@aws-sdk/client-kms 3.823.0 → 3.825.0

package/dist-types/commands/RotateKeyOnDemandCommand.d.ts

@@ -29,28 +29,32 @@ declare const RotateKeyOnDemandCommand_base: {
 /**
  * <p>Immediately initiates rotation of the key material of the specified symmetric encryption
  *       KMS key.</p>
- *          <p>You can perform <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-on-demand">on-demand rotation</a>
- *       of the key material in customer managed KMS keys,
- *       regardless of whether or not <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable">automatic key rotation</a> is enabled.
- *       On-demand rotations do not change existing automatic rotation schedules. For example, consider a KMS key that
- *       has automatic key rotation enabled with a rotation period of 730 days. If the key is scheduled to
- *       automatically rotate on April 14, 2024, and you perform an on-demand rotation on April 10, 2024, the key will automatically rotate,
- *       as scheduled, on April 14, 2024 and every 730 days thereafter.</p>
+ *          <p>You can perform <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotating-keys-on-demand.html">on-demand rotation</a> of
+ *       the key material in customer managed KMS keys, regardless of whether or not <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotating-keys-enable-disable.html">automatic key
+ *         rotation</a> is enabled. On-demand rotations do not change existing automatic rotation
+ *       schedules. For example, consider a KMS key that has automatic key rotation enabled with a
+ *       rotation period of 730 days. If the key is scheduled to automatically rotate on April 14,
+ *       2024, and you perform an on-demand rotation on April 10, 2024, the key will automatically
+ *       rotate, as scheduled, on April 14, 2024 and every 730 days thereafter.</p>
  *          <note>
- *             <p>You can perform on-demand key rotation a <b>maximum of 10 times</b>
- *         per KMS key. You can use the KMS console
- *         to view the number of remaining on-demand rotations available for a KMS key.</p>
+ *             <p>You can perform on-demand key rotation a <b>maximum of 10
+ *           times</b> per KMS key. You can use the KMS console to view the number of
+ *         remaining on-demand rotations available for a KMS key.</p>
  *          </note>
- *          <p>You can use <a>GetKeyRotationStatus</a> to identify any in progress
- *       on-demand rotations. You can use <a>ListKeyRotations</a> to identify the date that
- *       completed on-demand rotations were performed. You can monitor rotation of the key material
- *       for your KMS keys in CloudTrail and Amazon CloudWatch.</p>
- *          <p>On-demand key rotation is supported only on <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks">symmetric encryption KMS keys</a>.
- *       You cannot perform on-demand rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>,
- *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>,
- *       KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To perform
- *       on-demand rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate">multi-Region keys</a>,
- *       invoke the on-demand rotation on the primary key.</p>
+ *          <p>You can use <a>GetKeyRotationStatus</a> to identify any in progress on-demand
+ *       rotations. You can use <a>ListKeyRotations</a> to identify the date that completed
+ *       on-demand rotations were performed. You can monitor rotation of the key material for your KMS
+ *       keys in CloudTrail and Amazon CloudWatch.</p>
+ *          <p>On-demand key rotation is supported only on symmetric encryption KMS keys. You cannot
+ *       perform on-demand rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>,
+ *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, multi-Region KMS keys
+ *       with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>,
+ *       or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a>. When you initiate on-demand key rotation on a symmetric encryption KMS key
+ *       with imported key material, you must have already imported
+ *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-import-key-material.html">new key material</a>
+ *       and that key material's state should be <code>PENDING_ROTATION</code>. Use the <code>ListKeyRotations</code>
+ *       operation to check the state of all key materials associated with a KMS key. To perform on-demand rotation of
+ *       a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#multi-region-rotate">multi-Region keys</a>, invoke the on-demand rotation on the primary key.</p>
  *          <p>You cannot initiate on-demand rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a>. KMS
  *       always rotates the key material of Amazon Web Services managed keys every year. Rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned KMS
  *         keys</a> is managed by the Amazon Web Services service that owns the key.</p>
@@ -81,13 +85,18 @@ declare const RotateKeyOnDemandCommand_base: {
  *             </li>
  *             <li>
  *                <p>
+ *                   <a>ImportKeyMaterial</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
  *                   <a>ListKeyRotations</a>
  *                </p>
  *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -151,8 +160,9 @@ declare const RotateKeyOnDemandCommand_base: {
  *          </ul>
  *
  * @throws {@link LimitExceededException} (client fault)
- *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *  <p>The request was rejected because a length constraint or quota was exceeded. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *
  * @throws {@link NotFoundException} (client fault)
  *  <p>The request was rejected because the specified entity or resource could not be

package/dist-types/commands/ScheduleKeyDeletionCommand.d.ts

@@ -38,9 +38,9 @@ declare const ScheduleKeyDeletionCommand_base: {
  *          <important>
  *             <p>Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key
  *         is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only
- *         exception is a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html">multi-Region replica key</a>, or an <a href="kms/latest/developerguide/importing-keys-managing.html#import-delete-key">asymmetric or HMAC KMS
- *           key with imported key material</a>.) To prevent the use of a KMS key without deleting
- *         it, use <a>DisableKey</a>. </p>
+ *         exception is a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html">multi-Region replica key</a>, or an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#import-delete-key">asymmetric or HMAC KMS key with
+ *           imported key material</a>.) To prevent the use of a KMS key without deleting it, use
+ *           <a>DisableKey</a>. </p>
  *          </important>
  *          <p>You can schedule the deletion of a multi-Region primary key and its replica keys at any
  *       time. However, KMS will not delete a multi-Region primary key with existing replica keys. If
@@ -49,17 +49,17 @@ declare const ScheduleKeyDeletionCommand_base: {
  *       operations. This status can continue indefinitely. When the last of its replicas keys is
  *       deleted (not just scheduled), the key state of the primary key changes to
  *         <code>PendingDeletion</code> and its waiting period (<code>PendingWindowInDays</code>)
- *       begins. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html">Deleting multi-Region keys</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
- *          <p>When KMS <a href="https://docs.aws.amazon.com/kms/latest/developerguide/delete-cmk-keystore.html">deletes
- *         a KMS key from an CloudHSM key store</a>, it makes a best effort to delete the associated
- *       key material from the associated CloudHSM cluster. However, you might need to manually <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key">delete
- *         the orphaned key material</a> from the cluster and its backups. <a href="https://docs.aws.amazon.com/kms/latest/developerguide/delete-xks-key.html">Deleting a KMS key from an
- *         external key store</a> has no effect on the associated external key. However, for both
- *       types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot
- *       decrypt ciphertext encrypted under the KMS key by using only its associated external key or
- *       CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS
- *       key with the same key material.</p>
+ *       begins. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#deleting-mrks">Deleting multi-Region keys</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>When KMS <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#delete-cmk-keystore">deletes a KMS key from an CloudHSM
+ *         key store</a>, it makes a best effort to delete the associated key material from the
+ *       associated CloudHSM cluster. However, you might need to manually <a href="https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key">delete the orphaned key
+ *         material</a> from the cluster and its backups. <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html#delete-xks-key">Deleting a KMS key from an external key
+ *         store</a> has no effect on the associated external key. However, for both types of
+ *       custom key stores, deleting a KMS key is destructive and irreversible. You cannot decrypt
+ *       ciphertext encrypted under the KMS key by using only its associated external key or CloudHSM key.
+ *       Also, you cannot recreate a KMS key in an external key store by creating a new KMS key with
+ *       the same key material.</p>
  *          <p>For more information about scheduling a KMS key for deletion, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting KMS keys</a> in the
  *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
@@ -86,7 +86,7 @@ declare const ScheduleKeyDeletionCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/SignCommand.d.ts

@@ -81,7 +81,7 @@ declare const SignCommand_base: {
  *          </p>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -144,8 +144,8 @@ declare const SignCommand_base: {
  *       messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
  *       verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
  *         <code>GENERATE_VERIFY_MAC</code>. For deriving key agreement secrets, the
- *       <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code> of a KMS key, use the
- *         <a>DescribeKey</a> operation.</p>
+ *         <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code>
+ *       of a KMS key, use the <a>DescribeKey</a> operation.</p>
  *          <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
  *         <a>DescribeKey</a> operation.</p>
  *
@@ -185,42 +185,42 @@ declare const SignCommand_base: {
  * <p>Base exception class for all service exceptions from KMS service.</p>
  *
  *
- * @example To digitally sign a message with an asymmetric KMS key.
+ * @example To digitally sign a message digest with an asymmetric KMS key.
  * ```javascript
- * // This operation uses the private key in an asymmetric elliptic curve (ECC) KMS key to generate a digital signature for a given message.
+ * // This operation uses the private key in an asymmetric RSA signing KMS key to generate a digital signature for a message digest. In this example, a large message was hashed and the resulting digest is provided in the Message parameter. To tell KMS not to hash the message again, the MessageType field is set to DIGEST
  * const input = {
- *   KeyId: "alias/ECC_signing_key",
- *   Message: "<message to be signed>",
- *   MessageType: "RAW",
- *   SigningAlgorithm: "ECDSA_SHA_384"
+ *   KeyId: "alias/RSA_signing_key",
+ *   Message: "<message digest to be signed>",
+ *   MessageType: "DIGEST",
+ *   SigningAlgorithm: "RSASSA_PKCS1_V1_5_SHA_256"
  * };
  * const command = new SignCommand(input);
  * const response = await client.send(command);
  * /* response is
  * {
- *   KeyId: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+ *   KeyId: "arn:aws:kms:us-east-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
  *   Signature: "<binary data>",
- *   SigningAlgorithm: "ECDSA_SHA_384"
+ *   SigningAlgorithm: "RSASSA_PKCS1_V1_5_SHA_256"
  * }
  * *\/
  * ```
  *
- * @example To digitally sign a message digest with an asymmetric KMS key.
+ * @example To digitally sign a message with an asymmetric KMS key.
  * ```javascript
- * // This operation uses the private key in an asymmetric RSA signing KMS key to generate a digital signature for a message digest. In this example, a large message was hashed and the resulting digest is provided in the Message parameter. To tell KMS not to hash the message again, the MessageType field is set to DIGEST
+ * // This operation uses the private key in an asymmetric elliptic curve (ECC) KMS key to generate a digital signature for a given message.
  * const input = {
- *   KeyId: "alias/RSA_signing_key",
- *   Message: "<message digest to be signed>",
- *   MessageType: "DIGEST",
- *   SigningAlgorithm: "RSASSA_PKCS1_V1_5_SHA_256"
+ *   KeyId: "alias/ECC_signing_key",
+ *   Message: "<message to be signed>",
+ *   MessageType: "RAW",
+ *   SigningAlgorithm: "ECDSA_SHA_384"
  * };
  * const command = new SignCommand(input);
  * const response = await client.send(command);
  * /* response is
  * {
- *   KeyId: "arn:aws:kms:us-east-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
+ *   KeyId: "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
  *   Signature: "<binary data>",
- *   SigningAlgorithm: "RSASSA_PKCS1_V1_5_SHA_256"
+ *   SigningAlgorithm: "ECDSA_SHA_384"
  * }
  * *\/
  * ```

package/dist-types/commands/TagResourceCommand.d.ts

@@ -36,8 +36,8 @@ declare const TagResourceCommand_base: {
  *       value. To edit a tag, specify an existing tag key and a new tag value.</p>
  *          <p>You can use this operation to tag a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed key</a>, but you cannot
  *       tag an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services
- *         managed key</a>, an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned key</a>, a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#keystore-concept">custom key
- *         store</a>, or an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept">alias</a>.</p>
+ *         managed key</a>, an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned key</a>, a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a>,
+ *       or an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">alias</a>.</p>
  *          <p>You can also add tags to a KMS key while creating it (<a>CreateKey</a>) or
  *       replicating it (<a>ReplicateKey</a>).</p>
  *          <p>For information about using tags in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging keys</a>. For general information about
@@ -76,7 +76,7 @@ declare const TagResourceCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -133,8 +133,9 @@ declare const TagResourceCommand_base: {
  *          </ul>
  *
  * @throws {@link LimitExceededException} (client fault)
- *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *  <p>The request was rejected because a length constraint or quota was exceeded. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *
  * @throws {@link NotFoundException} (client fault)
  *  <p>The request was rejected because the specified entity or resource could not be

package/dist-types/commands/UntagResourceCommand.d.ts

@@ -71,7 +71,7 @@ declare const UntagResourceCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/UpdateAliasCommand.d.ts

@@ -92,7 +92,7 @@ declare const UpdateAliasCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -144,8 +144,9 @@ declare const UpdateAliasCommand_base: {
  *          </ul>
  *
  * @throws {@link LimitExceededException} (client fault)
- *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *  <p>The request was rejected because a length constraint or quota was exceeded. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *
  * @throws {@link NotFoundException} (client fault)
  *  <p>The request was rejected because the specified entity or resource could not be

package/dist-types/commands/UpdateCustomKeyStoreCommand.d.ts

@@ -32,7 +32,7 @@ declare const UpdateCustomKeyStoreCommand_base: {
  *          <p>Use the required <code>CustomKeyStoreId</code> parameter to identify the custom key store.
  *       Use the remaining optional parameters to change its properties. This operation does not return
  *       any property values. To verify the updated property values, use the <a>DescribeCustomKeyStores</a> operation.</p>
- *          <p> This operation is part of the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key stores</a> feature in KMS, which
+ *          <p> This operation is part of the custom key stores feature in KMS, which
  * combines the convenience and extensive integration of KMS with the isolation and control of a
  * key store that you own and manage.</p>
  *          <important>
@@ -122,7 +122,7 @@ declare const UpdateCustomKeyStoreCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -343,12 +343,14 @@ declare const UpdateCustomKeyStoreCommand_base: {
  * *\/
  * ```
  *
- * @example To associate the custom key store with a different, but related, AWS CloudHSM cluster.
+ * @example To update the proxy connectivity of an external key store to VPC_ENDPOINT_SERVICE
  * ```javascript
- * // This example changes the AWS CloudHSM cluster that is associated with an AWS CloudHSM key store to a related cluster, such as a different backup of the same cluster. This operation does not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.
+ * // To change the external key store proxy connectivity option from public endpoint connectivity to VPC endpoint service connectivity, in addition to changing the <code>XksProxyConnectivity</code> value, you must change the <code>XksProxyUriEndpoint</code> value to reflect the private DNS name associated with the VPC endpoint service. You must also add an <code>XksProxyVpcEndpointServiceName</code> value.
  * const input = {
- *   CloudHsmClusterId: "cluster-234abcdefABC",
- *   CustomKeyStoreId: "cks-1234567890abcdef0"
+ *   CustomKeyStoreId: "cks-1234567890abcdef0",
+ *   XksProxyConnectivity: "VPC_ENDPOINT_SERVICE",
+ *   XksProxyUriEndpoint: "https://myproxy-private.xks.example.com",
+ *   XksProxyVpcEndpointServiceName: "com.amazonaws.vpce.us-east-1.vpce-svc-example"
  * };
  * const command = new UpdateCustomKeyStoreCommand(input);
  * const response = await client.send(command);
@@ -371,14 +373,12 @@ declare const UpdateCustomKeyStoreCommand_base: {
  * *\/
  * ```
  *
- * @example To update the proxy connectivity of an external key store to VPC_ENDPOINT_SERVICE
+ * @example To associate the custom key store with a different, but related, AWS CloudHSM cluster.
  * ```javascript
- * // To change the external key store proxy connectivity option from public endpoint connectivity to VPC endpoint service connectivity, in addition to changing the <code>XksProxyConnectivity</code> value, you must change the <code>XksProxyUriEndpoint</code> value to reflect the private DNS name associated with the VPC endpoint service. You must also add an <code>XksProxyVpcEndpointServiceName</code> value.
+ * // This example changes the AWS CloudHSM cluster that is associated with an AWS CloudHSM key store to a related cluster, such as a different backup of the same cluster. This operation does not return any data. To verify that the operation worked, use the DescribeCustomKeyStores operation.
  * const input = {
- *   CustomKeyStoreId: "cks-1234567890abcdef0",
- *   XksProxyConnectivity: "VPC_ENDPOINT_SERVICE",
- *   XksProxyUriEndpoint: "https://myproxy-private.xks.example.com",
- *   XksProxyVpcEndpointServiceName: "com.amazonaws.vpce.us-east-1.vpce-svc-example"
+ *   CloudHsmClusterId: "cluster-234abcdefABC",
+ *   CustomKeyStoreId: "cks-1234567890abcdef0"
  * };
  * const command = new UpdateCustomKeyStoreCommand(input);
  * const response = await client.send(command);

package/dist-types/commands/UpdateKeyDescriptionCommand.d.ts

@@ -51,7 +51,7 @@ declare const UpdateKeyDescriptionCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/UpdatePrimaryRegionCommand.d.ts

@@ -33,7 +33,7 @@ declare const UpdatePrimaryRegionCommand_base: {
  *       in <code>us-east-1</code> and a replica key in <code>eu-west-2</code>. If you run
  *         <code>UpdatePrimaryRegion</code> with a <code>PrimaryRegion</code> value of
  *         <code>eu-west-2</code>, the primary key is now the key in <code>eu-west-2</code>, and the
- *       key in <code>us-east-1</code> becomes a replica key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-update">Updating the primary Region</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *       key in <code>us-east-1</code> becomes a replica key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-update.html">Change the primary key in a set of multi-Region keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>This operation supports <i>multi-Region keys</i>, an KMS feature that lets you create multiple
  *       interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key
  *       material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
@@ -94,7 +94,7 @@ declare const UpdatePrimaryRegionCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/VerifyCommand.d.ts

@@ -50,7 +50,7 @@ declare const VerifyCommand_base: {
  *       the KMS key to verify signatures.</p>
  *          <p>To verify a signature outside of KMS with an SM2 public key (China Regions only), you
  *       must specify the distinguishing ID. By default, KMS uses <code>1234567812345678</code> as
- *       the distinguishing ID. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification">Offline
+ *       the distinguishing ID. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/offline-operations.html#key-spec-sm-offline-verification">Offline
  *         verification with SM2 key pairs</a>.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
@@ -64,7 +64,7 @@ declare const VerifyCommand_base: {
  *          </p>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -128,8 +128,8 @@ declare const VerifyCommand_base: {
  *       messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
  *       verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
  *         <code>GENERATE_VERIFY_MAC</code>. For deriving key agreement secrets, the
- *       <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code> of a KMS key, use the
- *         <a>DescribeKey</a> operation.</p>
+ *         <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code>
+ *       of a KMS key, use the <a>DescribeKey</a> operation.</p>
  *          <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
  *         <a>DescribeKey</a> operation.</p>
  *

package/dist-types/commands/VerifyMacCommand.d.ts

@@ -50,7 +50,7 @@ declare const VerifyMacCommand_base: {
  *          </p>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -109,8 +109,8 @@ declare const VerifyMacCommand_base: {
  *       messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
  *       verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
  *         <code>GENERATE_VERIFY_MAC</code>. For deriving key agreement secrets, the
- *       <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code> of a KMS key, use the
- *         <a>DescribeKey</a> operation.</p>
+ *         <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code>
+ *       of a KMS key, use the <a>DescribeKey</a> operation.</p>
  *          <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
  *         <a>DescribeKey</a> operation.</p>
  *