. To change a replica key to a primary key, and its
76
77
  * primary key to a replica key, use the <a>UpdatePrimaryRegion</a>
77
78
  * operation.</p>
78
- * <p>This operation supports <i>multi-Region keys</i>, an AWS KMS feature that lets you create multiple
79
- * interoperable CMKs in different AWS Regions. Because these CMKs have the same key ID, key
80
- * material, and other metadata, you can use them to encrypt data in one AWS Region and decrypt
81
- * it in a different AWS Region without making a cross-Region call or exposing the plaintext data. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
79
+ * <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
80
+ * interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
81
+ * material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
82
+ * it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
82
83
  * <p>You can create symmetric and asymmetric multi-Region keys and multi-Region keys with
83
84
  * imported key material. You cannot create multi-Region keys in a custom key store.</p>
84
85
  * <p> </p>
85
86
  * </dd>
86
87
  * <dd>
87
- * <p>To import your own key material, begin by creating a symmetric CMK with no key
88
+ * <p>To import your own key material, begin by creating a symmetric KMS key with no key
88
89
  * material. To do this, use the <code>Origin</code> parameter of <code>CreateKey</code>
89
90
  * with a value of <code>EXTERNAL</code>. Next, use <a>GetParametersForImport</a> operation to get a public key and import token, and use the public key to encrypt
90
91
  * your key material. Then, use <a>ImportKeyMaterial</a> with your import token
91
92
  * to import the key material. For step-by-step instructions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a> in the <i>
92
- * <i>AWS Key Management Service Developer Guide</i>
93
+ * <i>Key Management Service Developer Guide</i>
93
94
  * </i>. You
94
- * cannot import the key material into an asymmetric CMK.</p>
95
+ * cannot import the key material into an asymmetric KMS key.</p>
95
96
  * <p>To create a multi-Region primary key with imported key material, use the
96
97
  * <code>Origin</code> parameter of <code>CreateKey</code> with a value of
97
98
  * <code>EXTERNAL</code> and the <code>MultiRegion</code> parameter with a value of
98
- * <code>True</code>. To create replicas of the multi-Region primary key, use the <a>ReplicateKey</a> operation. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
99
+ * <code>True</code>. To create replicas of the multi-Region primary key, use the <a>ReplicateKey</a> operation. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
99
100
  * <p> </p>
100
101
  * </dd>
101
102
  * <dt>Custom key store</dt>
102
103
  * <dd>
103
- * <p>To create a symmetric CMK in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, use the
104
+ * <p>To create a symmetric KMS key in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, use the
104
105
  * <code>CustomKeyStoreId</code> parameter to specify the custom key store. You must also
105
106
  * use the <code>Origin</code> parameter with a value of <code>AWS_CLOUDHSM</code>. The
106
- * AWS CloudHSM cluster that is associated with the custom key store must have at least two active
107
- * HSMs in different Availability Zones in the AWS Region. </p>
108
- * <p>You cannot create an asymmetric CMK or a multi-Region CMK in a custom key store. For
109
- * information about custom key stores in AWS KMS see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Using Custom Key Stores</a> in
107
+ * CloudHSM cluster that is associated with the custom key store must have at least two active
108
+ * HSMs in different Availability Zones in the Amazon Web Services Region. </p>
109
+ * <p>You cannot create an asymmetric KMS key in a custom key store. For information about
110
+ * custom key stores in KMS see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Using Custom Key Stores</a> in
110
111
  * the <i>
111
- * <i>AWS Key Management Service Developer Guide</i>
112
+ * <i>Key Management Service Developer Guide</i>
112
113
  * </i>.</p>
113
114
  * </dd>
114
115
  * </dl>
115
116
  * <p>
116
117
  * <b>Cross-account use</b>: No. You cannot use this operation to
117
- * create a CMK in a different AWS account.</p>
118
+ * create a KMS key in a different Amazon Web Services account.</p>
118
119
  *
119
120
  * <p>
120
121
  * <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateKey</a> (IAM policy). To use the
121
122
  * <code>Tags</code> parameter, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> (IAM policy). For examples and information about related
122
- * permissions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key">Allow a user to create
123
- * CMKs</a> in the <i>AWS Key Management Service Developer Guide</i>.</p>
123
+ * permissions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key">Allow a user to create KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
124
124
  * <p>
125
125
  * <b>Related operations:</b>
126
126
  * </p>