@aws-sdk/client-kms 3.288.0 → 3.290.0

package/dist-types/commands/DeleteImportedKeyMaterialCommand.d.ts

@@ -57,6 +57,56 @@ export interface DeleteImportedKeyMaterialCommandOutput extends __MetadataBearer
  * @see {@link DeleteImportedKeyMaterialCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @throws {@link DependencyTimeoutException} (server fault)
+ *  <p>The system timed out while trying to fulfill the request. You can retry the
+ *       request.</p>
+ *
+ * @throws {@link InvalidArnException} (client fault)
+ *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
+ *       valid.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ * @throws {@link KMSInvalidStateException} (client fault)
+ *  <p>The request was rejected because the state of the specified resource is not valid for this
+ *       request.</p>
+ *          <p>This exceptions means one of the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>The key state of the KMS key is not compatible with the operation. </p>
+ *                <p>To find the key state, use the <a>DescribeKey</a> operation. For more
+ *           information about which key states are compatible with each KMS operation, see
+ *           <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
+ *                      <i>Key Management Service Developer Guide</i>
+ *                   </i>.</p>
+ *             </li>
+ *             <li>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link NotFoundException} (client fault)
+ *  <p>The request was rejected because the specified entity or resource could not be
+ *       found.</p>
+ *
+ * @throws {@link UnsupportedOperationException} (client fault)
+ *  <p>The request was rejected because a specified parameter is not supported or a specified
+ *       resource is not valid for this operation.</p>
+ *
+ *
+ * @example To delete imported key material
+ * ```javascript
+ * // The following example deletes the imported key material from the specified KMS key.
+ * const input = {
+ *   "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DeleteImportedKeyMaterialCommand(input);
+ * await client.send(command);
+ * // example id: to-delete-imported-key-material-1478561674507
+ * ```
+ *
  */
 export declare class DeleteImportedKeyMaterialCommand extends $Command<DeleteImportedKeyMaterialCommandInput, DeleteImportedKeyMaterialCommandOutput, KMSClientResolvedConfig> {
     readonly input: DeleteImportedKeyMaterialCommandInput;

package/dist-types/commands/DescribeCustomKeyStoresCommand.d.ts

@@ -87,6 +87,120 @@ export interface DescribeCustomKeyStoresCommandOutput extends DescribeCustomKeyS
  * @see {@link DescribeCustomKeyStoresCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @throws {@link CustomKeyStoreNotFoundException} (client fault)
+ *  <p>The request was rejected because KMS cannot find a custom key store with the specified
+ *       key store name or ID.</p>
+ *
+ * @throws {@link InvalidMarkerException} (client fault)
+ *  <p>The request was rejected because the marker that specifies where pagination should next
+ *       begin is not valid.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ *
+ * @example To get detailed information about custom key stores in the account and Region
+ * ```javascript
+ * // This example gets detailed information about all AWS KMS custom key stores in an AWS account and Region. To get all key stores, do not enter a custom key store name or ID.
+ * const input = {};
+ * const command = new DescribeCustomKeyStoresCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStores": []
+ * }
+ * *\/
+ * // example id: to-get-detailed-information-about-custom-key-stores-in-the-account-and-region-1
+ * ```
+ *
+ * @example To get detailed information about an AWS CloudHSM key store by specifying its friendly name
+ * ```javascript
+ * // This example gets detailed information about a particular AWS CloudHSM key store by specifying its friendly name. To limit the output to a particular custom key store, provide either the custom key store name or ID.
+ * const input = {
+ *   "CustomKeyStoreName": "ExampleKeyStore"
+ * };
+ * const command = new DescribeCustomKeyStoresCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStores": [
+ *     {
+ *       "CloudHsmClusterId": "cluster-1a23b4cdefg",
+ *       "ConnectionState": "CONNECTED",
+ *       "CreationDate": "1.499288695918E9",
+ *       "CustomKeyStoreId": "cks-1234567890abcdef0",
+ *       "CustomKeyStoreName": "ExampleKeyStore",
+ *       "CustomKeyStoreType": "AWS_CLOUDHSM",
+ *       "TrustAnchorCertificate": "<certificate appears here>"
+ *     }
+ *   ]
+ * }
+ * *\/
+ * // example id: to-get-detailed-information-about-a-cloudhsm-custom-key-store-by-name-2
+ * ```
+ *
+ * @example To get detailed information about an external key store by specifying its ID
+ * ```javascript
+ * // This example gets detailed information about an external key store by specifying its ID.  The example external key store proxy uses public endpoint connectivity.
+ * const input = {
+ *   "CustomKeyStoreId": "cks-9876543210fedcba9"
+ * };
+ * const command = new DescribeCustomKeyStoresCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStores": [
+ *     {
+ *       "ConnectionState": "CONNECTED",
+ *       "CreationDate": "1.599288695918E9",
+ *       "CustomKeyStoreId": "cks-9876543210fedcba9",
+ *       "CustomKeyStoreName": "ExampleExternalKeyStore",
+ *       "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ *       "XksProxyConfiguration": {
+ *         "AccessKeyId": "ABCDE12345670EXAMPLE",
+ *         "Connectivity": "PUBLIC_ENDPOINT",
+ *         "UriEndpoint": "https://myproxy.xks.example.com",
+ *         "UriPath": "/kms/xks/v1"
+ *       }
+ *     }
+ *   ]
+ * }
+ * *\/
+ * // example id: to-get-detailed-information-about-an-external-key-store--3
+ * ```
+ *
+ * @example To get detailed information about an external key store VPC endpoint connectivity by specifying its friendly name
+ * ```javascript
+ * // This example gets detailed information about a particular external key store by specifying its friendly name. To limit the output to a particular custom key store, provide either the custom key store name or ID. The proxy URI path for this external key store includes an optional prefix. Also, because this example external key store uses VPC endpoint connectivity, the response includes the associated VPC endpoint service name.
+ * const input = {
+ *   "CustomKeyStoreName": "VPCExternalKeystore"
+ * };
+ * const command = new DescribeCustomKeyStoresCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "CustomKeyStores": [
+ *     {
+ *       "ConnectionState": "CONNECTED",
+ *       "CreationDate": "1.643057863.842",
+ *       "CustomKeyStoreId": "cks-876543210fedcba98",
+ *       "CustomKeyStoreName": "ExampleVPCExternalKeyStore",
+ *       "CustomKeyStoreType": "EXTERNAL_KEY_STORE",
+ *       "XksProxyConfiguration": {
+ *         "AccessKeyId": "ABCDE12345670EXAMPLE",
+ *         "Connectivity": "VPC_ENDPOINT_SERVICE",
+ *         "UriEndpoint": "https://myproxy-private.xks.example.com",
+ *         "UriPath": "/example-prefix/kms/xks/v1",
+ *         "VpcEndpointServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1"
+ *       }
+ *     }
+ *   ]
+ * }
+ * *\/
+ * // example id: to-get-detailed-information-about-an-external-custom-key-store-by-name-4
+ * ```
+ *
  */
 export declare class DescribeCustomKeyStoresCommand extends $Command<DescribeCustomKeyStoresCommandInput, DescribeCustomKeyStoresCommandOutput, KMSClientResolvedConfig> {
     readonly input: DescribeCustomKeyStoresCommandInput;

package/dist-types/commands/DescribeKeyCommand.d.ts

@@ -111,6 +111,251 @@ export interface DescribeKeyCommandOutput extends DescribeKeyResponse, __Metadat
  * @see {@link DescribeKeyCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @throws {@link DependencyTimeoutException} (server fault)
+ *  <p>The system timed out while trying to fulfill the request. You can retry the
+ *       request.</p>
+ *
+ * @throws {@link InvalidArnException} (client fault)
+ *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
+ *       valid.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ * @throws {@link NotFoundException} (client fault)
+ *  <p>The request was rejected because the specified entity or resource could not be
+ *       found.</p>
+ *
+ *
+ * @example To get details about a KMS key
+ * ```javascript
+ * // The following example gets metadata for a symmetric encryption KMS key.
+ * const input = {
+ *   "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DescribeKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CreationDate": "2017-07-05T14:04:55-07:00",
+ *     "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ *     "Description": "",
+ *     "Enabled": true,
+ *     "EncryptionAlgorithms": [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "SYMMETRIC_DEFAULT",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": false,
+ *     "Origin": "AWS_KMS"
+ *   }
+ * }
+ * *\/
+ * // example id: get-key-details-1
+ * ```
+ *
+ * @example To get details about an RSA asymmetric KMS key
+ * ```javascript
+ * // The following example gets metadata for an asymmetric RSA KMS key used for signing and verification.
+ * const input = {
+ *   "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DescribeKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CreationDate": 1571767572.317,
+ *     "CustomerMasterKeySpec": "RSA_2048",
+ *     "Description": "",
+ *     "Enabled": false,
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "RSA_2048",
+ *     "KeyState": "Disabled",
+ *     "KeyUsage": "SIGN_VERIFY",
+ *     "MultiRegion": false,
+ *     "Origin": "AWS_KMS",
+ *     "SigningAlgorithms": [
+ *       "RSASSA_PKCS1_V1_5_SHA_256",
+ *       "RSASSA_PKCS1_V1_5_SHA_384",
+ *       "RSASSA_PKCS1_V1_5_SHA_512",
+ *       "RSASSA_PSS_SHA_256",
+ *       "RSASSA_PSS_SHA_384",
+ *       "RSASSA_PSS_SHA_512"
+ *     ]
+ *   }
+ * }
+ * *\/
+ * // example id: to-get-details-about-an-rsa-asymmetric-kms-key-2
+ * ```
+ *
+ * @example To get details about a multi-Region key
+ * ```javascript
+ * // The following example gets metadata for a multi-Region replica key. This multi-Region key is a symmetric encryption key. DescribeKey returns information about the primary key and all of its replicas.
+ * const input = {
+ *   "KeyId": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab"
+ * };
+ * const command = new DescribeKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "111122223333",
+ *     "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
+ *     "CreationDate": 1586329200.918,
+ *     "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ *     "Description": "",
+ *     "Enabled": true,
+ *     "EncryptionAlgorithms": [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     "KeyId": "mrk-1234abcd12ab34cd56ef1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": true,
+ *     "MultiRegionConfiguration": {
+ *       "MultiRegionKeyType": "PRIMARY",
+ *       "PrimaryKey": {
+ *         "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
+ *         "Region": "us-west-2"
+ *       },
+ *       "ReplicaKeys": [
+ *         {
+ *           "Arn": "arn:aws:kms:eu-west-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
+ *           "Region": "eu-west-1"
+ *         },
+ *         {
+ *           "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
+ *           "Region": "ap-northeast-1"
+ *         },
+ *         {
+ *           "Arn": "arn:aws:kms:sa-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
+ *           "Region": "sa-east-1"
+ *         }
+ *       ]
+ *     },
+ *     "Origin": "AWS_KMS"
+ *   }
+ * }
+ * *\/
+ * // example id: to-get-details-about-a-multi-region-key-3
+ * ```
+ *
+ * @example To get details about an HMAC KMS key
+ * ```javascript
+ * // The following example gets the metadata of an HMAC KMS key.
+ * const input = {
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DescribeKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "123456789012",
+ *     "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CreationDate": 1566160362.664,
+ *     "CustomerMasterKeySpec": "HMAC_256",
+ *     "Description": "Development test key",
+ *     "Enabled": true,
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "GENERATE_VERIFY_MAC",
+ *     "MacAlgorithms": [
+ *       "HMAC_SHA_256"
+ *     ],
+ *     "MultiRegion": false,
+ *     "Origin": "AWS_KMS"
+ *   }
+ * }
+ * *\/
+ * // example id: to-get-details-about-an-hmac-kms-key-4
+ * ```
+ *
+ * @example To get details about a KMS key in an AWS CloudHSM key store
+ * ```javascript
+ * // The following example gets the metadata of a KMS key in an AWS CloudHSM key store.
+ * const input = {
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DescribeKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "123456789012",
+ *     "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CloudHsmClusterId": "cluster-1a23b4cdefg",
+ *     "CreationDate": 1646160362.664,
+ *     "CustomKeyStoreId": "cks-1234567890abcdef0",
+ *     "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ *     "Description": "CloudHSM key store test key",
+ *     "Enabled": true,
+ *     "EncryptionAlgorithms": [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "SYMMETRIC_DEFAULT",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": false,
+ *     "Origin": "AWS_CLOUDHSM"
+ *   }
+ * }
+ * *\/
+ * // example id: to-get-details-about-a-kms-key-in-an-AWS-CloudHSM-key-store-5
+ * ```
+ *
+ * @example To get details about a KMS key in an external key store
+ * ```javascript
+ * // The following example gets the metadata of a KMS key in an external key store.
+ * const input = {
+ *   "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DescribeKeyCommand(input);
+ * const response = await client.send(command);
+ * /* response ==
+ * {
+ *   "KeyMetadata": {
+ *     "AWSAccountId": "123456789012",
+ *     "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "CreationDate": 1646160362.664,
+ *     "CustomKeyStoreId": "cks-1234567890abcdef0",
+ *     "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
+ *     "Description": "External key store test key",
+ *     "Enabled": true,
+ *     "EncryptionAlgorithms": [
+ *       "SYMMETRIC_DEFAULT"
+ *     ],
+ *     "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+ *     "KeyManager": "CUSTOMER",
+ *     "KeySpec": "SYMMETRIC_DEFAULT",
+ *     "KeyState": "Enabled",
+ *     "KeyUsage": "ENCRYPT_DECRYPT",
+ *     "MultiRegion": false,
+ *     "Origin": "EXTERNAL_KEY_STORE",
+ *     "XksKeyConfiguration": {
+ *       "Id": "bb8562717f809024"
+ *     }
+ *   }
+ * }
+ * *\/
+ * // example id: to-get-details-about-a-kms-key-in-an-external-key-store-6
+ * ```
+ *
  */
 export declare class DescribeKeyCommand extends $Command<DescribeKeyCommandInput, DescribeKeyCommandOutput, KMSClientResolvedConfig> {
     readonly input: DescribeKeyCommandInput;

package/dist-types/commands/DisableKeyCommand.d.ts

@@ -43,6 +43,52 @@ export interface DisableKeyCommandOutput extends __MetadataBearer {
  * @see {@link DisableKeyCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @throws {@link DependencyTimeoutException} (server fault)
+ *  <p>The system timed out while trying to fulfill the request. You can retry the
+ *       request.</p>
+ *
+ * @throws {@link InvalidArnException} (client fault)
+ *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
+ *       valid.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ * @throws {@link KMSInvalidStateException} (client fault)
+ *  <p>The request was rejected because the state of the specified resource is not valid for this
+ *       request.</p>
+ *          <p>This exceptions means one of the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>The key state of the KMS key is not compatible with the operation. </p>
+ *                <p>To find the key state, use the <a>DescribeKey</a> operation. For more
+ *           information about which key states are compatible with each KMS operation, see
+ *           <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
+ *                      <i>Key Management Service Developer Guide</i>
+ *                   </i>.</p>
+ *             </li>
+ *             <li>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link NotFoundException} (client fault)
+ *  <p>The request was rejected because the specified entity or resource could not be
+ *       found.</p>
+ *
+ *
+ * @example To disable a KMS key
+ * ```javascript
+ * // The following example disables the specified KMS key.
+ * const input = {
+ *   "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DisableKeyCommand(input);
+ * await client.send(command);
+ * // example id: to-disable-a-cmk-1478566583659
+ * ```
+ *
  */
 export declare class DisableKeyCommand extends $Command<DisableKeyCommandInput, DisableKeyCommandOutput, KMSClientResolvedConfig> {
     readonly input: DisableKeyCommandInput;

package/dist-types/commands/DisableKeyRotationCommand.d.ts

@@ -61,6 +61,59 @@ export interface DisableKeyRotationCommandOutput extends __MetadataBearer {
  * @see {@link DisableKeyRotationCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @throws {@link DependencyTimeoutException} (server fault)
+ *  <p>The system timed out while trying to fulfill the request. You can retry the
+ *       request.</p>
+ *
+ * @throws {@link DisabledException} (client fault)
+ *  <p>The request was rejected because the specified KMS key is not enabled.</p>
+ *
+ * @throws {@link InvalidArnException} (client fault)
+ *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
+ *       valid.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ * @throws {@link KMSInvalidStateException} (client fault)
+ *  <p>The request was rejected because the state of the specified resource is not valid for this
+ *       request.</p>
+ *          <p>This exceptions means one of the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>The key state of the KMS key is not compatible with the operation. </p>
+ *                <p>To find the key state, use the <a>DescribeKey</a> operation. For more
+ *           information about which key states are compatible with each KMS operation, see
+ *           <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
+ *                      <i>Key Management Service Developer Guide</i>
+ *                   </i>.</p>
+ *             </li>
+ *             <li>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link NotFoundException} (client fault)
+ *  <p>The request was rejected because the specified entity or resource could not be
+ *       found.</p>
+ *
+ * @throws {@link UnsupportedOperationException} (client fault)
+ *  <p>The request was rejected because a specified parameter is not supported or a specified
+ *       resource is not valid for this operation.</p>
+ *
+ *
+ * @example To disable automatic rotation of key material
+ * ```javascript
+ * // The following example disables automatic annual rotation of the key material for the specified KMS key.
+ * const input = {
+ *   "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new DisableKeyRotationCommand(input);
+ * await client.send(command);
+ * // example id: to-disable-automatic-rotation-of-key-material-1478624396092
+ * ```
+ *
  */
 export declare class DisableKeyRotationCommand extends $Command<DisableKeyRotationCommandInput, DisableKeyRotationCommandOutput, KMSClientResolvedConfig> {
     readonly input: DisableKeyRotationCommandInput;

package/dist-types/commands/DisconnectCustomKeyStoreCommand.d.ts

@@ -80,6 +80,62 @@ export interface DisconnectCustomKeyStoreCommandOutput extends DisconnectCustomK
  * @see {@link DisconnectCustomKeyStoreCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @throws {@link CustomKeyStoreInvalidStateException} (client fault)
+ *  <p>The request was rejected because of the <code>ConnectionState</code> of the custom key
+ *       store. To get the <code>ConnectionState</code> of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
+ *          <p>This exception is thrown under the following conditions:</p>
+ *          <ul>
+ *             <li>
+ *                <p>You requested the <a>ConnectCustomKeyStore</a> operation on a custom key
+ *           store with a <code>ConnectionState</code> of <code>DISCONNECTING</code> or
+ *             <code>FAILED</code>. This operation is valid for all other <code>ConnectionState</code>
+ *           values. To reconnect a custom key store in a <code>FAILED</code> state, disconnect it
+ *             (<a>DisconnectCustomKeyStore</a>), then connect it
+ *             (<code>ConnectCustomKeyStore</code>).</p>
+ *             </li>
+ *             <li>
+ *                <p>You requested the <a>CreateKey</a> operation in a custom key store that is
+ *           not connected. This operations is valid only when the custom key store
+ *             <code>ConnectionState</code> is <code>CONNECTED</code>.</p>
+ *             </li>
+ *             <li>
+ *                <p>You requested the <a>DisconnectCustomKeyStore</a> operation on a custom key
+ *           store with a <code>ConnectionState</code> of <code>DISCONNECTING</code> or
+ *             <code>DISCONNECTED</code>. This operation is valid for all other
+ *             <code>ConnectionState</code> values.</p>
+ *             </li>
+ *             <li>
+ *                <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
+ *           disconnected. This operation is valid only when the custom key store
+ *             <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
+ *             </li>
+ *             <li>
+ *                <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store
+ *           that is not connected. This operation is valid only when the CloudHSM key store
+ *             <code>ConnectionState</code> is <code>CONNECTED</code>. </p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link CustomKeyStoreNotFoundException} (client fault)
+ *  <p>The request was rejected because KMS cannot find a custom key store with the specified
+ *       key store name or ID.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ *
+ * @example To disconnect a custom key store from its CloudHSM cluster
+ * ```javascript
+ * // This example disconnects an AWS KMS custom key store from its backing key store. For an AWS CloudHSM key store, it disconnects the key store from its AWS CloudHSM cluster. For an external key store, it disconnects the key store from the external key store proxy that communicates with your external key manager. This operation doesn't return any data. To verify that the custom key store is disconnected, use the <code>DescribeCustomKeyStores</code> operation.
+ * const input = {
+ *   "CustomKeyStoreId": "cks-1234567890abcdef0"
+ * };
+ * const command = new DisconnectCustomKeyStoreCommand(input);
+ * await client.send(command);
+ * // example id: to-disconnect-a-custom-key-store-from-its-cloudhsm-cluster-1628627955156
+ * ```
+ *
  */
 export declare class DisconnectCustomKeyStoreCommand extends $Command<DisconnectCustomKeyStoreCommandInput, DisconnectCustomKeyStoreCommandOutput, KMSClientResolvedConfig> {
     readonly input: DisconnectCustomKeyStoreCommandInput;

package/dist-types/commands/EnableKeyCommand.d.ts

@@ -39,6 +39,56 @@ export interface EnableKeyCommandOutput extends __MetadataBearer {
  * @see {@link EnableKeyCommandOutput} for command's `response` shape.
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
  *
+ * @throws {@link DependencyTimeoutException} (server fault)
+ *  <p>The system timed out while trying to fulfill the request. You can retry the
+ *       request.</p>
+ *
+ * @throws {@link InvalidArnException} (client fault)
+ *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
+ *       valid.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ * @throws {@link KMSInvalidStateException} (client fault)
+ *  <p>The request was rejected because the state of the specified resource is not valid for this
+ *       request.</p>
+ *          <p>This exceptions means one of the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>The key state of the KMS key is not compatible with the operation. </p>
+ *                <p>To find the key state, use the <a>DescribeKey</a> operation. For more
+ *           information about which key states are compatible with each KMS operation, see
+ *           <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
+ *                      <i>Key Management Service Developer Guide</i>
+ *                   </i>.</p>
+ *             </li>
+ *             <li>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link LimitExceededException} (client fault)
+ *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
+ *       <i>Key Management Service Developer Guide</i>.</p>
+ *
+ * @throws {@link NotFoundException} (client fault)
+ *  <p>The request was rejected because the specified entity or resource could not be
+ *       found.</p>
+ *
+ *
+ * @example To enable a KMS key
+ * ```javascript
+ * // The following example enables the specified KMS key.
+ * const input = {
+ *   "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
+ * };
+ * const command = new EnableKeyCommand(input);
+ * await client.send(command);
+ * // example id: to-enable-a-cmk-1478627501129
+ * ```
+ *
  */
 export declare class EnableKeyCommand extends $Command<EnableKeyCommandInput, EnableKeyCommandOutput, KMSClientResolvedConfig> {
     readonly input: EnableKeyCommandInput;