@aws-sdk/client-kms 3.363.0 → 3.366.0

package/dist-types/commands/ImportKeyMaterialCommand.d.ts

@@ -40,8 +40,7 @@ export interface ImportKeyMaterialCommandOutput extends ImportKeyMaterialRespons
  *          <p>Each time you import key material into KMS, you can determine whether
  *         (<code>ExpirationModel</code>) and when (<code>ValidTo</code>) the key material expires. To
  *       change the expiration of your key material, you must import it again, either by calling
- *       <code>ImportKeyMaterial</code> or using the <a href="kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-import-key-material-console">import features</a> of the
- *       KMS console.</p>
+ *         <code>ImportKeyMaterial</code> or using the <a href="kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-import-key-material-console">import features</a> of the KMS console.</p>
  *          <p>Before calling <code>ImportKeyMaterial</code>:</p>
  *          <ul>
  *             <li>
@@ -197,7 +196,9 @@ export interface ImportKeyMaterialCommandOutput extends ImportKeyMaterialRespons
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/ListGrantsCommand.d.ts

@@ -151,7 +151,9 @@ export interface ListGrantsCommandOutput extends ListGrantsResponse, __MetadataB
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/ListKeyPoliciesCommand.d.ts

@@ -100,7 +100,9 @@ export interface ListKeyPoliciesCommandOutput extends ListKeyPoliciesResponse, _
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/PutKeyPolicyCommand.d.ts

@@ -86,7 +86,9 @@ export interface PutKeyPolicyCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/ReEncryptCommand.d.ts

@@ -139,6 +139,7 @@ export interface ReEncryptCommandOutput extends ReEncryptResponse, __MetadataBea
  *   GrantTokens: [ // GrantTokenList
  *     "STRING_VALUE",
  *   ],
+ *   DryRun: true || false,
  * };
  * const command = new ReEncryptCommand(input);
  * const response = await client.send(command);
@@ -165,6 +166,11 @@ export interface ReEncryptCommandOutput extends ReEncryptResponse, __MetadataBea
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link IncorrectKeyException} (client fault)
  *  <p>The request was rejected because the specified KMS key cannot decrypt the data. The
  *         <code>KeyId</code> in a <a>Decrypt</a> request and the <code>SourceKeyId</code>
@@ -225,7 +231,9 @@ export interface ReEncryptCommandOutput extends ReEncryptResponse, __MetadataBea
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/ReplicateKeyCommand.d.ts

@@ -220,7 +220,9 @@ export interface ReplicateKeyCommandOutput extends ReplicateKeyResponse, __Metad
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/RetireGrantCommand.d.ts

@@ -79,6 +79,7 @@ export interface RetireGrantCommandOutput extends __MetadataBearer {
  *   GrantToken: "STRING_VALUE",
  *   KeyId: "STRING_VALUE",
  *   GrantId: "STRING_VALUE",
+ *   DryRun: true || false,
  * };
  * const command = new RetireGrantCommand(input);
  * const response = await client.send(command);
@@ -96,6 +97,11 @@ export interface RetireGrantCommandOutput extends __MetadataBearer {
  *  <p>The system timed out while trying to fulfill the request. You can retry the
  *       request.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidArnException} (client fault)
  *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
  *       valid.</p>
@@ -124,7 +130,9 @@ export interface RetireGrantCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/RevokeGrantCommand.d.ts

@@ -76,6 +76,7 @@ export interface RevokeGrantCommandOutput extends __MetadataBearer {
  * const input = { // RevokeGrantRequest
  *   KeyId: "STRING_VALUE", // required
  *   GrantId: "STRING_VALUE", // required
+ *   DryRun: true || false,
  * };
  * const command = new RevokeGrantCommand(input);
  * const response = await client.send(command);
@@ -93,6 +94,11 @@ export interface RevokeGrantCommandOutput extends __MetadataBearer {
  *  <p>The system timed out while trying to fulfill the request. You can retry the
  *       request.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidArnException} (client fault)
  *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
  *       valid.</p>
@@ -118,7 +124,9 @@ export interface RevokeGrantCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/ScheduleKeyDeletionCommand.d.ts

@@ -35,9 +35,9 @@ export interface ScheduleKeyDeletionCommandOutput extends ScheduleKeyDeletionRes
  *             <p>Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key
  *         is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only
  *         exception is a <a href="kms/latest/developerguide/multi-region-keys-delete.html">multi-Region replica
- *           key</a>, or an asymmetric or HMAC KMS key with imported key material[BUGBUG-link to
- *         importing-keys-managing.html#import-delete-key.) To prevent the use of a KMS key without
- *         deleting it, use <a>DisableKey</a>. </p>
+ *           key</a>, or an <a href="kms/latest/developerguide/importing-keys-managing.html#import-delete-key">asymmetric or HMAC KMS
+ *           key with imported key material</a>.) To prevent the use of a KMS key without deleting
+ *         it, use <a>DisableKey</a>. </p>
  *          </important>
  *          <p>You can schedule the deletion of a multi-Region primary key and its replica keys at any
  *       time. However, KMS will not delete a multi-Region primary key with existing replica keys. If
@@ -134,7 +134,9 @@ export interface ScheduleKeyDeletionCommandOutput extends ScheduleKeyDeletionRes
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/SignCommand.d.ts

@@ -89,6 +89,7 @@ export interface SignCommandOutput extends SignResponse, __MetadataBearer {
  *     "STRING_VALUE",
  *   ],
  *   SigningAlgorithm: "RSASSA_PSS_SHA_256" || "RSASSA_PSS_SHA_384" || "RSASSA_PSS_SHA_512" || "RSASSA_PKCS1_V1_5_SHA_256" || "RSASSA_PKCS1_V1_5_SHA_384" || "RSASSA_PKCS1_V1_5_SHA_512" || "ECDSA_SHA_256" || "ECDSA_SHA_384" || "ECDSA_SHA_512" || "SM2DSA", // required
+ *   DryRun: true || false,
  * };
  * const command = new SignCommand(input);
  * const response = await client.send(command);
@@ -113,6 +114,11 @@ export interface SignCommandOutput extends SignResponse, __MetadataBearer {
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidGrantTokenException} (client fault)
  *  <p>The request was rejected because the specified grant token is not valid.</p>
  *
@@ -159,7 +165,9 @@ export interface SignCommandOutput extends SignResponse, __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/TagResourceCommand.d.ts

@@ -119,7 +119,9 @@ export interface TagResourceCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/UntagResourceCommand.d.ts

@@ -111,7 +111,9 @@ export interface UntagResourceCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/UpdateAliasCommand.d.ts

@@ -130,7 +130,9 @@ export interface UpdateAliasCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/UpdateCustomKeyStoreCommand.d.ts

@@ -283,8 +283,9 @@ export interface UpdateCustomKeyStoreCommandOutput extends UpdateCustomKeyStoreR
  * @throws {@link XksProxyUriUnreachableException} (client fault)
  *  <p>KMS was unable to reach the specified <code>XksProxyUriPath</code>. The path must be
  *       reachable before you create the external key store or update its settings.</p>
- *          <p>This exception is also thrown when the external key store proxy response to a <code>GetHealthStatus</code>
- *       request indicates that all external key manager instances are unavailable.</p>
+ *          <p>This exception is also thrown when the external key store proxy response to a
+ *         <code>GetHealthStatus</code> request indicates that all external key manager instances are
+ *       unavailable.</p>
  *
  * @throws {@link XksProxyVpcEndpointServiceInUseException} (client fault)
  *  <p>The request was rejected because the specified Amazon VPC endpoint service is already
@@ -294,7 +295,8 @@ export interface UpdateCustomKeyStoreCommandOutput extends UpdateCustomKeyStoreR
  * @throws {@link XksProxyVpcEndpointServiceInvalidConfigurationException} (client fault)
  *  <p>The request was rejected because the Amazon VPC endpoint service configuration does not fulfill
  *       the requirements for an external key store proxy. For details, see the exception message and
- *         <a href="kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements">review the requirements</a> for Amazon VPC endpoint service connectivity for an external key
+ *         <a href="kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements">review the
+ *         requirements</a> for Amazon VPC endpoint service connectivity for an external key
  *       store.</p>
  *
  * @throws {@link XksProxyVpcEndpointServiceNotFoundException} (client fault)

package/dist-types/commands/UpdateKeyDescriptionCommand.d.ts

@@ -93,7 +93,9 @@ export interface UpdateKeyDescriptionCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/UpdatePrimaryRegionCommand.d.ts

@@ -135,7 +135,9 @@ export interface UpdatePrimaryRegionCommandOutput extends __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/VerifyCommand.d.ts

@@ -33,11 +33,10 @@ export interface VerifyCommandOutput extends VerifyResponse, __MetadataBearer {
  *          <p>A digital signature is generated by using the private key in an asymmetric KMS key. The
  *       signature is verified by using the public key in the same asymmetric KMS key.
  *       For information about asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Asymmetric KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>To use the <code>Verify</code> operation, specify the
- *       same asymmetric KMS key, message, and signing algorithm that were used to produce the
- *       signature. The message type does not need to be the same as the one used for signing, but it must
- *       indicate whether the value of the <code>Message</code> parameter should be
- *       hashed as part of the verification process.</p>
+ *          <p>To use the <code>Verify</code> operation, specify the same asymmetric KMS key, message,
+ *       and signing algorithm that were used to produce the signature. The message type does not need
+ *       to be the same as the one used for signing, but it must indicate whether the value of the
+ *         <code>Message</code> parameter should be hashed as part of the verification process.</p>
  *          <p>You can also verify the digital signature by using the public key of the KMS key outside
  *       of KMS. Use the <a>GetPublicKey</a> operation to download the public key in the
  *       asymmetric KMS key and then use the public key to verify the signature outside of KMS. The
@@ -45,10 +44,10 @@ export interface VerifyCommandOutput extends VerifyResponse, __MetadataBearer {
  *       a result, it's easy to call, the operation is performed within the FIPS boundary, it is logged
  *       in CloudTrail, and you can use key policy and IAM policy to determine who is authorized to use
  *       the KMS key to verify signatures.</p>
- *          <p>To verify a signature outside of KMS with an SM2 public key (China Regions only), you must
- *       specify the distinguishing ID. By default, KMS uses <code>1234567812345678</code> as the
- *       distinguishing ID. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification">Offline verification
- *         with SM2 key pairs</a>.</p>
+ *          <p>To verify a signature outside of KMS with an SM2 public key (China Regions only), you
+ *       must specify the distinguishing ID. By default, KMS uses <code>1234567812345678</code> as
+ *       the distinguishing ID. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification">Offline
+ *         verification with SM2 key pairs</a>.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
@@ -74,6 +73,7 @@ export interface VerifyCommandOutput extends VerifyResponse, __MetadataBearer {
  *   GrantTokens: [ // GrantTokenList
  *     "STRING_VALUE",
  *   ],
+ *   DryRun: true || false,
  * };
  * const command = new VerifyCommand(input);
  * const response = await client.send(command);
@@ -98,6 +98,11 @@ export interface VerifyCommandOutput extends VerifyResponse, __MetadataBearer {
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidGrantTokenException} (client fault)
  *  <p>The request was rejected because the specified grant token is not valid.</p>
  *
@@ -149,7 +154,9 @@ export interface VerifyCommandOutput extends VerifyResponse, __MetadataBearer {
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *

package/dist-types/commands/VerifyMacCommand.d.ts

@@ -58,6 +58,7 @@ export interface VerifyMacCommandOutput extends VerifyMacResponse, __MetadataBea
  *   GrantTokens: [ // GrantTokenList
  *     "STRING_VALUE",
  *   ],
+ *   DryRun: true || false,
  * };
  * const command = new VerifyMacCommand(input);
  * const response = await client.send(command);
@@ -78,6 +79,11 @@ export interface VerifyMacCommandOutput extends VerifyMacResponse, __MetadataBea
  * @throws {@link DisabledException} (client fault)
  *  <p>The request was rejected because the specified KMS key is not enabled.</p>
  *
+ * @throws {@link DryRunOperationException} (client fault)
+ *  <p>
+ *       The request was rejected because the DryRun parameter was specified.
+ *     </p>
+ *
  * @throws {@link InvalidGrantTokenException} (client fault)
  *  <p>The request was rejected because the specified grant token is not valid.</p>
  *
@@ -129,7 +135,9 @@ export interface VerifyMacCommandOutput extends VerifyMacResponse, __MetadataBea
  *                   </i>.</p>
  *             </li>
  *             <li>
- *                <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
  *             </li>
  *          </ul>
  *