@aws-sdk/client-kms 3.554.0 → 3.555.0

package/dist-types/KMS.d.ts

@@ -31,6 +31,7 @@ import { ImportKeyMaterialCommandInput, ImportKeyMaterialCommandOutput } from ".
 import { ListAliasesCommandInput, ListAliasesCommandOutput } from "./commands/ListAliasesCommand";
 import { ListGrantsCommandInput, ListGrantsCommandOutput } from "./commands/ListGrantsCommand";
 import { ListKeyPoliciesCommandInput, ListKeyPoliciesCommandOutput } from "./commands/ListKeyPoliciesCommand";
+import { ListKeyRotationsCommandInput, ListKeyRotationsCommandOutput } from "./commands/ListKeyRotationsCommand";
 import { ListKeysCommandInput, ListKeysCommandOutput } from "./commands/ListKeysCommand";
 import { ListResourceTagsCommandInput, ListResourceTagsCommandOutput } from "./commands/ListResourceTagsCommand";
 import { ListRetirableGrantsCommandInput, ListRetirableGrantsCommandOutput } from "./commands/ListRetirableGrantsCommand";
@@ -39,6 +40,7 @@ import { ReEncryptCommandInput, ReEncryptCommandOutput } from "./commands/ReEncr
 import { ReplicateKeyCommandInput, ReplicateKeyCommandOutput } from "./commands/ReplicateKeyCommand";
 import { RetireGrantCommandInput, RetireGrantCommandOutput } from "./commands/RetireGrantCommand";
 import { RevokeGrantCommandInput, RevokeGrantCommandOutput } from "./commands/RevokeGrantCommand";
+import { RotateKeyOnDemandCommandInput, RotateKeyOnDemandCommandOutput } from "./commands/RotateKeyOnDemandCommand";
 import { ScheduleKeyDeletionCommandInput, ScheduleKeyDeletionCommandOutput } from "./commands/ScheduleKeyDeletionCommand";
 import { SignCommandInput, SignCommandOutput } from "./commands/SignCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
@@ -247,6 +249,12 @@ export interface KMS {
     listKeyPolicies(args: ListKeyPoliciesCommandInput, options?: __HttpHandlerOptions): Promise<ListKeyPoliciesCommandOutput>;
     listKeyPolicies(args: ListKeyPoliciesCommandInput, cb: (err: any, data?: ListKeyPoliciesCommandOutput) => void): void;
     listKeyPolicies(args: ListKeyPoliciesCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListKeyPoliciesCommandOutput) => void): void;
+    /**
+     * @see {@link ListKeyRotationsCommand}
+     */
+    listKeyRotations(args: ListKeyRotationsCommandInput, options?: __HttpHandlerOptions): Promise<ListKeyRotationsCommandOutput>;
+    listKeyRotations(args: ListKeyRotationsCommandInput, cb: (err: any, data?: ListKeyRotationsCommandOutput) => void): void;
+    listKeyRotations(args: ListKeyRotationsCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: ListKeyRotationsCommandOutput) => void): void;
     /**
      * @see {@link ListKeysCommand}
      */
@@ -297,6 +305,12 @@ export interface KMS {
     revokeGrant(args: RevokeGrantCommandInput, options?: __HttpHandlerOptions): Promise<RevokeGrantCommandOutput>;
     revokeGrant(args: RevokeGrantCommandInput, cb: (err: any, data?: RevokeGrantCommandOutput) => void): void;
     revokeGrant(args: RevokeGrantCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RevokeGrantCommandOutput) => void): void;
+    /**
+     * @see {@link RotateKeyOnDemandCommand}
+     */
+    rotateKeyOnDemand(args: RotateKeyOnDemandCommandInput, options?: __HttpHandlerOptions): Promise<RotateKeyOnDemandCommandOutput>;
+    rotateKeyOnDemand(args: RotateKeyOnDemandCommandInput, cb: (err: any, data?: RotateKeyOnDemandCommandOutput) => void): void;
+    rotateKeyOnDemand(args: RotateKeyOnDemandCommandInput, options: __HttpHandlerOptions, cb: (err: any, data?: RotateKeyOnDemandCommandOutput) => void): void;
     /**
      * @see {@link ScheduleKeyDeletionCommand}
      */

package/dist-types/KMSClient.d.ts

@@ -39,6 +39,7 @@ import { ImportKeyMaterialCommandInput, ImportKeyMaterialCommandOutput } from ".
 import { ListAliasesCommandInput, ListAliasesCommandOutput } from "./commands/ListAliasesCommand";
 import { ListGrantsCommandInput, ListGrantsCommandOutput } from "./commands/ListGrantsCommand";
 import { ListKeyPoliciesCommandInput, ListKeyPoliciesCommandOutput } from "./commands/ListKeyPoliciesCommand";
+import { ListKeyRotationsCommandInput, ListKeyRotationsCommandOutput } from "./commands/ListKeyRotationsCommand";
 import { ListKeysCommandInput, ListKeysCommandOutput } from "./commands/ListKeysCommand";
 import { ListResourceTagsCommandInput, ListResourceTagsCommandOutput } from "./commands/ListResourceTagsCommand";
 import { ListRetirableGrantsCommandInput, ListRetirableGrantsCommandOutput } from "./commands/ListRetirableGrantsCommand";
@@ -47,6 +48,7 @@ import { ReEncryptCommandInput, ReEncryptCommandOutput } from "./commands/ReEncr
 import { ReplicateKeyCommandInput, ReplicateKeyCommandOutput } from "./commands/ReplicateKeyCommand";
 import { RetireGrantCommandInput, RetireGrantCommandOutput } from "./commands/RetireGrantCommand";
 import { RevokeGrantCommandInput, RevokeGrantCommandOutput } from "./commands/RevokeGrantCommand";
+import { RotateKeyOnDemandCommandInput, RotateKeyOnDemandCommandOutput } from "./commands/RotateKeyOnDemandCommand";
 import { ScheduleKeyDeletionCommandInput, ScheduleKeyDeletionCommandOutput } from "./commands/ScheduleKeyDeletionCommand";
 import { SignCommandInput, SignCommandOutput } from "./commands/SignCommand";
 import { TagResourceCommandInput, TagResourceCommandOutput } from "./commands/TagResourceCommand";
@@ -63,11 +65,11 @@ export { __Client };
 /**
  * @public
  */
-export type ServiceInputTypes = CancelKeyDeletionCommandInput | ConnectCustomKeyStoreCommandInput | CreateAliasCommandInput | CreateCustomKeyStoreCommandInput | CreateGrantCommandInput | CreateKeyCommandInput | DecryptCommandInput | DeleteAliasCommandInput | DeleteCustomKeyStoreCommandInput | DeleteImportedKeyMaterialCommandInput | DescribeCustomKeyStoresCommandInput | DescribeKeyCommandInput | DisableKeyCommandInput | DisableKeyRotationCommandInput | DisconnectCustomKeyStoreCommandInput | EnableKeyCommandInput | EnableKeyRotationCommandInput | EncryptCommandInput | GenerateDataKeyCommandInput | GenerateDataKeyPairCommandInput | GenerateDataKeyPairWithoutPlaintextCommandInput | GenerateDataKeyWithoutPlaintextCommandInput | GenerateMacCommandInput | GenerateRandomCommandInput | GetKeyPolicyCommandInput | GetKeyRotationStatusCommandInput | GetParametersForImportCommandInput | GetPublicKeyCommandInput | ImportKeyMaterialCommandInput | ListAliasesCommandInput | ListGrantsCommandInput | ListKeyPoliciesCommandInput | ListKeysCommandInput | ListResourceTagsCommandInput | ListRetirableGrantsCommandInput | PutKeyPolicyCommandInput | ReEncryptCommandInput | ReplicateKeyCommandInput | RetireGrantCommandInput | RevokeGrantCommandInput | ScheduleKeyDeletionCommandInput | SignCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateAliasCommandInput | UpdateCustomKeyStoreCommandInput | UpdateKeyDescriptionCommandInput | UpdatePrimaryRegionCommandInput | VerifyCommandInput | VerifyMacCommandInput;
+export type ServiceInputTypes = CancelKeyDeletionCommandInput | ConnectCustomKeyStoreCommandInput | CreateAliasCommandInput | CreateCustomKeyStoreCommandInput | CreateGrantCommandInput | CreateKeyCommandInput | DecryptCommandInput | DeleteAliasCommandInput | DeleteCustomKeyStoreCommandInput | DeleteImportedKeyMaterialCommandInput | DescribeCustomKeyStoresCommandInput | DescribeKeyCommandInput | DisableKeyCommandInput | DisableKeyRotationCommandInput | DisconnectCustomKeyStoreCommandInput | EnableKeyCommandInput | EnableKeyRotationCommandInput | EncryptCommandInput | GenerateDataKeyCommandInput | GenerateDataKeyPairCommandInput | GenerateDataKeyPairWithoutPlaintextCommandInput | GenerateDataKeyWithoutPlaintextCommandInput | GenerateMacCommandInput | GenerateRandomCommandInput | GetKeyPolicyCommandInput | GetKeyRotationStatusCommandInput | GetParametersForImportCommandInput | GetPublicKeyCommandInput | ImportKeyMaterialCommandInput | ListAliasesCommandInput | ListGrantsCommandInput | ListKeyPoliciesCommandInput | ListKeyRotationsCommandInput | ListKeysCommandInput | ListResourceTagsCommandInput | ListRetirableGrantsCommandInput | PutKeyPolicyCommandInput | ReEncryptCommandInput | ReplicateKeyCommandInput | RetireGrantCommandInput | RevokeGrantCommandInput | RotateKeyOnDemandCommandInput | ScheduleKeyDeletionCommandInput | SignCommandInput | TagResourceCommandInput | UntagResourceCommandInput | UpdateAliasCommandInput | UpdateCustomKeyStoreCommandInput | UpdateKeyDescriptionCommandInput | UpdatePrimaryRegionCommandInput | VerifyCommandInput | VerifyMacCommandInput;
 /**
  * @public
  */
-export type ServiceOutputTypes = CancelKeyDeletionCommandOutput | ConnectCustomKeyStoreCommandOutput | CreateAliasCommandOutput | CreateCustomKeyStoreCommandOutput | CreateGrantCommandOutput | CreateKeyCommandOutput | DecryptCommandOutput | DeleteAliasCommandOutput | DeleteCustomKeyStoreCommandOutput | DeleteImportedKeyMaterialCommandOutput | DescribeCustomKeyStoresCommandOutput | DescribeKeyCommandOutput | DisableKeyCommandOutput | DisableKeyRotationCommandOutput | DisconnectCustomKeyStoreCommandOutput | EnableKeyCommandOutput | EnableKeyRotationCommandOutput | EncryptCommandOutput | GenerateDataKeyCommandOutput | GenerateDataKeyPairCommandOutput | GenerateDataKeyPairWithoutPlaintextCommandOutput | GenerateDataKeyWithoutPlaintextCommandOutput | GenerateMacCommandOutput | GenerateRandomCommandOutput | GetKeyPolicyCommandOutput | GetKeyRotationStatusCommandOutput | GetParametersForImportCommandOutput | GetPublicKeyCommandOutput | ImportKeyMaterialCommandOutput | ListAliasesCommandOutput | ListGrantsCommandOutput | ListKeyPoliciesCommandOutput | ListKeysCommandOutput | ListResourceTagsCommandOutput | ListRetirableGrantsCommandOutput | PutKeyPolicyCommandOutput | ReEncryptCommandOutput | ReplicateKeyCommandOutput | RetireGrantCommandOutput | RevokeGrantCommandOutput | ScheduleKeyDeletionCommandOutput | SignCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateAliasCommandOutput | UpdateCustomKeyStoreCommandOutput | UpdateKeyDescriptionCommandOutput | UpdatePrimaryRegionCommandOutput | VerifyCommandOutput | VerifyMacCommandOutput;
+export type ServiceOutputTypes = CancelKeyDeletionCommandOutput | ConnectCustomKeyStoreCommandOutput | CreateAliasCommandOutput | CreateCustomKeyStoreCommandOutput | CreateGrantCommandOutput | CreateKeyCommandOutput | DecryptCommandOutput | DeleteAliasCommandOutput | DeleteCustomKeyStoreCommandOutput | DeleteImportedKeyMaterialCommandOutput | DescribeCustomKeyStoresCommandOutput | DescribeKeyCommandOutput | DisableKeyCommandOutput | DisableKeyRotationCommandOutput | DisconnectCustomKeyStoreCommandOutput | EnableKeyCommandOutput | EnableKeyRotationCommandOutput | EncryptCommandOutput | GenerateDataKeyCommandOutput | GenerateDataKeyPairCommandOutput | GenerateDataKeyPairWithoutPlaintextCommandOutput | GenerateDataKeyWithoutPlaintextCommandOutput | GenerateMacCommandOutput | GenerateRandomCommandOutput | GetKeyPolicyCommandOutput | GetKeyRotationStatusCommandOutput | GetParametersForImportCommandOutput | GetPublicKeyCommandOutput | ImportKeyMaterialCommandOutput | ListAliasesCommandOutput | ListGrantsCommandOutput | ListKeyPoliciesCommandOutput | ListKeyRotationsCommandOutput | ListKeysCommandOutput | ListResourceTagsCommandOutput | ListRetirableGrantsCommandOutput | PutKeyPolicyCommandOutput | ReEncryptCommandOutput | ReplicateKeyCommandOutput | RetireGrantCommandOutput | RevokeGrantCommandOutput | RotateKeyOnDemandCommandOutput | ScheduleKeyDeletionCommandOutput | SignCommandOutput | TagResourceCommandOutput | UntagResourceCommandOutput | UpdateAliasCommandOutput | UpdateCustomKeyStoreCommandOutput | UpdateKeyDescriptionCommandOutput | UpdatePrimaryRegionCommandOutput | VerifyCommandOutput | VerifyMacCommandOutput;
 /**
  * @public
  */

package/dist-types/commands/CreateCustomKeyStoreCommand.d.ts

@@ -242,8 +242,8 @@ declare const CreateCustomKeyStoreCommand_base: {
  *
  * @throws {@link XksProxyUriEndpointInUseException} (client fault)
  *  <p>The request was rejected because the <code>XksProxyUriEndpoint</code> is already
- *       associated with another external key store in this Amazon Web Services Region. To identify the cause,
- *       see the error message that accompanies the exception. </p>
+ *       associated with another external key store in this Amazon Web Services Region. To identify the cause, see
+ *       the error message that accompanies the exception. </p>
  *
  * @throws {@link XksProxyUriInUseException} (client fault)
  *  <p>The request was rejected because the concatenation of the <code>XksProxyUriEndpoint</code>

package/dist-types/commands/DisableKeyRotationCommand.d.ts

@@ -58,6 +58,16 @@ declare const DisableKeyRotationCommand_base: {
  *                   <a>GetKeyRotationStatus</a>
  *                </p>
  *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListKeyRotations</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>RotateKeyOnDemand</a>
+ *                </p>
+ *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.

package/dist-types/commands/EnableKeyRotationCommand.d.ts

@@ -26,18 +26,25 @@ declare const EnableKeyRotationCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Enables <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic rotation
+ * <p>Enables <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable">automatic rotation
  *         of the key material</a> of the specified symmetric encryption KMS key. </p>
- *          <p>When you enable automatic rotation of a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed KMS key</a>, KMS
+ *          <p>By default, when you enable automatic rotation of a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed KMS key</a>, KMS
  *       rotates the key material of the KMS key one year (approximately 365 days) from the enable date
- *       and every year thereafter. You can monitor rotation of the key material for your KMS keys in
- *       CloudTrail and Amazon CloudWatch. To disable rotation of the key material in a customer
- *       managed KMS key, use the <a>DisableKeyRotation</a> operation.</p>
+ *       and every year thereafter. You can use the optional <code>RotationPeriodInDays</code>
+ *       parameter to specify a custom rotation period when you enable key rotation, or you can use
+ *       <code>RotationPeriodInDays</code> to modify the rotation period of a key that you previously
+ *       enabled automatic key rotation on.</p>
+ *          <p>You can monitor rotation of the key material
+ *       for your KMS keys in CloudTrail and Amazon CloudWatch. To disable rotation of the key
+ *       material in a customer managed KMS key, use the <a>DisableKeyRotation</a>
+ *       operation. You can use the <a>GetKeyRotationStatus</a> operation to identify any in progress
+ *       rotations. You can use the <a>ListKeyRotations</a> operation to view the details of
+ *       completed rotations.</p>
  *          <p>Automatic key rotation is supported only on <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks">symmetric encryption KMS keys</a>.
  *       You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate">multi-Region keys</a>, set the property on the primary key. </p>
- *          <p>You cannot enable or disable automatic rotation <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a>. KMS
+ *          <p>You cannot enable or disable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a>. KMS
  *       always rotates the key material of Amazon Web Services managed keys every year. Rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned KMS
- *         keys</a> varies.</p>
+ *         keys</a> is managed by the Amazon Web Services service that owns the key.</p>
  *          <note>
  *             <p>In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three
  *         years (approximately 1,095 days) to every year (approximately 365 days).</p>
@@ -66,6 +73,20 @@ declare const EnableKeyRotationCommand_base: {
  *                   <a>GetKeyRotationStatus</a>
  *                </p>
  *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListKeyRotations</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>RotateKeyOnDemand</a>
+ *                </p>
+ *                <note>
+ *                   <p>You can perform on-demand (<a>RotateKeyOnDemand</a>) rotation of the
+ *             key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled.</p>
+ *                </note>
+ *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
@@ -78,6 +99,7 @@ declare const EnableKeyRotationCommand_base: {
  * const client = new KMSClient(config);
  * const input = { // EnableKeyRotationRequest
  *   KeyId: "STRING_VALUE", // required
+ *   RotationPeriodInDays: Number("int"),
  * };
  * const command = new EnableKeyRotationCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/GetKeyRotationStatusCommand.d.ts

@@ -26,18 +26,20 @@ declare const GetKeyRotationStatusCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Gets a Boolean value that indicates whether <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic rotation of the key material</a> is
- *       enabled for the specified KMS key.</p>
- *          <p>When you enable automatic rotation for <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed KMS keys</a>, KMS
- *       rotates the key material of the KMS key one year (approximately 365 days) from the enable date
- *       and every year thereafter. You can monitor rotation of the key material for your KMS keys in
- *       CloudTrail and Amazon CloudWatch.</p>
+ * <p>Provides detailed information about the rotation status for a KMS key, including
+ *       whether <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic rotation of the key material</a> is enabled for the specified KMS key, the
+ *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotation-period">rotation period</a>, and the next scheduled
+ *       rotation date.</p>
  *          <p>Automatic key rotation is supported only on <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks">symmetric encryption KMS keys</a>.
  *       You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate">multi-Region keys</a>, set the property on the primary key..</p>
  *          <p>You can enable (<a>EnableKeyRotation</a>) and disable automatic rotation (<a>DisableKeyRotation</a>) of the key material in customer managed KMS keys. Key
  *       material rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a> is not
  *       configurable. KMS always rotates the key material in Amazon Web Services managed KMS keys every year. The
  *       key rotation status for Amazon Web Services managed KMS keys is always <code>true</code>.</p>
+ *          <p>You can perform on-demand (<a>RotateKeyOnDemand</a>) rotation of the
+ *       key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled.
+ *       You can use GetKeyRotationStatus to identify the date and time that an in progress on-demand rotation
+ *       was initiated. You can use <a>ListKeyRotations</a> to view the details of completed rotations.</p>
  *          <note>
  *             <p>In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three
  *         years to every year. For details, see <a>EnableKeyRotation</a>.</p>
@@ -78,6 +80,16 @@ declare const GetKeyRotationStatusCommand_base: {
  *                   <a>EnableKeyRotation</a>
  *                </p>
  *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListKeyRotations</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>RotateKeyOnDemand</a>
+ *                </p>
+ *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
@@ -95,6 +107,10 @@ declare const GetKeyRotationStatusCommand_base: {
  * const response = await client.send(command);
  * // { // GetKeyRotationStatusResponse
  * //   KeyRotationEnabled: true || false,
+ * //   KeyId: "STRING_VALUE",
+ * //   RotationPeriodInDays: Number("int"),
+ * //   NextRotationDate: new Date("TIMESTAMP"),
+ * //   OnDemandRotationStartDate: new Date("TIMESTAMP"),
  * // };
  *
  * ```

package/dist-types/commands/ListKeyRotationsCommand.d.ts

@@ -0,0 +1,146 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
+import { ListKeyRotationsRequest, ListKeyRotationsResponse } from "../models/models_0";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link ListKeyRotationsCommand}.
+ */
+export interface ListKeyRotationsCommandInput extends ListKeyRotationsRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link ListKeyRotationsCommand}.
+ */
+export interface ListKeyRotationsCommandOutput extends ListKeyRotationsResponse, __MetadataBearer {
+}
+declare const ListKeyRotationsCommand_base: {
+    new (input: ListKeyRotationsCommandInput): import("@smithy/smithy-client").CommandImpl<ListKeyRotationsCommandInput, ListKeyRotationsCommandOutput, KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: ListKeyRotationsCommandInput): import("@smithy/smithy-client").CommandImpl<ListKeyRotationsCommandInput, ListKeyRotationsCommandOutput, KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Returns information about all completed key material rotations for the specified KMS
+ *       key.</p>
+ *          <p>You must specify the KMS key in all requests. You can refine the key rotations list by
+ *       limiting the number of rotations returned.</p>
+ *          <p>For detailed information about automatic and on-demand key rotations, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">Rotating KMS keys</a> in the
+ *       <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
+ *          <p>
+ *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListKeyRotations</a> (key policy)</p>
+ *          <p>
+ *             <b>Related operations:</b>
+ *          </p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <a>EnableKeyRotation</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>DisableKeyRotation</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>GetKeyRotationStatus</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>RotateKeyOnDemand</a>
+ *                </p>
+ *             </li>
+ *          </ul>
+ *          <p>
+ *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { KMSClient, ListKeyRotationsCommand } from "@aws-sdk/client-kms"; // ES Modules import
+ * // const { KMSClient, ListKeyRotationsCommand } = require("@aws-sdk/client-kms"); // CommonJS import
+ * const client = new KMSClient(config);
+ * const input = { // ListKeyRotationsRequest
+ *   KeyId: "STRING_VALUE", // required
+ *   Limit: Number("int"),
+ *   Marker: "STRING_VALUE",
+ * };
+ * const command = new ListKeyRotationsCommand(input);
+ * const response = await client.send(command);
+ * // { // ListKeyRotationsResponse
+ * //   Rotations: [ // RotationsList
+ * //     { // RotationsListEntry
+ * //       KeyId: "STRING_VALUE",
+ * //       RotationDate: new Date("TIMESTAMP"),
+ * //       RotationType: "AUTOMATIC" || "ON_DEMAND",
+ * //     },
+ * //   ],
+ * //   NextMarker: "STRING_VALUE",
+ * //   Truncated: true || false,
+ * // };
+ *
+ * ```
+ *
+ * @param ListKeyRotationsCommandInput - {@link ListKeyRotationsCommandInput}
+ * @returns {@link ListKeyRotationsCommandOutput}
+ * @see {@link ListKeyRotationsCommandInput} for command's `input` shape.
+ * @see {@link ListKeyRotationsCommandOutput} for command's `response` shape.
+ * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
+ *
+ * @throws {@link InvalidArnException} (client fault)
+ *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
+ *       valid.</p>
+ *
+ * @throws {@link InvalidMarkerException} (client fault)
+ *  <p>The request was rejected because the marker that specifies where pagination should next
+ *       begin is not valid.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ * @throws {@link KMSInvalidStateException} (client fault)
+ *  <p>The request was rejected because the state of the specified resource is not valid for this
+ *       request.</p>
+ *          <p>This exceptions means one of the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>The key state of the KMS key is not compatible with the operation. </p>
+ *                <p>To find the key state, use the <a>DescribeKey</a> operation. For more
+ *           information about which key states are compatible with each KMS operation, see
+ *           <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
+ *                      <i>Key Management Service Developer Guide</i>
+ *                   </i>.</p>
+ *             </li>
+ *             <li>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link NotFoundException} (client fault)
+ *  <p>The request was rejected because the specified entity or resource could not be
+ *       found.</p>
+ *
+ * @throws {@link UnsupportedOperationException} (client fault)
+ *  <p>The request was rejected because a specified parameter is not supported or a specified
+ *       resource is not valid for this operation.</p>
+ *
+ * @throws {@link KMSServiceException}
+ * <p>Base exception class for all service exceptions from KMS service.</p>
+ *
+ * @public
+ */
+export declare class ListKeyRotationsCommand extends ListKeyRotationsCommand_base {
+}

package/dist-types/commands/RotateKeyOnDemandCommand.d.ts

@@ -0,0 +1,170 @@
+import { Command as $Command } from "@smithy/smithy-client";
+import { MetadataBearer as __MetadataBearer } from "@smithy/types";
+import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
+import { RotateKeyOnDemandRequest, RotateKeyOnDemandResponse } from "../models/models_0";
+/**
+ * @public
+ */
+export { __MetadataBearer, $Command };
+/**
+ * @public
+ *
+ * The input for {@link RotateKeyOnDemandCommand}.
+ */
+export interface RotateKeyOnDemandCommandInput extends RotateKeyOnDemandRequest {
+}
+/**
+ * @public
+ *
+ * The output of {@link RotateKeyOnDemandCommand}.
+ */
+export interface RotateKeyOnDemandCommandOutput extends RotateKeyOnDemandResponse, __MetadataBearer {
+}
+declare const RotateKeyOnDemandCommand_base: {
+    new (input: RotateKeyOnDemandCommandInput): import("@smithy/smithy-client").CommandImpl<RotateKeyOnDemandCommandInput, RotateKeyOnDemandCommandOutput, KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    new (__0_0: RotateKeyOnDemandCommandInput): import("@smithy/smithy-client").CommandImpl<RotateKeyOnDemandCommandInput, RotateKeyOnDemandCommandOutput, KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes>;
+    getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
+};
+/**
+ * <p>Immediately initiates rotation of the key material of the specified symmetric encryption
+ *       KMS key.</p>
+ *          <p>You can perform <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand">on-demand rotation</a>
+ *       of the key material in customer managed KMS keys,
+ *       regardless of whether or not <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable">automatic key rotation</a> is enabled.
+ *       On-demand rotations do not change existing automatic rotation schedules. For example, consider a KMS key that
+ *       has automatic key rotation enabled with a rotation period of 730 days. If the key is scheduled to
+ *       automatically rotate on April 14, 2024, and you perform an on-demand rotation on April 10, 2024, the key will automatically rotate,
+ *       as scheduled, on April 14, 2024 and every 730 days thereafter.</p>
+ *          <note>
+ *             <p>You can perform on-demand key rotation a <b>maximum of 10 times</b>
+ *         per KMS key. You can use the KMS console
+ *         to view the number of remaining on-demand rotations available for a KMS key.</p>
+ *          </note>
+ *          <p>You can use <a>GetKeyRotationStatus</a> to identify any in progress
+ *       on-demand rotations. You can use <a>ListKeyRotations</a> to identify the date that
+ *       completed on-demand rotations were performed. You can monitor rotation of the key material
+ *       for your KMS keys in CloudTrail and Amazon CloudWatch.</p>
+ *          <p>On-demand key rotation is supported only on <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks">symmetric encryption KMS keys</a>.
+ *       You cannot perform on-demand rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>,
+ *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>,
+ *       KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To perform
+ *       on-demand rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate">multi-Region keys</a>,
+ *       invoke the on-demand rotation on the primary key.</p>
+ *          <p>You cannot initiate on-demand rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a>. KMS
+ *       always rotates the key material of Amazon Web Services managed keys every year. Rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned KMS
+ *         keys</a> is managed by the Amazon Web Services service that owns the key.</p>
+ *          <p>The KMS key that you use for this operation must be in a compatible key state. For
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>
+ *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
+ *          <p>
+ *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:RotateKeyOnDemand</a> (key policy)</p>
+ *          <p>
+ *             <b>Related operations:</b>
+ *          </p>
+ *          <ul>
+ *             <li>
+ *                <p>
+ *                   <a>EnableKeyRotation</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>DisableKeyRotation</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>GetKeyRotationStatus</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListKeyRotations</a>
+ *                </p>
+ *             </li>
+ *          </ul>
+ *          <p>
+ *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ * @example
+ * Use a bare-bones client and the command you need to make an API call.
+ * ```javascript
+ * import { KMSClient, RotateKeyOnDemandCommand } from "@aws-sdk/client-kms"; // ES Modules import
+ * // const { KMSClient, RotateKeyOnDemandCommand } = require("@aws-sdk/client-kms"); // CommonJS import
+ * const client = new KMSClient(config);
+ * const input = { // RotateKeyOnDemandRequest
+ *   KeyId: "STRING_VALUE", // required
+ * };
+ * const command = new RotateKeyOnDemandCommand(input);
+ * const response = await client.send(command);
+ * // { // RotateKeyOnDemandResponse
+ * //   KeyId: "STRING_VALUE",
+ * // };
+ *
+ * ```
+ *
+ * @param RotateKeyOnDemandCommandInput - {@link RotateKeyOnDemandCommandInput}
+ * @returns {@link RotateKeyOnDemandCommandOutput}
+ * @see {@link RotateKeyOnDemandCommandInput} for command's `input` shape.
+ * @see {@link RotateKeyOnDemandCommandOutput} for command's `response` shape.
+ * @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
+ *
+ * @throws {@link ConflictException} (client fault)
+ *  <p>The request was rejected because an automatic rotation of this key is currently in
+ *       progress or scheduled to begin within the next 20 minutes. </p>
+ *
+ * @throws {@link DependencyTimeoutException} (server fault)
+ *  <p>The system timed out while trying to fulfill the request. You can retry the
+ *       request.</p>
+ *
+ * @throws {@link DisabledException} (client fault)
+ *  <p>The request was rejected because the specified KMS key is not enabled.</p>
+ *
+ * @throws {@link InvalidArnException} (client fault)
+ *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
+ *       valid.</p>
+ *
+ * @throws {@link KMSInternalException} (server fault)
+ *  <p>The request was rejected because an internal exception occurred. The request can be
+ *       retried.</p>
+ *
+ * @throws {@link KMSInvalidStateException} (client fault)
+ *  <p>The request was rejected because the state of the specified resource is not valid for this
+ *       request.</p>
+ *          <p>This exceptions means one of the following:</p>
+ *          <ul>
+ *             <li>
+ *                <p>The key state of the KMS key is not compatible with the operation. </p>
+ *                <p>To find the key state, use the <a>DescribeKey</a> operation. For more
+ *           information about which key states are compatible with each KMS operation, see
+ *           <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
+ *                      <i>Key Management Service Developer Guide</i>
+ *                   </i>.</p>
+ *             </li>
+ *             <li>
+ *                <p>For cryptographic operations on KMS keys in custom key stores, this exception
+ *           represents a general failure with many possible causes. To identify the cause, see the
+ *           error message that accompanies the exception.</p>
+ *             </li>
+ *          </ul>
+ *
+ * @throws {@link LimitExceededException} (client fault)
+ *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
+ *       <i>Key Management Service Developer Guide</i>.</p>
+ *
+ * @throws {@link NotFoundException} (client fault)
+ *  <p>The request was rejected because the specified entity or resource could not be
+ *       found.</p>
+ *
+ * @throws {@link UnsupportedOperationException} (client fault)
+ *  <p>The request was rejected because a specified parameter is not supported or a specified
+ *       resource is not valid for this operation.</p>
+ *
+ * @throws {@link KMSServiceException}
+ * <p>Base exception class for all service exceptions from KMS service.</p>
+ *
+ * @public
+ */
+export declare class RotateKeyOnDemandCommand extends RotateKeyOnDemandCommand_base {
+}

package/dist-types/commands/UpdateCustomKeyStoreCommand.d.ts

@@ -275,8 +275,8 @@ declare const UpdateCustomKeyStoreCommand_base: {
  *
  * @throws {@link XksProxyUriEndpointInUseException} (client fault)
  *  <p>The request was rejected because the <code>XksProxyUriEndpoint</code> is already
- *       associated with another external key store in this Amazon Web Services Region. To identify the cause,
- *       see the error message that accompanies the exception. </p>
+ *       associated with another external key store in this Amazon Web Services Region. To identify the cause, see
+ *       the error message that accompanies the exception. </p>
  *
  * @throws {@link XksProxyUriInUseException} (client fault)
  *  <p>The request was rejected because the concatenation of the <code>XksProxyUriEndpoint</code>

package/dist-types/commands/index.d.ts

@@ -30,6 +30,7 @@ export * from "./ImportKeyMaterialCommand";
 export * from "./ListAliasesCommand";
 export * from "./ListGrantsCommand";
 export * from "./ListKeyPoliciesCommand";
+export * from "./ListKeyRotationsCommand";
 export * from "./ListKeysCommand";
 export * from "./ListResourceTagsCommand";
 export * from "./ListRetirableGrantsCommand";
@@ -38,6 +39,7 @@ export * from "./ReEncryptCommand";
 export * from "./ReplicateKeyCommand";
 export * from "./RetireGrantCommand";
 export * from "./RevokeGrantCommand";
+export * from "./RotateKeyOnDemandCommand";
 export * from "./ScheduleKeyDeletionCommand";
 export * from "./SignCommand";
 export * from "./TagResourceCommand";