aws-sdk 2.1389.0 → 2.1391.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +17 -1
- package/README.md +1 -1
- package/apis/athena-2017-05-18.min.json +55 -39
- package/apis/cloudformation-2010-05-15.min.json +164 -127
- package/apis/cloudtrail-2013-11-01.min.json +34 -1
- package/apis/ec2-2016-11-15.min.json +6 -0
- package/apis/finspace-2021-03-12.min.json +1401 -17
- package/apis/finspace-2021-03-12.paginators.json +21 -0
- package/apis/keyspaces-2022-02-10.min.json +60 -34
- package/apis/kms-2014-11-01.examples.json +117 -9
- package/apis/sagemaker-2017-07-24.min.json +118 -81
- package/apis/wafv2-2019-07-29.min.json +86 -25
- package/clients/athena.d.ts +19 -3
- package/clients/cloudformation.d.ts +124 -61
- package/clients/cloudtrail.d.ts +90 -54
- package/clients/ec2.d.ts +2 -2
- package/clients/finspace.d.ts +1904 -127
- package/clients/frauddetector.d.ts +5 -5
- package/clients/keyspaces.d.ts +34 -1
- package/clients/kms.d.ts +20 -20
- package/clients/lambda.d.ts +10 -10
- package/clients/mwaa.d.ts +5 -5
- package/clients/sagemaker.d.ts +40 -1
- package/clients/wafv2.d.ts +95 -8
- package/dist/aws-sdk-core-react-native.js +1 -1
- package/dist/aws-sdk-react-native.js +10 -10
- package/dist/aws-sdk.js +262 -170
- package/dist/aws-sdk.min.js +99 -99
- package/lib/core.js +1 -1
- package/package.json +1 -1
|
@@ -148,11 +148,11 @@ declare class FraudDetector extends Service {
|
|
|
148
148
|
*/
|
|
149
149
|
deleteEntityType(callback?: (err: AWSError, data: FraudDetector.Types.DeleteEntityTypeResult) => void): Request<FraudDetector.Types.DeleteEntityTypeResult, AWSError>;
|
|
150
150
|
/**
|
|
151
|
-
* Deletes the specified event. When you delete an event, Amazon Fraud Detector permanently deletes that event and the event data is no longer stored in Amazon Fraud Detector.
|
|
151
|
+
* Deletes the specified event. When you delete an event, Amazon Fraud Detector permanently deletes that event and the event data is no longer stored in Amazon Fraud Detector. If deleteAuditHistory is True, event data is available through search for up to 30 seconds after the delete operation is completed.
|
|
152
152
|
*/
|
|
153
153
|
deleteEvent(params: FraudDetector.Types.DeleteEventRequest, callback?: (err: AWSError, data: FraudDetector.Types.DeleteEventResult) => void): Request<FraudDetector.Types.DeleteEventResult, AWSError>;
|
|
154
154
|
/**
|
|
155
|
-
* Deletes the specified event. When you delete an event, Amazon Fraud Detector permanently deletes that event and the event data is no longer stored in Amazon Fraud Detector.
|
|
155
|
+
* Deletes the specified event. When you delete an event, Amazon Fraud Detector permanently deletes that event and the event data is no longer stored in Amazon Fraud Detector. If deleteAuditHistory is True, event data is available through search for up to 30 seconds after the delete operation is completed.
|
|
156
156
|
*/
|
|
157
157
|
deleteEvent(callback?: (err: AWSError, data: FraudDetector.Types.DeleteEventResult) => void): Request<FraudDetector.Types.DeleteEventResult, AWSError>;
|
|
158
158
|
/**
|
|
@@ -1129,7 +1129,7 @@ declare namespace FraudDetector {
|
|
|
1129
1129
|
*/
|
|
1130
1130
|
name: string;
|
|
1131
1131
|
/**
|
|
1132
|
-
* The data type.
|
|
1132
|
+
* The data type of the variable.
|
|
1133
1133
|
*/
|
|
1134
1134
|
dataType: DataType;
|
|
1135
1135
|
/**
|
|
@@ -1157,7 +1157,7 @@ declare namespace FraudDetector {
|
|
|
1157
1157
|
}
|
|
1158
1158
|
export type CsvIndexToVariableMap = {[key: string]: string};
|
|
1159
1159
|
export type DataSource = "EVENT"|"MODEL_SCORE"|"EXTERNAL_MODEL_SCORE"|string;
|
|
1160
|
-
export type DataType = "STRING"|"INTEGER"|"FLOAT"|"BOOLEAN"|string;
|
|
1160
|
+
export type DataType = "STRING"|"INTEGER"|"FLOAT"|"BOOLEAN"|"DATETIME"|string;
|
|
1161
1161
|
export interface DataValidationMetrics {
|
|
1162
1162
|
/**
|
|
1163
1163
|
* The file-specific model training data validation messages.
|
|
@@ -1223,7 +1223,7 @@ declare namespace FraudDetector {
|
|
|
1223
1223
|
*/
|
|
1224
1224
|
eventTypeName: identifier;
|
|
1225
1225
|
/**
|
|
1226
|
-
* Specifies whether or not to delete any predictions associated with the event.
|
|
1226
|
+
* Specifies whether or not to delete any predictions associated with the event. If set to True,
|
|
1227
1227
|
*/
|
|
1228
1228
|
deleteAuditHistory?: DeleteAuditHistory;
|
|
1229
1229
|
}
|
package/clients/keyspaces.d.ts
CHANGED
|
@@ -195,6 +195,10 @@ declare namespace Keyspaces {
|
|
|
195
195
|
* A list of key-value pair tags to be attached to the keyspace. For more information, see Adding tags and labels to Amazon Keyspaces resources in the Amazon Keyspaces Developer Guide.
|
|
196
196
|
*/
|
|
197
197
|
tags?: TagList;
|
|
198
|
+
/**
|
|
199
|
+
* The replication specification of the keyspace includes: replicationStrategy - the required value is SINGLE_REGION or MULTI_REGION. regionList - if the replicationStrategy is MULTI_REGION, the regionList requires the current Region and at least one additional Amazon Web Services Region where the keyspace is going to be replicated in. The maximum number of supported replication Regions including the current Region is six.
|
|
200
|
+
*/
|
|
201
|
+
replicationSpecification?: ReplicationSpecification;
|
|
198
202
|
}
|
|
199
203
|
export interface CreateKeyspaceResponse {
|
|
200
204
|
/**
|
|
@@ -299,9 +303,17 @@ declare namespace Keyspaces {
|
|
|
299
303
|
*/
|
|
300
304
|
keyspaceName: KeyspaceName;
|
|
301
305
|
/**
|
|
302
|
-
*
|
|
306
|
+
* Returns the ARN of the keyspace.
|
|
303
307
|
*/
|
|
304
308
|
resourceArn: ARN;
|
|
309
|
+
/**
|
|
310
|
+
* Returns the replication strategy of the keyspace. The options are SINGLE_REGION or MULTI_REGION.
|
|
311
|
+
*/
|
|
312
|
+
replicationStrategy: rs;
|
|
313
|
+
/**
|
|
314
|
+
* If the replicationStrategy of the keyspace is MULTI_REGION, a list of replication Regions is returned.
|
|
315
|
+
*/
|
|
316
|
+
replicationRegions?: RegionList;
|
|
305
317
|
}
|
|
306
318
|
export interface GetTableRequest {
|
|
307
319
|
/**
|
|
@@ -377,6 +389,14 @@ declare namespace Keyspaces {
|
|
|
377
389
|
* The unique identifier of the keyspace in the format of an Amazon Resource Name (ARN).
|
|
378
390
|
*/
|
|
379
391
|
resourceArn: ARN;
|
|
392
|
+
/**
|
|
393
|
+
* This property specifies if a keyspace is a single Region keyspace or a multi-Region keyspace. The available values are SINGLE_REGION or MULTI_REGION.
|
|
394
|
+
*/
|
|
395
|
+
replicationStrategy: rs;
|
|
396
|
+
/**
|
|
397
|
+
* If the replicationStrategy of the keyspace is MULTI_REGION, a list of replication Regions is returned.
|
|
398
|
+
*/
|
|
399
|
+
replicationRegions?: RegionList;
|
|
380
400
|
}
|
|
381
401
|
export type KeyspaceSummaryList = KeyspaceSummary[];
|
|
382
402
|
export interface ListKeyspacesRequest {
|
|
@@ -473,6 +493,17 @@ declare namespace Keyspaces {
|
|
|
473
493
|
*/
|
|
474
494
|
earliestRestorableTimestamp?: Timestamp;
|
|
475
495
|
}
|
|
496
|
+
export type RegionList = region[];
|
|
497
|
+
export interface ReplicationSpecification {
|
|
498
|
+
/**
|
|
499
|
+
* The replicationStrategy of a keyspace, the required value is SINGLE_REGION or MULTI_REGION.
|
|
500
|
+
*/
|
|
501
|
+
replicationStrategy: rs;
|
|
502
|
+
/**
|
|
503
|
+
* The regionList can contain up to six Amazon Web Services Regions where the keyspace is replicated in.
|
|
504
|
+
*/
|
|
505
|
+
regionList?: RegionList;
|
|
506
|
+
}
|
|
476
507
|
export interface RestoreTableRequest {
|
|
477
508
|
/**
|
|
478
509
|
* The keyspace name of the source table.
|
|
@@ -652,6 +683,8 @@ declare namespace Keyspaces {
|
|
|
652
683
|
resourceArn: ARN;
|
|
653
684
|
}
|
|
654
685
|
export type kmsKeyARN = string;
|
|
686
|
+
export type region = string;
|
|
687
|
+
export type rs = "SINGLE_REGION"|"MULTI_REGION"|string;
|
|
655
688
|
/**
|
|
656
689
|
* A string in YYYY-MM-DD format that represents the latest possible API version that can be used in this service. Specify 'latest' to use the latest possible version.
|
|
657
690
|
*/
|
package/clients/kms.d.ts
CHANGED
|
@@ -52,11 +52,11 @@ declare class KMS extends Service {
|
|
|
52
52
|
*/
|
|
53
53
|
createGrant(callback?: (err: AWSError, data: KMS.Types.CreateGrantResponse) => void): Request<KMS.Types.CreateGrantResponse, AWSError>;
|
|
54
54
|
/**
|
|
55
|
-
* Creates a unique customer managed KMS key in your Amazon Web Services account and Region. You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services services let you use KMS keys that you create and manage to protect your service resources. A KMS key is a logical representation of a cryptographic key. In addition to the key material used in cryptographic operations, a KMS key includes metadata, such as the key ID, key policy, creation date, description, and key state. For details, see Managing keys in the Key Management Service Developer Guide Use the parameters of CreateKey to specify the type of KMS key, the source of its key material, its key policy, description, tags, and other properties. KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. To create different types of KMS keys, use the following guidance: Symmetric encryption KMS key By default, CreateKey creates a symmetric encryption KMS key with key material that KMS generates. This is the basic and most widely used type of KMS key, and provides the best performance. To create a symmetric encryption KMS key, you don't need to specify any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric encryption KMS key with KMS key material. If you need a key for basic encryption and decryption or you are creating a KMS key to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key. The key material in a symmetric encryption key never leaves KMS unencrypted. You can use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but they are typically used to generate data keys and data keys pairs. For details, see GenerateDataKey and GenerateDataKeyPair. Asymmetric KMS keys To create an asymmetric KMS key, use the KeySpec parameter to specify the type of key material in the KMS key. Then, use the KeyUsage parameter to determine whether the KMS key will be used to encrypt and decrypt or sign and verify. You can't change these properties after the KMS key is created. Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey operation to download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key pairs can be used to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key pairs can be used only to sign and verify messages. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide. HMAC KMS key To create an HMAC KMS key, set the KeySpec parameter to a key spec value for HMAC KMS keys. Then set the KeyUsage parameter to GENERATE_VERIFY_MAC. You must set the key usage even though GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys. You can't change these properties after the KMS key is created. HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes.
|
|
55
|
+
* Creates a unique customer managed KMS key in your Amazon Web Services account and Region. You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services services let you use KMS keys that you create and manage to protect your service resources. A KMS key is a logical representation of a cryptographic key. In addition to the key material used in cryptographic operations, a KMS key includes metadata, such as the key ID, key policy, creation date, description, and key state. For details, see Managing keys in the Key Management Service Developer Guide Use the parameters of CreateKey to specify the type of KMS key, the source of its key material, its key policy, description, tags, and other properties. KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. To create different types of KMS keys, use the following guidance: Symmetric encryption KMS key By default, CreateKey creates a symmetric encryption KMS key with key material that KMS generates. This is the basic and most widely used type of KMS key, and provides the best performance. To create a symmetric encryption KMS key, you don't need to specify any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric encryption KMS key with KMS key material. If you need a key for basic encryption and decryption or you are creating a KMS key to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key. The key material in a symmetric encryption key never leaves KMS unencrypted. You can use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but they are typically used to generate data keys and data keys pairs. For details, see GenerateDataKey and GenerateDataKeyPair. Asymmetric KMS keys To create an asymmetric KMS key, use the KeySpec parameter to specify the type of key material in the KMS key. Then, use the KeyUsage parameter to determine whether the KMS key will be used to encrypt and decrypt or sign and verify. You can't change these properties after the KMS key is created. Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey operation to download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key pairs can be used to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key pairs can be used only to sign and verify messages. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide. HMAC KMS key To create an HMAC KMS key, set the KeySpec parameter to a key spec value for HMAC KMS keys. Then set the KeyUsage parameter to GENERATE_VERIFY_MAC. You must set the key usage even though GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys. You can't change these properties after the KMS key is created. HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes. Multi-Region primary keys Imported key material To create a multi-Region primary key in the local Amazon Web Services Region, use the MultiRegion parameter with a value of True. To create a multi-Region replica key, that is, a KMS key with the same key ID and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its primary key to a replica key, use the UpdatePrimaryRegion operation. You can create multi-Region KMS keys for all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't create multi-Region keys in a custom key store. This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide. To import your own key material into a KMS key, begin by creating a KMS key with no key material. To do this, use the Origin parameter of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation to get a public key and import token. Use the wrapping public key to encrypt your key material. Then, use ImportKeyMaterial with your import token to import the key material. For step-by-step instructions, see Importing Key Material in the Key Management Service Developer Guide . You can import key material into KMS keys of all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't import key material into a KMS key in a custom key store. To create a multi-Region primary key with imported key material, use the Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion parameter with a value of True. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For instructions, see Importing key material into multi-Region keys. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide. Custom key store A custom key store lets you protect your Amazon Web Services resources using keys in a backing key store that you own and manage. When you request a cryptographic operation with a KMS key in a custom key store, the operation is performed in the backing key store using its cryptographic keys. KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key manager outside of Amazon Web Services. When you create a KMS key in an CloudHSM key store, KMS generates an encryption key in the CloudHSM cluster and associates it with the KMS key. When you create a KMS key in an external key store, you specify an existing encryption key in the external key manager. Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation. Before you create a KMS key in a custom key store, the ConnectionState of the key store must be CONNECTED. To connect the custom key store, use the ConnectCustomKeyStore operation. To find the ConnectionState, use the DescribeCustomKeyStores operation. To create a KMS key in a custom key store, use the CustomKeyStoreId. Use the default KeySpec value, SYMMETRIC_DEFAULT, and the default KeyUsage value, ENCRYPT_DECRYPT to create a symmetric encryption key. No other key type is supported in a custom key store. To create a KMS key in an CloudHSM key store, use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs in different Availability Zones in the Amazon Web Services Region. To create a KMS key in an external key store, use the Origin parameter with a value of EXTERNAL_KEY_STORE and an XksKeyId parameter that identifies an existing external key. Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation. Cross-account use: No. You cannot use this operation to create a KMS key in a different Amazon Web Services account. Required permissions: kms:CreateKey (IAM policy). To use the Tags parameter, kms:TagResource (IAM policy). For examples and information about related permissions, see Allow a user to create KMS keys in the Key Management Service Developer Guide. Related operations: DescribeKey ListKeys ScheduleKeyDeletion
|
|
56
56
|
*/
|
|
57
57
|
createKey(params: KMS.Types.CreateKeyRequest, callback?: (err: AWSError, data: KMS.Types.CreateKeyResponse) => void): Request<KMS.Types.CreateKeyResponse, AWSError>;
|
|
58
58
|
/**
|
|
59
|
-
* Creates a unique customer managed KMS key in your Amazon Web Services account and Region. You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services services let you use KMS keys that you create and manage to protect your service resources. A KMS key is a logical representation of a cryptographic key. In addition to the key material used in cryptographic operations, a KMS key includes metadata, such as the key ID, key policy, creation date, description, and key state. For details, see Managing keys in the Key Management Service Developer Guide Use the parameters of CreateKey to specify the type of KMS key, the source of its key material, its key policy, description, tags, and other properties. KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. To create different types of KMS keys, use the following guidance: Symmetric encryption KMS key By default, CreateKey creates a symmetric encryption KMS key with key material that KMS generates. This is the basic and most widely used type of KMS key, and provides the best performance. To create a symmetric encryption KMS key, you don't need to specify any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric encryption KMS key with KMS key material. If you need a key for basic encryption and decryption or you are creating a KMS key to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key. The key material in a symmetric encryption key never leaves KMS unencrypted. You can use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but they are typically used to generate data keys and data keys pairs. For details, see GenerateDataKey and GenerateDataKeyPair. Asymmetric KMS keys To create an asymmetric KMS key, use the KeySpec parameter to specify the type of key material in the KMS key. Then, use the KeyUsage parameter to determine whether the KMS key will be used to encrypt and decrypt or sign and verify. You can't change these properties after the KMS key is created. Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey operation to download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key pairs can be used to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key pairs can be used only to sign and verify messages. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide. HMAC KMS key To create an HMAC KMS key, set the KeySpec parameter to a key spec value for HMAC KMS keys. Then set the KeyUsage parameter to GENERATE_VERIFY_MAC. You must set the key usage even though GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys. You can't change these properties after the KMS key is created. HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes.
|
|
59
|
+
* Creates a unique customer managed KMS key in your Amazon Web Services account and Region. You can use a KMS key in cryptographic operations, such as encryption and signing. Some Amazon Web Services services let you use KMS keys that you create and manage to protect your service resources. A KMS key is a logical representation of a cryptographic key. In addition to the key material used in cryptographic operations, a KMS key includes metadata, such as the key ID, key policy, creation date, description, and key state. For details, see Managing keys in the Key Management Service Developer Guide Use the parameters of CreateKey to specify the type of KMS key, the source of its key material, its key policy, description, tags, and other properties. KMS has replaced the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term. To create different types of KMS keys, use the following guidance: Symmetric encryption KMS key By default, CreateKey creates a symmetric encryption KMS key with key material that KMS generates. This is the basic and most widely used type of KMS key, and provides the best performance. To create a symmetric encryption KMS key, you don't need to specify any parameters. The default value for KeySpec, SYMMETRIC_DEFAULT, the default value for KeyUsage, ENCRYPT_DECRYPT, and the default value for Origin, AWS_KMS, create a symmetric encryption KMS key with KMS key material. If you need a key for basic encryption and decryption or you are creating a KMS key to protect your resources in an Amazon Web Services service, create a symmetric encryption KMS key. The key material in a symmetric encryption key never leaves KMS unencrypted. You can use a symmetric encryption KMS key to encrypt and decrypt data up to 4,096 bytes, but they are typically used to generate data keys and data keys pairs. For details, see GenerateDataKey and GenerateDataKeyPair. Asymmetric KMS keys To create an asymmetric KMS key, use the KeySpec parameter to specify the type of key material in the KMS key. Then, use the KeyUsage parameter to determine whether the KMS key will be used to encrypt and decrypt or sign and verify. You can't change these properties after the KMS key is created. Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC) key pair, or an SM2 key pair (China Regions only). The private key in an asymmetric KMS key never leaves KMS unencrypted. However, you can use the GetPublicKey operation to download the public key so it can be used outside of KMS. KMS keys with RSA or SM2 key pairs can be used to encrypt or decrypt data or sign and verify messages (but not both). KMS keys with ECC key pairs can be used only to sign and verify messages. For information about asymmetric KMS keys, see Asymmetric KMS keys in the Key Management Service Developer Guide. HMAC KMS key To create an HMAC KMS key, set the KeySpec parameter to a key spec value for HMAC KMS keys. Then set the KeyUsage parameter to GENERATE_VERIFY_MAC. You must set the key usage even though GENERATE_VERIFY_MAC is the only valid key usage value for HMAC KMS keys. You can't change these properties after the KMS key is created. HMAC KMS keys are symmetric keys that never leave KMS unencrypted. You can use HMAC keys to generate (GenerateMac) and verify (VerifyMac) HMAC codes for messages up to 4096 bytes. Multi-Region primary keys Imported key material To create a multi-Region primary key in the local Amazon Web Services Region, use the MultiRegion parameter with a value of True. To create a multi-Region replica key, that is, a KMS key with the same key ID and key material as a primary key, but in a different Amazon Web Services Region, use the ReplicateKey operation. To change a replica key to a primary key, and its primary key to a replica key, use the UpdatePrimaryRegion operation. You can create multi-Region KMS keys for all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't create multi-Region keys in a custom key store. This operation supports multi-Region keys, an KMS feature that lets you create multiple interoperable KMS keys in different Amazon Web Services Regions. Because these KMS keys have the same key ID, key material, and other metadata, you can use them interchangeably to encrypt data in one Amazon Web Services Region and decrypt it in a different Amazon Web Services Region without re-encrypting the data or making a cross-Region call. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide. To import your own key material into a KMS key, begin by creating a KMS key with no key material. To do this, use the Origin parameter of CreateKey with a value of EXTERNAL. Next, use GetParametersForImport operation to get a public key and import token. Use the wrapping public key to encrypt your key material. Then, use ImportKeyMaterial with your import token to import the key material. For step-by-step instructions, see Importing Key Material in the Key Management Service Developer Guide . You can import key material into KMS keys of all supported KMS key types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric encryption KMS keys, and asymmetric signing KMS keys. You can also create multi-Region keys with imported key material. However, you can't import key material into a KMS key in a custom key store. To create a multi-Region primary key with imported key material, use the Origin parameter of CreateKey with a value of EXTERNAL and the MultiRegion parameter with a value of True. To create replicas of the multi-Region primary key, use the ReplicateKey operation. For instructions, see Importing key material into multi-Region keys. For more information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer Guide. Custom key store A custom key store lets you protect your Amazon Web Services resources using keys in a backing key store that you own and manage. When you request a cryptographic operation with a KMS key in a custom key store, the operation is performed in the backing key store using its cryptographic keys. KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key manager outside of Amazon Web Services. When you create a KMS key in an CloudHSM key store, KMS generates an encryption key in the CloudHSM cluster and associates it with the KMS key. When you create a KMS key in an external key store, you specify an existing encryption key in the external key manager. Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation. Before you create a KMS key in a custom key store, the ConnectionState of the key store must be CONNECTED. To connect the custom key store, use the ConnectCustomKeyStore operation. To find the ConnectionState, use the DescribeCustomKeyStores operation. To create a KMS key in a custom key store, use the CustomKeyStoreId. Use the default KeySpec value, SYMMETRIC_DEFAULT, and the default KeyUsage value, ENCRYPT_DECRYPT to create a symmetric encryption key. No other key type is supported in a custom key store. To create a KMS key in an CloudHSM key store, use the Origin parameter with a value of AWS_CLOUDHSM. The CloudHSM cluster that is associated with the custom key store must have at least two active HSMs in different Availability Zones in the Amazon Web Services Region. To create a KMS key in an external key store, use the Origin parameter with a value of EXTERNAL_KEY_STORE and an XksKeyId parameter that identifies an existing external key. Some external key managers provide a simpler method for creating a KMS key in an external key store. For details, see your external key manager documentation. Cross-account use: No. You cannot use this operation to create a KMS key in a different Amazon Web Services account. Required permissions: kms:CreateKey (IAM policy). To use the Tags parameter, kms:TagResource (IAM policy). For examples and information about related permissions, see Allow a user to create KMS keys in the Key Management Service Developer Guide. Related operations: DescribeKey ListKeys ScheduleKeyDeletion
|
|
60
60
|
*/
|
|
61
61
|
createKey(callback?: (err: AWSError, data: KMS.Types.CreateKeyResponse) => void): Request<KMS.Types.CreateKeyResponse, AWSError>;
|
|
62
62
|
/**
|
|
@@ -84,11 +84,11 @@ declare class KMS extends Service {
|
|
|
84
84
|
*/
|
|
85
85
|
deleteCustomKeyStore(callback?: (err: AWSError, data: KMS.Types.DeleteCustomKeyStoreResponse) => void): Request<KMS.Types.DeleteCustomKeyStoreResponse, AWSError>;
|
|
86
86
|
/**
|
|
87
|
-
* Deletes key material that
|
|
87
|
+
* Deletes key material that was previously imported. This operation makes the specified KMS key temporarily unusable. To restore the usability of the KMS key, reimport the same key material. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide. When the specified KMS key is in the PendingDeletion state, this operation does not change the KMS key's state. Otherwise, it changes the KMS key's state to PendingImport. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:DeleteImportedKeyMaterial (key policy) Related operations: GetParametersForImport ImportKeyMaterial
|
|
88
88
|
*/
|
|
89
89
|
deleteImportedKeyMaterial(params: KMS.Types.DeleteImportedKeyMaterialRequest, callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
|
|
90
90
|
/**
|
|
91
|
-
* Deletes key material that
|
|
91
|
+
* Deletes key material that was previously imported. This operation makes the specified KMS key temporarily unusable. To restore the usability of the KMS key, reimport the same key material. For more information about importing key material into KMS, see Importing Key Material in the Key Management Service Developer Guide. When the specified KMS key is in the PendingDeletion state, this operation does not change the KMS key's state. Otherwise, it changes the KMS key's state to PendingImport. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:DeleteImportedKeyMaterial (key policy) Related operations: GetParametersForImport ImportKeyMaterial
|
|
92
92
|
*/
|
|
93
93
|
deleteImportedKeyMaterial(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
|
|
94
94
|
/**
|
|
@@ -220,11 +220,11 @@ declare class KMS extends Service {
|
|
|
220
220
|
*/
|
|
221
221
|
getKeyRotationStatus(callback?: (err: AWSError, data: KMS.Types.GetKeyRotationStatusResponse) => void): Request<KMS.Types.GetKeyRotationStatusResponse, AWSError>;
|
|
222
222
|
/**
|
|
223
|
-
* Returns the
|
|
223
|
+
* Returns the public key and an import token you need to import or reimport key material for a KMS key. By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted. GetParametersForImport returns the items that you need to import your key material. The public key (or "wrapping key") of an RSA key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS. A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key. The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request. GetParametersForImport requires the following information: The key ID of the KMS key for which you are importing the key material. The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import. The wrapping algorithm that you will use with the public key to encrypt your key material. You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:GetParametersForImport (key policy) Related operations: ImportKeyMaterial DeleteImportedKeyMaterial
|
|
224
224
|
*/
|
|
225
225
|
getParametersForImport(params: KMS.Types.GetParametersForImportRequest, callback?: (err: AWSError, data: KMS.Types.GetParametersForImportResponse) => void): Request<KMS.Types.GetParametersForImportResponse, AWSError>;
|
|
226
226
|
/**
|
|
227
|
-
* Returns the
|
|
227
|
+
* Returns the public key and an import token you need to import or reimport key material for a KMS key. By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. Before calling GetParametersForImport, use the CreateKey operation with an Origin value of EXTERNAL to create a KMS key with no key material. You can import key material for a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. You can also use GetParametersForImport to get a public key and import token to reimport the original key material into a KMS key whose key material expired or was deleted. GetParametersForImport returns the items that you need to import your key material. The public key (or "wrapping key") of an RSA key pair that KMS generates. You will use this public key to encrypt ("wrap") your key material while it's in transit to KMS. A import token that ensures that KMS can decrypt your key material and associate it with the correct KMS key. The public key and its import token are permanently linked and must be used together. Each public key and import token set is valid for 24 hours. The expiration date and time appear in the ParametersValidTo field in the GetParametersForImport response. You cannot use an expired public key or import token in an ImportKeyMaterial request. If your key and token expire, send another GetParametersForImport request. GetParametersForImport requires the following information: The key ID of the KMS key for which you are importing the key material. The key spec of the public key ("wrapping key") that you will use to encrypt your key material during import. The wrapping algorithm that you will use with the public key to encrypt your key material. You can use the same or a different public key spec and wrapping algorithm each time you import or reimport the same key material. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:GetParametersForImport (key policy) Related operations: ImportKeyMaterial DeleteImportedKeyMaterial
|
|
228
228
|
*/
|
|
229
229
|
getParametersForImport(callback?: (err: AWSError, data: KMS.Types.GetParametersForImportResponse) => void): Request<KMS.Types.GetParametersForImportResponse, AWSError>;
|
|
230
230
|
/**
|
|
@@ -236,11 +236,11 @@ declare class KMS extends Service {
|
|
|
236
236
|
*/
|
|
237
237
|
getPublicKey(callback?: (err: AWSError, data: KMS.Types.GetPublicKeyResponse) => void): Request<KMS.Types.GetPublicKeyResponse, AWSError>;
|
|
238
238
|
/**
|
|
239
|
-
* Imports key material into an existing
|
|
239
|
+
* Imports or reimports key material into an existing KMS key that was created without key material. ImportKeyMaterial also sets the expiration model and expiration date of the imported key material. By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material. Before reimporting key material, if necessary, call DeleteImportedKeyMaterial to delete the current imported key material. Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console. Before calling ImportKeyMaterial: Create or identify a KMS key with no key material. The KMS key must have an Origin value of EXTERNAL, which indicates that the KMS key is designed for imported key material. To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. Use the DescribeKey operation to verify that the KeyState of the KMS key is PendingImport, which indicates that the KMS key has no key material. If you are reimporting the same key material into an existing KMS key, you might need to call the DeleteImportedKeyMaterial to delete its existing key material. Call the GetParametersForImport operation to get a public key and import token set for importing key material. Use the public key in the GetParametersForImport response to encrypt your key material. Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values: The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey. The encrypted key material. The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response. Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide. If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time. When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations. If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:ImportKeyMaterial (key policy) Related operations: DeleteImportedKeyMaterial GetParametersForImport
|
|
240
240
|
*/
|
|
241
241
|
importKeyMaterial(params: KMS.Types.ImportKeyMaterialRequest, callback?: (err: AWSError, data: KMS.Types.ImportKeyMaterialResponse) => void): Request<KMS.Types.ImportKeyMaterialResponse, AWSError>;
|
|
242
242
|
/**
|
|
243
|
-
* Imports key material into an existing
|
|
243
|
+
* Imports or reimports key material into an existing KMS key that was created without key material. ImportKeyMaterial also sets the expiration model and expiration date of the imported key material. By default, KMS keys are created with key material that KMS generates. This operation supports Importing key material, an advanced feature that lets you generate and import the cryptographic key material for a KMS key. For more information about importing key material into KMS, see Importing key material in the Key Management Service Developer Guide. After you successfully import key material into a KMS key, you can reimport the same key material into that KMS key, but you cannot import different key material. You might reimport key material to replace key material that expired or key material that you deleted. You might also reimport key material to change the expiration model or expiration date of the key material. Before reimporting key material, if necessary, call DeleteImportedKeyMaterial to delete the current imported key material. Each time you import key material into KMS, you can determine whether (ExpirationModel) and when (ValidTo) the key material expires. To change the expiration of your key material, you must import it again, either by calling ImportKeyMaterial or using the import features of the KMS console. Before calling ImportKeyMaterial: Create or identify a KMS key with no key material. The KMS key must have an Origin value of EXTERNAL, which indicates that the KMS key is designed for imported key material. To create an new KMS key for imported key material, call the CreateKey operation with an Origin value of EXTERNAL. You can create a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key. You can also import key material into a multi-Region key of any supported type. However, you can't import key material into a KMS key in a custom key store. Use the DescribeKey operation to verify that the KeyState of the KMS key is PendingImport, which indicates that the KMS key has no key material. If you are reimporting the same key material into an existing KMS key, you might need to call the DeleteImportedKeyMaterial to delete its existing key material. Call the GetParametersForImport operation to get a public key and import token set for importing key material. Use the public key in the GetParametersForImport response to encrypt your key material. Then, in an ImportKeyMaterial request, you submit your encrypted key material and import token. When calling this operation, you must specify the following values: The key ID or key ARN of the KMS key to associate with the imported key material. Its Origin must be EXTERNAL and its KeyState must be PendingImport. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. To get the Origin and KeyState of a KMS key, call DescribeKey. The encrypted key material. The import token that GetParametersForImport returned. You must use a public key and token from the same GetParametersForImport response. Whether the key material expires (ExpirationModel) and, if so, when (ValidTo). For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide. If you set an expiration date, KMS deletes the key material from the KMS key on the specified date, making the KMS key unusable. To use the KMS key in cryptographic operations again, you must reimport the same key material. However, you can delete and reimport the key material at any time, including before the key material expires. Each time you reimport, you can eliminate or reset the expiration time. When this operation is successful, the key state of the KMS key changes from PendingImport to Enabled, and you can use the KMS key in cryptographic operations. If this operation fails, use the exception to help determine the problem. If the error is related to the key material, the import token, or wrapping key, use GetParametersForImport to get a new public key and import token for the KMS key and repeat the import procedure. For help, see How To Import Key Material in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:ImportKeyMaterial (key policy) Related operations: DeleteImportedKeyMaterial GetParametersForImport
|
|
244
244
|
*/
|
|
245
245
|
importKeyMaterial(callback?: (err: AWSError, data: KMS.Types.ImportKeyMaterialResponse) => void): Request<KMS.Types.ImportKeyMaterialResponse, AWSError>;
|
|
246
246
|
/**
|
|
@@ -332,11 +332,11 @@ declare class KMS extends Service {
|
|
|
332
332
|
*/
|
|
333
333
|
revokeGrant(callback?: (err: AWSError, data: {}) => void): Request<{}, AWSError>;
|
|
334
334
|
/**
|
|
335
|
-
* Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it. Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is a multi-Region replica key.) To prevent the use of a KMS key without deleting it, use DisableKey. You can schedule the deletion of a multi-Region primary key and its replica keys at any time. However, KMS will not delete a multi-Region primary key with existing replica keys. If you schedule the deletion of a primary key with replicas, its key state changes to PendingReplicaDeletion and it cannot be replicated or used in cryptographic operations. This status can continue indefinitely. When the last of its replicas keys is deleted (not just scheduled), the key state of the primary key changes to PendingDeletion and its waiting period (PendingWindowInDays) begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide. When KMS deletes a KMS key from an CloudHSM key store, it makes a best effort to delete the associated key material from the associated CloudHSM cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. Deleting a KMS key from an external key store has no effect on the associated external key. However, for both types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot decrypt ciphertext encrypted under the KMS key by using only its associated external key or CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS key with the same key material. For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:ScheduleKeyDeletion (key policy) Related operations CancelKeyDeletion DisableKey
|
|
335
|
+
* Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it. Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is a multi-Region replica key, or an asymmetric or HMAC KMS key with imported key material[BUGBUG-link to importing-keys-managing.html#import-delete-key.) To prevent the use of a KMS key without deleting it, use DisableKey. You can schedule the deletion of a multi-Region primary key and its replica keys at any time. However, KMS will not delete a multi-Region primary key with existing replica keys. If you schedule the deletion of a primary key with replicas, its key state changes to PendingReplicaDeletion and it cannot be replicated or used in cryptographic operations. This status can continue indefinitely. When the last of its replicas keys is deleted (not just scheduled), the key state of the primary key changes to PendingDeletion and its waiting period (PendingWindowInDays) begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide. When KMS deletes a KMS key from an CloudHSM key store, it makes a best effort to delete the associated key material from the associated CloudHSM cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. Deleting a KMS key from an external key store has no effect on the associated external key. However, for both types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot decrypt ciphertext encrypted under the KMS key by using only its associated external key or CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS key with the same key material. For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:ScheduleKeyDeletion (key policy) Related operations CancelKeyDeletion DisableKey
|
|
336
336
|
*/
|
|
337
337
|
scheduleKeyDeletion(params: KMS.Types.ScheduleKeyDeletionRequest, callback?: (err: AWSError, data: KMS.Types.ScheduleKeyDeletionResponse) => void): Request<KMS.Types.ScheduleKeyDeletionResponse, AWSError>;
|
|
338
338
|
/**
|
|
339
|
-
* Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it. Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is a multi-Region replica key.) To prevent the use of a KMS key without deleting it, use DisableKey. You can schedule the deletion of a multi-Region primary key and its replica keys at any time. However, KMS will not delete a multi-Region primary key with existing replica keys. If you schedule the deletion of a primary key with replicas, its key state changes to PendingReplicaDeletion and it cannot be replicated or used in cryptographic operations. This status can continue indefinitely. When the last of its replicas keys is deleted (not just scheduled), the key state of the primary key changes to PendingDeletion and its waiting period (PendingWindowInDays) begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide. When KMS deletes a KMS key from an CloudHSM key store, it makes a best effort to delete the associated key material from the associated CloudHSM cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. Deleting a KMS key from an external key store has no effect on the associated external key. However, for both types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot decrypt ciphertext encrypted under the KMS key by using only its associated external key or CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS key with the same key material. For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:ScheduleKeyDeletion (key policy) Related operations CancelKeyDeletion DisableKey
|
|
339
|
+
* Schedules the deletion of a KMS key. By default, KMS applies a waiting period of 30 days, but you can specify a waiting period of 7-30 days. When this operation is successful, the key state of the KMS key changes to PendingDeletion and the key can't be used in any cryptographic operations. It remains in this state for the duration of the waiting period. Before the waiting period ends, you can use CancelKeyDeletion to cancel the deletion of the KMS key. After the waiting period ends, KMS deletes the KMS key, its key material, and all KMS data associated with it, including all aliases that refer to it. Deleting a KMS key is a destructive and potentially dangerous operation. When a KMS key is deleted, all data that was encrypted under the KMS key is unrecoverable. (The only exception is a multi-Region replica key, or an asymmetric or HMAC KMS key with imported key material[BUGBUG-link to importing-keys-managing.html#import-delete-key.) To prevent the use of a KMS key without deleting it, use DisableKey. You can schedule the deletion of a multi-Region primary key and its replica keys at any time. However, KMS will not delete a multi-Region primary key with existing replica keys. If you schedule the deletion of a primary key with replicas, its key state changes to PendingReplicaDeletion and it cannot be replicated or used in cryptographic operations. This status can continue indefinitely. When the last of its replicas keys is deleted (not just scheduled), the key state of the primary key changes to PendingDeletion and its waiting period (PendingWindowInDays) begins. For details, see Deleting multi-Region keys in the Key Management Service Developer Guide. When KMS deletes a KMS key from an CloudHSM key store, it makes a best effort to delete the associated key material from the associated CloudHSM cluster. However, you might need to manually delete the orphaned key material from the cluster and its backups. Deleting a KMS key from an external key store has no effect on the associated external key. However, for both types of custom key stores, deleting a KMS key is destructive and irreversible. You cannot decrypt ciphertext encrypted under the KMS key by using only its associated external key or CloudHSM key. Also, you cannot recreate a KMS key in an external key store by creating a new KMS key with the same key material. For more information about scheduling a KMS key for deletion, see Deleting KMS keys in the Key Management Service Developer Guide. The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide. Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. Required permissions: kms:ScheduleKeyDeletion (key policy) Related operations CancelKeyDeletion DisableKey
|
|
340
340
|
*/
|
|
341
341
|
scheduleKeyDeletion(callback?: (err: AWSError, data: KMS.Types.ScheduleKeyDeletionResponse) => void): Request<KMS.Types.ScheduleKeyDeletionResponse, AWSError>;
|
|
342
342
|
/**
|
|
@@ -414,7 +414,7 @@ declare class KMS extends Service {
|
|
|
414
414
|
}
|
|
415
415
|
declare namespace KMS {
|
|
416
416
|
export type AWSAccountIdType = string;
|
|
417
|
-
export type AlgorithmSpec = "RSAES_PKCS1_V1_5"|"RSAES_OAEP_SHA_1"|"RSAES_OAEP_SHA_256"|string;
|
|
417
|
+
export type AlgorithmSpec = "RSAES_PKCS1_V1_5"|"RSAES_OAEP_SHA_1"|"RSAES_OAEP_SHA_256"|"RSA_AES_KEY_WRAP_SHA_1"|"RSA_AES_KEY_WRAP_SHA_256"|string;
|
|
418
418
|
export type AliasList = AliasListEntry[];
|
|
419
419
|
export interface AliasListEntry {
|
|
420
420
|
/**
|
|
@@ -1095,15 +1095,15 @@ declare namespace KMS {
|
|
|
1095
1095
|
}
|
|
1096
1096
|
export interface GetParametersForImportRequest {
|
|
1097
1097
|
/**
|
|
1098
|
-
* The identifier of the
|
|
1098
|
+
* The identifier of the KMS key that will be associated with the imported key material. The Origin of the KMS key must be EXTERNAL. All KMS key types are supported, including multi-Region keys. However, you cannot import key material into a KMS key in a custom key store. Specify the key ID or key ARN of the KMS key. For example: Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
|
|
1099
1099
|
*/
|
|
1100
1100
|
KeyId: KeyIdType;
|
|
1101
1101
|
/**
|
|
1102
|
-
* The algorithm you will use
|
|
1102
|
+
* The algorithm you will use with the RSA public key (PublicKey) in the response to protect your key material during import. For more information, see Select a wrapping algorithm in the Key Management Service Developer Guide. For RSA_AES wrapping algorithms, you encrypt your key material with an AES key that you generate, then encrypt your AES key with the RSA public key from KMS. For RSAES wrapping algorithms, you encrypt your key material directly with the RSA public key from KMS. The wrapping algorithms that you can use depend on the type of key material that you are importing. To import an RSA private key, you must use an RSA_AES wrapping algorithm. RSA_AES_KEY_WRAP_SHA_256 — Supported for wrapping RSA and ECC key material. RSA_AES_KEY_WRAP_SHA_1 — Supported for wrapping RSA and ECC key material. RSAES_OAEP_SHA_256 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_256 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material. RSAES_OAEP_SHA_1 — Supported for all types of key material, except RSA key material (private key). You cannot use the RSAES_OAEP_SHA_1 wrapping algorithm with the RSA_2048 wrapping key spec to wrap ECC_NIST_P521 key material. RSAES_PKCS1_V1_5 (Deprecated) — Supported only for symmetric encryption key material (and only in legacy mode).
|
|
1103
1103
|
*/
|
|
1104
1104
|
WrappingAlgorithm: AlgorithmSpec;
|
|
1105
1105
|
/**
|
|
1106
|
-
* The type of
|
|
1106
|
+
* The type of RSA public key to return in the response. You will use this wrapping key with the specified wrapping algorithm to protect your key material during import. Use the longest RSA wrapping key that is practical. You cannot use an RSA_2048 public key to directly wrap an ECC_NIST_P521 private key. Instead, use an RSA_AES wrapping algorithm or choose a longer RSA public key.
|
|
1107
1107
|
*/
|
|
1108
1108
|
WrappingKeySpec: WrappingKeySpec;
|
|
1109
1109
|
}
|
|
@@ -1222,7 +1222,7 @@ declare namespace KMS {
|
|
|
1222
1222
|
export type GrantTokenType = string;
|
|
1223
1223
|
export interface ImportKeyMaterialRequest {
|
|
1224
1224
|
/**
|
|
1225
|
-
* The identifier of the
|
|
1225
|
+
* The identifier of the KMS key that will be associated with the imported key material. This must be the same KMS key specified in the KeyID parameter of the corresponding GetParametersForImport request. The Origin of the KMS key must be EXTERNAL and its KeyState must be PendingImport. The KMS key can be a symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, or asymmetric signing KMS key, including a multi-Region key of any supported type. You cannot perform this operation on a KMS key in a custom key store, or on a KMS key in a different Amazon Web Services account. Specify the key ID or key ARN of the KMS key. For example: Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
|
|
1226
1226
|
*/
|
|
1227
1227
|
KeyId: KeyIdType;
|
|
1228
1228
|
/**
|
|
@@ -1230,7 +1230,7 @@ declare namespace KMS {
|
|
|
1230
1230
|
*/
|
|
1231
1231
|
ImportToken: CiphertextType;
|
|
1232
1232
|
/**
|
|
1233
|
-
* The encrypted key material to import. The key material must be encrypted
|
|
1233
|
+
* The encrypted key material to import. The key material must be encrypted under the public wrapping key that GetParametersForImport returned, using the wrapping algorithm that you specified in the same GetParametersForImport request.
|
|
1234
1234
|
*/
|
|
1235
1235
|
EncryptedKeyMaterial: CiphertextType;
|
|
1236
1236
|
/**
|
|
@@ -1238,7 +1238,7 @@ declare namespace KMS {
|
|
|
1238
1238
|
*/
|
|
1239
1239
|
ValidTo?: DateType;
|
|
1240
1240
|
/**
|
|
1241
|
-
* Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES. When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter. You cannot change the ExpirationModel or ValidTo values for the current import after the request completes. To change either value, you must
|
|
1241
|
+
* Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES. For help with this choice, see Setting an expiration time in the Key Management Service Developer Guide. When the value of ExpirationModel is KEY_MATERIAL_EXPIRES, you must specify a value for the ValidTo parameter. When value is KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter. You cannot change the ExpirationModel or ValidTo values for the current import after the request completes. To change either value, you must reimport the key material.
|
|
1242
1242
|
*/
|
|
1243
1243
|
ExpirationModel?: ExpirationModelType;
|
|
1244
1244
|
}
|
|
@@ -1714,7 +1714,7 @@ declare namespace KMS {
|
|
|
1714
1714
|
*/
|
|
1715
1715
|
KeyId: KeyIdType;
|
|
1716
1716
|
/**
|
|
1717
|
-
* The waiting period, specified in number of days. After the waiting period ends, KMS deletes the KMS key. If the KMS key is a multi-Region primary key with replica keys, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately. This value is optional. If you include a value, it must be between 7 and 30, inclusive. If you do not include a value, it defaults to 30.
|
|
1717
|
+
* The waiting period, specified in number of days. After the waiting period ends, KMS deletes the KMS key. If the KMS key is a multi-Region primary key with replica keys, the waiting period begins when the last of its replica keys is deleted. Otherwise, the waiting period begins immediately. This value is optional. If you include a value, it must be between 7 and 30, inclusive. If you do not include a value, it defaults to 30. You can use the kms:ScheduleKeyDeletionPendingWindowInDays condition key to further constrain the values that principals can specify in the PendingWindowInDays parameter.
|
|
1718
1718
|
*/
|
|
1719
1719
|
PendingWindowInDays?: PendingWindowInDaysType;
|
|
1720
1720
|
}
|
|
@@ -1764,7 +1764,7 @@ declare namespace KMS {
|
|
|
1764
1764
|
*/
|
|
1765
1765
|
KeyId?: KeyIdType;
|
|
1766
1766
|
/**
|
|
1767
|
-
* The cryptographic signature that was generated for the message. When used with the supported RSA signing algorithms, the encoding of this value is defined by PKCS #1 in RFC 8017. When used with the ECDSA_SHA_256, ECDSA_SHA_384, or ECDSA_SHA_512 signing algorithms, this value is a DER-encoded object as defined by
|
|
1767
|
+
* The cryptographic signature that was generated for the message. When used with the supported RSA signing algorithms, the encoding of this value is defined by PKCS #1 in RFC 8017. When used with the ECDSA_SHA_256, ECDSA_SHA_384, or ECDSA_SHA_512 signing algorithms, this value is a DER-encoded object as defined by ANSI X9.62–2005 and RFC 3279 Section 2.2.3. This is the most commonly used signature format and is appropriate for most uses. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.
|
|
1768
1768
|
*/
|
|
1769
1769
|
Signature?: CiphertextType;
|
|
1770
1770
|
/**
|
|
@@ -1955,7 +1955,7 @@ declare namespace KMS {
|
|
|
1955
1955
|
*/
|
|
1956
1956
|
SigningAlgorithm?: SigningAlgorithmSpec;
|
|
1957
1957
|
}
|
|
1958
|
-
export type WrappingKeySpec = "RSA_2048"|string;
|
|
1958
|
+
export type WrappingKeySpec = "RSA_2048"|"RSA_3072"|"RSA_4096"|string;
|
|
1959
1959
|
export interface XksKeyConfigurationType {
|
|
1960
1960
|
/**
|
|
1961
1961
|
* The ID of the external key in its external key manager. This is the ID that the external key store proxy uses to identify the external key.
|
package/clients/lambda.d.ts
CHANGED
|
@@ -1037,7 +1037,7 @@ declare namespace Lambda {
|
|
|
1037
1037
|
*/
|
|
1038
1038
|
Environment?: Environment;
|
|
1039
1039
|
/**
|
|
1040
|
-
* The ARN of the Key Management Service (KMS) customer managed key that's used to encrypt your function's environment variables. When Lambda SnapStart is activated, this key is also
|
|
1040
|
+
* The ARN of the Key Management Service (KMS) customer managed key that's used to encrypt your function's environment variables. When Lambda SnapStart is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.
|
|
1041
1041
|
*/
|
|
1042
1042
|
KMSKeyArn?: KMSKeyArn;
|
|
1043
1043
|
/**
|
|
@@ -1360,7 +1360,7 @@ declare namespace Lambda {
|
|
|
1360
1360
|
*/
|
|
1361
1361
|
SelfManagedEventSource?: SelfManagedEventSource;
|
|
1362
1362
|
/**
|
|
1363
|
-
* (Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records. The minimum value
|
|
1363
|
+
* (Kinesis and DynamoDB Streams only) Discard records older than the specified age. The default value is -1, which sets the maximum age to infinite. When the value is set to infinite, Lambda never discards old records. The minimum valid value for maximum record age is 60s. Although values less than 60 and greater than -1 fall within the parameter's absolute range, they are not allowed
|
|
1364
1364
|
*/
|
|
1365
1365
|
MaximumRecordAgeInSeconds?: MaximumRecordAgeInSeconds;
|
|
1366
1366
|
/**
|
|
@@ -1889,7 +1889,7 @@ declare namespace Lambda {
|
|
|
1889
1889
|
*/
|
|
1890
1890
|
Version?: LayerVersionNumber;
|
|
1891
1891
|
/**
|
|
1892
|
-
* The layer's compatible runtimes.
|
|
1892
|
+
* The layer's compatible runtimes. The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
|
|
1893
1893
|
*/
|
|
1894
1894
|
CompatibleRuntimes?: CompatibleRuntimes;
|
|
1895
1895
|
/**
|
|
@@ -2239,7 +2239,7 @@ declare namespace Lambda {
|
|
|
2239
2239
|
*/
|
|
2240
2240
|
CreatedDate?: Timestamp;
|
|
2241
2241
|
/**
|
|
2242
|
-
* The layer's compatible runtimes.
|
|
2242
|
+
* The layer's compatible runtimes. The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
|
|
2243
2243
|
*/
|
|
2244
2244
|
CompatibleRuntimes?: CompatibleRuntimes;
|
|
2245
2245
|
/**
|
|
@@ -2446,7 +2446,7 @@ declare namespace Lambda {
|
|
|
2446
2446
|
}
|
|
2447
2447
|
export interface ListLayerVersionsRequest {
|
|
2448
2448
|
/**
|
|
2449
|
-
* A runtime identifier. For example, go1.x.
|
|
2449
|
+
* A runtime identifier. For example, go1.x. The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
|
|
2450
2450
|
*/
|
|
2451
2451
|
CompatibleRuntime?: Runtime;
|
|
2452
2452
|
/**
|
|
@@ -2478,7 +2478,7 @@ declare namespace Lambda {
|
|
|
2478
2478
|
}
|
|
2479
2479
|
export interface ListLayersRequest {
|
|
2480
2480
|
/**
|
|
2481
|
-
* A runtime identifier. For example, go1.x.
|
|
2481
|
+
* A runtime identifier. For example, go1.x. The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
|
|
2482
2482
|
*/
|
|
2483
2483
|
CompatibleRuntime?: Runtime;
|
|
2484
2484
|
/**
|
|
@@ -2652,7 +2652,7 @@ declare namespace Lambda {
|
|
|
2652
2652
|
*/
|
|
2653
2653
|
Content: LayerVersionContentInput;
|
|
2654
2654
|
/**
|
|
2655
|
-
* A list of compatible function runtimes. Used for filtering with ListLayers and ListLayerVersions.
|
|
2655
|
+
* A list of compatible function runtimes. Used for filtering with ListLayers and ListLayerVersions. The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
|
|
2656
2656
|
*/
|
|
2657
2657
|
CompatibleRuntimes?: CompatibleRuntimes;
|
|
2658
2658
|
/**
|
|
@@ -2690,7 +2690,7 @@ declare namespace Lambda {
|
|
|
2690
2690
|
*/
|
|
2691
2691
|
Version?: LayerVersionNumber;
|
|
2692
2692
|
/**
|
|
2693
|
-
* The layer's compatible runtimes.
|
|
2693
|
+
* The layer's compatible runtimes. The following list includes deprecated runtimes. For more information, see Runtime deprecation policy.
|
|
2694
2694
|
*/
|
|
2695
2695
|
CompatibleRuntimes?: CompatibleRuntimes;
|
|
2696
2696
|
/**
|
|
@@ -2887,7 +2887,7 @@ declare namespace Lambda {
|
|
|
2887
2887
|
export type ResourceArn = string;
|
|
2888
2888
|
export type ResponseStreamingInvocationType = "RequestResponse"|"DryRun"|string;
|
|
2889
2889
|
export type RoleArn = string;
|
|
2890
|
-
export type Runtime = "nodejs"|"nodejs4.3"|"nodejs6.10"|"nodejs8.10"|"nodejs10.x"|"nodejs12.x"|"nodejs14.x"|"nodejs16.x"|"java8"|"java8.al2"|"java11"|"python2.7"|"python3.6"|"python3.7"|"python3.8"|"python3.9"|"dotnetcore1.0"|"dotnetcore2.0"|"dotnetcore2.1"|"dotnetcore3.1"|"dotnet6"|"nodejs4.3-edge"|"go1.x"|"ruby2.5"|"ruby2.7"|"provided"|"provided.al2"|"nodejs18.x"|"python3.10"|"java17"|string;
|
|
2890
|
+
export type Runtime = "nodejs"|"nodejs4.3"|"nodejs6.10"|"nodejs8.10"|"nodejs10.x"|"nodejs12.x"|"nodejs14.x"|"nodejs16.x"|"java8"|"java8.al2"|"java11"|"python2.7"|"python3.6"|"python3.7"|"python3.8"|"python3.9"|"dotnetcore1.0"|"dotnetcore2.0"|"dotnetcore2.1"|"dotnetcore3.1"|"dotnet6"|"nodejs4.3-edge"|"go1.x"|"ruby2.5"|"ruby2.7"|"provided"|"provided.al2"|"nodejs18.x"|"python3.10"|"java17"|"ruby3.2"|string;
|
|
2891
2891
|
export type RuntimeVersionArn = string;
|
|
2892
2892
|
export interface RuntimeVersionConfig {
|
|
2893
2893
|
/**
|
|
@@ -3217,7 +3217,7 @@ declare namespace Lambda {
|
|
|
3217
3217
|
*/
|
|
3218
3218
|
DeadLetterConfig?: DeadLetterConfig;
|
|
3219
3219
|
/**
|
|
3220
|
-
* The ARN of the Key Management Service (KMS) customer managed key that's used to encrypt your function's environment variables. When Lambda SnapStart is activated, this key is also
|
|
3220
|
+
* The ARN of the Key Management Service (KMS) customer managed key that's used to encrypt your function's environment variables. When Lambda SnapStart is activated, Lambda also uses this key is to encrypt your function's snapshot. If you deploy your function using a container image, Lambda also uses this key to encrypt your function when it's deployed. Note that this is not the same key that's used to protect your container image in the Amazon Elastic Container Registry (Amazon ECR). If you don't provide a customer managed key, Lambda uses a default service key.
|
|
3221
3221
|
*/
|
|
3222
3222
|
KMSKeyArn?: KMSKeyArn;
|
|
3223
3223
|
/**
|
package/clients/mwaa.d.ts
CHANGED
|
@@ -128,7 +128,7 @@ declare namespace MWAA {
|
|
|
128
128
|
*/
|
|
129
129
|
AirflowConfigurationOptions?: AirflowConfigurationOptions;
|
|
130
130
|
/**
|
|
131
|
-
* The Apache Airflow version for your environment. If no value is specified, it defaults to the latest version. Valid values: 1.10.12, 2.0.2, 2.2.2,
|
|
131
|
+
* The Apache Airflow version for your environment. If no value is specified, it defaults to the latest version. Valid values: 1.10.12, 2.0.2, 2.2.2, 2.4.3, and 2.5.1. For more information, see Apache Airflow versions on Amazon Managed Workflows for Apache Airflow (MWAA).
|
|
132
132
|
*/
|
|
133
133
|
AirflowVersion?: AirflowVersion;
|
|
134
134
|
/**
|
|
@@ -261,7 +261,7 @@ declare namespace MWAA {
|
|
|
261
261
|
*/
|
|
262
262
|
AirflowConfigurationOptions?: AirflowConfigurationOptions;
|
|
263
263
|
/**
|
|
264
|
-
* The Apache Airflow version on your environment. Valid values: 1.10.12, 2.0.2, 2.2.2,
|
|
264
|
+
* The Apache Airflow version on your environment. Valid values: 1.10.12, 2.0.2, 2.2.2, 2.4.3, and 2.5.1.
|
|
265
265
|
*/
|
|
266
266
|
AirflowVersion?: AirflowVersion;
|
|
267
267
|
/**
|
|
@@ -349,7 +349,7 @@ declare namespace MWAA {
|
|
|
349
349
|
*/
|
|
350
350
|
StartupScriptS3Path?: String;
|
|
351
351
|
/**
|
|
352
|
-
* The status of the Amazon MWAA environment. Valid values: CREATING - Indicates the request to create the environment is in progress. CREATE_FAILED - Indicates the request to create the environment failed, and the environment could not be created. AVAILABLE - Indicates the request was successful and the environment is ready to use. UPDATING - Indicates the request to update the environment is in progress. DELETING - Indicates the request to delete the environment is in progress. DELETED - Indicates the request to delete the environment is complete, and the environment has been deleted. UNAVAILABLE - Indicates the request failed, but the environment was unable to rollback and is not in a stable state. UPDATE_FAILED - Indicates the request to update the environment failed, and the environment has rolled back successfully and is ready to use. We recommend reviewing our troubleshooting guide for a list of common errors and their solutions. For more information, see Amazon MWAA troubleshooting.
|
|
352
|
+
* The status of the Amazon MWAA environment. Valid values: CREATING - Indicates the request to create the environment is in progress. CREATING_SNAPSHOT - Indicates the request to update environment details, or upgrade the environment version, is in progress and Amazon MWAA is creating a storage volume snapshot of the Amazon RDS database cluster associated with the environment. A database snapshot is a backup created at a specific point in time. Amazon MWAA uses snapshots to recover environment metadata if the process to update or upgrade an environment fails. CREATE_FAILED - Indicates the request to create the environment failed, and the environment could not be created. AVAILABLE - Indicates the request was successful and the environment is ready to use. UPDATING - Indicates the request to update the environment is in progress. ROLLING_BACK - Indicates the request to update environment details, or upgrade the environment version, failed and Amazon MWAA is restoring the environment using the latest storage volume snapshot. DELETING - Indicates the request to delete the environment is in progress. DELETED - Indicates the request to delete the environment is complete, and the environment has been deleted. UNAVAILABLE - Indicates the request failed, but the environment was unable to rollback and is not in a stable state. UPDATE_FAILED - Indicates the request to update the environment failed, and the environment has rolled back successfully and is ready to use. We recommend reviewing our troubleshooting guide for a list of common errors and their solutions. For more information, see Amazon MWAA troubleshooting.
|
|
353
353
|
*/
|
|
354
354
|
Status?: EnvironmentStatus;
|
|
355
355
|
/**
|
|
@@ -373,7 +373,7 @@ declare namespace MWAA {
|
|
|
373
373
|
export type EnvironmentClass = string;
|
|
374
374
|
export type EnvironmentList = EnvironmentName[];
|
|
375
375
|
export type EnvironmentName = string;
|
|
376
|
-
export type EnvironmentStatus = "CREATING"|"CREATE_FAILED"|"AVAILABLE"|"UPDATING"|"DELETING"|"DELETED"|"UNAVAILABLE"|"UPDATE_FAILED"|string;
|
|
376
|
+
export type EnvironmentStatus = "CREATING"|"CREATE_FAILED"|"AVAILABLE"|"UPDATING"|"DELETING"|"DELETED"|"UNAVAILABLE"|"UPDATE_FAILED"|"ROLLING_BACK"|"CREATING_SNAPSHOT"|string;
|
|
377
377
|
export type ErrorCode = string;
|
|
378
378
|
export type ErrorMessage = string;
|
|
379
379
|
export interface GetEnvironmentInput {
|
|
@@ -630,7 +630,7 @@ declare namespace MWAA {
|
|
|
630
630
|
*/
|
|
631
631
|
AirflowConfigurationOptions?: AirflowConfigurationOptions;
|
|
632
632
|
/**
|
|
633
|
-
* The Apache Airflow version for your environment.
|
|
633
|
+
* The Apache Airflow version for your environment. To upgrade your environment, specify a newer version of Apache Airflow supported by Amazon MWAA. Before you upgrade an environment, make sure your requirements, DAGs, plugins, and other resources used in your workflows are compatible with the new Apache Airflow version. For more information about updating your resources, see Upgrading an Amazon MWAA environment. Valid values: 1.10.12, 2.0.2, 2.2.2, 2.4.3, and 2.5.1.
|
|
634
634
|
*/
|
|
635
635
|
AirflowVersion?: AirflowVersion;
|
|
636
636
|
/**
|