1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package kms 4 5import ( 6 "fmt" 7 "time" 8 9 "github.com/aws/aws-sdk-go/aws" 10 "github.com/aws/aws-sdk-go/aws/awsutil" 11 "github.com/aws/aws-sdk-go/aws/request" 12 "github.com/aws/aws-sdk-go/private/protocol" 13 "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" 14) 15 16const opCancelKeyDeletion = "CancelKeyDeletion" 17 18// CancelKeyDeletionRequest generates a "aws/request.Request" representing the 19// client's request for the CancelKeyDeletion operation. The "output" return 20// value will be populated with the request's response once the request completes 21// successfully. 22// 23// Use "Send" method on the returned Request to send the API call to the service. 24// the "output" return value is not valid until after Send returns without error. 25// 26// See CancelKeyDeletion for more information on using the CancelKeyDeletion 27// API call, and error handling. 28// 29// This method is useful when you want to inject custom logic or configuration 30// into the SDK's request lifecycle. Such as custom headers, or retry logic. 31// 32// 33// // Example sending a request using the CancelKeyDeletionRequest method. 34// req, resp := client.CancelKeyDeletionRequest(params) 35// 36// err := req.Send() 37// if err == nil { // resp is now filled 38// fmt.Println(resp) 39// } 40// 41// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion 42func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *request.Request, output *CancelKeyDeletionOutput) { 43 op := &request.Operation{ 44 Name: opCancelKeyDeletion, 45 HTTPMethod: "POST", 46 HTTPPath: "/", 47 } 48 49 if input == nil { 50 input = &CancelKeyDeletionInput{} 51 } 52 53 output = &CancelKeyDeletionOutput{} 54 req = c.newRequest(op, input, output) 55 return 56} 57 58// CancelKeyDeletion API operation for AWS Key Management Service. 59// 60// Cancels the deletion of a customer master key (CMK). When this operation 61// is successful, the CMK is set to the Disabled state. To enable a CMK, use 62// EnableKey. You cannot perform this operation on a CMK in a different AWS 63// account. 64// 65// For more information about scheduling and canceling deletion of a CMK, see 66// Deleting Customer Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) 67// in the AWS Key Management Service Developer Guide. 68// 69// The result of this operation varies with the key state of the CMK. For details, 70// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 71// in the AWS Key Management Service Developer Guide. 72// 73// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 74// with awserr.Error's Code and Message methods to get detailed information about 75// the error. 76// 77// See the AWS API reference guide for AWS Key Management Service's 78// API operation CancelKeyDeletion for usage and error information. 79// 80// Returned Error Codes: 81// * ErrCodeNotFoundException "NotFoundException" 82// The request was rejected because the specified entity or resource could not 83// be found. 84// 85// * ErrCodeInvalidArnException "InvalidArnException" 86// The request was rejected because a specified ARN, or an ARN in a key policy, 87// is not valid. 88// 89// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 90// The system timed out while trying to fulfill the request. The request can 91// be retried. 92// 93// * ErrCodeInternalException "KMSInternalException" 94// The request was rejected because an internal exception occurred. The request 95// can be retried. 96// 97// * ErrCodeInvalidStateException "KMSInvalidStateException" 98// The request was rejected because the state of the specified resource is not 99// valid for this request. 100// 101// For more information about how key state affects the use of a CMK, see How 102// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 103// in the AWS Key Management Service Developer Guide. 104// 105// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion 106func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) { 107 req, out := c.CancelKeyDeletionRequest(input) 108 return out, req.Send() 109} 110 111// CancelKeyDeletionWithContext is the same as CancelKeyDeletion with the addition of 112// the ability to pass a context and additional request options. 113// 114// See CancelKeyDeletion for details on how to use this API operation. 115// 116// The context must be non-nil and will be used for request cancellation. If 117// the context is nil a panic will occur. In the future the SDK may create 118// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 119// for more information on using Contexts. 120func (c *KMS) CancelKeyDeletionWithContext(ctx aws.Context, input *CancelKeyDeletionInput, opts ...request.Option) (*CancelKeyDeletionOutput, error) { 121 req, out := c.CancelKeyDeletionRequest(input) 122 req.SetContext(ctx) 123 req.ApplyOptions(opts...) 124 return out, req.Send() 125} 126 127const opConnectCustomKeyStore = "ConnectCustomKeyStore" 128 129// ConnectCustomKeyStoreRequest generates a "aws/request.Request" representing the 130// client's request for the ConnectCustomKeyStore operation. The "output" return 131// value will be populated with the request's response once the request completes 132// successfully. 133// 134// Use "Send" method on the returned Request to send the API call to the service. 135// the "output" return value is not valid until after Send returns without error. 136// 137// See ConnectCustomKeyStore for more information on using the ConnectCustomKeyStore 138// API call, and error handling. 139// 140// This method is useful when you want to inject custom logic or configuration 141// into the SDK's request lifecycle. Such as custom headers, or retry logic. 142// 143// 144// // Example sending a request using the ConnectCustomKeyStoreRequest method. 145// req, resp := client.ConnectCustomKeyStoreRequest(params) 146// 147// err := req.Send() 148// if err == nil { // resp is now filled 149// fmt.Println(resp) 150// } 151// 152// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore 153func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (req *request.Request, output *ConnectCustomKeyStoreOutput) { 154 op := &request.Operation{ 155 Name: opConnectCustomKeyStore, 156 HTTPMethod: "POST", 157 HTTPPath: "/", 158 } 159 160 if input == nil { 161 input = &ConnectCustomKeyStoreInput{} 162 } 163 164 output = &ConnectCustomKeyStoreOutput{} 165 req = c.newRequest(op, input, output) 166 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 167 return 168} 169 170// ConnectCustomKeyStore API operation for AWS Key Management Service. 171// 172// Connects or reconnects a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 173// to its associated AWS CloudHSM cluster. 174// 175// The custom key store must be connected before you can create customer master 176// keys (CMKs) in the key store or use the CMKs it contains. You can disconnect 177// and reconnect a custom key store at any time. 178// 179// To connect a custom key store, its associated AWS CloudHSM cluster must have 180// at least one active HSM. To get the number of active HSMs in a cluster, use 181// the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) 182// operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) 183// operation. 184// 185// The connection process can take an extended amount of time to complete; up 186// to 20 minutes. This operation starts the connection process, but it does 187// not wait for it to complete. When it succeeds, this operation quickly returns 188// an HTTP 200 response and a JSON object with no properties. However, this 189// response does not indicate that the custom key store is connected. To get 190// the connection state of the custom key store, use the DescribeCustomKeyStores 191// operation. 192// 193// During the connection process, AWS KMS finds the AWS CloudHSM cluster that 194// is associated with the custom key store, creates the connection infrastructure, 195// connects to the cluster, logs into the AWS CloudHSM client as the kmsuser 196// crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) 197// (CU), and rotates its password. 198// 199// The ConnectCustomKeyStore operation might fail for various reasons. To find 200// the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode 201// in the response. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry. 202// 203// To fix the failure, use the DisconnectCustomKeyStore operation to disconnect 204// the custom key store, correct the error, use the UpdateCustomKeyStore operation 205// if necessary, and then use ConnectCustomKeyStore again. 206// 207// If you are having trouble connecting or disconnecting a custom key store, 208// see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) 209// in the AWS Key Management Service Developer Guide. 210// 211// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 212// with awserr.Error's Code and Message methods to get detailed information about 213// the error. 214// 215// See the AWS API reference guide for AWS Key Management Service's 216// API operation ConnectCustomKeyStore for usage and error information. 217// 218// Returned Error Codes: 219// * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException" 220// The request was rejected because the AWS CloudHSM cluster that is associated 221// with the custom key store is not active. Initialize and activate the cluster 222// and try the command again. For detailed instructions, see Getting Started 223// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) 224// in the AWS CloudHSM User Guide. 225// 226// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" 227// The request was rejected because of the ConnectionState of the custom key 228// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores 229// operation. 230// 231// This exception is thrown under the following conditions: 232// 233// * You requested the CreateKey or GenerateRandom operation in a custom 234// key store that is not connected. These operations are valid only when 235// the custom key store ConnectionState is CONNECTED. 236// 237// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation 238// on a custom key store that is not disconnected. This operation is valid 239// only when the custom key store ConnectionState is DISCONNECTED. 240// 241// * You requested the ConnectCustomKeyStore operation on a custom key store 242// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid 243// for all other ConnectionState values. 244// 245// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" 246// The request was rejected because AWS KMS cannot find a custom key store with 247// the specified key store name or ID. 248// 249// * ErrCodeInternalException "KMSInternalException" 250// The request was rejected because an internal exception occurred. The request 251// can be retried. 252// 253// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" 254// The request was rejected because the associated AWS CloudHSM cluster did 255// not meet the configuration requirements for a custom key store. 256// 257// * The cluster must be configured with private subnets in at least two 258// different Availability Zones in the Region. 259// 260// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) 261// (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound 262// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound 263// rules and the Destination in the outbound rules must match the security 264// group ID. These rules are set by default when you create the cluster. 265// Do not delete or change them. To get information about a particular security 266// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) 267// operation. 268// 269// * The cluster must contain at least as many HSMs as the operation requires. 270// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) 271// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey 272// operations, the AWS CloudHSM cluster must have at least two active HSMs, 273// each in a different Availability Zone. For the ConnectCustomKeyStore operation, 274// the AWS CloudHSM must contain at least one active HSM. 275// 276// For information about the requirements for an AWS CloudHSM cluster that is 277// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) 278// in the AWS Key Management Service Developer Guide. For information about 279// creating a private subnet for an AWS CloudHSM cluster, see Create a Private 280// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) 281// in the AWS CloudHSM User Guide. For information about cluster security groups, 282// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) 283// in the AWS CloudHSM User Guide . 284// 285// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore 286func (c *KMS) ConnectCustomKeyStore(input *ConnectCustomKeyStoreInput) (*ConnectCustomKeyStoreOutput, error) { 287 req, out := c.ConnectCustomKeyStoreRequest(input) 288 return out, req.Send() 289} 290 291// ConnectCustomKeyStoreWithContext is the same as ConnectCustomKeyStore with the addition of 292// the ability to pass a context and additional request options. 293// 294// See ConnectCustomKeyStore for details on how to use this API operation. 295// 296// The context must be non-nil and will be used for request cancellation. If 297// the context is nil a panic will occur. In the future the SDK may create 298// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 299// for more information on using Contexts. 300func (c *KMS) ConnectCustomKeyStoreWithContext(ctx aws.Context, input *ConnectCustomKeyStoreInput, opts ...request.Option) (*ConnectCustomKeyStoreOutput, error) { 301 req, out := c.ConnectCustomKeyStoreRequest(input) 302 req.SetContext(ctx) 303 req.ApplyOptions(opts...) 304 return out, req.Send() 305} 306 307const opCreateAlias = "CreateAlias" 308 309// CreateAliasRequest generates a "aws/request.Request" representing the 310// client's request for the CreateAlias operation. The "output" return 311// value will be populated with the request's response once the request completes 312// successfully. 313// 314// Use "Send" method on the returned Request to send the API call to the service. 315// the "output" return value is not valid until after Send returns without error. 316// 317// See CreateAlias for more information on using the CreateAlias 318// API call, and error handling. 319// 320// This method is useful when you want to inject custom logic or configuration 321// into the SDK's request lifecycle. Such as custom headers, or retry logic. 322// 323// 324// // Example sending a request using the CreateAliasRequest method. 325// req, resp := client.CreateAliasRequest(params) 326// 327// err := req.Send() 328// if err == nil { // resp is now filled 329// fmt.Println(resp) 330// } 331// 332// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias 333func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, output *CreateAliasOutput) { 334 op := &request.Operation{ 335 Name: opCreateAlias, 336 HTTPMethod: "POST", 337 HTTPPath: "/", 338 } 339 340 if input == nil { 341 input = &CreateAliasInput{} 342 } 343 344 output = &CreateAliasOutput{} 345 req = c.newRequest(op, input, output) 346 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 347 return 348} 349 350// CreateAlias API operation for AWS Key Management Service. 351// 352// Creates a display name for a customer managed customer master key (CMK). 353// You can use an alias to identify a CMK in selected operations, such as Encrypt 354// and GenerateDataKey. 355// 356// Each CMK can have multiple aliases, but each alias points to only one CMK. 357// The alias name must be unique in the AWS account and region. To simplify 358// code that runs in multiple regions, use the same alias name, but point it 359// to a different CMK in each region. 360// 361// Because an alias is not a property of a CMK, you can delete and change the 362// aliases of a CMK without affecting the CMK. Also, aliases do not appear in 363// the response from the DescribeKey operation. To get the aliases of all CMKs, 364// use the ListAliases operation. 365// 366// The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. 367// It can contain only alphanumeric characters, forward slashes (/), underscores 368// (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ 369// prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). 370// 371// The alias and the CMK it is mapped to must be in the same AWS account and 372// the same region. You cannot perform this operation on an alias in a different 373// AWS account. 374// 375// To map an existing alias to a different CMK, call UpdateAlias. 376// 377// The result of this operation varies with the key state of the CMK. For details, 378// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 379// in the AWS Key Management Service Developer Guide. 380// 381// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 382// with awserr.Error's Code and Message methods to get detailed information about 383// the error. 384// 385// See the AWS API reference guide for AWS Key Management Service's 386// API operation CreateAlias for usage and error information. 387// 388// Returned Error Codes: 389// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 390// The system timed out while trying to fulfill the request. The request can 391// be retried. 392// 393// * ErrCodeAlreadyExistsException "AlreadyExistsException" 394// The request was rejected because it attempted to create a resource that already 395// exists. 396// 397// * ErrCodeNotFoundException "NotFoundException" 398// The request was rejected because the specified entity or resource could not 399// be found. 400// 401// * ErrCodeInvalidAliasNameException "InvalidAliasNameException" 402// The request was rejected because the specified alias name is not valid. 403// 404// * ErrCodeInternalException "KMSInternalException" 405// The request was rejected because an internal exception occurred. The request 406// can be retried. 407// 408// * ErrCodeLimitExceededException "LimitExceededException" 409// The request was rejected because a limit was exceeded. For more information, 410// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) 411// in the AWS Key Management Service Developer Guide. 412// 413// * ErrCodeInvalidStateException "KMSInvalidStateException" 414// The request was rejected because the state of the specified resource is not 415// valid for this request. 416// 417// For more information about how key state affects the use of a CMK, see How 418// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 419// in the AWS Key Management Service Developer Guide. 420// 421// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias 422func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { 423 req, out := c.CreateAliasRequest(input) 424 return out, req.Send() 425} 426 427// CreateAliasWithContext is the same as CreateAlias with the addition of 428// the ability to pass a context and additional request options. 429// 430// See CreateAlias for details on how to use this API operation. 431// 432// The context must be non-nil and will be used for request cancellation. If 433// the context is nil a panic will occur. In the future the SDK may create 434// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 435// for more information on using Contexts. 436func (c *KMS) CreateAliasWithContext(ctx aws.Context, input *CreateAliasInput, opts ...request.Option) (*CreateAliasOutput, error) { 437 req, out := c.CreateAliasRequest(input) 438 req.SetContext(ctx) 439 req.ApplyOptions(opts...) 440 return out, req.Send() 441} 442 443const opCreateCustomKeyStore = "CreateCustomKeyStore" 444 445// CreateCustomKeyStoreRequest generates a "aws/request.Request" representing the 446// client's request for the CreateCustomKeyStore operation. The "output" return 447// value will be populated with the request's response once the request completes 448// successfully. 449// 450// Use "Send" method on the returned Request to send the API call to the service. 451// the "output" return value is not valid until after Send returns without error. 452// 453// See CreateCustomKeyStore for more information on using the CreateCustomKeyStore 454// API call, and error handling. 455// 456// This method is useful when you want to inject custom logic or configuration 457// into the SDK's request lifecycle. Such as custom headers, or retry logic. 458// 459// 460// // Example sending a request using the CreateCustomKeyStoreRequest method. 461// req, resp := client.CreateCustomKeyStoreRequest(params) 462// 463// err := req.Send() 464// if err == nil { // resp is now filled 465// fmt.Println(resp) 466// } 467// 468// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore 469func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req *request.Request, output *CreateCustomKeyStoreOutput) { 470 op := &request.Operation{ 471 Name: opCreateCustomKeyStore, 472 HTTPMethod: "POST", 473 HTTPPath: "/", 474 } 475 476 if input == nil { 477 input = &CreateCustomKeyStoreInput{} 478 } 479 480 output = &CreateCustomKeyStoreOutput{} 481 req = c.newRequest(op, input, output) 482 return 483} 484 485// CreateCustomKeyStore API operation for AWS Key Management Service. 486// 487// Creates a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 488// that is associated with an AWS CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) 489// that you own and manage. 490// 491// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 492// feature in AWS KMS, which combines the convenience and extensive integration 493// of AWS KMS with the isolation and control of a single-tenant key store. 494// 495// Before you create the custom key store, you must assemble the required elements, 496// including an AWS CloudHSM cluster that fulfills the requirements for a custom 497// key store. For details about the required elements, see Assemble the Prerequisites 498// (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) 499// in the AWS Key Management Service Developer Guide. 500// 501// When the operation completes successfully, it returns the ID of the new custom 502// key store. Before you can use your new custom key store, you need to use 503// the ConnectCustomKeyStore operation to connect the new key store to its AWS 504// CloudHSM cluster. Even if you are not going to use your custom key store 505// immediately, you might want to connect it to verify that all settings are 506// correct and then disconnect it until you are ready to use it. 507// 508// For help with failures, see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) 509// in the AWS Key Management Service Developer Guide. 510// 511// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 512// with awserr.Error's Code and Message methods to get detailed information about 513// the error. 514// 515// See the AWS API reference guide for AWS Key Management Service's 516// API operation CreateCustomKeyStore for usage and error information. 517// 518// Returned Error Codes: 519// * ErrCodeCloudHsmClusterInUseException "CloudHsmClusterInUseException" 520// The request was rejected because the specified AWS CloudHSM cluster is already 521// associated with a custom key store or it shares a backup history with a cluster 522// that is associated with a custom key store. Each custom key store must be 523// associated with a different AWS CloudHSM cluster. 524// 525// Clusters that share a backup history have the same cluster certificate. To 526// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) 527// operation. 528// 529// * ErrCodeCustomKeyStoreNameInUseException "CustomKeyStoreNameInUseException" 530// The request was rejected because the specified custom key store name is already 531// assigned to another custom key store in the account. Try again with a custom 532// key store name that is unique in the account. 533// 534// * ErrCodeCloudHsmClusterNotFoundException "CloudHsmClusterNotFoundException" 535// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster 536// with the specified cluster ID. Retry the request with a different cluster 537// ID. 538// 539// * ErrCodeInternalException "KMSInternalException" 540// The request was rejected because an internal exception occurred. The request 541// can be retried. 542// 543// * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException" 544// The request was rejected because the AWS CloudHSM cluster that is associated 545// with the custom key store is not active. Initialize and activate the cluster 546// and try the command again. For detailed instructions, see Getting Started 547// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) 548// in the AWS CloudHSM User Guide. 549// 550// * ErrCodeIncorrectTrustAnchorException "IncorrectTrustAnchorException" 551// The request was rejected because the trust anchor certificate in the request 552// is not the trust anchor certificate for the specified AWS CloudHSM cluster. 553// 554// When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), 555// you create the trust anchor certificate and save it in the customerCA.crt 556// file. 557// 558// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" 559// The request was rejected because the associated AWS CloudHSM cluster did 560// not meet the configuration requirements for a custom key store. 561// 562// * The cluster must be configured with private subnets in at least two 563// different Availability Zones in the Region. 564// 565// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) 566// (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound 567// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound 568// rules and the Destination in the outbound rules must match the security 569// group ID. These rules are set by default when you create the cluster. 570// Do not delete or change them. To get information about a particular security 571// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) 572// operation. 573// 574// * The cluster must contain at least as many HSMs as the operation requires. 575// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) 576// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey 577// operations, the AWS CloudHSM cluster must have at least two active HSMs, 578// each in a different Availability Zone. For the ConnectCustomKeyStore operation, 579// the AWS CloudHSM must contain at least one active HSM. 580// 581// For information about the requirements for an AWS CloudHSM cluster that is 582// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) 583// in the AWS Key Management Service Developer Guide. For information about 584// creating a private subnet for an AWS CloudHSM cluster, see Create a Private 585// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) 586// in the AWS CloudHSM User Guide. For information about cluster security groups, 587// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) 588// in the AWS CloudHSM User Guide . 589// 590// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore 591func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) { 592 req, out := c.CreateCustomKeyStoreRequest(input) 593 return out, req.Send() 594} 595 596// CreateCustomKeyStoreWithContext is the same as CreateCustomKeyStore with the addition of 597// the ability to pass a context and additional request options. 598// 599// See CreateCustomKeyStore for details on how to use this API operation. 600// 601// The context must be non-nil and will be used for request cancellation. If 602// the context is nil a panic will occur. In the future the SDK may create 603// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 604// for more information on using Contexts. 605func (c *KMS) CreateCustomKeyStoreWithContext(ctx aws.Context, input *CreateCustomKeyStoreInput, opts ...request.Option) (*CreateCustomKeyStoreOutput, error) { 606 req, out := c.CreateCustomKeyStoreRequest(input) 607 req.SetContext(ctx) 608 req.ApplyOptions(opts...) 609 return out, req.Send() 610} 611 612const opCreateGrant = "CreateGrant" 613 614// CreateGrantRequest generates a "aws/request.Request" representing the 615// client's request for the CreateGrant operation. The "output" return 616// value will be populated with the request's response once the request completes 617// successfully. 618// 619// Use "Send" method on the returned Request to send the API call to the service. 620// the "output" return value is not valid until after Send returns without error. 621// 622// See CreateGrant for more information on using the CreateGrant 623// API call, and error handling. 624// 625// This method is useful when you want to inject custom logic or configuration 626// into the SDK's request lifecycle. Such as custom headers, or retry logic. 627// 628// 629// // Example sending a request using the CreateGrantRequest method. 630// req, resp := client.CreateGrantRequest(params) 631// 632// err := req.Send() 633// if err == nil { // resp is now filled 634// fmt.Println(resp) 635// } 636// 637// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant 638func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, output *CreateGrantOutput) { 639 op := &request.Operation{ 640 Name: opCreateGrant, 641 HTTPMethod: "POST", 642 HTTPPath: "/", 643 } 644 645 if input == nil { 646 input = &CreateGrantInput{} 647 } 648 649 output = &CreateGrantOutput{} 650 req = c.newRequest(op, input, output) 651 return 652} 653 654// CreateGrant API operation for AWS Key Management Service. 655// 656// Adds a grant to a customer master key (CMK). The grant allows the grantee 657// principal to use the CMK when the conditions specified in the grant are met. 658// When setting permissions, grants are an alternative to key policies. 659// 660// To create a grant that allows a cryptographic operation only when the encryption 661// context in the operation request matches or includes a specified encryption 662// context, use the Constraints parameter. For details, see GrantConstraints. 663// 664// To perform this operation on a CMK in a different AWS account, specify the 665// key ARN in the value of the KeyId parameter. For more information about grants, 666// see Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) 667// in the AWS Key Management Service Developer Guide . 668// 669// The result of this operation varies with the key state of the CMK. For details, 670// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 671// in the AWS Key Management Service Developer Guide. 672// 673// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 674// with awserr.Error's Code and Message methods to get detailed information about 675// the error. 676// 677// See the AWS API reference guide for AWS Key Management Service's 678// API operation CreateGrant for usage and error information. 679// 680// Returned Error Codes: 681// * ErrCodeNotFoundException "NotFoundException" 682// The request was rejected because the specified entity or resource could not 683// be found. 684// 685// * ErrCodeDisabledException "DisabledException" 686// The request was rejected because the specified CMK is not enabled. 687// 688// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 689// The system timed out while trying to fulfill the request. The request can 690// be retried. 691// 692// * ErrCodeInvalidArnException "InvalidArnException" 693// The request was rejected because a specified ARN, or an ARN in a key policy, 694// is not valid. 695// 696// * ErrCodeInternalException "KMSInternalException" 697// The request was rejected because an internal exception occurred. The request 698// can be retried. 699// 700// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" 701// The request was rejected because the specified grant token is not valid. 702// 703// * ErrCodeLimitExceededException "LimitExceededException" 704// The request was rejected because a limit was exceeded. For more information, 705// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) 706// in the AWS Key Management Service Developer Guide. 707// 708// * ErrCodeInvalidStateException "KMSInvalidStateException" 709// The request was rejected because the state of the specified resource is not 710// valid for this request. 711// 712// For more information about how key state affects the use of a CMK, see How 713// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 714// in the AWS Key Management Service Developer Guide. 715// 716// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant 717func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { 718 req, out := c.CreateGrantRequest(input) 719 return out, req.Send() 720} 721 722// CreateGrantWithContext is the same as CreateGrant with the addition of 723// the ability to pass a context and additional request options. 724// 725// See CreateGrant for details on how to use this API operation. 726// 727// The context must be non-nil and will be used for request cancellation. If 728// the context is nil a panic will occur. In the future the SDK may create 729// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 730// for more information on using Contexts. 731func (c *KMS) CreateGrantWithContext(ctx aws.Context, input *CreateGrantInput, opts ...request.Option) (*CreateGrantOutput, error) { 732 req, out := c.CreateGrantRequest(input) 733 req.SetContext(ctx) 734 req.ApplyOptions(opts...) 735 return out, req.Send() 736} 737 738const opCreateKey = "CreateKey" 739 740// CreateKeyRequest generates a "aws/request.Request" representing the 741// client's request for the CreateKey operation. The "output" return 742// value will be populated with the request's response once the request completes 743// successfully. 744// 745// Use "Send" method on the returned Request to send the API call to the service. 746// the "output" return value is not valid until after Send returns without error. 747// 748// See CreateKey for more information on using the CreateKey 749// API call, and error handling. 750// 751// This method is useful when you want to inject custom logic or configuration 752// into the SDK's request lifecycle. Such as custom headers, or retry logic. 753// 754// 755// // Example sending a request using the CreateKeyRequest method. 756// req, resp := client.CreateKeyRequest(params) 757// 758// err := req.Send() 759// if err == nil { // resp is now filled 760// fmt.Println(resp) 761// } 762// 763// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey 764func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) { 765 op := &request.Operation{ 766 Name: opCreateKey, 767 HTTPMethod: "POST", 768 HTTPPath: "/", 769 } 770 771 if input == nil { 772 input = &CreateKeyInput{} 773 } 774 775 output = &CreateKeyOutput{} 776 req = c.newRequest(op, input, output) 777 return 778} 779 780// CreateKey API operation for AWS Key Management Service. 781// 782// Creates a customer managed customer master key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) 783// (CMK) in your AWS account. 784// 785// You can use a CMK to encrypt small amounts of data (up to 4096 bytes) directly. 786// But CMKs are more commonly used to encrypt the data keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) 787// that are used to encrypt data. 788// 789// To create a CMK for imported key material, use the Origin parameter with 790// a value of EXTERNAL. 791// 792// To create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), 793// use the CustomKeyStoreId parameter to specify the custom key store. You must 794// also use the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM 795// cluster that is associated with the custom key store must have at least two 796// active HSMs in different Availability Zones in the AWS Region. 797// 798// You cannot use this operation to create a CMK in a different AWS account. 799// 800// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 801// with awserr.Error's Code and Message methods to get detailed information about 802// the error. 803// 804// See the AWS API reference guide for AWS Key Management Service's 805// API operation CreateKey for usage and error information. 806// 807// Returned Error Codes: 808// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 809// The request was rejected because the specified policy is not syntactically 810// or semantically correct. 811// 812// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 813// The system timed out while trying to fulfill the request. The request can 814// be retried. 815// 816// * ErrCodeInvalidArnException "InvalidArnException" 817// The request was rejected because a specified ARN, or an ARN in a key policy, 818// is not valid. 819// 820// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" 821// The request was rejected because a specified parameter is not supported or 822// a specified resource is not valid for this operation. 823// 824// * ErrCodeInternalException "KMSInternalException" 825// The request was rejected because an internal exception occurred. The request 826// can be retried. 827// 828// * ErrCodeLimitExceededException "LimitExceededException" 829// The request was rejected because a limit was exceeded. For more information, 830// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) 831// in the AWS Key Management Service Developer Guide. 832// 833// * ErrCodeTagException "TagException" 834// The request was rejected because one or more tags are not valid. 835// 836// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" 837// The request was rejected because AWS KMS cannot find a custom key store with 838// the specified key store name or ID. 839// 840// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" 841// The request was rejected because of the ConnectionState of the custom key 842// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores 843// operation. 844// 845// This exception is thrown under the following conditions: 846// 847// * You requested the CreateKey or GenerateRandom operation in a custom 848// key store that is not connected. These operations are valid only when 849// the custom key store ConnectionState is CONNECTED. 850// 851// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation 852// on a custom key store that is not disconnected. This operation is valid 853// only when the custom key store ConnectionState is DISCONNECTED. 854// 855// * You requested the ConnectCustomKeyStore operation on a custom key store 856// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid 857// for all other ConnectionState values. 858// 859// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" 860// The request was rejected because the associated AWS CloudHSM cluster did 861// not meet the configuration requirements for a custom key store. 862// 863// * The cluster must be configured with private subnets in at least two 864// different Availability Zones in the Region. 865// 866// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) 867// (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound 868// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound 869// rules and the Destination in the outbound rules must match the security 870// group ID. These rules are set by default when you create the cluster. 871// Do not delete or change them. To get information about a particular security 872// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) 873// operation. 874// 875// * The cluster must contain at least as many HSMs as the operation requires. 876// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) 877// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey 878// operations, the AWS CloudHSM cluster must have at least two active HSMs, 879// each in a different Availability Zone. For the ConnectCustomKeyStore operation, 880// the AWS CloudHSM must contain at least one active HSM. 881// 882// For information about the requirements for an AWS CloudHSM cluster that is 883// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) 884// in the AWS Key Management Service Developer Guide. For information about 885// creating a private subnet for an AWS CloudHSM cluster, see Create a Private 886// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) 887// in the AWS CloudHSM User Guide. For information about cluster security groups, 888// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) 889// in the AWS CloudHSM User Guide . 890// 891// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey 892func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { 893 req, out := c.CreateKeyRequest(input) 894 return out, req.Send() 895} 896 897// CreateKeyWithContext is the same as CreateKey with the addition of 898// the ability to pass a context and additional request options. 899// 900// See CreateKey for details on how to use this API operation. 901// 902// The context must be non-nil and will be used for request cancellation. If 903// the context is nil a panic will occur. In the future the SDK may create 904// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 905// for more information on using Contexts. 906func (c *KMS) CreateKeyWithContext(ctx aws.Context, input *CreateKeyInput, opts ...request.Option) (*CreateKeyOutput, error) { 907 req, out := c.CreateKeyRequest(input) 908 req.SetContext(ctx) 909 req.ApplyOptions(opts...) 910 return out, req.Send() 911} 912 913const opDecrypt = "Decrypt" 914 915// DecryptRequest generates a "aws/request.Request" representing the 916// client's request for the Decrypt operation. The "output" return 917// value will be populated with the request's response once the request completes 918// successfully. 919// 920// Use "Send" method on the returned Request to send the API call to the service. 921// the "output" return value is not valid until after Send returns without error. 922// 923// See Decrypt for more information on using the Decrypt 924// API call, and error handling. 925// 926// This method is useful when you want to inject custom logic or configuration 927// into the SDK's request lifecycle. Such as custom headers, or retry logic. 928// 929// 930// // Example sending a request using the DecryptRequest method. 931// req, resp := client.DecryptRequest(params) 932// 933// err := req.Send() 934// if err == nil { // resp is now filled 935// fmt.Println(resp) 936// } 937// 938// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt 939func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output *DecryptOutput) { 940 op := &request.Operation{ 941 Name: opDecrypt, 942 HTTPMethod: "POST", 943 HTTPPath: "/", 944 } 945 946 if input == nil { 947 input = &DecryptInput{} 948 } 949 950 output = &DecryptOutput{} 951 req = c.newRequest(op, input, output) 952 return 953} 954 955// Decrypt API operation for AWS Key Management Service. 956// 957// Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted 958// by using any of the following operations: 959// 960// * GenerateDataKey 961// 962// * GenerateDataKeyWithoutPlaintext 963// 964// * Encrypt 965// 966// Whenever possible, use key policies to give users permission to call the 967// Decrypt operation on the CMK, instead of IAM policies. Otherwise, you might 968// create an IAM user policy that gives the user Decrypt permission on all CMKs. 969// This user could decrypt ciphertext that was encrypted by CMKs in other accounts 970// if the key policy for the cross-account CMK permits it. If you must use an 971// IAM policy for Decrypt permissions, limit the user to particular CMKs or 972// particular trusted accounts. 973// 974// The result of this operation varies with the key state of the CMK. For details, 975// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 976// in the AWS Key Management Service Developer Guide. 977// 978// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 979// with awserr.Error's Code and Message methods to get detailed information about 980// the error. 981// 982// See the AWS API reference guide for AWS Key Management Service's 983// API operation Decrypt for usage and error information. 984// 985// Returned Error Codes: 986// * ErrCodeNotFoundException "NotFoundException" 987// The request was rejected because the specified entity or resource could not 988// be found. 989// 990// * ErrCodeDisabledException "DisabledException" 991// The request was rejected because the specified CMK is not enabled. 992// 993// * ErrCodeInvalidCiphertextException "InvalidCiphertextException" 994// The request was rejected because the specified ciphertext, or additional 995// authenticated data incorporated into the ciphertext, such as the encryption 996// context, is corrupted, missing, or otherwise invalid. 997// 998// * ErrCodeKeyUnavailableException "KeyUnavailableException" 999// The request was rejected because the specified CMK was not available. The 1000// request can be retried. 1001// 1002// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 1003// The system timed out while trying to fulfill the request. The request can 1004// be retried. 1005// 1006// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" 1007// The request was rejected because the specified grant token is not valid. 1008// 1009// * ErrCodeInternalException "KMSInternalException" 1010// The request was rejected because an internal exception occurred. The request 1011// can be retried. 1012// 1013// * ErrCodeInvalidStateException "KMSInvalidStateException" 1014// The request was rejected because the state of the specified resource is not 1015// valid for this request. 1016// 1017// For more information about how key state affects the use of a CMK, see How 1018// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 1019// in the AWS Key Management Service Developer Guide. 1020// 1021// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt 1022func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { 1023 req, out := c.DecryptRequest(input) 1024 return out, req.Send() 1025} 1026 1027// DecryptWithContext is the same as Decrypt with the addition of 1028// the ability to pass a context and additional request options. 1029// 1030// See Decrypt for details on how to use this API operation. 1031// 1032// The context must be non-nil and will be used for request cancellation. If 1033// the context is nil a panic will occur. In the future the SDK may create 1034// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1035// for more information on using Contexts. 1036func (c *KMS) DecryptWithContext(ctx aws.Context, input *DecryptInput, opts ...request.Option) (*DecryptOutput, error) { 1037 req, out := c.DecryptRequest(input) 1038 req.SetContext(ctx) 1039 req.ApplyOptions(opts...) 1040 return out, req.Send() 1041} 1042 1043const opDeleteAlias = "DeleteAlias" 1044 1045// DeleteAliasRequest generates a "aws/request.Request" representing the 1046// client's request for the DeleteAlias operation. The "output" return 1047// value will be populated with the request's response once the request completes 1048// successfully. 1049// 1050// Use "Send" method on the returned Request to send the API call to the service. 1051// the "output" return value is not valid until after Send returns without error. 1052// 1053// See DeleteAlias for more information on using the DeleteAlias 1054// API call, and error handling. 1055// 1056// This method is useful when you want to inject custom logic or configuration 1057// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1058// 1059// 1060// // Example sending a request using the DeleteAliasRequest method. 1061// req, resp := client.DeleteAliasRequest(params) 1062// 1063// err := req.Send() 1064// if err == nil { // resp is now filled 1065// fmt.Println(resp) 1066// } 1067// 1068// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias 1069func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, output *DeleteAliasOutput) { 1070 op := &request.Operation{ 1071 Name: opDeleteAlias, 1072 HTTPMethod: "POST", 1073 HTTPPath: "/", 1074 } 1075 1076 if input == nil { 1077 input = &DeleteAliasInput{} 1078 } 1079 1080 output = &DeleteAliasOutput{} 1081 req = c.newRequest(op, input, output) 1082 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1083 return 1084} 1085 1086// DeleteAlias API operation for AWS Key Management Service. 1087// 1088// Deletes the specified alias. You cannot perform this operation on an alias 1089// in a different AWS account. 1090// 1091// Because an alias is not a property of a CMK, you can delete and change the 1092// aliases of a CMK without affecting the CMK. Also, aliases do not appear in 1093// the response from the DescribeKey operation. To get the aliases of all CMKs, 1094// use the ListAliases operation. 1095// 1096// Each CMK can have multiple aliases. To change the alias of a CMK, use DeleteAlias 1097// to delete the current alias and CreateAlias to create a new alias. To associate 1098// an existing alias with a different customer master key (CMK), call UpdateAlias. 1099// 1100// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1101// with awserr.Error's Code and Message methods to get detailed information about 1102// the error. 1103// 1104// See the AWS API reference guide for AWS Key Management Service's 1105// API operation DeleteAlias for usage and error information. 1106// 1107// Returned Error Codes: 1108// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 1109// The system timed out while trying to fulfill the request. The request can 1110// be retried. 1111// 1112// * ErrCodeNotFoundException "NotFoundException" 1113// The request was rejected because the specified entity or resource could not 1114// be found. 1115// 1116// * ErrCodeInternalException "KMSInternalException" 1117// The request was rejected because an internal exception occurred. The request 1118// can be retried. 1119// 1120// * ErrCodeInvalidStateException "KMSInvalidStateException" 1121// The request was rejected because the state of the specified resource is not 1122// valid for this request. 1123// 1124// For more information about how key state affects the use of a CMK, see How 1125// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 1126// in the AWS Key Management Service Developer Guide. 1127// 1128// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias 1129func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { 1130 req, out := c.DeleteAliasRequest(input) 1131 return out, req.Send() 1132} 1133 1134// DeleteAliasWithContext is the same as DeleteAlias with the addition of 1135// the ability to pass a context and additional request options. 1136// 1137// See DeleteAlias for details on how to use this API operation. 1138// 1139// The context must be non-nil and will be used for request cancellation. If 1140// the context is nil a panic will occur. In the future the SDK may create 1141// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1142// for more information on using Contexts. 1143func (c *KMS) DeleteAliasWithContext(ctx aws.Context, input *DeleteAliasInput, opts ...request.Option) (*DeleteAliasOutput, error) { 1144 req, out := c.DeleteAliasRequest(input) 1145 req.SetContext(ctx) 1146 req.ApplyOptions(opts...) 1147 return out, req.Send() 1148} 1149 1150const opDeleteCustomKeyStore = "DeleteCustomKeyStore" 1151 1152// DeleteCustomKeyStoreRequest generates a "aws/request.Request" representing the 1153// client's request for the DeleteCustomKeyStore operation. The "output" return 1154// value will be populated with the request's response once the request completes 1155// successfully. 1156// 1157// Use "Send" method on the returned Request to send the API call to the service. 1158// the "output" return value is not valid until after Send returns without error. 1159// 1160// See DeleteCustomKeyStore for more information on using the DeleteCustomKeyStore 1161// API call, and error handling. 1162// 1163// This method is useful when you want to inject custom logic or configuration 1164// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1165// 1166// 1167// // Example sending a request using the DeleteCustomKeyStoreRequest method. 1168// req, resp := client.DeleteCustomKeyStoreRequest(params) 1169// 1170// err := req.Send() 1171// if err == nil { // resp is now filled 1172// fmt.Println(resp) 1173// } 1174// 1175// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStore 1176func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req *request.Request, output *DeleteCustomKeyStoreOutput) { 1177 op := &request.Operation{ 1178 Name: opDeleteCustomKeyStore, 1179 HTTPMethod: "POST", 1180 HTTPPath: "/", 1181 } 1182 1183 if input == nil { 1184 input = &DeleteCustomKeyStoreInput{} 1185 } 1186 1187 output = &DeleteCustomKeyStoreOutput{} 1188 req = c.newRequest(op, input, output) 1189 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1190 return 1191} 1192 1193// DeleteCustomKeyStore API operation for AWS Key Management Service. 1194// 1195// Deletes a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). 1196// This operation does not delete the AWS CloudHSM cluster that is associated 1197// with the custom key store, or affect any users or keys in the cluster. 1198// 1199// The custom key store that you delete cannot contain any AWS KMS customer 1200// master keys (CMKs) (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). 1201// Before deleting the key store, verify that you will never need to use any 1202// of the CMKs in the key store for any cryptographic operations. Then, use 1203// ScheduleKeyDeletion to delete the AWS KMS customer master keys (CMKs) from 1204// the key store. When the scheduled waiting period expires, the ScheduleKeyDeletion 1205// operation deletes the CMKs. Then it makes a best effort to delete the key 1206// material from the associated cluster. However, you might need to manually 1207// delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) 1208// from the cluster and its backups. 1209// 1210// After all CMKs are deleted from AWS KMS, use DisconnectCustomKeyStore to 1211// disconnect the key store from AWS KMS. Then, you can delete the custom key 1212// store. 1213// 1214// Instead of deleting the custom key store, consider using DisconnectCustomKeyStore 1215// to disconnect it from AWS KMS. While the key store is disconnected, you cannot 1216// create or use the CMKs in the key store. But, you do not need to delete CMKs 1217// and you can reconnect a disconnected custom key store at any time. 1218// 1219// If the operation succeeds, it returns a JSON object with no properties. 1220// 1221// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 1222// feature in AWS KMS, which combines the convenience and extensive integration 1223// of AWS KMS with the isolation and control of a single-tenant key store. 1224// 1225// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1226// with awserr.Error's Code and Message methods to get detailed information about 1227// the error. 1228// 1229// See the AWS API reference guide for AWS Key Management Service's 1230// API operation DeleteCustomKeyStore for usage and error information. 1231// 1232// Returned Error Codes: 1233// * ErrCodeCustomKeyStoreHasCMKsException "CustomKeyStoreHasCMKsException" 1234// The request was rejected because the custom key store contains AWS KMS customer 1235// master keys (CMKs). After verifying that you do not need to use the CMKs, 1236// use the ScheduleKeyDeletion operation to delete the CMKs. After they are 1237// deleted, you can delete the custom key store. 1238// 1239// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" 1240// The request was rejected because of the ConnectionState of the custom key 1241// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores 1242// operation. 1243// 1244// This exception is thrown under the following conditions: 1245// 1246// * You requested the CreateKey or GenerateRandom operation in a custom 1247// key store that is not connected. These operations are valid only when 1248// the custom key store ConnectionState is CONNECTED. 1249// 1250// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation 1251// on a custom key store that is not disconnected. This operation is valid 1252// only when the custom key store ConnectionState is DISCONNECTED. 1253// 1254// * You requested the ConnectCustomKeyStore operation on a custom key store 1255// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid 1256// for all other ConnectionState values. 1257// 1258// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" 1259// The request was rejected because AWS KMS cannot find a custom key store with 1260// the specified key store name or ID. 1261// 1262// * ErrCodeInternalException "KMSInternalException" 1263// The request was rejected because an internal exception occurred. The request 1264// can be retried. 1265// 1266// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStore 1267func (c *KMS) DeleteCustomKeyStore(input *DeleteCustomKeyStoreInput) (*DeleteCustomKeyStoreOutput, error) { 1268 req, out := c.DeleteCustomKeyStoreRequest(input) 1269 return out, req.Send() 1270} 1271 1272// DeleteCustomKeyStoreWithContext is the same as DeleteCustomKeyStore with the addition of 1273// the ability to pass a context and additional request options. 1274// 1275// See DeleteCustomKeyStore for details on how to use this API operation. 1276// 1277// The context must be non-nil and will be used for request cancellation. If 1278// the context is nil a panic will occur. In the future the SDK may create 1279// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1280// for more information on using Contexts. 1281func (c *KMS) DeleteCustomKeyStoreWithContext(ctx aws.Context, input *DeleteCustomKeyStoreInput, opts ...request.Option) (*DeleteCustomKeyStoreOutput, error) { 1282 req, out := c.DeleteCustomKeyStoreRequest(input) 1283 req.SetContext(ctx) 1284 req.ApplyOptions(opts...) 1285 return out, req.Send() 1286} 1287 1288const opDeleteImportedKeyMaterial = "DeleteImportedKeyMaterial" 1289 1290// DeleteImportedKeyMaterialRequest generates a "aws/request.Request" representing the 1291// client's request for the DeleteImportedKeyMaterial operation. The "output" return 1292// value will be populated with the request's response once the request completes 1293// successfully. 1294// 1295// Use "Send" method on the returned Request to send the API call to the service. 1296// the "output" return value is not valid until after Send returns without error. 1297// 1298// See DeleteImportedKeyMaterial for more information on using the DeleteImportedKeyMaterial 1299// API call, and error handling. 1300// 1301// This method is useful when you want to inject custom logic or configuration 1302// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1303// 1304// 1305// // Example sending a request using the DeleteImportedKeyMaterialRequest method. 1306// req, resp := client.DeleteImportedKeyMaterialRequest(params) 1307// 1308// err := req.Send() 1309// if err == nil { // resp is now filled 1310// fmt.Println(resp) 1311// } 1312// 1313// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial 1314func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialInput) (req *request.Request, output *DeleteImportedKeyMaterialOutput) { 1315 op := &request.Operation{ 1316 Name: opDeleteImportedKeyMaterial, 1317 HTTPMethod: "POST", 1318 HTTPPath: "/", 1319 } 1320 1321 if input == nil { 1322 input = &DeleteImportedKeyMaterialInput{} 1323 } 1324 1325 output = &DeleteImportedKeyMaterialOutput{} 1326 req = c.newRequest(op, input, output) 1327 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1328 return 1329} 1330 1331// DeleteImportedKeyMaterial API operation for AWS Key Management Service. 1332// 1333// Deletes key material that you previously imported. This operation makes the 1334// specified customer master key (CMK) unusable. For more information about 1335// importing key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) 1336// in the AWS Key Management Service Developer Guide. You cannot perform this 1337// operation on a CMK in a different AWS account. 1338// 1339// When the specified CMK is in the PendingDeletion state, this operation does 1340// not change the CMK's state. Otherwise, it changes the CMK's state to PendingImport. 1341// 1342// After you delete key material, you can use ImportKeyMaterial to reimport 1343// the same key material into the CMK. 1344// 1345// The result of this operation varies with the key state of the CMK. For details, 1346// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 1347// in the AWS Key Management Service Developer Guide. 1348// 1349// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1350// with awserr.Error's Code and Message methods to get detailed information about 1351// the error. 1352// 1353// See the AWS API reference guide for AWS Key Management Service's 1354// API operation DeleteImportedKeyMaterial for usage and error information. 1355// 1356// Returned Error Codes: 1357// * ErrCodeInvalidArnException "InvalidArnException" 1358// The request was rejected because a specified ARN, or an ARN in a key policy, 1359// is not valid. 1360// 1361// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" 1362// The request was rejected because a specified parameter is not supported or 1363// a specified resource is not valid for this operation. 1364// 1365// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 1366// The system timed out while trying to fulfill the request. The request can 1367// be retried. 1368// 1369// * ErrCodeNotFoundException "NotFoundException" 1370// The request was rejected because the specified entity or resource could not 1371// be found. 1372// 1373// * ErrCodeInternalException "KMSInternalException" 1374// The request was rejected because an internal exception occurred. The request 1375// can be retried. 1376// 1377// * ErrCodeInvalidStateException "KMSInvalidStateException" 1378// The request was rejected because the state of the specified resource is not 1379// valid for this request. 1380// 1381// For more information about how key state affects the use of a CMK, see How 1382// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 1383// in the AWS Key Management Service Developer Guide. 1384// 1385// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial 1386func (c *KMS) DeleteImportedKeyMaterial(input *DeleteImportedKeyMaterialInput) (*DeleteImportedKeyMaterialOutput, error) { 1387 req, out := c.DeleteImportedKeyMaterialRequest(input) 1388 return out, req.Send() 1389} 1390 1391// DeleteImportedKeyMaterialWithContext is the same as DeleteImportedKeyMaterial with the addition of 1392// the ability to pass a context and additional request options. 1393// 1394// See DeleteImportedKeyMaterial for details on how to use this API operation. 1395// 1396// The context must be non-nil and will be used for request cancellation. If 1397// the context is nil a panic will occur. In the future the SDK may create 1398// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1399// for more information on using Contexts. 1400func (c *KMS) DeleteImportedKeyMaterialWithContext(ctx aws.Context, input *DeleteImportedKeyMaterialInput, opts ...request.Option) (*DeleteImportedKeyMaterialOutput, error) { 1401 req, out := c.DeleteImportedKeyMaterialRequest(input) 1402 req.SetContext(ctx) 1403 req.ApplyOptions(opts...) 1404 return out, req.Send() 1405} 1406 1407const opDescribeCustomKeyStores = "DescribeCustomKeyStores" 1408 1409// DescribeCustomKeyStoresRequest generates a "aws/request.Request" representing the 1410// client's request for the DescribeCustomKeyStores operation. The "output" return 1411// value will be populated with the request's response once the request completes 1412// successfully. 1413// 1414// Use "Send" method on the returned Request to send the API call to the service. 1415// the "output" return value is not valid until after Send returns without error. 1416// 1417// See DescribeCustomKeyStores for more information on using the DescribeCustomKeyStores 1418// API call, and error handling. 1419// 1420// This method is useful when you want to inject custom logic or configuration 1421// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1422// 1423// 1424// // Example sending a request using the DescribeCustomKeyStoresRequest method. 1425// req, resp := client.DescribeCustomKeyStoresRequest(params) 1426// 1427// err := req.Send() 1428// if err == nil { // resp is now filled 1429// fmt.Println(resp) 1430// } 1431// 1432// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores 1433func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput) (req *request.Request, output *DescribeCustomKeyStoresOutput) { 1434 op := &request.Operation{ 1435 Name: opDescribeCustomKeyStores, 1436 HTTPMethod: "POST", 1437 HTTPPath: "/", 1438 } 1439 1440 if input == nil { 1441 input = &DescribeCustomKeyStoresInput{} 1442 } 1443 1444 output = &DescribeCustomKeyStoresOutput{} 1445 req = c.newRequest(op, input, output) 1446 return 1447} 1448 1449// DescribeCustomKeyStores API operation for AWS Key Management Service. 1450// 1451// Gets information about custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 1452// in the account and region. 1453// 1454// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 1455// feature in AWS KMS, which combines the convenience and extensive integration 1456// of AWS KMS with the isolation and control of a single-tenant key store. 1457// 1458// By default, this operation returns information about all custom key stores 1459// in the account and region. To get only information about a particular custom 1460// key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter 1461// (but not both). 1462// 1463// To determine whether the custom key store is connected to its AWS CloudHSM 1464// cluster, use the ConnectionState element in the response. If an attempt to 1465// connect the custom key store failed, the ConnectionState value is FAILED 1466// and the ConnectionErrorCode element in the response indicates the cause of 1467// the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry. 1468// 1469// Custom key stores have a DISCONNECTED connection state if the key store has 1470// never been connected or you use the DisconnectCustomKeyStore operation to 1471// disconnect it. If your custom key store state is CONNECTED but you are having 1472// trouble using it, make sure that its associated AWS CloudHSM cluster is active 1473// and contains the minimum number of HSMs required for the operation, if any. 1474// 1475// For help repairing your custom key store, see the Troubleshooting Custom 1476// Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) 1477// topic in the AWS Key Management Service Developer Guide. 1478// 1479// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1480// with awserr.Error's Code and Message methods to get detailed information about 1481// the error. 1482// 1483// See the AWS API reference guide for AWS Key Management Service's 1484// API operation DescribeCustomKeyStores for usage and error information. 1485// 1486// Returned Error Codes: 1487// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" 1488// The request was rejected because AWS KMS cannot find a custom key store with 1489// the specified key store name or ID. 1490// 1491// * ErrCodeInternalException "KMSInternalException" 1492// The request was rejected because an internal exception occurred. The request 1493// can be retried. 1494// 1495// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores 1496func (c *KMS) DescribeCustomKeyStores(input *DescribeCustomKeyStoresInput) (*DescribeCustomKeyStoresOutput, error) { 1497 req, out := c.DescribeCustomKeyStoresRequest(input) 1498 return out, req.Send() 1499} 1500 1501// DescribeCustomKeyStoresWithContext is the same as DescribeCustomKeyStores with the addition of 1502// the ability to pass a context and additional request options. 1503// 1504// See DescribeCustomKeyStores for details on how to use this API operation. 1505// 1506// The context must be non-nil and will be used for request cancellation. If 1507// the context is nil a panic will occur. In the future the SDK may create 1508// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1509// for more information on using Contexts. 1510func (c *KMS) DescribeCustomKeyStoresWithContext(ctx aws.Context, input *DescribeCustomKeyStoresInput, opts ...request.Option) (*DescribeCustomKeyStoresOutput, error) { 1511 req, out := c.DescribeCustomKeyStoresRequest(input) 1512 req.SetContext(ctx) 1513 req.ApplyOptions(opts...) 1514 return out, req.Send() 1515} 1516 1517const opDescribeKey = "DescribeKey" 1518 1519// DescribeKeyRequest generates a "aws/request.Request" representing the 1520// client's request for the DescribeKey operation. The "output" return 1521// value will be populated with the request's response once the request completes 1522// successfully. 1523// 1524// Use "Send" method on the returned Request to send the API call to the service. 1525// the "output" return value is not valid until after Send returns without error. 1526// 1527// See DescribeKey for more information on using the DescribeKey 1528// API call, and error handling. 1529// 1530// This method is useful when you want to inject custom logic or configuration 1531// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1532// 1533// 1534// // Example sending a request using the DescribeKeyRequest method. 1535// req, resp := client.DescribeKeyRequest(params) 1536// 1537// err := req.Send() 1538// if err == nil { // resp is now filled 1539// fmt.Println(resp) 1540// } 1541// 1542// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey 1543func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, output *DescribeKeyOutput) { 1544 op := &request.Operation{ 1545 Name: opDescribeKey, 1546 HTTPMethod: "POST", 1547 HTTPPath: "/", 1548 } 1549 1550 if input == nil { 1551 input = &DescribeKeyInput{} 1552 } 1553 1554 output = &DescribeKeyOutput{} 1555 req = c.newRequest(op, input, output) 1556 return 1557} 1558 1559// DescribeKey API operation for AWS Key Management Service. 1560// 1561// Provides detailed information about the specified customer master key (CMK). 1562// 1563// You can use DescribeKey on a predefined AWS alias, that is, an AWS alias 1564// with no key ID. When you do, AWS KMS associates the alias with an AWS managed 1565// CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) 1566// and returns its KeyId and Arn in the response. 1567// 1568// To perform this operation on a CMK in a different AWS account, specify the 1569// key ARN or alias ARN in the value of the KeyId parameter. 1570// 1571// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1572// with awserr.Error's Code and Message methods to get detailed information about 1573// the error. 1574// 1575// See the AWS API reference guide for AWS Key Management Service's 1576// API operation DescribeKey for usage and error information. 1577// 1578// Returned Error Codes: 1579// * ErrCodeNotFoundException "NotFoundException" 1580// The request was rejected because the specified entity or resource could not 1581// be found. 1582// 1583// * ErrCodeInvalidArnException "InvalidArnException" 1584// The request was rejected because a specified ARN, or an ARN in a key policy, 1585// is not valid. 1586// 1587// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 1588// The system timed out while trying to fulfill the request. The request can 1589// be retried. 1590// 1591// * ErrCodeInternalException "KMSInternalException" 1592// The request was rejected because an internal exception occurred. The request 1593// can be retried. 1594// 1595// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey 1596func (c *KMS) DescribeKey(input *DescribeKeyInput) (*DescribeKeyOutput, error) { 1597 req, out := c.DescribeKeyRequest(input) 1598 return out, req.Send() 1599} 1600 1601// DescribeKeyWithContext is the same as DescribeKey with the addition of 1602// the ability to pass a context and additional request options. 1603// 1604// See DescribeKey for details on how to use this API operation. 1605// 1606// The context must be non-nil and will be used for request cancellation. If 1607// the context is nil a panic will occur. In the future the SDK may create 1608// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1609// for more information on using Contexts. 1610func (c *KMS) DescribeKeyWithContext(ctx aws.Context, input *DescribeKeyInput, opts ...request.Option) (*DescribeKeyOutput, error) { 1611 req, out := c.DescribeKeyRequest(input) 1612 req.SetContext(ctx) 1613 req.ApplyOptions(opts...) 1614 return out, req.Send() 1615} 1616 1617const opDisableKey = "DisableKey" 1618 1619// DisableKeyRequest generates a "aws/request.Request" representing the 1620// client's request for the DisableKey operation. The "output" return 1621// value will be populated with the request's response once the request completes 1622// successfully. 1623// 1624// Use "Send" method on the returned Request to send the API call to the service. 1625// the "output" return value is not valid until after Send returns without error. 1626// 1627// See DisableKey for more information on using the DisableKey 1628// API call, and error handling. 1629// 1630// This method is useful when you want to inject custom logic or configuration 1631// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1632// 1633// 1634// // Example sending a request using the DisableKeyRequest method. 1635// req, resp := client.DisableKeyRequest(params) 1636// 1637// err := req.Send() 1638// if err == nil { // resp is now filled 1639// fmt.Println(resp) 1640// } 1641// 1642// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey 1643func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, output *DisableKeyOutput) { 1644 op := &request.Operation{ 1645 Name: opDisableKey, 1646 HTTPMethod: "POST", 1647 HTTPPath: "/", 1648 } 1649 1650 if input == nil { 1651 input = &DisableKeyInput{} 1652 } 1653 1654 output = &DisableKeyOutput{} 1655 req = c.newRequest(op, input, output) 1656 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1657 return 1658} 1659 1660// DisableKey API operation for AWS Key Management Service. 1661// 1662// Sets the state of a customer master key (CMK) to disabled, thereby preventing 1663// its use for cryptographic operations. You cannot perform this operation on 1664// a CMK in a different AWS account. 1665// 1666// For more information about how key state affects the use of a CMK, see How 1667// Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 1668// in the AWS Key Management Service Developer Guide . 1669// 1670// The result of this operation varies with the key state of the CMK. For details, 1671// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 1672// in the AWS Key Management Service Developer Guide. 1673// 1674// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1675// with awserr.Error's Code and Message methods to get detailed information about 1676// the error. 1677// 1678// See the AWS API reference guide for AWS Key Management Service's 1679// API operation DisableKey for usage and error information. 1680// 1681// Returned Error Codes: 1682// * ErrCodeNotFoundException "NotFoundException" 1683// The request was rejected because the specified entity or resource could not 1684// be found. 1685// 1686// * ErrCodeInvalidArnException "InvalidArnException" 1687// The request was rejected because a specified ARN, or an ARN in a key policy, 1688// is not valid. 1689// 1690// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 1691// The system timed out while trying to fulfill the request. The request can 1692// be retried. 1693// 1694// * ErrCodeInternalException "KMSInternalException" 1695// The request was rejected because an internal exception occurred. The request 1696// can be retried. 1697// 1698// * ErrCodeInvalidStateException "KMSInvalidStateException" 1699// The request was rejected because the state of the specified resource is not 1700// valid for this request. 1701// 1702// For more information about how key state affects the use of a CMK, see How 1703// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 1704// in the AWS Key Management Service Developer Guide. 1705// 1706// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey 1707func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { 1708 req, out := c.DisableKeyRequest(input) 1709 return out, req.Send() 1710} 1711 1712// DisableKeyWithContext is the same as DisableKey with the addition of 1713// the ability to pass a context and additional request options. 1714// 1715// See DisableKey for details on how to use this API operation. 1716// 1717// The context must be non-nil and will be used for request cancellation. If 1718// the context is nil a panic will occur. In the future the SDK may create 1719// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1720// for more information on using Contexts. 1721func (c *KMS) DisableKeyWithContext(ctx aws.Context, input *DisableKeyInput, opts ...request.Option) (*DisableKeyOutput, error) { 1722 req, out := c.DisableKeyRequest(input) 1723 req.SetContext(ctx) 1724 req.ApplyOptions(opts...) 1725 return out, req.Send() 1726} 1727 1728const opDisableKeyRotation = "DisableKeyRotation" 1729 1730// DisableKeyRotationRequest generates a "aws/request.Request" representing the 1731// client's request for the DisableKeyRotation operation. The "output" return 1732// value will be populated with the request's response once the request completes 1733// successfully. 1734// 1735// Use "Send" method on the returned Request to send the API call to the service. 1736// the "output" return value is not valid until after Send returns without error. 1737// 1738// See DisableKeyRotation for more information on using the DisableKeyRotation 1739// API call, and error handling. 1740// 1741// This method is useful when you want to inject custom logic or configuration 1742// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1743// 1744// 1745// // Example sending a request using the DisableKeyRotationRequest method. 1746// req, resp := client.DisableKeyRotationRequest(params) 1747// 1748// err := req.Send() 1749// if err == nil { // resp is now filled 1750// fmt.Println(resp) 1751// } 1752// 1753// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation 1754func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *request.Request, output *DisableKeyRotationOutput) { 1755 op := &request.Operation{ 1756 Name: opDisableKeyRotation, 1757 HTTPMethod: "POST", 1758 HTTPPath: "/", 1759 } 1760 1761 if input == nil { 1762 input = &DisableKeyRotationInput{} 1763 } 1764 1765 output = &DisableKeyRotationOutput{} 1766 req = c.newRequest(op, input, output) 1767 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1768 return 1769} 1770 1771// DisableKeyRotation API operation for AWS Key Management Service. 1772// 1773// Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) 1774// for the specified customer master key (CMK). You cannot perform this operation 1775// on a CMK in a different AWS account. 1776// 1777// The result of this operation varies with the key state of the CMK. For details, 1778// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 1779// in the AWS Key Management Service Developer Guide. 1780// 1781// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1782// with awserr.Error's Code and Message methods to get detailed information about 1783// the error. 1784// 1785// See the AWS API reference guide for AWS Key Management Service's 1786// API operation DisableKeyRotation for usage and error information. 1787// 1788// Returned Error Codes: 1789// * ErrCodeNotFoundException "NotFoundException" 1790// The request was rejected because the specified entity or resource could not 1791// be found. 1792// 1793// * ErrCodeDisabledException "DisabledException" 1794// The request was rejected because the specified CMK is not enabled. 1795// 1796// * ErrCodeInvalidArnException "InvalidArnException" 1797// The request was rejected because a specified ARN, or an ARN in a key policy, 1798// is not valid. 1799// 1800// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 1801// The system timed out while trying to fulfill the request. The request can 1802// be retried. 1803// 1804// * ErrCodeInternalException "KMSInternalException" 1805// The request was rejected because an internal exception occurred. The request 1806// can be retried. 1807// 1808// * ErrCodeInvalidStateException "KMSInvalidStateException" 1809// The request was rejected because the state of the specified resource is not 1810// valid for this request. 1811// 1812// For more information about how key state affects the use of a CMK, see How 1813// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 1814// in the AWS Key Management Service Developer Guide. 1815// 1816// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" 1817// The request was rejected because a specified parameter is not supported or 1818// a specified resource is not valid for this operation. 1819// 1820// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation 1821func (c *KMS) DisableKeyRotation(input *DisableKeyRotationInput) (*DisableKeyRotationOutput, error) { 1822 req, out := c.DisableKeyRotationRequest(input) 1823 return out, req.Send() 1824} 1825 1826// DisableKeyRotationWithContext is the same as DisableKeyRotation with the addition of 1827// the ability to pass a context and additional request options. 1828// 1829// See DisableKeyRotation for details on how to use this API operation. 1830// 1831// The context must be non-nil and will be used for request cancellation. If 1832// the context is nil a panic will occur. In the future the SDK may create 1833// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1834// for more information on using Contexts. 1835func (c *KMS) DisableKeyRotationWithContext(ctx aws.Context, input *DisableKeyRotationInput, opts ...request.Option) (*DisableKeyRotationOutput, error) { 1836 req, out := c.DisableKeyRotationRequest(input) 1837 req.SetContext(ctx) 1838 req.ApplyOptions(opts...) 1839 return out, req.Send() 1840} 1841 1842const opDisconnectCustomKeyStore = "DisconnectCustomKeyStore" 1843 1844// DisconnectCustomKeyStoreRequest generates a "aws/request.Request" representing the 1845// client's request for the DisconnectCustomKeyStore operation. The "output" return 1846// value will be populated with the request's response once the request completes 1847// successfully. 1848// 1849// Use "Send" method on the returned Request to send the API call to the service. 1850// the "output" return value is not valid until after Send returns without error. 1851// 1852// See DisconnectCustomKeyStore for more information on using the DisconnectCustomKeyStore 1853// API call, and error handling. 1854// 1855// This method is useful when you want to inject custom logic or configuration 1856// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1857// 1858// 1859// // Example sending a request using the DisconnectCustomKeyStoreRequest method. 1860// req, resp := client.DisconnectCustomKeyStoreRequest(params) 1861// 1862// err := req.Send() 1863// if err == nil { // resp is now filled 1864// fmt.Println(resp) 1865// } 1866// 1867// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStore 1868func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInput) (req *request.Request, output *DisconnectCustomKeyStoreOutput) { 1869 op := &request.Operation{ 1870 Name: opDisconnectCustomKeyStore, 1871 HTTPMethod: "POST", 1872 HTTPPath: "/", 1873 } 1874 1875 if input == nil { 1876 input = &DisconnectCustomKeyStoreInput{} 1877 } 1878 1879 output = &DisconnectCustomKeyStoreOutput{} 1880 req = c.newRequest(op, input, output) 1881 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 1882 return 1883} 1884 1885// DisconnectCustomKeyStore API operation for AWS Key Management Service. 1886// 1887// Disconnects the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 1888// from its associated AWS CloudHSM cluster. While a custom key store is disconnected, 1889// you can manage the custom key store and its customer master keys (CMKs), 1890// but you cannot create or use CMKs in the custom key store. You can reconnect 1891// the custom key store at any time. 1892// 1893// While a custom key store is disconnected, all attempts to create customer 1894// master keys (CMKs) in the custom key store or to use existing CMKs in cryptographic 1895// operations will fail. This action can prevent users from storing and accessing 1896// sensitive data. 1897// 1898// To find the connection state of a custom key store, use the DescribeCustomKeyStores 1899// operation. To reconnect a custom key store, use the ConnectCustomKeyStore 1900// operation. 1901// 1902// If the operation succeeds, it returns a JSON object with no properties. 1903// 1904// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 1905// feature in AWS KMS, which combines the convenience and extensive integration 1906// of AWS KMS with the isolation and control of a single-tenant key store. 1907// 1908// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 1909// with awserr.Error's Code and Message methods to get detailed information about 1910// the error. 1911// 1912// See the AWS API reference guide for AWS Key Management Service's 1913// API operation DisconnectCustomKeyStore for usage and error information. 1914// 1915// Returned Error Codes: 1916// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" 1917// The request was rejected because of the ConnectionState of the custom key 1918// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores 1919// operation. 1920// 1921// This exception is thrown under the following conditions: 1922// 1923// * You requested the CreateKey or GenerateRandom operation in a custom 1924// key store that is not connected. These operations are valid only when 1925// the custom key store ConnectionState is CONNECTED. 1926// 1927// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation 1928// on a custom key store that is not disconnected. This operation is valid 1929// only when the custom key store ConnectionState is DISCONNECTED. 1930// 1931// * You requested the ConnectCustomKeyStore operation on a custom key store 1932// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid 1933// for all other ConnectionState values. 1934// 1935// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" 1936// The request was rejected because AWS KMS cannot find a custom key store with 1937// the specified key store name or ID. 1938// 1939// * ErrCodeInternalException "KMSInternalException" 1940// The request was rejected because an internal exception occurred. The request 1941// can be retried. 1942// 1943// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStore 1944func (c *KMS) DisconnectCustomKeyStore(input *DisconnectCustomKeyStoreInput) (*DisconnectCustomKeyStoreOutput, error) { 1945 req, out := c.DisconnectCustomKeyStoreRequest(input) 1946 return out, req.Send() 1947} 1948 1949// DisconnectCustomKeyStoreWithContext is the same as DisconnectCustomKeyStore with the addition of 1950// the ability to pass a context and additional request options. 1951// 1952// See DisconnectCustomKeyStore for details on how to use this API operation. 1953// 1954// The context must be non-nil and will be used for request cancellation. If 1955// the context is nil a panic will occur. In the future the SDK may create 1956// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 1957// for more information on using Contexts. 1958func (c *KMS) DisconnectCustomKeyStoreWithContext(ctx aws.Context, input *DisconnectCustomKeyStoreInput, opts ...request.Option) (*DisconnectCustomKeyStoreOutput, error) { 1959 req, out := c.DisconnectCustomKeyStoreRequest(input) 1960 req.SetContext(ctx) 1961 req.ApplyOptions(opts...) 1962 return out, req.Send() 1963} 1964 1965const opEnableKey = "EnableKey" 1966 1967// EnableKeyRequest generates a "aws/request.Request" representing the 1968// client's request for the EnableKey operation. The "output" return 1969// value will be populated with the request's response once the request completes 1970// successfully. 1971// 1972// Use "Send" method on the returned Request to send the API call to the service. 1973// the "output" return value is not valid until after Send returns without error. 1974// 1975// See EnableKey for more information on using the EnableKey 1976// API call, and error handling. 1977// 1978// This method is useful when you want to inject custom logic or configuration 1979// into the SDK's request lifecycle. Such as custom headers, or retry logic. 1980// 1981// 1982// // Example sending a request using the EnableKeyRequest method. 1983// req, resp := client.EnableKeyRequest(params) 1984// 1985// err := req.Send() 1986// if err == nil { // resp is now filled 1987// fmt.Println(resp) 1988// } 1989// 1990// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey 1991func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, output *EnableKeyOutput) { 1992 op := &request.Operation{ 1993 Name: opEnableKey, 1994 HTTPMethod: "POST", 1995 HTTPPath: "/", 1996 } 1997 1998 if input == nil { 1999 input = &EnableKeyInput{} 2000 } 2001 2002 output = &EnableKeyOutput{} 2003 req = c.newRequest(op, input, output) 2004 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2005 return 2006} 2007 2008// EnableKey API operation for AWS Key Management Service. 2009// 2010// Sets the key state of a customer master key (CMK) to enabled. This allows 2011// you to use the CMK for cryptographic operations. You cannot perform this 2012// operation on a CMK in a different AWS account. 2013// 2014// The result of this operation varies with the key state of the CMK. For details, 2015// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2016// in the AWS Key Management Service Developer Guide. 2017// 2018// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2019// with awserr.Error's Code and Message methods to get detailed information about 2020// the error. 2021// 2022// See the AWS API reference guide for AWS Key Management Service's 2023// API operation EnableKey for usage and error information. 2024// 2025// Returned Error Codes: 2026// * ErrCodeNotFoundException "NotFoundException" 2027// The request was rejected because the specified entity or resource could not 2028// be found. 2029// 2030// * ErrCodeInvalidArnException "InvalidArnException" 2031// The request was rejected because a specified ARN, or an ARN in a key policy, 2032// is not valid. 2033// 2034// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 2035// The system timed out while trying to fulfill the request. The request can 2036// be retried. 2037// 2038// * ErrCodeInternalException "KMSInternalException" 2039// The request was rejected because an internal exception occurred. The request 2040// can be retried. 2041// 2042// * ErrCodeLimitExceededException "LimitExceededException" 2043// The request was rejected because a limit was exceeded. For more information, 2044// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) 2045// in the AWS Key Management Service Developer Guide. 2046// 2047// * ErrCodeInvalidStateException "KMSInvalidStateException" 2048// The request was rejected because the state of the specified resource is not 2049// valid for this request. 2050// 2051// For more information about how key state affects the use of a CMK, see How 2052// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2053// in the AWS Key Management Service Developer Guide. 2054// 2055// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey 2056func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { 2057 req, out := c.EnableKeyRequest(input) 2058 return out, req.Send() 2059} 2060 2061// EnableKeyWithContext is the same as EnableKey with the addition of 2062// the ability to pass a context and additional request options. 2063// 2064// See EnableKey for details on how to use this API operation. 2065// 2066// The context must be non-nil and will be used for request cancellation. If 2067// the context is nil a panic will occur. In the future the SDK may create 2068// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2069// for more information on using Contexts. 2070func (c *KMS) EnableKeyWithContext(ctx aws.Context, input *EnableKeyInput, opts ...request.Option) (*EnableKeyOutput, error) { 2071 req, out := c.EnableKeyRequest(input) 2072 req.SetContext(ctx) 2073 req.ApplyOptions(opts...) 2074 return out, req.Send() 2075} 2076 2077const opEnableKeyRotation = "EnableKeyRotation" 2078 2079// EnableKeyRotationRequest generates a "aws/request.Request" representing the 2080// client's request for the EnableKeyRotation operation. The "output" return 2081// value will be populated with the request's response once the request completes 2082// successfully. 2083// 2084// Use "Send" method on the returned Request to send the API call to the service. 2085// the "output" return value is not valid until after Send returns without error. 2086// 2087// See EnableKeyRotation for more information on using the EnableKeyRotation 2088// API call, and error handling. 2089// 2090// This method is useful when you want to inject custom logic or configuration 2091// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2092// 2093// 2094// // Example sending a request using the EnableKeyRotationRequest method. 2095// req, resp := client.EnableKeyRotationRequest(params) 2096// 2097// err := req.Send() 2098// if err == nil { // resp is now filled 2099// fmt.Println(resp) 2100// } 2101// 2102// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation 2103func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *request.Request, output *EnableKeyRotationOutput) { 2104 op := &request.Operation{ 2105 Name: opEnableKeyRotation, 2106 HTTPMethod: "POST", 2107 HTTPPath: "/", 2108 } 2109 2110 if input == nil { 2111 input = &EnableKeyRotationInput{} 2112 } 2113 2114 output = &EnableKeyRotationOutput{} 2115 req = c.newRequest(op, input, output) 2116 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 2117 return 2118} 2119 2120// EnableKeyRotation API operation for AWS Key Management Service. 2121// 2122// Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) 2123// for the specified customer master key (CMK). You cannot perform this operation 2124// on a CMK in a different AWS account. 2125// 2126// You cannot enable automatic rotation of CMKs with imported key material or 2127// CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). 2128// 2129// The result of this operation varies with the key state of the CMK. For details, 2130// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2131// in the AWS Key Management Service Developer Guide. 2132// 2133// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2134// with awserr.Error's Code and Message methods to get detailed information about 2135// the error. 2136// 2137// See the AWS API reference guide for AWS Key Management Service's 2138// API operation EnableKeyRotation for usage and error information. 2139// 2140// Returned Error Codes: 2141// * ErrCodeNotFoundException "NotFoundException" 2142// The request was rejected because the specified entity or resource could not 2143// be found. 2144// 2145// * ErrCodeDisabledException "DisabledException" 2146// The request was rejected because the specified CMK is not enabled. 2147// 2148// * ErrCodeInvalidArnException "InvalidArnException" 2149// The request was rejected because a specified ARN, or an ARN in a key policy, 2150// is not valid. 2151// 2152// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 2153// The system timed out while trying to fulfill the request. The request can 2154// be retried. 2155// 2156// * ErrCodeInternalException "KMSInternalException" 2157// The request was rejected because an internal exception occurred. The request 2158// can be retried. 2159// 2160// * ErrCodeInvalidStateException "KMSInvalidStateException" 2161// The request was rejected because the state of the specified resource is not 2162// valid for this request. 2163// 2164// For more information about how key state affects the use of a CMK, see How 2165// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2166// in the AWS Key Management Service Developer Guide. 2167// 2168// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" 2169// The request was rejected because a specified parameter is not supported or 2170// a specified resource is not valid for this operation. 2171// 2172// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation 2173func (c *KMS) EnableKeyRotation(input *EnableKeyRotationInput) (*EnableKeyRotationOutput, error) { 2174 req, out := c.EnableKeyRotationRequest(input) 2175 return out, req.Send() 2176} 2177 2178// EnableKeyRotationWithContext is the same as EnableKeyRotation with the addition of 2179// the ability to pass a context and additional request options. 2180// 2181// See EnableKeyRotation for details on how to use this API operation. 2182// 2183// The context must be non-nil and will be used for request cancellation. If 2184// the context is nil a panic will occur. In the future the SDK may create 2185// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2186// for more information on using Contexts. 2187func (c *KMS) EnableKeyRotationWithContext(ctx aws.Context, input *EnableKeyRotationInput, opts ...request.Option) (*EnableKeyRotationOutput, error) { 2188 req, out := c.EnableKeyRotationRequest(input) 2189 req.SetContext(ctx) 2190 req.ApplyOptions(opts...) 2191 return out, req.Send() 2192} 2193 2194const opEncrypt = "Encrypt" 2195 2196// EncryptRequest generates a "aws/request.Request" representing the 2197// client's request for the Encrypt operation. The "output" return 2198// value will be populated with the request's response once the request completes 2199// successfully. 2200// 2201// Use "Send" method on the returned Request to send the API call to the service. 2202// the "output" return value is not valid until after Send returns without error. 2203// 2204// See Encrypt for more information on using the Encrypt 2205// API call, and error handling. 2206// 2207// This method is useful when you want to inject custom logic or configuration 2208// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2209// 2210// 2211// // Example sending a request using the EncryptRequest method. 2212// req, resp := client.EncryptRequest(params) 2213// 2214// err := req.Send() 2215// if err == nil { // resp is now filled 2216// fmt.Println(resp) 2217// } 2218// 2219// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt 2220func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output *EncryptOutput) { 2221 op := &request.Operation{ 2222 Name: opEncrypt, 2223 HTTPMethod: "POST", 2224 HTTPPath: "/", 2225 } 2226 2227 if input == nil { 2228 input = &EncryptInput{} 2229 } 2230 2231 output = &EncryptOutput{} 2232 req = c.newRequest(op, input, output) 2233 return 2234} 2235 2236// Encrypt API operation for AWS Key Management Service. 2237// 2238// Encrypts plaintext into ciphertext by using a customer master key (CMK). 2239// The Encrypt operation has two primary use cases: 2240// 2241// * You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such 2242// as an RSA key, a database password, or other sensitive information. 2243// 2244// * You can use the Encrypt operation to move encrypted data from one AWS 2245// region to another. In the first region, generate a data key and use the 2246// plaintext key to encrypt the data. Then, in the new region, call the Encrypt 2247// method on same plaintext data key. Now, you can safely move the encrypted 2248// data and encrypted data key to the new region, and decrypt in the new 2249// region when necessary. 2250// 2251// You don't need use this operation to encrypt a data key within a region. 2252// The GenerateDataKey and GenerateDataKeyWithoutPlaintext operations return 2253// an encrypted data key. 2254// 2255// Also, you don't need to use this operation to encrypt data in your application. 2256// You can use the plaintext and encrypted data keys that the GenerateDataKey 2257// operation returns. 2258// 2259// The result of this operation varies with the key state of the CMK. For details, 2260// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2261// in the AWS Key Management Service Developer Guide. 2262// 2263// To perform this operation on a CMK in a different AWS account, specify the 2264// key ARN or alias ARN in the value of the KeyId parameter. 2265// 2266// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2267// with awserr.Error's Code and Message methods to get detailed information about 2268// the error. 2269// 2270// See the AWS API reference guide for AWS Key Management Service's 2271// API operation Encrypt for usage and error information. 2272// 2273// Returned Error Codes: 2274// * ErrCodeNotFoundException "NotFoundException" 2275// The request was rejected because the specified entity or resource could not 2276// be found. 2277// 2278// * ErrCodeDisabledException "DisabledException" 2279// The request was rejected because the specified CMK is not enabled. 2280// 2281// * ErrCodeKeyUnavailableException "KeyUnavailableException" 2282// The request was rejected because the specified CMK was not available. The 2283// request can be retried. 2284// 2285// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 2286// The system timed out while trying to fulfill the request. The request can 2287// be retried. 2288// 2289// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" 2290// The request was rejected because the specified KeySpec value is not valid. 2291// 2292// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" 2293// The request was rejected because the specified grant token is not valid. 2294// 2295// * ErrCodeInternalException "KMSInternalException" 2296// The request was rejected because an internal exception occurred. The request 2297// can be retried. 2298// 2299// * ErrCodeInvalidStateException "KMSInvalidStateException" 2300// The request was rejected because the state of the specified resource is not 2301// valid for this request. 2302// 2303// For more information about how key state affects the use of a CMK, see How 2304// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2305// in the AWS Key Management Service Developer Guide. 2306// 2307// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt 2308func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { 2309 req, out := c.EncryptRequest(input) 2310 return out, req.Send() 2311} 2312 2313// EncryptWithContext is the same as Encrypt with the addition of 2314// the ability to pass a context and additional request options. 2315// 2316// See Encrypt for details on how to use this API operation. 2317// 2318// The context must be non-nil and will be used for request cancellation. If 2319// the context is nil a panic will occur. In the future the SDK may create 2320// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2321// for more information on using Contexts. 2322func (c *KMS) EncryptWithContext(ctx aws.Context, input *EncryptInput, opts ...request.Option) (*EncryptOutput, error) { 2323 req, out := c.EncryptRequest(input) 2324 req.SetContext(ctx) 2325 req.ApplyOptions(opts...) 2326 return out, req.Send() 2327} 2328 2329const opGenerateDataKey = "GenerateDataKey" 2330 2331// GenerateDataKeyRequest generates a "aws/request.Request" representing the 2332// client's request for the GenerateDataKey operation. The "output" return 2333// value will be populated with the request's response once the request completes 2334// successfully. 2335// 2336// Use "Send" method on the returned Request to send the API call to the service. 2337// the "output" return value is not valid until after Send returns without error. 2338// 2339// See GenerateDataKey for more information on using the GenerateDataKey 2340// API call, and error handling. 2341// 2342// This method is useful when you want to inject custom logic or configuration 2343// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2344// 2345// 2346// // Example sending a request using the GenerateDataKeyRequest method. 2347// req, resp := client.GenerateDataKeyRequest(params) 2348// 2349// err := req.Send() 2350// if err == nil { // resp is now filled 2351// fmt.Println(resp) 2352// } 2353// 2354// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey 2355func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.Request, output *GenerateDataKeyOutput) { 2356 op := &request.Operation{ 2357 Name: opGenerateDataKey, 2358 HTTPMethod: "POST", 2359 HTTPPath: "/", 2360 } 2361 2362 if input == nil { 2363 input = &GenerateDataKeyInput{} 2364 } 2365 2366 output = &GenerateDataKeyOutput{} 2367 req = c.newRequest(op, input, output) 2368 return 2369} 2370 2371// GenerateDataKey API operation for AWS Key Management Service. 2372// 2373// Generates a unique data key. This operation returns a plaintext copy of the 2374// data key and a copy that is encrypted under a customer master key (CMK) that 2375// you specify. You can use the plaintext key to encrypt your data outside of 2376// KMS and store the encrypted data key with the encrypted data. 2377// 2378// GenerateDataKey returns a unique data key for each request. The bytes in 2379// the key are not related to the caller or CMK that is used to encrypt the 2380// data key. 2381// 2382// To generate a data key, you need to specify the customer master key (CMK) 2383// that will be used to encrypt the data key. You must also specify the length 2384// of the data key using either the KeySpec or NumberOfBytes field (but not 2385// both). For common key lengths (128-bit and 256-bit symmetric keys), we recommend 2386// that you use KeySpec. To perform this operation on a CMK in a different AWS 2387// account, specify the key ARN or alias ARN in the value of the KeyId parameter. 2388// 2389// You will find the plaintext copy of the data key in the Plaintext field of 2390// the response, and the encrypted copy of the data key in the CiphertextBlob 2391// field. 2392// 2393// We recommend that you use the following pattern to encrypt data locally in 2394// your application: 2395// 2396// Use the GenerateDataKey operation to get a data encryption key. 2397// 2398// Use the plaintext data key (returned in the Plaintext field of the response) 2399// to encrypt data locally, then erase the plaintext data key from memory. 2400// 2401// Store the encrypted data key (returned in the CiphertextBlob field of the 2402// response) alongside the locally encrypted data. 2403// 2404// To decrypt data locally: 2405// 2406// Use the Decrypt operation to decrypt the encrypted data key. The operation 2407// returns a plaintext copy of the data key. 2408// 2409// Use the plaintext data key to decrypt data locally, then erase the plaintext 2410// data key from memory. 2411// 2412// To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. 2413// To get a cryptographically secure random byte string, use GenerateRandom. 2414// 2415// You can use the optional encryption context to add additional security to 2416// your encryption operation. When you specify an EncryptionContext in the GenerateDataKey 2417// operation, you must specify the same encryption context (a case-sensitive 2418// exact match) in your request to Decrypt the data key. Otherwise, the request 2419// to decrypt fails with an InvalidCiphertextException. For more information, 2420// see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) 2421// in the AWS Key Management Service Developer Guide . 2422// 2423// The result of this operation varies with the key state of the CMK. For details, 2424// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2425// in the AWS Key Management Service Developer Guide. 2426// 2427// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2428// with awserr.Error's Code and Message methods to get detailed information about 2429// the error. 2430// 2431// See the AWS API reference guide for AWS Key Management Service's 2432// API operation GenerateDataKey for usage and error information. 2433// 2434// Returned Error Codes: 2435// * ErrCodeNotFoundException "NotFoundException" 2436// The request was rejected because the specified entity or resource could not 2437// be found. 2438// 2439// * ErrCodeDisabledException "DisabledException" 2440// The request was rejected because the specified CMK is not enabled. 2441// 2442// * ErrCodeKeyUnavailableException "KeyUnavailableException" 2443// The request was rejected because the specified CMK was not available. The 2444// request can be retried. 2445// 2446// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 2447// The system timed out while trying to fulfill the request. The request can 2448// be retried. 2449// 2450// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" 2451// The request was rejected because the specified KeySpec value is not valid. 2452// 2453// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" 2454// The request was rejected because the specified grant token is not valid. 2455// 2456// * ErrCodeInternalException "KMSInternalException" 2457// The request was rejected because an internal exception occurred. The request 2458// can be retried. 2459// 2460// * ErrCodeInvalidStateException "KMSInvalidStateException" 2461// The request was rejected because the state of the specified resource is not 2462// valid for this request. 2463// 2464// For more information about how key state affects the use of a CMK, see How 2465// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2466// in the AWS Key Management Service Developer Guide. 2467// 2468// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey 2469func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { 2470 req, out := c.GenerateDataKeyRequest(input) 2471 return out, req.Send() 2472} 2473 2474// GenerateDataKeyWithContext is the same as GenerateDataKey with the addition of 2475// the ability to pass a context and additional request options. 2476// 2477// See GenerateDataKey for details on how to use this API operation. 2478// 2479// The context must be non-nil and will be used for request cancellation. If 2480// the context is nil a panic will occur. In the future the SDK may create 2481// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2482// for more information on using Contexts. 2483func (c *KMS) GenerateDataKeyWithContext(ctx aws.Context, input *GenerateDataKeyInput, opts ...request.Option) (*GenerateDataKeyOutput, error) { 2484 req, out := c.GenerateDataKeyRequest(input) 2485 req.SetContext(ctx) 2486 req.ApplyOptions(opts...) 2487 return out, req.Send() 2488} 2489 2490const opGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" 2491 2492// GenerateDataKeyWithoutPlaintextRequest generates a "aws/request.Request" representing the 2493// client's request for the GenerateDataKeyWithoutPlaintext operation. The "output" return 2494// value will be populated with the request's response once the request completes 2495// successfully. 2496// 2497// Use "Send" method on the returned Request to send the API call to the service. 2498// the "output" return value is not valid until after Send returns without error. 2499// 2500// See GenerateDataKeyWithoutPlaintext for more information on using the GenerateDataKeyWithoutPlaintext 2501// API call, and error handling. 2502// 2503// This method is useful when you want to inject custom logic or configuration 2504// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2505// 2506// 2507// // Example sending a request using the GenerateDataKeyWithoutPlaintextRequest method. 2508// req, resp := client.GenerateDataKeyWithoutPlaintextRequest(params) 2509// 2510// err := req.Send() 2511// if err == nil { // resp is now filled 2512// fmt.Println(resp) 2513// } 2514// 2515// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext 2516func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWithoutPlaintextInput) (req *request.Request, output *GenerateDataKeyWithoutPlaintextOutput) { 2517 op := &request.Operation{ 2518 Name: opGenerateDataKeyWithoutPlaintext, 2519 HTTPMethod: "POST", 2520 HTTPPath: "/", 2521 } 2522 2523 if input == nil { 2524 input = &GenerateDataKeyWithoutPlaintextInput{} 2525 } 2526 2527 output = &GenerateDataKeyWithoutPlaintextOutput{} 2528 req = c.newRequest(op, input, output) 2529 return 2530} 2531 2532// GenerateDataKeyWithoutPlaintext API operation for AWS Key Management Service. 2533// 2534// Generates a unique data key. This operation returns a data key that is encrypted 2535// under a customer master key (CMK) that you specify. GenerateDataKeyWithoutPlaintext 2536// is identical to GenerateDataKey except that returns only the encrypted copy 2537// of the data key. 2538// 2539// Like GenerateDataKey, GenerateDataKeyWithoutPlaintext returns a unique data 2540// key for each request. The bytes in the key are not related to the caller 2541// or CMK that is used to encrypt the data key. 2542// 2543// This operation is useful for systems that need to encrypt data at some point, 2544// but not immediately. When you need to encrypt the data, you call the Decrypt 2545// operation on the encrypted copy of the key. 2546// 2547// It's also useful in distributed systems with different levels of trust. For 2548// example, you might store encrypted data in containers. One component of your 2549// system creates new containers and stores an encrypted data key with each 2550// container. Then, a different component puts the data into the containers. 2551// That component first decrypts the data key, uses the plaintext data key to 2552// encrypt data, puts the encrypted data into the container, and then destroys 2553// the plaintext data key. In this system, the component that creates the containers 2554// never sees the plaintext data key. 2555// 2556// The result of this operation varies with the key state of the CMK. For details, 2557// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2558// in the AWS Key Management Service Developer Guide. 2559// 2560// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2561// with awserr.Error's Code and Message methods to get detailed information about 2562// the error. 2563// 2564// See the AWS API reference guide for AWS Key Management Service's 2565// API operation GenerateDataKeyWithoutPlaintext for usage and error information. 2566// 2567// Returned Error Codes: 2568// * ErrCodeNotFoundException "NotFoundException" 2569// The request was rejected because the specified entity or resource could not 2570// be found. 2571// 2572// * ErrCodeDisabledException "DisabledException" 2573// The request was rejected because the specified CMK is not enabled. 2574// 2575// * ErrCodeKeyUnavailableException "KeyUnavailableException" 2576// The request was rejected because the specified CMK was not available. The 2577// request can be retried. 2578// 2579// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 2580// The system timed out while trying to fulfill the request. The request can 2581// be retried. 2582// 2583// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" 2584// The request was rejected because the specified KeySpec value is not valid. 2585// 2586// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" 2587// The request was rejected because the specified grant token is not valid. 2588// 2589// * ErrCodeInternalException "KMSInternalException" 2590// The request was rejected because an internal exception occurred. The request 2591// can be retried. 2592// 2593// * ErrCodeInvalidStateException "KMSInvalidStateException" 2594// The request was rejected because the state of the specified resource is not 2595// valid for this request. 2596// 2597// For more information about how key state affects the use of a CMK, see How 2598// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2599// in the AWS Key Management Service Developer Guide. 2600// 2601// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext 2602func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { 2603 req, out := c.GenerateDataKeyWithoutPlaintextRequest(input) 2604 return out, req.Send() 2605} 2606 2607// GenerateDataKeyWithoutPlaintextWithContext is the same as GenerateDataKeyWithoutPlaintext with the addition of 2608// the ability to pass a context and additional request options. 2609// 2610// See GenerateDataKeyWithoutPlaintext for details on how to use this API operation. 2611// 2612// The context must be non-nil and will be used for request cancellation. If 2613// the context is nil a panic will occur. In the future the SDK may create 2614// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2615// for more information on using Contexts. 2616func (c *KMS) GenerateDataKeyWithoutPlaintextWithContext(ctx aws.Context, input *GenerateDataKeyWithoutPlaintextInput, opts ...request.Option) (*GenerateDataKeyWithoutPlaintextOutput, error) { 2617 req, out := c.GenerateDataKeyWithoutPlaintextRequest(input) 2618 req.SetContext(ctx) 2619 req.ApplyOptions(opts...) 2620 return out, req.Send() 2621} 2622 2623const opGenerateRandom = "GenerateRandom" 2624 2625// GenerateRandomRequest generates a "aws/request.Request" representing the 2626// client's request for the GenerateRandom operation. The "output" return 2627// value will be populated with the request's response once the request completes 2628// successfully. 2629// 2630// Use "Send" method on the returned Request to send the API call to the service. 2631// the "output" return value is not valid until after Send returns without error. 2632// 2633// See GenerateRandom for more information on using the GenerateRandom 2634// API call, and error handling. 2635// 2636// This method is useful when you want to inject custom logic or configuration 2637// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2638// 2639// 2640// // Example sending a request using the GenerateRandomRequest method. 2641// req, resp := client.GenerateRandomRequest(params) 2642// 2643// err := req.Send() 2644// if err == nil { // resp is now filled 2645// fmt.Println(resp) 2646// } 2647// 2648// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom 2649func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Request, output *GenerateRandomOutput) { 2650 op := &request.Operation{ 2651 Name: opGenerateRandom, 2652 HTTPMethod: "POST", 2653 HTTPPath: "/", 2654 } 2655 2656 if input == nil { 2657 input = &GenerateRandomInput{} 2658 } 2659 2660 output = &GenerateRandomOutput{} 2661 req = c.newRequest(op, input, output) 2662 return 2663} 2664 2665// GenerateRandom API operation for AWS Key Management Service. 2666// 2667// Returns a random byte string that is cryptographically secure. 2668// 2669// By default, the random byte string is generated in AWS KMS. To generate the 2670// byte string in the AWS CloudHSM cluster that is associated with a custom 2671// key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), 2672// specify the custom key store ID. 2673// 2674// For more information about entropy and random number generation, see the 2675// AWS Key Management Service Cryptographic Details (https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf) 2676// whitepaper. 2677// 2678// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2679// with awserr.Error's Code and Message methods to get detailed information about 2680// the error. 2681// 2682// See the AWS API reference guide for AWS Key Management Service's 2683// API operation GenerateRandom for usage and error information. 2684// 2685// Returned Error Codes: 2686// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 2687// The system timed out while trying to fulfill the request. The request can 2688// be retried. 2689// 2690// * ErrCodeInternalException "KMSInternalException" 2691// The request was rejected because an internal exception occurred. The request 2692// can be retried. 2693// 2694// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" 2695// The request was rejected because AWS KMS cannot find a custom key store with 2696// the specified key store name or ID. 2697// 2698// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" 2699// The request was rejected because of the ConnectionState of the custom key 2700// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores 2701// operation. 2702// 2703// This exception is thrown under the following conditions: 2704// 2705// * You requested the CreateKey or GenerateRandom operation in a custom 2706// key store that is not connected. These operations are valid only when 2707// the custom key store ConnectionState is CONNECTED. 2708// 2709// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation 2710// on a custom key store that is not disconnected. This operation is valid 2711// only when the custom key store ConnectionState is DISCONNECTED. 2712// 2713// * You requested the ConnectCustomKeyStore operation on a custom key store 2714// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid 2715// for all other ConnectionState values. 2716// 2717// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom 2718func (c *KMS) GenerateRandom(input *GenerateRandomInput) (*GenerateRandomOutput, error) { 2719 req, out := c.GenerateRandomRequest(input) 2720 return out, req.Send() 2721} 2722 2723// GenerateRandomWithContext is the same as GenerateRandom with the addition of 2724// the ability to pass a context and additional request options. 2725// 2726// See GenerateRandom for details on how to use this API operation. 2727// 2728// The context must be non-nil and will be used for request cancellation. If 2729// the context is nil a panic will occur. In the future the SDK may create 2730// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2731// for more information on using Contexts. 2732func (c *KMS) GenerateRandomWithContext(ctx aws.Context, input *GenerateRandomInput, opts ...request.Option) (*GenerateRandomOutput, error) { 2733 req, out := c.GenerateRandomRequest(input) 2734 req.SetContext(ctx) 2735 req.ApplyOptions(opts...) 2736 return out, req.Send() 2737} 2738 2739const opGetKeyPolicy = "GetKeyPolicy" 2740 2741// GetKeyPolicyRequest generates a "aws/request.Request" representing the 2742// client's request for the GetKeyPolicy operation. The "output" return 2743// value will be populated with the request's response once the request completes 2744// successfully. 2745// 2746// Use "Send" method on the returned Request to send the API call to the service. 2747// the "output" return value is not valid until after Send returns without error. 2748// 2749// See GetKeyPolicy for more information on using the GetKeyPolicy 2750// API call, and error handling. 2751// 2752// This method is useful when you want to inject custom logic or configuration 2753// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2754// 2755// 2756// // Example sending a request using the GetKeyPolicyRequest method. 2757// req, resp := client.GetKeyPolicyRequest(params) 2758// 2759// err := req.Send() 2760// if err == nil { // resp is now filled 2761// fmt.Println(resp) 2762// } 2763// 2764// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy 2765func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Request, output *GetKeyPolicyOutput) { 2766 op := &request.Operation{ 2767 Name: opGetKeyPolicy, 2768 HTTPMethod: "POST", 2769 HTTPPath: "/", 2770 } 2771 2772 if input == nil { 2773 input = &GetKeyPolicyInput{} 2774 } 2775 2776 output = &GetKeyPolicyOutput{} 2777 req = c.newRequest(op, input, output) 2778 return 2779} 2780 2781// GetKeyPolicy API operation for AWS Key Management Service. 2782// 2783// Gets a key policy attached to the specified customer master key (CMK). You 2784// cannot perform this operation on a CMK in a different AWS account. 2785// 2786// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2787// with awserr.Error's Code and Message methods to get detailed information about 2788// the error. 2789// 2790// See the AWS API reference guide for AWS Key Management Service's 2791// API operation GetKeyPolicy for usage and error information. 2792// 2793// Returned Error Codes: 2794// * ErrCodeNotFoundException "NotFoundException" 2795// The request was rejected because the specified entity or resource could not 2796// be found. 2797// 2798// * ErrCodeInvalidArnException "InvalidArnException" 2799// The request was rejected because a specified ARN, or an ARN in a key policy, 2800// is not valid. 2801// 2802// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 2803// The system timed out while trying to fulfill the request. The request can 2804// be retried. 2805// 2806// * ErrCodeInternalException "KMSInternalException" 2807// The request was rejected because an internal exception occurred. The request 2808// can be retried. 2809// 2810// * ErrCodeInvalidStateException "KMSInvalidStateException" 2811// The request was rejected because the state of the specified resource is not 2812// valid for this request. 2813// 2814// For more information about how key state affects the use of a CMK, see How 2815// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2816// in the AWS Key Management Service Developer Guide. 2817// 2818// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy 2819func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { 2820 req, out := c.GetKeyPolicyRequest(input) 2821 return out, req.Send() 2822} 2823 2824// GetKeyPolicyWithContext is the same as GetKeyPolicy with the addition of 2825// the ability to pass a context and additional request options. 2826// 2827// See GetKeyPolicy for details on how to use this API operation. 2828// 2829// The context must be non-nil and will be used for request cancellation. If 2830// the context is nil a panic will occur. In the future the SDK may create 2831// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2832// for more information on using Contexts. 2833func (c *KMS) GetKeyPolicyWithContext(ctx aws.Context, input *GetKeyPolicyInput, opts ...request.Option) (*GetKeyPolicyOutput, error) { 2834 req, out := c.GetKeyPolicyRequest(input) 2835 req.SetContext(ctx) 2836 req.ApplyOptions(opts...) 2837 return out, req.Send() 2838} 2839 2840const opGetKeyRotationStatus = "GetKeyRotationStatus" 2841 2842// GetKeyRotationStatusRequest generates a "aws/request.Request" representing the 2843// client's request for the GetKeyRotationStatus operation. The "output" return 2844// value will be populated with the request's response once the request completes 2845// successfully. 2846// 2847// Use "Send" method on the returned Request to send the API call to the service. 2848// the "output" return value is not valid until after Send returns without error. 2849// 2850// See GetKeyRotationStatus for more information on using the GetKeyRotationStatus 2851// API call, and error handling. 2852// 2853// This method is useful when you want to inject custom logic or configuration 2854// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2855// 2856// 2857// // Example sending a request using the GetKeyRotationStatusRequest method. 2858// req, resp := client.GetKeyRotationStatusRequest(params) 2859// 2860// err := req.Send() 2861// if err == nil { // resp is now filled 2862// fmt.Println(resp) 2863// } 2864// 2865// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus 2866func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req *request.Request, output *GetKeyRotationStatusOutput) { 2867 op := &request.Operation{ 2868 Name: opGetKeyRotationStatus, 2869 HTTPMethod: "POST", 2870 HTTPPath: "/", 2871 } 2872 2873 if input == nil { 2874 input = &GetKeyRotationStatusInput{} 2875 } 2876 2877 output = &GetKeyRotationStatusOutput{} 2878 req = c.newRequest(op, input, output) 2879 return 2880} 2881 2882// GetKeyRotationStatus API operation for AWS Key Management Service. 2883// 2884// Gets a Boolean value that indicates whether automatic rotation of the key 2885// material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) 2886// is enabled for the specified customer master key (CMK). 2887// 2888// The result of this operation varies with the key state of the CMK. For details, 2889// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2890// in the AWS Key Management Service Developer Guide. 2891// 2892// * Disabled: The key rotation status does not change when you disable a 2893// CMK. However, while the CMK is disabled, AWS KMS does not rotate the backing 2894// key. 2895// 2896// * Pending deletion: While a CMK is pending deletion, its key rotation 2897// status is false and AWS KMS does not rotate the backing key. If you cancel 2898// the deletion, the original key rotation status is restored. 2899// 2900// To perform this operation on a CMK in a different AWS account, specify the 2901// key ARN in the value of the KeyId parameter. 2902// 2903// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 2904// with awserr.Error's Code and Message methods to get detailed information about 2905// the error. 2906// 2907// See the AWS API reference guide for AWS Key Management Service's 2908// API operation GetKeyRotationStatus for usage and error information. 2909// 2910// Returned Error Codes: 2911// * ErrCodeNotFoundException "NotFoundException" 2912// The request was rejected because the specified entity or resource could not 2913// be found. 2914// 2915// * ErrCodeInvalidArnException "InvalidArnException" 2916// The request was rejected because a specified ARN, or an ARN in a key policy, 2917// is not valid. 2918// 2919// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 2920// The system timed out while trying to fulfill the request. The request can 2921// be retried. 2922// 2923// * ErrCodeInternalException "KMSInternalException" 2924// The request was rejected because an internal exception occurred. The request 2925// can be retried. 2926// 2927// * ErrCodeInvalidStateException "KMSInvalidStateException" 2928// The request was rejected because the state of the specified resource is not 2929// valid for this request. 2930// 2931// For more information about how key state affects the use of a CMK, see How 2932// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 2933// in the AWS Key Management Service Developer Guide. 2934// 2935// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" 2936// The request was rejected because a specified parameter is not supported or 2937// a specified resource is not valid for this operation. 2938// 2939// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus 2940func (c *KMS) GetKeyRotationStatus(input *GetKeyRotationStatusInput) (*GetKeyRotationStatusOutput, error) { 2941 req, out := c.GetKeyRotationStatusRequest(input) 2942 return out, req.Send() 2943} 2944 2945// GetKeyRotationStatusWithContext is the same as GetKeyRotationStatus with the addition of 2946// the ability to pass a context and additional request options. 2947// 2948// See GetKeyRotationStatus for details on how to use this API operation. 2949// 2950// The context must be non-nil and will be used for request cancellation. If 2951// the context is nil a panic will occur. In the future the SDK may create 2952// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 2953// for more information on using Contexts. 2954func (c *KMS) GetKeyRotationStatusWithContext(ctx aws.Context, input *GetKeyRotationStatusInput, opts ...request.Option) (*GetKeyRotationStatusOutput, error) { 2955 req, out := c.GetKeyRotationStatusRequest(input) 2956 req.SetContext(ctx) 2957 req.ApplyOptions(opts...) 2958 return out, req.Send() 2959} 2960 2961const opGetParametersForImport = "GetParametersForImport" 2962 2963// GetParametersForImportRequest generates a "aws/request.Request" representing the 2964// client's request for the GetParametersForImport operation. The "output" return 2965// value will be populated with the request's response once the request completes 2966// successfully. 2967// 2968// Use "Send" method on the returned Request to send the API call to the service. 2969// the "output" return value is not valid until after Send returns without error. 2970// 2971// See GetParametersForImport for more information on using the GetParametersForImport 2972// API call, and error handling. 2973// 2974// This method is useful when you want to inject custom logic or configuration 2975// into the SDK's request lifecycle. Such as custom headers, or retry logic. 2976// 2977// 2978// // Example sending a request using the GetParametersForImportRequest method. 2979// req, resp := client.GetParametersForImportRequest(params) 2980// 2981// err := req.Send() 2982// if err == nil { // resp is now filled 2983// fmt.Println(resp) 2984// } 2985// 2986// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport 2987func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) (req *request.Request, output *GetParametersForImportOutput) { 2988 op := &request.Operation{ 2989 Name: opGetParametersForImport, 2990 HTTPMethod: "POST", 2991 HTTPPath: "/", 2992 } 2993 2994 if input == nil { 2995 input = &GetParametersForImportInput{} 2996 } 2997 2998 output = &GetParametersForImportOutput{} 2999 req = c.newRequest(op, input, output) 3000 return 3001} 3002 3003// GetParametersForImport API operation for AWS Key Management Service. 3004// 3005// Returns the items you need in order to import key material into AWS KMS from 3006// your existing key management infrastructure. For more information about importing 3007// key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) 3008// in the AWS Key Management Service Developer Guide. 3009// 3010// You must specify the key ID of the customer master key (CMK) into which you 3011// will import key material. This CMK's Origin must be EXTERNAL. You must also 3012// specify the wrapping algorithm and type of wrapping key (public key) that 3013// you will use to encrypt the key material. You cannot perform this operation 3014// on a CMK in a different AWS account. 3015// 3016// This operation returns a public key and an import token. Use the public key 3017// to encrypt the key material. Store the import token to send with a subsequent 3018// ImportKeyMaterial request. The public key and import token from the same 3019// response must be used together. These items are valid for 24 hours. When 3020// they expire, they cannot be used for a subsequent ImportKeyMaterial request. 3021// To get new ones, send another GetParametersForImport request. 3022// 3023// The result of this operation varies with the key state of the CMK. For details, 3024// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 3025// in the AWS Key Management Service Developer Guide. 3026// 3027// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3028// with awserr.Error's Code and Message methods to get detailed information about 3029// the error. 3030// 3031// See the AWS API reference guide for AWS Key Management Service's 3032// API operation GetParametersForImport for usage and error information. 3033// 3034// Returned Error Codes: 3035// * ErrCodeInvalidArnException "InvalidArnException" 3036// The request was rejected because a specified ARN, or an ARN in a key policy, 3037// is not valid. 3038// 3039// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" 3040// The request was rejected because a specified parameter is not supported or 3041// a specified resource is not valid for this operation. 3042// 3043// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 3044// The system timed out while trying to fulfill the request. The request can 3045// be retried. 3046// 3047// * ErrCodeNotFoundException "NotFoundException" 3048// The request was rejected because the specified entity or resource could not 3049// be found. 3050// 3051// * ErrCodeInternalException "KMSInternalException" 3052// The request was rejected because an internal exception occurred. The request 3053// can be retried. 3054// 3055// * ErrCodeInvalidStateException "KMSInvalidStateException" 3056// The request was rejected because the state of the specified resource is not 3057// valid for this request. 3058// 3059// For more information about how key state affects the use of a CMK, see How 3060// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 3061// in the AWS Key Management Service Developer Guide. 3062// 3063// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport 3064func (c *KMS) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) { 3065 req, out := c.GetParametersForImportRequest(input) 3066 return out, req.Send() 3067} 3068 3069// GetParametersForImportWithContext is the same as GetParametersForImport with the addition of 3070// the ability to pass a context and additional request options. 3071// 3072// See GetParametersForImport for details on how to use this API operation. 3073// 3074// The context must be non-nil and will be used for request cancellation. If 3075// the context is nil a panic will occur. In the future the SDK may create 3076// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3077// for more information on using Contexts. 3078func (c *KMS) GetParametersForImportWithContext(ctx aws.Context, input *GetParametersForImportInput, opts ...request.Option) (*GetParametersForImportOutput, error) { 3079 req, out := c.GetParametersForImportRequest(input) 3080 req.SetContext(ctx) 3081 req.ApplyOptions(opts...) 3082 return out, req.Send() 3083} 3084 3085const opImportKeyMaterial = "ImportKeyMaterial" 3086 3087// ImportKeyMaterialRequest generates a "aws/request.Request" representing the 3088// client's request for the ImportKeyMaterial operation. The "output" return 3089// value will be populated with the request's response once the request completes 3090// successfully. 3091// 3092// Use "Send" method on the returned Request to send the API call to the service. 3093// the "output" return value is not valid until after Send returns without error. 3094// 3095// See ImportKeyMaterial for more information on using the ImportKeyMaterial 3096// API call, and error handling. 3097// 3098// This method is useful when you want to inject custom logic or configuration 3099// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3100// 3101// 3102// // Example sending a request using the ImportKeyMaterialRequest method. 3103// req, resp := client.ImportKeyMaterialRequest(params) 3104// 3105// err := req.Send() 3106// if err == nil { // resp is now filled 3107// fmt.Println(resp) 3108// } 3109// 3110// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial 3111func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *request.Request, output *ImportKeyMaterialOutput) { 3112 op := &request.Operation{ 3113 Name: opImportKeyMaterial, 3114 HTTPMethod: "POST", 3115 HTTPPath: "/", 3116 } 3117 3118 if input == nil { 3119 input = &ImportKeyMaterialInput{} 3120 } 3121 3122 output = &ImportKeyMaterialOutput{} 3123 req = c.newRequest(op, input, output) 3124 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 3125 return 3126} 3127 3128// ImportKeyMaterial API operation for AWS Key Management Service. 3129// 3130// Imports key material into an existing AWS KMS customer master key (CMK) that 3131// was created without key material. You cannot perform this operation on a 3132// CMK in a different AWS account. For more information about creating CMKs 3133// with no key material and then importing key material, see Importing Key Material 3134// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) 3135// in the AWS Key Management Service Developer Guide. 3136// 3137// Before using this operation, call GetParametersForImport. Its response includes 3138// a public key and an import token. Use the public key to encrypt the key material. 3139// Then, submit the import token from the same GetParametersForImport response. 3140// 3141// When calling this operation, you must specify the following values: 3142// 3143// * The key ID or key ARN of a CMK with no key material. Its Origin must 3144// be EXTERNAL. To create a CMK with no key material, call CreateKey and 3145// set the value of its Origin parameter to EXTERNAL. To get the Origin of 3146// a CMK, call DescribeKey.) 3147// 3148// * The encrypted key material. To get the public key to encrypt the key 3149// material, call GetParametersForImport. 3150// 3151// * The import token that GetParametersForImport returned. This token and 3152// the public key used to encrypt the key material must have come from the 3153// same response. 3154// 3155// * Whether the key material expires and if so, when. If you set an expiration 3156// date, you can change it only by reimporting the same key material and 3157// specifying a new expiration date. If the key material expires, AWS KMS 3158// deletes the key material and the CMK becomes unusable. To use the CMK 3159// again, you must reimport the same key material. 3160// 3161// When this operation is successful, the key state of the CMK changes from 3162// PendingImport to Enabled, and you can use the CMK. After you successfully 3163// import key material into a CMK, you can reimport the same key material into 3164// that CMK, but you cannot import different key material. 3165// 3166// The result of this operation varies with the key state of the CMK. For details, 3167// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 3168// in the AWS Key Management Service Developer Guide. 3169// 3170// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3171// with awserr.Error's Code and Message methods to get detailed information about 3172// the error. 3173// 3174// See the AWS API reference guide for AWS Key Management Service's 3175// API operation ImportKeyMaterial for usage and error information. 3176// 3177// Returned Error Codes: 3178// * ErrCodeInvalidArnException "InvalidArnException" 3179// The request was rejected because a specified ARN, or an ARN in a key policy, 3180// is not valid. 3181// 3182// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" 3183// The request was rejected because a specified parameter is not supported or 3184// a specified resource is not valid for this operation. 3185// 3186// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 3187// The system timed out while trying to fulfill the request. The request can 3188// be retried. 3189// 3190// * ErrCodeNotFoundException "NotFoundException" 3191// The request was rejected because the specified entity or resource could not 3192// be found. 3193// 3194// * ErrCodeInternalException "KMSInternalException" 3195// The request was rejected because an internal exception occurred. The request 3196// can be retried. 3197// 3198// * ErrCodeInvalidStateException "KMSInvalidStateException" 3199// The request was rejected because the state of the specified resource is not 3200// valid for this request. 3201// 3202// For more information about how key state affects the use of a CMK, see How 3203// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 3204// in the AWS Key Management Service Developer Guide. 3205// 3206// * ErrCodeInvalidCiphertextException "InvalidCiphertextException" 3207// The request was rejected because the specified ciphertext, or additional 3208// authenticated data incorporated into the ciphertext, such as the encryption 3209// context, is corrupted, missing, or otherwise invalid. 3210// 3211// * ErrCodeIncorrectKeyMaterialException "IncorrectKeyMaterialException" 3212// The request was rejected because the provided key material is invalid or 3213// is not the same key material that was previously imported into this customer 3214// master key (CMK). 3215// 3216// * ErrCodeExpiredImportTokenException "ExpiredImportTokenException" 3217// The request was rejected because the provided import token is expired. Use 3218// GetParametersForImport to get a new import token and public key, use the 3219// new public key to encrypt the key material, and then try the request again. 3220// 3221// * ErrCodeInvalidImportTokenException "InvalidImportTokenException" 3222// The request was rejected because the provided import token is invalid or 3223// is associated with a different customer master key (CMK). 3224// 3225// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial 3226func (c *KMS) ImportKeyMaterial(input *ImportKeyMaterialInput) (*ImportKeyMaterialOutput, error) { 3227 req, out := c.ImportKeyMaterialRequest(input) 3228 return out, req.Send() 3229} 3230 3231// ImportKeyMaterialWithContext is the same as ImportKeyMaterial with the addition of 3232// the ability to pass a context and additional request options. 3233// 3234// See ImportKeyMaterial for details on how to use this API operation. 3235// 3236// The context must be non-nil and will be used for request cancellation. If 3237// the context is nil a panic will occur. In the future the SDK may create 3238// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3239// for more information on using Contexts. 3240func (c *KMS) ImportKeyMaterialWithContext(ctx aws.Context, input *ImportKeyMaterialInput, opts ...request.Option) (*ImportKeyMaterialOutput, error) { 3241 req, out := c.ImportKeyMaterialRequest(input) 3242 req.SetContext(ctx) 3243 req.ApplyOptions(opts...) 3244 return out, req.Send() 3245} 3246 3247const opListAliases = "ListAliases" 3248 3249// ListAliasesRequest generates a "aws/request.Request" representing the 3250// client's request for the ListAliases operation. The "output" return 3251// value will be populated with the request's response once the request completes 3252// successfully. 3253// 3254// Use "Send" method on the returned Request to send the API call to the service. 3255// the "output" return value is not valid until after Send returns without error. 3256// 3257// See ListAliases for more information on using the ListAliases 3258// API call, and error handling. 3259// 3260// This method is useful when you want to inject custom logic or configuration 3261// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3262// 3263// 3264// // Example sending a request using the ListAliasesRequest method. 3265// req, resp := client.ListAliasesRequest(params) 3266// 3267// err := req.Send() 3268// if err == nil { // resp is now filled 3269// fmt.Println(resp) 3270// } 3271// 3272// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases 3273func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, output *ListAliasesOutput) { 3274 op := &request.Operation{ 3275 Name: opListAliases, 3276 HTTPMethod: "POST", 3277 HTTPPath: "/", 3278 Paginator: &request.Paginator{ 3279 InputTokens: []string{"Marker"}, 3280 OutputTokens: []string{"NextMarker"}, 3281 LimitToken: "Limit", 3282 TruncationToken: "Truncated", 3283 }, 3284 } 3285 3286 if input == nil { 3287 input = &ListAliasesInput{} 3288 } 3289 3290 output = &ListAliasesOutput{} 3291 req = c.newRequest(op, input, output) 3292 return 3293} 3294 3295// ListAliases API operation for AWS Key Management Service. 3296// 3297// Gets a list of aliases in the caller's AWS account and region. You cannot 3298// list aliases in other accounts. For more information about aliases, see CreateAlias. 3299// 3300// By default, the ListAliases command returns all aliases in the account and 3301// region. To get only the aliases that point to a particular customer master 3302// key (CMK), use the KeyId parameter. 3303// 3304// The ListAliases response can include aliases that you created and associated 3305// with your customer managed CMKs, and aliases that AWS created and associated 3306// with AWS managed CMKs in your account. You can recognize AWS aliases because 3307// their names have the format aws/<service-name>, such as aws/dynamodb. 3308// 3309// The response might also include aliases that have no TargetKeyId field. These 3310// are predefined aliases that AWS has created but has not yet associated with 3311// a CMK. Aliases that AWS creates in your account, including predefined aliases, 3312// do not count against your AWS KMS aliases limit (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). 3313// 3314// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3315// with awserr.Error's Code and Message methods to get detailed information about 3316// the error. 3317// 3318// See the AWS API reference guide for AWS Key Management Service's 3319// API operation ListAliases for usage and error information. 3320// 3321// Returned Error Codes: 3322// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 3323// The system timed out while trying to fulfill the request. The request can 3324// be retried. 3325// 3326// * ErrCodeInvalidMarkerException "InvalidMarkerException" 3327// The request was rejected because the marker that specifies where pagination 3328// should next begin is not valid. 3329// 3330// * ErrCodeInternalException "KMSInternalException" 3331// The request was rejected because an internal exception occurred. The request 3332// can be retried. 3333// 3334// * ErrCodeInvalidArnException "InvalidArnException" 3335// The request was rejected because a specified ARN, or an ARN in a key policy, 3336// is not valid. 3337// 3338// * ErrCodeNotFoundException "NotFoundException" 3339// The request was rejected because the specified entity or resource could not 3340// be found. 3341// 3342// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases 3343func (c *KMS) ListAliases(input *ListAliasesInput) (*ListAliasesOutput, error) { 3344 req, out := c.ListAliasesRequest(input) 3345 return out, req.Send() 3346} 3347 3348// ListAliasesWithContext is the same as ListAliases with the addition of 3349// the ability to pass a context and additional request options. 3350// 3351// See ListAliases for details on how to use this API operation. 3352// 3353// The context must be non-nil and will be used for request cancellation. If 3354// the context is nil a panic will occur. In the future the SDK may create 3355// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3356// for more information on using Contexts. 3357func (c *KMS) ListAliasesWithContext(ctx aws.Context, input *ListAliasesInput, opts ...request.Option) (*ListAliasesOutput, error) { 3358 req, out := c.ListAliasesRequest(input) 3359 req.SetContext(ctx) 3360 req.ApplyOptions(opts...) 3361 return out, req.Send() 3362} 3363 3364// ListAliasesPages iterates over the pages of a ListAliases operation, 3365// calling the "fn" function with the response data for each page. To stop 3366// iterating, return false from the fn function. 3367// 3368// See ListAliases method for more information on how to use this operation. 3369// 3370// Note: This operation can generate multiple requests to a service. 3371// 3372// // Example iterating over at most 3 pages of a ListAliases operation. 3373// pageNum := 0 3374// err := client.ListAliasesPages(params, 3375// func(page *kms.ListAliasesOutput, lastPage bool) bool { 3376// pageNum++ 3377// fmt.Println(page) 3378// return pageNum <= 3 3379// }) 3380// 3381func (c *KMS) ListAliasesPages(input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool) error { 3382 return c.ListAliasesPagesWithContext(aws.BackgroundContext(), input, fn) 3383} 3384 3385// ListAliasesPagesWithContext same as ListAliasesPages except 3386// it takes a Context and allows setting request options on the pages. 3387// 3388// The context must be non-nil and will be used for request cancellation. If 3389// the context is nil a panic will occur. In the future the SDK may create 3390// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3391// for more information on using Contexts. 3392func (c *KMS) ListAliasesPagesWithContext(ctx aws.Context, input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool, opts ...request.Option) error { 3393 p := request.Pagination{ 3394 NewRequest: func() (*request.Request, error) { 3395 var inCpy *ListAliasesInput 3396 if input != nil { 3397 tmp := *input 3398 inCpy = &tmp 3399 } 3400 req, _ := c.ListAliasesRequest(inCpy) 3401 req.SetContext(ctx) 3402 req.ApplyOptions(opts...) 3403 return req, nil 3404 }, 3405 } 3406 3407 cont := true 3408 for p.Next() && cont { 3409 cont = fn(p.Page().(*ListAliasesOutput), !p.HasNextPage()) 3410 } 3411 return p.Err() 3412} 3413 3414const opListGrants = "ListGrants" 3415 3416// ListGrantsRequest generates a "aws/request.Request" representing the 3417// client's request for the ListGrants operation. The "output" return 3418// value will be populated with the request's response once the request completes 3419// successfully. 3420// 3421// Use "Send" method on the returned Request to send the API call to the service. 3422// the "output" return value is not valid until after Send returns without error. 3423// 3424// See ListGrants for more information on using the ListGrants 3425// API call, and error handling. 3426// 3427// This method is useful when you want to inject custom logic or configuration 3428// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3429// 3430// 3431// // Example sending a request using the ListGrantsRequest method. 3432// req, resp := client.ListGrantsRequest(params) 3433// 3434// err := req.Send() 3435// if err == nil { // resp is now filled 3436// fmt.Println(resp) 3437// } 3438// 3439// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants 3440func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, output *ListGrantsResponse) { 3441 op := &request.Operation{ 3442 Name: opListGrants, 3443 HTTPMethod: "POST", 3444 HTTPPath: "/", 3445 Paginator: &request.Paginator{ 3446 InputTokens: []string{"Marker"}, 3447 OutputTokens: []string{"NextMarker"}, 3448 LimitToken: "Limit", 3449 TruncationToken: "Truncated", 3450 }, 3451 } 3452 3453 if input == nil { 3454 input = &ListGrantsInput{} 3455 } 3456 3457 output = &ListGrantsResponse{} 3458 req = c.newRequest(op, input, output) 3459 return 3460} 3461 3462// ListGrants API operation for AWS Key Management Service. 3463// 3464// Gets a list of all grants for the specified customer master key (CMK). 3465// 3466// To perform this operation on a CMK in a different AWS account, specify the 3467// key ARN in the value of the KeyId parameter. 3468// 3469// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3470// with awserr.Error's Code and Message methods to get detailed information about 3471// the error. 3472// 3473// See the AWS API reference guide for AWS Key Management Service's 3474// API operation ListGrants for usage and error information. 3475// 3476// Returned Error Codes: 3477// * ErrCodeNotFoundException "NotFoundException" 3478// The request was rejected because the specified entity or resource could not 3479// be found. 3480// 3481// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 3482// The system timed out while trying to fulfill the request. The request can 3483// be retried. 3484// 3485// * ErrCodeInvalidMarkerException "InvalidMarkerException" 3486// The request was rejected because the marker that specifies where pagination 3487// should next begin is not valid. 3488// 3489// * ErrCodeInvalidArnException "InvalidArnException" 3490// The request was rejected because a specified ARN, or an ARN in a key policy, 3491// is not valid. 3492// 3493// * ErrCodeInternalException "KMSInternalException" 3494// The request was rejected because an internal exception occurred. The request 3495// can be retried. 3496// 3497// * ErrCodeInvalidStateException "KMSInvalidStateException" 3498// The request was rejected because the state of the specified resource is not 3499// valid for this request. 3500// 3501// For more information about how key state affects the use of a CMK, see How 3502// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 3503// in the AWS Key Management Service Developer Guide. 3504// 3505// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants 3506func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) { 3507 req, out := c.ListGrantsRequest(input) 3508 return out, req.Send() 3509} 3510 3511// ListGrantsWithContext is the same as ListGrants with the addition of 3512// the ability to pass a context and additional request options. 3513// 3514// See ListGrants for details on how to use this API operation. 3515// 3516// The context must be non-nil and will be used for request cancellation. If 3517// the context is nil a panic will occur. In the future the SDK may create 3518// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3519// for more information on using Contexts. 3520func (c *KMS) ListGrantsWithContext(ctx aws.Context, input *ListGrantsInput, opts ...request.Option) (*ListGrantsResponse, error) { 3521 req, out := c.ListGrantsRequest(input) 3522 req.SetContext(ctx) 3523 req.ApplyOptions(opts...) 3524 return out, req.Send() 3525} 3526 3527// ListGrantsPages iterates over the pages of a ListGrants operation, 3528// calling the "fn" function with the response data for each page. To stop 3529// iterating, return false from the fn function. 3530// 3531// See ListGrants method for more information on how to use this operation. 3532// 3533// Note: This operation can generate multiple requests to a service. 3534// 3535// // Example iterating over at most 3 pages of a ListGrants operation. 3536// pageNum := 0 3537// err := client.ListGrantsPages(params, 3538// func(page *kms.ListGrantsResponse, lastPage bool) bool { 3539// pageNum++ 3540// fmt.Println(page) 3541// return pageNum <= 3 3542// }) 3543// 3544func (c *KMS) ListGrantsPages(input *ListGrantsInput, fn func(*ListGrantsResponse, bool) bool) error { 3545 return c.ListGrantsPagesWithContext(aws.BackgroundContext(), input, fn) 3546} 3547 3548// ListGrantsPagesWithContext same as ListGrantsPages except 3549// it takes a Context and allows setting request options on the pages. 3550// 3551// The context must be non-nil and will be used for request cancellation. If 3552// the context is nil a panic will occur. In the future the SDK may create 3553// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3554// for more information on using Contexts. 3555func (c *KMS) ListGrantsPagesWithContext(ctx aws.Context, input *ListGrantsInput, fn func(*ListGrantsResponse, bool) bool, opts ...request.Option) error { 3556 p := request.Pagination{ 3557 NewRequest: func() (*request.Request, error) { 3558 var inCpy *ListGrantsInput 3559 if input != nil { 3560 tmp := *input 3561 inCpy = &tmp 3562 } 3563 req, _ := c.ListGrantsRequest(inCpy) 3564 req.SetContext(ctx) 3565 req.ApplyOptions(opts...) 3566 return req, nil 3567 }, 3568 } 3569 3570 cont := true 3571 for p.Next() && cont { 3572 cont = fn(p.Page().(*ListGrantsResponse), !p.HasNextPage()) 3573 } 3574 return p.Err() 3575} 3576 3577const opListKeyPolicies = "ListKeyPolicies" 3578 3579// ListKeyPoliciesRequest generates a "aws/request.Request" representing the 3580// client's request for the ListKeyPolicies operation. The "output" return 3581// value will be populated with the request's response once the request completes 3582// successfully. 3583// 3584// Use "Send" method on the returned Request to send the API call to the service. 3585// the "output" return value is not valid until after Send returns without error. 3586// 3587// See ListKeyPolicies for more information on using the ListKeyPolicies 3588// API call, and error handling. 3589// 3590// This method is useful when you want to inject custom logic or configuration 3591// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3592// 3593// 3594// // Example sending a request using the ListKeyPoliciesRequest method. 3595// req, resp := client.ListKeyPoliciesRequest(params) 3596// 3597// err := req.Send() 3598// if err == nil { // resp is now filled 3599// fmt.Println(resp) 3600// } 3601// 3602// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies 3603func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request.Request, output *ListKeyPoliciesOutput) { 3604 op := &request.Operation{ 3605 Name: opListKeyPolicies, 3606 HTTPMethod: "POST", 3607 HTTPPath: "/", 3608 Paginator: &request.Paginator{ 3609 InputTokens: []string{"Marker"}, 3610 OutputTokens: []string{"NextMarker"}, 3611 LimitToken: "Limit", 3612 TruncationToken: "Truncated", 3613 }, 3614 } 3615 3616 if input == nil { 3617 input = &ListKeyPoliciesInput{} 3618 } 3619 3620 output = &ListKeyPoliciesOutput{} 3621 req = c.newRequest(op, input, output) 3622 return 3623} 3624 3625// ListKeyPolicies API operation for AWS Key Management Service. 3626// 3627// Gets the names of the key policies that are attached to a customer master 3628// key (CMK). This operation is designed to get policy names that you can use 3629// in a GetKeyPolicy operation. However, the only valid policy name is default. 3630// You cannot perform this operation on a CMK in a different AWS account. 3631// 3632// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3633// with awserr.Error's Code and Message methods to get detailed information about 3634// the error. 3635// 3636// See the AWS API reference guide for AWS Key Management Service's 3637// API operation ListKeyPolicies for usage and error information. 3638// 3639// Returned Error Codes: 3640// * ErrCodeNotFoundException "NotFoundException" 3641// The request was rejected because the specified entity or resource could not 3642// be found. 3643// 3644// * ErrCodeInvalidArnException "InvalidArnException" 3645// The request was rejected because a specified ARN, or an ARN in a key policy, 3646// is not valid. 3647// 3648// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 3649// The system timed out while trying to fulfill the request. The request can 3650// be retried. 3651// 3652// * ErrCodeInternalException "KMSInternalException" 3653// The request was rejected because an internal exception occurred. The request 3654// can be retried. 3655// 3656// * ErrCodeInvalidStateException "KMSInvalidStateException" 3657// The request was rejected because the state of the specified resource is not 3658// valid for this request. 3659// 3660// For more information about how key state affects the use of a CMK, see How 3661// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 3662// in the AWS Key Management Service Developer Guide. 3663// 3664// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies 3665func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { 3666 req, out := c.ListKeyPoliciesRequest(input) 3667 return out, req.Send() 3668} 3669 3670// ListKeyPoliciesWithContext is the same as ListKeyPolicies with the addition of 3671// the ability to pass a context and additional request options. 3672// 3673// See ListKeyPolicies for details on how to use this API operation. 3674// 3675// The context must be non-nil and will be used for request cancellation. If 3676// the context is nil a panic will occur. In the future the SDK may create 3677// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3678// for more information on using Contexts. 3679func (c *KMS) ListKeyPoliciesWithContext(ctx aws.Context, input *ListKeyPoliciesInput, opts ...request.Option) (*ListKeyPoliciesOutput, error) { 3680 req, out := c.ListKeyPoliciesRequest(input) 3681 req.SetContext(ctx) 3682 req.ApplyOptions(opts...) 3683 return out, req.Send() 3684} 3685 3686// ListKeyPoliciesPages iterates over the pages of a ListKeyPolicies operation, 3687// calling the "fn" function with the response data for each page. To stop 3688// iterating, return false from the fn function. 3689// 3690// See ListKeyPolicies method for more information on how to use this operation. 3691// 3692// Note: This operation can generate multiple requests to a service. 3693// 3694// // Example iterating over at most 3 pages of a ListKeyPolicies operation. 3695// pageNum := 0 3696// err := client.ListKeyPoliciesPages(params, 3697// func(page *kms.ListKeyPoliciesOutput, lastPage bool) bool { 3698// pageNum++ 3699// fmt.Println(page) 3700// return pageNum <= 3 3701// }) 3702// 3703func (c *KMS) ListKeyPoliciesPages(input *ListKeyPoliciesInput, fn func(*ListKeyPoliciesOutput, bool) bool) error { 3704 return c.ListKeyPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) 3705} 3706 3707// ListKeyPoliciesPagesWithContext same as ListKeyPoliciesPages except 3708// it takes a Context and allows setting request options on the pages. 3709// 3710// The context must be non-nil and will be used for request cancellation. If 3711// the context is nil a panic will occur. In the future the SDK may create 3712// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3713// for more information on using Contexts. 3714func (c *KMS) ListKeyPoliciesPagesWithContext(ctx aws.Context, input *ListKeyPoliciesInput, fn func(*ListKeyPoliciesOutput, bool) bool, opts ...request.Option) error { 3715 p := request.Pagination{ 3716 NewRequest: func() (*request.Request, error) { 3717 var inCpy *ListKeyPoliciesInput 3718 if input != nil { 3719 tmp := *input 3720 inCpy = &tmp 3721 } 3722 req, _ := c.ListKeyPoliciesRequest(inCpy) 3723 req.SetContext(ctx) 3724 req.ApplyOptions(opts...) 3725 return req, nil 3726 }, 3727 } 3728 3729 cont := true 3730 for p.Next() && cont { 3731 cont = fn(p.Page().(*ListKeyPoliciesOutput), !p.HasNextPage()) 3732 } 3733 return p.Err() 3734} 3735 3736const opListKeys = "ListKeys" 3737 3738// ListKeysRequest generates a "aws/request.Request" representing the 3739// client's request for the ListKeys operation. The "output" return 3740// value will be populated with the request's response once the request completes 3741// successfully. 3742// 3743// Use "Send" method on the returned Request to send the API call to the service. 3744// the "output" return value is not valid until after Send returns without error. 3745// 3746// See ListKeys for more information on using the ListKeys 3747// API call, and error handling. 3748// 3749// This method is useful when you want to inject custom logic or configuration 3750// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3751// 3752// 3753// // Example sending a request using the ListKeysRequest method. 3754// req, resp := client.ListKeysRequest(params) 3755// 3756// err := req.Send() 3757// if err == nil { // resp is now filled 3758// fmt.Println(resp) 3759// } 3760// 3761// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys 3762func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) { 3763 op := &request.Operation{ 3764 Name: opListKeys, 3765 HTTPMethod: "POST", 3766 HTTPPath: "/", 3767 Paginator: &request.Paginator{ 3768 InputTokens: []string{"Marker"}, 3769 OutputTokens: []string{"NextMarker"}, 3770 LimitToken: "Limit", 3771 TruncationToken: "Truncated", 3772 }, 3773 } 3774 3775 if input == nil { 3776 input = &ListKeysInput{} 3777 } 3778 3779 output = &ListKeysOutput{} 3780 req = c.newRequest(op, input, output) 3781 return 3782} 3783 3784// ListKeys API operation for AWS Key Management Service. 3785// 3786// Gets a list of all customer master keys (CMKs) in the caller's AWS account 3787// and region. 3788// 3789// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3790// with awserr.Error's Code and Message methods to get detailed information about 3791// the error. 3792// 3793// See the AWS API reference guide for AWS Key Management Service's 3794// API operation ListKeys for usage and error information. 3795// 3796// Returned Error Codes: 3797// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 3798// The system timed out while trying to fulfill the request. The request can 3799// be retried. 3800// 3801// * ErrCodeInternalException "KMSInternalException" 3802// The request was rejected because an internal exception occurred. The request 3803// can be retried. 3804// 3805// * ErrCodeInvalidMarkerException "InvalidMarkerException" 3806// The request was rejected because the marker that specifies where pagination 3807// should next begin is not valid. 3808// 3809// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys 3810func (c *KMS) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) { 3811 req, out := c.ListKeysRequest(input) 3812 return out, req.Send() 3813} 3814 3815// ListKeysWithContext is the same as ListKeys with the addition of 3816// the ability to pass a context and additional request options. 3817// 3818// See ListKeys for details on how to use this API operation. 3819// 3820// The context must be non-nil and will be used for request cancellation. If 3821// the context is nil a panic will occur. In the future the SDK may create 3822// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3823// for more information on using Contexts. 3824func (c *KMS) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts ...request.Option) (*ListKeysOutput, error) { 3825 req, out := c.ListKeysRequest(input) 3826 req.SetContext(ctx) 3827 req.ApplyOptions(opts...) 3828 return out, req.Send() 3829} 3830 3831// ListKeysPages iterates over the pages of a ListKeys operation, 3832// calling the "fn" function with the response data for each page. To stop 3833// iterating, return false from the fn function. 3834// 3835// See ListKeys method for more information on how to use this operation. 3836// 3837// Note: This operation can generate multiple requests to a service. 3838// 3839// // Example iterating over at most 3 pages of a ListKeys operation. 3840// pageNum := 0 3841// err := client.ListKeysPages(params, 3842// func(page *kms.ListKeysOutput, lastPage bool) bool { 3843// pageNum++ 3844// fmt.Println(page) 3845// return pageNum <= 3 3846// }) 3847// 3848func (c *KMS) ListKeysPages(input *ListKeysInput, fn func(*ListKeysOutput, bool) bool) error { 3849 return c.ListKeysPagesWithContext(aws.BackgroundContext(), input, fn) 3850} 3851 3852// ListKeysPagesWithContext same as ListKeysPages except 3853// it takes a Context and allows setting request options on the pages. 3854// 3855// The context must be non-nil and will be used for request cancellation. If 3856// the context is nil a panic will occur. In the future the SDK may create 3857// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3858// for more information on using Contexts. 3859func (c *KMS) ListKeysPagesWithContext(ctx aws.Context, input *ListKeysInput, fn func(*ListKeysOutput, bool) bool, opts ...request.Option) error { 3860 p := request.Pagination{ 3861 NewRequest: func() (*request.Request, error) { 3862 var inCpy *ListKeysInput 3863 if input != nil { 3864 tmp := *input 3865 inCpy = &tmp 3866 } 3867 req, _ := c.ListKeysRequest(inCpy) 3868 req.SetContext(ctx) 3869 req.ApplyOptions(opts...) 3870 return req, nil 3871 }, 3872 } 3873 3874 cont := true 3875 for p.Next() && cont { 3876 cont = fn(p.Page().(*ListKeysOutput), !p.HasNextPage()) 3877 } 3878 return p.Err() 3879} 3880 3881const opListResourceTags = "ListResourceTags" 3882 3883// ListResourceTagsRequest generates a "aws/request.Request" representing the 3884// client's request for the ListResourceTags operation. The "output" return 3885// value will be populated with the request's response once the request completes 3886// successfully. 3887// 3888// Use "Send" method on the returned Request to send the API call to the service. 3889// the "output" return value is not valid until after Send returns without error. 3890// 3891// See ListResourceTags for more information on using the ListResourceTags 3892// API call, and error handling. 3893// 3894// This method is useful when you want to inject custom logic or configuration 3895// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3896// 3897// 3898// // Example sending a request using the ListResourceTagsRequest method. 3899// req, resp := client.ListResourceTagsRequest(params) 3900// 3901// err := req.Send() 3902// if err == nil { // resp is now filled 3903// fmt.Println(resp) 3904// } 3905// 3906// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTags 3907func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *request.Request, output *ListResourceTagsOutput) { 3908 op := &request.Operation{ 3909 Name: opListResourceTags, 3910 HTTPMethod: "POST", 3911 HTTPPath: "/", 3912 } 3913 3914 if input == nil { 3915 input = &ListResourceTagsInput{} 3916 } 3917 3918 output = &ListResourceTagsOutput{} 3919 req = c.newRequest(op, input, output) 3920 return 3921} 3922 3923// ListResourceTags API operation for AWS Key Management Service. 3924// 3925// Returns a list of all tags for the specified customer master key (CMK). 3926// 3927// You cannot perform this operation on a CMK in a different AWS account. 3928// 3929// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 3930// with awserr.Error's Code and Message methods to get detailed information about 3931// the error. 3932// 3933// See the AWS API reference guide for AWS Key Management Service's 3934// API operation ListResourceTags for usage and error information. 3935// 3936// Returned Error Codes: 3937// * ErrCodeInternalException "KMSInternalException" 3938// The request was rejected because an internal exception occurred. The request 3939// can be retried. 3940// 3941// * ErrCodeNotFoundException "NotFoundException" 3942// The request was rejected because the specified entity or resource could not 3943// be found. 3944// 3945// * ErrCodeInvalidArnException "InvalidArnException" 3946// The request was rejected because a specified ARN, or an ARN in a key policy, 3947// is not valid. 3948// 3949// * ErrCodeInvalidMarkerException "InvalidMarkerException" 3950// The request was rejected because the marker that specifies where pagination 3951// should next begin is not valid. 3952// 3953// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTags 3954func (c *KMS) ListResourceTags(input *ListResourceTagsInput) (*ListResourceTagsOutput, error) { 3955 req, out := c.ListResourceTagsRequest(input) 3956 return out, req.Send() 3957} 3958 3959// ListResourceTagsWithContext is the same as ListResourceTags with the addition of 3960// the ability to pass a context and additional request options. 3961// 3962// See ListResourceTags for details on how to use this API operation. 3963// 3964// The context must be non-nil and will be used for request cancellation. If 3965// the context is nil a panic will occur. In the future the SDK may create 3966// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 3967// for more information on using Contexts. 3968func (c *KMS) ListResourceTagsWithContext(ctx aws.Context, input *ListResourceTagsInput, opts ...request.Option) (*ListResourceTagsOutput, error) { 3969 req, out := c.ListResourceTagsRequest(input) 3970 req.SetContext(ctx) 3971 req.ApplyOptions(opts...) 3972 return out, req.Send() 3973} 3974 3975const opListRetirableGrants = "ListRetirableGrants" 3976 3977// ListRetirableGrantsRequest generates a "aws/request.Request" representing the 3978// client's request for the ListRetirableGrants operation. The "output" return 3979// value will be populated with the request's response once the request completes 3980// successfully. 3981// 3982// Use "Send" method on the returned Request to send the API call to the service. 3983// the "output" return value is not valid until after Send returns without error. 3984// 3985// See ListRetirableGrants for more information on using the ListRetirableGrants 3986// API call, and error handling. 3987// 3988// This method is useful when you want to inject custom logic or configuration 3989// into the SDK's request lifecycle. Such as custom headers, or retry logic. 3990// 3991// 3992// // Example sending a request using the ListRetirableGrantsRequest method. 3993// req, resp := client.ListRetirableGrantsRequest(params) 3994// 3995// err := req.Send() 3996// if err == nil { // resp is now filled 3997// fmt.Println(resp) 3998// } 3999// 4000// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants 4001func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req *request.Request, output *ListGrantsResponse) { 4002 op := &request.Operation{ 4003 Name: opListRetirableGrants, 4004 HTTPMethod: "POST", 4005 HTTPPath: "/", 4006 } 4007 4008 if input == nil { 4009 input = &ListRetirableGrantsInput{} 4010 } 4011 4012 output = &ListGrantsResponse{} 4013 req = c.newRequest(op, input, output) 4014 return 4015} 4016 4017// ListRetirableGrants API operation for AWS Key Management Service. 4018// 4019// Returns a list of all grants for which the grant's RetiringPrincipal matches 4020// the one specified. 4021// 4022// A typical use is to list all grants that you are able to retire. To retire 4023// a grant, use RetireGrant. 4024// 4025// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4026// with awserr.Error's Code and Message methods to get detailed information about 4027// the error. 4028// 4029// See the AWS API reference guide for AWS Key Management Service's 4030// API operation ListRetirableGrants for usage and error information. 4031// 4032// Returned Error Codes: 4033// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 4034// The system timed out while trying to fulfill the request. The request can 4035// be retried. 4036// 4037// * ErrCodeInvalidMarkerException "InvalidMarkerException" 4038// The request was rejected because the marker that specifies where pagination 4039// should next begin is not valid. 4040// 4041// * ErrCodeInvalidArnException "InvalidArnException" 4042// The request was rejected because a specified ARN, or an ARN in a key policy, 4043// is not valid. 4044// 4045// * ErrCodeNotFoundException "NotFoundException" 4046// The request was rejected because the specified entity or resource could not 4047// be found. 4048// 4049// * ErrCodeInternalException "KMSInternalException" 4050// The request was rejected because an internal exception occurred. The request 4051// can be retried. 4052// 4053// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants 4054func (c *KMS) ListRetirableGrants(input *ListRetirableGrantsInput) (*ListGrantsResponse, error) { 4055 req, out := c.ListRetirableGrantsRequest(input) 4056 return out, req.Send() 4057} 4058 4059// ListRetirableGrantsWithContext is the same as ListRetirableGrants with the addition of 4060// the ability to pass a context and additional request options. 4061// 4062// See ListRetirableGrants for details on how to use this API operation. 4063// 4064// The context must be non-nil and will be used for request cancellation. If 4065// the context is nil a panic will occur. In the future the SDK may create 4066// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4067// for more information on using Contexts. 4068func (c *KMS) ListRetirableGrantsWithContext(ctx aws.Context, input *ListRetirableGrantsInput, opts ...request.Option) (*ListGrantsResponse, error) { 4069 req, out := c.ListRetirableGrantsRequest(input) 4070 req.SetContext(ctx) 4071 req.ApplyOptions(opts...) 4072 return out, req.Send() 4073} 4074 4075const opPutKeyPolicy = "PutKeyPolicy" 4076 4077// PutKeyPolicyRequest generates a "aws/request.Request" representing the 4078// client's request for the PutKeyPolicy operation. The "output" return 4079// value will be populated with the request's response once the request completes 4080// successfully. 4081// 4082// Use "Send" method on the returned Request to send the API call to the service. 4083// the "output" return value is not valid until after Send returns without error. 4084// 4085// See PutKeyPolicy for more information on using the PutKeyPolicy 4086// API call, and error handling. 4087// 4088// This method is useful when you want to inject custom logic or configuration 4089// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4090// 4091// 4092// // Example sending a request using the PutKeyPolicyRequest method. 4093// req, resp := client.PutKeyPolicyRequest(params) 4094// 4095// err := req.Send() 4096// if err == nil { // resp is now filled 4097// fmt.Println(resp) 4098// } 4099// 4100// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy 4101func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Request, output *PutKeyPolicyOutput) { 4102 op := &request.Operation{ 4103 Name: opPutKeyPolicy, 4104 HTTPMethod: "POST", 4105 HTTPPath: "/", 4106 } 4107 4108 if input == nil { 4109 input = &PutKeyPolicyInput{} 4110 } 4111 4112 output = &PutKeyPolicyOutput{} 4113 req = c.newRequest(op, input, output) 4114 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4115 return 4116} 4117 4118// PutKeyPolicy API operation for AWS Key Management Service. 4119// 4120// Attaches a key policy to the specified customer master key (CMK). You cannot 4121// perform this operation on a CMK in a different AWS account. 4122// 4123// For more information about key policies, see Key Policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) 4124// in the AWS Key Management Service Developer Guide. 4125// 4126// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4127// with awserr.Error's Code and Message methods to get detailed information about 4128// the error. 4129// 4130// See the AWS API reference guide for AWS Key Management Service's 4131// API operation PutKeyPolicy for usage and error information. 4132// 4133// Returned Error Codes: 4134// * ErrCodeNotFoundException "NotFoundException" 4135// The request was rejected because the specified entity or resource could not 4136// be found. 4137// 4138// * ErrCodeInvalidArnException "InvalidArnException" 4139// The request was rejected because a specified ARN, or an ARN in a key policy, 4140// is not valid. 4141// 4142// * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" 4143// The request was rejected because the specified policy is not syntactically 4144// or semantically correct. 4145// 4146// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 4147// The system timed out while trying to fulfill the request. The request can 4148// be retried. 4149// 4150// * ErrCodeUnsupportedOperationException "UnsupportedOperationException" 4151// The request was rejected because a specified parameter is not supported or 4152// a specified resource is not valid for this operation. 4153// 4154// * ErrCodeInternalException "KMSInternalException" 4155// The request was rejected because an internal exception occurred. The request 4156// can be retried. 4157// 4158// * ErrCodeLimitExceededException "LimitExceededException" 4159// The request was rejected because a limit was exceeded. For more information, 4160// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) 4161// in the AWS Key Management Service Developer Guide. 4162// 4163// * ErrCodeInvalidStateException "KMSInvalidStateException" 4164// The request was rejected because the state of the specified resource is not 4165// valid for this request. 4166// 4167// For more information about how key state affects the use of a CMK, see How 4168// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4169// in the AWS Key Management Service Developer Guide. 4170// 4171// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy 4172func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { 4173 req, out := c.PutKeyPolicyRequest(input) 4174 return out, req.Send() 4175} 4176 4177// PutKeyPolicyWithContext is the same as PutKeyPolicy with the addition of 4178// the ability to pass a context and additional request options. 4179// 4180// See PutKeyPolicy for details on how to use this API operation. 4181// 4182// The context must be non-nil and will be used for request cancellation. If 4183// the context is nil a panic will occur. In the future the SDK may create 4184// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4185// for more information on using Contexts. 4186func (c *KMS) PutKeyPolicyWithContext(ctx aws.Context, input *PutKeyPolicyInput, opts ...request.Option) (*PutKeyPolicyOutput, error) { 4187 req, out := c.PutKeyPolicyRequest(input) 4188 req.SetContext(ctx) 4189 req.ApplyOptions(opts...) 4190 return out, req.Send() 4191} 4192 4193const opReEncrypt = "ReEncrypt" 4194 4195// ReEncryptRequest generates a "aws/request.Request" representing the 4196// client's request for the ReEncrypt operation. The "output" return 4197// value will be populated with the request's response once the request completes 4198// successfully. 4199// 4200// Use "Send" method on the returned Request to send the API call to the service. 4201// the "output" return value is not valid until after Send returns without error. 4202// 4203// See ReEncrypt for more information on using the ReEncrypt 4204// API call, and error handling. 4205// 4206// This method is useful when you want to inject custom logic or configuration 4207// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4208// 4209// 4210// // Example sending a request using the ReEncryptRequest method. 4211// req, resp := client.ReEncryptRequest(params) 4212// 4213// err := req.Send() 4214// if err == nil { // resp is now filled 4215// fmt.Println(resp) 4216// } 4217// 4218// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt 4219func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, output *ReEncryptOutput) { 4220 op := &request.Operation{ 4221 Name: opReEncrypt, 4222 HTTPMethod: "POST", 4223 HTTPPath: "/", 4224 } 4225 4226 if input == nil { 4227 input = &ReEncryptInput{} 4228 } 4229 4230 output = &ReEncryptOutput{} 4231 req = c.newRequest(op, input, output) 4232 return 4233} 4234 4235// ReEncrypt API operation for AWS Key Management Service. 4236// 4237// Encrypts data on the server side with a new customer master key (CMK) without 4238// exposing the plaintext of the data on the client side. The data is first 4239// decrypted and then reencrypted. You can also use this operation to change 4240// the encryption context of a ciphertext. 4241// 4242// You can reencrypt data using CMKs in different AWS accounts. 4243// 4244// Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom 4245// on the source CMK and once as ReEncryptTo on the destination CMK. We recommend 4246// that you include the "kms:ReEncrypt*" permission in your key policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) 4247// to permit reencryption from or to the CMK. This permission is automatically 4248// included in the key policy when you create a CMK through the console. But 4249// you must include it manually when you create a CMK programmatically or when 4250// you set a key policy with the PutKeyPolicy operation. 4251// 4252// The result of this operation varies with the key state of the CMK. For details, 4253// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4254// in the AWS Key Management Service Developer Guide. 4255// 4256// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4257// with awserr.Error's Code and Message methods to get detailed information about 4258// the error. 4259// 4260// See the AWS API reference guide for AWS Key Management Service's 4261// API operation ReEncrypt for usage and error information. 4262// 4263// Returned Error Codes: 4264// * ErrCodeNotFoundException "NotFoundException" 4265// The request was rejected because the specified entity or resource could not 4266// be found. 4267// 4268// * ErrCodeDisabledException "DisabledException" 4269// The request was rejected because the specified CMK is not enabled. 4270// 4271// * ErrCodeInvalidCiphertextException "InvalidCiphertextException" 4272// The request was rejected because the specified ciphertext, or additional 4273// authenticated data incorporated into the ciphertext, such as the encryption 4274// context, is corrupted, missing, or otherwise invalid. 4275// 4276// * ErrCodeKeyUnavailableException "KeyUnavailableException" 4277// The request was rejected because the specified CMK was not available. The 4278// request can be retried. 4279// 4280// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 4281// The system timed out while trying to fulfill the request. The request can 4282// be retried. 4283// 4284// * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" 4285// The request was rejected because the specified KeySpec value is not valid. 4286// 4287// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" 4288// The request was rejected because the specified grant token is not valid. 4289// 4290// * ErrCodeInternalException "KMSInternalException" 4291// The request was rejected because an internal exception occurred. The request 4292// can be retried. 4293// 4294// * ErrCodeInvalidStateException "KMSInvalidStateException" 4295// The request was rejected because the state of the specified resource is not 4296// valid for this request. 4297// 4298// For more information about how key state affects the use of a CMK, see How 4299// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4300// in the AWS Key Management Service Developer Guide. 4301// 4302// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt 4303func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { 4304 req, out := c.ReEncryptRequest(input) 4305 return out, req.Send() 4306} 4307 4308// ReEncryptWithContext is the same as ReEncrypt with the addition of 4309// the ability to pass a context and additional request options. 4310// 4311// See ReEncrypt for details on how to use this API operation. 4312// 4313// The context must be non-nil and will be used for request cancellation. If 4314// the context is nil a panic will occur. In the future the SDK may create 4315// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4316// for more information on using Contexts. 4317func (c *KMS) ReEncryptWithContext(ctx aws.Context, input *ReEncryptInput, opts ...request.Option) (*ReEncryptOutput, error) { 4318 req, out := c.ReEncryptRequest(input) 4319 req.SetContext(ctx) 4320 req.ApplyOptions(opts...) 4321 return out, req.Send() 4322} 4323 4324const opRetireGrant = "RetireGrant" 4325 4326// RetireGrantRequest generates a "aws/request.Request" representing the 4327// client's request for the RetireGrant operation. The "output" return 4328// value will be populated with the request's response once the request completes 4329// successfully. 4330// 4331// Use "Send" method on the returned Request to send the API call to the service. 4332// the "output" return value is not valid until after Send returns without error. 4333// 4334// See RetireGrant for more information on using the RetireGrant 4335// API call, and error handling. 4336// 4337// This method is useful when you want to inject custom logic or configuration 4338// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4339// 4340// 4341// // Example sending a request using the RetireGrantRequest method. 4342// req, resp := client.RetireGrantRequest(params) 4343// 4344// err := req.Send() 4345// if err == nil { // resp is now filled 4346// fmt.Println(resp) 4347// } 4348// 4349// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant 4350func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, output *RetireGrantOutput) { 4351 op := &request.Operation{ 4352 Name: opRetireGrant, 4353 HTTPMethod: "POST", 4354 HTTPPath: "/", 4355 } 4356 4357 if input == nil { 4358 input = &RetireGrantInput{} 4359 } 4360 4361 output = &RetireGrantOutput{} 4362 req = c.newRequest(op, input, output) 4363 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4364 return 4365} 4366 4367// RetireGrant API operation for AWS Key Management Service. 4368// 4369// Retires a grant. To clean up, you can retire a grant when you're done using 4370// it. You should revoke a grant when you intend to actively deny operations 4371// that depend on it. The following are permitted to call this API: 4372// 4373// * The AWS account (root user) under which the grant was created 4374// 4375// * The RetiringPrincipal, if present in the grant 4376// 4377// * The GranteePrincipal, if RetireGrant is an operation specified in the 4378// grant 4379// 4380// You must identify the grant to retire by its grant token or by a combination 4381// of the grant ID and the Amazon Resource Name (ARN) of the customer master 4382// key (CMK). A grant token is a unique variable-length base64-encoded string. 4383// A grant ID is a 64 character unique identifier of a grant. The CreateGrant 4384// operation returns both. 4385// 4386// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4387// with awserr.Error's Code and Message methods to get detailed information about 4388// the error. 4389// 4390// See the AWS API reference guide for AWS Key Management Service's 4391// API operation RetireGrant for usage and error information. 4392// 4393// Returned Error Codes: 4394// * ErrCodeInvalidArnException "InvalidArnException" 4395// The request was rejected because a specified ARN, or an ARN in a key policy, 4396// is not valid. 4397// 4398// * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" 4399// The request was rejected because the specified grant token is not valid. 4400// 4401// * ErrCodeInvalidGrantIdException "InvalidGrantIdException" 4402// The request was rejected because the specified GrantId is not valid. 4403// 4404// * ErrCodeNotFoundException "NotFoundException" 4405// The request was rejected because the specified entity or resource could not 4406// be found. 4407// 4408// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 4409// The system timed out while trying to fulfill the request. The request can 4410// be retried. 4411// 4412// * ErrCodeInternalException "KMSInternalException" 4413// The request was rejected because an internal exception occurred. The request 4414// can be retried. 4415// 4416// * ErrCodeInvalidStateException "KMSInvalidStateException" 4417// The request was rejected because the state of the specified resource is not 4418// valid for this request. 4419// 4420// For more information about how key state affects the use of a CMK, see How 4421// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4422// in the AWS Key Management Service Developer Guide. 4423// 4424// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant 4425func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { 4426 req, out := c.RetireGrantRequest(input) 4427 return out, req.Send() 4428} 4429 4430// RetireGrantWithContext is the same as RetireGrant with the addition of 4431// the ability to pass a context and additional request options. 4432// 4433// See RetireGrant for details on how to use this API operation. 4434// 4435// The context must be non-nil and will be used for request cancellation. If 4436// the context is nil a panic will occur. In the future the SDK may create 4437// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4438// for more information on using Contexts. 4439func (c *KMS) RetireGrantWithContext(ctx aws.Context, input *RetireGrantInput, opts ...request.Option) (*RetireGrantOutput, error) { 4440 req, out := c.RetireGrantRequest(input) 4441 req.SetContext(ctx) 4442 req.ApplyOptions(opts...) 4443 return out, req.Send() 4444} 4445 4446const opRevokeGrant = "RevokeGrant" 4447 4448// RevokeGrantRequest generates a "aws/request.Request" representing the 4449// client's request for the RevokeGrant operation. The "output" return 4450// value will be populated with the request's response once the request completes 4451// successfully. 4452// 4453// Use "Send" method on the returned Request to send the API call to the service. 4454// the "output" return value is not valid until after Send returns without error. 4455// 4456// See RevokeGrant for more information on using the RevokeGrant 4457// API call, and error handling. 4458// 4459// This method is useful when you want to inject custom logic or configuration 4460// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4461// 4462// 4463// // Example sending a request using the RevokeGrantRequest method. 4464// req, resp := client.RevokeGrantRequest(params) 4465// 4466// err := req.Send() 4467// if err == nil { // resp is now filled 4468// fmt.Println(resp) 4469// } 4470// 4471// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant 4472func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, output *RevokeGrantOutput) { 4473 op := &request.Operation{ 4474 Name: opRevokeGrant, 4475 HTTPMethod: "POST", 4476 HTTPPath: "/", 4477 } 4478 4479 if input == nil { 4480 input = &RevokeGrantInput{} 4481 } 4482 4483 output = &RevokeGrantOutput{} 4484 req = c.newRequest(op, input, output) 4485 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4486 return 4487} 4488 4489// RevokeGrant API operation for AWS Key Management Service. 4490// 4491// Revokes the specified grant for the specified customer master key (CMK). 4492// You can revoke a grant to actively deny operations that depend on it. 4493// 4494// To perform this operation on a CMK in a different AWS account, specify the 4495// key ARN in the value of the KeyId parameter. 4496// 4497// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4498// with awserr.Error's Code and Message methods to get detailed information about 4499// the error. 4500// 4501// See the AWS API reference guide for AWS Key Management Service's 4502// API operation RevokeGrant for usage and error information. 4503// 4504// Returned Error Codes: 4505// * ErrCodeNotFoundException "NotFoundException" 4506// The request was rejected because the specified entity or resource could not 4507// be found. 4508// 4509// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 4510// The system timed out while trying to fulfill the request. The request can 4511// be retried. 4512// 4513// * ErrCodeInvalidArnException "InvalidArnException" 4514// The request was rejected because a specified ARN, or an ARN in a key policy, 4515// is not valid. 4516// 4517// * ErrCodeInvalidGrantIdException "InvalidGrantIdException" 4518// The request was rejected because the specified GrantId is not valid. 4519// 4520// * ErrCodeInternalException "KMSInternalException" 4521// The request was rejected because an internal exception occurred. The request 4522// can be retried. 4523// 4524// * ErrCodeInvalidStateException "KMSInvalidStateException" 4525// The request was rejected because the state of the specified resource is not 4526// valid for this request. 4527// 4528// For more information about how key state affects the use of a CMK, see How 4529// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4530// in the AWS Key Management Service Developer Guide. 4531// 4532// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant 4533func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { 4534 req, out := c.RevokeGrantRequest(input) 4535 return out, req.Send() 4536} 4537 4538// RevokeGrantWithContext is the same as RevokeGrant with the addition of 4539// the ability to pass a context and additional request options. 4540// 4541// See RevokeGrant for details on how to use this API operation. 4542// 4543// The context must be non-nil and will be used for request cancellation. If 4544// the context is nil a panic will occur. In the future the SDK may create 4545// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4546// for more information on using Contexts. 4547func (c *KMS) RevokeGrantWithContext(ctx aws.Context, input *RevokeGrantInput, opts ...request.Option) (*RevokeGrantOutput, error) { 4548 req, out := c.RevokeGrantRequest(input) 4549 req.SetContext(ctx) 4550 req.ApplyOptions(opts...) 4551 return out, req.Send() 4552} 4553 4554const opScheduleKeyDeletion = "ScheduleKeyDeletion" 4555 4556// ScheduleKeyDeletionRequest generates a "aws/request.Request" representing the 4557// client's request for the ScheduleKeyDeletion operation. The "output" return 4558// value will be populated with the request's response once the request completes 4559// successfully. 4560// 4561// Use "Send" method on the returned Request to send the API call to the service. 4562// the "output" return value is not valid until after Send returns without error. 4563// 4564// See ScheduleKeyDeletion for more information on using the ScheduleKeyDeletion 4565// API call, and error handling. 4566// 4567// This method is useful when you want to inject custom logic or configuration 4568// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4569// 4570// 4571// // Example sending a request using the ScheduleKeyDeletionRequest method. 4572// req, resp := client.ScheduleKeyDeletionRequest(params) 4573// 4574// err := req.Send() 4575// if err == nil { // resp is now filled 4576// fmt.Println(resp) 4577// } 4578// 4579// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion 4580func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *request.Request, output *ScheduleKeyDeletionOutput) { 4581 op := &request.Operation{ 4582 Name: opScheduleKeyDeletion, 4583 HTTPMethod: "POST", 4584 HTTPPath: "/", 4585 } 4586 4587 if input == nil { 4588 input = &ScheduleKeyDeletionInput{} 4589 } 4590 4591 output = &ScheduleKeyDeletionOutput{} 4592 req = c.newRequest(op, input, output) 4593 return 4594} 4595 4596// ScheduleKeyDeletion API operation for AWS Key Management Service. 4597// 4598// Schedules the deletion of a customer master key (CMK). You may provide a 4599// waiting period, specified in days, before deletion occurs. If you do not 4600// provide a waiting period, the default period of 30 days is used. When this 4601// operation is successful, the key state of the CMK changes to PendingDeletion. 4602// Before the waiting period ends, you can use CancelKeyDeletion to cancel the 4603// deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK 4604// and all AWS KMS data associated with it, including all aliases that refer 4605// to it. 4606// 4607// Deleting a CMK is a destructive and potentially dangerous operation. When 4608// a CMK is deleted, all data that was encrypted under the CMK is unrecoverable. 4609// To prevent the use of a CMK without deleting it, use DisableKey. 4610// 4611// If you schedule deletion of a CMK from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), 4612// when the waiting period expires, ScheduleKeyDeletion deletes the CMK from 4613// AWS KMS. Then AWS KMS makes a best effort to delete the key material from 4614// the associated AWS CloudHSM cluster. However, you might need to manually 4615// delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) 4616// from the cluster and its backups. 4617// 4618// You cannot perform this operation on a CMK in a different AWS account. 4619// 4620// For more information about scheduling a CMK for deletion, see Deleting Customer 4621// Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) 4622// in the AWS Key Management Service Developer Guide. 4623// 4624// The result of this operation varies with the key state of the CMK. For details, 4625// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4626// in the AWS Key Management Service Developer Guide. 4627// 4628// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4629// with awserr.Error's Code and Message methods to get detailed information about 4630// the error. 4631// 4632// See the AWS API reference guide for AWS Key Management Service's 4633// API operation ScheduleKeyDeletion for usage and error information. 4634// 4635// Returned Error Codes: 4636// * ErrCodeNotFoundException "NotFoundException" 4637// The request was rejected because the specified entity or resource could not 4638// be found. 4639// 4640// * ErrCodeInvalidArnException "InvalidArnException" 4641// The request was rejected because a specified ARN, or an ARN in a key policy, 4642// is not valid. 4643// 4644// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 4645// The system timed out while trying to fulfill the request. The request can 4646// be retried. 4647// 4648// * ErrCodeInternalException "KMSInternalException" 4649// The request was rejected because an internal exception occurred. The request 4650// can be retried. 4651// 4652// * ErrCodeInvalidStateException "KMSInvalidStateException" 4653// The request was rejected because the state of the specified resource is not 4654// valid for this request. 4655// 4656// For more information about how key state affects the use of a CMK, see How 4657// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4658// in the AWS Key Management Service Developer Guide. 4659// 4660// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion 4661func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) { 4662 req, out := c.ScheduleKeyDeletionRequest(input) 4663 return out, req.Send() 4664} 4665 4666// ScheduleKeyDeletionWithContext is the same as ScheduleKeyDeletion with the addition of 4667// the ability to pass a context and additional request options. 4668// 4669// See ScheduleKeyDeletion for details on how to use this API operation. 4670// 4671// The context must be non-nil and will be used for request cancellation. If 4672// the context is nil a panic will occur. In the future the SDK may create 4673// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4674// for more information on using Contexts. 4675func (c *KMS) ScheduleKeyDeletionWithContext(ctx aws.Context, input *ScheduleKeyDeletionInput, opts ...request.Option) (*ScheduleKeyDeletionOutput, error) { 4676 req, out := c.ScheduleKeyDeletionRequest(input) 4677 req.SetContext(ctx) 4678 req.ApplyOptions(opts...) 4679 return out, req.Send() 4680} 4681 4682const opTagResource = "TagResource" 4683 4684// TagResourceRequest generates a "aws/request.Request" representing the 4685// client's request for the TagResource operation. The "output" return 4686// value will be populated with the request's response once the request completes 4687// successfully. 4688// 4689// Use "Send" method on the returned Request to send the API call to the service. 4690// the "output" return value is not valid until after Send returns without error. 4691// 4692// See TagResource for more information on using the TagResource 4693// API call, and error handling. 4694// 4695// This method is useful when you want to inject custom logic or configuration 4696// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4697// 4698// 4699// // Example sending a request using the TagResourceRequest method. 4700// req, resp := client.TagResourceRequest(params) 4701// 4702// err := req.Send() 4703// if err == nil { // resp is now filled 4704// fmt.Println(resp) 4705// } 4706// 4707// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResource 4708func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { 4709 op := &request.Operation{ 4710 Name: opTagResource, 4711 HTTPMethod: "POST", 4712 HTTPPath: "/", 4713 } 4714 4715 if input == nil { 4716 input = &TagResourceInput{} 4717 } 4718 4719 output = &TagResourceOutput{} 4720 req = c.newRequest(op, input, output) 4721 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4722 return 4723} 4724 4725// TagResource API operation for AWS Key Management Service. 4726// 4727// Adds or edits tags for a customer master key (CMK). You cannot perform this 4728// operation on a CMK in a different AWS account. 4729// 4730// Each tag consists of a tag key and a tag value. Tag keys and tag values are 4731// both required, but tag values can be empty (null) strings. 4732// 4733// You can only use a tag key once for each CMK. If you use the tag key again, 4734// AWS KMS replaces the current tag value with the specified value. 4735// 4736// For information about the rules that apply to tag keys and tag values, see 4737// User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) 4738// in the AWS Billing and Cost Management User Guide. 4739// 4740// The result of this operation varies with the key state of the CMK. For details, 4741// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4742// in the AWS Key Management Service Developer Guide. 4743// 4744// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4745// with awserr.Error's Code and Message methods to get detailed information about 4746// the error. 4747// 4748// See the AWS API reference guide for AWS Key Management Service's 4749// API operation TagResource for usage and error information. 4750// 4751// Returned Error Codes: 4752// * ErrCodeInternalException "KMSInternalException" 4753// The request was rejected because an internal exception occurred. The request 4754// can be retried. 4755// 4756// * ErrCodeNotFoundException "NotFoundException" 4757// The request was rejected because the specified entity or resource could not 4758// be found. 4759// 4760// * ErrCodeInvalidArnException "InvalidArnException" 4761// The request was rejected because a specified ARN, or an ARN in a key policy, 4762// is not valid. 4763// 4764// * ErrCodeInvalidStateException "KMSInvalidStateException" 4765// The request was rejected because the state of the specified resource is not 4766// valid for this request. 4767// 4768// For more information about how key state affects the use of a CMK, see How 4769// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4770// in the AWS Key Management Service Developer Guide. 4771// 4772// * ErrCodeLimitExceededException "LimitExceededException" 4773// The request was rejected because a limit was exceeded. For more information, 4774// see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) 4775// in the AWS Key Management Service Developer Guide. 4776// 4777// * ErrCodeTagException "TagException" 4778// The request was rejected because one or more tags are not valid. 4779// 4780// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResource 4781func (c *KMS) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { 4782 req, out := c.TagResourceRequest(input) 4783 return out, req.Send() 4784} 4785 4786// TagResourceWithContext is the same as TagResource with the addition of 4787// the ability to pass a context and additional request options. 4788// 4789// See TagResource for details on how to use this API operation. 4790// 4791// The context must be non-nil and will be used for request cancellation. If 4792// the context is nil a panic will occur. In the future the SDK may create 4793// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4794// for more information on using Contexts. 4795func (c *KMS) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { 4796 req, out := c.TagResourceRequest(input) 4797 req.SetContext(ctx) 4798 req.ApplyOptions(opts...) 4799 return out, req.Send() 4800} 4801 4802const opUntagResource = "UntagResource" 4803 4804// UntagResourceRequest generates a "aws/request.Request" representing the 4805// client's request for the UntagResource operation. The "output" return 4806// value will be populated with the request's response once the request completes 4807// successfully. 4808// 4809// Use "Send" method on the returned Request to send the API call to the service. 4810// the "output" return value is not valid until after Send returns without error. 4811// 4812// See UntagResource for more information on using the UntagResource 4813// API call, and error handling. 4814// 4815// This method is useful when you want to inject custom logic or configuration 4816// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4817// 4818// 4819// // Example sending a request using the UntagResourceRequest method. 4820// req, resp := client.UntagResourceRequest(params) 4821// 4822// err := req.Send() 4823// if err == nil { // resp is now filled 4824// fmt.Println(resp) 4825// } 4826// 4827// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResource 4828func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { 4829 op := &request.Operation{ 4830 Name: opUntagResource, 4831 HTTPMethod: "POST", 4832 HTTPPath: "/", 4833 } 4834 4835 if input == nil { 4836 input = &UntagResourceInput{} 4837 } 4838 4839 output = &UntagResourceOutput{} 4840 req = c.newRequest(op, input, output) 4841 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4842 return 4843} 4844 4845// UntagResource API operation for AWS Key Management Service. 4846// 4847// Removes the specified tags from the specified customer master key (CMK). 4848// You cannot perform this operation on a CMK in a different AWS account. 4849// 4850// To remove a tag, specify the tag key. To change the tag value of an existing 4851// tag key, use TagResource. 4852// 4853// The result of this operation varies with the key state of the CMK. For details, 4854// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4855// in the AWS Key Management Service Developer Guide. 4856// 4857// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4858// with awserr.Error's Code and Message methods to get detailed information about 4859// the error. 4860// 4861// See the AWS API reference guide for AWS Key Management Service's 4862// API operation UntagResource for usage and error information. 4863// 4864// Returned Error Codes: 4865// * ErrCodeInternalException "KMSInternalException" 4866// The request was rejected because an internal exception occurred. The request 4867// can be retried. 4868// 4869// * ErrCodeNotFoundException "NotFoundException" 4870// The request was rejected because the specified entity or resource could not 4871// be found. 4872// 4873// * ErrCodeInvalidArnException "InvalidArnException" 4874// The request was rejected because a specified ARN, or an ARN in a key policy, 4875// is not valid. 4876// 4877// * ErrCodeInvalidStateException "KMSInvalidStateException" 4878// The request was rejected because the state of the specified resource is not 4879// valid for this request. 4880// 4881// For more information about how key state affects the use of a CMK, see How 4882// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4883// in the AWS Key Management Service Developer Guide. 4884// 4885// * ErrCodeTagException "TagException" 4886// The request was rejected because one or more tags are not valid. 4887// 4888// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResource 4889func (c *KMS) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { 4890 req, out := c.UntagResourceRequest(input) 4891 return out, req.Send() 4892} 4893 4894// UntagResourceWithContext is the same as UntagResource with the addition of 4895// the ability to pass a context and additional request options. 4896// 4897// See UntagResource for details on how to use this API operation. 4898// 4899// The context must be non-nil and will be used for request cancellation. If 4900// the context is nil a panic will occur. In the future the SDK may create 4901// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 4902// for more information on using Contexts. 4903func (c *KMS) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { 4904 req, out := c.UntagResourceRequest(input) 4905 req.SetContext(ctx) 4906 req.ApplyOptions(opts...) 4907 return out, req.Send() 4908} 4909 4910const opUpdateAlias = "UpdateAlias" 4911 4912// UpdateAliasRequest generates a "aws/request.Request" representing the 4913// client's request for the UpdateAlias operation. The "output" return 4914// value will be populated with the request's response once the request completes 4915// successfully. 4916// 4917// Use "Send" method on the returned Request to send the API call to the service. 4918// the "output" return value is not valid until after Send returns without error. 4919// 4920// See UpdateAlias for more information on using the UpdateAlias 4921// API call, and error handling. 4922// 4923// This method is useful when you want to inject custom logic or configuration 4924// into the SDK's request lifecycle. Such as custom headers, or retry logic. 4925// 4926// 4927// // Example sending a request using the UpdateAliasRequest method. 4928// req, resp := client.UpdateAliasRequest(params) 4929// 4930// err := req.Send() 4931// if err == nil { // resp is now filled 4932// fmt.Println(resp) 4933// } 4934// 4935// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias 4936func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, output *UpdateAliasOutput) { 4937 op := &request.Operation{ 4938 Name: opUpdateAlias, 4939 HTTPMethod: "POST", 4940 HTTPPath: "/", 4941 } 4942 4943 if input == nil { 4944 input = &UpdateAliasInput{} 4945 } 4946 4947 output = &UpdateAliasOutput{} 4948 req = c.newRequest(op, input, output) 4949 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 4950 return 4951} 4952 4953// UpdateAlias API operation for AWS Key Management Service. 4954// 4955// Associates an existing alias with a different customer master key (CMK). 4956// Each CMK can have multiple aliases, but the aliases must be unique within 4957// the account and region. You cannot perform this operation on an alias in 4958// a different AWS account. 4959// 4960// This operation works only on existing aliases. To change the alias of a CMK 4961// to a new value, use CreateAlias to create a new alias and DeleteAlias to 4962// delete the old alias. 4963// 4964// Because an alias is not a property of a CMK, you can create, update, and 4965// delete the aliases of a CMK without affecting the CMK. Also, aliases do not 4966// appear in the response from the DescribeKey operation. To get the aliases 4967// of all CMKs in the account, use the ListAliases operation. 4968// 4969// The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. 4970// It can contain only alphanumeric characters, forward slashes (/), underscores 4971// (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ 4972// prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). 4973// 4974// The result of this operation varies with the key state of the CMK. For details, 4975// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 4976// in the AWS Key Management Service Developer Guide. 4977// 4978// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 4979// with awserr.Error's Code and Message methods to get detailed information about 4980// the error. 4981// 4982// See the AWS API reference guide for AWS Key Management Service's 4983// API operation UpdateAlias for usage and error information. 4984// 4985// Returned Error Codes: 4986// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 4987// The system timed out while trying to fulfill the request. The request can 4988// be retried. 4989// 4990// * ErrCodeNotFoundException "NotFoundException" 4991// The request was rejected because the specified entity or resource could not 4992// be found. 4993// 4994// * ErrCodeInternalException "KMSInternalException" 4995// The request was rejected because an internal exception occurred. The request 4996// can be retried. 4997// 4998// * ErrCodeInvalidStateException "KMSInvalidStateException" 4999// The request was rejected because the state of the specified resource is not 5000// valid for this request. 5001// 5002// For more information about how key state affects the use of a CMK, see How 5003// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 5004// in the AWS Key Management Service Developer Guide. 5005// 5006// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias 5007func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { 5008 req, out := c.UpdateAliasRequest(input) 5009 return out, req.Send() 5010} 5011 5012// UpdateAliasWithContext is the same as UpdateAlias with the addition of 5013// the ability to pass a context and additional request options. 5014// 5015// See UpdateAlias for details on how to use this API operation. 5016// 5017// The context must be non-nil and will be used for request cancellation. If 5018// the context is nil a panic will occur. In the future the SDK may create 5019// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5020// for more information on using Contexts. 5021func (c *KMS) UpdateAliasWithContext(ctx aws.Context, input *UpdateAliasInput, opts ...request.Option) (*UpdateAliasOutput, error) { 5022 req, out := c.UpdateAliasRequest(input) 5023 req.SetContext(ctx) 5024 req.ApplyOptions(opts...) 5025 return out, req.Send() 5026} 5027 5028const opUpdateCustomKeyStore = "UpdateCustomKeyStore" 5029 5030// UpdateCustomKeyStoreRequest generates a "aws/request.Request" representing the 5031// client's request for the UpdateCustomKeyStore operation. The "output" return 5032// value will be populated with the request's response once the request completes 5033// successfully. 5034// 5035// Use "Send" method on the returned Request to send the API call to the service. 5036// the "output" return value is not valid until after Send returns without error. 5037// 5038// See UpdateCustomKeyStore for more information on using the UpdateCustomKeyStore 5039// API call, and error handling. 5040// 5041// This method is useful when you want to inject custom logic or configuration 5042// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5043// 5044// 5045// // Example sending a request using the UpdateCustomKeyStoreRequest method. 5046// req, resp := client.UpdateCustomKeyStoreRequest(params) 5047// 5048// err := req.Send() 5049// if err == nil { // resp is now filled 5050// fmt.Println(resp) 5051// } 5052// 5053// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore 5054func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req *request.Request, output *UpdateCustomKeyStoreOutput) { 5055 op := &request.Operation{ 5056 Name: opUpdateCustomKeyStore, 5057 HTTPMethod: "POST", 5058 HTTPPath: "/", 5059 } 5060 5061 if input == nil { 5062 input = &UpdateCustomKeyStoreInput{} 5063 } 5064 5065 output = &UpdateCustomKeyStoreOutput{} 5066 req = c.newRequest(op, input, output) 5067 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5068 return 5069} 5070 5071// UpdateCustomKeyStore API operation for AWS Key Management Service. 5072// 5073// Changes the properties of a custom key store. Use the CustomKeyStoreId parameter 5074// to identify the custom key store you want to edit. Use the remaining parameters 5075// to change the properties of the custom key store. 5076// 5077// You can only update a custom key store that is disconnected. To disconnect 5078// the custom key store, use DisconnectCustomKeyStore. To reconnect the custom 5079// key store after the update completes, use ConnectCustomKeyStore. To find 5080// the connection state of a custom key store, use the DescribeCustomKeyStores 5081// operation. 5082// 5083// Use the parameters of UpdateCustomKeyStore to edit your keystore settings. 5084// 5085// * Use the NewCustomKeyStoreName parameter to change the friendly name 5086// of the custom key store to the value that you specify. 5087// 5088// * Use the KeyStorePassword parameter tell AWS KMS the current password 5089// of the kmsuser crypto user (CU) (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) 5090// in the associated AWS CloudHSM cluster. You can use this parameter to 5091// fix connection failures (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password) 5092// that occur when AWS KMS cannot log into the associated cluster because 5093// the kmsuser password has changed. This value does not change the password 5094// in the AWS CloudHSM cluster. 5095// 5096// * Use the CloudHsmClusterId parameter to associate the custom key store 5097// with a different, but related, AWS CloudHSM cluster. You can use this 5098// parameter to repair a custom key store if its AWS CloudHSM cluster becomes 5099// corrupted or is deleted, or when you need to create or restore a cluster 5100// from a backup. 5101// 5102// If the operation succeeds, it returns a JSON object with no properties. 5103// 5104// This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 5105// feature in AWS KMS, which combines the convenience and extensive integration 5106// of AWS KMS with the isolation and control of a single-tenant key store. 5107// 5108// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5109// with awserr.Error's Code and Message methods to get detailed information about 5110// the error. 5111// 5112// See the AWS API reference guide for AWS Key Management Service's 5113// API operation UpdateCustomKeyStore for usage and error information. 5114// 5115// Returned Error Codes: 5116// * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" 5117// The request was rejected because AWS KMS cannot find a custom key store with 5118// the specified key store name or ID. 5119// 5120// * ErrCodeCloudHsmClusterNotFoundException "CloudHsmClusterNotFoundException" 5121// The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster 5122// with the specified cluster ID. Retry the request with a different cluster 5123// ID. 5124// 5125// * ErrCodeCloudHsmClusterNotRelatedException "CloudHsmClusterNotRelatedException" 5126// The request was rejected because the specified AWS CloudHSM cluster has a 5127// different cluster certificate than the original cluster. You cannot use the 5128// operation to specify an unrelated cluster. 5129// 5130// Specify a cluster that shares a backup history with the original cluster. 5131// This includes clusters that were created from a backup of the current cluster, 5132// and clusters that were created from the same backup that produced the current 5133// cluster. 5134// 5135// Clusters that share a backup history have the same cluster certificate. To 5136// view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) 5137// operation. 5138// 5139// * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" 5140// The request was rejected because of the ConnectionState of the custom key 5141// store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores 5142// operation. 5143// 5144// This exception is thrown under the following conditions: 5145// 5146// * You requested the CreateKey or GenerateRandom operation in a custom 5147// key store that is not connected. These operations are valid only when 5148// the custom key store ConnectionState is CONNECTED. 5149// 5150// * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation 5151// on a custom key store that is not disconnected. This operation is valid 5152// only when the custom key store ConnectionState is DISCONNECTED. 5153// 5154// * You requested the ConnectCustomKeyStore operation on a custom key store 5155// with a ConnectionState of DISCONNECTING or FAILED. This operation is valid 5156// for all other ConnectionState values. 5157// 5158// * ErrCodeInternalException "KMSInternalException" 5159// The request was rejected because an internal exception occurred. The request 5160// can be retried. 5161// 5162// * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException" 5163// The request was rejected because the AWS CloudHSM cluster that is associated 5164// with the custom key store is not active. Initialize and activate the cluster 5165// and try the command again. For detailed instructions, see Getting Started 5166// (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) 5167// in the AWS CloudHSM User Guide. 5168// 5169// * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" 5170// The request was rejected because the associated AWS CloudHSM cluster did 5171// not meet the configuration requirements for a custom key store. 5172// 5173// * The cluster must be configured with private subnets in at least two 5174// different Availability Zones in the Region. 5175// 5176// * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) 5177// (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound 5178// rules that allow TCP traffic on ports 2223-2225. The Source in the inbound 5179// rules and the Destination in the outbound rules must match the security 5180// group ID. These rules are set by default when you create the cluster. 5181// Do not delete or change them. To get information about a particular security 5182// group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) 5183// operation. 5184// 5185// * The cluster must contain at least as many HSMs as the operation requires. 5186// To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) 5187// operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey 5188// operations, the AWS CloudHSM cluster must have at least two active HSMs, 5189// each in a different Availability Zone. For the ConnectCustomKeyStore operation, 5190// the AWS CloudHSM must contain at least one active HSM. 5191// 5192// For information about the requirements for an AWS CloudHSM cluster that is 5193// associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) 5194// in the AWS Key Management Service Developer Guide. For information about 5195// creating a private subnet for an AWS CloudHSM cluster, see Create a Private 5196// Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) 5197// in the AWS CloudHSM User Guide. For information about cluster security groups, 5198// see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) 5199// in the AWS CloudHSM User Guide . 5200// 5201// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore 5202func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) { 5203 req, out := c.UpdateCustomKeyStoreRequest(input) 5204 return out, req.Send() 5205} 5206 5207// UpdateCustomKeyStoreWithContext is the same as UpdateCustomKeyStore with the addition of 5208// the ability to pass a context and additional request options. 5209// 5210// See UpdateCustomKeyStore for details on how to use this API operation. 5211// 5212// The context must be non-nil and will be used for request cancellation. If 5213// the context is nil a panic will occur. In the future the SDK may create 5214// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5215// for more information on using Contexts. 5216func (c *KMS) UpdateCustomKeyStoreWithContext(ctx aws.Context, input *UpdateCustomKeyStoreInput, opts ...request.Option) (*UpdateCustomKeyStoreOutput, error) { 5217 req, out := c.UpdateCustomKeyStoreRequest(input) 5218 req.SetContext(ctx) 5219 req.ApplyOptions(opts...) 5220 return out, req.Send() 5221} 5222 5223const opUpdateKeyDescription = "UpdateKeyDescription" 5224 5225// UpdateKeyDescriptionRequest generates a "aws/request.Request" representing the 5226// client's request for the UpdateKeyDescription operation. The "output" return 5227// value will be populated with the request's response once the request completes 5228// successfully. 5229// 5230// Use "Send" method on the returned Request to send the API call to the service. 5231// the "output" return value is not valid until after Send returns without error. 5232// 5233// See UpdateKeyDescription for more information on using the UpdateKeyDescription 5234// API call, and error handling. 5235// 5236// This method is useful when you want to inject custom logic or configuration 5237// into the SDK's request lifecycle. Such as custom headers, or retry logic. 5238// 5239// 5240// // Example sending a request using the UpdateKeyDescriptionRequest method. 5241// req, resp := client.UpdateKeyDescriptionRequest(params) 5242// 5243// err := req.Send() 5244// if err == nil { // resp is now filled 5245// fmt.Println(resp) 5246// } 5247// 5248// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription 5249func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req *request.Request, output *UpdateKeyDescriptionOutput) { 5250 op := &request.Operation{ 5251 Name: opUpdateKeyDescription, 5252 HTTPMethod: "POST", 5253 HTTPPath: "/", 5254 } 5255 5256 if input == nil { 5257 input = &UpdateKeyDescriptionInput{} 5258 } 5259 5260 output = &UpdateKeyDescriptionOutput{} 5261 req = c.newRequest(op, input, output) 5262 req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) 5263 return 5264} 5265 5266// UpdateKeyDescription API operation for AWS Key Management Service. 5267// 5268// Updates the description of a customer master key (CMK). To see the description 5269// of a CMK, use DescribeKey. 5270// 5271// You cannot perform this operation on a CMK in a different AWS account. 5272// 5273// The result of this operation varies with the key state of the CMK. For details, 5274// see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 5275// in the AWS Key Management Service Developer Guide. 5276// 5277// Returns awserr.Error for service API and SDK errors. Use runtime type assertions 5278// with awserr.Error's Code and Message methods to get detailed information about 5279// the error. 5280// 5281// See the AWS API reference guide for AWS Key Management Service's 5282// API operation UpdateKeyDescription for usage and error information. 5283// 5284// Returned Error Codes: 5285// * ErrCodeNotFoundException "NotFoundException" 5286// The request was rejected because the specified entity or resource could not 5287// be found. 5288// 5289// * ErrCodeInvalidArnException "InvalidArnException" 5290// The request was rejected because a specified ARN, or an ARN in a key policy, 5291// is not valid. 5292// 5293// * ErrCodeDependencyTimeoutException "DependencyTimeoutException" 5294// The system timed out while trying to fulfill the request. The request can 5295// be retried. 5296// 5297// * ErrCodeInternalException "KMSInternalException" 5298// The request was rejected because an internal exception occurred. The request 5299// can be retried. 5300// 5301// * ErrCodeInvalidStateException "KMSInvalidStateException" 5302// The request was rejected because the state of the specified resource is not 5303// valid for this request. 5304// 5305// For more information about how key state affects the use of a CMK, see How 5306// Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 5307// in the AWS Key Management Service Developer Guide. 5308// 5309// See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription 5310func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { 5311 req, out := c.UpdateKeyDescriptionRequest(input) 5312 return out, req.Send() 5313} 5314 5315// UpdateKeyDescriptionWithContext is the same as UpdateKeyDescription with the addition of 5316// the ability to pass a context and additional request options. 5317// 5318// See UpdateKeyDescription for details on how to use this API operation. 5319// 5320// The context must be non-nil and will be used for request cancellation. If 5321// the context is nil a panic will occur. In the future the SDK may create 5322// sub-contexts for http.Requests. See https://golang.org/pkg/context/ 5323// for more information on using Contexts. 5324func (c *KMS) UpdateKeyDescriptionWithContext(ctx aws.Context, input *UpdateKeyDescriptionInput, opts ...request.Option) (*UpdateKeyDescriptionOutput, error) { 5325 req, out := c.UpdateKeyDescriptionRequest(input) 5326 req.SetContext(ctx) 5327 req.ApplyOptions(opts...) 5328 return out, req.Send() 5329} 5330 5331// Contains information about an alias. 5332type AliasListEntry struct { 5333 _ struct{} `type:"structure"` 5334 5335 // String that contains the key ARN. 5336 AliasArn *string `min:"20" type:"string"` 5337 5338 // String that contains the alias. This value begins with alias/. 5339 AliasName *string `min:"1" type:"string"` 5340 5341 // String that contains the key identifier referred to by the alias. 5342 TargetKeyId *string `min:"1" type:"string"` 5343} 5344 5345// String returns the string representation 5346func (s AliasListEntry) String() string { 5347 return awsutil.Prettify(s) 5348} 5349 5350// GoString returns the string representation 5351func (s AliasListEntry) GoString() string { 5352 return s.String() 5353} 5354 5355// SetAliasArn sets the AliasArn field's value. 5356func (s *AliasListEntry) SetAliasArn(v string) *AliasListEntry { 5357 s.AliasArn = &v 5358 return s 5359} 5360 5361// SetAliasName sets the AliasName field's value. 5362func (s *AliasListEntry) SetAliasName(v string) *AliasListEntry { 5363 s.AliasName = &v 5364 return s 5365} 5366 5367// SetTargetKeyId sets the TargetKeyId field's value. 5368func (s *AliasListEntry) SetTargetKeyId(v string) *AliasListEntry { 5369 s.TargetKeyId = &v 5370 return s 5371} 5372 5373type CancelKeyDeletionInput struct { 5374 _ struct{} `type:"structure"` 5375 5376 // The unique identifier for the customer master key (CMK) for which to cancel 5377 // deletion. 5378 // 5379 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 5380 // 5381 // For example: 5382 // 5383 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 5384 // 5385 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 5386 // 5387 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 5388 // 5389 // KeyId is a required field 5390 KeyId *string `min:"1" type:"string" required:"true"` 5391} 5392 5393// String returns the string representation 5394func (s CancelKeyDeletionInput) String() string { 5395 return awsutil.Prettify(s) 5396} 5397 5398// GoString returns the string representation 5399func (s CancelKeyDeletionInput) GoString() string { 5400 return s.String() 5401} 5402 5403// Validate inspects the fields of the type to determine if they are valid. 5404func (s *CancelKeyDeletionInput) Validate() error { 5405 invalidParams := request.ErrInvalidParams{Context: "CancelKeyDeletionInput"} 5406 if s.KeyId == nil { 5407 invalidParams.Add(request.NewErrParamRequired("KeyId")) 5408 } 5409 if s.KeyId != nil && len(*s.KeyId) < 1 { 5410 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 5411 } 5412 5413 if invalidParams.Len() > 0 { 5414 return invalidParams 5415 } 5416 return nil 5417} 5418 5419// SetKeyId sets the KeyId field's value. 5420func (s *CancelKeyDeletionInput) SetKeyId(v string) *CancelKeyDeletionInput { 5421 s.KeyId = &v 5422 return s 5423} 5424 5425type CancelKeyDeletionOutput struct { 5426 _ struct{} `type:"structure"` 5427 5428 // The unique identifier of the master key for which deletion is canceled. 5429 KeyId *string `min:"1" type:"string"` 5430} 5431 5432// String returns the string representation 5433func (s CancelKeyDeletionOutput) String() string { 5434 return awsutil.Prettify(s) 5435} 5436 5437// GoString returns the string representation 5438func (s CancelKeyDeletionOutput) GoString() string { 5439 return s.String() 5440} 5441 5442// SetKeyId sets the KeyId field's value. 5443func (s *CancelKeyDeletionOutput) SetKeyId(v string) *CancelKeyDeletionOutput { 5444 s.KeyId = &v 5445 return s 5446} 5447 5448type ConnectCustomKeyStoreInput struct { 5449 _ struct{} `type:"structure"` 5450 5451 // Enter the key store ID of the custom key store that you want to connect. 5452 // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. 5453 // 5454 // CustomKeyStoreId is a required field 5455 CustomKeyStoreId *string `min:"1" type:"string" required:"true"` 5456} 5457 5458// String returns the string representation 5459func (s ConnectCustomKeyStoreInput) String() string { 5460 return awsutil.Prettify(s) 5461} 5462 5463// GoString returns the string representation 5464func (s ConnectCustomKeyStoreInput) GoString() string { 5465 return s.String() 5466} 5467 5468// Validate inspects the fields of the type to determine if they are valid. 5469func (s *ConnectCustomKeyStoreInput) Validate() error { 5470 invalidParams := request.ErrInvalidParams{Context: "ConnectCustomKeyStoreInput"} 5471 if s.CustomKeyStoreId == nil { 5472 invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) 5473 } 5474 if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { 5475 invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) 5476 } 5477 5478 if invalidParams.Len() > 0 { 5479 return invalidParams 5480 } 5481 return nil 5482} 5483 5484// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 5485func (s *ConnectCustomKeyStoreInput) SetCustomKeyStoreId(v string) *ConnectCustomKeyStoreInput { 5486 s.CustomKeyStoreId = &v 5487 return s 5488} 5489 5490type ConnectCustomKeyStoreOutput struct { 5491 _ struct{} `type:"structure"` 5492} 5493 5494// String returns the string representation 5495func (s ConnectCustomKeyStoreOutput) String() string { 5496 return awsutil.Prettify(s) 5497} 5498 5499// GoString returns the string representation 5500func (s ConnectCustomKeyStoreOutput) GoString() string { 5501 return s.String() 5502} 5503 5504type CreateAliasInput struct { 5505 _ struct{} `type:"structure"` 5506 5507 // Specifies the alias name. This value must begin with alias/ followed by a 5508 // name, such as alias/ExampleAlias. The alias name cannot begin with alias/aws/. 5509 // The alias/aws/ prefix is reserved for AWS managed CMKs. 5510 // 5511 // AliasName is a required field 5512 AliasName *string `min:"1" type:"string" required:"true"` 5513 5514 // Identifies the CMK to which the alias refers. Specify the key ID or the Amazon 5515 // Resource Name (ARN) of the CMK. You cannot specify another alias. For help 5516 // finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) 5517 // in the AWS Key Management Service Developer Guide. 5518 // 5519 // TargetKeyId is a required field 5520 TargetKeyId *string `min:"1" type:"string" required:"true"` 5521} 5522 5523// String returns the string representation 5524func (s CreateAliasInput) String() string { 5525 return awsutil.Prettify(s) 5526} 5527 5528// GoString returns the string representation 5529func (s CreateAliasInput) GoString() string { 5530 return s.String() 5531} 5532 5533// Validate inspects the fields of the type to determine if they are valid. 5534func (s *CreateAliasInput) Validate() error { 5535 invalidParams := request.ErrInvalidParams{Context: "CreateAliasInput"} 5536 if s.AliasName == nil { 5537 invalidParams.Add(request.NewErrParamRequired("AliasName")) 5538 } 5539 if s.AliasName != nil && len(*s.AliasName) < 1 { 5540 invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) 5541 } 5542 if s.TargetKeyId == nil { 5543 invalidParams.Add(request.NewErrParamRequired("TargetKeyId")) 5544 } 5545 if s.TargetKeyId != nil && len(*s.TargetKeyId) < 1 { 5546 invalidParams.Add(request.NewErrParamMinLen("TargetKeyId", 1)) 5547 } 5548 5549 if invalidParams.Len() > 0 { 5550 return invalidParams 5551 } 5552 return nil 5553} 5554 5555// SetAliasName sets the AliasName field's value. 5556func (s *CreateAliasInput) SetAliasName(v string) *CreateAliasInput { 5557 s.AliasName = &v 5558 return s 5559} 5560 5561// SetTargetKeyId sets the TargetKeyId field's value. 5562func (s *CreateAliasInput) SetTargetKeyId(v string) *CreateAliasInput { 5563 s.TargetKeyId = &v 5564 return s 5565} 5566 5567type CreateAliasOutput struct { 5568 _ struct{} `type:"structure"` 5569} 5570 5571// String returns the string representation 5572func (s CreateAliasOutput) String() string { 5573 return awsutil.Prettify(s) 5574} 5575 5576// GoString returns the string representation 5577func (s CreateAliasOutput) GoString() string { 5578 return s.String() 5579} 5580 5581type CreateCustomKeyStoreInput struct { 5582 _ struct{} `type:"structure"` 5583 5584 // Identifies the AWS CloudHSM cluster for the custom key store. Enter the cluster 5585 // ID of any active AWS CloudHSM cluster that is not already associated with 5586 // a custom key store. To find the cluster ID, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) 5587 // operation. 5588 // 5589 // CloudHsmClusterId is a required field 5590 CloudHsmClusterId *string `min:"19" type:"string" required:"true"` 5591 5592 // Specifies a friendly name for the custom key store. The name must be unique 5593 // in your AWS account. 5594 // 5595 // CustomKeyStoreName is a required field 5596 CustomKeyStoreName *string `min:"1" type:"string" required:"true"` 5597 5598 // Enter the password of the kmsuser crypto user (CU) account (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) 5599 // in the specified AWS CloudHSM cluster. AWS KMS logs into the cluster as this 5600 // user to manage key material on your behalf. 5601 // 5602 // This parameter tells AWS KMS the kmsuser account password; it does not change 5603 // the password in the AWS CloudHSM cluster. 5604 // 5605 // KeyStorePassword is a required field 5606 KeyStorePassword *string `min:"1" type:"string" required:"true" sensitive:"true"` 5607 5608 // Enter the content of the trust anchor certificate for the cluster. This is 5609 // the content of the customerCA.crt file that you created when you initialized 5610 // the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). 5611 // 5612 // TrustAnchorCertificate is a required field 5613 TrustAnchorCertificate *string `min:"1" type:"string" required:"true"` 5614} 5615 5616// String returns the string representation 5617func (s CreateCustomKeyStoreInput) String() string { 5618 return awsutil.Prettify(s) 5619} 5620 5621// GoString returns the string representation 5622func (s CreateCustomKeyStoreInput) GoString() string { 5623 return s.String() 5624} 5625 5626// Validate inspects the fields of the type to determine if they are valid. 5627func (s *CreateCustomKeyStoreInput) Validate() error { 5628 invalidParams := request.ErrInvalidParams{Context: "CreateCustomKeyStoreInput"} 5629 if s.CloudHsmClusterId == nil { 5630 invalidParams.Add(request.NewErrParamRequired("CloudHsmClusterId")) 5631 } 5632 if s.CloudHsmClusterId != nil && len(*s.CloudHsmClusterId) < 19 { 5633 invalidParams.Add(request.NewErrParamMinLen("CloudHsmClusterId", 19)) 5634 } 5635 if s.CustomKeyStoreName == nil { 5636 invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreName")) 5637 } 5638 if s.CustomKeyStoreName != nil && len(*s.CustomKeyStoreName) < 1 { 5639 invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreName", 1)) 5640 } 5641 if s.KeyStorePassword == nil { 5642 invalidParams.Add(request.NewErrParamRequired("KeyStorePassword")) 5643 } 5644 if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 1 { 5645 invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 1)) 5646 } 5647 if s.TrustAnchorCertificate == nil { 5648 invalidParams.Add(request.NewErrParamRequired("TrustAnchorCertificate")) 5649 } 5650 if s.TrustAnchorCertificate != nil && len(*s.TrustAnchorCertificate) < 1 { 5651 invalidParams.Add(request.NewErrParamMinLen("TrustAnchorCertificate", 1)) 5652 } 5653 5654 if invalidParams.Len() > 0 { 5655 return invalidParams 5656 } 5657 return nil 5658} 5659 5660// SetCloudHsmClusterId sets the CloudHsmClusterId field's value. 5661func (s *CreateCustomKeyStoreInput) SetCloudHsmClusterId(v string) *CreateCustomKeyStoreInput { 5662 s.CloudHsmClusterId = &v 5663 return s 5664} 5665 5666// SetCustomKeyStoreName sets the CustomKeyStoreName field's value. 5667func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreName(v string) *CreateCustomKeyStoreInput { 5668 s.CustomKeyStoreName = &v 5669 return s 5670} 5671 5672// SetKeyStorePassword sets the KeyStorePassword field's value. 5673func (s *CreateCustomKeyStoreInput) SetKeyStorePassword(v string) *CreateCustomKeyStoreInput { 5674 s.KeyStorePassword = &v 5675 return s 5676} 5677 5678// SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value. 5679func (s *CreateCustomKeyStoreInput) SetTrustAnchorCertificate(v string) *CreateCustomKeyStoreInput { 5680 s.TrustAnchorCertificate = &v 5681 return s 5682} 5683 5684type CreateCustomKeyStoreOutput struct { 5685 _ struct{} `type:"structure"` 5686 5687 // A unique identifier for the new custom key store. 5688 CustomKeyStoreId *string `min:"1" type:"string"` 5689} 5690 5691// String returns the string representation 5692func (s CreateCustomKeyStoreOutput) String() string { 5693 return awsutil.Prettify(s) 5694} 5695 5696// GoString returns the string representation 5697func (s CreateCustomKeyStoreOutput) GoString() string { 5698 return s.String() 5699} 5700 5701// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 5702func (s *CreateCustomKeyStoreOutput) SetCustomKeyStoreId(v string) *CreateCustomKeyStoreOutput { 5703 s.CustomKeyStoreId = &v 5704 return s 5705} 5706 5707type CreateGrantInput struct { 5708 _ struct{} `type:"structure"` 5709 5710 // Allows a cryptographic operation only when the encryption context matches 5711 // or includes the encryption context specified in this structure. For more 5712 // information about encryption context, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) 5713 // in the AWS Key Management Service Developer Guide . 5714 Constraints *GrantConstraints `type:"structure"` 5715 5716 // A list of grant tokens. 5717 // 5718 // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) 5719 // in the AWS Key Management Service Developer Guide. 5720 GrantTokens []*string `type:"list"` 5721 5722 // The principal that is given permission to perform the operations that the 5723 // grant permits. 5724 // 5725 // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) 5726 // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM 5727 // users, IAM roles, federated users, and assumed role users. For examples of 5728 // the ARN syntax to use for specifying a principal, see AWS Identity and Access 5729 // Management (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) 5730 // in the Example ARNs section of the AWS General Reference. 5731 // 5732 // GranteePrincipal is a required field 5733 GranteePrincipal *string `min:"1" type:"string" required:"true"` 5734 5735 // The unique identifier for the customer master key (CMK) that the grant applies 5736 // to. 5737 // 5738 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify 5739 // a CMK in a different AWS account, you must use the key ARN. 5740 // 5741 // For example: 5742 // 5743 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 5744 // 5745 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 5746 // 5747 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 5748 // 5749 // KeyId is a required field 5750 KeyId *string `min:"1" type:"string" required:"true"` 5751 5752 // A friendly name for identifying the grant. Use this value to prevent the 5753 // unintended creation of duplicate grants when retrying this request. 5754 // 5755 // When this value is absent, all CreateGrant requests result in a new grant 5756 // with a unique GrantId even if all the supplied parameters are identical. 5757 // This can result in unintended duplicates when you retry the CreateGrant request. 5758 // 5759 // When this value is present, you can retry a CreateGrant request with identical 5760 // parameters; if the grant already exists, the original GrantId is returned 5761 // without creating a new grant. Note that the returned grant token is unique 5762 // with every CreateGrant request, even when a duplicate GrantId is returned. 5763 // All grant tokens obtained in this way can be used interchangeably. 5764 Name *string `min:"1" type:"string"` 5765 5766 // A list of operations that the grant permits. 5767 // 5768 // Operations is a required field 5769 Operations []*string `type:"list" required:"true"` 5770 5771 // The principal that is given permission to retire the grant by using RetireGrant 5772 // operation. 5773 // 5774 // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) 5775 // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM 5776 // users, federated users, and assumed role users. For examples of the ARN syntax 5777 // to use for specifying a principal, see AWS Identity and Access Management 5778 // (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) 5779 // in the Example ARNs section of the AWS General Reference. 5780 RetiringPrincipal *string `min:"1" type:"string"` 5781} 5782 5783// String returns the string representation 5784func (s CreateGrantInput) String() string { 5785 return awsutil.Prettify(s) 5786} 5787 5788// GoString returns the string representation 5789func (s CreateGrantInput) GoString() string { 5790 return s.String() 5791} 5792 5793// Validate inspects the fields of the type to determine if they are valid. 5794func (s *CreateGrantInput) Validate() error { 5795 invalidParams := request.ErrInvalidParams{Context: "CreateGrantInput"} 5796 if s.GranteePrincipal == nil { 5797 invalidParams.Add(request.NewErrParamRequired("GranteePrincipal")) 5798 } 5799 if s.GranteePrincipal != nil && len(*s.GranteePrincipal) < 1 { 5800 invalidParams.Add(request.NewErrParamMinLen("GranteePrincipal", 1)) 5801 } 5802 if s.KeyId == nil { 5803 invalidParams.Add(request.NewErrParamRequired("KeyId")) 5804 } 5805 if s.KeyId != nil && len(*s.KeyId) < 1 { 5806 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 5807 } 5808 if s.Name != nil && len(*s.Name) < 1 { 5809 invalidParams.Add(request.NewErrParamMinLen("Name", 1)) 5810 } 5811 if s.Operations == nil { 5812 invalidParams.Add(request.NewErrParamRequired("Operations")) 5813 } 5814 if s.RetiringPrincipal != nil && len(*s.RetiringPrincipal) < 1 { 5815 invalidParams.Add(request.NewErrParamMinLen("RetiringPrincipal", 1)) 5816 } 5817 5818 if invalidParams.Len() > 0 { 5819 return invalidParams 5820 } 5821 return nil 5822} 5823 5824// SetConstraints sets the Constraints field's value. 5825func (s *CreateGrantInput) SetConstraints(v *GrantConstraints) *CreateGrantInput { 5826 s.Constraints = v 5827 return s 5828} 5829 5830// SetGrantTokens sets the GrantTokens field's value. 5831func (s *CreateGrantInput) SetGrantTokens(v []*string) *CreateGrantInput { 5832 s.GrantTokens = v 5833 return s 5834} 5835 5836// SetGranteePrincipal sets the GranteePrincipal field's value. 5837func (s *CreateGrantInput) SetGranteePrincipal(v string) *CreateGrantInput { 5838 s.GranteePrincipal = &v 5839 return s 5840} 5841 5842// SetKeyId sets the KeyId field's value. 5843func (s *CreateGrantInput) SetKeyId(v string) *CreateGrantInput { 5844 s.KeyId = &v 5845 return s 5846} 5847 5848// SetName sets the Name field's value. 5849func (s *CreateGrantInput) SetName(v string) *CreateGrantInput { 5850 s.Name = &v 5851 return s 5852} 5853 5854// SetOperations sets the Operations field's value. 5855func (s *CreateGrantInput) SetOperations(v []*string) *CreateGrantInput { 5856 s.Operations = v 5857 return s 5858} 5859 5860// SetRetiringPrincipal sets the RetiringPrincipal field's value. 5861func (s *CreateGrantInput) SetRetiringPrincipal(v string) *CreateGrantInput { 5862 s.RetiringPrincipal = &v 5863 return s 5864} 5865 5866type CreateGrantOutput struct { 5867 _ struct{} `type:"structure"` 5868 5869 // The unique identifier for the grant. 5870 // 5871 // You can use the GrantId in a subsequent RetireGrant or RevokeGrant operation. 5872 GrantId *string `min:"1" type:"string"` 5873 5874 // The grant token. 5875 // 5876 // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) 5877 // in the AWS Key Management Service Developer Guide. 5878 GrantToken *string `min:"1" type:"string"` 5879} 5880 5881// String returns the string representation 5882func (s CreateGrantOutput) String() string { 5883 return awsutil.Prettify(s) 5884} 5885 5886// GoString returns the string representation 5887func (s CreateGrantOutput) GoString() string { 5888 return s.String() 5889} 5890 5891// SetGrantId sets the GrantId field's value. 5892func (s *CreateGrantOutput) SetGrantId(v string) *CreateGrantOutput { 5893 s.GrantId = &v 5894 return s 5895} 5896 5897// SetGrantToken sets the GrantToken field's value. 5898func (s *CreateGrantOutput) SetGrantToken(v string) *CreateGrantOutput { 5899 s.GrantToken = &v 5900 return s 5901} 5902 5903type CreateKeyInput struct { 5904 _ struct{} `type:"structure"` 5905 5906 // A flag to indicate whether to bypass the key policy lockout safety check. 5907 // 5908 // Setting this value to true increases the risk that the CMK becomes unmanageable. 5909 // Do not set this value to true indiscriminately. 5910 // 5911 // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) 5912 // section in the AWS Key Management Service Developer Guide . 5913 // 5914 // Use this parameter only when you include a policy in the request and you 5915 // intend to prevent the principal that is making the request from making a 5916 // subsequent PutKeyPolicy request on the CMK. 5917 // 5918 // The default value is false. 5919 BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` 5920 5921 // Creates the CMK in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 5922 // and the key material in its associated AWS CloudHSM cluster. To create a 5923 // CMK in a custom key store, you must also specify the Origin parameter with 5924 // a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with 5925 // the custom key store must have at least two active HSMs, each in a different 5926 // Availability Zone in the Region. 5927 // 5928 // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. 5929 // 5930 // The response includes the custom key store ID and the ID of the AWS CloudHSM 5931 // cluster. 5932 // 5933 // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 5934 // feature in AWS KMS, which combines the convenience and extensive integration 5935 // of AWS KMS with the isolation and control of a single-tenant key store. 5936 CustomKeyStoreId *string `min:"1" type:"string"` 5937 5938 // A description of the CMK. 5939 // 5940 // Use a description that helps you decide whether the CMK is appropriate for 5941 // a task. 5942 Description *string `type:"string"` 5943 5944 // The cryptographic operations for which you can use the CMK. The only valid 5945 // value is ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and 5946 // decrypt data. 5947 KeyUsage *string `type:"string" enum:"KeyUsageType"` 5948 5949 // The source of the key material for the CMK. You cannot change the origin 5950 // after you create the CMK. 5951 // 5952 // The default is AWS_KMS, which means AWS KMS creates the key material in its 5953 // own key store. 5954 // 5955 // When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material 5956 // so that you can import key material from your existing key management infrastructure. 5957 // For more information about importing key material into AWS KMS, see Importing 5958 // Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) 5959 // in the AWS Key Management Service Developer Guide. 5960 // 5961 // When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS 5962 // KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 5963 // and creates its key material in the associated AWS CloudHSM cluster. You 5964 // must also use the CustomKeyStoreId parameter to identify the custom key store. 5965 Origin *string `type:"string" enum:"OriginType"` 5966 5967 // The key policy to attach to the CMK. 5968 // 5969 // If you provide a key policy, it must meet the following criteria: 5970 // 5971 // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy 5972 // must allow the principal that is making the CreateKey request to make 5973 // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that 5974 // the CMK becomes unmanageable. For more information, refer to the scenario 5975 // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) 5976 // section of the AWS Key Management Service Developer Guide . 5977 // 5978 // * Each statement in the key policy must contain one or more principals. 5979 // The principals in the key policy must exist and be visible to AWS KMS. 5980 // When you create a new AWS principal (for example, an IAM user or role), 5981 // you might need to enforce a delay before including the new principal in 5982 // a key policy because the new principal might not be immediately visible 5983 // to AWS KMS. For more information, see Changes that I make are not always 5984 // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) 5985 // in the AWS Identity and Access Management User Guide. 5986 // 5987 // If you do not provide a key policy, AWS KMS attaches a default key policy 5988 // to the CMK. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) 5989 // in the AWS Key Management Service Developer Guide. 5990 // 5991 // The key policy size limit is 32 kilobytes (32768 bytes). 5992 Policy *string `min:"1" type:"string"` 5993 5994 // One or more tags. Each tag consists of a tag key and a tag value. Tag keys 5995 // and tag values are both required, but tag values can be empty (null) strings. 5996 // 5997 // Use this parameter to tag the CMK when it is created. Alternately, you can 5998 // omit this parameter and instead tag the CMK after it is created using TagResource. 5999 Tags []*Tag `type:"list"` 6000} 6001 6002// String returns the string representation 6003func (s CreateKeyInput) String() string { 6004 return awsutil.Prettify(s) 6005} 6006 6007// GoString returns the string representation 6008func (s CreateKeyInput) GoString() string { 6009 return s.String() 6010} 6011 6012// Validate inspects the fields of the type to determine if they are valid. 6013func (s *CreateKeyInput) Validate() error { 6014 invalidParams := request.ErrInvalidParams{Context: "CreateKeyInput"} 6015 if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { 6016 invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) 6017 } 6018 if s.Policy != nil && len(*s.Policy) < 1 { 6019 invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) 6020 } 6021 if s.Tags != nil { 6022 for i, v := range s.Tags { 6023 if v == nil { 6024 continue 6025 } 6026 if err := v.Validate(); err != nil { 6027 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 6028 } 6029 } 6030 } 6031 6032 if invalidParams.Len() > 0 { 6033 return invalidParams 6034 } 6035 return nil 6036} 6037 6038// SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value. 6039func (s *CreateKeyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *CreateKeyInput { 6040 s.BypassPolicyLockoutSafetyCheck = &v 6041 return s 6042} 6043 6044// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 6045func (s *CreateKeyInput) SetCustomKeyStoreId(v string) *CreateKeyInput { 6046 s.CustomKeyStoreId = &v 6047 return s 6048} 6049 6050// SetDescription sets the Description field's value. 6051func (s *CreateKeyInput) SetDescription(v string) *CreateKeyInput { 6052 s.Description = &v 6053 return s 6054} 6055 6056// SetKeyUsage sets the KeyUsage field's value. 6057func (s *CreateKeyInput) SetKeyUsage(v string) *CreateKeyInput { 6058 s.KeyUsage = &v 6059 return s 6060} 6061 6062// SetOrigin sets the Origin field's value. 6063func (s *CreateKeyInput) SetOrigin(v string) *CreateKeyInput { 6064 s.Origin = &v 6065 return s 6066} 6067 6068// SetPolicy sets the Policy field's value. 6069func (s *CreateKeyInput) SetPolicy(v string) *CreateKeyInput { 6070 s.Policy = &v 6071 return s 6072} 6073 6074// SetTags sets the Tags field's value. 6075func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput { 6076 s.Tags = v 6077 return s 6078} 6079 6080type CreateKeyOutput struct { 6081 _ struct{} `type:"structure"` 6082 6083 // Metadata associated with the CMK. 6084 KeyMetadata *KeyMetadata `type:"structure"` 6085} 6086 6087// String returns the string representation 6088func (s CreateKeyOutput) String() string { 6089 return awsutil.Prettify(s) 6090} 6091 6092// GoString returns the string representation 6093func (s CreateKeyOutput) GoString() string { 6094 return s.String() 6095} 6096 6097// SetKeyMetadata sets the KeyMetadata field's value. 6098func (s *CreateKeyOutput) SetKeyMetadata(v *KeyMetadata) *CreateKeyOutput { 6099 s.KeyMetadata = v 6100 return s 6101} 6102 6103// Contains information about each custom key store in the custom key store 6104// list. 6105type CustomKeyStoresListEntry struct { 6106 _ struct{} `type:"structure"` 6107 6108 // A unique identifier for the AWS CloudHSM cluster that is associated with 6109 // the custom key store. 6110 CloudHsmClusterId *string `min:"19" type:"string"` 6111 6112 // Describes the connection error. Valid values are: 6113 // 6114 // * CLUSTER_NOT_FOUND - AWS KMS cannot find the AWS CloudHSM cluster with 6115 // the specified cluster ID. 6116 // 6117 // * INSUFFICIENT_CLOUDHSM_HSMS - The associated AWS CloudHSM cluster does 6118 // not contain any active HSMs. To connect a custom key store to its AWS 6119 // CloudHSM cluster, the cluster must contain at least one active HSM. 6120 // 6121 // * INTERNAL_ERROR - AWS KMS could not complete the request due to an internal 6122 // error. Retry the request. For ConnectCustomKeyStore requests, disconnect 6123 // the custom key store before trying to connect again. 6124 // 6125 // * INVALID_CREDENTIALS - AWS KMS does not have the correct password for 6126 // the kmsuser crypto user in the AWS CloudHSM cluster. 6127 // 6128 // * NETWORK_ERRORS - Network errors are preventing AWS KMS from connecting 6129 // to the custom key store. 6130 // 6131 // * USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated 6132 // AWS CloudHSM cluster due to too many failed password attempts. Before 6133 // you can connect your custom key store to its AWS CloudHSM cluster, you 6134 // must change the kmsuser account password and update the password value 6135 // for the custom key store. 6136 // 6137 // For help with connection failures, see Troubleshooting Custom Key Stores 6138 // (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) 6139 // in the AWS Key Management Service Developer Guide. 6140 ConnectionErrorCode *string `type:"string" enum:"ConnectionErrorCodeType"` 6141 6142 // Indicates whether the custom key store is connected to its AWS CloudHSM cluster. 6143 // 6144 // You can create and use CMKs in your custom key stores only when its connection 6145 // state is CONNECTED. 6146 // 6147 // The value is DISCONNECTED if the key store has never been connected or you 6148 // use the DisconnectCustomKeyStore operation to disconnect it. If the value 6149 // is CONNECTED but you are having trouble using the custom key store, make 6150 // sure that its associated AWS CloudHSM cluster is active and contains at least 6151 // one active HSM. 6152 // 6153 // A value of FAILED indicates that an attempt to connect was unsuccessful. 6154 // For help resolving a connection failure, see Troubleshooting a Custom Key 6155 // Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) 6156 // in the AWS Key Management Service Developer Guide. 6157 ConnectionState *string `type:"string" enum:"ConnectionStateType"` 6158 6159 // The date and time when the custom key store was created. 6160 CreationDate *time.Time `type:"timestamp"` 6161 6162 // A unique identifier for the custom key store. 6163 CustomKeyStoreId *string `min:"1" type:"string"` 6164 6165 // The user-specified friendly name for the custom key store. 6166 CustomKeyStoreName *string `min:"1" type:"string"` 6167 6168 // The trust anchor certificate of the associated AWS CloudHSM cluster. When 6169 // you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), 6170 // you create this certificate and save it in the customerCA.crt file. 6171 TrustAnchorCertificate *string `min:"1" type:"string"` 6172} 6173 6174// String returns the string representation 6175func (s CustomKeyStoresListEntry) String() string { 6176 return awsutil.Prettify(s) 6177} 6178 6179// GoString returns the string representation 6180func (s CustomKeyStoresListEntry) GoString() string { 6181 return s.String() 6182} 6183 6184// SetCloudHsmClusterId sets the CloudHsmClusterId field's value. 6185func (s *CustomKeyStoresListEntry) SetCloudHsmClusterId(v string) *CustomKeyStoresListEntry { 6186 s.CloudHsmClusterId = &v 6187 return s 6188} 6189 6190// SetConnectionErrorCode sets the ConnectionErrorCode field's value. 6191func (s *CustomKeyStoresListEntry) SetConnectionErrorCode(v string) *CustomKeyStoresListEntry { 6192 s.ConnectionErrorCode = &v 6193 return s 6194} 6195 6196// SetConnectionState sets the ConnectionState field's value. 6197func (s *CustomKeyStoresListEntry) SetConnectionState(v string) *CustomKeyStoresListEntry { 6198 s.ConnectionState = &v 6199 return s 6200} 6201 6202// SetCreationDate sets the CreationDate field's value. 6203func (s *CustomKeyStoresListEntry) SetCreationDate(v time.Time) *CustomKeyStoresListEntry { 6204 s.CreationDate = &v 6205 return s 6206} 6207 6208// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 6209func (s *CustomKeyStoresListEntry) SetCustomKeyStoreId(v string) *CustomKeyStoresListEntry { 6210 s.CustomKeyStoreId = &v 6211 return s 6212} 6213 6214// SetCustomKeyStoreName sets the CustomKeyStoreName field's value. 6215func (s *CustomKeyStoresListEntry) SetCustomKeyStoreName(v string) *CustomKeyStoresListEntry { 6216 s.CustomKeyStoreName = &v 6217 return s 6218} 6219 6220// SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value. 6221func (s *CustomKeyStoresListEntry) SetTrustAnchorCertificate(v string) *CustomKeyStoresListEntry { 6222 s.TrustAnchorCertificate = &v 6223 return s 6224} 6225 6226type DecryptInput struct { 6227 _ struct{} `type:"structure"` 6228 6229 // Ciphertext to be decrypted. The blob includes metadata. 6230 // 6231 // CiphertextBlob is automatically base64 encoded/decoded by the SDK. 6232 // 6233 // CiphertextBlob is a required field 6234 CiphertextBlob []byte `min:"1" type:"blob" required:"true"` 6235 6236 // The encryption context. If this was specified in the Encrypt function, it 6237 // must be specified here or the decryption operation will fail. For more information, 6238 // see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). 6239 EncryptionContext map[string]*string `type:"map"` 6240 6241 // A list of grant tokens. 6242 // 6243 // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) 6244 // in the AWS Key Management Service Developer Guide. 6245 GrantTokens []*string `type:"list"` 6246} 6247 6248// String returns the string representation 6249func (s DecryptInput) String() string { 6250 return awsutil.Prettify(s) 6251} 6252 6253// GoString returns the string representation 6254func (s DecryptInput) GoString() string { 6255 return s.String() 6256} 6257 6258// Validate inspects the fields of the type to determine if they are valid. 6259func (s *DecryptInput) Validate() error { 6260 invalidParams := request.ErrInvalidParams{Context: "DecryptInput"} 6261 if s.CiphertextBlob == nil { 6262 invalidParams.Add(request.NewErrParamRequired("CiphertextBlob")) 6263 } 6264 if s.CiphertextBlob != nil && len(s.CiphertextBlob) < 1 { 6265 invalidParams.Add(request.NewErrParamMinLen("CiphertextBlob", 1)) 6266 } 6267 6268 if invalidParams.Len() > 0 { 6269 return invalidParams 6270 } 6271 return nil 6272} 6273 6274// SetCiphertextBlob sets the CiphertextBlob field's value. 6275func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput { 6276 s.CiphertextBlob = v 6277 return s 6278} 6279 6280// SetEncryptionContext sets the EncryptionContext field's value. 6281func (s *DecryptInput) SetEncryptionContext(v map[string]*string) *DecryptInput { 6282 s.EncryptionContext = v 6283 return s 6284} 6285 6286// SetGrantTokens sets the GrantTokens field's value. 6287func (s *DecryptInput) SetGrantTokens(v []*string) *DecryptInput { 6288 s.GrantTokens = v 6289 return s 6290} 6291 6292type DecryptOutput struct { 6293 _ struct{} `type:"structure"` 6294 6295 // ARN of the key used to perform the decryption. This value is returned if 6296 // no errors are encountered during the operation. 6297 KeyId *string `min:"1" type:"string"` 6298 6299 // Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value 6300 // is Base64-encoded. Otherwise, it is not encoded. 6301 // 6302 // Plaintext is automatically base64 encoded/decoded by the SDK. 6303 Plaintext []byte `min:"1" type:"blob" sensitive:"true"` 6304} 6305 6306// String returns the string representation 6307func (s DecryptOutput) String() string { 6308 return awsutil.Prettify(s) 6309} 6310 6311// GoString returns the string representation 6312func (s DecryptOutput) GoString() string { 6313 return s.String() 6314} 6315 6316// SetKeyId sets the KeyId field's value. 6317func (s *DecryptOutput) SetKeyId(v string) *DecryptOutput { 6318 s.KeyId = &v 6319 return s 6320} 6321 6322// SetPlaintext sets the Plaintext field's value. 6323func (s *DecryptOutput) SetPlaintext(v []byte) *DecryptOutput { 6324 s.Plaintext = v 6325 return s 6326} 6327 6328type DeleteAliasInput struct { 6329 _ struct{} `type:"structure"` 6330 6331 // The alias to be deleted. The alias name must begin with alias/ followed by 6332 // the alias name, such as alias/ExampleAlias. 6333 // 6334 // AliasName is a required field 6335 AliasName *string `min:"1" type:"string" required:"true"` 6336} 6337 6338// String returns the string representation 6339func (s DeleteAliasInput) String() string { 6340 return awsutil.Prettify(s) 6341} 6342 6343// GoString returns the string representation 6344func (s DeleteAliasInput) GoString() string { 6345 return s.String() 6346} 6347 6348// Validate inspects the fields of the type to determine if they are valid. 6349func (s *DeleteAliasInput) Validate() error { 6350 invalidParams := request.ErrInvalidParams{Context: "DeleteAliasInput"} 6351 if s.AliasName == nil { 6352 invalidParams.Add(request.NewErrParamRequired("AliasName")) 6353 } 6354 if s.AliasName != nil && len(*s.AliasName) < 1 { 6355 invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) 6356 } 6357 6358 if invalidParams.Len() > 0 { 6359 return invalidParams 6360 } 6361 return nil 6362} 6363 6364// SetAliasName sets the AliasName field's value. 6365func (s *DeleteAliasInput) SetAliasName(v string) *DeleteAliasInput { 6366 s.AliasName = &v 6367 return s 6368} 6369 6370type DeleteAliasOutput struct { 6371 _ struct{} `type:"structure"` 6372} 6373 6374// String returns the string representation 6375func (s DeleteAliasOutput) String() string { 6376 return awsutil.Prettify(s) 6377} 6378 6379// GoString returns the string representation 6380func (s DeleteAliasOutput) GoString() string { 6381 return s.String() 6382} 6383 6384type DeleteCustomKeyStoreInput struct { 6385 _ struct{} `type:"structure"` 6386 6387 // Enter the ID of the custom key store you want to delete. To find the ID of 6388 // a custom key store, use the DescribeCustomKeyStores operation. 6389 // 6390 // CustomKeyStoreId is a required field 6391 CustomKeyStoreId *string `min:"1" type:"string" required:"true"` 6392} 6393 6394// String returns the string representation 6395func (s DeleteCustomKeyStoreInput) String() string { 6396 return awsutil.Prettify(s) 6397} 6398 6399// GoString returns the string representation 6400func (s DeleteCustomKeyStoreInput) GoString() string { 6401 return s.String() 6402} 6403 6404// Validate inspects the fields of the type to determine if they are valid. 6405func (s *DeleteCustomKeyStoreInput) Validate() error { 6406 invalidParams := request.ErrInvalidParams{Context: "DeleteCustomKeyStoreInput"} 6407 if s.CustomKeyStoreId == nil { 6408 invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) 6409 } 6410 if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { 6411 invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) 6412 } 6413 6414 if invalidParams.Len() > 0 { 6415 return invalidParams 6416 } 6417 return nil 6418} 6419 6420// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 6421func (s *DeleteCustomKeyStoreInput) SetCustomKeyStoreId(v string) *DeleteCustomKeyStoreInput { 6422 s.CustomKeyStoreId = &v 6423 return s 6424} 6425 6426type DeleteCustomKeyStoreOutput struct { 6427 _ struct{} `type:"structure"` 6428} 6429 6430// String returns the string representation 6431func (s DeleteCustomKeyStoreOutput) String() string { 6432 return awsutil.Prettify(s) 6433} 6434 6435// GoString returns the string representation 6436func (s DeleteCustomKeyStoreOutput) GoString() string { 6437 return s.String() 6438} 6439 6440type DeleteImportedKeyMaterialInput struct { 6441 _ struct{} `type:"structure"` 6442 6443 // Identifies the CMK from which you are deleting imported key material. The 6444 // Origin of the CMK must be EXTERNAL. 6445 // 6446 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 6447 // 6448 // For example: 6449 // 6450 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 6451 // 6452 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 6453 // 6454 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 6455 // 6456 // KeyId is a required field 6457 KeyId *string `min:"1" type:"string" required:"true"` 6458} 6459 6460// String returns the string representation 6461func (s DeleteImportedKeyMaterialInput) String() string { 6462 return awsutil.Prettify(s) 6463} 6464 6465// GoString returns the string representation 6466func (s DeleteImportedKeyMaterialInput) GoString() string { 6467 return s.String() 6468} 6469 6470// Validate inspects the fields of the type to determine if they are valid. 6471func (s *DeleteImportedKeyMaterialInput) Validate() error { 6472 invalidParams := request.ErrInvalidParams{Context: "DeleteImportedKeyMaterialInput"} 6473 if s.KeyId == nil { 6474 invalidParams.Add(request.NewErrParamRequired("KeyId")) 6475 } 6476 if s.KeyId != nil && len(*s.KeyId) < 1 { 6477 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 6478 } 6479 6480 if invalidParams.Len() > 0 { 6481 return invalidParams 6482 } 6483 return nil 6484} 6485 6486// SetKeyId sets the KeyId field's value. 6487func (s *DeleteImportedKeyMaterialInput) SetKeyId(v string) *DeleteImportedKeyMaterialInput { 6488 s.KeyId = &v 6489 return s 6490} 6491 6492type DeleteImportedKeyMaterialOutput struct { 6493 _ struct{} `type:"structure"` 6494} 6495 6496// String returns the string representation 6497func (s DeleteImportedKeyMaterialOutput) String() string { 6498 return awsutil.Prettify(s) 6499} 6500 6501// GoString returns the string representation 6502func (s DeleteImportedKeyMaterialOutput) GoString() string { 6503 return s.String() 6504} 6505 6506type DescribeCustomKeyStoresInput struct { 6507 _ struct{} `type:"structure"` 6508 6509 // Gets only information about the specified custom key store. Enter the key 6510 // store ID. 6511 // 6512 // By default, this operation gets information about all custom key stores in 6513 // the account and region. To limit the output to a particular custom key store, 6514 // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, 6515 // but not both. 6516 CustomKeyStoreId *string `min:"1" type:"string"` 6517 6518 // Gets only information about the specified custom key store. Enter the friendly 6519 // name of the custom key store. 6520 // 6521 // By default, this operation gets information about all custom key stores in 6522 // the account and region. To limit the output to a particular custom key store, 6523 // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, 6524 // but not both. 6525 CustomKeyStoreName *string `min:"1" type:"string"` 6526 6527 // Use this parameter to specify the maximum number of items to return. When 6528 // this value is present, AWS KMS does not return more than the specified number 6529 // of items, but it might return fewer. 6530 Limit *int64 `min:"1" type:"integer"` 6531 6532 // Use this parameter in a subsequent request after you receive a response with 6533 // truncated results. Set it to the value of NextMarker from the truncated response 6534 // you just received. 6535 Marker *string `min:"1" type:"string"` 6536} 6537 6538// String returns the string representation 6539func (s DescribeCustomKeyStoresInput) String() string { 6540 return awsutil.Prettify(s) 6541} 6542 6543// GoString returns the string representation 6544func (s DescribeCustomKeyStoresInput) GoString() string { 6545 return s.String() 6546} 6547 6548// Validate inspects the fields of the type to determine if they are valid. 6549func (s *DescribeCustomKeyStoresInput) Validate() error { 6550 invalidParams := request.ErrInvalidParams{Context: "DescribeCustomKeyStoresInput"} 6551 if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { 6552 invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) 6553 } 6554 if s.CustomKeyStoreName != nil && len(*s.CustomKeyStoreName) < 1 { 6555 invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreName", 1)) 6556 } 6557 if s.Limit != nil && *s.Limit < 1 { 6558 invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) 6559 } 6560 if s.Marker != nil && len(*s.Marker) < 1 { 6561 invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) 6562 } 6563 6564 if invalidParams.Len() > 0 { 6565 return invalidParams 6566 } 6567 return nil 6568} 6569 6570// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 6571func (s *DescribeCustomKeyStoresInput) SetCustomKeyStoreId(v string) *DescribeCustomKeyStoresInput { 6572 s.CustomKeyStoreId = &v 6573 return s 6574} 6575 6576// SetCustomKeyStoreName sets the CustomKeyStoreName field's value. 6577func (s *DescribeCustomKeyStoresInput) SetCustomKeyStoreName(v string) *DescribeCustomKeyStoresInput { 6578 s.CustomKeyStoreName = &v 6579 return s 6580} 6581 6582// SetLimit sets the Limit field's value. 6583func (s *DescribeCustomKeyStoresInput) SetLimit(v int64) *DescribeCustomKeyStoresInput { 6584 s.Limit = &v 6585 return s 6586} 6587 6588// SetMarker sets the Marker field's value. 6589func (s *DescribeCustomKeyStoresInput) SetMarker(v string) *DescribeCustomKeyStoresInput { 6590 s.Marker = &v 6591 return s 6592} 6593 6594type DescribeCustomKeyStoresOutput struct { 6595 _ struct{} `type:"structure"` 6596 6597 // Contains metadata about each custom key store. 6598 CustomKeyStores []*CustomKeyStoresListEntry `type:"list"` 6599 6600 // When Truncated is true, this element is present and contains the value to 6601 // use for the Marker parameter in a subsequent request. 6602 NextMarker *string `min:"1" type:"string"` 6603 6604 // A flag that indicates whether there are more items in the list. When this 6605 // value is true, the list in this response is truncated. To get more items, 6606 // pass the value of the NextMarker element in thisresponse to the Marker parameter 6607 // in a subsequent request. 6608 Truncated *bool `type:"boolean"` 6609} 6610 6611// String returns the string representation 6612func (s DescribeCustomKeyStoresOutput) String() string { 6613 return awsutil.Prettify(s) 6614} 6615 6616// GoString returns the string representation 6617func (s DescribeCustomKeyStoresOutput) GoString() string { 6618 return s.String() 6619} 6620 6621// SetCustomKeyStores sets the CustomKeyStores field's value. 6622func (s *DescribeCustomKeyStoresOutput) SetCustomKeyStores(v []*CustomKeyStoresListEntry) *DescribeCustomKeyStoresOutput { 6623 s.CustomKeyStores = v 6624 return s 6625} 6626 6627// SetNextMarker sets the NextMarker field's value. 6628func (s *DescribeCustomKeyStoresOutput) SetNextMarker(v string) *DescribeCustomKeyStoresOutput { 6629 s.NextMarker = &v 6630 return s 6631} 6632 6633// SetTruncated sets the Truncated field's value. 6634func (s *DescribeCustomKeyStoresOutput) SetTruncated(v bool) *DescribeCustomKeyStoresOutput { 6635 s.Truncated = &v 6636 return s 6637} 6638 6639type DescribeKeyInput struct { 6640 _ struct{} `type:"structure"` 6641 6642 // A list of grant tokens. 6643 // 6644 // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) 6645 // in the AWS Key Management Service Developer Guide. 6646 GrantTokens []*string `type:"list"` 6647 6648 // Describes the specified customer master key (CMK). 6649 // 6650 // If you specify a predefined AWS alias (an AWS alias with no key ID), KMS 6651 // associates the alias with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) 6652 // and returns its KeyId and Arn in the response. 6653 // 6654 // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, 6655 // or alias ARN. When using an alias name, prefix it with "alias/". To specify 6656 // a CMK in a different AWS account, you must use the key ARN or alias ARN. 6657 // 6658 // For example: 6659 // 6660 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 6661 // 6662 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 6663 // 6664 // * Alias name: alias/ExampleAlias 6665 // 6666 // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias 6667 // 6668 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To 6669 // get the alias name and alias ARN, use ListAliases. 6670 // 6671 // KeyId is a required field 6672 KeyId *string `min:"1" type:"string" required:"true"` 6673} 6674 6675// String returns the string representation 6676func (s DescribeKeyInput) String() string { 6677 return awsutil.Prettify(s) 6678} 6679 6680// GoString returns the string representation 6681func (s DescribeKeyInput) GoString() string { 6682 return s.String() 6683} 6684 6685// Validate inspects the fields of the type to determine if they are valid. 6686func (s *DescribeKeyInput) Validate() error { 6687 invalidParams := request.ErrInvalidParams{Context: "DescribeKeyInput"} 6688 if s.KeyId == nil { 6689 invalidParams.Add(request.NewErrParamRequired("KeyId")) 6690 } 6691 if s.KeyId != nil && len(*s.KeyId) < 1 { 6692 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 6693 } 6694 6695 if invalidParams.Len() > 0 { 6696 return invalidParams 6697 } 6698 return nil 6699} 6700 6701// SetGrantTokens sets the GrantTokens field's value. 6702func (s *DescribeKeyInput) SetGrantTokens(v []*string) *DescribeKeyInput { 6703 s.GrantTokens = v 6704 return s 6705} 6706 6707// SetKeyId sets the KeyId field's value. 6708func (s *DescribeKeyInput) SetKeyId(v string) *DescribeKeyInput { 6709 s.KeyId = &v 6710 return s 6711} 6712 6713type DescribeKeyOutput struct { 6714 _ struct{} `type:"structure"` 6715 6716 // Metadata associated with the key. 6717 KeyMetadata *KeyMetadata `type:"structure"` 6718} 6719 6720// String returns the string representation 6721func (s DescribeKeyOutput) String() string { 6722 return awsutil.Prettify(s) 6723} 6724 6725// GoString returns the string representation 6726func (s DescribeKeyOutput) GoString() string { 6727 return s.String() 6728} 6729 6730// SetKeyMetadata sets the KeyMetadata field's value. 6731func (s *DescribeKeyOutput) SetKeyMetadata(v *KeyMetadata) *DescribeKeyOutput { 6732 s.KeyMetadata = v 6733 return s 6734} 6735 6736type DisableKeyInput struct { 6737 _ struct{} `type:"structure"` 6738 6739 // A unique identifier for the customer master key (CMK). 6740 // 6741 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 6742 // 6743 // For example: 6744 // 6745 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 6746 // 6747 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 6748 // 6749 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 6750 // 6751 // KeyId is a required field 6752 KeyId *string `min:"1" type:"string" required:"true"` 6753} 6754 6755// String returns the string representation 6756func (s DisableKeyInput) String() string { 6757 return awsutil.Prettify(s) 6758} 6759 6760// GoString returns the string representation 6761func (s DisableKeyInput) GoString() string { 6762 return s.String() 6763} 6764 6765// Validate inspects the fields of the type to determine if they are valid. 6766func (s *DisableKeyInput) Validate() error { 6767 invalidParams := request.ErrInvalidParams{Context: "DisableKeyInput"} 6768 if s.KeyId == nil { 6769 invalidParams.Add(request.NewErrParamRequired("KeyId")) 6770 } 6771 if s.KeyId != nil && len(*s.KeyId) < 1 { 6772 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 6773 } 6774 6775 if invalidParams.Len() > 0 { 6776 return invalidParams 6777 } 6778 return nil 6779} 6780 6781// SetKeyId sets the KeyId field's value. 6782func (s *DisableKeyInput) SetKeyId(v string) *DisableKeyInput { 6783 s.KeyId = &v 6784 return s 6785} 6786 6787type DisableKeyOutput struct { 6788 _ struct{} `type:"structure"` 6789} 6790 6791// String returns the string representation 6792func (s DisableKeyOutput) String() string { 6793 return awsutil.Prettify(s) 6794} 6795 6796// GoString returns the string representation 6797func (s DisableKeyOutput) GoString() string { 6798 return s.String() 6799} 6800 6801type DisableKeyRotationInput struct { 6802 _ struct{} `type:"structure"` 6803 6804 // A unique identifier for the customer master key (CMK). 6805 // 6806 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 6807 // 6808 // For example: 6809 // 6810 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 6811 // 6812 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 6813 // 6814 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 6815 // 6816 // KeyId is a required field 6817 KeyId *string `min:"1" type:"string" required:"true"` 6818} 6819 6820// String returns the string representation 6821func (s DisableKeyRotationInput) String() string { 6822 return awsutil.Prettify(s) 6823} 6824 6825// GoString returns the string representation 6826func (s DisableKeyRotationInput) GoString() string { 6827 return s.String() 6828} 6829 6830// Validate inspects the fields of the type to determine if they are valid. 6831func (s *DisableKeyRotationInput) Validate() error { 6832 invalidParams := request.ErrInvalidParams{Context: "DisableKeyRotationInput"} 6833 if s.KeyId == nil { 6834 invalidParams.Add(request.NewErrParamRequired("KeyId")) 6835 } 6836 if s.KeyId != nil && len(*s.KeyId) < 1 { 6837 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 6838 } 6839 6840 if invalidParams.Len() > 0 { 6841 return invalidParams 6842 } 6843 return nil 6844} 6845 6846// SetKeyId sets the KeyId field's value. 6847func (s *DisableKeyRotationInput) SetKeyId(v string) *DisableKeyRotationInput { 6848 s.KeyId = &v 6849 return s 6850} 6851 6852type DisableKeyRotationOutput struct { 6853 _ struct{} `type:"structure"` 6854} 6855 6856// String returns the string representation 6857func (s DisableKeyRotationOutput) String() string { 6858 return awsutil.Prettify(s) 6859} 6860 6861// GoString returns the string representation 6862func (s DisableKeyRotationOutput) GoString() string { 6863 return s.String() 6864} 6865 6866type DisconnectCustomKeyStoreInput struct { 6867 _ struct{} `type:"structure"` 6868 6869 // Enter the ID of the custom key store you want to disconnect. To find the 6870 // ID of a custom key store, use the DescribeCustomKeyStores operation. 6871 // 6872 // CustomKeyStoreId is a required field 6873 CustomKeyStoreId *string `min:"1" type:"string" required:"true"` 6874} 6875 6876// String returns the string representation 6877func (s DisconnectCustomKeyStoreInput) String() string { 6878 return awsutil.Prettify(s) 6879} 6880 6881// GoString returns the string representation 6882func (s DisconnectCustomKeyStoreInput) GoString() string { 6883 return s.String() 6884} 6885 6886// Validate inspects the fields of the type to determine if they are valid. 6887func (s *DisconnectCustomKeyStoreInput) Validate() error { 6888 invalidParams := request.ErrInvalidParams{Context: "DisconnectCustomKeyStoreInput"} 6889 if s.CustomKeyStoreId == nil { 6890 invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) 6891 } 6892 if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { 6893 invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) 6894 } 6895 6896 if invalidParams.Len() > 0 { 6897 return invalidParams 6898 } 6899 return nil 6900} 6901 6902// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 6903func (s *DisconnectCustomKeyStoreInput) SetCustomKeyStoreId(v string) *DisconnectCustomKeyStoreInput { 6904 s.CustomKeyStoreId = &v 6905 return s 6906} 6907 6908type DisconnectCustomKeyStoreOutput struct { 6909 _ struct{} `type:"structure"` 6910} 6911 6912// String returns the string representation 6913func (s DisconnectCustomKeyStoreOutput) String() string { 6914 return awsutil.Prettify(s) 6915} 6916 6917// GoString returns the string representation 6918func (s DisconnectCustomKeyStoreOutput) GoString() string { 6919 return s.String() 6920} 6921 6922type EnableKeyInput struct { 6923 _ struct{} `type:"structure"` 6924 6925 // A unique identifier for the customer master key (CMK). 6926 // 6927 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 6928 // 6929 // For example: 6930 // 6931 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 6932 // 6933 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 6934 // 6935 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 6936 // 6937 // KeyId is a required field 6938 KeyId *string `min:"1" type:"string" required:"true"` 6939} 6940 6941// String returns the string representation 6942func (s EnableKeyInput) String() string { 6943 return awsutil.Prettify(s) 6944} 6945 6946// GoString returns the string representation 6947func (s EnableKeyInput) GoString() string { 6948 return s.String() 6949} 6950 6951// Validate inspects the fields of the type to determine if they are valid. 6952func (s *EnableKeyInput) Validate() error { 6953 invalidParams := request.ErrInvalidParams{Context: "EnableKeyInput"} 6954 if s.KeyId == nil { 6955 invalidParams.Add(request.NewErrParamRequired("KeyId")) 6956 } 6957 if s.KeyId != nil && len(*s.KeyId) < 1 { 6958 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 6959 } 6960 6961 if invalidParams.Len() > 0 { 6962 return invalidParams 6963 } 6964 return nil 6965} 6966 6967// SetKeyId sets the KeyId field's value. 6968func (s *EnableKeyInput) SetKeyId(v string) *EnableKeyInput { 6969 s.KeyId = &v 6970 return s 6971} 6972 6973type EnableKeyOutput struct { 6974 _ struct{} `type:"structure"` 6975} 6976 6977// String returns the string representation 6978func (s EnableKeyOutput) String() string { 6979 return awsutil.Prettify(s) 6980} 6981 6982// GoString returns the string representation 6983func (s EnableKeyOutput) GoString() string { 6984 return s.String() 6985} 6986 6987type EnableKeyRotationInput struct { 6988 _ struct{} `type:"structure"` 6989 6990 // A unique identifier for the customer master key (CMK). 6991 // 6992 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 6993 // 6994 // For example: 6995 // 6996 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 6997 // 6998 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 6999 // 7000 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 7001 // 7002 // KeyId is a required field 7003 KeyId *string `min:"1" type:"string" required:"true"` 7004} 7005 7006// String returns the string representation 7007func (s EnableKeyRotationInput) String() string { 7008 return awsutil.Prettify(s) 7009} 7010 7011// GoString returns the string representation 7012func (s EnableKeyRotationInput) GoString() string { 7013 return s.String() 7014} 7015 7016// Validate inspects the fields of the type to determine if they are valid. 7017func (s *EnableKeyRotationInput) Validate() error { 7018 invalidParams := request.ErrInvalidParams{Context: "EnableKeyRotationInput"} 7019 if s.KeyId == nil { 7020 invalidParams.Add(request.NewErrParamRequired("KeyId")) 7021 } 7022 if s.KeyId != nil && len(*s.KeyId) < 1 { 7023 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 7024 } 7025 7026 if invalidParams.Len() > 0 { 7027 return invalidParams 7028 } 7029 return nil 7030} 7031 7032// SetKeyId sets the KeyId field's value. 7033func (s *EnableKeyRotationInput) SetKeyId(v string) *EnableKeyRotationInput { 7034 s.KeyId = &v 7035 return s 7036} 7037 7038type EnableKeyRotationOutput struct { 7039 _ struct{} `type:"structure"` 7040} 7041 7042// String returns the string representation 7043func (s EnableKeyRotationOutput) String() string { 7044 return awsutil.Prettify(s) 7045} 7046 7047// GoString returns the string representation 7048func (s EnableKeyRotationOutput) GoString() string { 7049 return s.String() 7050} 7051 7052type EncryptInput struct { 7053 _ struct{} `type:"structure"` 7054 7055 // Name-value pair that specifies the encryption context to be used for authenticated 7056 // encryption. If used here, the same value must be supplied to the Decrypt 7057 // API or decryption will fail. For more information, see Encryption Context 7058 // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). 7059 EncryptionContext map[string]*string `type:"map"` 7060 7061 // A list of grant tokens. 7062 // 7063 // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) 7064 // in the AWS Key Management Service Developer Guide. 7065 GrantTokens []*string `type:"list"` 7066 7067 // A unique identifier for the customer master key (CMK). 7068 // 7069 // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, 7070 // or alias ARN. When using an alias name, prefix it with "alias/". To specify 7071 // a CMK in a different AWS account, you must use the key ARN or alias ARN. 7072 // 7073 // For example: 7074 // 7075 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 7076 // 7077 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 7078 // 7079 // * Alias name: alias/ExampleAlias 7080 // 7081 // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias 7082 // 7083 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To 7084 // get the alias name and alias ARN, use ListAliases. 7085 // 7086 // KeyId is a required field 7087 KeyId *string `min:"1" type:"string" required:"true"` 7088 7089 // Data to be encrypted. 7090 // 7091 // Plaintext is automatically base64 encoded/decoded by the SDK. 7092 // 7093 // Plaintext is a required field 7094 Plaintext []byte `min:"1" type:"blob" required:"true" sensitive:"true"` 7095} 7096 7097// String returns the string representation 7098func (s EncryptInput) String() string { 7099 return awsutil.Prettify(s) 7100} 7101 7102// GoString returns the string representation 7103func (s EncryptInput) GoString() string { 7104 return s.String() 7105} 7106 7107// Validate inspects the fields of the type to determine if they are valid. 7108func (s *EncryptInput) Validate() error { 7109 invalidParams := request.ErrInvalidParams{Context: "EncryptInput"} 7110 if s.KeyId == nil { 7111 invalidParams.Add(request.NewErrParamRequired("KeyId")) 7112 } 7113 if s.KeyId != nil && len(*s.KeyId) < 1 { 7114 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 7115 } 7116 if s.Plaintext == nil { 7117 invalidParams.Add(request.NewErrParamRequired("Plaintext")) 7118 } 7119 if s.Plaintext != nil && len(s.Plaintext) < 1 { 7120 invalidParams.Add(request.NewErrParamMinLen("Plaintext", 1)) 7121 } 7122 7123 if invalidParams.Len() > 0 { 7124 return invalidParams 7125 } 7126 return nil 7127} 7128 7129// SetEncryptionContext sets the EncryptionContext field's value. 7130func (s *EncryptInput) SetEncryptionContext(v map[string]*string) *EncryptInput { 7131 s.EncryptionContext = v 7132 return s 7133} 7134 7135// SetGrantTokens sets the GrantTokens field's value. 7136func (s *EncryptInput) SetGrantTokens(v []*string) *EncryptInput { 7137 s.GrantTokens = v 7138 return s 7139} 7140 7141// SetKeyId sets the KeyId field's value. 7142func (s *EncryptInput) SetKeyId(v string) *EncryptInput { 7143 s.KeyId = &v 7144 return s 7145} 7146 7147// SetPlaintext sets the Plaintext field's value. 7148func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput { 7149 s.Plaintext = v 7150 return s 7151} 7152 7153type EncryptOutput struct { 7154 _ struct{} `type:"structure"` 7155 7156 // The encrypted plaintext. When you use the HTTP API or the AWS CLI, the value 7157 // is Base64-encoded. Otherwise, it is not encoded. 7158 // 7159 // CiphertextBlob is automatically base64 encoded/decoded by the SDK. 7160 CiphertextBlob []byte `min:"1" type:"blob"` 7161 7162 // The ID of the key used during encryption. 7163 KeyId *string `min:"1" type:"string"` 7164} 7165 7166// String returns the string representation 7167func (s EncryptOutput) String() string { 7168 return awsutil.Prettify(s) 7169} 7170 7171// GoString returns the string representation 7172func (s EncryptOutput) GoString() string { 7173 return s.String() 7174} 7175 7176// SetCiphertextBlob sets the CiphertextBlob field's value. 7177func (s *EncryptOutput) SetCiphertextBlob(v []byte) *EncryptOutput { 7178 s.CiphertextBlob = v 7179 return s 7180} 7181 7182// SetKeyId sets the KeyId field's value. 7183func (s *EncryptOutput) SetKeyId(v string) *EncryptOutput { 7184 s.KeyId = &v 7185 return s 7186} 7187 7188type GenerateDataKeyInput struct { 7189 _ struct{} `type:"structure"` 7190 7191 // A set of key-value pairs that represents additional authenticated data. 7192 // 7193 // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) 7194 // in the AWS Key Management Service Developer Guide. 7195 EncryptionContext map[string]*string `type:"map"` 7196 7197 // A list of grant tokens. 7198 // 7199 // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) 7200 // in the AWS Key Management Service Developer Guide. 7201 GrantTokens []*string `type:"list"` 7202 7203 // An identifier for the CMK that encrypts the data key. 7204 // 7205 // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, 7206 // or alias ARN. When using an alias name, prefix it with "alias/". To specify 7207 // a CMK in a different AWS account, you must use the key ARN or alias ARN. 7208 // 7209 // For example: 7210 // 7211 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 7212 // 7213 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 7214 // 7215 // * Alias name: alias/ExampleAlias 7216 // 7217 // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias 7218 // 7219 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To 7220 // get the alias name and alias ARN, use ListAliases. 7221 // 7222 // KeyId is a required field 7223 KeyId *string `min:"1" type:"string" required:"true"` 7224 7225 // The length of the data key. Use AES_128 to generate a 128-bit symmetric key, 7226 // or AES_256 to generate a 256-bit symmetric key. 7227 KeySpec *string `type:"string" enum:"DataKeySpec"` 7228 7229 // The length of the data key in bytes. For example, use the value 64 to generate 7230 // a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit 7231 // and 256-bit symmetric keys), we recommend that you use the KeySpec field 7232 // instead of this one. 7233 NumberOfBytes *int64 `min:"1" type:"integer"` 7234} 7235 7236// String returns the string representation 7237func (s GenerateDataKeyInput) String() string { 7238 return awsutil.Prettify(s) 7239} 7240 7241// GoString returns the string representation 7242func (s GenerateDataKeyInput) GoString() string { 7243 return s.String() 7244} 7245 7246// Validate inspects the fields of the type to determine if they are valid. 7247func (s *GenerateDataKeyInput) Validate() error { 7248 invalidParams := request.ErrInvalidParams{Context: "GenerateDataKeyInput"} 7249 if s.KeyId == nil { 7250 invalidParams.Add(request.NewErrParamRequired("KeyId")) 7251 } 7252 if s.KeyId != nil && len(*s.KeyId) < 1 { 7253 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 7254 } 7255 if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { 7256 invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) 7257 } 7258 7259 if invalidParams.Len() > 0 { 7260 return invalidParams 7261 } 7262 return nil 7263} 7264 7265// SetEncryptionContext sets the EncryptionContext field's value. 7266func (s *GenerateDataKeyInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyInput { 7267 s.EncryptionContext = v 7268 return s 7269} 7270 7271// SetGrantTokens sets the GrantTokens field's value. 7272func (s *GenerateDataKeyInput) SetGrantTokens(v []*string) *GenerateDataKeyInput { 7273 s.GrantTokens = v 7274 return s 7275} 7276 7277// SetKeyId sets the KeyId field's value. 7278func (s *GenerateDataKeyInput) SetKeyId(v string) *GenerateDataKeyInput { 7279 s.KeyId = &v 7280 return s 7281} 7282 7283// SetKeySpec sets the KeySpec field's value. 7284func (s *GenerateDataKeyInput) SetKeySpec(v string) *GenerateDataKeyInput { 7285 s.KeySpec = &v 7286 return s 7287} 7288 7289// SetNumberOfBytes sets the NumberOfBytes field's value. 7290func (s *GenerateDataKeyInput) SetNumberOfBytes(v int64) *GenerateDataKeyInput { 7291 s.NumberOfBytes = &v 7292 return s 7293} 7294 7295type GenerateDataKeyOutput struct { 7296 _ struct{} `type:"structure"` 7297 7298 // The encrypted copy of the data key. When you use the HTTP API or the AWS 7299 // CLI, the value is Base64-encoded. Otherwise, it is not encoded. 7300 // 7301 // CiphertextBlob is automatically base64 encoded/decoded by the SDK. 7302 CiphertextBlob []byte `min:"1" type:"blob"` 7303 7304 // The identifier of the CMK that encrypted the data key. 7305 KeyId *string `min:"1" type:"string"` 7306 7307 // The plaintext data key. When you use the HTTP API or the AWS CLI, the value 7308 // is Base64-encoded. Otherwise, it is not encoded. Use this data key to encrypt 7309 // your data outside of KMS. Then, remove it from memory as soon as possible. 7310 // 7311 // Plaintext is automatically base64 encoded/decoded by the SDK. 7312 Plaintext []byte `min:"1" type:"blob" sensitive:"true"` 7313} 7314 7315// String returns the string representation 7316func (s GenerateDataKeyOutput) String() string { 7317 return awsutil.Prettify(s) 7318} 7319 7320// GoString returns the string representation 7321func (s GenerateDataKeyOutput) GoString() string { 7322 return s.String() 7323} 7324 7325// SetCiphertextBlob sets the CiphertextBlob field's value. 7326func (s *GenerateDataKeyOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyOutput { 7327 s.CiphertextBlob = v 7328 return s 7329} 7330 7331// SetKeyId sets the KeyId field's value. 7332func (s *GenerateDataKeyOutput) SetKeyId(v string) *GenerateDataKeyOutput { 7333 s.KeyId = &v 7334 return s 7335} 7336 7337// SetPlaintext sets the Plaintext field's value. 7338func (s *GenerateDataKeyOutput) SetPlaintext(v []byte) *GenerateDataKeyOutput { 7339 s.Plaintext = v 7340 return s 7341} 7342 7343type GenerateDataKeyWithoutPlaintextInput struct { 7344 _ struct{} `type:"structure"` 7345 7346 // A set of key-value pairs that represents additional authenticated data. 7347 // 7348 // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) 7349 // in the AWS Key Management Service Developer Guide. 7350 EncryptionContext map[string]*string `type:"map"` 7351 7352 // A list of grant tokens. 7353 // 7354 // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) 7355 // in the AWS Key Management Service Developer Guide. 7356 GrantTokens []*string `type:"list"` 7357 7358 // The identifier of the customer master key (CMK) that encrypts the data key. 7359 // 7360 // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, 7361 // or alias ARN. When using an alias name, prefix it with "alias/". To specify 7362 // a CMK in a different AWS account, you must use the key ARN or alias ARN. 7363 // 7364 // For example: 7365 // 7366 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 7367 // 7368 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 7369 // 7370 // * Alias name: alias/ExampleAlias 7371 // 7372 // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias 7373 // 7374 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To 7375 // get the alias name and alias ARN, use ListAliases. 7376 // 7377 // KeyId is a required field 7378 KeyId *string `min:"1" type:"string" required:"true"` 7379 7380 // The length of the data key. Use AES_128 to generate a 128-bit symmetric key, 7381 // or AES_256 to generate a 256-bit symmetric key. 7382 KeySpec *string `type:"string" enum:"DataKeySpec"` 7383 7384 // The length of the data key in bytes. For example, use the value 64 to generate 7385 // a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit 7386 // and 256-bit symmetric keys), we recommend that you use the KeySpec field 7387 // instead of this one. 7388 NumberOfBytes *int64 `min:"1" type:"integer"` 7389} 7390 7391// String returns the string representation 7392func (s GenerateDataKeyWithoutPlaintextInput) String() string { 7393 return awsutil.Prettify(s) 7394} 7395 7396// GoString returns the string representation 7397func (s GenerateDataKeyWithoutPlaintextInput) GoString() string { 7398 return s.String() 7399} 7400 7401// Validate inspects the fields of the type to determine if they are valid. 7402func (s *GenerateDataKeyWithoutPlaintextInput) Validate() error { 7403 invalidParams := request.ErrInvalidParams{Context: "GenerateDataKeyWithoutPlaintextInput"} 7404 if s.KeyId == nil { 7405 invalidParams.Add(request.NewErrParamRequired("KeyId")) 7406 } 7407 if s.KeyId != nil && len(*s.KeyId) < 1 { 7408 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 7409 } 7410 if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { 7411 invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) 7412 } 7413 7414 if invalidParams.Len() > 0 { 7415 return invalidParams 7416 } 7417 return nil 7418} 7419 7420// SetEncryptionContext sets the EncryptionContext field's value. 7421func (s *GenerateDataKeyWithoutPlaintextInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyWithoutPlaintextInput { 7422 s.EncryptionContext = v 7423 return s 7424} 7425 7426// SetGrantTokens sets the GrantTokens field's value. 7427func (s *GenerateDataKeyWithoutPlaintextInput) SetGrantTokens(v []*string) *GenerateDataKeyWithoutPlaintextInput { 7428 s.GrantTokens = v 7429 return s 7430} 7431 7432// SetKeyId sets the KeyId field's value. 7433func (s *GenerateDataKeyWithoutPlaintextInput) SetKeyId(v string) *GenerateDataKeyWithoutPlaintextInput { 7434 s.KeyId = &v 7435 return s 7436} 7437 7438// SetKeySpec sets the KeySpec field's value. 7439func (s *GenerateDataKeyWithoutPlaintextInput) SetKeySpec(v string) *GenerateDataKeyWithoutPlaintextInput { 7440 s.KeySpec = &v 7441 return s 7442} 7443 7444// SetNumberOfBytes sets the NumberOfBytes field's value. 7445func (s *GenerateDataKeyWithoutPlaintextInput) SetNumberOfBytes(v int64) *GenerateDataKeyWithoutPlaintextInput { 7446 s.NumberOfBytes = &v 7447 return s 7448} 7449 7450type GenerateDataKeyWithoutPlaintextOutput struct { 7451 _ struct{} `type:"structure"` 7452 7453 // The encrypted data key. When you use the HTTP API or the AWS CLI, the value 7454 // is Base64-encoded. Otherwise, it is not encoded. 7455 // 7456 // CiphertextBlob is automatically base64 encoded/decoded by the SDK. 7457 CiphertextBlob []byte `min:"1" type:"blob"` 7458 7459 // The identifier of the CMK that encrypted the data key. 7460 KeyId *string `min:"1" type:"string"` 7461} 7462 7463// String returns the string representation 7464func (s GenerateDataKeyWithoutPlaintextOutput) String() string { 7465 return awsutil.Prettify(s) 7466} 7467 7468// GoString returns the string representation 7469func (s GenerateDataKeyWithoutPlaintextOutput) GoString() string { 7470 return s.String() 7471} 7472 7473// SetCiphertextBlob sets the CiphertextBlob field's value. 7474func (s *GenerateDataKeyWithoutPlaintextOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyWithoutPlaintextOutput { 7475 s.CiphertextBlob = v 7476 return s 7477} 7478 7479// SetKeyId sets the KeyId field's value. 7480func (s *GenerateDataKeyWithoutPlaintextOutput) SetKeyId(v string) *GenerateDataKeyWithoutPlaintextOutput { 7481 s.KeyId = &v 7482 return s 7483} 7484 7485type GenerateRandomInput struct { 7486 _ struct{} `type:"structure"` 7487 7488 // Generates the random byte string in the AWS CloudHSM cluster that is associated 7489 // with the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). 7490 // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. 7491 CustomKeyStoreId *string `min:"1" type:"string"` 7492 7493 // The length of the byte string. 7494 NumberOfBytes *int64 `min:"1" type:"integer"` 7495} 7496 7497// String returns the string representation 7498func (s GenerateRandomInput) String() string { 7499 return awsutil.Prettify(s) 7500} 7501 7502// GoString returns the string representation 7503func (s GenerateRandomInput) GoString() string { 7504 return s.String() 7505} 7506 7507// Validate inspects the fields of the type to determine if they are valid. 7508func (s *GenerateRandomInput) Validate() error { 7509 invalidParams := request.ErrInvalidParams{Context: "GenerateRandomInput"} 7510 if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { 7511 invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) 7512 } 7513 if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { 7514 invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) 7515 } 7516 7517 if invalidParams.Len() > 0 { 7518 return invalidParams 7519 } 7520 return nil 7521} 7522 7523// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 7524func (s *GenerateRandomInput) SetCustomKeyStoreId(v string) *GenerateRandomInput { 7525 s.CustomKeyStoreId = &v 7526 return s 7527} 7528 7529// SetNumberOfBytes sets the NumberOfBytes field's value. 7530func (s *GenerateRandomInput) SetNumberOfBytes(v int64) *GenerateRandomInput { 7531 s.NumberOfBytes = &v 7532 return s 7533} 7534 7535type GenerateRandomOutput struct { 7536 _ struct{} `type:"structure"` 7537 7538 // The random byte string. When you use the HTTP API or the AWS CLI, the value 7539 // is Base64-encoded. Otherwise, it is not encoded. 7540 // 7541 // Plaintext is automatically base64 encoded/decoded by the SDK. 7542 Plaintext []byte `min:"1" type:"blob" sensitive:"true"` 7543} 7544 7545// String returns the string representation 7546func (s GenerateRandomOutput) String() string { 7547 return awsutil.Prettify(s) 7548} 7549 7550// GoString returns the string representation 7551func (s GenerateRandomOutput) GoString() string { 7552 return s.String() 7553} 7554 7555// SetPlaintext sets the Plaintext field's value. 7556func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { 7557 s.Plaintext = v 7558 return s 7559} 7560 7561type GetKeyPolicyInput struct { 7562 _ struct{} `type:"structure"` 7563 7564 // A unique identifier for the customer master key (CMK). 7565 // 7566 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 7567 // 7568 // For example: 7569 // 7570 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 7571 // 7572 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 7573 // 7574 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 7575 // 7576 // KeyId is a required field 7577 KeyId *string `min:"1" type:"string" required:"true"` 7578 7579 // Specifies the name of the key policy. The only valid name is default. To 7580 // get the names of key policies, use ListKeyPolicies. 7581 // 7582 // PolicyName is a required field 7583 PolicyName *string `min:"1" type:"string" required:"true"` 7584} 7585 7586// String returns the string representation 7587func (s GetKeyPolicyInput) String() string { 7588 return awsutil.Prettify(s) 7589} 7590 7591// GoString returns the string representation 7592func (s GetKeyPolicyInput) GoString() string { 7593 return s.String() 7594} 7595 7596// Validate inspects the fields of the type to determine if they are valid. 7597func (s *GetKeyPolicyInput) Validate() error { 7598 invalidParams := request.ErrInvalidParams{Context: "GetKeyPolicyInput"} 7599 if s.KeyId == nil { 7600 invalidParams.Add(request.NewErrParamRequired("KeyId")) 7601 } 7602 if s.KeyId != nil && len(*s.KeyId) < 1 { 7603 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 7604 } 7605 if s.PolicyName == nil { 7606 invalidParams.Add(request.NewErrParamRequired("PolicyName")) 7607 } 7608 if s.PolicyName != nil && len(*s.PolicyName) < 1 { 7609 invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) 7610 } 7611 7612 if invalidParams.Len() > 0 { 7613 return invalidParams 7614 } 7615 return nil 7616} 7617 7618// SetKeyId sets the KeyId field's value. 7619func (s *GetKeyPolicyInput) SetKeyId(v string) *GetKeyPolicyInput { 7620 s.KeyId = &v 7621 return s 7622} 7623 7624// SetPolicyName sets the PolicyName field's value. 7625func (s *GetKeyPolicyInput) SetPolicyName(v string) *GetKeyPolicyInput { 7626 s.PolicyName = &v 7627 return s 7628} 7629 7630type GetKeyPolicyOutput struct { 7631 _ struct{} `type:"structure"` 7632 7633 // A key policy document in JSON format. 7634 Policy *string `min:"1" type:"string"` 7635} 7636 7637// String returns the string representation 7638func (s GetKeyPolicyOutput) String() string { 7639 return awsutil.Prettify(s) 7640} 7641 7642// GoString returns the string representation 7643func (s GetKeyPolicyOutput) GoString() string { 7644 return s.String() 7645} 7646 7647// SetPolicy sets the Policy field's value. 7648func (s *GetKeyPolicyOutput) SetPolicy(v string) *GetKeyPolicyOutput { 7649 s.Policy = &v 7650 return s 7651} 7652 7653type GetKeyRotationStatusInput struct { 7654 _ struct{} `type:"structure"` 7655 7656 // A unique identifier for the customer master key (CMK). 7657 // 7658 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify 7659 // a CMK in a different AWS account, you must use the key ARN. 7660 // 7661 // For example: 7662 // 7663 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 7664 // 7665 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 7666 // 7667 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 7668 // 7669 // KeyId is a required field 7670 KeyId *string `min:"1" type:"string" required:"true"` 7671} 7672 7673// String returns the string representation 7674func (s GetKeyRotationStatusInput) String() string { 7675 return awsutil.Prettify(s) 7676} 7677 7678// GoString returns the string representation 7679func (s GetKeyRotationStatusInput) GoString() string { 7680 return s.String() 7681} 7682 7683// Validate inspects the fields of the type to determine if they are valid. 7684func (s *GetKeyRotationStatusInput) Validate() error { 7685 invalidParams := request.ErrInvalidParams{Context: "GetKeyRotationStatusInput"} 7686 if s.KeyId == nil { 7687 invalidParams.Add(request.NewErrParamRequired("KeyId")) 7688 } 7689 if s.KeyId != nil && len(*s.KeyId) < 1 { 7690 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 7691 } 7692 7693 if invalidParams.Len() > 0 { 7694 return invalidParams 7695 } 7696 return nil 7697} 7698 7699// SetKeyId sets the KeyId field's value. 7700func (s *GetKeyRotationStatusInput) SetKeyId(v string) *GetKeyRotationStatusInput { 7701 s.KeyId = &v 7702 return s 7703} 7704 7705type GetKeyRotationStatusOutput struct { 7706 _ struct{} `type:"structure"` 7707 7708 // A Boolean value that specifies whether key rotation is enabled. 7709 KeyRotationEnabled *bool `type:"boolean"` 7710} 7711 7712// String returns the string representation 7713func (s GetKeyRotationStatusOutput) String() string { 7714 return awsutil.Prettify(s) 7715} 7716 7717// GoString returns the string representation 7718func (s GetKeyRotationStatusOutput) GoString() string { 7719 return s.String() 7720} 7721 7722// SetKeyRotationEnabled sets the KeyRotationEnabled field's value. 7723func (s *GetKeyRotationStatusOutput) SetKeyRotationEnabled(v bool) *GetKeyRotationStatusOutput { 7724 s.KeyRotationEnabled = &v 7725 return s 7726} 7727 7728type GetParametersForImportInput struct { 7729 _ struct{} `type:"structure"` 7730 7731 // The identifier of the CMK into which you will import key material. The CMK's 7732 // Origin must be EXTERNAL. 7733 // 7734 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 7735 // 7736 // For example: 7737 // 7738 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 7739 // 7740 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 7741 // 7742 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 7743 // 7744 // KeyId is a required field 7745 KeyId *string `min:"1" type:"string" required:"true"` 7746 7747 // The algorithm you will use to encrypt the key material before importing it 7748 // with ImportKeyMaterial. For more information, see Encrypt the Key Material 7749 // (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html) 7750 // in the AWS Key Management Service Developer Guide. 7751 // 7752 // WrappingAlgorithm is a required field 7753 WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"` 7754 7755 // The type of wrapping key (public key) to return in the response. Only 2048-bit 7756 // RSA public keys are supported. 7757 // 7758 // WrappingKeySpec is a required field 7759 WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"` 7760} 7761 7762// String returns the string representation 7763func (s GetParametersForImportInput) String() string { 7764 return awsutil.Prettify(s) 7765} 7766 7767// GoString returns the string representation 7768func (s GetParametersForImportInput) GoString() string { 7769 return s.String() 7770} 7771 7772// Validate inspects the fields of the type to determine if they are valid. 7773func (s *GetParametersForImportInput) Validate() error { 7774 invalidParams := request.ErrInvalidParams{Context: "GetParametersForImportInput"} 7775 if s.KeyId == nil { 7776 invalidParams.Add(request.NewErrParamRequired("KeyId")) 7777 } 7778 if s.KeyId != nil && len(*s.KeyId) < 1 { 7779 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 7780 } 7781 if s.WrappingAlgorithm == nil { 7782 invalidParams.Add(request.NewErrParamRequired("WrappingAlgorithm")) 7783 } 7784 if s.WrappingKeySpec == nil { 7785 invalidParams.Add(request.NewErrParamRequired("WrappingKeySpec")) 7786 } 7787 7788 if invalidParams.Len() > 0 { 7789 return invalidParams 7790 } 7791 return nil 7792} 7793 7794// SetKeyId sets the KeyId field's value. 7795func (s *GetParametersForImportInput) SetKeyId(v string) *GetParametersForImportInput { 7796 s.KeyId = &v 7797 return s 7798} 7799 7800// SetWrappingAlgorithm sets the WrappingAlgorithm field's value. 7801func (s *GetParametersForImportInput) SetWrappingAlgorithm(v string) *GetParametersForImportInput { 7802 s.WrappingAlgorithm = &v 7803 return s 7804} 7805 7806// SetWrappingKeySpec sets the WrappingKeySpec field's value. 7807func (s *GetParametersForImportInput) SetWrappingKeySpec(v string) *GetParametersForImportInput { 7808 s.WrappingKeySpec = &v 7809 return s 7810} 7811 7812type GetParametersForImportOutput struct { 7813 _ struct{} `type:"structure"` 7814 7815 // The import token to send in a subsequent ImportKeyMaterial request. 7816 // 7817 // ImportToken is automatically base64 encoded/decoded by the SDK. 7818 ImportToken []byte `min:"1" type:"blob"` 7819 7820 // The identifier of the CMK to use in a subsequent ImportKeyMaterial request. 7821 // This is the same CMK specified in the GetParametersForImport request. 7822 KeyId *string `min:"1" type:"string"` 7823 7824 // The time at which the import token and public key are no longer valid. After 7825 // this time, you cannot use them to make an ImportKeyMaterial request and you 7826 // must send another GetParametersForImport request to get new ones. 7827 ParametersValidTo *time.Time `type:"timestamp"` 7828 7829 // The public key to use to encrypt the key material before importing it with 7830 // ImportKeyMaterial. 7831 // 7832 // PublicKey is automatically base64 encoded/decoded by the SDK. 7833 PublicKey []byte `min:"1" type:"blob" sensitive:"true"` 7834} 7835 7836// String returns the string representation 7837func (s GetParametersForImportOutput) String() string { 7838 return awsutil.Prettify(s) 7839} 7840 7841// GoString returns the string representation 7842func (s GetParametersForImportOutput) GoString() string { 7843 return s.String() 7844} 7845 7846// SetImportToken sets the ImportToken field's value. 7847func (s *GetParametersForImportOutput) SetImportToken(v []byte) *GetParametersForImportOutput { 7848 s.ImportToken = v 7849 return s 7850} 7851 7852// SetKeyId sets the KeyId field's value. 7853func (s *GetParametersForImportOutput) SetKeyId(v string) *GetParametersForImportOutput { 7854 s.KeyId = &v 7855 return s 7856} 7857 7858// SetParametersValidTo sets the ParametersValidTo field's value. 7859func (s *GetParametersForImportOutput) SetParametersValidTo(v time.Time) *GetParametersForImportOutput { 7860 s.ParametersValidTo = &v 7861 return s 7862} 7863 7864// SetPublicKey sets the PublicKey field's value. 7865func (s *GetParametersForImportOutput) SetPublicKey(v []byte) *GetParametersForImportOutput { 7866 s.PublicKey = v 7867 return s 7868} 7869 7870// Use this structure to allow cryptographic operations in the grant only when 7871// the operation request includes the specified encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). 7872// 7873// AWS KMS applies the grant constraints only when the grant allows a cryptographic 7874// operation that accepts an encryption context as input, such as the following. 7875// 7876// * Encrypt 7877// 7878// * Decrypt 7879// 7880// * GenerateDataKey 7881// 7882// * GenerateDataKeyWithoutPlaintext 7883// 7884// * ReEncrypt 7885// 7886// AWS KMS does not apply the grant constraints to other operations, such as 7887// DescribeKey or ScheduleKeyDeletion. 7888// 7889// In a cryptographic operation, the encryption context in the decryption operation 7890// must be an exact, case-sensitive match for the keys and values in the encryption 7891// context of the encryption operation. Only the order of the pairs can vary. 7892// 7893// However, in a grant constraint, the key in each key-value pair is not case 7894// sensitive, but the value is case sensitive. 7895// 7896// To avoid confusion, do not use multiple encryption context pairs that differ 7897// only by case. To require a fully case-sensitive encryption context, use the 7898// kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM 7899// or key policy. For details, see kms:EncryptionContext: (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context) 7900// in the AWS Key Management Service Developer Guide . 7901type GrantConstraints struct { 7902 _ struct{} `type:"structure"` 7903 7904 // A list of key-value pairs that must match the encryption context in the cryptographic 7905 // operation request. The grant allows the operation only when the encryption 7906 // context in the request is the same as the encryption context specified in 7907 // this constraint. 7908 EncryptionContextEquals map[string]*string `type:"map"` 7909 7910 // A list of key-value pairs that must be included in the encryption context 7911 // of the cryptographic operation request. The grant allows the cryptographic 7912 // operation only when the encryption context in the request includes the key-value 7913 // pairs specified in this constraint, although it can include additional key-value 7914 // pairs. 7915 EncryptionContextSubset map[string]*string `type:"map"` 7916} 7917 7918// String returns the string representation 7919func (s GrantConstraints) String() string { 7920 return awsutil.Prettify(s) 7921} 7922 7923// GoString returns the string representation 7924func (s GrantConstraints) GoString() string { 7925 return s.String() 7926} 7927 7928// SetEncryptionContextEquals sets the EncryptionContextEquals field's value. 7929func (s *GrantConstraints) SetEncryptionContextEquals(v map[string]*string) *GrantConstraints { 7930 s.EncryptionContextEquals = v 7931 return s 7932} 7933 7934// SetEncryptionContextSubset sets the EncryptionContextSubset field's value. 7935func (s *GrantConstraints) SetEncryptionContextSubset(v map[string]*string) *GrantConstraints { 7936 s.EncryptionContextSubset = v 7937 return s 7938} 7939 7940// Contains information about an entry in a list of grants. 7941type GrantListEntry struct { 7942 _ struct{} `type:"structure"` 7943 7944 // A list of key-value pairs that must be present in the encryption context 7945 // of certain subsequent operations that the grant allows. 7946 Constraints *GrantConstraints `type:"structure"` 7947 7948 // The date and time when the grant was created. 7949 CreationDate *time.Time `type:"timestamp"` 7950 7951 // The unique identifier for the grant. 7952 GrantId *string `min:"1" type:"string"` 7953 7954 // The principal that receives the grant's permissions. 7955 GranteePrincipal *string `min:"1" type:"string"` 7956 7957 // The AWS account under which the grant was issued. 7958 IssuingAccount *string `min:"1" type:"string"` 7959 7960 // The unique identifier for the customer master key (CMK) to which the grant 7961 // applies. 7962 KeyId *string `min:"1" type:"string"` 7963 7964 // The friendly name that identifies the grant. If a name was provided in the 7965 // CreateGrant request, that name is returned. Otherwise this value is null. 7966 Name *string `min:"1" type:"string"` 7967 7968 // The list of operations permitted by the grant. 7969 Operations []*string `type:"list"` 7970 7971 // The principal that can retire the grant. 7972 RetiringPrincipal *string `min:"1" type:"string"` 7973} 7974 7975// String returns the string representation 7976func (s GrantListEntry) String() string { 7977 return awsutil.Prettify(s) 7978} 7979 7980// GoString returns the string representation 7981func (s GrantListEntry) GoString() string { 7982 return s.String() 7983} 7984 7985// SetConstraints sets the Constraints field's value. 7986func (s *GrantListEntry) SetConstraints(v *GrantConstraints) *GrantListEntry { 7987 s.Constraints = v 7988 return s 7989} 7990 7991// SetCreationDate sets the CreationDate field's value. 7992func (s *GrantListEntry) SetCreationDate(v time.Time) *GrantListEntry { 7993 s.CreationDate = &v 7994 return s 7995} 7996 7997// SetGrantId sets the GrantId field's value. 7998func (s *GrantListEntry) SetGrantId(v string) *GrantListEntry { 7999 s.GrantId = &v 8000 return s 8001} 8002 8003// SetGranteePrincipal sets the GranteePrincipal field's value. 8004func (s *GrantListEntry) SetGranteePrincipal(v string) *GrantListEntry { 8005 s.GranteePrincipal = &v 8006 return s 8007} 8008 8009// SetIssuingAccount sets the IssuingAccount field's value. 8010func (s *GrantListEntry) SetIssuingAccount(v string) *GrantListEntry { 8011 s.IssuingAccount = &v 8012 return s 8013} 8014 8015// SetKeyId sets the KeyId field's value. 8016func (s *GrantListEntry) SetKeyId(v string) *GrantListEntry { 8017 s.KeyId = &v 8018 return s 8019} 8020 8021// SetName sets the Name field's value. 8022func (s *GrantListEntry) SetName(v string) *GrantListEntry { 8023 s.Name = &v 8024 return s 8025} 8026 8027// SetOperations sets the Operations field's value. 8028func (s *GrantListEntry) SetOperations(v []*string) *GrantListEntry { 8029 s.Operations = v 8030 return s 8031} 8032 8033// SetRetiringPrincipal sets the RetiringPrincipal field's value. 8034func (s *GrantListEntry) SetRetiringPrincipal(v string) *GrantListEntry { 8035 s.RetiringPrincipal = &v 8036 return s 8037} 8038 8039type ImportKeyMaterialInput struct { 8040 _ struct{} `type:"structure"` 8041 8042 // The encrypted key material to import. It must be encrypted with the public 8043 // key that you received in the response to a previous GetParametersForImport 8044 // request, using the wrapping algorithm that you specified in that request. 8045 // 8046 // EncryptedKeyMaterial is automatically base64 encoded/decoded by the SDK. 8047 // 8048 // EncryptedKeyMaterial is a required field 8049 EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"` 8050 8051 // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES, 8052 // in which case you must include the ValidTo parameter. When this parameter 8053 // is set to KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter. 8054 ExpirationModel *string `type:"string" enum:"ExpirationModelType"` 8055 8056 // The import token that you received in the response to a previous GetParametersForImport 8057 // request. It must be from the same response that contained the public key 8058 // that you used to encrypt the key material. 8059 // 8060 // ImportToken is automatically base64 encoded/decoded by the SDK. 8061 // 8062 // ImportToken is a required field 8063 ImportToken []byte `min:"1" type:"blob" required:"true"` 8064 8065 // The identifier of the CMK to import the key material into. The CMK's Origin 8066 // must be EXTERNAL. 8067 // 8068 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 8069 // 8070 // For example: 8071 // 8072 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 8073 // 8074 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 8075 // 8076 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 8077 // 8078 // KeyId is a required field 8079 KeyId *string `min:"1" type:"string" required:"true"` 8080 8081 // The time at which the imported key material expires. When the key material 8082 // expires, AWS KMS deletes the key material and the CMK becomes unusable. You 8083 // must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE. 8084 // Otherwise it is required. 8085 ValidTo *time.Time `type:"timestamp"` 8086} 8087 8088// String returns the string representation 8089func (s ImportKeyMaterialInput) String() string { 8090 return awsutil.Prettify(s) 8091} 8092 8093// GoString returns the string representation 8094func (s ImportKeyMaterialInput) GoString() string { 8095 return s.String() 8096} 8097 8098// Validate inspects the fields of the type to determine if they are valid. 8099func (s *ImportKeyMaterialInput) Validate() error { 8100 invalidParams := request.ErrInvalidParams{Context: "ImportKeyMaterialInput"} 8101 if s.EncryptedKeyMaterial == nil { 8102 invalidParams.Add(request.NewErrParamRequired("EncryptedKeyMaterial")) 8103 } 8104 if s.EncryptedKeyMaterial != nil && len(s.EncryptedKeyMaterial) < 1 { 8105 invalidParams.Add(request.NewErrParamMinLen("EncryptedKeyMaterial", 1)) 8106 } 8107 if s.ImportToken == nil { 8108 invalidParams.Add(request.NewErrParamRequired("ImportToken")) 8109 } 8110 if s.ImportToken != nil && len(s.ImportToken) < 1 { 8111 invalidParams.Add(request.NewErrParamMinLen("ImportToken", 1)) 8112 } 8113 if s.KeyId == nil { 8114 invalidParams.Add(request.NewErrParamRequired("KeyId")) 8115 } 8116 if s.KeyId != nil && len(*s.KeyId) < 1 { 8117 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 8118 } 8119 8120 if invalidParams.Len() > 0 { 8121 return invalidParams 8122 } 8123 return nil 8124} 8125 8126// SetEncryptedKeyMaterial sets the EncryptedKeyMaterial field's value. 8127func (s *ImportKeyMaterialInput) SetEncryptedKeyMaterial(v []byte) *ImportKeyMaterialInput { 8128 s.EncryptedKeyMaterial = v 8129 return s 8130} 8131 8132// SetExpirationModel sets the ExpirationModel field's value. 8133func (s *ImportKeyMaterialInput) SetExpirationModel(v string) *ImportKeyMaterialInput { 8134 s.ExpirationModel = &v 8135 return s 8136} 8137 8138// SetImportToken sets the ImportToken field's value. 8139func (s *ImportKeyMaterialInput) SetImportToken(v []byte) *ImportKeyMaterialInput { 8140 s.ImportToken = v 8141 return s 8142} 8143 8144// SetKeyId sets the KeyId field's value. 8145func (s *ImportKeyMaterialInput) SetKeyId(v string) *ImportKeyMaterialInput { 8146 s.KeyId = &v 8147 return s 8148} 8149 8150// SetValidTo sets the ValidTo field's value. 8151func (s *ImportKeyMaterialInput) SetValidTo(v time.Time) *ImportKeyMaterialInput { 8152 s.ValidTo = &v 8153 return s 8154} 8155 8156type ImportKeyMaterialOutput struct { 8157 _ struct{} `type:"structure"` 8158} 8159 8160// String returns the string representation 8161func (s ImportKeyMaterialOutput) String() string { 8162 return awsutil.Prettify(s) 8163} 8164 8165// GoString returns the string representation 8166func (s ImportKeyMaterialOutput) GoString() string { 8167 return s.String() 8168} 8169 8170// Contains information about each entry in the key list. 8171type KeyListEntry struct { 8172 _ struct{} `type:"structure"` 8173 8174 // ARN of the key. 8175 KeyArn *string `min:"20" type:"string"` 8176 8177 // Unique identifier of the key. 8178 KeyId *string `min:"1" type:"string"` 8179} 8180 8181// String returns the string representation 8182func (s KeyListEntry) String() string { 8183 return awsutil.Prettify(s) 8184} 8185 8186// GoString returns the string representation 8187func (s KeyListEntry) GoString() string { 8188 return s.String() 8189} 8190 8191// SetKeyArn sets the KeyArn field's value. 8192func (s *KeyListEntry) SetKeyArn(v string) *KeyListEntry { 8193 s.KeyArn = &v 8194 return s 8195} 8196 8197// SetKeyId sets the KeyId field's value. 8198func (s *KeyListEntry) SetKeyId(v string) *KeyListEntry { 8199 s.KeyId = &v 8200 return s 8201} 8202 8203// Contains metadata about a customer master key (CMK). 8204// 8205// This data type is used as a response element for the CreateKey and DescribeKey 8206// operations. 8207type KeyMetadata struct { 8208 _ struct{} `type:"structure"` 8209 8210 // The twelve-digit account ID of the AWS account that owns the CMK. 8211 AWSAccountId *string `type:"string"` 8212 8213 // The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management 8214 // Service (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) 8215 // in the Example ARNs section of the AWS General Reference. 8216 Arn *string `min:"20" type:"string"` 8217 8218 // The cluster ID of the AWS CloudHSM cluster that contains the key material 8219 // for the CMK. When you create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), 8220 // AWS KMS creates the key material for the CMK in the associated AWS CloudHSM 8221 // cluster. This value is present only when the CMK is created in a custom key 8222 // store. 8223 CloudHsmClusterId *string `min:"19" type:"string"` 8224 8225 // The date and time when the CMK was created. 8226 CreationDate *time.Time `type:"timestamp"` 8227 8228 // A unique identifier for the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) 8229 // that contains the CMK. This value is present only when the CMK is created 8230 // in a custom key store. 8231 CustomKeyStoreId *string `min:"1" type:"string"` 8232 8233 // The date and time after which AWS KMS deletes the CMK. This value is present 8234 // only when KeyState is PendingDeletion. 8235 DeletionDate *time.Time `type:"timestamp"` 8236 8237 // The description of the CMK. 8238 Description *string `type:"string"` 8239 8240 // Specifies whether the CMK is enabled. When KeyState is Enabled this value 8241 // is true, otherwise it is false. 8242 Enabled *bool `type:"boolean"` 8243 8244 // Specifies whether the CMK's key material expires. This value is present only 8245 // when Origin is EXTERNAL, otherwise this value is omitted. 8246 ExpirationModel *string `type:"string" enum:"ExpirationModelType"` 8247 8248 // The globally unique identifier for the CMK. 8249 // 8250 // KeyId is a required field 8251 KeyId *string `min:"1" type:"string" required:"true"` 8252 8253 // The manager of the CMK. CMKs in your AWS account are either customer managed 8254 // or AWS managed. For more information about the difference, see Customer Master 8255 // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) 8256 // in the AWS Key Management Service Developer Guide. 8257 KeyManager *string `type:"string" enum:"KeyManagerType"` 8258 8259 // The state of the CMK. 8260 // 8261 // For more information about how key state affects the use of a CMK, see How 8262 // Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) 8263 // in the AWS Key Management Service Developer Guide. 8264 KeyState *string `type:"string" enum:"KeyState"` 8265 8266 // The cryptographic operations for which you can use the CMK. The only valid 8267 // value is ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and 8268 // decrypt data. 8269 KeyUsage *string `type:"string" enum:"KeyUsageType"` 8270 8271 // The source of the CMK's key material. When this value is AWS_KMS, AWS KMS 8272 // created the key material. When this value is EXTERNAL, the key material was 8273 // imported from your existing key management infrastructure or the CMK lacks 8274 // key material. When this value is AWS_CLOUDHSM, the key material was created 8275 // in the AWS CloudHSM cluster associated with a custom key store. 8276 Origin *string `type:"string" enum:"OriginType"` 8277 8278 // The time at which the imported key material expires. When the key material 8279 // expires, AWS KMS deletes the key material and the CMK becomes unusable. This 8280 // value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel 8281 // is KEY_MATERIAL_EXPIRES, otherwise this value is omitted. 8282 ValidTo *time.Time `type:"timestamp"` 8283} 8284 8285// String returns the string representation 8286func (s KeyMetadata) String() string { 8287 return awsutil.Prettify(s) 8288} 8289 8290// GoString returns the string representation 8291func (s KeyMetadata) GoString() string { 8292 return s.String() 8293} 8294 8295// SetAWSAccountId sets the AWSAccountId field's value. 8296func (s *KeyMetadata) SetAWSAccountId(v string) *KeyMetadata { 8297 s.AWSAccountId = &v 8298 return s 8299} 8300 8301// SetArn sets the Arn field's value. 8302func (s *KeyMetadata) SetArn(v string) *KeyMetadata { 8303 s.Arn = &v 8304 return s 8305} 8306 8307// SetCloudHsmClusterId sets the CloudHsmClusterId field's value. 8308func (s *KeyMetadata) SetCloudHsmClusterId(v string) *KeyMetadata { 8309 s.CloudHsmClusterId = &v 8310 return s 8311} 8312 8313// SetCreationDate sets the CreationDate field's value. 8314func (s *KeyMetadata) SetCreationDate(v time.Time) *KeyMetadata { 8315 s.CreationDate = &v 8316 return s 8317} 8318 8319// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 8320func (s *KeyMetadata) SetCustomKeyStoreId(v string) *KeyMetadata { 8321 s.CustomKeyStoreId = &v 8322 return s 8323} 8324 8325// SetDeletionDate sets the DeletionDate field's value. 8326func (s *KeyMetadata) SetDeletionDate(v time.Time) *KeyMetadata { 8327 s.DeletionDate = &v 8328 return s 8329} 8330 8331// SetDescription sets the Description field's value. 8332func (s *KeyMetadata) SetDescription(v string) *KeyMetadata { 8333 s.Description = &v 8334 return s 8335} 8336 8337// SetEnabled sets the Enabled field's value. 8338func (s *KeyMetadata) SetEnabled(v bool) *KeyMetadata { 8339 s.Enabled = &v 8340 return s 8341} 8342 8343// SetExpirationModel sets the ExpirationModel field's value. 8344func (s *KeyMetadata) SetExpirationModel(v string) *KeyMetadata { 8345 s.ExpirationModel = &v 8346 return s 8347} 8348 8349// SetKeyId sets the KeyId field's value. 8350func (s *KeyMetadata) SetKeyId(v string) *KeyMetadata { 8351 s.KeyId = &v 8352 return s 8353} 8354 8355// SetKeyManager sets the KeyManager field's value. 8356func (s *KeyMetadata) SetKeyManager(v string) *KeyMetadata { 8357 s.KeyManager = &v 8358 return s 8359} 8360 8361// SetKeyState sets the KeyState field's value. 8362func (s *KeyMetadata) SetKeyState(v string) *KeyMetadata { 8363 s.KeyState = &v 8364 return s 8365} 8366 8367// SetKeyUsage sets the KeyUsage field's value. 8368func (s *KeyMetadata) SetKeyUsage(v string) *KeyMetadata { 8369 s.KeyUsage = &v 8370 return s 8371} 8372 8373// SetOrigin sets the Origin field's value. 8374func (s *KeyMetadata) SetOrigin(v string) *KeyMetadata { 8375 s.Origin = &v 8376 return s 8377} 8378 8379// SetValidTo sets the ValidTo field's value. 8380func (s *KeyMetadata) SetValidTo(v time.Time) *KeyMetadata { 8381 s.ValidTo = &v 8382 return s 8383} 8384 8385type ListAliasesInput struct { 8386 _ struct{} `type:"structure"` 8387 8388 // Lists only aliases that refer to the specified CMK. The value of this parameter 8389 // can be the ID or Amazon Resource Name (ARN) of a CMK in the caller's account 8390 // and region. You cannot use an alias name or alias ARN in this value. 8391 // 8392 // This parameter is optional. If you omit it, ListAliases returns all aliases 8393 // in the account and region. 8394 KeyId *string `min:"1" type:"string"` 8395 8396 // Use this parameter to specify the maximum number of items to return. When 8397 // this value is present, AWS KMS does not return more than the specified number 8398 // of items, but it might return fewer. 8399 // 8400 // This value is optional. If you include a value, it must be between 1 and 8401 // 100, inclusive. If you do not include a value, it defaults to 50. 8402 Limit *int64 `min:"1" type:"integer"` 8403 8404 // Use this parameter in a subsequent request after you receive a response with 8405 // truncated results. Set it to the value of NextMarker from the truncated response 8406 // you just received. 8407 Marker *string `min:"1" type:"string"` 8408} 8409 8410// String returns the string representation 8411func (s ListAliasesInput) String() string { 8412 return awsutil.Prettify(s) 8413} 8414 8415// GoString returns the string representation 8416func (s ListAliasesInput) GoString() string { 8417 return s.String() 8418} 8419 8420// Validate inspects the fields of the type to determine if they are valid. 8421func (s *ListAliasesInput) Validate() error { 8422 invalidParams := request.ErrInvalidParams{Context: "ListAliasesInput"} 8423 if s.KeyId != nil && len(*s.KeyId) < 1 { 8424 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 8425 } 8426 if s.Limit != nil && *s.Limit < 1 { 8427 invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) 8428 } 8429 if s.Marker != nil && len(*s.Marker) < 1 { 8430 invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) 8431 } 8432 8433 if invalidParams.Len() > 0 { 8434 return invalidParams 8435 } 8436 return nil 8437} 8438 8439// SetKeyId sets the KeyId field's value. 8440func (s *ListAliasesInput) SetKeyId(v string) *ListAliasesInput { 8441 s.KeyId = &v 8442 return s 8443} 8444 8445// SetLimit sets the Limit field's value. 8446func (s *ListAliasesInput) SetLimit(v int64) *ListAliasesInput { 8447 s.Limit = &v 8448 return s 8449} 8450 8451// SetMarker sets the Marker field's value. 8452func (s *ListAliasesInput) SetMarker(v string) *ListAliasesInput { 8453 s.Marker = &v 8454 return s 8455} 8456 8457type ListAliasesOutput struct { 8458 _ struct{} `type:"structure"` 8459 8460 // A list of aliases. 8461 Aliases []*AliasListEntry `type:"list"` 8462 8463 // When Truncated is true, this element is present and contains the value to 8464 // use for the Marker parameter in a subsequent request. 8465 NextMarker *string `min:"1" type:"string"` 8466 8467 // A flag that indicates whether there are more items in the list. When this 8468 // value is true, the list in this response is truncated. To get more items, 8469 // pass the value of the NextMarker element in thisresponse to the Marker parameter 8470 // in a subsequent request. 8471 Truncated *bool `type:"boolean"` 8472} 8473 8474// String returns the string representation 8475func (s ListAliasesOutput) String() string { 8476 return awsutil.Prettify(s) 8477} 8478 8479// GoString returns the string representation 8480func (s ListAliasesOutput) GoString() string { 8481 return s.String() 8482} 8483 8484// SetAliases sets the Aliases field's value. 8485func (s *ListAliasesOutput) SetAliases(v []*AliasListEntry) *ListAliasesOutput { 8486 s.Aliases = v 8487 return s 8488} 8489 8490// SetNextMarker sets the NextMarker field's value. 8491func (s *ListAliasesOutput) SetNextMarker(v string) *ListAliasesOutput { 8492 s.NextMarker = &v 8493 return s 8494} 8495 8496// SetTruncated sets the Truncated field's value. 8497func (s *ListAliasesOutput) SetTruncated(v bool) *ListAliasesOutput { 8498 s.Truncated = &v 8499 return s 8500} 8501 8502type ListGrantsInput struct { 8503 _ struct{} `type:"structure"` 8504 8505 // A unique identifier for the customer master key (CMK). 8506 // 8507 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify 8508 // a CMK in a different AWS account, you must use the key ARN. 8509 // 8510 // For example: 8511 // 8512 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 8513 // 8514 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 8515 // 8516 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 8517 // 8518 // KeyId is a required field 8519 KeyId *string `min:"1" type:"string" required:"true"` 8520 8521 // Use this parameter to specify the maximum number of items to return. When 8522 // this value is present, AWS KMS does not return more than the specified number 8523 // of items, but it might return fewer. 8524 // 8525 // This value is optional. If you include a value, it must be between 1 and 8526 // 100, inclusive. If you do not include a value, it defaults to 50. 8527 Limit *int64 `min:"1" type:"integer"` 8528 8529 // Use this parameter in a subsequent request after you receive a response with 8530 // truncated results. Set it to the value of NextMarker from the truncated response 8531 // you just received. 8532 Marker *string `min:"1" type:"string"` 8533} 8534 8535// String returns the string representation 8536func (s ListGrantsInput) String() string { 8537 return awsutil.Prettify(s) 8538} 8539 8540// GoString returns the string representation 8541func (s ListGrantsInput) GoString() string { 8542 return s.String() 8543} 8544 8545// Validate inspects the fields of the type to determine if they are valid. 8546func (s *ListGrantsInput) Validate() error { 8547 invalidParams := request.ErrInvalidParams{Context: "ListGrantsInput"} 8548 if s.KeyId == nil { 8549 invalidParams.Add(request.NewErrParamRequired("KeyId")) 8550 } 8551 if s.KeyId != nil && len(*s.KeyId) < 1 { 8552 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 8553 } 8554 if s.Limit != nil && *s.Limit < 1 { 8555 invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) 8556 } 8557 if s.Marker != nil && len(*s.Marker) < 1 { 8558 invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) 8559 } 8560 8561 if invalidParams.Len() > 0 { 8562 return invalidParams 8563 } 8564 return nil 8565} 8566 8567// SetKeyId sets the KeyId field's value. 8568func (s *ListGrantsInput) SetKeyId(v string) *ListGrantsInput { 8569 s.KeyId = &v 8570 return s 8571} 8572 8573// SetLimit sets the Limit field's value. 8574func (s *ListGrantsInput) SetLimit(v int64) *ListGrantsInput { 8575 s.Limit = &v 8576 return s 8577} 8578 8579// SetMarker sets the Marker field's value. 8580func (s *ListGrantsInput) SetMarker(v string) *ListGrantsInput { 8581 s.Marker = &v 8582 return s 8583} 8584 8585type ListGrantsResponse struct { 8586 _ struct{} `type:"structure"` 8587 8588 // A list of grants. 8589 Grants []*GrantListEntry `type:"list"` 8590 8591 // When Truncated is true, this element is present and contains the value to 8592 // use for the Marker parameter in a subsequent request. 8593 NextMarker *string `min:"1" type:"string"` 8594 8595 // A flag that indicates whether there are more items in the list. When this 8596 // value is true, the list in this response is truncated. To get more items, 8597 // pass the value of the NextMarker element in thisresponse to the Marker parameter 8598 // in a subsequent request. 8599 Truncated *bool `type:"boolean"` 8600} 8601 8602// String returns the string representation 8603func (s ListGrantsResponse) String() string { 8604 return awsutil.Prettify(s) 8605} 8606 8607// GoString returns the string representation 8608func (s ListGrantsResponse) GoString() string { 8609 return s.String() 8610} 8611 8612// SetGrants sets the Grants field's value. 8613func (s *ListGrantsResponse) SetGrants(v []*GrantListEntry) *ListGrantsResponse { 8614 s.Grants = v 8615 return s 8616} 8617 8618// SetNextMarker sets the NextMarker field's value. 8619func (s *ListGrantsResponse) SetNextMarker(v string) *ListGrantsResponse { 8620 s.NextMarker = &v 8621 return s 8622} 8623 8624// SetTruncated sets the Truncated field's value. 8625func (s *ListGrantsResponse) SetTruncated(v bool) *ListGrantsResponse { 8626 s.Truncated = &v 8627 return s 8628} 8629 8630type ListKeyPoliciesInput struct { 8631 _ struct{} `type:"structure"` 8632 8633 // A unique identifier for the customer master key (CMK). 8634 // 8635 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 8636 // 8637 // For example: 8638 // 8639 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 8640 // 8641 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 8642 // 8643 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 8644 // 8645 // KeyId is a required field 8646 KeyId *string `min:"1" type:"string" required:"true"` 8647 8648 // Use this parameter to specify the maximum number of items to return. When 8649 // this value is present, AWS KMS does not return more than the specified number 8650 // of items, but it might return fewer. 8651 // 8652 // This value is optional. If you include a value, it must be between 1 and 8653 // 1000, inclusive. If you do not include a value, it defaults to 100. 8654 // 8655 // Only one policy can be attached to a key. 8656 Limit *int64 `min:"1" type:"integer"` 8657 8658 // Use this parameter in a subsequent request after you receive a response with 8659 // truncated results. Set it to the value of NextMarker from the truncated response 8660 // you just received. 8661 Marker *string `min:"1" type:"string"` 8662} 8663 8664// String returns the string representation 8665func (s ListKeyPoliciesInput) String() string { 8666 return awsutil.Prettify(s) 8667} 8668 8669// GoString returns the string representation 8670func (s ListKeyPoliciesInput) GoString() string { 8671 return s.String() 8672} 8673 8674// Validate inspects the fields of the type to determine if they are valid. 8675func (s *ListKeyPoliciesInput) Validate() error { 8676 invalidParams := request.ErrInvalidParams{Context: "ListKeyPoliciesInput"} 8677 if s.KeyId == nil { 8678 invalidParams.Add(request.NewErrParamRequired("KeyId")) 8679 } 8680 if s.KeyId != nil && len(*s.KeyId) < 1 { 8681 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 8682 } 8683 if s.Limit != nil && *s.Limit < 1 { 8684 invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) 8685 } 8686 if s.Marker != nil && len(*s.Marker) < 1 { 8687 invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) 8688 } 8689 8690 if invalidParams.Len() > 0 { 8691 return invalidParams 8692 } 8693 return nil 8694} 8695 8696// SetKeyId sets the KeyId field's value. 8697func (s *ListKeyPoliciesInput) SetKeyId(v string) *ListKeyPoliciesInput { 8698 s.KeyId = &v 8699 return s 8700} 8701 8702// SetLimit sets the Limit field's value. 8703func (s *ListKeyPoliciesInput) SetLimit(v int64) *ListKeyPoliciesInput { 8704 s.Limit = &v 8705 return s 8706} 8707 8708// SetMarker sets the Marker field's value. 8709func (s *ListKeyPoliciesInput) SetMarker(v string) *ListKeyPoliciesInput { 8710 s.Marker = &v 8711 return s 8712} 8713 8714type ListKeyPoliciesOutput struct { 8715 _ struct{} `type:"structure"` 8716 8717 // When Truncated is true, this element is present and contains the value to 8718 // use for the Marker parameter in a subsequent request. 8719 NextMarker *string `min:"1" type:"string"` 8720 8721 // A list of key policy names. The only valid value is default. 8722 PolicyNames []*string `type:"list"` 8723 8724 // A flag that indicates whether there are more items in the list. When this 8725 // value is true, the list in this response is truncated. To get more items, 8726 // pass the value of the NextMarker element in thisresponse to the Marker parameter 8727 // in a subsequent request. 8728 Truncated *bool `type:"boolean"` 8729} 8730 8731// String returns the string representation 8732func (s ListKeyPoliciesOutput) String() string { 8733 return awsutil.Prettify(s) 8734} 8735 8736// GoString returns the string representation 8737func (s ListKeyPoliciesOutput) GoString() string { 8738 return s.String() 8739} 8740 8741// SetNextMarker sets the NextMarker field's value. 8742func (s *ListKeyPoliciesOutput) SetNextMarker(v string) *ListKeyPoliciesOutput { 8743 s.NextMarker = &v 8744 return s 8745} 8746 8747// SetPolicyNames sets the PolicyNames field's value. 8748func (s *ListKeyPoliciesOutput) SetPolicyNames(v []*string) *ListKeyPoliciesOutput { 8749 s.PolicyNames = v 8750 return s 8751} 8752 8753// SetTruncated sets the Truncated field's value. 8754func (s *ListKeyPoliciesOutput) SetTruncated(v bool) *ListKeyPoliciesOutput { 8755 s.Truncated = &v 8756 return s 8757} 8758 8759type ListKeysInput struct { 8760 _ struct{} `type:"structure"` 8761 8762 // Use this parameter to specify the maximum number of items to return. When 8763 // this value is present, AWS KMS does not return more than the specified number 8764 // of items, but it might return fewer. 8765 // 8766 // This value is optional. If you include a value, it must be between 1 and 8767 // 1000, inclusive. If you do not include a value, it defaults to 100. 8768 Limit *int64 `min:"1" type:"integer"` 8769 8770 // Use this parameter in a subsequent request after you receive a response with 8771 // truncated results. Set it to the value of NextMarker from the truncated response 8772 // you just received. 8773 Marker *string `min:"1" type:"string"` 8774} 8775 8776// String returns the string representation 8777func (s ListKeysInput) String() string { 8778 return awsutil.Prettify(s) 8779} 8780 8781// GoString returns the string representation 8782func (s ListKeysInput) GoString() string { 8783 return s.String() 8784} 8785 8786// Validate inspects the fields of the type to determine if they are valid. 8787func (s *ListKeysInput) Validate() error { 8788 invalidParams := request.ErrInvalidParams{Context: "ListKeysInput"} 8789 if s.Limit != nil && *s.Limit < 1 { 8790 invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) 8791 } 8792 if s.Marker != nil && len(*s.Marker) < 1 { 8793 invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) 8794 } 8795 8796 if invalidParams.Len() > 0 { 8797 return invalidParams 8798 } 8799 return nil 8800} 8801 8802// SetLimit sets the Limit field's value. 8803func (s *ListKeysInput) SetLimit(v int64) *ListKeysInput { 8804 s.Limit = &v 8805 return s 8806} 8807 8808// SetMarker sets the Marker field's value. 8809func (s *ListKeysInput) SetMarker(v string) *ListKeysInput { 8810 s.Marker = &v 8811 return s 8812} 8813 8814type ListKeysOutput struct { 8815 _ struct{} `type:"structure"` 8816 8817 // A list of customer master keys (CMKs). 8818 Keys []*KeyListEntry `type:"list"` 8819 8820 // When Truncated is true, this element is present and contains the value to 8821 // use for the Marker parameter in a subsequent request. 8822 NextMarker *string `min:"1" type:"string"` 8823 8824 // A flag that indicates whether there are more items in the list. When this 8825 // value is true, the list in this response is truncated. To get more items, 8826 // pass the value of the NextMarker element in thisresponse to the Marker parameter 8827 // in a subsequent request. 8828 Truncated *bool `type:"boolean"` 8829} 8830 8831// String returns the string representation 8832func (s ListKeysOutput) String() string { 8833 return awsutil.Prettify(s) 8834} 8835 8836// GoString returns the string representation 8837func (s ListKeysOutput) GoString() string { 8838 return s.String() 8839} 8840 8841// SetKeys sets the Keys field's value. 8842func (s *ListKeysOutput) SetKeys(v []*KeyListEntry) *ListKeysOutput { 8843 s.Keys = v 8844 return s 8845} 8846 8847// SetNextMarker sets the NextMarker field's value. 8848func (s *ListKeysOutput) SetNextMarker(v string) *ListKeysOutput { 8849 s.NextMarker = &v 8850 return s 8851} 8852 8853// SetTruncated sets the Truncated field's value. 8854func (s *ListKeysOutput) SetTruncated(v bool) *ListKeysOutput { 8855 s.Truncated = &v 8856 return s 8857} 8858 8859type ListResourceTagsInput struct { 8860 _ struct{} `type:"structure"` 8861 8862 // A unique identifier for the customer master key (CMK). 8863 // 8864 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 8865 // 8866 // For example: 8867 // 8868 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 8869 // 8870 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 8871 // 8872 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 8873 // 8874 // KeyId is a required field 8875 KeyId *string `min:"1" type:"string" required:"true"` 8876 8877 // Use this parameter to specify the maximum number of items to return. When 8878 // this value is present, AWS KMS does not return more than the specified number 8879 // of items, but it might return fewer. 8880 // 8881 // This value is optional. If you include a value, it must be between 1 and 8882 // 50, inclusive. If you do not include a value, it defaults to 50. 8883 Limit *int64 `min:"1" type:"integer"` 8884 8885 // Use this parameter in a subsequent request after you receive a response with 8886 // truncated results. Set it to the value of NextMarker from the truncated response 8887 // you just received. 8888 // 8889 // Do not attempt to construct this value. Use only the value of NextMarker 8890 // from the truncated response you just received. 8891 Marker *string `min:"1" type:"string"` 8892} 8893 8894// String returns the string representation 8895func (s ListResourceTagsInput) String() string { 8896 return awsutil.Prettify(s) 8897} 8898 8899// GoString returns the string representation 8900func (s ListResourceTagsInput) GoString() string { 8901 return s.String() 8902} 8903 8904// Validate inspects the fields of the type to determine if they are valid. 8905func (s *ListResourceTagsInput) Validate() error { 8906 invalidParams := request.ErrInvalidParams{Context: "ListResourceTagsInput"} 8907 if s.KeyId == nil { 8908 invalidParams.Add(request.NewErrParamRequired("KeyId")) 8909 } 8910 if s.KeyId != nil && len(*s.KeyId) < 1 { 8911 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 8912 } 8913 if s.Limit != nil && *s.Limit < 1 { 8914 invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) 8915 } 8916 if s.Marker != nil && len(*s.Marker) < 1 { 8917 invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) 8918 } 8919 8920 if invalidParams.Len() > 0 { 8921 return invalidParams 8922 } 8923 return nil 8924} 8925 8926// SetKeyId sets the KeyId field's value. 8927func (s *ListResourceTagsInput) SetKeyId(v string) *ListResourceTagsInput { 8928 s.KeyId = &v 8929 return s 8930} 8931 8932// SetLimit sets the Limit field's value. 8933func (s *ListResourceTagsInput) SetLimit(v int64) *ListResourceTagsInput { 8934 s.Limit = &v 8935 return s 8936} 8937 8938// SetMarker sets the Marker field's value. 8939func (s *ListResourceTagsInput) SetMarker(v string) *ListResourceTagsInput { 8940 s.Marker = &v 8941 return s 8942} 8943 8944type ListResourceTagsOutput struct { 8945 _ struct{} `type:"structure"` 8946 8947 // When Truncated is true, this element is present and contains the value to 8948 // use for the Marker parameter in a subsequent request. 8949 // 8950 // Do not assume or infer any information from this value. 8951 NextMarker *string `min:"1" type:"string"` 8952 8953 // A list of tags. Each tag consists of a tag key and a tag value. 8954 Tags []*Tag `type:"list"` 8955 8956 // A flag that indicates whether there are more items in the list. When this 8957 // value is true, the list in this response is truncated. To get more items, 8958 // pass the value of the NextMarker element in thisresponse to the Marker parameter 8959 // in a subsequent request. 8960 Truncated *bool `type:"boolean"` 8961} 8962 8963// String returns the string representation 8964func (s ListResourceTagsOutput) String() string { 8965 return awsutil.Prettify(s) 8966} 8967 8968// GoString returns the string representation 8969func (s ListResourceTagsOutput) GoString() string { 8970 return s.String() 8971} 8972 8973// SetNextMarker sets the NextMarker field's value. 8974func (s *ListResourceTagsOutput) SetNextMarker(v string) *ListResourceTagsOutput { 8975 s.NextMarker = &v 8976 return s 8977} 8978 8979// SetTags sets the Tags field's value. 8980func (s *ListResourceTagsOutput) SetTags(v []*Tag) *ListResourceTagsOutput { 8981 s.Tags = v 8982 return s 8983} 8984 8985// SetTruncated sets the Truncated field's value. 8986func (s *ListResourceTagsOutput) SetTruncated(v bool) *ListResourceTagsOutput { 8987 s.Truncated = &v 8988 return s 8989} 8990 8991type ListRetirableGrantsInput struct { 8992 _ struct{} `type:"structure"` 8993 8994 // Use this parameter to specify the maximum number of items to return. When 8995 // this value is present, AWS KMS does not return more than the specified number 8996 // of items, but it might return fewer. 8997 // 8998 // This value is optional. If you include a value, it must be between 1 and 8999 // 100, inclusive. If you do not include a value, it defaults to 50. 9000 Limit *int64 `min:"1" type:"integer"` 9001 9002 // Use this parameter in a subsequent request after you receive a response with 9003 // truncated results. Set it to the value of NextMarker from the truncated response 9004 // you just received. 9005 Marker *string `min:"1" type:"string"` 9006 9007 // The retiring principal for which to list grants. 9008 // 9009 // To specify the retiring principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) 9010 // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM 9011 // users, federated users, and assumed role users. For examples of the ARN syntax 9012 // for specifying a principal, see AWS Identity and Access Management (IAM) 9013 // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) 9014 // in the Example ARNs section of the Amazon Web Services General Reference. 9015 // 9016 // RetiringPrincipal is a required field 9017 RetiringPrincipal *string `min:"1" type:"string" required:"true"` 9018} 9019 9020// String returns the string representation 9021func (s ListRetirableGrantsInput) String() string { 9022 return awsutil.Prettify(s) 9023} 9024 9025// GoString returns the string representation 9026func (s ListRetirableGrantsInput) GoString() string { 9027 return s.String() 9028} 9029 9030// Validate inspects the fields of the type to determine if they are valid. 9031func (s *ListRetirableGrantsInput) Validate() error { 9032 invalidParams := request.ErrInvalidParams{Context: "ListRetirableGrantsInput"} 9033 if s.Limit != nil && *s.Limit < 1 { 9034 invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) 9035 } 9036 if s.Marker != nil && len(*s.Marker) < 1 { 9037 invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) 9038 } 9039 if s.RetiringPrincipal == nil { 9040 invalidParams.Add(request.NewErrParamRequired("RetiringPrincipal")) 9041 } 9042 if s.RetiringPrincipal != nil && len(*s.RetiringPrincipal) < 1 { 9043 invalidParams.Add(request.NewErrParamMinLen("RetiringPrincipal", 1)) 9044 } 9045 9046 if invalidParams.Len() > 0 { 9047 return invalidParams 9048 } 9049 return nil 9050} 9051 9052// SetLimit sets the Limit field's value. 9053func (s *ListRetirableGrantsInput) SetLimit(v int64) *ListRetirableGrantsInput { 9054 s.Limit = &v 9055 return s 9056} 9057 9058// SetMarker sets the Marker field's value. 9059func (s *ListRetirableGrantsInput) SetMarker(v string) *ListRetirableGrantsInput { 9060 s.Marker = &v 9061 return s 9062} 9063 9064// SetRetiringPrincipal sets the RetiringPrincipal field's value. 9065func (s *ListRetirableGrantsInput) SetRetiringPrincipal(v string) *ListRetirableGrantsInput { 9066 s.RetiringPrincipal = &v 9067 return s 9068} 9069 9070type PutKeyPolicyInput struct { 9071 _ struct{} `type:"structure"` 9072 9073 // A flag to indicate whether to bypass the key policy lockout safety check. 9074 // 9075 // Setting this value to true increases the risk that the CMK becomes unmanageable. 9076 // Do not set this value to true indiscriminately. 9077 // 9078 // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) 9079 // section in the AWS Key Management Service Developer Guide. 9080 // 9081 // Use this parameter only when you intend to prevent the principal that is 9082 // making the request from making a subsequent PutKeyPolicy request on the CMK. 9083 // 9084 // The default value is false. 9085 BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` 9086 9087 // A unique identifier for the customer master key (CMK). 9088 // 9089 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 9090 // 9091 // For example: 9092 // 9093 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 9094 // 9095 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 9096 // 9097 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 9098 // 9099 // KeyId is a required field 9100 KeyId *string `min:"1" type:"string" required:"true"` 9101 9102 // The key policy to attach to the CMK. 9103 // 9104 // The key policy must meet the following criteria: 9105 // 9106 // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy 9107 // must allow the principal that is making the PutKeyPolicy request to make 9108 // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that 9109 // the CMK becomes unmanageable. For more information, refer to the scenario 9110 // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) 9111 // section of the AWS Key Management Service Developer Guide. 9112 // 9113 // * Each statement in the key policy must contain one or more principals. 9114 // The principals in the key policy must exist and be visible to AWS KMS. 9115 // When you create a new AWS principal (for example, an IAM user or role), 9116 // you might need to enforce a delay before including the new principal in 9117 // a key policy because the new principal might not be immediately visible 9118 // to AWS KMS. For more information, see Changes that I make are not always 9119 // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) 9120 // in the AWS Identity and Access Management User Guide. 9121 // 9122 // The key policy size limit is 32 kilobytes (32768 bytes). 9123 // 9124 // Policy is a required field 9125 Policy *string `min:"1" type:"string" required:"true"` 9126 9127 // The name of the key policy. The only valid value is default. 9128 // 9129 // PolicyName is a required field 9130 PolicyName *string `min:"1" type:"string" required:"true"` 9131} 9132 9133// String returns the string representation 9134func (s PutKeyPolicyInput) String() string { 9135 return awsutil.Prettify(s) 9136} 9137 9138// GoString returns the string representation 9139func (s PutKeyPolicyInput) GoString() string { 9140 return s.String() 9141} 9142 9143// Validate inspects the fields of the type to determine if they are valid. 9144func (s *PutKeyPolicyInput) Validate() error { 9145 invalidParams := request.ErrInvalidParams{Context: "PutKeyPolicyInput"} 9146 if s.KeyId == nil { 9147 invalidParams.Add(request.NewErrParamRequired("KeyId")) 9148 } 9149 if s.KeyId != nil && len(*s.KeyId) < 1 { 9150 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 9151 } 9152 if s.Policy == nil { 9153 invalidParams.Add(request.NewErrParamRequired("Policy")) 9154 } 9155 if s.Policy != nil && len(*s.Policy) < 1 { 9156 invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) 9157 } 9158 if s.PolicyName == nil { 9159 invalidParams.Add(request.NewErrParamRequired("PolicyName")) 9160 } 9161 if s.PolicyName != nil && len(*s.PolicyName) < 1 { 9162 invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) 9163 } 9164 9165 if invalidParams.Len() > 0 { 9166 return invalidParams 9167 } 9168 return nil 9169} 9170 9171// SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value. 9172func (s *PutKeyPolicyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *PutKeyPolicyInput { 9173 s.BypassPolicyLockoutSafetyCheck = &v 9174 return s 9175} 9176 9177// SetKeyId sets the KeyId field's value. 9178func (s *PutKeyPolicyInput) SetKeyId(v string) *PutKeyPolicyInput { 9179 s.KeyId = &v 9180 return s 9181} 9182 9183// SetPolicy sets the Policy field's value. 9184func (s *PutKeyPolicyInput) SetPolicy(v string) *PutKeyPolicyInput { 9185 s.Policy = &v 9186 return s 9187} 9188 9189// SetPolicyName sets the PolicyName field's value. 9190func (s *PutKeyPolicyInput) SetPolicyName(v string) *PutKeyPolicyInput { 9191 s.PolicyName = &v 9192 return s 9193} 9194 9195type PutKeyPolicyOutput struct { 9196 _ struct{} `type:"structure"` 9197} 9198 9199// String returns the string representation 9200func (s PutKeyPolicyOutput) String() string { 9201 return awsutil.Prettify(s) 9202} 9203 9204// GoString returns the string representation 9205func (s PutKeyPolicyOutput) GoString() string { 9206 return s.String() 9207} 9208 9209type ReEncryptInput struct { 9210 _ struct{} `type:"structure"` 9211 9212 // Ciphertext of the data to reencrypt. 9213 // 9214 // CiphertextBlob is automatically base64 encoded/decoded by the SDK. 9215 // 9216 // CiphertextBlob is a required field 9217 CiphertextBlob []byte `min:"1" type:"blob" required:"true"` 9218 9219 // Encryption context to use when the data is reencrypted. 9220 DestinationEncryptionContext map[string]*string `type:"map"` 9221 9222 // A unique identifier for the CMK that is used to reencrypt the data. 9223 // 9224 // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, 9225 // or alias ARN. When using an alias name, prefix it with "alias/". To specify 9226 // a CMK in a different AWS account, you must use the key ARN or alias ARN. 9227 // 9228 // For example: 9229 // 9230 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 9231 // 9232 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 9233 // 9234 // * Alias name: alias/ExampleAlias 9235 // 9236 // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias 9237 // 9238 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To 9239 // get the alias name and alias ARN, use ListAliases. 9240 // 9241 // DestinationKeyId is a required field 9242 DestinationKeyId *string `min:"1" type:"string" required:"true"` 9243 9244 // A list of grant tokens. 9245 // 9246 // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) 9247 // in the AWS Key Management Service Developer Guide. 9248 GrantTokens []*string `type:"list"` 9249 9250 // Encryption context used to encrypt and decrypt the data specified in the 9251 // CiphertextBlob parameter. 9252 SourceEncryptionContext map[string]*string `type:"map"` 9253} 9254 9255// String returns the string representation 9256func (s ReEncryptInput) String() string { 9257 return awsutil.Prettify(s) 9258} 9259 9260// GoString returns the string representation 9261func (s ReEncryptInput) GoString() string { 9262 return s.String() 9263} 9264 9265// Validate inspects the fields of the type to determine if they are valid. 9266func (s *ReEncryptInput) Validate() error { 9267 invalidParams := request.ErrInvalidParams{Context: "ReEncryptInput"} 9268 if s.CiphertextBlob == nil { 9269 invalidParams.Add(request.NewErrParamRequired("CiphertextBlob")) 9270 } 9271 if s.CiphertextBlob != nil && len(s.CiphertextBlob) < 1 { 9272 invalidParams.Add(request.NewErrParamMinLen("CiphertextBlob", 1)) 9273 } 9274 if s.DestinationKeyId == nil { 9275 invalidParams.Add(request.NewErrParamRequired("DestinationKeyId")) 9276 } 9277 if s.DestinationKeyId != nil && len(*s.DestinationKeyId) < 1 { 9278 invalidParams.Add(request.NewErrParamMinLen("DestinationKeyId", 1)) 9279 } 9280 9281 if invalidParams.Len() > 0 { 9282 return invalidParams 9283 } 9284 return nil 9285} 9286 9287// SetCiphertextBlob sets the CiphertextBlob field's value. 9288func (s *ReEncryptInput) SetCiphertextBlob(v []byte) *ReEncryptInput { 9289 s.CiphertextBlob = v 9290 return s 9291} 9292 9293// SetDestinationEncryptionContext sets the DestinationEncryptionContext field's value. 9294func (s *ReEncryptInput) SetDestinationEncryptionContext(v map[string]*string) *ReEncryptInput { 9295 s.DestinationEncryptionContext = v 9296 return s 9297} 9298 9299// SetDestinationKeyId sets the DestinationKeyId field's value. 9300func (s *ReEncryptInput) SetDestinationKeyId(v string) *ReEncryptInput { 9301 s.DestinationKeyId = &v 9302 return s 9303} 9304 9305// SetGrantTokens sets the GrantTokens field's value. 9306func (s *ReEncryptInput) SetGrantTokens(v []*string) *ReEncryptInput { 9307 s.GrantTokens = v 9308 return s 9309} 9310 9311// SetSourceEncryptionContext sets the SourceEncryptionContext field's value. 9312func (s *ReEncryptInput) SetSourceEncryptionContext(v map[string]*string) *ReEncryptInput { 9313 s.SourceEncryptionContext = v 9314 return s 9315} 9316 9317type ReEncryptOutput struct { 9318 _ struct{} `type:"structure"` 9319 9320 // The reencrypted data. When you use the HTTP API or the AWS CLI, the value 9321 // is Base64-encoded. Otherwise, it is not encoded. 9322 // 9323 // CiphertextBlob is automatically base64 encoded/decoded by the SDK. 9324 CiphertextBlob []byte `min:"1" type:"blob"` 9325 9326 // Unique identifier of the CMK used to reencrypt the data. 9327 KeyId *string `min:"1" type:"string"` 9328 9329 // Unique identifier of the CMK used to originally encrypt the data. 9330 SourceKeyId *string `min:"1" type:"string"` 9331} 9332 9333// String returns the string representation 9334func (s ReEncryptOutput) String() string { 9335 return awsutil.Prettify(s) 9336} 9337 9338// GoString returns the string representation 9339func (s ReEncryptOutput) GoString() string { 9340 return s.String() 9341} 9342 9343// SetCiphertextBlob sets the CiphertextBlob field's value. 9344func (s *ReEncryptOutput) SetCiphertextBlob(v []byte) *ReEncryptOutput { 9345 s.CiphertextBlob = v 9346 return s 9347} 9348 9349// SetKeyId sets the KeyId field's value. 9350func (s *ReEncryptOutput) SetKeyId(v string) *ReEncryptOutput { 9351 s.KeyId = &v 9352 return s 9353} 9354 9355// SetSourceKeyId sets the SourceKeyId field's value. 9356func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput { 9357 s.SourceKeyId = &v 9358 return s 9359} 9360 9361type RetireGrantInput struct { 9362 _ struct{} `type:"structure"` 9363 9364 // Unique identifier of the grant to retire. The grant ID is returned in the 9365 // response to a CreateGrant operation. 9366 // 9367 // * Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123 9368 GrantId *string `min:"1" type:"string"` 9369 9370 // Token that identifies the grant to be retired. 9371 GrantToken *string `min:"1" type:"string"` 9372 9373 // The Amazon Resource Name (ARN) of the CMK associated with the grant. 9374 // 9375 // For example: arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab 9376 KeyId *string `min:"1" type:"string"` 9377} 9378 9379// String returns the string representation 9380func (s RetireGrantInput) String() string { 9381 return awsutil.Prettify(s) 9382} 9383 9384// GoString returns the string representation 9385func (s RetireGrantInput) GoString() string { 9386 return s.String() 9387} 9388 9389// Validate inspects the fields of the type to determine if they are valid. 9390func (s *RetireGrantInput) Validate() error { 9391 invalidParams := request.ErrInvalidParams{Context: "RetireGrantInput"} 9392 if s.GrantId != nil && len(*s.GrantId) < 1 { 9393 invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) 9394 } 9395 if s.GrantToken != nil && len(*s.GrantToken) < 1 { 9396 invalidParams.Add(request.NewErrParamMinLen("GrantToken", 1)) 9397 } 9398 if s.KeyId != nil && len(*s.KeyId) < 1 { 9399 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 9400 } 9401 9402 if invalidParams.Len() > 0 { 9403 return invalidParams 9404 } 9405 return nil 9406} 9407 9408// SetGrantId sets the GrantId field's value. 9409func (s *RetireGrantInput) SetGrantId(v string) *RetireGrantInput { 9410 s.GrantId = &v 9411 return s 9412} 9413 9414// SetGrantToken sets the GrantToken field's value. 9415func (s *RetireGrantInput) SetGrantToken(v string) *RetireGrantInput { 9416 s.GrantToken = &v 9417 return s 9418} 9419 9420// SetKeyId sets the KeyId field's value. 9421func (s *RetireGrantInput) SetKeyId(v string) *RetireGrantInput { 9422 s.KeyId = &v 9423 return s 9424} 9425 9426type RetireGrantOutput struct { 9427 _ struct{} `type:"structure"` 9428} 9429 9430// String returns the string representation 9431func (s RetireGrantOutput) String() string { 9432 return awsutil.Prettify(s) 9433} 9434 9435// GoString returns the string representation 9436func (s RetireGrantOutput) GoString() string { 9437 return s.String() 9438} 9439 9440type RevokeGrantInput struct { 9441 _ struct{} `type:"structure"` 9442 9443 // Identifier of the grant to be revoked. 9444 // 9445 // GrantId is a required field 9446 GrantId *string `min:"1" type:"string" required:"true"` 9447 9448 // A unique identifier for the customer master key associated with the grant. 9449 // 9450 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify 9451 // a CMK in a different AWS account, you must use the key ARN. 9452 // 9453 // For example: 9454 // 9455 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 9456 // 9457 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 9458 // 9459 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 9460 // 9461 // KeyId is a required field 9462 KeyId *string `min:"1" type:"string" required:"true"` 9463} 9464 9465// String returns the string representation 9466func (s RevokeGrantInput) String() string { 9467 return awsutil.Prettify(s) 9468} 9469 9470// GoString returns the string representation 9471func (s RevokeGrantInput) GoString() string { 9472 return s.String() 9473} 9474 9475// Validate inspects the fields of the type to determine if they are valid. 9476func (s *RevokeGrantInput) Validate() error { 9477 invalidParams := request.ErrInvalidParams{Context: "RevokeGrantInput"} 9478 if s.GrantId == nil { 9479 invalidParams.Add(request.NewErrParamRequired("GrantId")) 9480 } 9481 if s.GrantId != nil && len(*s.GrantId) < 1 { 9482 invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) 9483 } 9484 if s.KeyId == nil { 9485 invalidParams.Add(request.NewErrParamRequired("KeyId")) 9486 } 9487 if s.KeyId != nil && len(*s.KeyId) < 1 { 9488 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 9489 } 9490 9491 if invalidParams.Len() > 0 { 9492 return invalidParams 9493 } 9494 return nil 9495} 9496 9497// SetGrantId sets the GrantId field's value. 9498func (s *RevokeGrantInput) SetGrantId(v string) *RevokeGrantInput { 9499 s.GrantId = &v 9500 return s 9501} 9502 9503// SetKeyId sets the KeyId field's value. 9504func (s *RevokeGrantInput) SetKeyId(v string) *RevokeGrantInput { 9505 s.KeyId = &v 9506 return s 9507} 9508 9509type RevokeGrantOutput struct { 9510 _ struct{} `type:"structure"` 9511} 9512 9513// String returns the string representation 9514func (s RevokeGrantOutput) String() string { 9515 return awsutil.Prettify(s) 9516} 9517 9518// GoString returns the string representation 9519func (s RevokeGrantOutput) GoString() string { 9520 return s.String() 9521} 9522 9523type ScheduleKeyDeletionInput struct { 9524 _ struct{} `type:"structure"` 9525 9526 // The unique identifier of the customer master key (CMK) to delete. 9527 // 9528 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 9529 // 9530 // For example: 9531 // 9532 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 9533 // 9534 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 9535 // 9536 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 9537 // 9538 // KeyId is a required field 9539 KeyId *string `min:"1" type:"string" required:"true"` 9540 9541 // The waiting period, specified in number of days. After the waiting period 9542 // ends, AWS KMS deletes the customer master key (CMK). 9543 // 9544 // This value is optional. If you include a value, it must be between 7 and 9545 // 30, inclusive. If you do not include a value, it defaults to 30. 9546 PendingWindowInDays *int64 `min:"1" type:"integer"` 9547} 9548 9549// String returns the string representation 9550func (s ScheduleKeyDeletionInput) String() string { 9551 return awsutil.Prettify(s) 9552} 9553 9554// GoString returns the string representation 9555func (s ScheduleKeyDeletionInput) GoString() string { 9556 return s.String() 9557} 9558 9559// Validate inspects the fields of the type to determine if they are valid. 9560func (s *ScheduleKeyDeletionInput) Validate() error { 9561 invalidParams := request.ErrInvalidParams{Context: "ScheduleKeyDeletionInput"} 9562 if s.KeyId == nil { 9563 invalidParams.Add(request.NewErrParamRequired("KeyId")) 9564 } 9565 if s.KeyId != nil && len(*s.KeyId) < 1 { 9566 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 9567 } 9568 if s.PendingWindowInDays != nil && *s.PendingWindowInDays < 1 { 9569 invalidParams.Add(request.NewErrParamMinValue("PendingWindowInDays", 1)) 9570 } 9571 9572 if invalidParams.Len() > 0 { 9573 return invalidParams 9574 } 9575 return nil 9576} 9577 9578// SetKeyId sets the KeyId field's value. 9579func (s *ScheduleKeyDeletionInput) SetKeyId(v string) *ScheduleKeyDeletionInput { 9580 s.KeyId = &v 9581 return s 9582} 9583 9584// SetPendingWindowInDays sets the PendingWindowInDays field's value. 9585func (s *ScheduleKeyDeletionInput) SetPendingWindowInDays(v int64) *ScheduleKeyDeletionInput { 9586 s.PendingWindowInDays = &v 9587 return s 9588} 9589 9590type ScheduleKeyDeletionOutput struct { 9591 _ struct{} `type:"structure"` 9592 9593 // The date and time after which AWS KMS deletes the customer master key (CMK). 9594 DeletionDate *time.Time `type:"timestamp"` 9595 9596 // The unique identifier of the customer master key (CMK) for which deletion 9597 // is scheduled. 9598 KeyId *string `min:"1" type:"string"` 9599} 9600 9601// String returns the string representation 9602func (s ScheduleKeyDeletionOutput) String() string { 9603 return awsutil.Prettify(s) 9604} 9605 9606// GoString returns the string representation 9607func (s ScheduleKeyDeletionOutput) GoString() string { 9608 return s.String() 9609} 9610 9611// SetDeletionDate sets the DeletionDate field's value. 9612func (s *ScheduleKeyDeletionOutput) SetDeletionDate(v time.Time) *ScheduleKeyDeletionOutput { 9613 s.DeletionDate = &v 9614 return s 9615} 9616 9617// SetKeyId sets the KeyId field's value. 9618func (s *ScheduleKeyDeletionOutput) SetKeyId(v string) *ScheduleKeyDeletionOutput { 9619 s.KeyId = &v 9620 return s 9621} 9622 9623// A key-value pair. A tag consists of a tag key and a tag value. Tag keys and 9624// tag values are both required, but tag values can be empty (null) strings. 9625// 9626// For information about the rules that apply to tag keys and tag values, see 9627// User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) 9628// in the AWS Billing and Cost Management User Guide. 9629type Tag struct { 9630 _ struct{} `type:"structure"` 9631 9632 // The key of the tag. 9633 // 9634 // TagKey is a required field 9635 TagKey *string `min:"1" type:"string" required:"true"` 9636 9637 // The value of the tag. 9638 // 9639 // TagValue is a required field 9640 TagValue *string `type:"string" required:"true"` 9641} 9642 9643// String returns the string representation 9644func (s Tag) String() string { 9645 return awsutil.Prettify(s) 9646} 9647 9648// GoString returns the string representation 9649func (s Tag) GoString() string { 9650 return s.String() 9651} 9652 9653// Validate inspects the fields of the type to determine if they are valid. 9654func (s *Tag) Validate() error { 9655 invalidParams := request.ErrInvalidParams{Context: "Tag"} 9656 if s.TagKey == nil { 9657 invalidParams.Add(request.NewErrParamRequired("TagKey")) 9658 } 9659 if s.TagKey != nil && len(*s.TagKey) < 1 { 9660 invalidParams.Add(request.NewErrParamMinLen("TagKey", 1)) 9661 } 9662 if s.TagValue == nil { 9663 invalidParams.Add(request.NewErrParamRequired("TagValue")) 9664 } 9665 9666 if invalidParams.Len() > 0 { 9667 return invalidParams 9668 } 9669 return nil 9670} 9671 9672// SetTagKey sets the TagKey field's value. 9673func (s *Tag) SetTagKey(v string) *Tag { 9674 s.TagKey = &v 9675 return s 9676} 9677 9678// SetTagValue sets the TagValue field's value. 9679func (s *Tag) SetTagValue(v string) *Tag { 9680 s.TagValue = &v 9681 return s 9682} 9683 9684type TagResourceInput struct { 9685 _ struct{} `type:"structure"` 9686 9687 // A unique identifier for the CMK you are tagging. 9688 // 9689 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 9690 // 9691 // For example: 9692 // 9693 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 9694 // 9695 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 9696 // 9697 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 9698 // 9699 // KeyId is a required field 9700 KeyId *string `min:"1" type:"string" required:"true"` 9701 9702 // One or more tags. Each tag consists of a tag key and a tag value. 9703 // 9704 // Tags is a required field 9705 Tags []*Tag `type:"list" required:"true"` 9706} 9707 9708// String returns the string representation 9709func (s TagResourceInput) String() string { 9710 return awsutil.Prettify(s) 9711} 9712 9713// GoString returns the string representation 9714func (s TagResourceInput) GoString() string { 9715 return s.String() 9716} 9717 9718// Validate inspects the fields of the type to determine if they are valid. 9719func (s *TagResourceInput) Validate() error { 9720 invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} 9721 if s.KeyId == nil { 9722 invalidParams.Add(request.NewErrParamRequired("KeyId")) 9723 } 9724 if s.KeyId != nil && len(*s.KeyId) < 1 { 9725 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 9726 } 9727 if s.Tags == nil { 9728 invalidParams.Add(request.NewErrParamRequired("Tags")) 9729 } 9730 if s.Tags != nil { 9731 for i, v := range s.Tags { 9732 if v == nil { 9733 continue 9734 } 9735 if err := v.Validate(); err != nil { 9736 invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) 9737 } 9738 } 9739 } 9740 9741 if invalidParams.Len() > 0 { 9742 return invalidParams 9743 } 9744 return nil 9745} 9746 9747// SetKeyId sets the KeyId field's value. 9748func (s *TagResourceInput) SetKeyId(v string) *TagResourceInput { 9749 s.KeyId = &v 9750 return s 9751} 9752 9753// SetTags sets the Tags field's value. 9754func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { 9755 s.Tags = v 9756 return s 9757} 9758 9759type TagResourceOutput struct { 9760 _ struct{} `type:"structure"` 9761} 9762 9763// String returns the string representation 9764func (s TagResourceOutput) String() string { 9765 return awsutil.Prettify(s) 9766} 9767 9768// GoString returns the string representation 9769func (s TagResourceOutput) GoString() string { 9770 return s.String() 9771} 9772 9773type UntagResourceInput struct { 9774 _ struct{} `type:"structure"` 9775 9776 // A unique identifier for the CMK from which you are removing tags. 9777 // 9778 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 9779 // 9780 // For example: 9781 // 9782 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 9783 // 9784 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 9785 // 9786 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 9787 // 9788 // KeyId is a required field 9789 KeyId *string `min:"1" type:"string" required:"true"` 9790 9791 // One or more tag keys. Specify only the tag keys, not the tag values. 9792 // 9793 // TagKeys is a required field 9794 TagKeys []*string `type:"list" required:"true"` 9795} 9796 9797// String returns the string representation 9798func (s UntagResourceInput) String() string { 9799 return awsutil.Prettify(s) 9800} 9801 9802// GoString returns the string representation 9803func (s UntagResourceInput) GoString() string { 9804 return s.String() 9805} 9806 9807// Validate inspects the fields of the type to determine if they are valid. 9808func (s *UntagResourceInput) Validate() error { 9809 invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} 9810 if s.KeyId == nil { 9811 invalidParams.Add(request.NewErrParamRequired("KeyId")) 9812 } 9813 if s.KeyId != nil && len(*s.KeyId) < 1 { 9814 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 9815 } 9816 if s.TagKeys == nil { 9817 invalidParams.Add(request.NewErrParamRequired("TagKeys")) 9818 } 9819 9820 if invalidParams.Len() > 0 { 9821 return invalidParams 9822 } 9823 return nil 9824} 9825 9826// SetKeyId sets the KeyId field's value. 9827func (s *UntagResourceInput) SetKeyId(v string) *UntagResourceInput { 9828 s.KeyId = &v 9829 return s 9830} 9831 9832// SetTagKeys sets the TagKeys field's value. 9833func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { 9834 s.TagKeys = v 9835 return s 9836} 9837 9838type UntagResourceOutput struct { 9839 _ struct{} `type:"structure"` 9840} 9841 9842// String returns the string representation 9843func (s UntagResourceOutput) String() string { 9844 return awsutil.Prettify(s) 9845} 9846 9847// GoString returns the string representation 9848func (s UntagResourceOutput) GoString() string { 9849 return s.String() 9850} 9851 9852type UpdateAliasInput struct { 9853 _ struct{} `type:"structure"` 9854 9855 // Specifies the name of the alias to change. This value must begin with alias/ 9856 // followed by the alias name, such as alias/ExampleAlias. 9857 // 9858 // AliasName is a required field 9859 AliasName *string `min:"1" type:"string" required:"true"` 9860 9861 // Unique identifier of the customer master key (CMK) to be mapped to the alias. 9862 // When the update operation completes, the alias will point to this CMK. 9863 // 9864 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 9865 // 9866 // For example: 9867 // 9868 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 9869 // 9870 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 9871 // 9872 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 9873 // 9874 // To verify that the alias is mapped to the correct CMK, use ListAliases. 9875 // 9876 // TargetKeyId is a required field 9877 TargetKeyId *string `min:"1" type:"string" required:"true"` 9878} 9879 9880// String returns the string representation 9881func (s UpdateAliasInput) String() string { 9882 return awsutil.Prettify(s) 9883} 9884 9885// GoString returns the string representation 9886func (s UpdateAliasInput) GoString() string { 9887 return s.String() 9888} 9889 9890// Validate inspects the fields of the type to determine if they are valid. 9891func (s *UpdateAliasInput) Validate() error { 9892 invalidParams := request.ErrInvalidParams{Context: "UpdateAliasInput"} 9893 if s.AliasName == nil { 9894 invalidParams.Add(request.NewErrParamRequired("AliasName")) 9895 } 9896 if s.AliasName != nil && len(*s.AliasName) < 1 { 9897 invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) 9898 } 9899 if s.TargetKeyId == nil { 9900 invalidParams.Add(request.NewErrParamRequired("TargetKeyId")) 9901 } 9902 if s.TargetKeyId != nil && len(*s.TargetKeyId) < 1 { 9903 invalidParams.Add(request.NewErrParamMinLen("TargetKeyId", 1)) 9904 } 9905 9906 if invalidParams.Len() > 0 { 9907 return invalidParams 9908 } 9909 return nil 9910} 9911 9912// SetAliasName sets the AliasName field's value. 9913func (s *UpdateAliasInput) SetAliasName(v string) *UpdateAliasInput { 9914 s.AliasName = &v 9915 return s 9916} 9917 9918// SetTargetKeyId sets the TargetKeyId field's value. 9919func (s *UpdateAliasInput) SetTargetKeyId(v string) *UpdateAliasInput { 9920 s.TargetKeyId = &v 9921 return s 9922} 9923 9924type UpdateAliasOutput struct { 9925 _ struct{} `type:"structure"` 9926} 9927 9928// String returns the string representation 9929func (s UpdateAliasOutput) String() string { 9930 return awsutil.Prettify(s) 9931} 9932 9933// GoString returns the string representation 9934func (s UpdateAliasOutput) GoString() string { 9935 return s.String() 9936} 9937 9938type UpdateCustomKeyStoreInput struct { 9939 _ struct{} `type:"structure"` 9940 9941 // Associates the custom key store with a related AWS CloudHSM cluster. 9942 // 9943 // Enter the cluster ID of the cluster that you used to create the custom key 9944 // store or a cluster that shares a backup history and has the same cluster 9945 // certificate as the original cluster. You cannot use this parameter to associate 9946 // a custom key store with an unrelated cluster. In addition, the replacement 9947 // cluster must fulfill the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) 9948 // for a cluster associated with a custom key store. To view the cluster certificate 9949 // of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) 9950 // operation. 9951 CloudHsmClusterId *string `min:"19" type:"string"` 9952 9953 // Identifies the custom key store that you want to update. Enter the ID of 9954 // the custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores 9955 // operation. 9956 // 9957 // CustomKeyStoreId is a required field 9958 CustomKeyStoreId *string `min:"1" type:"string" required:"true"` 9959 9960 // Enter the current password of the kmsuser crypto user (CU) in the AWS CloudHSM 9961 // cluster that is associated with the custom key store. 9962 // 9963 // This parameter tells AWS KMS the current password of the kmsuser crypto user 9964 // (CU). It does not set or change the password of any users in the AWS CloudHSM 9965 // cluster. 9966 KeyStorePassword *string `min:"1" type:"string" sensitive:"true"` 9967 9968 // Changes the friendly name of the custom key store to the value that you specify. 9969 // The custom key store name must be unique in the AWS account. 9970 NewCustomKeyStoreName *string `min:"1" type:"string"` 9971} 9972 9973// String returns the string representation 9974func (s UpdateCustomKeyStoreInput) String() string { 9975 return awsutil.Prettify(s) 9976} 9977 9978// GoString returns the string representation 9979func (s UpdateCustomKeyStoreInput) GoString() string { 9980 return s.String() 9981} 9982 9983// Validate inspects the fields of the type to determine if they are valid. 9984func (s *UpdateCustomKeyStoreInput) Validate() error { 9985 invalidParams := request.ErrInvalidParams{Context: "UpdateCustomKeyStoreInput"} 9986 if s.CloudHsmClusterId != nil && len(*s.CloudHsmClusterId) < 19 { 9987 invalidParams.Add(request.NewErrParamMinLen("CloudHsmClusterId", 19)) 9988 } 9989 if s.CustomKeyStoreId == nil { 9990 invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) 9991 } 9992 if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { 9993 invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) 9994 } 9995 if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 1 { 9996 invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 1)) 9997 } 9998 if s.NewCustomKeyStoreName != nil && len(*s.NewCustomKeyStoreName) < 1 { 9999 invalidParams.Add(request.NewErrParamMinLen("NewCustomKeyStoreName", 1)) 10000 } 10001 10002 if invalidParams.Len() > 0 { 10003 return invalidParams 10004 } 10005 return nil 10006} 10007 10008// SetCloudHsmClusterId sets the CloudHsmClusterId field's value. 10009func (s *UpdateCustomKeyStoreInput) SetCloudHsmClusterId(v string) *UpdateCustomKeyStoreInput { 10010 s.CloudHsmClusterId = &v 10011 return s 10012} 10013 10014// SetCustomKeyStoreId sets the CustomKeyStoreId field's value. 10015func (s *UpdateCustomKeyStoreInput) SetCustomKeyStoreId(v string) *UpdateCustomKeyStoreInput { 10016 s.CustomKeyStoreId = &v 10017 return s 10018} 10019 10020// SetKeyStorePassword sets the KeyStorePassword field's value. 10021func (s *UpdateCustomKeyStoreInput) SetKeyStorePassword(v string) *UpdateCustomKeyStoreInput { 10022 s.KeyStorePassword = &v 10023 return s 10024} 10025 10026// SetNewCustomKeyStoreName sets the NewCustomKeyStoreName field's value. 10027func (s *UpdateCustomKeyStoreInput) SetNewCustomKeyStoreName(v string) *UpdateCustomKeyStoreInput { 10028 s.NewCustomKeyStoreName = &v 10029 return s 10030} 10031 10032type UpdateCustomKeyStoreOutput struct { 10033 _ struct{} `type:"structure"` 10034} 10035 10036// String returns the string representation 10037func (s UpdateCustomKeyStoreOutput) String() string { 10038 return awsutil.Prettify(s) 10039} 10040 10041// GoString returns the string representation 10042func (s UpdateCustomKeyStoreOutput) GoString() string { 10043 return s.String() 10044} 10045 10046type UpdateKeyDescriptionInput struct { 10047 _ struct{} `type:"structure"` 10048 10049 // New description for the CMK. 10050 // 10051 // Description is a required field 10052 Description *string `type:"string" required:"true"` 10053 10054 // A unique identifier for the customer master key (CMK). 10055 // 10056 // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. 10057 // 10058 // For example: 10059 // 10060 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 10061 // 10062 // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 10063 // 10064 // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. 10065 // 10066 // KeyId is a required field 10067 KeyId *string `min:"1" type:"string" required:"true"` 10068} 10069 10070// String returns the string representation 10071func (s UpdateKeyDescriptionInput) String() string { 10072 return awsutil.Prettify(s) 10073} 10074 10075// GoString returns the string representation 10076func (s UpdateKeyDescriptionInput) GoString() string { 10077 return s.String() 10078} 10079 10080// Validate inspects the fields of the type to determine if they are valid. 10081func (s *UpdateKeyDescriptionInput) Validate() error { 10082 invalidParams := request.ErrInvalidParams{Context: "UpdateKeyDescriptionInput"} 10083 if s.Description == nil { 10084 invalidParams.Add(request.NewErrParamRequired("Description")) 10085 } 10086 if s.KeyId == nil { 10087 invalidParams.Add(request.NewErrParamRequired("KeyId")) 10088 } 10089 if s.KeyId != nil && len(*s.KeyId) < 1 { 10090 invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) 10091 } 10092 10093 if invalidParams.Len() > 0 { 10094 return invalidParams 10095 } 10096 return nil 10097} 10098 10099// SetDescription sets the Description field's value. 10100func (s *UpdateKeyDescriptionInput) SetDescription(v string) *UpdateKeyDescriptionInput { 10101 s.Description = &v 10102 return s 10103} 10104 10105// SetKeyId sets the KeyId field's value. 10106func (s *UpdateKeyDescriptionInput) SetKeyId(v string) *UpdateKeyDescriptionInput { 10107 s.KeyId = &v 10108 return s 10109} 10110 10111type UpdateKeyDescriptionOutput struct { 10112 _ struct{} `type:"structure"` 10113} 10114 10115// String returns the string representation 10116func (s UpdateKeyDescriptionOutput) String() string { 10117 return awsutil.Prettify(s) 10118} 10119 10120// GoString returns the string representation 10121func (s UpdateKeyDescriptionOutput) GoString() string { 10122 return s.String() 10123} 10124 10125const ( 10126 // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value 10127 AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5" 10128 10129 // AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value 10130 AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1" 10131 10132 // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value 10133 AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" 10134) 10135 10136const ( 10137 // ConnectionErrorCodeTypeInvalidCredentials is a ConnectionErrorCodeType enum value 10138 ConnectionErrorCodeTypeInvalidCredentials = "INVALID_CREDENTIALS" 10139 10140 // ConnectionErrorCodeTypeClusterNotFound is a ConnectionErrorCodeType enum value 10141 ConnectionErrorCodeTypeClusterNotFound = "CLUSTER_NOT_FOUND" 10142 10143 // ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value 10144 ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS" 10145 10146 // ConnectionErrorCodeTypeInternalError is a ConnectionErrorCodeType enum value 10147 ConnectionErrorCodeTypeInternalError = "INTERNAL_ERROR" 10148 10149 // ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value 10150 ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS" 10151 10152 // ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value 10153 ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT" 10154) 10155 10156const ( 10157 // ConnectionStateTypeConnected is a ConnectionStateType enum value 10158 ConnectionStateTypeConnected = "CONNECTED" 10159 10160 // ConnectionStateTypeConnecting is a ConnectionStateType enum value 10161 ConnectionStateTypeConnecting = "CONNECTING" 10162 10163 // ConnectionStateTypeFailed is a ConnectionStateType enum value 10164 ConnectionStateTypeFailed = "FAILED" 10165 10166 // ConnectionStateTypeDisconnected is a ConnectionStateType enum value 10167 ConnectionStateTypeDisconnected = "DISCONNECTED" 10168 10169 // ConnectionStateTypeDisconnecting is a ConnectionStateType enum value 10170 ConnectionStateTypeDisconnecting = "DISCONNECTING" 10171) 10172 10173const ( 10174 // DataKeySpecAes256 is a DataKeySpec enum value 10175 DataKeySpecAes256 = "AES_256" 10176 10177 // DataKeySpecAes128 is a DataKeySpec enum value 10178 DataKeySpecAes128 = "AES_128" 10179) 10180 10181const ( 10182 // ExpirationModelTypeKeyMaterialExpires is a ExpirationModelType enum value 10183 ExpirationModelTypeKeyMaterialExpires = "KEY_MATERIAL_EXPIRES" 10184 10185 // ExpirationModelTypeKeyMaterialDoesNotExpire is a ExpirationModelType enum value 10186 ExpirationModelTypeKeyMaterialDoesNotExpire = "KEY_MATERIAL_DOES_NOT_EXPIRE" 10187) 10188 10189const ( 10190 // GrantOperationDecrypt is a GrantOperation enum value 10191 GrantOperationDecrypt = "Decrypt" 10192 10193 // GrantOperationEncrypt is a GrantOperation enum value 10194 GrantOperationEncrypt = "Encrypt" 10195 10196 // GrantOperationGenerateDataKey is a GrantOperation enum value 10197 GrantOperationGenerateDataKey = "GenerateDataKey" 10198 10199 // GrantOperationGenerateDataKeyWithoutPlaintext is a GrantOperation enum value 10200 GrantOperationGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" 10201 10202 // GrantOperationReEncryptFrom is a GrantOperation enum value 10203 GrantOperationReEncryptFrom = "ReEncryptFrom" 10204 10205 // GrantOperationReEncryptTo is a GrantOperation enum value 10206 GrantOperationReEncryptTo = "ReEncryptTo" 10207 10208 // GrantOperationCreateGrant is a GrantOperation enum value 10209 GrantOperationCreateGrant = "CreateGrant" 10210 10211 // GrantOperationRetireGrant is a GrantOperation enum value 10212 GrantOperationRetireGrant = "RetireGrant" 10213 10214 // GrantOperationDescribeKey is a GrantOperation enum value 10215 GrantOperationDescribeKey = "DescribeKey" 10216) 10217 10218const ( 10219 // KeyManagerTypeAws is a KeyManagerType enum value 10220 KeyManagerTypeAws = "AWS" 10221 10222 // KeyManagerTypeCustomer is a KeyManagerType enum value 10223 KeyManagerTypeCustomer = "CUSTOMER" 10224) 10225 10226const ( 10227 // KeyStateEnabled is a KeyState enum value 10228 KeyStateEnabled = "Enabled" 10229 10230 // KeyStateDisabled is a KeyState enum value 10231 KeyStateDisabled = "Disabled" 10232 10233 // KeyStatePendingDeletion is a KeyState enum value 10234 KeyStatePendingDeletion = "PendingDeletion" 10235 10236 // KeyStatePendingImport is a KeyState enum value 10237 KeyStatePendingImport = "PendingImport" 10238 10239 // KeyStateUnavailable is a KeyState enum value 10240 KeyStateUnavailable = "Unavailable" 10241) 10242 10243const ( 10244 // KeyUsageTypeEncryptDecrypt is a KeyUsageType enum value 10245 KeyUsageTypeEncryptDecrypt = "ENCRYPT_DECRYPT" 10246) 10247 10248const ( 10249 // OriginTypeAwsKms is a OriginType enum value 10250 OriginTypeAwsKms = "AWS_KMS" 10251 10252 // OriginTypeExternal is a OriginType enum value 10253 OriginTypeExternal = "EXTERNAL" 10254 10255 // OriginTypeAwsCloudhsm is a OriginType enum value 10256 OriginTypeAwsCloudhsm = "AWS_CLOUDHSM" 10257) 10258 10259const ( 10260 // WrappingKeySpecRsa2048 is a WrappingKeySpec enum value 10261 WrappingKeySpecRsa2048 = "RSA_2048" 10262) 10263