@aws-sdk/client-kms 3.289.0 → 3.290.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (51) hide show
  1. package/dist-types/commands/CancelKeyDeletionCommand.d.ts +35 -0
  2. package/dist-types/commands/ConnectCustomKeyStoreCommand.d.ts +85 -0
  3. package/dist-types/commands/CreateAliasCommand.d.ts +42 -0
  4. package/dist-types/commands/CreateCustomKeyStoreCommand.d.ts +125 -0
  5. package/dist-types/commands/CreateGrantCommand.d.ts +45 -0
  6. package/dist-types/commands/CreateKeyCommand.d.ts +122 -0
  7. package/dist-types/commands/DecryptCommand.d.ts +76 -0
  8. package/dist-types/commands/DeleteAliasCommand.d.ts +31 -0
  9. package/dist-types/commands/DeleteCustomKeyStoreCommand.d.ts +51 -0
  10. package/dist-types/commands/DeleteImportedKeyMaterialCommand.d.ts +39 -0
  11. package/dist-types/commands/DescribeCustomKeyStoresCommand.d.ts +13 -0
  12. package/dist-types/commands/DescribeKeyCommand.d.ts +17 -0
  13. package/dist-types/commands/DisableKeyCommand.d.ts +35 -0
  14. package/dist-types/commands/DisableKeyRotationCommand.d.ts +42 -0
  15. package/dist-types/commands/DisconnectCustomKeyStoreCommand.d.ts +45 -0
  16. package/dist-types/commands/EnableKeyCommand.d.ts +39 -0
  17. package/dist-types/commands/EnableKeyRotationCommand.d.ts +42 -0
  18. package/dist-types/commands/EncryptCommand.d.ts +62 -0
  19. package/dist-types/commands/GenerateDataKeyCommand.d.ts +62 -0
  20. package/dist-types/commands/GenerateDataKeyPairCommand.d.ts +66 -0
  21. package/dist-types/commands/GenerateDataKeyPairWithoutPlaintextCommand.d.ts +66 -0
  22. package/dist-types/commands/GenerateDataKeyWithoutPlaintextCommand.d.ts +62 -0
  23. package/dist-types/commands/GenerateMacCommand.d.ts +58 -0
  24. package/dist-types/commands/GenerateRandomCommand.d.ts +53 -0
  25. package/dist-types/commands/GetKeyPolicyCommand.d.ts +35 -0
  26. package/dist-types/commands/GetKeyRotationStatusCommand.d.ts +39 -0
  27. package/dist-types/commands/GetParametersForImportCommand.d.ts +39 -0
  28. package/dist-types/commands/GetPublicKeyCommand.d.ts +70 -0
  29. package/dist-types/commands/ImportKeyMaterialCommand.d.ts +59 -0
  30. package/dist-types/commands/ListAliasesCommand.d.ts +21 -0
  31. package/dist-types/commands/ListGrantsCommand.d.ts +42 -0
  32. package/dist-types/commands/ListKeyPoliciesCommand.d.ts +35 -0
  33. package/dist-types/commands/ListKeysCommand.d.ts +13 -0
  34. package/dist-types/commands/ListResourceTagsCommand.d.ts +17 -0
  35. package/dist-types/commands/ListRetirableGrantsCommand.d.ts +21 -0
  36. package/dist-types/commands/PutKeyPolicyCommand.d.ts +47 -0
  37. package/dist-types/commands/ReEncryptCommand.d.ts +76 -0
  38. package/dist-types/commands/ReplicateKeyCommand.d.ts +53 -0
  39. package/dist-types/commands/RetireGrantCommand.d.ts +41 -0
  40. package/dist-types/commands/RevokeGrantCommand.d.ts +38 -0
  41. package/dist-types/commands/ScheduleKeyDeletionCommand.d.ts +35 -0
  42. package/dist-types/commands/SignCommand.d.ts +62 -0
  43. package/dist-types/commands/TagResourceCommand.d.ts +38 -0
  44. package/dist-types/commands/UntagResourceCommand.d.ts +34 -0
  45. package/dist-types/commands/UpdateAliasCommand.d.ts +35 -0
  46. package/dist-types/commands/UpdateCustomKeyStoreCommand.d.ts +157 -0
  47. package/dist-types/commands/UpdateKeyDescriptionCommand.d.ts +35 -0
  48. package/dist-types/commands/UpdatePrimaryRegionCommand.d.ts +38 -0
  49. package/dist-types/commands/VerifyCommand.d.ts +67 -0
  50. package/dist-types/commands/VerifyMacCommand.d.ts +63 -0
  51. package/package.json +29 -29
@@ -87,6 +87,57 @@ export interface DeleteCustomKeyStoreCommandOutput extends DeleteCustomKeyStoreR
87
87
  * @see {@link DeleteCustomKeyStoreCommandOutput} for command's `response` shape.
88
88
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
89
89
  *
90
+ * @throws {@link CustomKeyStoreHasCMKsException} (client fault)
91
+ * <p>The request was rejected because the custom key store contains KMS keys. After verifying
92
+ * that you do not need to use the KMS keys, use the <a>ScheduleKeyDeletion</a>
93
+ * operation to delete the KMS keys. After they are deleted, you can delete the custom key
94
+ * store.</p>
95
+ *
96
+ * @throws {@link CustomKeyStoreInvalidStateException} (client fault)
97
+ * <p>The request was rejected because of the <code>ConnectionState</code> of the custom key
98
+ * store. To get the <code>ConnectionState</code> of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
99
+ * <p>This exception is thrown under the following conditions:</p>
100
+ * <ul>
101
+ * <li>
102
+ * <p>You requested the <a>ConnectCustomKeyStore</a> operation on a custom key
103
+ * store with a <code>ConnectionState</code> of <code>DISCONNECTING</code> or
104
+ * <code>FAILED</code>. This operation is valid for all other <code>ConnectionState</code>
105
+ * values. To reconnect a custom key store in a <code>FAILED</code> state, disconnect it
106
+ * (<a>DisconnectCustomKeyStore</a>), then connect it
107
+ * (<code>ConnectCustomKeyStore</code>).</p>
108
+ * </li>
109
+ * <li>
110
+ * <p>You requested the <a>CreateKey</a> operation in a custom key store that is
111
+ * not connected. This operations is valid only when the custom key store
112
+ * <code>ConnectionState</code> is <code>CONNECTED</code>.</p>
113
+ * </li>
114
+ * <li>
115
+ * <p>You requested the <a>DisconnectCustomKeyStore</a> operation on a custom key
116
+ * store with a <code>ConnectionState</code> of <code>DISCONNECTING</code> or
117
+ * <code>DISCONNECTED</code>. This operation is valid for all other
118
+ * <code>ConnectionState</code> values.</p>
119
+ * </li>
120
+ * <li>
121
+ * <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
122
+ * disconnected. This operation is valid only when the custom key store
123
+ * <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
124
+ * </li>
125
+ * <li>
126
+ * <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store
127
+ * that is not connected. This operation is valid only when the CloudHSM key store
128
+ * <code>ConnectionState</code> is <code>CONNECTED</code>. </p>
129
+ * </li>
130
+ * </ul>
131
+ *
132
+ * @throws {@link CustomKeyStoreNotFoundException} (client fault)
133
+ * <p>The request was rejected because KMS cannot find a custom key store with the specified
134
+ * key store name or ID.</p>
135
+ *
136
+ * @throws {@link KMSInternalException} (server fault)
137
+ * <p>The request was rejected because an internal exception occurred. The request can be
138
+ * retried.</p>
139
+ *
140
+ *
90
141
  * @example To delete a custom key store from AWS KMS
91
142
  * ```javascript
92
143
  * // This example deletes a custom key store from AWS KMS. This operation does not affect the backing key store, such as a CloudHSM cluster, external key store proxy, or your external key manager. This operation doesn't return any data. To verify that the operation was successful, use the DescribeCustomKeyStores operation.
@@ -57,6 +57,45 @@ export interface DeleteImportedKeyMaterialCommandOutput extends __MetadataBearer
57
57
  * @see {@link DeleteImportedKeyMaterialCommandOutput} for command's `response` shape.
58
58
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
59
59
  *
60
+ * @throws {@link DependencyTimeoutException} (server fault)
61
+ * <p>The system timed out while trying to fulfill the request. You can retry the
62
+ * request.</p>
63
+ *
64
+ * @throws {@link InvalidArnException} (client fault)
65
+ * <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
66
+ * valid.</p>
67
+ *
68
+ * @throws {@link KMSInternalException} (server fault)
69
+ * <p>The request was rejected because an internal exception occurred. The request can be
70
+ * retried.</p>
71
+ *
72
+ * @throws {@link KMSInvalidStateException} (client fault)
73
+ * <p>The request was rejected because the state of the specified resource is not valid for this
74
+ * request.</p>
75
+ * <p>This exceptions means one of the following:</p>
76
+ * <ul>
77
+ * <li>
78
+ * <p>The key state of the KMS key is not compatible with the operation. </p>
79
+ * <p>To find the key state, use the <a>DescribeKey</a> operation. For more
80
+ * information about which key states are compatible with each KMS operation, see
81
+ * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
82
+ * <i>Key Management Service Developer Guide</i>
83
+ * </i>.</p>
84
+ * </li>
85
+ * <li>
86
+ * <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
87
+ * </li>
88
+ * </ul>
89
+ *
90
+ * @throws {@link NotFoundException} (client fault)
91
+ * <p>The request was rejected because the specified entity or resource could not be
92
+ * found.</p>
93
+ *
94
+ * @throws {@link UnsupportedOperationException} (client fault)
95
+ * <p>The request was rejected because a specified parameter is not supported or a specified
96
+ * resource is not valid for this operation.</p>
97
+ *
98
+ *
60
99
  * @example To delete imported key material
61
100
  * ```javascript
62
101
  * // The following example deletes the imported key material from the specified KMS key.
@@ -87,6 +87,19 @@ export interface DescribeCustomKeyStoresCommandOutput extends DescribeCustomKeyS
87
87
  * @see {@link DescribeCustomKeyStoresCommandOutput} for command's `response` shape.
88
88
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
89
89
  *
90
+ * @throws {@link CustomKeyStoreNotFoundException} (client fault)
91
+ * <p>The request was rejected because KMS cannot find a custom key store with the specified
92
+ * key store name or ID.</p>
93
+ *
94
+ * @throws {@link InvalidMarkerException} (client fault)
95
+ * <p>The request was rejected because the marker that specifies where pagination should next
96
+ * begin is not valid.</p>
97
+ *
98
+ * @throws {@link KMSInternalException} (server fault)
99
+ * <p>The request was rejected because an internal exception occurred. The request can be
100
+ * retried.</p>
101
+ *
102
+ *
90
103
  * @example To get detailed information about custom key stores in the account and Region
91
104
  * ```javascript
92
105
  * // This example gets detailed information about all AWS KMS custom key stores in an AWS account and Region. To get all key stores, do not enter a custom key store name or ID.
@@ -111,6 +111,23 @@ export interface DescribeKeyCommandOutput extends DescribeKeyResponse, __Metadat
111
111
  * @see {@link DescribeKeyCommandOutput} for command's `response` shape.
112
112
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
113
113
  *
114
+ * @throws {@link DependencyTimeoutException} (server fault)
115
+ * <p>The system timed out while trying to fulfill the request. You can retry the
116
+ * request.</p>
117
+ *
118
+ * @throws {@link InvalidArnException} (client fault)
119
+ * <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
120
+ * valid.</p>
121
+ *
122
+ * @throws {@link KMSInternalException} (server fault)
123
+ * <p>The request was rejected because an internal exception occurred. The request can be
124
+ * retried.</p>
125
+ *
126
+ * @throws {@link NotFoundException} (client fault)
127
+ * <p>The request was rejected because the specified entity or resource could not be
128
+ * found.</p>
129
+ *
130
+ *
114
131
  * @example To get details about a KMS key
115
132
  * ```javascript
116
133
  * // The following example gets metadata for a symmetric encryption KMS key.
@@ -43,6 +43,41 @@ export interface DisableKeyCommandOutput extends __MetadataBearer {
43
43
  * @see {@link DisableKeyCommandOutput} for command's `response` shape.
44
44
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
45
45
  *
46
+ * @throws {@link DependencyTimeoutException} (server fault)
47
+ * <p>The system timed out while trying to fulfill the request. You can retry the
48
+ * request.</p>
49
+ *
50
+ * @throws {@link InvalidArnException} (client fault)
51
+ * <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
52
+ * valid.</p>
53
+ *
54
+ * @throws {@link KMSInternalException} (server fault)
55
+ * <p>The request was rejected because an internal exception occurred. The request can be
56
+ * retried.</p>
57
+ *
58
+ * @throws {@link KMSInvalidStateException} (client fault)
59
+ * <p>The request was rejected because the state of the specified resource is not valid for this
60
+ * request.</p>
61
+ * <p>This exceptions means one of the following:</p>
62
+ * <ul>
63
+ * <li>
64
+ * <p>The key state of the KMS key is not compatible with the operation. </p>
65
+ * <p>To find the key state, use the <a>DescribeKey</a> operation. For more
66
+ * information about which key states are compatible with each KMS operation, see
67
+ * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
68
+ * <i>Key Management Service Developer Guide</i>
69
+ * </i>.</p>
70
+ * </li>
71
+ * <li>
72
+ * <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
73
+ * </li>
74
+ * </ul>
75
+ *
76
+ * @throws {@link NotFoundException} (client fault)
77
+ * <p>The request was rejected because the specified entity or resource could not be
78
+ * found.</p>
79
+ *
80
+ *
46
81
  * @example To disable a KMS key
47
82
  * ```javascript
48
83
  * // The following example disables the specified KMS key.
@@ -61,6 +61,48 @@ export interface DisableKeyRotationCommandOutput extends __MetadataBearer {
61
61
  * @see {@link DisableKeyRotationCommandOutput} for command's `response` shape.
62
62
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
63
63
  *
64
+ * @throws {@link DependencyTimeoutException} (server fault)
65
+ * <p>The system timed out while trying to fulfill the request. You can retry the
66
+ * request.</p>
67
+ *
68
+ * @throws {@link DisabledException} (client fault)
69
+ * <p>The request was rejected because the specified KMS key is not enabled.</p>
70
+ *
71
+ * @throws {@link InvalidArnException} (client fault)
72
+ * <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
73
+ * valid.</p>
74
+ *
75
+ * @throws {@link KMSInternalException} (server fault)
76
+ * <p>The request was rejected because an internal exception occurred. The request can be
77
+ * retried.</p>
78
+ *
79
+ * @throws {@link KMSInvalidStateException} (client fault)
80
+ * <p>The request was rejected because the state of the specified resource is not valid for this
81
+ * request.</p>
82
+ * <p>This exceptions means one of the following:</p>
83
+ * <ul>
84
+ * <li>
85
+ * <p>The key state of the KMS key is not compatible with the operation. </p>
86
+ * <p>To find the key state, use the <a>DescribeKey</a> operation. For more
87
+ * information about which key states are compatible with each KMS operation, see
88
+ * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
89
+ * <i>Key Management Service Developer Guide</i>
90
+ * </i>.</p>
91
+ * </li>
92
+ * <li>
93
+ * <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
94
+ * </li>
95
+ * </ul>
96
+ *
97
+ * @throws {@link NotFoundException} (client fault)
98
+ * <p>The request was rejected because the specified entity or resource could not be
99
+ * found.</p>
100
+ *
101
+ * @throws {@link UnsupportedOperationException} (client fault)
102
+ * <p>The request was rejected because a specified parameter is not supported or a specified
103
+ * resource is not valid for this operation.</p>
104
+ *
105
+ *
64
106
  * @example To disable automatic rotation of key material
65
107
  * ```javascript
66
108
  * // The following example disables automatic annual rotation of the key material for the specified KMS key.
@@ -80,6 +80,51 @@ export interface DisconnectCustomKeyStoreCommandOutput extends DisconnectCustomK
80
80
  * @see {@link DisconnectCustomKeyStoreCommandOutput} for command's `response` shape.
81
81
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
82
82
  *
83
+ * @throws {@link CustomKeyStoreInvalidStateException} (client fault)
84
+ * <p>The request was rejected because of the <code>ConnectionState</code> of the custom key
85
+ * store. To get the <code>ConnectionState</code> of a custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
86
+ * <p>This exception is thrown under the following conditions:</p>
87
+ * <ul>
88
+ * <li>
89
+ * <p>You requested the <a>ConnectCustomKeyStore</a> operation on a custom key
90
+ * store with a <code>ConnectionState</code> of <code>DISCONNECTING</code> or
91
+ * <code>FAILED</code>. This operation is valid for all other <code>ConnectionState</code>
92
+ * values. To reconnect a custom key store in a <code>FAILED</code> state, disconnect it
93
+ * (<a>DisconnectCustomKeyStore</a>), then connect it
94
+ * (<code>ConnectCustomKeyStore</code>).</p>
95
+ * </li>
96
+ * <li>
97
+ * <p>You requested the <a>CreateKey</a> operation in a custom key store that is
98
+ * not connected. This operations is valid only when the custom key store
99
+ * <code>ConnectionState</code> is <code>CONNECTED</code>.</p>
100
+ * </li>
101
+ * <li>
102
+ * <p>You requested the <a>DisconnectCustomKeyStore</a> operation on a custom key
103
+ * store with a <code>ConnectionState</code> of <code>DISCONNECTING</code> or
104
+ * <code>DISCONNECTED</code>. This operation is valid for all other
105
+ * <code>ConnectionState</code> values.</p>
106
+ * </li>
107
+ * <li>
108
+ * <p>You requested the <a>UpdateCustomKeyStore</a> or <a>DeleteCustomKeyStore</a> operation on a custom key store that is not
109
+ * disconnected. This operation is valid only when the custom key store
110
+ * <code>ConnectionState</code> is <code>DISCONNECTED</code>.</p>
111
+ * </li>
112
+ * <li>
113
+ * <p>You requested the <a>GenerateRandom</a> operation in an CloudHSM key store
114
+ * that is not connected. This operation is valid only when the CloudHSM key store
115
+ * <code>ConnectionState</code> is <code>CONNECTED</code>. </p>
116
+ * </li>
117
+ * </ul>
118
+ *
119
+ * @throws {@link CustomKeyStoreNotFoundException} (client fault)
120
+ * <p>The request was rejected because KMS cannot find a custom key store with the specified
121
+ * key store name or ID.</p>
122
+ *
123
+ * @throws {@link KMSInternalException} (server fault)
124
+ * <p>The request was rejected because an internal exception occurred. The request can be
125
+ * retried.</p>
126
+ *
127
+ *
83
128
  * @example To disconnect a custom key store from its CloudHSM cluster
84
129
  * ```javascript
85
130
  * // This example disconnects an AWS KMS custom key store from its backing key store. For an AWS CloudHSM key store, it disconnects the key store from its AWS CloudHSM cluster. For an external key store, it disconnects the key store from the external key store proxy that communicates with your external key manager. This operation doesn't return any data. To verify that the custom key store is disconnected, use the <code>DescribeCustomKeyStores</code> operation.
@@ -39,6 +39,45 @@ export interface EnableKeyCommandOutput extends __MetadataBearer {
39
39
  * @see {@link EnableKeyCommandOutput} for command's `response` shape.
40
40
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
41
41
  *
42
+ * @throws {@link DependencyTimeoutException} (server fault)
43
+ * <p>The system timed out while trying to fulfill the request. You can retry the
44
+ * request.</p>
45
+ *
46
+ * @throws {@link InvalidArnException} (client fault)
47
+ * <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
48
+ * valid.</p>
49
+ *
50
+ * @throws {@link KMSInternalException} (server fault)
51
+ * <p>The request was rejected because an internal exception occurred. The request can be
52
+ * retried.</p>
53
+ *
54
+ * @throws {@link KMSInvalidStateException} (client fault)
55
+ * <p>The request was rejected because the state of the specified resource is not valid for this
56
+ * request.</p>
57
+ * <p>This exceptions means one of the following:</p>
58
+ * <ul>
59
+ * <li>
60
+ * <p>The key state of the KMS key is not compatible with the operation. </p>
61
+ * <p>To find the key state, use the <a>DescribeKey</a> operation. For more
62
+ * information about which key states are compatible with each KMS operation, see
63
+ * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
64
+ * <i>Key Management Service Developer Guide</i>
65
+ * </i>.</p>
66
+ * </li>
67
+ * <li>
68
+ * <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
69
+ * </li>
70
+ * </ul>
71
+ *
72
+ * @throws {@link LimitExceededException} (client fault)
73
+ * <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
74
+ * <i>Key Management Service Developer Guide</i>.</p>
75
+ *
76
+ * @throws {@link NotFoundException} (client fault)
77
+ * <p>The request was rejected because the specified entity or resource could not be
78
+ * found.</p>
79
+ *
80
+ *
42
81
  * @example To enable a KMS key
43
82
  * ```javascript
44
83
  * // The following example enables the specified KMS key.
@@ -69,6 +69,48 @@ export interface EnableKeyRotationCommandOutput extends __MetadataBearer {
69
69
  * @see {@link EnableKeyRotationCommandOutput} for command's `response` shape.
70
70
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
71
71
  *
72
+ * @throws {@link DependencyTimeoutException} (server fault)
73
+ * <p>The system timed out while trying to fulfill the request. You can retry the
74
+ * request.</p>
75
+ *
76
+ * @throws {@link DisabledException} (client fault)
77
+ * <p>The request was rejected because the specified KMS key is not enabled.</p>
78
+ *
79
+ * @throws {@link InvalidArnException} (client fault)
80
+ * <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
81
+ * valid.</p>
82
+ *
83
+ * @throws {@link KMSInternalException} (server fault)
84
+ * <p>The request was rejected because an internal exception occurred. The request can be
85
+ * retried.</p>
86
+ *
87
+ * @throws {@link KMSInvalidStateException} (client fault)
88
+ * <p>The request was rejected because the state of the specified resource is not valid for this
89
+ * request.</p>
90
+ * <p>This exceptions means one of the following:</p>
91
+ * <ul>
92
+ * <li>
93
+ * <p>The key state of the KMS key is not compatible with the operation. </p>
94
+ * <p>To find the key state, use the <a>DescribeKey</a> operation. For more
95
+ * information about which key states are compatible with each KMS operation, see
96
+ * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
97
+ * <i>Key Management Service Developer Guide</i>
98
+ * </i>.</p>
99
+ * </li>
100
+ * <li>
101
+ * <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
102
+ * </li>
103
+ * </ul>
104
+ *
105
+ * @throws {@link NotFoundException} (client fault)
106
+ * <p>The request was rejected because the specified entity or resource could not be
107
+ * found.</p>
108
+ *
109
+ * @throws {@link UnsupportedOperationException} (client fault)
110
+ * <p>The request was rejected because a specified parameter is not supported or a specified
111
+ * resource is not valid for this operation.</p>
112
+ *
113
+ *
72
114
  * @example To enable automatic rotation of key material
73
115
  * ```javascript
74
116
  * // The following example enables automatic annual rotation of the key material for the specified KMS key.
@@ -138,6 +138,68 @@ export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer
138
138
  * @see {@link EncryptCommandOutput} for command's `response` shape.
139
139
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
140
140
  *
141
+ * @throws {@link DependencyTimeoutException} (server fault)
142
+ * <p>The system timed out while trying to fulfill the request. You can retry the
143
+ * request.</p>
144
+ *
145
+ * @throws {@link DisabledException} (client fault)
146
+ * <p>The request was rejected because the specified KMS key is not enabled.</p>
147
+ *
148
+ * @throws {@link InvalidGrantTokenException} (client fault)
149
+ * <p>The request was rejected because the specified grant token is not valid.</p>
150
+ *
151
+ * @throws {@link InvalidKeyUsageException} (client fault)
152
+ * <p>The request was rejected for one of the following reasons: </p>
153
+ * <ul>
154
+ * <li>
155
+ * <p>The <code>KeyUsage</code> value of the KMS key is incompatible with the API
156
+ * operation.</p>
157
+ * </li>
158
+ * <li>
159
+ * <p>The encryption algorithm or signing algorithm specified for the operation is
160
+ * incompatible with the type of key material in the KMS key <code>(KeySpec</code>).</p>
161
+ * </li>
162
+ * </ul>
163
+ * <p>For encrypting, decrypting, re-encrypting, and generating data keys, the
164
+ * <code>KeyUsage</code> must be <code>ENCRYPT_DECRYPT</code>. For signing and verifying
165
+ * messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
166
+ * verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
167
+ * <code>GENERATE_VERIFY_MAC</code>. To find the <code>KeyUsage</code> of a KMS key, use the
168
+ * <a>DescribeKey</a> operation.</p>
169
+ * <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
170
+ * <a>DescribeKey</a> operation.</p>
171
+ *
172
+ * @throws {@link KeyUnavailableException} (server fault)
173
+ * <p>The request was rejected because the specified KMS key was not available. You can retry
174
+ * the request.</p>
175
+ *
176
+ * @throws {@link KMSInternalException} (server fault)
177
+ * <p>The request was rejected because an internal exception occurred. The request can be
178
+ * retried.</p>
179
+ *
180
+ * @throws {@link KMSInvalidStateException} (client fault)
181
+ * <p>The request was rejected because the state of the specified resource is not valid for this
182
+ * request.</p>
183
+ * <p>This exceptions means one of the following:</p>
184
+ * <ul>
185
+ * <li>
186
+ * <p>The key state of the KMS key is not compatible with the operation. </p>
187
+ * <p>To find the key state, use the <a>DescribeKey</a> operation. For more
188
+ * information about which key states are compatible with each KMS operation, see
189
+ * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
190
+ * <i>Key Management Service Developer Guide</i>
191
+ * </i>.</p>
192
+ * </li>
193
+ * <li>
194
+ * <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
195
+ * </li>
196
+ * </ul>
197
+ *
198
+ * @throws {@link NotFoundException} (client fault)
199
+ * <p>The request was rejected because the specified entity or resource could not be
200
+ * found.</p>
201
+ *
202
+ *
141
203
  * @example To encrypt data
142
204
  * ```javascript
143
205
  * // The following example encrypts data with the specified KMS key.
@@ -122,6 +122,68 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _
122
122
  * @see {@link GenerateDataKeyCommandOutput} for command's `response` shape.
123
123
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
124
124
  *
125
+ * @throws {@link DependencyTimeoutException} (server fault)
126
+ * <p>The system timed out while trying to fulfill the request. You can retry the
127
+ * request.</p>
128
+ *
129
+ * @throws {@link DisabledException} (client fault)
130
+ * <p>The request was rejected because the specified KMS key is not enabled.</p>
131
+ *
132
+ * @throws {@link InvalidGrantTokenException} (client fault)
133
+ * <p>The request was rejected because the specified grant token is not valid.</p>
134
+ *
135
+ * @throws {@link InvalidKeyUsageException} (client fault)
136
+ * <p>The request was rejected for one of the following reasons: </p>
137
+ * <ul>
138
+ * <li>
139
+ * <p>The <code>KeyUsage</code> value of the KMS key is incompatible with the API
140
+ * operation.</p>
141
+ * </li>
142
+ * <li>
143
+ * <p>The encryption algorithm or signing algorithm specified for the operation is
144
+ * incompatible with the type of key material in the KMS key <code>(KeySpec</code>).</p>
145
+ * </li>
146
+ * </ul>
147
+ * <p>For encrypting, decrypting, re-encrypting, and generating data keys, the
148
+ * <code>KeyUsage</code> must be <code>ENCRYPT_DECRYPT</code>. For signing and verifying
149
+ * messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
150
+ * verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
151
+ * <code>GENERATE_VERIFY_MAC</code>. To find the <code>KeyUsage</code> of a KMS key, use the
152
+ * <a>DescribeKey</a> operation.</p>
153
+ * <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
154
+ * <a>DescribeKey</a> operation.</p>
155
+ *
156
+ * @throws {@link KeyUnavailableException} (server fault)
157
+ * <p>The request was rejected because the specified KMS key was not available. You can retry
158
+ * the request.</p>
159
+ *
160
+ * @throws {@link KMSInternalException} (server fault)
161
+ * <p>The request was rejected because an internal exception occurred. The request can be
162
+ * retried.</p>
163
+ *
164
+ * @throws {@link KMSInvalidStateException} (client fault)
165
+ * <p>The request was rejected because the state of the specified resource is not valid for this
166
+ * request.</p>
167
+ * <p>This exceptions means one of the following:</p>
168
+ * <ul>
169
+ * <li>
170
+ * <p>The key state of the KMS key is not compatible with the operation. </p>
171
+ * <p>To find the key state, use the <a>DescribeKey</a> operation. For more
172
+ * information about which key states are compatible with each KMS operation, see
173
+ * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
174
+ * <i>Key Management Service Developer Guide</i>
175
+ * </i>.</p>
176
+ * </li>
177
+ * <li>
178
+ * <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
179
+ * </li>
180
+ * </ul>
181
+ *
182
+ * @throws {@link NotFoundException} (client fault)
183
+ * <p>The request was rejected because the specified entity or resource could not be
184
+ * found.</p>
185
+ *
186
+ *
125
187
  * @example To generate a data key
126
188
  * ```javascript
127
189
  * // The following example generates a 256-bit symmetric data encryption key (data key) in two formats. One is the unencrypted (plainext) data key, and the other is the data key encrypted with the specified KMS key.
@@ -99,6 +99,72 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
99
99
  * @see {@link GenerateDataKeyPairCommandOutput} for command's `response` shape.
100
100
  * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
101
101
  *
102
+ * @throws {@link DependencyTimeoutException} (server fault)
103
+ * <p>The system timed out while trying to fulfill the request. You can retry the
104
+ * request.</p>
105
+ *
106
+ * @throws {@link DisabledException} (client fault)
107
+ * <p>The request was rejected because the specified KMS key is not enabled.</p>
108
+ *
109
+ * @throws {@link InvalidGrantTokenException} (client fault)
110
+ * <p>The request was rejected because the specified grant token is not valid.</p>
111
+ *
112
+ * @throws {@link InvalidKeyUsageException} (client fault)
113
+ * <p>The request was rejected for one of the following reasons: </p>
114
+ * <ul>
115
+ * <li>
116
+ * <p>The <code>KeyUsage</code> value of the KMS key is incompatible with the API
117
+ * operation.</p>
118
+ * </li>
119
+ * <li>
120
+ * <p>The encryption algorithm or signing algorithm specified for the operation is
121
+ * incompatible with the type of key material in the KMS key <code>(KeySpec</code>).</p>
122
+ * </li>
123
+ * </ul>
124
+ * <p>For encrypting, decrypting, re-encrypting, and generating data keys, the
125
+ * <code>KeyUsage</code> must be <code>ENCRYPT_DECRYPT</code>. For signing and verifying
126
+ * messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
127
+ * verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
128
+ * <code>GENERATE_VERIFY_MAC</code>. To find the <code>KeyUsage</code> of a KMS key, use the
129
+ * <a>DescribeKey</a> operation.</p>
130
+ * <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
131
+ * <a>DescribeKey</a> operation.</p>
132
+ *
133
+ * @throws {@link KeyUnavailableException} (server fault)
134
+ * <p>The request was rejected because the specified KMS key was not available. You can retry
135
+ * the request.</p>
136
+ *
137
+ * @throws {@link KMSInternalException} (server fault)
138
+ * <p>The request was rejected because an internal exception occurred. The request can be
139
+ * retried.</p>
140
+ *
141
+ * @throws {@link KMSInvalidStateException} (client fault)
142
+ * <p>The request was rejected because the state of the specified resource is not valid for this
143
+ * request.</p>
144
+ * <p>This exceptions means one of the following:</p>
145
+ * <ul>
146
+ * <li>
147
+ * <p>The key state of the KMS key is not compatible with the operation. </p>
148
+ * <p>To find the key state, use the <a>DescribeKey</a> operation. For more
149
+ * information about which key states are compatible with each KMS operation, see
150
+ * <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
151
+ * <i>Key Management Service Developer Guide</i>
152
+ * </i>.</p>
153
+ * </li>
154
+ * <li>
155
+ * <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
156
+ * </li>
157
+ * </ul>
158
+ *
159
+ * @throws {@link NotFoundException} (client fault)
160
+ * <p>The request was rejected because the specified entity or resource could not be
161
+ * found.</p>
162
+ *
163
+ * @throws {@link UnsupportedOperationException} (client fault)
164
+ * <p>The request was rejected because a specified parameter is not supported or a specified
165
+ * resource is not valid for this operation.</p>
166
+ *
167
+ *
102
168
  * @example To generate an RSA key pair for encryption and decryption
103
169
  * ```javascript
104
170
  * // This example generates an RSA data key pair for encryption and decryption. The operation returns a plaintext public key and private key, and a copy of the private key that is encrypted under a symmetric encryption KMS key that you specify.