@aws-sdk/client-kms 3.823.0 → 3.826.0

package/dist-types/commands/ImportKeyMaterialCommand.d.ts

@@ -28,41 +28,36 @@ declare const ImportKeyMaterialCommand_base: {
 };
 /**
  * <p>Imports or reimports key material into an existing KMS key that was created without key
- *       material. <code>ImportKeyMaterial</code> also sets the expiration model and expiration date of
+ *       material. You can also use this operation to set or update the expiration model and expiration date of
  *       the imported key material.</p>
- *          <p>By default, KMS keys are created with key material that KMS generates. This operation
- *       supports <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing key
- *         material</a>, an advanced feature that lets you generate and import the cryptographic
- *       key material for a KMS key. For more information about importing key material into KMS, see
- *         <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing key
- *         material</a> in the <i>Key Management Service Developer Guide</i>.</p>
- *          <p>After you successfully import key material into a KMS key, you can <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material">reimport
- *         the same key material</a> into that KMS key, but you cannot import different key
- *       material. You might reimport key material to replace key material that expired or key material
+ *          <p>By default, KMS creates KMS keys with key material that it generates. You can also generate and
+ *       import your own key material. For more information about importing key material, see
+ *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing key
+ *         material</a>.</p>
+ *          <p>For asymmetric, HMAC and multi-Region keys, you cannot change the key material after the initial import.
+ *       You can import multiple key materials into single-Region, symmetric encryption keys and rotate the key material
+ *       on demand using <code>RotateKeyOnDemand</code>.</p>
+ *          <p>After you import key material, you can <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-import-key-material.html#reimport-key-material">reimport
+ *       the same key material</a> into that KMS key or, if the key supports on-demand rotation,
+ *       import new key material. You can use the <code>ImportType</code> parameter to indicate
+ *       whether you are importing new key material or re-importing previously imported key material.
+ *       You might reimport key material to replace key material that expired or key material
  *       that you deleted. You might also reimport key material to change the expiration model or
- *       expiration date of the key material. </p>
+ *       expiration date of the key material.</p>
  *          <p>Each time you import key material into KMS, you can determine whether
  *         (<code>ExpirationModel</code>) and when (<code>ValidTo</code>) the key material expires. To
  *       change the expiration of your key material, you must import it again, either by calling
- *         <code>ImportKeyMaterial</code> or using the <a href="kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-import-key-material-console">import features</a> of the KMS console.</p>
- *          <p>Before calling <code>ImportKeyMaterial</code>:</p>
+ *         <code>ImportKeyMaterial</code> or using the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-import-key-material-console">import features</a> of the KMS console.</p>
+ *          <p>Before you call <code>ImportKeyMaterial</code>, complete these steps:</p>
  *          <ul>
  *             <li>
- *                <p>Create or identify a KMS key with no key material. The KMS key must have an
- *             <code>Origin</code> value of <code>EXTERNAL</code>, which indicates that the KMS key is
+ *                <p>Create or identify a KMS key with <code>EXTERNAL</code> origin, which indicates that the KMS key is
  *           designed for imported key material. </p>
- *                <p>To create an new KMS key for imported key material, call the <a>CreateKey</a> operation with an <code>Origin</code> value of <code>EXTERNAL</code>. You can create a
- *           symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric
- *           signing KMS key. You can also import key material into a <a href="kms/latest/developerguide/multi-region-keys-overview.html">multi-Region key</a> of any
- *           supported type. However, you can't import key material into a KMS key in a <a href="kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>.</p>
- *             </li>
- *             <li>
- *                <p>Use the <a>DescribeKey</a> operation to verify that the
- *             <code>KeyState</code> of the KMS key is <code>PendingImport</code>, which indicates that
- *           the KMS key has no key material. </p>
- *                <p>If you are reimporting the same key material into an existing KMS key, you might need
- *           to call the <a>DeleteImportedKeyMaterial</a> to delete its existing key
- *           material.</p>
+ *                <p>To create a new KMS key for imported key material, call the <a>CreateKey</a> operation with an <code>Origin</code> value of <code>EXTERNAL</code>. You can create a
+ *           symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, asymmetric key agreement key,
+ *           or asymmetric signing KMS key. You can also import key material into a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">multi-Region key</a> of any
+ *           supported type. However, you can't import key material into a KMS key in a
+ *           <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a>.</p>
  *             </li>
  *             <li>
  *                <p>Call the <a>GetParametersForImport</a> operation to get a public key and
@@ -80,9 +75,9 @@ declare const ImportKeyMaterialCommand_base: {
  *             <li>
  *                <p>The key ID or key ARN of the KMS key to associate with the imported key material. Its
  *             <code>Origin</code> must be <code>EXTERNAL</code> and its <code>KeyState</code> must be
- *             <code>PendingImport</code>. You cannot perform this operation on a KMS key in a <a href="kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>, or on a KMS
- *           key in a different Amazon Web Services account. To get the <code>Origin</code> and <code>KeyState</code>
- *           of a KMS key, call <a>DescribeKey</a>.</p>
+ *             <code>PendingImport</code>. You cannot perform this operation on a KMS key in a
+ *           <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a>, or on a KMS key in a different Amazon Web Services account. To get the
+ *             <code>Origin</code> and <code>KeyState</code> of a KMS key, call <a>DescribeKey</a>.</p>
  *             </li>
  *             <li>
  *                <p>The encrypted key material. </p>
@@ -93,7 +88,7 @@ declare const ImportKeyMaterialCommand_base: {
  *             </li>
  *             <li>
  *                <p>Whether the key material expires (<code>ExpirationModel</code>) and, if so, when
- *             (<code>ValidTo</code>). For help with this choice, see <a href="https://docs.aws.amazon.com/en_us/kms/latest/developerguide/importing-keys.html#importing-keys-expiration">Setting an expiration time</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *             (<code>ValidTo</code>). For help with this choice, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-expiration">Setting an expiration time</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *                <p>If you set an expiration date, KMS deletes the key material from the KMS key on the
  *           specified date, making the KMS key unusable. To use the KMS key in cryptographic
  *           operations again, you must reimport the same key material. However, you can delete and
@@ -103,11 +98,14 @@ declare const ImportKeyMaterialCommand_base: {
  *          </ul>
  *          <p>When this operation is successful, the key state of the KMS key changes from
  *         <code>PendingImport</code> to <code>Enabled</code>, and you can use the KMS key in
- *       cryptographic operations.</p>
+ *       cryptographic operations. For single-Region, symmetric encryption keys, you will need to
+ *       import all of the key materials associated with the KMS key to change its state to <code>Enabled</code>.
+ *       Use the <code>ListKeyRotations</code> operation to list the ID and import state of each key material
+ *       associated with a KMS key.</p>
  *          <p>If this operation fails, use the exception to help determine the problem. If the error is
  *       related to the key material, the import token, or wrapping key, use <a>GetParametersForImport</a> to get a new public key and import token for the KMS key
- *       and repeat the import procedure. For help, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#importing-keys-overview">How To Import Key
- *         Material</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *       and repeat the import procedure. For help, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-conceptual.html">Create a KMS key with imported key
+ *         material</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
  * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
@@ -128,10 +126,20 @@ declare const ImportKeyMaterialCommand_base: {
  *                   <a>GetParametersForImport</a>
  *                </p>
  *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListKeyRotations</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>RotateKeyOnDemand</a>
+ *                </p>
+ *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -144,10 +152,16 @@ declare const ImportKeyMaterialCommand_base: {
  *   EncryptedKeyMaterial: new Uint8Array(), // e.g. Buffer.from("") or new TextEncoder().encode("")   // required
  *   ValidTo: new Date("TIMESTAMP"),
  *   ExpirationModel: "KEY_MATERIAL_EXPIRES" || "KEY_MATERIAL_DOES_NOT_EXPIRE",
+ *   ImportType: "NEW_KEY_MATERIAL" || "EXISTING_KEY_MATERIAL",
+ *   KeyMaterialDescription: "STRING_VALUE",
+ *   KeyMaterialId: "STRING_VALUE",
  * };
  * const command = new ImportKeyMaterialCommand(input);
  * const response = await client.send(command);
- * // {};
+ * // { // ImportKeyMaterialResponse
+ * //   KeyId: "STRING_VALUE",
+ * //   KeyMaterialId: "STRING_VALUE",
+ * // };
  *
  * ```
  *
@@ -167,7 +181,9 @@ declare const ImportKeyMaterialCommand_base: {
  *
  * @throws {@link IncorrectKeyMaterialException} (client fault)
  *  <p>The request was rejected because the key material in the request is, expired, invalid, or
- *       is not the same key material that was previously imported into this KMS key.</p>
+ *       does not meet expectations. For example, it is not the same key material that was previously imported or
+ *       KMS expected new key material but the key material being imported is already associated with
+ *       the KMS key.</p>
  *
  * @throws {@link InvalidArnException} (client fault)
  *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not
@@ -244,7 +260,7 @@ export declare class ImportKeyMaterialCommand extends ImportKeyMaterialCommand_b
     protected static __types: {
         api: {
             input: ImportKeyMaterialRequest;
-            output: {};
+            output: ImportKeyMaterialResponse;
         };
         sdk: {
             input: ImportKeyMaterialCommandInput;

package/dist-types/commands/ListAliasesCommand.d.ts

@@ -39,15 +39,14 @@ declare const ListAliasesCommand_base: {
  *          <p>The response might also include aliases that have no <code>TargetKeyId</code> field. These
  *       are predefined aliases that Amazon Web Services has created but has not yet associated with a KMS key.
  *       Aliases that Amazon Web Services creates in your account, including predefined aliases, do not count against
- *       your <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit">KMS aliases
- *         quota</a>.</p>
+ *       your <a href="https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html#aliases-per-key">KMS
+ *         aliases quota</a>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. <code>ListAliases</code> does not
  *       return aliases in other Amazon Web Services accounts.</p>
  *          <p>
  *             <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:ListAliases</a> (IAM policy)</p>
- *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *          <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/alias-access.html">Controlling access to aliases</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>
@@ -70,7 +69,7 @@ declare const ListAliasesCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListGrantsCommand.d.ts

@@ -33,8 +33,8 @@ declare const ListGrantsCommand_base: {
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Grants in KMS</a> in the
  *         <i>
  *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
+ *             </i>. For examples of creating grants in several
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/example_kms_CreateGrant_section.html">Use CreateGrant with an Amazon Web Services SDK or CLI</a>. </p>
  *          <note>
  *             <p>The <code>GranteePrincipal</code> field in the <code>ListGrants</code> response usually contains the
  *         user or role designated as the grantee principal in the grant. However, when the grantee
@@ -74,7 +74,7 @@ declare const ListGrantsCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListKeyPoliciesCommand.d.ts

@@ -51,7 +51,7 @@ declare const ListKeyPoliciesCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListKeyRotationsCommand.d.ts

@@ -27,11 +27,12 @@ declare const ListKeyRotationsCommand_base: {
     getEndpointParameterInstructions(): import("@smithy/middleware-endpoint").EndpointParameterInstructions;
 };
 /**
- * <p>Returns information about all completed key material rotations for the specified KMS
- *       key.</p>
+ * <p>Returns information about the key materials associated with the specified KMS
+ *       key. You can use the optional <code>IncludeKeyMaterial</code> parameter to control which key materials
+ *       are included in the response.</p>
  *          <p>You must specify the KMS key in all requests. You can refine the key rotations list by
  *       limiting the number of rotations returned.</p>
- *          <p>For detailed information about automatic and on-demand key rotations, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">Rotating KMS keys</a> in the
+ *          <p>For detailed information about automatic and on-demand key rotations, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">Rotate KMS keys</a> in the
  *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
@@ -48,6 +49,11 @@ declare const ListKeyRotationsCommand_base: {
  *             </li>
  *             <li>
  *                <p>
+ *                   <a>DeleteImportedKeyMaterial</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
  *                   <a>DisableKeyRotation</a>
  *                </p>
  *             </li>
@@ -58,13 +64,18 @@ declare const ListKeyRotationsCommand_base: {
  *             </li>
  *             <li>
  *                <p>
+ *                   <a>ImportKeyMaterial</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
  *                   <a>RotateKeyOnDemand</a>
  *                </p>
  *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -73,6 +84,7 @@ declare const ListKeyRotationsCommand_base: {
  * const client = new KMSClient(config);
  * const input = { // ListKeyRotationsRequest
  *   KeyId: "STRING_VALUE", // required
+ *   IncludeKeyMaterial: "ALL_KEY_MATERIAL" || "ROTATIONS_ONLY",
  *   Limit: Number("int"),
  *   Marker: "STRING_VALUE",
  * };
@@ -82,6 +94,12 @@ declare const ListKeyRotationsCommand_base: {
  * //   Rotations: [ // RotationsList
  * //     { // RotationsListEntry
  * //       KeyId: "STRING_VALUE",
+ * //       KeyMaterialId: "STRING_VALUE",
+ * //       KeyMaterialDescription: "STRING_VALUE",
+ * //       ImportState: "IMPORTED" || "PENDING_IMPORT",
+ * //       KeyMaterialState: "NON_CURRENT" || "CURRENT" || "PENDING_ROTATION",
+ * //       ExpirationModel: "KEY_MATERIAL_EXPIRES" || "KEY_MATERIAL_DOES_NOT_EXPIRE",
+ * //       ValidTo: new Date("TIMESTAMP"),
  * //       RotationDate: new Date("TIMESTAMP"),
  * //       RotationType: "AUTOMATIC" || "ON_DEMAND",
  * //     },

package/dist-types/commands/ListKeysCommand.d.ts

@@ -59,7 +59,7 @@ declare const ListKeysCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListResourceTagsCommand.d.ts

@@ -30,8 +30,8 @@ declare const ListResourceTagsCommand_base: {
  * <p>Returns all tags on the specified KMS key.</p>
  *          <p>For general information about tags, including the format and syntax, see <a href="https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html">Tagging Amazon Web Services resources</a> in
  *       the <i>Amazon Web Services General Reference</i>. For information about using
- *       tags in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tagging
- *         keys</a>.</p>
+ *       tags in KMS, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">Tags in
+ *         KMS</a>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *          <p>
@@ -63,7 +63,7 @@ declare const ListResourceTagsCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/ListRetirableGrantsCommand.d.ts

@@ -35,8 +35,8 @@ declare const ListRetirableGrantsCommand_base: {
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Grants in KMS</a> in the
  *         <i>
  *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
+ *             </i>. For examples of creating grants in several
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/example_kms_CreateGrant_section.html">Use CreateGrant with an Amazon Web Services SDK or CLI</a>. </p>
  *          <p>
  *             <b>Cross-account use</b>: You must specify a principal in your
  *       Amazon Web Services account. This operation returns a list of grants where the retiring principal specified
@@ -81,7 +81,7 @@ declare const ListRetirableGrantsCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/PutKeyPolicyCommand.d.ts

@@ -32,7 +32,8 @@ declare const PutKeyPolicyCommand_base: {
  *       For help writing and formatting a JSON policy document, see the <a href="https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html">IAM JSON Policy Reference</a> in the <i>
  *                <i>Identity and Access Management User Guide</i>
  *             </i>. For examples of adding a key policy in multiple programming languages,
- *       see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy">Setting a key policy</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *       see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/example_kms_PutKeyPolicy_section.html">Use
+ *         PutKeyPolicy with an Amazon Web Services SDK or CLI</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
  *          <p>
@@ -42,7 +43,7 @@ declare const PutKeyPolicyCommand_base: {
  *          </p>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -100,8 +101,9 @@ declare const PutKeyPolicyCommand_base: {
  *          </ul>
  *
  * @throws {@link LimitExceededException} (client fault)
- *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *  <p>The request was rejected because a length constraint or quota was exceeded. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *
  * @throws {@link MalformedPolicyDocumentException} (client fault)
  *  <p>The request was rejected because the specified policy is not syntactically or semantically

package/dist-types/commands/ReEncryptCommand.d.ts

@@ -28,18 +28,15 @@ declare const ReEncryptCommand_base: {
 };
 /**
  * <p>Decrypts ciphertext and then reencrypts it entirely within KMS. You can use this
- *       operation to change the KMS key under which data is encrypted, such as when you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually">manually
- *         rotate</a> a KMS key or change the KMS key that protects a ciphertext. You can also use
- *       it to reencrypt ciphertext under the same KMS key, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context">encryption
- *         context</a> of a ciphertext.</p>
+ *       operation to change the KMS key under which data is encrypted, such as when you <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys-manually.html">manually rotate</a> a
+ *       KMS key or change the KMS key that protects a ciphertext. You can also use it to reencrypt
+ *       ciphertext under the same KMS key, such as to change the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html">encryption context</a> of a ciphertext.</p>
  *          <p>The <code>ReEncrypt</code> operation can decrypt ciphertext that was encrypted by using a
  *       KMS key in an KMS operation, such as <a>Encrypt</a> or <a>GenerateDataKey</a>. It can also decrypt ciphertext that was encrypted by using the
- *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks">asymmetric KMS key</a>
- *       outside of KMS. However, it cannot decrypt ciphertext produced by other libraries, such as
- *       the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services Encryption SDK</a> or
- *         <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3
- *         client-side encryption</a>. These libraries return a ciphertext format that is
- *       incompatible with KMS.</p>
+ *       public key of an <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS key</a> outside of KMS. However, it cannot decrypt ciphertext produced
+ *       by other libraries, such as the <a href="https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/">Amazon Web Services
+ *         Encryption SDK</a> or <a href="https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html">Amazon S3 client-side encryption</a>.
+ *       These libraries return a ciphertext format that is incompatible with KMS.</p>
  *          <p>When you use the <code>ReEncrypt</code> operation, you need to provide information for the
  *       decrypt operation and the subsequent encrypt operation.</p>
  *          <ul>
@@ -124,7 +121,7 @@ declare const ReEncryptCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -156,6 +153,8 @@ declare const ReEncryptCommand_base: {
  * //   KeyId: "STRING_VALUE",
  * //   SourceEncryptionAlgorithm: "SYMMETRIC_DEFAULT" || "RSAES_OAEP_SHA_1" || "RSAES_OAEP_SHA_256" || "SM2PKE",
  * //   DestinationEncryptionAlgorithm: "SYMMETRIC_DEFAULT" || "RSAES_OAEP_SHA_1" || "RSAES_OAEP_SHA_256" || "SM2PKE",
+ * //   SourceKeyMaterialId: "STRING_VALUE",
+ * //   DestinationKeyMaterialId: "STRING_VALUE",
  * // };
  *
  * ```
@@ -210,8 +209,8 @@ declare const ReEncryptCommand_base: {
  *       messages, the <code>KeyUsage</code> must be <code>SIGN_VERIFY</code>. For generating and
  *       verifying message authentication codes (MACs), the <code>KeyUsage</code> must be
  *         <code>GENERATE_VERIFY_MAC</code>. For deriving key agreement secrets, the
- *       <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code> of a KMS key, use the
- *         <a>DescribeKey</a> operation.</p>
+ *         <code>KeyUsage</code> must be <code>KEY_AGREEMENT</code>. To find the <code>KeyUsage</code>
+ *       of a KMS key, use the <a>DescribeKey</a> operation.</p>
  *          <p>To find the encryption or signing algorithms supported for a particular KMS key, use the
  *         <a>DescribeKey</a> operation.</p>
  *

package/dist-types/commands/ReplicateKeyCommand.d.ts

@@ -39,14 +39,10 @@ declare const ReplicateKeyCommand_base: {
  *          <p>A <i>replica key</i> is a fully-functional KMS key that can be used
  *       independently of its primary and peer replica keys. A primary key and its replica keys share
  *       properties that make them interoperable. They have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id">key ID</a> and key material. They also
- *       have the same <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec">key
- *         spec</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage">key
- *         usage</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin">key
- *         material origin</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic key rotation status</a>. KMS automatically synchronizes these shared
- *       properties among related multi-Region keys. All other properties of a replica key can differ,
- *       including its <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key
- *         policy</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">tags</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">aliases</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a>. KMS pricing and quotas for KMS keys apply to each
- *       primary key and replica key.</p>
+ *       have the same key spec, key usage, key material origin, and automatic key rotation status.
+ *       KMS automatically synchronizes these shared properties among related multi-Region keys. All
+ *       other properties of a replica key can differ, including its <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html">key policy</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html">tags</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html">aliases</a>, and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">key state</a>. KMS pricing and quotas for KMS keys
+ *       apply to each primary key and replica key.</p>
  *          <p>When this operation completes, the new replica key has a transient key state of
  *         <code>Creating</code>. This key state changes to <code>Enabled</code> (or
  *         <code>PendingImport</code>) after a few seconds when the process of creating the new replica
@@ -66,8 +62,7 @@ declare const ReplicateKeyCommand_base: {
  *         <code>ReplicateKey</code> operation in the primary key's Region and a <a>CreateKey</a> operation in the replica key's Region.</p>
  *          <p>If you replicate a multi-Region primary key with imported key material, the replica key is
  *       created with no key material. You must import the same key material that you imported into the
- *       primary key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html">Importing key material into multi-Region
- *         keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *       primary key.</p>
  *          <p>To convert a replica key to a primary key, use the <a>UpdatePrimaryRegion</a>
  *       operation.</p>
  *          <note>
@@ -113,7 +108,7 @@ declare const ReplicateKeyCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript
@@ -184,6 +179,7 @@ declare const ReplicateKeyCommand_base: {
  * //     XksKeyConfiguration: { // XksKeyConfigurationType
  * //       Id: "STRING_VALUE",
  * //     },
+ * //     CurrentKeyMaterialId: "STRING_VALUE",
  * //   },
  * //   ReplicaPolicy: "STRING_VALUE",
  * //   ReplicaTags: [ // TagList
@@ -238,8 +234,9 @@ declare const ReplicateKeyCommand_base: {
  *          </ul>
  *
  * @throws {@link LimitExceededException} (client fault)
- *  <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
- *       <i>Key Management Service Developer Guide</i>.</p>
+ *  <p>The request was rejected because a length constraint or quota was exceeded. For more
+ *       information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in
+ *       the <i>Key Management Service Developer Guide</i>.</p>
  *
  * @throws {@link MalformedPolicyDocumentException} (client fault)
  *  <p>The request was rejected because the specified policy is not syntactically or semantically

package/dist-types/commands/RetireGrantCommand.d.ts

@@ -34,20 +34,19 @@ declare const RetireGrantCommand_base: {
  *          <p>This operation can be called by the <i>retiring principal</i> for a grant,
  *       by the <i>grantee principal</i> if the grant allows the <code>RetireGrant</code>
  *       operation, and by the Amazon Web Services account in which the grant is created. It can also be called by
- *       principals to whom permission for retiring a grant is delegated. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and revoking
- *         grants</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *       principals to whom permission for retiring a grant is delegated.</p>
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Grants in KMS</a> in the
  *         <i>
  *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
+ *             </i>. For examples of creating grants in several
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/example_kms_CreateGrant_section.html">Use CreateGrant with an Amazon Web Services SDK or CLI</a>. </p>
  *          <p>
  *             <b>Cross-account use</b>: Yes. You can retire a grant on a KMS
  *       key in a different Amazon Web Services account.</p>
  *          <p>
  *             <b>Required permissions</b>: Permission to retire a grant is
- *       determined primarily by the grant. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and revoking grants</a> in
- *       the <i>Key Management Service Developer Guide</i>.</p>
+ *       determined primarily by the grant. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-delete.html">Retiring and revoking grants</a> in the
+ *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Related operations:</b>
  *          </p>
@@ -75,7 +74,7 @@ declare const RetireGrantCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript

package/dist-types/commands/RevokeGrantCommand.d.ts

@@ -28,8 +28,8 @@ declare const RevokeGrantCommand_base: {
 };
 /**
  * <p>Deletes the specified grant. You revoke a grant to terminate the permissions that the
- *       grant allows. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete">Retiring and revoking grants</a> in
- *       the <i>
+ *       grant allows. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grant-delete.html">Retiring and revoking grants</a> in the
+ *         <i>
  *                <i>Key Management Service Developer Guide</i>
  *             </i>.</p>
  *          <p>When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as <i>eventual consistency</i>. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency">Eventual consistency</a> in
@@ -39,8 +39,8 @@ declare const RevokeGrantCommand_base: {
  *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Grants in KMS</a> in the
  *         <i>
  *                <i>Key Management Service Developer Guide</i>
- *             </i>. For examples of working with grants in several
- *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html">Programming grants</a>. </p>
+ *             </i>. For examples of creating grants in several
+ *       programming languages, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/example_kms_CreateGrant_section.html">Use CreateGrant with an Amazon Web Services SDK or CLI</a>. </p>
  *          <p>
  *             <b>Cross-account use</b>: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key
  *   ARN in the value of the <code>KeyId</code> parameter.</p>
@@ -73,7 +73,7 @@ declare const RevokeGrantCommand_base: {
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
- *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/programming-eventual-consistency.html">KMS eventual consistency</a>.</p>
+ *   For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/accessing-kms.html#programming-eventual-consistency">KMS eventual consistency</a>.</p>
  * @example
  * Use a bare-bones client and the command you need to make an API call.
  * ```javascript