npm - @aws-sdk/client-kms - Versions diffs - 3.821.0 → 3.825.0 - Mend

@aws-sdk/client-kms 3.821.0 → 3.825.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (61) hide show

package/dist-cjs/index.js CHANGED Viewed

@@ -87,6 +87,9 @@ __export(index_exports, {
   GetPublicKeyCommand: () => GetPublicKeyCommand,
   GrantOperation: () => GrantOperation,
   ImportKeyMaterialCommand: () => ImportKeyMaterialCommand,
+  ImportState: () => ImportState,
+  ImportType: () => ImportType,
+  IncludeKeyMaterial: () => IncludeKeyMaterial,
   IncorrectKeyException: () => IncorrectKeyException,
   IncorrectKeyMaterialException: () => IncorrectKeyMaterialException,
   IncorrectTrustAnchorException: () => IncorrectTrustAnchorException,
@@ -108,6 +111,7 @@ __export(index_exports, {
   KeyAgreementAlgorithmSpec: () => KeyAgreementAlgorithmSpec,
   KeyEncryptionMechanism: () => KeyEncryptionMechanism,
   KeyManagerType: () => KeyManagerType,
+  KeyMaterialState: () => KeyMaterialState,
   KeySpec: () => KeySpec,
   KeyState: () => KeyState,
   KeyUnavailableException: () => KeyUnavailableException,
@@ -1299,6 +1303,10 @@ var WrappingKeySpec = {
   RSA_4096: "RSA_4096",
   SM2: "SM2"
 };
+var ImportType = {
+  EXISTING_KEY_MATERIAL: "EXISTING_KEY_MATERIAL",
+  NEW_KEY_MATERIAL: "NEW_KEY_MATERIAL"
+};
 var IncorrectKeyMaterialException = class _IncorrectKeyMaterialException extends KMSServiceException {
   static {
     __name(this, "IncorrectKeyMaterialException");
@@ -1335,6 +1343,14 @@ var InvalidImportTokenException = class _InvalidImportTokenException extends KMS
     Object.setPrototypeOf(this, _InvalidImportTokenException.prototype);
   }
 };
+var ImportState = {
+  IMPORTED: "IMPORTED",
+  PENDING_IMPORT: "PENDING_IMPORT"
+};
+var IncludeKeyMaterial = {
+  ALL_KEY_MATERIAL: "ALL_KEY_MATERIAL",
+  ROTATIONS_ONLY: "ROTATIONS_ONLY"
+};
 var InvalidGrantIdException = class _InvalidGrantIdException extends KMSServiceException {
   static {
     __name(this, "InvalidGrantIdException");
@@ -1353,6 +1369,11 @@ var InvalidGrantIdException = class _InvalidGrantIdException extends KMSServiceE
     Object.setPrototypeOf(this, _InvalidGrantIdException.prototype);
   }
 };
+var KeyMaterialState = {
+  CURRENT: "CURRENT",
+  NON_CURRENT: "NON_CURRENT",
+  PENDING_ROTATION: "PENDING_ROTATION"
+};
 var KMSInvalidMacException = class _KMSInvalidMacException extends KMSServiceException {
   static {
     __name(this, "KMSInvalidMacException");
@@ -1915,9 +1936,12 @@ var de_DeleteImportedKeyMaterialCommand = /* @__PURE__ */ __name(async (output,
   if (output.statusCode >= 300) {
     return de_CommandError(output, context);
   }
-  await (0, import_smithy_client.collectBody)(output.body, context);
+  const data = await (0, import_core2.parseJsonBody)(output.body, context);
+  let contents = {};
+  contents = (0, import_smithy_client._json)(data);
   const response = {
-    $metadata: deserializeMetadata(output)
+    $metadata: deserializeMetadata(output),
+    ...contents
   };
   return response;
 }, "de_DeleteImportedKeyMaterialCommand");
@@ -3109,7 +3133,10 @@ var se_ImportKeyMaterialRequest = /* @__PURE__ */ __name((input, context) => {
     EncryptedKeyMaterial: context.base64Encoder,
     ExpirationModel: [],
     ImportToken: context.base64Encoder,
+    ImportType: [],
     KeyId: [],
+    KeyMaterialDescription: [],
+    KeyMaterialId: [],
     ValidTo: /* @__PURE__ */ __name((_) => _.getTime() / 1e3, "ValidTo")
   });
 }, "se_ImportKeyMaterialRequest");
@@ -3207,6 +3234,7 @@ var de_DecryptResponse = /* @__PURE__ */ __name((output, context) => {
     CiphertextForRecipient: context.base64Decoder,
     EncryptionAlgorithm: import_smithy_client.expectString,
     KeyId: import_smithy_client.expectString,
+    KeyMaterialId: import_smithy_client.expectString,
     Plaintext: context.base64Decoder
   });
 }, "de_DecryptResponse");
@@ -3235,13 +3263,15 @@ var de_EncryptResponse = /* @__PURE__ */ __name((output, context) => {
   return (0, import_smithy_client.take)(output, {
     CiphertextBlob: context.base64Decoder,
     EncryptionAlgorithm: import_smithy_client.expectString,
-    KeyId: import_smithy_client.expectString
+    KeyId: import_smithy_client.expectString,
+    KeyMaterialId: import_smithy_client.expectString
   });
 }, "de_EncryptResponse");
 var de_GenerateDataKeyPairResponse = /* @__PURE__ */ __name((output, context) => {
   return (0, import_smithy_client.take)(output, {
     CiphertextForRecipient: context.base64Decoder,
     KeyId: import_smithy_client.expectString,
+    KeyMaterialId: import_smithy_client.expectString,
     KeyPairSpec: import_smithy_client.expectString,
     PrivateKeyCiphertextBlob: context.base64Decoder,
     PrivateKeyPlaintext: context.base64Decoder,
@@ -3251,6 +3281,7 @@ var de_GenerateDataKeyPairResponse = /* @__PURE__ */ __name((output, context) =>
 var de_GenerateDataKeyPairWithoutPlaintextResponse = /* @__PURE__ */ __name((output, context) => {
   return (0, import_smithy_client.take)(output, {
     KeyId: import_smithy_client.expectString,
+    KeyMaterialId: import_smithy_client.expectString,
     KeyPairSpec: import_smithy_client.expectString,
     PrivateKeyCiphertextBlob: context.base64Decoder,
     PublicKey: context.base64Decoder
@@ -3261,13 +3292,15 @@ var de_GenerateDataKeyResponse = /* @__PURE__ */ __name((output, context) => {
     CiphertextBlob: context.base64Decoder,
     CiphertextForRecipient: context.base64Decoder,
     KeyId: import_smithy_client.expectString,
+    KeyMaterialId: import_smithy_client.expectString,
     Plaintext: context.base64Decoder
   });
 }, "de_GenerateDataKeyResponse");
 var de_GenerateDataKeyWithoutPlaintextResponse = /* @__PURE__ */ __name((output, context) => {
   return (0, import_smithy_client.take)(output, {
     CiphertextBlob: context.base64Decoder,
-    KeyId: import_smithy_client.expectString
+    KeyId: import_smithy_client.expectString,
+    KeyMaterialId: import_smithy_client.expectString
   });
 }, "de_GenerateDataKeyWithoutPlaintextResponse");
 var de_GenerateMacResponse = /* @__PURE__ */ __name((output, context) => {
@@ -3337,6 +3370,7 @@ var de_KeyMetadata = /* @__PURE__ */ __name((output, context) => {
     Arn: import_smithy_client.expectString,
     CloudHsmClusterId: import_smithy_client.expectString,
     CreationDate: /* @__PURE__ */ __name((_) => (0, import_smithy_client.expectNonNull)((0, import_smithy_client.parseEpochTimestamp)((0, import_smithy_client.expectNumber)(_))), "CreationDate"),
+    CurrentKeyMaterialId: import_smithy_client.expectString,
     CustomKeyStoreId: import_smithy_client.expectString,
     CustomerMasterKeySpec: import_smithy_client.expectString,
     DeletionDate: /* @__PURE__ */ __name((_) => (0, import_smithy_client.expectNonNull)((0, import_smithy_client.parseEpochTimestamp)((0, import_smithy_client.expectNumber)(_))), "DeletionDate"),
@@ -3385,9 +3419,11 @@ var de_ReEncryptResponse = /* @__PURE__ */ __name((output, context) => {
   return (0, import_smithy_client.take)(output, {
     CiphertextBlob: context.base64Decoder,
     DestinationEncryptionAlgorithm: import_smithy_client.expectString,
+    DestinationKeyMaterialId: import_smithy_client.expectString,
     KeyId: import_smithy_client.expectString,
     SourceEncryptionAlgorithm: import_smithy_client.expectString,
-    SourceKeyId: import_smithy_client.expectString
+    SourceKeyId: import_smithy_client.expectString,
+    SourceKeyMaterialId: import_smithy_client.expectString
   });
 }, "de_ReEncryptResponse");
 var de_ReplicateKeyResponse = /* @__PURE__ */ __name((output, context) => {
@@ -3405,9 +3441,15 @@ var de_RotationsList = /* @__PURE__ */ __name((output, context) => {
 }, "de_RotationsList");
 var de_RotationsListEntry = /* @__PURE__ */ __name((output, context) => {
   return (0, import_smithy_client.take)(output, {
+    ExpirationModel: import_smithy_client.expectString,
+    ImportState: import_smithy_client.expectString,
     KeyId: import_smithy_client.expectString,
+    KeyMaterialDescription: import_smithy_client.expectString,
+    KeyMaterialId: import_smithy_client.expectString,
+    KeyMaterialState: import_smithy_client.expectString,
     RotationDate: /* @__PURE__ */ __name((_) => (0, import_smithy_client.expectNonNull)((0, import_smithy_client.parseEpochTimestamp)((0, import_smithy_client.expectNumber)(_))), "RotationDate"),
-    RotationType: import_smithy_client.expectString
+    RotationType: import_smithy_client.expectString,
+    ValidTo: /* @__PURE__ */ __name((_) => (0, import_smithy_client.expectNonNull)((0, import_smithy_client.parseEpochTimestamp)((0, import_smithy_client.expectNumber)(_))), "ValidTo")
   });
 }, "de_RotationsListEntry");
 var de_ScheduleKeyDeletionResponse = /* @__PURE__ */ __name((output, context) => {
@@ -4478,9 +4520,13 @@ var paginateListRetirableGrants = (0, import_core.createPaginator)(KMSClient, Li
   InvalidMarkerException,
   ExpiredImportTokenException,
   WrappingKeySpec,
+  ImportType,
   IncorrectKeyMaterialException,
   InvalidImportTokenException,
+  ImportState,
+  IncludeKeyMaterial,
   InvalidGrantIdException,
+  KeyMaterialState,
   KMSInvalidMacException,
   KMSInvalidSignatureException,
   RotationType,

package/dist-es/models/models_0.js CHANGED Viewed

@@ -692,6 +692,10 @@ export const WrappingKeySpec = {
     RSA_4096: "RSA_4096",
     SM2: "SM2",
 };
+export const ImportType = {
+    EXISTING_KEY_MATERIAL: "EXISTING_KEY_MATERIAL",
+    NEW_KEY_MATERIAL: "NEW_KEY_MATERIAL",
+};
 export class IncorrectKeyMaterialException extends __BaseException {
     name = "IncorrectKeyMaterialException";
     $fault = "client";
@@ -716,6 +720,14 @@ export class InvalidImportTokenException extends __BaseException {
         Object.setPrototypeOf(this, InvalidImportTokenException.prototype);
     }
 }
+export const ImportState = {
+    IMPORTED: "IMPORTED",
+    PENDING_IMPORT: "PENDING_IMPORT",
+};
+export const IncludeKeyMaterial = {
+    ALL_KEY_MATERIAL: "ALL_KEY_MATERIAL",
+    ROTATIONS_ONLY: "ROTATIONS_ONLY",
+};
 export class InvalidGrantIdException extends __BaseException {
     name = "InvalidGrantIdException";
     $fault = "client";
@@ -728,6 +740,11 @@ export class InvalidGrantIdException extends __BaseException {
         Object.setPrototypeOf(this, InvalidGrantIdException.prototype);
     }
 }
+export const KeyMaterialState = {
+    CURRENT: "CURRENT",
+    NON_CURRENT: "NON_CURRENT",
+    PENDING_ROTATION: "PENDING_ROTATION",
+};
 export class KMSInvalidMacException extends __BaseException {
     name = "KMSInvalidMacException";
     $fault = "client";

package/dist-es/protocols/Aws_json1_1.js CHANGED Viewed

@@ -436,9 +436,12 @@ export const de_DeleteImportedKeyMaterialCommand = async (output, context) => {
     if (output.statusCode >= 300) {
         return de_CommandError(output, context);
     }
-    await collectBody(output.body, context);
+    const data = await parseBody(output.body, context);
+    let contents = {};
+    contents = _json(data);
     const response = {
         $metadata: deserializeMetadata(output),
+        ...contents,
     };
     return response;
 };
@@ -1630,7 +1633,10 @@ const se_ImportKeyMaterialRequest = (input, context) => {
         EncryptedKeyMaterial: context.base64Encoder,
         ExpirationModel: [],
         ImportToken: context.base64Encoder,
+        ImportType: [],
         KeyId: [],
+        KeyMaterialDescription: [],
+        KeyMaterialId: [],
         ValidTo: (_) => _.getTime() / 1_000,
     });
 };
@@ -1732,6 +1738,7 @@ const de_DecryptResponse = (output, context) => {
         CiphertextForRecipient: context.base64Decoder,
         EncryptionAlgorithm: __expectString,
         KeyId: __expectString,
+        KeyMaterialId: __expectString,
         Plaintext: context.base64Decoder,
     });
 };
@@ -1761,12 +1768,14 @@ const de_EncryptResponse = (output, context) => {
         CiphertextBlob: context.base64Decoder,
         EncryptionAlgorithm: __expectString,
         KeyId: __expectString,
+        KeyMaterialId: __expectString,
     });
 };
 const de_GenerateDataKeyPairResponse = (output, context) => {
     return take(output, {
         CiphertextForRecipient: context.base64Decoder,
         KeyId: __expectString,
+        KeyMaterialId: __expectString,
         KeyPairSpec: __expectString,
         PrivateKeyCiphertextBlob: context.base64Decoder,
         PrivateKeyPlaintext: context.base64Decoder,
@@ -1776,6 +1785,7 @@ const de_GenerateDataKeyPairResponse = (output, context) => {
 const de_GenerateDataKeyPairWithoutPlaintextResponse = (output, context) => {
     return take(output, {
         KeyId: __expectString,
+        KeyMaterialId: __expectString,
         KeyPairSpec: __expectString,
         PrivateKeyCiphertextBlob: context.base64Decoder,
         PublicKey: context.base64Decoder,
@@ -1786,6 +1796,7 @@ const de_GenerateDataKeyResponse = (output, context) => {
         CiphertextBlob: context.base64Decoder,
         CiphertextForRecipient: context.base64Decoder,
         KeyId: __expectString,
+        KeyMaterialId: __expectString,
         Plaintext: context.base64Decoder,
     });
 };
@@ -1793,6 +1804,7 @@ const de_GenerateDataKeyWithoutPlaintextResponse = (output, context) => {
     return take(output, {
         CiphertextBlob: context.base64Decoder,
         KeyId: __expectString,
+        KeyMaterialId: __expectString,
     });
 };
 const de_GenerateMacResponse = (output, context) => {
@@ -1864,6 +1876,7 @@ const de_KeyMetadata = (output, context) => {
         Arn: __expectString,
         CloudHsmClusterId: __expectString,
         CreationDate: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
+        CurrentKeyMaterialId: __expectString,
         CustomKeyStoreId: __expectString,
         CustomerMasterKeySpec: __expectString,
         DeletionDate: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
@@ -1912,9 +1925,11 @@ const de_ReEncryptResponse = (output, context) => {
     return take(output, {
         CiphertextBlob: context.base64Decoder,
         DestinationEncryptionAlgorithm: __expectString,
+        DestinationKeyMaterialId: __expectString,
         KeyId: __expectString,
         SourceEncryptionAlgorithm: __expectString,
         SourceKeyId: __expectString,
+        SourceKeyMaterialId: __expectString,
     });
 };
 const de_ReplicateKeyResponse = (output, context) => {
@@ -1934,9 +1949,15 @@ const de_RotationsList = (output, context) => {
 };
 const de_RotationsListEntry = (output, context) => {
     return take(output, {
+        ExpirationModel: __expectString,
+        ImportState: __expectString,
         KeyId: __expectString,
+        KeyMaterialDescription: __expectString,
+        KeyMaterialId: __expectString,
+        KeyMaterialState: __expectString,
         RotationDate: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
         RotationType: __expectString,
+        ValidTo: (_) => __expectNonNull(__parseEpochTimestamp(__expectNumber(_))),
     });
 };
 const de_ScheduleKeyDeletionResponse = (output, context) => {

package/dist-types/commands/CancelKeyDeletionCommand.d.ts CHANGED Viewed

@@ -42,7 +42,7 @@ declare const CancelKeyDeletionCommand_base: {
  *          </p>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ConnectCustomKeyStoreCommand.d.ts CHANGED Viewed

@@ -27,7 +27,7 @@ declare const ConnectCustomKeyStoreCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Connects or reconnects a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> to its backing key store. For an CloudHSM key
+ * <p>Connects or reconnects a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a> to its backing key store. For an CloudHSM key
  *       store, <code>ConnectCustomKeyStore</code> connects the key store to its associated CloudHSM
  *       cluster. For an external key store, <code>ConnectCustomKeyStore</code> connects the key store
  *       to the external key store proxy that communicates with your external key manager.</p>
@@ -39,7 +39,7 @@ declare const ConnectCustomKeyStoreCommand_base: {
  *       complete. When it succeeds, this operation quickly returns an HTTP 200 response and a JSON
  *       object with no properties. However, this response does not indicate that the custom key store
  *       is connected. To get the connection state of the custom key store, use the <a>DescribeCustomKeyStores</a> operation.</p>
- *          <p> This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key stores</a> feature in KMS, which
+ *          <p> This operation is part of the custom key stores feature in KMS, which
  * combines the convenience and extensive integration of KMS with the isolation and control of a
  * key store that you own and manage.</p>
  *          <p>The <code>ConnectCustomKeyStore</code> operation might fail for various reasons. To find
@@ -58,7 +58,7 @@ declare const ConnectCustomKeyStoreCommand_base: {
  *       password.</p>
  *          <p>To connect an CloudHSM key store, its associated CloudHSM cluster must have at least one active
  *       HSM. To get the number of active HSMs in a cluster, use the <a href="https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html">DescribeClusters</a> operation. To add HSMs
- *       to the cluster, use the <a href="https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html">CreateHsm</a> operation. Also, the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser">
+ *       to the cluster, use the <a href="https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html">CreateHsm</a> operation. Also, the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html#concept-kmsuser">
  *                <code>kmsuser</code> crypto
  *         user</a> (CU) must not be logged into the cluster. This prevents KMS from using this
  *       account to log in.</p>
@@ -116,7 +116,7 @@ declare const ConnectCustomKeyStoreCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/CreateAliasCommand.d.ts CHANGED Viewed

@@ -31,7 +31,7 @@ declare const CreateAliasCommand_base: {
  *          <note>
  *             <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">ABAC for KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          </note>
- *          <p>You can use an alias to identify a KMS key in the KMS console, in the <a>DescribeKey</a> operation and in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>, such as <a>Encrypt</a> and
+ *          <p>You can use an alias to identify a KMS key in the KMS console, in the <a>DescribeKey</a> operation and in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#cryptographic-operations">cryptographic operations</a>, such as <a>Encrypt</a> and
  *         <a>GenerateDataKey</a>. You can also change the KMS key that's associated with
  *       the alias (<a>UpdateAlias</a>) or delete the alias (<a>DeleteAlias</a>)
  *       at any time. These operations don't affect the underlying KMS key. </p>
@@ -39,7 +39,7 @@ declare const CreateAliasCommand_base: {
  *       alias is associated with only one KMS key at a time, but a KMS key can have multiple aliases.
  *       A valid KMS key is required. You can't create an alias without a KMS key.</p>
  *          <p>The alias must be unique in the account and Region, but you can have aliases with the same
- *       name in different Regions. For detailed information about aliases, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">Using aliases</a> in the
+ *       name in different Regions. For detailed information about aliases, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">Aliases in KMS</a> in the
  *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>This operation does not return a response. To get the alias that you created, use the
  *         <a>ListAliases</a> operation.</p>
@@ -62,8 +62,7 @@ declare const CreateAliasCommand_base: {
  *           the KMS key (key policy).</p>
  *             </li>
  *          </ul>
- *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/alias-access.html">Controlling access to aliases</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>
@@ -86,7 +85,7 @@ declare const CreateAliasCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -145,8 +144,9 @@ declare const CreateAliasCommand_base: {
  *          </ul>
  *
  * @throws {@link LimitExceededException} (client fault)
- *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *  <p>The request was rejected because a length constraint or quota was exceeded. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *
  * @throws {@link NotFoundException} (client fault)
  *  <p>The request was rejected because the specified entity or resource could not be

package/dist-types/commands/CreateCustomKeyStoreCommand.d.ts CHANGED Viewed

@@ -27,14 +27,14 @@ declare const CreateCustomKeyStoreCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Creates a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> backed by a key store that you own and manage. When you use a
+ * <p>Creates a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a> backed by a key store that you own and manage. When you use a
  *       KMS key in a custom key store for a cryptographic operation, the cryptographic operation is
  *       actually performed in your key store using your keys. KMS supports <a href="https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html">CloudHSM key stores</a>
  *       backed by an <a href="https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html">CloudHSM cluster</a>
  *       and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html">external key
  *         stores</a> backed by an external key store proxy and external key manager outside of
  *       Amazon Web Services.</p>
- *          <p> This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key stores</a> feature in KMS, which
+ *          <p> This operation is part of the custom key stores feature in KMS, which
  * combines the convenience and extensive integration of KMS with the isolation and control of a
  * key store that you own and manage.</p>
  *          <p>Before you create the custom key store, the required elements must be in place and
@@ -80,8 +80,6 @@ declare const CreateCustomKeyStoreCommand_base: {
  *       external key manager. Even if you are not going to use your custom key store immediately, you
  *       might want to connect it to verify that all settings are correct and then disconnect it until
  *       you are ready to use it.</p>
- *          <p>For help with failures, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html">Troubleshooting a custom key store</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.</p>
  *          <p>
@@ -118,7 +116,7 @@ declare const CreateCustomKeyStoreCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -222,8 +220,9 @@ declare const CreateCustomKeyStoreCommand_base: {
  *       retried.</p>
  *
  * @throws {@link LimitExceededException} (client fault)
- *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *  <p>The request was rejected because a length constraint or quota was exceeded. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *
  * @throws {@link XksProxyIncorrectAuthenticationCredentialException} (client fault)
  *  <p>The request was rejected because the proxy credentials failed to authenticate to the

package/dist-types/commands/CreateGrantCommand.d.ts CHANGED Viewed

@@ -36,8 +36,8 @@ declare const CreateGrantCommand_base: {
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Grants in KMS</a> in the
  *         <i>
  *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
+ *             </i>. For examples of creating grants in several
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/example_kms_CreateGrant_section.html">Use CreateGrant with an Amazon Web Services SDK or CLI</a>. </p>
  *          <p>The <code>CreateGrant</code> operation returns a <code>GrantToken</code> and a
  *         <code>GrantId</code>.</p>
  *          <ul>
@@ -45,8 +45,8 @@ declare const CreateGrantCommand_base: {
  *                <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as <i>eventual consistency</i>. Once the grant has achieved eventual consistency, the grantee
  *           principal can use the permissions in the grant without identifying the grant. </p>
  *                <p>However, to use the permissions in the grant immediately, use the
- *             <code>GrantToken</code> that <code>CreateGrant</code> returns. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token">Using a
- *             grant token</a> in the <i>
+ *             <code>GrantToken</code> that <code>CreateGrant</code> returns. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html">Using a grant
+ *             token</a> in the <i>
  *                      <i>Key Management Service Developer Guide</i>
  *                   </i>.</p>
  *             </li>
@@ -91,7 +91,7 @@ declare const CreateGrantCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -176,8 +176,9 @@ declare const CreateGrantCommand_base: {
  *          </ul>
  *
  * @throws {@link LimitExceededException} (client fault)
- *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *  <p>The request was rejected because a length constraint or quota was exceeded. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *
  * @throws {@link NotFoundException} (client fault)
  *  <p>The request was rejected because the specified entity or resource could not be

package/dist-types/commands/CreateKeyCommand.d.ts CHANGED Viewed

@@ -33,9 +33,7 @@ declare const CreateKeyCommand_base: {
  *       resources.</p>
  *          <p>A KMS key is a logical representation of a cryptographic key. In addition to the key
  *       material used in cryptographic operations, a KMS key includes metadata, such as the key ID,
- *       key policy, creation date, description, and key state. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html">Managing keys</a> in the
- *       <i>Key Management Service Developer Guide</i>
- *          </p>
+ *       key policy, creation date, description, and key state. </p>
  *          <p>Use the parameters of <code>CreateKey</code> to specify the type of KMS key, the source of
  *       its key material, its key policy, description, tags, and other properties.</p>
  *          <note>
@@ -70,13 +68,14 @@ declare const CreateKeyCommand_base: {
  *                <p>Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an
  *             SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves
  *             KMS unencrypted. However, you can use the <a>GetPublicKey</a> operation to
- *             download the public key so it can be used outside of KMS. Each KMS key can have only one key usage. KMS keys with RSA key
- *             pairs can be used to encrypt and decrypt data or sign and verify messages (but not both).
- *             KMS keys with NIST-recommended ECC key pairs can be used to sign and verify messages or
- *             derive shared secrets (but not both). KMS keys with <code>ECC_SECG_P256K1</code>
- *             can be used only to sign and verify messages. KMS keys with SM2 key pairs (China Regions only)
- *             can be used to either encrypt and decrypt data, sign and verify messages, or derive shared secrets (you must choose one key usage type). For
- *             information about asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Asymmetric KMS keys</a> in the
+ *             download the public key so it can be used outside of KMS. Each KMS key can have only
+ *             one key usage. KMS keys with RSA key pairs can be used to encrypt and decrypt data or
+ *             sign and verify messages (but not both). KMS keys with NIST-recommended ECC key pairs
+ *             can be used to sign and verify messages or derive shared secrets (but not both). KMS
+ *             keys with <code>ECC_SECG_P256K1</code> can be used only to sign and verify messages. KMS
+ *             keys with SM2 key pairs (China Regions only) can be used to either encrypt and decrypt
+ *             data, sign and verify messages, or derive shared secrets (you must choose one key usage
+ *             type). For information about asymmetric KMS keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">Asymmetric KMS keys</a> in the
  *             <i>Key Management Service Developer Guide</i>.</p>
  *                <p> </p>
  *             </dd>
@@ -125,13 +124,13 @@ declare const CreateKeyCommand_base: {
  *                <p>To create a multi-Region primary key with imported key material, use the
  *               <code>Origin</code> parameter of <code>CreateKey</code> with a value of
  *               <code>EXTERNAL</code> and the <code>MultiRegion</code> parameter with a value of
- *               <code>True</code>. To create replicas of the multi-Region primary key, use the <a>ReplicateKey</a> operation. For instructions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html ">Importing key material into
- *               multi-Region keys</a>. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Multi-Region keys in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *               <code>True</code>. To create replicas of the multi-Region primary key, use the <a>ReplicateKey</a> operation. For instructions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html ">Importing key material step
+ *               1</a>. For more information about multi-Region keys, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">Multi-Region keys in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *                <p> </p>
  *             </dd>
  *             <dt>Custom key store</dt>
  *             <dd>
- *                <p>A <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a> lets you protect your Amazon Web Services resources using keys in a backing key
+ *                <p>A <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a> lets you protect your Amazon Web Services resources using keys in a backing key
  *             store that you own and manage. When you request a cryptographic operation with a KMS key
  *             in a custom key store, the operation is performed in the backing key store using its
  *             cryptographic keys.</p>
@@ -153,11 +152,11 @@ declare const CreateKeyCommand_base: {
  *             Use the default <code>KeySpec</code> value, <code>SYMMETRIC_DEFAULT</code>, and the
  *             default <code>KeyUsage</code> value, <code>ENCRYPT_DECRYPT</code> to create a symmetric
  *             encryption key. No other key type is supported in a custom key store.</p>
- *                <p>To create a KMS key in an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html">CloudHSM key store</a>, use the
+ *                <p>To create a KMS key in an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html">CloudHSM key store</a>, use the
  *               <code>Origin</code> parameter with a value of <code>AWS_CLOUDHSM</code>. The CloudHSM
  *             cluster that is associated with the custom key store must have at least two active HSMs
  *             in different Availability Zones in the Amazon Web Services Region.</p>
- *                <p>To create a KMS key in an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html">external key store</a>, use the
+ *                <p>To create a KMS key in an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html">external key store</a>, use the
  *               <code>Origin</code> parameter with a value of <code>EXTERNAL_KEY_STORE</code> and an
  *               <code>XksKeyId</code> parameter that identifies an existing external key.</p>
  *                <note>
@@ -172,8 +171,8 @@ declare const CreateKeyCommand_base: {
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:CreateKey</a> (IAM policy). To use the
  *         <code>Tags</code> parameter, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:TagResource</a> (IAM policy). For examples and information about related
- *       permissions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key">Allow a user to create
- *         KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *       permissions, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/customer-managed-policies.html#iam-policy-example-create-key">Allow a user
+ *         to create KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>
@@ -196,7 +195,7 @@ declare const CreateKeyCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -272,6 +271,7 @@ declare const CreateKeyCommand_base: {
  * //     XksKeyConfiguration: { // XksKeyConfigurationType
  * //       Id: "STRING_VALUE",
  * //     },
+ * //     CurrentKeyMaterialId: "STRING_VALUE",
  * //   },
  * // };
  *
@@ -370,8 +370,9 @@ declare const CreateKeyCommand_base: {
  *       retried.</p>
  *
  * @throws {@link LimitExceededException} (client fault)
- *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *  <p>The request was rejected because a length constraint or quota was exceeded. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *
  * @throws {@link MalformedPolicyDocumentException} (client fault)
  *  <p>The request was rejected because the specified policy is not syntactically or semantically