@aws-sdk/client-kms 3.36.0 → 3.39.0

package/dist-cjs/commands/CreateGrantCommand.js

@@ -5,97 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Adds a grant to a KMS key. </p>
- *          <p>A <i>grant</i> is a policy instrument that allows Amazon Web Services principals to use
- *       KMS keys in cryptographic operations. It also can allow them to view a KMS key (<a>DescribeKey</a>) and create and manage grants. When authorizing access to a KMS key,
- *       grants are considered along with key policies and IAM policies. Grants are often used for
- *       temporary permissions because you can create one, use its permissions, and delete it without
- *       changing your key policies or IAM policies. </p>
- *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
- *         <i>
- *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
- *          <p>The <code>CreateGrant</code> operation returns a <code>GrantToken</code> and a
- *         <code>GrantId</code>.</p>
- *          <ul>
- *             <li>
- *                <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as <i>eventual consistency</i>. Once the grant has achieved eventual consistency, the grantee
- *           principal can use the permissions in the grant without identifying the grant. </p>
- *                <p>However, to use the permissions in the grant immediately, use the
- *             <code>GrantToken</code> that <code>CreateGrant</code> returns. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a
- *             grant token</a> in the <i>
- *                      <i>Key Management Service Developer Guide</i>
- *                   </i>.</p>
- *             </li>
- *             <li>
- *                <p>The <code>CreateGrant</code> operation also returns a <code>GrantId</code>. You can
- *           use the <code>GrantId</code> and a key identifier to identify the grant in the <a>RetireGrant</a> and <a>RevokeGrant</a> operations. To find the grant
- *           ID, use the <a>ListGrants</a> or <a>ListRetirableGrants</a>
- *           operations.</p>
- *             </li>
- *          </ul>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account use</b>: Yes.
- *       To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
- *   ARN in the value of the <code>KeyId</code> parameter. </p>
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateGrant</a> (key policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>ListGrants</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListRetirableGrants</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>RetireGrant</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>RevokeGrant</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, CreateGrantCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, CreateGrantCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new CreateGrantCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link CreateGrantCommandInput} for command's `input` shape.
- * @see {@link CreateGrantCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class CreateGrantCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/CreateKeyCommand.js

@@ -5,159 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Creates a unique customer managed <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys">KMS key</a> in your Amazon Web Services account and
- *       Region.</p>
- *          <note>
- *             <p>KMS is replacing the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
- *          </note>
- *
- *          <p>You can use the <code>CreateKey</code> operation to create symmetric or asymmetric KMS
- *       keys.</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <b>Symmetric KMS keys</b> contain a 256-bit symmetric key
- *           that never leaves KMS unencrypted. To use the KMS key, you must call KMS. You can use
- *           a symmetric KMS key to encrypt and decrypt small amounts of data, but they are typically
- *           used to generate <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys">data keys</a> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-key-pairs">data keys pairs</a>. For details,
- *           see <a>GenerateDataKey</a> and <a>GenerateDataKeyPair</a>.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <b>Asymmetric KMS keys</b> can contain an RSA key pair or an
- *           Elliptic Curve (ECC) key pair. The private key in an asymmetric KMS key never leaves KMS
- *           unencrypted. However, you can use the <a>GetPublicKey</a> operation to download
- *           the public key so it can be used outside of KMS. KMS keys with RSA key pairs can be used
- *           to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC
- *           key pairs can be used only to sign and verify messages.</p>
- *             </li>
- *          </ul>
- *          <p>For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *
- *
- *          <p>To create different types of KMS keys, use the following guidance:</p>
- *
- *          <dl>
- *             <dt>Asymmetric KMS keys</dt>
- *             <dd>
- *                <p>To create an asymmetric KMS key, use the <code>KeySpec</code> parameter to specify
- *             the type of key material in the KMS key. Then, use the <code>KeyUsage</code> parameter
- *             to determine whether the KMS key will be used to encrypt and decrypt or sign and verify.
- *             You can't change these properties after the KMS key is created.</p>
- *                <p> </p>
- *             </dd>
- *             <dt>Symmetric KMS keys</dt>
- *             <dd>
- *                <p>When creating a symmetric KMS key, you don't need to specify the
- *               <code>KeySpec</code> or <code>KeyUsage</code> parameters. The default value for
- *               <code>KeySpec</code>, <code>SYMMETRIC_DEFAULT</code>, and the default value for
- *               <code>KeyUsage</code>, <code>ENCRYPT_DECRYPT</code>, are the only valid values for
- *             symmetric KMS keys. </p>
- *                <p> </p>
- *             </dd>
- *             <dt>Multi-Region primary keys</dt>
- *             <dt>Imported key material</dt>
- *             <dd>
- *                <p>To create a multi-Region <i>primary key</i> in the local Amazon Web Services Region,
- *             use the <code>MultiRegion</code> parameter with a value of <code>True</code>. To create
- *             a multi-Region <i>replica key</i>, that is, a KMS key with the same key ID
- *             and key material as a primary key, but in a different Amazon Web Services Region, use the <a>ReplicateKey</a> operation. To change a replica key to a primary key, and its
- *             primary key to a replica key, use the <a>UpdatePrimaryRegion</a>
- *             operation.</p>
- *                <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
- *       interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
- *       material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
- *       it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *                <p>You can create symmetric and asymmetric multi-Region keys and multi-Region keys with
- *             imported key material. You cannot create multi-Region keys in a custom key store.</p>
- *                <p> </p>
- *             </dd>
- *             <dd>
- *                <p>To import your own key material, begin by creating a symmetric KMS key with no key
- *             material. To do this, use the <code>Origin</code> parameter of <code>CreateKey</code>
- *             with a value of <code>EXTERNAL</code>. Next, use <a>GetParametersForImport</a> operation to get a public key and import token, and use the public key to encrypt
- *             your key material. Then, use <a>ImportKeyMaterial</a> with your import token
- *             to import the key material. For step-by-step instructions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a> in the <i>
- *                      <i>Key Management Service Developer Guide</i>
- *                   </i>. You
- *             cannot import the key material into an asymmetric KMS key.</p>
- *                <p>To create a multi-Region primary key with imported key material, use the
- *               <code>Origin</code> parameter of <code>CreateKey</code> with a value of
- *               <code>EXTERNAL</code> and the <code>MultiRegion</code> parameter with a value of
- *               <code>True</code>. To create replicas of the multi-Region primary key, use the <a>ReplicateKey</a> operation. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *                <p> </p>
- *             </dd>
- *             <dt>Custom key store</dt>
- *             <dd>
- *                <p>To create a symmetric KMS key in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, use the
- *               <code>CustomKeyStoreId</code> parameter to specify the custom key store. You must also
- *             use the <code>Origin</code> parameter with a value of <code>AWS_CLOUDHSM</code>. The
- *             CloudHSM cluster that is associated with the custom key store must have at least two active
- *             HSMs in different Availability Zones in the Amazon Web Services Region. </p>
- *                <p>You cannot create an asymmetric KMS key in a custom key store. For information about
- *             custom key stores in KMS see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Using Custom Key Stores</a> in
- *             the <i>
- *                      <i>Key Management Service Developer Guide</i>
- *                   </i>.</p>
- *             </dd>
- *          </dl>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot use this operation to
- *       create a KMS key in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateKey</a> (IAM policy). To use the
- *         <code>Tags</code> parameter, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> (IAM policy). For examples and information about related
- *       permissions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key">Allow a user to create
- *         KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>DescribeKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListKeys</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ScheduleKeyDeletion</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, CreateKeyCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, CreateKeyCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new CreateKeyCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link CreateKeyCommandInput} for command's `input` shape.
- * @see {@link CreateKeyCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class CreateKeyCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/DecryptCommand.js

@@ -5,123 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Decrypts ciphertext that was encrypted by a KMS key using any of the following
- *       operations:</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPair</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyWithoutPlaintext</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPairWithoutPlaintext</a>
- *                </p>
- *             </li>
- *          </ul>
- *          <p>You can use this operation to decrypt ciphertext that was encrypted under a symmetric or
- *       asymmetric KMS key. When the KMS key is asymmetric, you must specify the KMS key and the
- *       encryption algorithm that was used to encrypt the ciphertext. For information about symmetric and asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Using Symmetric and Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The Decrypt operation also decrypts ciphertext that was encrypted outside of KMS by the
- *       public key in an KMS asymmetric KMS key. However, it cannot decrypt ciphertext produced by
- *       other libraries, such as the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services
- *         Encryption SDK</a> or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3 client-side encryption</a>.
- *       These libraries return a ciphertext format that is incompatible with KMS.</p>
- *          <p>If the ciphertext was encrypted under a symmetric KMS key, the <code>KeyId</code>
- *       parameter is optional. KMS can get this information from metadata that it adds to the
- *       symmetric ciphertext blob. This feature adds durability to your implementation by ensuring
- *       that authorized users can decrypt ciphertext decades after it was encrypted, even if they've
- *       lost track of the key ID. However, specifying the KMS key is always recommended as a best
- *       practice. When you use the <code>KeyId</code> parameter to specify a KMS key, KMS only uses
- *       the KMS key you specify. If the ciphertext was encrypted under a different KMS key, the
- *         <code>Decrypt</code> operation fails. This practice ensures that you use the KMS key that
- *       you intend.</p>
- *          <p>Whenever possible, use key policies to give users permission to call the
- *         <code>Decrypt</code> operation on a particular KMS key, instead of using IAM policies.
- *       Otherwise, you might create an IAM user policy that gives the user <code>Decrypt</code>
- *       permission on all KMS keys. This user could decrypt ciphertext that was encrypted by KMS keys
- *       in other accounts if the key policy for the cross-account KMS key permits it. If you must use
- *       an IAM policy for <code>Decrypt</code> permissions, limit the user to particular KMS keys or
- *       particular trusted accounts. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices">Best practices for IAM
- *         policies</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>Applications in Amazon Web Services Nitro Enclaves can call this operation by using the <a href="https://github.com/aws/aws-nitro-enclaves-sdk-c">Amazon Web Services Nitro Enclaves Development Kit</a>. For information about the supporting parameters, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves use KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account
- *         use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
- *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter. </p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:Decrypt</a> (key policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPair</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ReEncrypt</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, DecryptCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, DecryptCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new DecryptCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DecryptCommandInput} for command's `input` shape.
- * @see {@link DecryptCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class DecryptCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/DeleteAliasCommand.js

@@ -5,82 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Deletes the specified alias. </p>
- *          <note>
- *             <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          </note>
- *          <p>Because an alias is not a property of a KMS key, you can delete and change the aliases of
- *       a KMS key without affecting the KMS key. Also, aliases do not appear in the response from the
- *         <a>DescribeKey</a> operation. To get the aliases of all KMS keys, use the <a>ListAliases</a> operation. </p>
- *          <p>Each KMS key can have multiple aliases. To change the alias of a KMS key, use <a>DeleteAlias</a> to delete the current alias and <a>CreateAlias</a> to
- *       create a new alias. To associate an existing alias with a different KMS key, call <a>UpdateAlias</a>.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on an alias in a different Amazon Web Services account.</p>
- *          <p>
- *             <b>Required permissions</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteAlias</a> on
- *           the alias (IAM policy).</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteAlias</a> on
- *           the KMS key (key policy).</p>
- *             </li>
- *          </ul>
- *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateAlias</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListAliases</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>UpdateAlias</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, DeleteAliasCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, DeleteAliasCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new DeleteAliasCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DeleteAliasCommandInput} for command's `input` shape.
- * @see {@link DeleteAliasCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class DeleteAliasCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/DeleteCustomKeyStoreCommand.js

@@ -5,89 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Deletes a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. This operation does not delete the CloudHSM cluster that is
- *       associated with the custom key store, or affect any users or keys in the cluster.</p>
- *          <p>The custom key store that you delete cannot contain any KMS <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys">KMS keys</a>. Before deleting the key store,
- *       verify that you will never need to use any of the KMS keys in the key store for any
- *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>. Then, use <a>ScheduleKeyDeletion</a> to delete the KMS keys from the
- *       key store. When the scheduled waiting period expires, the <code>ScheduleKeyDeletion</code>
- *       operation deletes the KMS keys. Then it makes a best effort to delete the key material from
- *       the associated cluster. However, you might need to manually <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key">delete the orphaned key
- *         material</a> from the cluster and its backups.</p>
- *          <p>After all KMS keys are deleted from KMS, use <a>DisconnectCustomKeyStore</a>
- *       to disconnect the key store from KMS. Then, you can delete the custom key store.</p>
- *          <p>Instead of deleting the custom key store, consider using <a>DisconnectCustomKeyStore</a> to disconnect it from KMS. While the key store is
- *       disconnected, you cannot create or use the KMS keys in the key store. But, you do not need to
- *       delete KMS keys and you can reconnect a disconnected custom key store at any time.</p>
- *          <p>If the operation succeeds, it returns a JSON object with no
- * properties.</p>
- *          <p>This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">Custom Key Store feature</a> feature in KMS, which
- * combines the convenience and extensive integration of KMS with the isolation and control of a
- * single-tenant key store.</p>
- *          <p>
- *             <b>Cross-account use</b>: No.
- *       You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteCustomKeyStore</a> (IAM policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>ConnectCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>CreateCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>DescribeCustomKeyStores</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>DisconnectCustomKeyStore</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>UpdateCustomKeyStore</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, DeleteCustomKeyStoreCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, DeleteCustomKeyStoreCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new DeleteCustomKeyStoreCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DeleteCustomKeyStoreCommandInput} for command's `input` shape.
- * @see {@link DeleteCustomKeyStoreCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class DeleteCustomKeyStoreCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/DeleteImportedKeyMaterialCommand.js

@@ -5,64 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Deletes key material that you previously imported. This operation makes the specified KMS
- *       key unusable. For more information about importing key material into KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing Key Material</a>
- *       in the <i>Key Management Service Developer Guide</i>. </p>
- *          <p>When the specified KMS key is in the <code>PendingDeletion</code> state, this operation
- *       does not change the KMS key's state. Otherwise, it changes the KMS key's state to
- *         <code>PendingImport</code>.</p>
- *          <p>After you delete key material, you can use <a>ImportKeyMaterial</a> to reimport
- *       the same key material into the KMS key.</p>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DeleteImportedKeyMaterial</a> (key policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>GetParametersForImport</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ImportKeyMaterial</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, DeleteImportedKeyMaterialCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, DeleteImportedKeyMaterialCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new DeleteImportedKeyMaterialCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link DeleteImportedKeyMaterialCommandInput} for command's `input` shape.
- * @see {@link DeleteImportedKeyMaterialCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class DeleteImportedKeyMaterialCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);