awscli 1.40.43__py3-none-any.whl → 1.40.44__py3-none-any.whl

awscli/__init__.py

@@ -18,7 +18,7 @@ A Universal Command Line Environment for Amazon Web Services.
 
 import os
 
-__version__ = '1.40.43'
+__version__ = '1.40.44'
 
 #
 # Get our data path to be added to botocore's search path

awscli/examples/kms/create-key.rst

@@ -17,6 +17,7 @@ Output::
             "AWSAccountId": "111122223333",
             "Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
             "CreationDate": "2017-07-05T14:04:55-07:00",
+            "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
             "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
             "Description": "",
             "Enabled": true,
@@ -40,7 +41,7 @@ For more information, see `Creating keys <https://docs.aws.amazon.com/kms/latest
 
 **Example 2: To create an asymmetric RSA KMS key for encryption and decryption**
 
-The following ``create-key`` example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. ::
+The following ``create-key`` example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. The key spec and key usage can't be changed after the key is created.::
 
     aws kms create-key \
        --key-spec RSA_4096 \
@@ -75,7 +76,7 @@ For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.c
 
 **Example 3: To create an asymmetric elliptic curve KMS key for signing and verification**
 
-To create an asymmetric KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification. The ``--key-usage`` parameter is required even though ``SIGN_VERIFY`` is the only valid value for ECC KMS keys. ::
+To create an asymmetric KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification. The ``--key-usage`` parameter is required even though ``SIGN_VERIFY`` is the only valid value for ECC KMS keys. The key spec and key usage can't be changed after the key is created.::
 
     aws kms create-key \
         --key-spec ECC_NIST_P521 \
@@ -105,10 +106,43 @@ Output::
     }
 
 
-For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.   
+For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.
+
+**Example 4: To create an asymmetric ML-DSA KMS key for signing and verification**
+
+This example creates a module-lattice digital signature algorithm (ML-DSA) key for signing and verification. The key-usage parameter is required even though ``SIGN_VERIFY`` is the only valid value for ML-DSA keys. ::
+
+    aws kms create-key \
+        --key-spec ML_DSA_65 \
+        --key-usage SIGN_VERIFY
+
+Output::
+
+    {
+        "KeyMetadata": {
+            "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+            "AWSAccountId": "111122223333",
+            "CreationDate": "2019-12-02T07:48:55-07:00",
+            "Description": "",
+            "Enabled": true,
+            "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+            "KeyManager": "CUSTOMER",
+            "KeySpec": "ML_DSA_65",
+            "KeyState": "Enabled",
+            "KeyUsage": "SIGN_VERIFY",
+            "MultiRegion": false,
+            "Origin": "AWS_KMS",
+            "SigningAlgorithms": [
+                "ML_DSA_SHAKE_256"
+            ]
+        }
+    }
+
+
+For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.
 
 
-**Example 4: To create an HMAC KMS key**
+**Example 5: To create an HMAC KMS key**
 
 The following ``create-key`` example creates a 384-bit HMAC KMS key. The ``GENERATE_VERIFY_MAC`` value for the ``--key-usage`` parameter is required even though it's the only valid value for HMAC KMS keys. ::
 
@@ -142,7 +176,7 @@ Output::
 For more information, see `HMAC keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html>`__ in the *AWS Key Management Service Developer Guide*.  
 
 
-**Example 4: To create a multi-Region primary KMS key**
+**Example 6: To create a multi-Region primary KMS key**
 
 The following ``create-key`` example creates a multi-Region primary symmetric encryption key. Because the default values for all parameters create a symmetric encryption key, only the ``--multi-region`` parameter is required for this KMS key. In the AWS CLI, to indicate that a Boolean parameter is true, just specify the parameter name. ::
 
@@ -156,6 +190,7 @@ Output::
             "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab",
             "AWSAccountId": "111122223333",
             "CreationDate": "2021-09-02T016:15:21-09:00",
+            "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
             "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT",
             "Description": "",
             "Enabled": true,
@@ -183,7 +218,7 @@ Output::
 For more information, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.  
 
 
-**Example 5: To create a KMS key for imported key material**
+**Example 7: To create a KMS key for imported key material**
 
 The following ``create-key`` example creates a creates a KMS key with no key material. When the operation is complete, you can import your own key material into the KMS key. To create this KMS key, set the ``--origin`` parameter to ``EXTERNAL``. ::
 
@@ -253,7 +288,7 @@ Output::
 For more information, see `AWS CloudHSM key stores <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html>`__ in the *AWS Key Management Service Developer Guide*. 
 
 
-**Example 7: To create a KMS key in an external key store**
+**Example 8: To create a KMS key in an external key store**
 
 The following ``create-key`` example creates a creates a KMS key in the specified external key store. The ``--custom-key-store-id``, ``--origin``, and ``--xks-key-id`` parameters are required in this command. 
 

awscli/examples/kms/delete-imported-key-material.rst

@@ -5,6 +5,12 @@ The following ``delete-imported-key-material`` example deletes key material that
     aws kms delete-imported-key-material \
        --key-id 1234abcd-12ab-34cd-56ef-1234567890ab
 
-This command produces no output. To verify that the key material is deleted, use the ``describe-key`` command to look for a key state of ``PendingImport`` or ``PendingDeletion``.
 
-For more information, see `Deleting imported key material<https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-delete-key-material.html>`__ in the *AWS Key Management Service Developer Guide*.
+Output::
+
+    {
+        "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6"
+    }
+
+For more information, see `Deleting imported key material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-delete-key-material.html>`__ in the *AWS Key Management Service Developer Guide*.

awscli/examples/kms/describe-key.rst

@@ -14,6 +14,7 @@ Output::
             "AWSAccountId": "846764612917",
             "KeyId": "b8a9477d-836c-491f-857e-07937918959b",
             "Arn": "arn:aws:kms:us-west-2:846764612917:key/b8a9477d-836c-491f-857e-07937918959b",
+            "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
             "CreationDate": 2017-06-30T21:44:32.140000+00:00,
             "Enabled": true,
             "Description": "Default KMS key that protects my S3 objects when no other key is defined",
@@ -80,6 +81,7 @@ Output::
             "AWSAccountId": "111122223333",
             "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab",
             "CreationDate": "2021-06-28T21:09:16.114000+00:00",
+            "CurrentKeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
             "Description": "",
             "Enabled": true,
             "KeyId": "mrk-1234abcd12ab34cd56ef1234567890ab",

awscli/examples/kms/disable-key.rst

@@ -1,6 +1,6 @@
 **To temporarily disable a KMS key**
 
-The following example uses the ``disable-key`` command to disable a customer managed KMS key. To re-enable the KMS key, use the ``enable-key`` command. ::
+The following ``disable-key`` command disables a customer managed KMS key. To re-enable the KMS key, use the ``enable-key`` command. ::
 
     aws kms disable-key \
         --key-id 1234abcd-12ab-34cd-56ef-1234567890ab

awscli/examples/kms/generate-data-key-pair-without-plaintext.rst

@@ -20,6 +20,7 @@ Output::
         "PrivateKeyCiphertextBlob": "AQIDAHi6LtupRpdKl2aJTzkK6FbhOtQkMlQJJH3PdtHvS/y+hAFFxmiD134doUDzMGmfCEtcAAAHaTCCB2UGCSqGSIb3DQEHBqCCB1...",
         "PublicKey": "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3A3eGMyPrvSn7+LdlJE1oUoQV5HpEuHAVbdOyND+NmYDH/mL1OSIEuLrcdZ5hrMH4pk83r40l...",
         "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
         "KeyPairSpec": "ECC_NIST_P384"
     }
 

awscli/examples/kms/generate-data-key-pair.rst

@@ -19,6 +19,7 @@ Output::
         "PrivateKeyPlaintext": "MIIG/QIBADANBgkqhkiG9w0BAQEFAASCBucwggbjAgEAAoIBgQDcDd4YzI+u9Kfv4t2UkTWhShBXkekS4cBVt07I0P42ZgMf+YvU5IgS4ut...",
         "PublicKey": "MIIBojANBgkqhkiG9w0BAQEFAAOCAY8AMIIBigKCAYEA3A3eGMyPrvSn7+LdlJE1oUoQV5HpEuHAVbdOyND+NmYDH/mL1OSIEuLrcdZ5hrMH4pk83r40l...",
         "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6"
         "KeyPairSpec": "RSA_2048"
     }
 

awscli/examples/kms/generate-data-key-without-plaintext.rst

@@ -14,7 +14,8 @@ Output::
 
     {
         "CiphertextBlob": "AQEDAHjRYf5WytIc0C857tFSnBaPn2F8DgfmThbJlGfR8P3WlwAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDEFogL",
-        "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+        "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6"
     }
 
 The ``CiphertextBlob`` (encrypted data key) is returned in base64-encoded format. 

awscli/examples/kms/generate-data-key.rst

@@ -15,13 +15,13 @@ Output::
     {
         "Plaintext": "VdzKNHGzUAzJeRBVY+uUmofUGGiDzyB3+i9fVkh3piw=",
         "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6",
         "CiphertextBlob": "AQEDAHjRYf5WytIc0C857tFSnBaPn2F8DgfmThbJlGfR8P3WlwAAAH4wfAYJKoZIhvcNAQcGoG8wbQIBADBoBgkqhkiG9w0BBwEwHgYJYIZIAWUDBAEuMBEEDEFogLqPWZconQhwHAIBEIA7d9AC7GeJJM34njQvg4Wf1d5sw0NIo1MrBqZa+YdhV8MrkBQPeac0ReRVNDt9qleAt+SHgIRF8P0H+7U="
     }
 
 The ``Plaintext`` (plaintext data key) and the ``CiphertextBlob`` (encrypted data key) are returned in base64-encoded format. 
 
-For more information, see `Data keys <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys`__ in the *AWS Key Management Service Developer Guide*.
- 
+For more information, see `Data keys <https://docs.aws.amazon.com/kms/latest/developerguide/data-keys.html>`__ in the *AWS Key Management Service Developer Guide*.
 **Example 2: To generate a 512-bit symmetric data key**
 
 The following ``generate-data-key`` example requests a 512-bit symmetric data key for encryption and decryption. The command returns a plaintext data key for immediate use and deletion, and a copy of that data key encrypted under the specified KMS key. You can safely store the encrypted data key with the encrypted data. 
@@ -41,9 +41,10 @@ Output::
     {
         "CiphertextBlob": "AQIBAHi6LtupRpdKl2aJTzkK6FbhOtQkMlQJJH3PdtHvS/y+hAEnX/QQNmMwDfg2korNMEc8AAACaDCCAmQGCSqGSIb3DQEHBqCCAlUwggJRAgEAMIICSgYJKoZ...",
         "Plaintext": "ty8Lr0Bk6OF07M2BWt6qbFdNB+G00ZLtf5MSEb4al3R2UKWGOp06njAwy2n72VRm2m7z/Pm9Wpbvttz6a4lSo9hgPvKhZ5y6RTm4OovEXiVfBveyX3DQxDzRSwbKDPk/...",
-        "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"
+        "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6"
     }
 
 The ``Plaintext`` (plaintext data key) and ``CiphertextBlob`` (encrypted data key) are returned in base64-encoded format. 
 
-For more information, see `Data keys <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys`__ in the *AWS Key Management Service Developer Guide*.
+For more information, see `Data keys <https://docs.aws.amazon.com/kms/latest/developerguide/data-keys.html>`__ in the *AWS Key Management Service Developer Guide*.

awscli/examples/kms/generate-mac.rst

@@ -0,0 +1,45 @@
+**Example 1: To generate an HMAC for a message**
+
+The following ``generate-mac`` command generates an HMAC for a message, an HMAC KMS key, and a MAC algorithm. The algorithm must be supported by the specified HMAC KMS key.
+
+In AWS CLI v2, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file.
+
+Before running this command, replace the example key ID with a valid key ID from your AWS account. The key ID must represent a HMAC KMS key with a key usage of ``GENERATE_VERIFY_MAC``. ::
+
+    msg=(echo 'Hello World' | base64)
+    
+    aws kms generate-mac \
+        --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \
+        --message fileb://Message \
+        --mac-algorithm HMAC_SHA_384
+
+Output::
+
+    {
+        "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "Mac": "<HMAC_TAG>",
+        "MacAlgorithm": "HMAC_SHA_384"
+    }
+
+For more information about using HMAC KMS keys in AWS KMS, see `HMAC keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html>`__ in the *AWS Key Management Service Developer Guide*.
+
+**Example 2: To save an HMAC in a file (Linux and macOs)**
+
+The following ``generate-mac``  example generates an HMAC for a short message stored in a local file. The command also gets the ``Mac`` property from the response, Base64-decodes it and saves it in the ExampleMac file. You can use the MAC file in a ``verify-mac`` command that verifies the MAC.
+
+The ``generate-mac`` command requires a Base64-encoded message and a MAC algorithm that your HMAC KMS key supports. To get the MAC algorithms that your KMS key supports, use the ``describe-key`` command.
+
+Before running this command, replace the example key ID with a valid key ID from your AWS account. The key ID must represent an asymmetric KMS key with a key usage of GENERATE_VERIFY_MAC. ::
+
+    echo 'hello world' | base64 > EncodedMessage
+
+    aws kms generate-mac \
+        --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \
+        --message fileb://EncodedMessage \
+        --mac-algorithm HMAC_SHA_384 \
+        --output text \
+        --query Mac | base64 --decode > ExampleMac
+
+This command produces no output. This example extracts the ``Mac`` property of the output and saves it in a file.
+
+For more information about using HMAC KMS keys in AWS KMS, see `HMAC keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html>`__ in the *AWS Key Management Service Developer Guide*.

awscli/examples/kms/generate-random.rst

@@ -6,7 +6,7 @@ When you run this command, you must use the ``number-of-bytes`` parameter to spe
 
 You don't specify a KMS key when you run this command. The random byte string is unrelated to any KMS key. 
 
-By default, AWS KMS generates the random number. However, if you specify a `custom key store<https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html>`__, the random byte string is generated in the AWS CloudHSM cluster associated with the custom key store.
+By default, AWS KMS generates the random number. However, if you specify a `custom key store <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html>`__, the random byte string is generated in the AWS CloudHSM cluster associated with the custom key store.
 
 This example uses the following parameters and values:
 

awscli/examples/kms/get-public-key.rst

@@ -20,8 +20,7 @@ Output::
         ]
     }
 
-For more information about using asymmetric KMS keys in AWS KMS, see `Using Symmetric and Asymmetric Keys <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service API Reference*.
-
+For more information about using asymmetric KMS keys in AWS KMS, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.
 **Example 2: To convert a public key to DER format (Linux and macOS)**
 
 The following ``get-public-key`` example downloads the public key of an asymmetric KMS key and saves it in a DER file.
@@ -37,4 +36,4 @@ Before running this command, replace the example key ID with a valid key ID from
 
 This command produces no output.
 
-For more information about using asymmetric KMS keys in AWS KMS, see `Using Symmetric and Asymmetric Keys <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service API Reference*.
+For more information about using asymmetric KMS keys in AWS KMS, see `Asymmetric keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html>`__ in the *AWS Key Management Service Developer Guide*.

awscli/examples/kms/import-key-material.rst

@@ -15,6 +15,11 @@ Before running this command, replace the example key ID with a valid key ID or k
         --expiration-model KEY_MATERIAL_EXPIRES \
         --valid-to 2021-09-21T19:00:00Z
 
-This command produces no output.
+Output::
+
+    {
+        "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab",
+        "KeyMaterialId": "0b7fd7ddbac6eef27907413567cad8c810e2883dc8a7534067a82ee1142fc1e6"
+    }
 
 For more information about importing key material, see `Importing Key Material <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html>`__ in the *AWS Key Management Service Developer Guide*.

awscli/examples/kms/re-encrypt.rst

@@ -4,7 +4,7 @@ The following ``re-encrypt`` command example demonstrates the recommended way to
 
 * Provide the ciphertext in a file. 
 
-    In the value of the ``--ciphertext-blob`` parameter, use the ``fileb://`` prefix, which tells the CLI to read the data from a binary file. If the file is not in the current directory, type the full path to file. For more information about reading AWS CLI parameter values from a file, see `Loading AWS CLI parameters from a file <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-file.html>` in the *AWS Command Line Interface User Guide* and `Best Practices for Local File Parameters<https://aws.amazon.com/blogs/developer/best-practices-for-local-file-parameters/>` in the *AWS Command Line Tool Blog*.
+    In the value of the ``--ciphertext-blob`` parameter, use the ``fileb://`` prefix, which tells the CLI to read the data from a binary file. If the file is not in the current directory, type the full path to file. For more information about reading AWS CLI parameter values from a file, see `Loading AWS CLI parameters from a file <https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-file.html>`__ in the *AWS Command Line Interface User Guide* and `Best Practices for Local File Parameters <https://aws.amazon.com/blogs/developer/best-practices-for-local-file-parameters/>`__ in the *AWS Command Line Tool Blog*.
 
 * Specify the source KMS key, which decrypts the ciphertext.
 
@@ -34,7 +34,7 @@ Before running this command, replace the example key IDs with valid key identifi
 
 This command produces no output. The output from the ``re-encrypt`` command is base64-decoded and saved in a file.
 
-For more information, see `ReEncrypt <https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html`__ in the *AWS Key Management Service API Reference*.
+For more information, see `ReEncrypt <https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html>`__ in the *AWS Key Management Service API Reference*.
 
 **Example 2: To re-encrypt an encrypted message under a different symmetric KMS key (Windows command prompt).**
 
@@ -59,4 +59,4 @@ Output::
     Output Length = 12
     CertUtil: -decode command completed successfully.
 
-For more information, see `ReEncrypt <https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html`__ in the *AWS Key Management Service API Reference*.
+For more information, see `ReEncrypt <https://docs.aws.amazon.com/kms/latest/APIReference/API_ReEncrypt.html>`__ in the *AWS Key Management Service API Reference*.

awscli/examples/kms/sign.rst

@@ -4,7 +4,7 @@ The following ``sign`` example generates a cryptographic signature for a short m
 
 You must specify a message to sign and a signing algorithm that your asymmetric KMS key supports. To get the signing algorithms for your KMS key, use the ``describe-key`` command. 
 
-In AWS CLI 2.0, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file.
+In AWS CLI v2, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file.
 
 Before running this command, replace the example key ID with a valid key ID from your AWS account. The key ID must represent an asymmetric KMS key with a key usage of SIGN_VERIFY. ::
 

awscli/examples/kms/verify-mac.rst

@@ -0,0 +1,27 @@
+**Example 1: To verify an HMAC**
+
+The following ``verify-mac`` command verifies an HMAC for a particular message, HMAC KMS keys, and MAC algorithm. A value of 'true' in the MacValid value in the response indicates that the HMAC is valid.
+
+In AWS CLI v2, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file.
+
+The MAC that you specify cannot be base64-encoded. For help decoding the MAC that the ``generate-mac`` command returns, see the ``generate-mac`` command examples.
+
+Before running this command, replace the example key ID with a valid key ID from your AWS account. The key ID must represent a HMAC KMS key with a key usage of ``GENERATE_VERIFY_MAC``. ::
+
+    msg=(echo 'Hello World' | base64)
+    
+    aws kms verify-mac \
+        --key-id 1234abcd-12ab-34cd-56ef-1234567890ab \
+        --message fileb://Message \
+        --mac-algorithm HMAC_SHA_384 \
+        --mac fileb://ExampleMac
+
+Output::
+
+    {
+        "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
+        "MacValid": true,
+        "MacAlgorithm": "HMAC_SHA_384"
+    }
+
+For more information about using HMAC KMS keys in AWS KMS, see `HMAC keys in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html>`__ in the *AWS Key Management Service Developer Guide*.

awscli/examples/kms/verify.rst

@@ -1,6 +1,10 @@
 **To verify a digital signature**
 
-The following ``verify`` example verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message. The signature that you specify cannot be base64-encoded. For help decoding the signature that the ``sign`` command returns, see the ``sign`` command examples.
+The following ``verify`` command verifies a cryptographic signature for a short, Base64-encoded message. The key ID, message, message type, and signing algorithm must be same ones that were used to sign the message.
+
+In AWS CLI v2, the value of the ``message`` parameter must be Base64-encoded. Or, you can save the message in a file and use the ``fileb://`` prefix, which tells the AWS CLI to read binary data from the file.
+
+The signature that you specify cannot be base64-encoded. For help decoding the signature that the ``sign`` command returns, see the ``sign`` command examples.
 
 The output of the command includes a Boolean ``SignatureValid`` field that indicates that the signature was verified. If the signature validation fails, the ``verify`` command fails, too.
 

{awscli-1.40.43.dist-info → awscli-1.40.44.dist-info}/METADATA

@@ -1,6 +1,6 @@
 Metadata-Version: 2.1
 Name: awscli
-Version: 1.40.43
+Version: 1.40.44
 Summary: Universal Command Line Environment for AWS.
 Home-page: http://aws.amazon.com/cli/
 Author: Amazon Web Services
@@ -20,9 +20,10 @@ Classifier: Programming Language :: Python :: 3.9
 Classifier: Programming Language :: Python :: 3.10
 Classifier: Programming Language :: Python :: 3.11
 Classifier: Programming Language :: Python :: 3.12
+Classifier: Programming Language :: Python :: 3.13
 Requires-Python: >= 3.9
 License-File: LICENSE.txt
-Requires-Dist: botocore (==1.38.44)
+Requires-Dist: botocore (==1.38.45)
 Requires-Dist: docutils (<=0.19,>=0.18.1)
 Requires-Dist: s3transfer (<0.14.0,>=0.13.0)
 Requires-Dist: PyYAML (<6.1,>=3.10)

{awscli-1.40.43.dist-info → awscli-1.40.44.dist-info}/RECORD

@@ -1,4 +1,4 @@
-awscli/__init__.py,sha256=uaODdPD2t2LXXqnnrKU6Z2JoJuYliazQJGm8rBxeiV8,1534
+awscli/__init__.py,sha256=-J1OW2-ugOFTVL7uDVRN5d8e1l1fNn0LcsxduxhGNdA,1534
 awscli/__main__.py,sha256=iBjOg0tBxNlhzTi_tyc1G0SMGBvHMVvBJzX3JqYaooY,662
 awscli/alias.py,sha256=Jj2jetpajUMcjqx9tFhHUOKpzLChQygnH2zqDFfmgIM,11315
 awscli/argparser.py,sha256=3Pxx-vWytdV985Y6MIl9DeutUXyehIvACIs_PDby8GI,7650
@@ -3907,30 +3907,31 @@ awscli/examples/kms/connect-custom-key-store.rst,sha256=8lEzgdk0W6mwEJUJ9ldM3HZk
 awscli/examples/kms/create-alias.rst,sha256=sEsswzqxDZHiXNRsOjsTIBYxXDgHjIt5VzeoGlXeTgE,729
 awscli/examples/kms/create-custom-key-store.rst,sha256=rfGO0VWX87Iy4HxhRjGd8NsGEScyLFb-s0XspBuMyV0,3838
 awscli/examples/kms/create-grant.rst,sha256=SntoNVAyzGI1jZEWS3NboPpGQAsiWeyuxdX88QY--Xk,1209
-awscli/examples/kms/create-key.rst,sha256=Qs0qSFmyykWE4Xf2Njv8k29b567Tm05hROFjyzIsOUw,12458
+awscli/examples/kms/create-key.rst,sha256=39ZwKfz_sfiwLhPVL_3Rx8bowaHARZc6l8H6A0M0LEo,14063
 awscli/examples/kms/decrypt.rst,sha256=LGLUlzg2kN7Ohv6hUoqMGRAsY-RD4pax1xrVUfYd9l4,4551
 awscli/examples/kms/delete-alias.rst,sha256=D6-ouqnsUth7Je9N--YUWHQaSrRdhVg9VIh-y-1is7M,502
 awscli/examples/kms/delete-custom-key-store.rst,sha256=Tfi9Zw20otPF4BmNW6zrU7nioehLkKIXmJVaw8Qb0mo,1503
-awscli/examples/kms/delete-imported-key-material.rst,sha256=0VQHh3htiI8i7GFW1r_jNoF4NmmiFrpuG1E-E4dPHJY,656
+awscli/examples/kms/delete-imported-key-material.rst,sha256=WABose65pvZQ4h6T8AVUhPn6QaKPrzDP2hzFOFc3cUE,650
 awscli/examples/kms/derive-shared-secret.rst,sha256=Ousf6DKTT_jMGnaiqqRLEUzothWthYcGIBS7e1GluZY,1158
 awscli/examples/kms/describe-custom-key-stores.rst,sha256=VyFafEje-Z7447sZYQE_fq24ex6be5OeTFc23F-AF-0,5450
-awscli/examples/kms/describe-key.rst,sha256=0bXJjEKi65152AR3R0o8OHzey-iM_nGtK8wyEHOvt8Y,5895
+awscli/examples/kms/describe-key.rst,sha256=oWv44bQsw_mkvN0474JkYLmCuLHNlBcGyO-xzaNfOso,6105
 awscli/examples/kms/disable-key-rotation.rst,sha256=nCRixoG43u9lcJS-qIZy7noGpDqr5gQJ-WUcYVwbRaI,679
-awscli/examples/kms/disable-key.rst,sha256=-3kzAD12RtF4YdVoFqQuZmJsb8_4SmNzpvnU1mzU7UU,503
+awscli/examples/kms/disable-key.rst,sha256=JgmfqD1OkADVbm_jejdkpAKGoig8AgRZusqgRk6tEig,484
 awscli/examples/kms/disconnect-custom-key-store.rst,sha256=n7JHEcbG6qwWtyWYMpwvDO57jm6pG2ASTMUUKyYeU8w,1285
 awscli/examples/kms/enable-key-rotation.rst,sha256=K1TERE04TcjkfvX_fcz7Biwky6SFcDo0K80md2hbFZo,1142
 awscli/examples/kms/enable-key.rst,sha256=kRch6rLw9mqzrKefqqh1uVaCcEWI2fBcyLzOepqfXPs,1048
 awscli/examples/kms/encrypt.rst,sha256=8bmOjh07MVLNMkvzXvslsFej6G-80R4pDzTLT4yEAwk,3552
-awscli/examples/kms/generate-data-key-pair-without-plaintext.rst,sha256=K9XRyB5wLt9amTejvYdebyjqmbrrUr03_BPjSu5b3KE,1701
-awscli/examples/kms/generate-data-key-pair.rst,sha256=WRXDrK0rzY-5Zad6OBrBLduMNR2I8SVsoSKYZ-KmLBA,1772
-awscli/examples/kms/generate-data-key-without-plaintext.rst,sha256=JfUB_Fc0UTjem61DJ0swx673CZgjeXj-4yQC3If0-zg,1382
-awscli/examples/kms/generate-data-key.rst,sha256=ZwzeGxADjAs9ezCtooVWUcqpI2Vum3JM6e3Zn8434CI,3246
-awscli/examples/kms/generate-random.rst,sha256=YibgR5AkVhvQsV5M2yteAcDmyo2RINK86AkT9mGDhzQ,3232
+awscli/examples/kms/generate-data-key-pair-without-plaintext.rst,sha256=gN7K66TYUddbxIx_KO5U-_jNb1HIO_sxWdaEwKspu1g,1794
+awscli/examples/kms/generate-data-key-pair.rst,sha256=SErHatPyndL0NUb-nElLjRWNLoVg2ALBUuJaWWIqokY,1864
+awscli/examples/kms/generate-data-key-without-plaintext.rst,sha256=nOir89C7KokaoDu1nrz5nu4EPLZg_dThM_6RlQRLxrg,1475
+awscli/examples/kms/generate-data-key.rst,sha256=iwP6qW1QnYy7SWROtQ6c5mNfLD8YiUtSy0P380k_rI8,3414
+awscli/examples/kms/generate-mac.rst,sha256=yfMxjLJuP3mspQnKdfMxy8nyPFBkes0f2GmbBjx67jI,2629
+awscli/examples/kms/generate-random.rst,sha256=dbDNtokE74zkjmkWyr0KhEUpMC6oDNP-uQfuh2p1eW8,3233
 awscli/examples/kms/get-key-policy.rst,sha256=cPbzGXXI6qWDmtMBmWj3Lr5N340Mqpcj7URt8LE1BkI,956
 awscli/examples/kms/get-key-rotation-status.rst,sha256=jdAwWEi8zQNZ5j34yws2EMxtfWfY45-zzAJ56khStoQ,936
 awscli/examples/kms/get-parameters-for-import.rst,sha256=8haK9p9_iP3gKpMj-iolSGGZXeanuNl7wcmsAHng7FU,1393
-awscli/examples/kms/get-public-key.rst,sha256=r-_vZUmzglarhSn_w_zz9deZe1iboRVO7gG5dAB2LcU,2370
-awscli/examples/kms/import-key-material.rst,sha256=-3SAcion0nRRddRgKkYBjMUgHn56mdPD7gTdbVaZZmo,1545
+awscli/examples/kms/get-public-key.rst,sha256=B3vF0Fni1l3-N6HxjPvMcVecpjmdXPIbW5TLsOQYZgs,2352
+awscli/examples/kms/import-key-material.rst,sha256=JwHrbmrbjcfM7MDBgeeOYrn8q29SKUmHNS-FvoIjCQ0,1688
 awscli/examples/kms/list-aliases.rst,sha256=Qj8w9X2eRuEvmnfCGAIhArg6m2y1rAG_35EpQl3-8xo,2783
 awscli/examples/kms/list-grants.rst,sha256=sRDRy8GKeqp8IR93Bhcl8mEhrJUo4TVhckdSJoJL3Ac,2611
 awscli/examples/kms/list-key-policies.rst,sha256=DqSoBwSISPTsuYOaPCJVKBCH2WiNyGjOu_e_Eyn1Vis,926
@@ -3939,18 +3940,19 @@ awscli/examples/kms/list-keys.rst,sha256=7AU8FcguZhieFBZy1OJLXSVYxD1yeFQsahwct0v
 awscli/examples/kms/list-resource-tags.rst,sha256=yxMChbUFcsUMuFHkqg--SnFtXSRDLruJWMBZ5QhwRhc,980
 awscli/examples/kms/list-retirable-grants.rst,sha256=vNwoazokaY0bmd01wmSUU2Z2LAxQuRdI8VqIMeJFqIE,2986
 awscli/examples/kms/put-key-policy.rst,sha256=0RShtw3i2AEeLFqvX-F3Y_4bXclotdNudduzGR57iiE,3550
-awscli/examples/kms/re-encrypt.rst,sha256=L-QoWhG9Hex3jL_JB5-_J3pnLYObOxvQipX9igU_sr0,3910
+awscli/examples/kms/re-encrypt.rst,sha256=gkkckSzbDmFtje-AwGWuzKrIEddhQLBXuQkVr-jrbMM,3917
 awscli/examples/kms/retire-grant.rst,sha256=YfvnDEtF4KkRJwjA1mqE73F6Qlape5yauDzZkkg-kv0,810
 awscli/examples/kms/revoke-grant.rst,sha256=tU7dy1BDcDYOEkgT5TBr35ZkLQKEOdjOTSoxptAeU0A,776
 awscli/examples/kms/rotate-key-on-demand.rst,sha256=vzTAKK9MHfTtCn2thIcolK3tuPG3bDqVWK4owRvVo7c,578
 awscli/examples/kms/schedule-key-deletion.rst,sha256=54Lj5xJSaK1ETKOFvEVbUj08fdtcNPz2dVeuohJrLZ4,1470
-awscli/examples/kms/sign.rst,sha256=KyyDxYcOeYeaK-Rr4ucUzxAce4Nr3GmEofyKJnZxG1Y,3151
+awscli/examples/kms/sign.rst,sha256=QlFiaYZ0o_Re6XrflHY5mEg08kf-nA-NezqG7uqCHrM,3150
 awscli/examples/kms/tag-resource.rst,sha256=OL8u89tF_q7W6d9ew_FjfGLXZiGgaO7VTAQytqtey7s,891
 awscli/examples/kms/untag-resource.rst,sha256=IBcUXHx_OPeeFOTBunGqjOGmiQqitdlufDAXdFqDzVg,836
 awscli/examples/kms/update-alias.rst,sha256=EEM-3C8WyBG5CcC5OtscHXCaemkRH0m2j5B8KGYINdA,814
 awscli/examples/kms/update-custom-key-store.rst,sha256=uFft481lH9qEBbmkBZorQkR_VbNLbo_pnZOtBt5OiIA,6772
 awscli/examples/kms/update-key-description.rst,sha256=UjbMlCZUBJUqAgKPWbyZEiaeDmBenYRLkDv3XnQONsI,1896
-awscli/examples/kms/verify.rst,sha256=J3QSmX90ESkWLdTCOzdh5TGpoWTvBKBWG8AkMqBtdX4,1413
+awscli/examples/kms/verify-mac.rst,sha256=IkhQtgg649HFbk91numIsG6nIIhP-tb6Ah6-WRgFg5c,1451
+awscli/examples/kms/verify.rst,sha256=SafCHcjajKsuBTNX8Xv8Ps7DV8WiOIROKwwRT6JlO8Y,1628
 awscli/examples/lakeformation/add-lf-tags-to-resource.rst,sha256=3h-tZiAlsNZZgpAi6l0aBqKphs-m69XBQb0AxbDx9I8,984
 awscli/examples/lakeformation/batch-grant-permissions.rst,sha256=vEruZMKkB-FDtqeIuF9waN7IFLWj8NDFHn9orRODCOY,3267
 awscli/examples/lakeformation/batch-revoke-permissions.rst,sha256=l54CLtj4Fd3vPXjFhb37ntVe_d7LycJDRWgdPV4Wdjs,1962
@@ -6162,13 +6164,13 @@ awscli/topics/return-codes.rst,sha256=d9lpNFZwD75IiYcDEADQzu-4QiR8P28UPHkrNwPV5J
 awscli/topics/s3-config.rst,sha256=5EIVd4ggLBHtzjtHFvQp9hY415yMGZiG7S_rO9qy2t0,11663
 awscli/topics/s3-faq.rst,sha256=9qO0HFI6F9hx1wVEUDl8Jy6yoCUd9zbtv-Z0Re4dsiw,2934
 awscli/topics/topic-tags.json,sha256=6lUSrs3FKCZNRSQMnjcXNgWyRNGjZIeur1988a4IO5o,1577
-awscli-1.40.43.data/scripts/aws,sha256=r24FExgs0-JjILTQ3XZAqXBYE4SV6UMTtALkLGAj86g,805
-awscli-1.40.43.data/scripts/aws.cmd,sha256=s46DkC6LNgX63CIkzxxbPnFMJ6DRDBkvc88GnWa8Pvg,1432
-awscli-1.40.43.data/scripts/aws_bash_completer,sha256=RRpoEGJRagRzyHZKZZOwpltuVYv2EoiZsdXhmyWPZ54,204
-awscli-1.40.43.data/scripts/aws_completer,sha256=oC9kuMDlWE47dWk_4xjPde2PQvN-M0vND0J4YSLabVQ,1126
-awscli-1.40.43.data/scripts/aws_zsh_completer.sh,sha256=Qm6Z8ejNAMzpJjaT0pzqxbSDT2zxdmzVe5haRA7qLoc,1808
-awscli-1.40.43.dist-info/LICENSE.txt,sha256=o5XhFlwu0OK_BBrijlKCRa7dQAm36UrUB3gCV_cEr8E,549
-awscli-1.40.43.dist-info/METADATA,sha256=sxV_POXCXW_BLk9IoNDyxSVGhslVJx1mk2hIjN2gbPQ,11055
-awscli-1.40.43.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
-awscli-1.40.43.dist-info/top_level.txt,sha256=vt9wXFr1_nGYK6abhJgt6zY3fULe4JSZedm_5XOM9S0,7
-awscli-1.40.43.dist-info/RECORD,,
+awscli-1.40.44.data/scripts/aws,sha256=r24FExgs0-JjILTQ3XZAqXBYE4SV6UMTtALkLGAj86g,805
+awscli-1.40.44.data/scripts/aws.cmd,sha256=s46DkC6LNgX63CIkzxxbPnFMJ6DRDBkvc88GnWa8Pvg,1432
+awscli-1.40.44.data/scripts/aws_bash_completer,sha256=RRpoEGJRagRzyHZKZZOwpltuVYv2EoiZsdXhmyWPZ54,204
+awscli-1.40.44.data/scripts/aws_completer,sha256=oC9kuMDlWE47dWk_4xjPde2PQvN-M0vND0J4YSLabVQ,1126
+awscli-1.40.44.data/scripts/aws_zsh_completer.sh,sha256=Qm6Z8ejNAMzpJjaT0pzqxbSDT2zxdmzVe5haRA7qLoc,1808
+awscli-1.40.44.dist-info/LICENSE.txt,sha256=o5XhFlwu0OK_BBrijlKCRa7dQAm36UrUB3gCV_cEr8E,549
+awscli-1.40.44.dist-info/METADATA,sha256=5UPbmrX0fDLetmsu7Nr3uHW2Pw4lSj5Y7-b-7VV5p8w,11106
+awscli-1.40.44.dist-info/WHEEL,sha256=GV9aMThwP_4oNCtvEC2ec3qUYutgWeAzklro_0m4WJQ,91
+awscli-1.40.44.dist-info/top_level.txt,sha256=vt9wXFr1_nGYK6abhJgt6zY3fULe4JSZedm_5XOM9S0,7
+awscli-1.40.44.dist-info/RECORD,,