@aws-sdk/client-kms 3.362.0 → 3.366.0

package/dist-types/commands/DecryptCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DecryptRequest, DecryptResponse } from "../models/models_0";
 /**
@@ -83,7 +83,7 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer
  *       the <a href="https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk">Amazon Web Services Nitro Enclaves SDK</a> or any Amazon Web Services SDK. Use the <code>Recipient</code> parameter to provide the
  *       attestation document for the enclave. Instead of the plaintext data, the response includes the
  *       plaintext data encrypted with the public key from the attestation document
- *       (<code>CiphertextForRecipient</code>).For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>..</p>
+ *         (<code>CiphertextForRecipient</code>).For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>..</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
@@ -137,6 +137,7 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer
  *     KeyEncryptionAlgorithm: "RSAES_OAEP_SHA_256",
  *     AttestationDocument: "BLOB_VALUE",
  *   },
+ *   DryRun: true || false,
  * };
  * const command = new DecryptCommand(input);
  * const response = await client.send(command);
@@ -162,6 +163,11 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link IncorrectKeyException} (client fault)
  *  <p>The request was rejected because the specified KMS key cannot decrypt the data. The
  *         <code>KeyId</code> in a <a>Decrypt</a> request and the <code>SourceKeyId</code>
@@ -222,7 +228,9 @@ export interface DecryptCommandOutput extends DecryptResponse, __MetadataBearer
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/DeleteAliasCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DeleteAliasRequest } from "../models/models_0";
 /**
@@ -114,7 +114,9 @@ export interface DeleteAliasCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/DeleteCustomKeyStoreCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DeleteCustomKeyStoreRequest, DeleteCustomKeyStoreResponse } from "../models/models_0";
 /**

package/dist-types/commands/DeleteImportedKeyMaterialCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DeleteImportedKeyMaterialRequest } from "../models/models_0";
 /**
@@ -98,7 +98,9 @@ export interface DeleteImportedKeyMaterialCommandOutput extends __MetadataBearer
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/DescribeCustomKeyStoresCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DescribeCustomKeyStoresRequest, DescribeCustomKeyStoresResponse } from "../models/models_0";
 /**
@@ -46,8 +46,8 @@ export interface DescribeCustomKeyStoresCommandOutput extends DescribeCustomKeyS
  *       any. For an external key store, verify that the external key store proxy and its associated
  *       external key manager are reachable and enabled.</p>
  *          <p> For help repairing your CloudHSM key store, see the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html">Troubleshooting CloudHSM key stores</a>. For help
- *       repairing your external key store, see the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html">Troubleshooting external key stores</a>. Both
- *       topics are in the <i>Key Management Service Developer Guide</i>.</p>
+ *       repairing your external key store, see the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html">Troubleshooting external key stores</a>.
+ *       Both topics are in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
  *          <p>

package/dist-types/commands/DescribeKeyCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DescribeKeyRequest, DescribeKeyResponse } from "../models/models_0";
 /**

package/dist-types/commands/DisableKeyCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DisableKeyRequest } from "../models/models_0";
 /**
@@ -85,7 +85,9 @@ export interface DisableKeyCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/DisableKeyRotationCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DisableKeyRotationRequest } from "../models/models_0";
 /**
@@ -106,7 +106,9 @@ export interface DisableKeyRotationCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/DisconnectCustomKeyStoreCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { DisconnectCustomKeyStoreRequest, DisconnectCustomKeyStoreResponse } from "../models/models_0";
 /**

package/dist-types/commands/EnableKeyCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { EnableKeyRequest } from "../models/models_0";
 /**
@@ -81,7 +81,9 @@ export interface EnableKeyCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/EnableKeyRotationCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { EnableKeyRotationRequest } from "../models/models_0";
 /**
@@ -114,7 +114,9 @@ export interface EnableKeyRotationCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/EncryptCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { EncryptRequest, EncryptResponse } from "../models/models_0";
 /**
@@ -108,8 +108,7 @@ export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
- *             <b>Cross-account use</b>: Yes.
- *       To perform this operation with a KMS key in a different Amazon Web Services account, specify
+ *             <b>Cross-account use</b>: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify
  *   the key ARN or alias ARN in the value of the <code>KeyId</code> parameter.</p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:Encrypt</a> (key policy)</p>
@@ -149,6 +148,7 @@ export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer
  *     "STRING_VALUE",
  *   ],
  *   EncryptionAlgorithm: "SYMMETRIC_DEFAULT" || "RSAES_OAEP_SHA_1" || "RSAES_OAEP_SHA_256" || "SM2PKE",
+ *   DryRun: true || false,
  * };
  * const command = new EncryptCommand(input);
  * const response = await client.send(command);
@@ -173,6 +173,11 @@ export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidGrantTokenException} (client fault)
  *  <p>The request was rejected because the specified grant token is not valid.</p>
  *
@@ -219,7 +224,9 @@ export interface EncryptCommandOutput extends EncryptResponse, __MetadataBearer
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/GenerateDataKeyCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateDataKeyRequest, GenerateDataKeyResponse } from "../models/models_0";
 /**
@@ -25,18 +25,19 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _
  * @public
  * <p>Returns a unique symmetric data key for use outside of KMS. This operation returns a
  *       plaintext copy of the data key and a copy that is encrypted under a symmetric encryption KMS
- *       key that you specify. The bytes in the plaintext key are random; they are not related
- *       to the caller or the KMS key. You can use the plaintext key to encrypt your data outside of KMS
- *       and store the encrypted data key with the encrypted data.</p>
+ *       key that you specify. The bytes in the plaintext key are random; they are not related to the
+ *       caller or the KMS key. You can use the plaintext key to encrypt your data outside of KMS and
+ *       store the encrypted data key with the encrypted data.</p>
  *          <p>To generate a data key, specify the symmetric encryption KMS key that will be used to
  *       encrypt the data key. You cannot use an asymmetric KMS key to encrypt data keys. To get the
  *       type of your KMS key, use the <a>DescribeKey</a> operation.</p>
  *          <p>You must also specify the length of the data key. Use either the <code>KeySpec</code> or
- *       <code>NumberOfBytes</code> parameters (but not both). For 128-bit and 256-bit data keys, use
+ *         <code>NumberOfBytes</code> parameters (but not both). For 128-bit and 256-bit data keys, use
  *       the <code>KeySpec</code> parameter.</p>
- *          <p>To generate a 128-bit SM4 data key (China Regions only), specify a <code>KeySpec</code> value of
- *       <code>AES_128</code> or a <code>NumberOfBytes</code> value of <code>16</code>. The symmetric
- *       encryption key used in China Regions to encrypt your data key is an SM4 encryption key.</p>
+ *          <p>To generate a 128-bit SM4 data key (China Regions only), specify a <code>KeySpec</code>
+ *       value of <code>AES_128</code> or a <code>NumberOfBytes</code> value of <code>16</code>. The
+ *       symmetric encryption key used in China Regions to encrypt your data key is an SM4 encryption
+ *       key.</p>
  *          <p>To get only an encrypted copy of the data key, use <a>GenerateDataKeyWithoutPlaintext</a>. To generate an asymmetric data key pair, use
  *       the <a>GenerateDataKeyPair</a> or <a>GenerateDataKeyPairWithoutPlaintext</a> operation. To get a cryptographically secure
  *       random byte string, use <a>GenerateRandom</a>.</p>
@@ -145,6 +146,7 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _
  *     KeyEncryptionAlgorithm: "RSAES_OAEP_SHA_256",
  *     AttestationDocument: "BLOB_VALUE",
  *   },
+ *   DryRun: true || false,
  * };
  * const command = new GenerateDataKeyCommand(input);
  * const response = await client.send(command);
@@ -170,6 +172,11 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidGrantTokenException} (client fault)
  *  <p>The request was rejected because the specified grant token is not valid.</p>
  *
@@ -216,7 +223,9 @@ export interface GenerateDataKeyCommandOutput extends GenerateDataKeyResponse, _
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/GenerateDataKeyPairCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateDataKeyPairRequest, GenerateDataKeyPairResponse } from "../models/models_0";
 /**
@@ -36,9 +36,10 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  *       the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a
  *       custom key store. To get the type and origin of your KMS key, use the <a>DescribeKey</a> operation. </p>
  *          <p>Use the <code>KeyPairSpec</code> parameter to choose an RSA or Elliptic Curve (ECC) data
- *       key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you use
- *       ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not both.
- *       However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.</p>
+ *       key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that
+ *       you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or
+ *       signing, but not both. However, KMS cannot enforce any restrictions on the use of data key
+ *       pairs outside of KMS.</p>
  *          <p>If you are using the data key pair to encrypt data, or for any operation where you don't
  *       immediately need a private key, consider using the <a>GenerateDataKeyPairWithoutPlaintext</a> operation.
  *         <code>GenerateDataKeyPairWithoutPlaintext</code> returns a plaintext public key and an
@@ -54,13 +55,14 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  *       key is a DER-encoded PKCS8 PrivateKeyInfo, as specified in <a href="https://tools.ietf.org/html/rfc5958">RFC 5958</a>.</p>
  *          <p>
  *             <code>GenerateDataKeyPair</code> also supports <a href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitro-enclave.html">Amazon Web Services Nitro Enclaves</a>, which provide an
- *       isolated compute environment in Amazon EC2. To call <code>GenerateDataKeyPair</code> for an Amazon Web Services Nitro
- *       enclave, use the <a href="https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk">Amazon Web Services Nitro Enclaves SDK</a> or any Amazon Web Services SDK. Use the <code>Recipient</code> parameter
- *       to provide the attestation document for the enclave. <code>GenerateDataKeyPair</code> returns the public data key and a
- *       copy of the private data key encrypted under the specified KMS key, as usual. But instead of a
- *       plaintext copy of the private data key (<code>PrivateKeyPlaintext</code>), the response includes a copy of the private data key encrypted under
- *       the public key from the attestation document (<code>CiphertextForRecipient</code>).
- *       For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>..</p>
+ *       isolated compute environment in Amazon EC2. To call <code>GenerateDataKeyPair</code> for an Amazon Web Services
+ *       Nitro enclave, use the <a href="https://docs.aws.amazon.com/enclaves/latest/user/developing-applications.html#sdk">Amazon Web Services Nitro Enclaves SDK</a> or any Amazon Web Services SDK. Use the <code>Recipient</code>
+ *       parameter to provide the attestation document for the enclave.
+ *         <code>GenerateDataKeyPair</code> returns the public data key and a copy of the private data
+ *       key encrypted under the specified KMS key, as usual. But instead of a plaintext copy of the
+ *       private data key (<code>PrivateKeyPlaintext</code>), the response includes a copy of the
+ *       private data key encrypted under the public key from the attestation document
+ *         (<code>CiphertextForRecipient</code>). For information about the interaction between KMS and Amazon Web Services Nitro Enclaves, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html">How Amazon Web Services Nitro Enclaves uses KMS</a> in the <i>Key Management Service Developer Guide</i>..</p>
  *          <p>You can use an optional encryption context to add additional security to the encryption
  *       operation. If you specify an <code>EncryptionContext</code>, you must specify the same
  *       encryption context (a case-sensitive exact match) when decrypting the encrypted data key.
@@ -122,6 +124,7 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  *     KeyEncryptionAlgorithm: "RSAES_OAEP_SHA_256",
  *     AttestationDocument: "BLOB_VALUE",
  *   },
+ *   DryRun: true || false,
  * };
  * const command = new GenerateDataKeyPairCommand(input);
  * const response = await client.send(command);
@@ -149,6 +152,11 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidGrantTokenException} (client fault)
  *  <p>The request was rejected because the specified grant token is not valid.</p>
  *
@@ -195,7 +203,9 @@ export interface GenerateDataKeyPairCommandOutput extends GenerateDataKeyPairRes
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/GenerateDataKeyPairWithoutPlaintextCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateDataKeyPairWithoutPlaintextRequest, GenerateDataKeyPairWithoutPlaintextResponse } from "../models/models_0";
 /**
@@ -35,9 +35,10 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandOutput extends Genera
  *       the private key in a data key pair. You cannot use an asymmetric KMS key or a KMS key in a
  *       custom key store. To get the type and origin of your KMS key, use the <a>DescribeKey</a> operation. </p>
  *          <p>Use the <code>KeyPairSpec</code> parameter to choose an RSA or Elliptic Curve (ECC) data
- *       key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that you
- *       use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or signing, but not
- *       both. However, KMS cannot enforce any restrictions on the use of data key pairs outside of KMS.</p>
+ *       key pair. In China Regions, you can also choose an SM2 data key pair. KMS recommends that
+ *       you use ECC key pairs for signing, and use RSA and SM2 key pairs for either encryption or
+ *       signing, but not both. However, KMS cannot enforce any restrictions on the use of data key
+ *       pairs outside of KMS.</p>
  *          <p>
  *             <code>GenerateDataKeyPairWithoutPlaintext</code> returns a unique data key pair for each
  *       request. The bytes in the key are not related to the caller or KMS key that is used to encrypt
@@ -101,6 +102,7 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandOutput extends Genera
  *   GrantTokens: [ // GrantTokenList
  *     "STRING_VALUE",
  *   ],
+ *   DryRun: true || false,
  * };
  * const command = new GenerateDataKeyPairWithoutPlaintextCommand(input);
  * const response = await client.send(command);
@@ -126,6 +128,11 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandOutput extends Genera
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidGrantTokenException} (client fault)
  *  <p>The request was rejected because the specified grant token is not valid.</p>
  *
@@ -172,7 +179,9 @@ export interface GenerateDataKeyPairWithoutPlaintextCommandOutput extends Genera
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/GenerateDataKeyWithoutPlaintextCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateDataKeyWithoutPlaintextRequest, GenerateDataKeyWithoutPlaintextResponse } from "../models/models_0";
 /**
@@ -42,10 +42,11 @@ export interface GenerateDataKeyWithoutPlaintextCommandOutput extends GenerateDa
  *          <p>To request an asymmetric data key pair, use the <a>GenerateDataKeyPair</a> or
  *         <a>GenerateDataKeyPairWithoutPlaintext</a> operations.</p>
  *          <p>To generate a data key, you must specify the symmetric encryption KMS key that is used to
- *       encrypt the data key. You cannot use an asymmetric KMS key or a key in a custom key store to generate a data key. To get the
- *       type of your KMS key, use the <a>DescribeKey</a> operation.</p>
+ *       encrypt the data key. You cannot use an asymmetric KMS key or a key in a custom key store to
+ *       generate a data key. To get the type of your KMS key, use the <a>DescribeKey</a>
+ *       operation.</p>
  *          <p>You must also specify the length of the data key. Use either the <code>KeySpec</code> or
- *       <code>NumberOfBytes</code> parameters (but not both). For 128-bit and 256-bit data keys, use
+ *         <code>NumberOfBytes</code> parameters (but not both). For 128-bit and 256-bit data keys, use
  *       the <code>KeySpec</code> parameter.</p>
  *          <p>To generate an SM4 data key (China Regions only), specify a <code>KeySpec</code> value of
  *         <code>AES_128</code> or <code>NumberOfBytes</code> value of <code>16</code>. The symmetric
@@ -111,6 +112,7 @@ export interface GenerateDataKeyWithoutPlaintextCommandOutput extends GenerateDa
  *   GrantTokens: [ // GrantTokenList
  *     "STRING_VALUE",
  *   ],
+ *   DryRun: true || false,
  * };
  * const command = new GenerateDataKeyWithoutPlaintextCommand(input);
  * const response = await client.send(command);
@@ -134,6 +136,11 @@ export interface GenerateDataKeyWithoutPlaintextCommandOutput extends GenerateDa
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidGrantTokenException} (client fault)
  *  <p>The request was rejected because the specified grant token is not valid.</p>
  *
@@ -180,7 +187,9 @@ export interface GenerateDataKeyWithoutPlaintextCommandOutput extends GenerateDa
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/GenerateMacCommand.d.ts

@@ -1,6 +1,6 @@
-import { EndpointParameterInstructions } from "@aws-sdk/middleware-endpoint";
-import { Command as $Command } from "@aws-sdk/smithy-client";
-import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@aws-sdk/types";
+import { EndpointParameterInstructions } from "@smithy/middleware-endpoint";
+import { Command as $Command } from "@smithy/smithy-client";
+import { Handler, HttpHandlerOptions as __HttpHandlerOptions, MetadataBearer as __MetadataBearer, MiddlewareStack } from "@smithy/types";
 import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
 import { GenerateMacRequest, GenerateMacResponse } from "../models/models_0";
 /**
@@ -23,8 +23,9 @@ export interface GenerateMacCommandOutput extends GenerateMacResponse, __Metadat
 }
 /**
  * @public
- * <p>Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS key and a MAC algorithm that the key supports.
- *       HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards defined in <a href="https://datatracker.ietf.org/doc/html/rfc2104">RFC 2104</a>.</p>
+ * <p>Generates a hash-based message authentication code (HMAC) for a message using an HMAC KMS
+ *       key and a MAC algorithm that the key supports. HMAC KMS keys and the HMAC algorithms that
+ *       KMS uses conform to industry standards defined in <a href="https://datatracker.ietf.org/doc/html/rfc2104">RFC 2104</a>.</p>
  *          <p>You can use value that GenerateMac returns in the <a>VerifyMac</a> operation to
  *       demonstrate that the original message has not changed. Also, because a secret key is used to
  *       create the hash, you can verify that the party that generated the hash has the required secret
@@ -64,6 +65,7 @@ export interface GenerateMacCommandOutput extends GenerateMacResponse, __Metadat
  *   GrantTokens: [ // GrantTokenList
  *     "STRING_VALUE",
  *   ],
+ *   DryRun: true || false,
  * };
  * const command = new GenerateMacCommand(input);
  * const response = await client.send(command);
@@ -84,6 +86,11 @@ export interface GenerateMacCommandOutput extends GenerateMacResponse, __Metadat
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidGrantTokenException} (client fault)
  *  <p>The request was rejected because the specified grant token is not valid.</p>
  *
@@ -130,7 +137,9 @@ export interface GenerateMacCommandOutput extends GenerateMacResponse, __Metadat
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *