@aws-sdk/client-kms 3.36.0 → 3.39.0

package/dist-cjs/commands/ListKeysCommand.js

@@ -5,65 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Gets a list of all KMS keys in the caller's Amazon Web Services account and Region.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListKeys</a> (IAM policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>DescribeKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListAliases</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListResourceTags</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, ListKeysCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, ListKeysCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new ListKeysCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link ListKeysCommandInput} for command's `input` shape.
- * @see {@link ListKeysCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class ListKeysCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/ListResourceTagsCommand.js

@@ -5,69 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Returns all tags on the specified KMS key.</p>
- *          <p>For general information about tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a> in
- *       the <i>Amazon Web Services General Reference</i>. For information about using
- *       tags in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging
- *         keys</a>.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListResourceTags</a> (key policy)</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ReplicateKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>TagResource</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>UntagResource</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, ListResourceTagsCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, ListResourceTagsCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new ListResourceTagsCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link ListResourceTagsCommandInput} for command's `input` shape.
- * @see {@link ListResourceTagsCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class ListResourceTagsCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/ListRetirableGrantsCommand.js

@@ -5,78 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Returns information about all grants in the Amazon Web Services account and Region that have the
- *       specified retiring principal. </p>
- *          <p>You can specify any principal in your Amazon Web Services account. The grants that are returned include
- *       grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this
- *       operation to determine which grants you may retire. To retire a grant, use the <a>RetireGrant</a> operation.</p>
- *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
- *         <i>
- *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
- *          <p>
- *             <b>Cross-account use</b>: You must specify a principal in your
- *       Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need
- *         <code>kms:ListRetirableGrants</code> permission (or any other additional permission) in any
- *       Amazon Web Services account other than your own.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListRetirableGrants</a> (IAM policy) in your
- *       Amazon Web Services account.</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateGrant</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListGrants</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>RetireGrant</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>RevokeGrant</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, ListRetirableGrantsCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, ListRetirableGrantsCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new ListRetirableGrantsCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link ListRetirableGrantsCommandInput} for command's `input` shape.
- * @see {@link ListRetirableGrantsCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class ListRetirableGrantsCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/PutKeyPolicyCommand.js

@@ -5,48 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Attaches a key policy to the specified KMS key. </p>
- *          <p>For more information about key policies, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">Key Policies</a> in the <i>Key Management Service Developer Guide</i>.
- *       For help writing and formatting a JSON policy document, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM JSON Policy Reference</a> in the <i>
- *                <i>Identity and Access Management User Guide</i>
- *             </i>. For examples of adding a key policy in multiple programming languages,
- *       see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy">Setting a key policy</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
- *
- *          <p>
- *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:PutKeyPolicy</a> (key policy)</p>
- *          <p>
- *             <b>Related operations</b>: <a>GetKeyPolicy</a>
- *          </p>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, PutKeyPolicyCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, PutKeyPolicyCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new PutKeyPolicyCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link PutKeyPolicyCommandInput} for command's `input` shape.
- * @see {@link PutKeyPolicyCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class PutKeyPolicyCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/ReEncryptCommand.js

@@ -5,133 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this
- *       operation to change the KMS key under which data is encrypted, such as when you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually">manually
- *         rotate</a> a KMS key or change the KMS key that protects a ciphertext. You can also use
- *       it to reencrypt ciphertext under the same KMS key, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
- *         context</a> of a ciphertext.</p>
- *          <p>The <code>ReEncrypt</code> operation can decrypt ciphertext that was encrypted by using an
- *       KMS KMS key in an KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the
- *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS key</a>
- *       outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as
- *       the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a> or
- *         <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3
- *         client-side encryption</a>. These libraries return a ciphertext format that is
- *       incompatible with KMS.</p>
- *          <p>When you use the <code>ReEncrypt</code> operation, you need to provide information for the
- *       decrypt operation and the subsequent encrypt operation.</p>
- *          <ul>
- *             <li>
- *                <p>If your ciphertext was encrypted under an asymmetric KMS key, you must use the
- *             <code>SourceKeyId</code> parameter to identify the KMS key that encrypted the
- *           ciphertext. You must also supply the encryption algorithm that was used. This information
- *           is required to decrypt the data.</p>
- *             </li>
- *             <li>
- *                <p>If your ciphertext was encrypted under a symmetric KMS key, the
- *             <code>SourceKeyId</code> parameter is optional. KMS can get this information from
- *           metadata that it adds to the symmetric ciphertext blob. This feature adds durability to
- *           your implementation by ensuring that authorized users can decrypt ciphertext decades after
- *           it was encrypted, even if they've lost track of the key ID. However, specifying the source
- *           KMS key is always recommended as a best practice. When you use the
- *             <code>SourceKeyId</code> parameter to specify a KMS key, KMS uses only the KMS key you
- *           specify. If the ciphertext was encrypted under a different KMS key, the
- *             <code>ReEncrypt</code> operation fails. This practice ensures that you use the KMS key
- *           that you intend.</p>
- *             </li>
- *             <li>
- *                <p>To reencrypt the data, you must use the <code>DestinationKeyId</code> parameter
- *           specify the KMS key that re-encrypts the data after it is decrypted. You can select a
- *           symmetric or asymmetric KMS key. If the destination KMS key is an asymmetric KMS key, you
- *           must also provide the encryption algorithm. The algorithm that you choose must be
- *           compatible with the KMS key.</p>
- *
- *                <important>
- *                   <p>When you use an asymmetric KMS key to encrypt or reencrypt data, be sure to record the KMS key and encryption algorithm that you choose. You will be required to provide the same KMS key and encryption algorithm when you decrypt the data. If the KMS key and algorithm do not match the values used to encrypt the data, the decrypt operation fails.</p>
- *                   <p>You are not required to supply the key ID and encryption algorithm when you decrypt with symmetric KMS keys because KMS stores this information in the ciphertext blob. KMS cannot store metadata in ciphertext generated with asymmetric keys. The standard format for asymmetric key ciphertext does not include configurable fields.</p>
- *                </important>
- *             </li>
- *          </ul>
- *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Cross-account use</b>: Yes.
- *       The source KMS key and destination KMS key can be in different Amazon Web Services accounts. Either or both
- *       KMS keys can be in a different account than the caller. To specify a KMS key in a different
- *       account, you must use its key ARN or alias ARN.</p>
- *
- *          <p>
- *             <b>Required permissions</b>:</p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptFrom</a>
- *           permission on the source KMS key (key policy)</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ReEncryptTo</a>
- *           permission on the destination KMS key (key policy)</p>
- *             </li>
- *          </ul>
- *          <p>To permit reencryption from or to a KMS key, include the <code>"kms:ReEncrypt*"</code>
- *       permission in your <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key policy</a>. This permission is
- *       automatically included in the key policy when you use the console to create a KMS key. But you
- *       must include it manually when you create a KMS key programmatically or when you use the <a>PutKeyPolicy</a> operation to set a key policy.</p>
- *
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>Decrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>Encrypt</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>GenerateDataKeyPair</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, ReEncryptCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, ReEncryptCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new ReEncryptCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link ReEncryptCommandInput} for command's `input` shape.
- * @see {@link ReEncryptCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class ReEncryptCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/ReplicateKeyCommand.js

@@ -5,112 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Replicates a multi-Region key into the specified Region. This operation creates a
- *       multi-Region replica key based on a multi-Region primary key in a different Region of the same
- *       Amazon Web Services partition. You can create multiple replicas of a primary key, but each must be in a
- *       different Region. To create a multi-Region primary key, use the <a>CreateKey</a>
- *       operation.</p>
- *          <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
- *       interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
- *       material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
- *       it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Using multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>A <i>replica key</i> is a fully-functional KMS key that can be used
- *       independently of its primary and peer replica keys. A primary key and its replica keys share
- *       properties that make them interoperable. They have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id">key ID</a> and key material. They also
- *       have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec">key
- *         spec</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage">key
- *         usage</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin">key
- *         material origin</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic key rotation status</a>. KMS automatically synchronizes these shared
- *       properties among related multi-Region keys. All other properties of a replica key can differ,
- *       including its <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key
- *         policy</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">tags</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">aliases</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">key
- *         state</a>. KMS pricing and quotas for KMS keys apply to each primary key and replica
- *       key.</p>
- *          <p>When this operation completes, the new replica key has a transient key state of
- *         <code>Creating</code>. This key state changes to <code>Enabled</code> (or
- *         <code>PendingImport</code>) after a few seconds when the process of creating the new replica
- *       key is complete. While the key state is <code>Creating</code>, you can manage key, but you
- *       cannot yet use it in cryptographic operations. If you are creating and using the replica key
- *       programmatically, retry on <code>KMSInvalidStateException</code> or call
- *         <code>DescribeKey</code> to check its <code>KeyState</code> value before using it. For
- *       details about the <code>Creating</code> key state, see <a href="kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>The CloudTrail log of a <code>ReplicateKey</code> operation records a
- *         <code>ReplicateKey</code> operation in the primary key's Region and a <a>CreateKey</a> operation in the replica key's Region.</p>
- *          <p>If you replicate a multi-Region primary key with imported key material, the replica key is
- *       created with no key material. You must import the same key material that you imported into the
- *       primary key. For details, see <a href="kms/latest/developerguide/multi-region-keys-import.html">Importing key material into multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>To convert a replica key to a primary key, use the <a>UpdatePrimaryRegion</a>
- *       operation.</p>
- *          <note>
- *             <p>
- *                <code>ReplicateKey</code> uses different default values for the <code>KeyPolicy</code>
- *         and <code>Tags</code> parameters than those used in the KMS console. For details, see the
- *         parameter descriptions.</p>
- *          </note>
- *          <p>
- *             <b>Cross-account use</b>: No. You cannot use this operation to
- *       create a replica key in a different Amazon Web Services account. </p>
- *          <p>
- *             <b>Required permissions</b>: </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <code>kms:ReplicateKey</code> on the primary key (in the primary key's Region).
- *           Include this permission in the primary key's key policy.</p>
- *             </li>
- *             <li>
- *                <p>
- *                   <code>kms:CreateKey</code> in an IAM policy in the replica Region.</p>
- *             </li>
- *             <li>
- *                <p>To use the <code>Tags</code> parameter, <code>kms:TagResource</code> in an IAM policy
- *           in the replica Region.</p>
- *             </li>
- *          </ul>
- *          <p>
- *             <b>Related operations</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateKey</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>UpdatePrimaryRegion</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, ReplicateKeyCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, ReplicateKeyCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new ReplicateKeyCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link ReplicateKeyCommandInput} for command's `input` shape.
- * @see {@link ReplicateKeyCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class ReplicateKeyCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);

package/dist-cjs/commands/RetireGrantCommand.js

@@ -5,81 +5,11 @@ const middleware_serde_1 = require("@aws-sdk/middleware-serde");
 const smithy_client_1 = require("@aws-sdk/smithy-client");
 const models_0_1 = require("../models/models_0");
 const Aws_json1_1_1 = require("../protocols/Aws_json1_1");
-/**
- * <p>Deletes a grant. Typically, you retire a grant when you no longer need its permissions. To
- *       identify the grant to retire, use a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token">grant token</a>, or both the grant ID and a
- *       key identifier (key ID or key ARN) of the KMS key. The <a>CreateGrant</a> operation
- *       returns both values.</p>
- *          <p>This operation can be called by the <i>retiring principal</i> for a grant,
- *       by the <i>grantee principal</i> if the grant allows the <code>RetireGrant</code>
- *       operation, and by the Amazon Web Services account (root user) in which the grant is created. It can also be
- *       called by principals to whom permission for retiring a grant is delegated. For details, see
- *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and
- *         revoking grants</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
- *         <i>
- *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
- *          <p>
- *             <b>Cross-account use</b>: Yes. You can retire a grant on a KMS
- *       key in a different Amazon Web Services account.</p>
- *          <p>
- *             <b>Required permissions:</b>:Permission to retire a grant is
- *       determined primarily by the grant. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and revoking grants</a> in
- *       the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>
- *             <b>Related operations:</b>
- *          </p>
- *          <ul>
- *             <li>
- *                <p>
- *                   <a>CreateGrant</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListGrants</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>ListRetirableGrants</a>
- *                </p>
- *             </li>
- *             <li>
- *                <p>
- *                   <a>RevokeGrant</a>
- *                </p>
- *             </li>
- *          </ul>
- * @example
- * Use a bare-bones client and the command you need to make an API call.
- * ```javascript
- * import { KMSClient, RetireGrantCommand } from "@aws-sdk/client-kms"; // ES Modules import
- * // const { KMSClient, RetireGrantCommand } = require("@aws-sdk/client-kms"); // CommonJS import
- * const client = new KMSClient(config);
- * const command = new RetireGrantCommand(input);
- * const response = await client.send(command);
- * ```
- *
- * @see {@link RetireGrantCommandInput} for command's `input` shape.
- * @see {@link RetireGrantCommandOutput} for command's `response` shape.
- * @see {@link KMSClientResolvedConfig | config} for command's `input` shape.
- *
- */
 class RetireGrantCommand extends smithy_client_1.Command {
-    // Start section: command_properties
-    // End section: command_properties
     constructor(input) {
-        // Start section: command_constructor
         super();
         this.input = input;
-        // End section: command_constructor
     }
-    /**
-     * @internal
-     */
     resolveMiddleware(clientStack, configuration, options) {
         this.middlewareStack.use(middleware_serde_1.getSerdePlugin(configuration, this.serialize, this.deserialize));
         const stack = clientStack.concat(this.middlewareStack);