// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. package kms import ( "fmt" "time" "github.com/aws/aws-sdk-go/aws" "github.com/aws/aws-sdk-go/aws/awsutil" "github.com/aws/aws-sdk-go/aws/request" "github.com/aws/aws-sdk-go/private/protocol" "github.com/aws/aws-sdk-go/private/protocol/jsonrpc" ) const opCancelKeyDeletion = "CancelKeyDeletion" // CancelKeyDeletionRequest generates a "aws/request.Request" representing the // client's request for the CancelKeyDeletion operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See CancelKeyDeletion for more information on using the CancelKeyDeletion // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the CancelKeyDeletionRequest method. // req, resp := client.CancelKeyDeletionRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion func (c *KMS) CancelKeyDeletionRequest(input *CancelKeyDeletionInput) (req *request.Request, output *CancelKeyDeletionOutput) { op := &request.Operation{ Name: opCancelKeyDeletion, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CancelKeyDeletionInput{} } output = &CancelKeyDeletionOutput{} req = c.newRequest(op, input, output) return } // CancelKeyDeletion API operation for AWS Key Management Service. // // Cancels the deletion of a customer master key (CMK). When this operation // is successful, the CMK is set to the Disabled state. To enable a CMK, use // EnableKey. You cannot perform this operation on a CMK in a different AWS // account. // // For more information about scheduling and canceling deletion of a CMK, see // Deleting Customer Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the AWS Key Management Service Developer Guide. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation CancelKeyDeletion for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CancelKeyDeletion func (c *KMS) CancelKeyDeletion(input *CancelKeyDeletionInput) (*CancelKeyDeletionOutput, error) { req, out := c.CancelKeyDeletionRequest(input) return out, req.Send() } // CancelKeyDeletionWithContext is the same as CancelKeyDeletion with the addition of // the ability to pass a context and additional request options. // // See CancelKeyDeletion for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) CancelKeyDeletionWithContext(ctx aws.Context, input *CancelKeyDeletionInput, opts ...request.Option) (*CancelKeyDeletionOutput, error) { req, out := c.CancelKeyDeletionRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opConnectCustomKeyStore = "ConnectCustomKeyStore" // ConnectCustomKeyStoreRequest generates a "aws/request.Request" representing the // client's request for the ConnectCustomKeyStore operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ConnectCustomKeyStore for more information on using the ConnectCustomKeyStore // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ConnectCustomKeyStoreRequest method. // req, resp := client.ConnectCustomKeyStoreRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore func (c *KMS) ConnectCustomKeyStoreRequest(input *ConnectCustomKeyStoreInput) (req *request.Request, output *ConnectCustomKeyStoreOutput) { op := &request.Operation{ Name: opConnectCustomKeyStore, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &ConnectCustomKeyStoreInput{} } output = &ConnectCustomKeyStoreOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // ConnectCustomKeyStore API operation for AWS Key Management Service. // // Connects or reconnects a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // to its associated AWS CloudHSM cluster. // // The custom key store must be connected before you can create customer master // keys (CMKs) in the key store or use the CMKs it contains. You can disconnect // and reconnect a custom key store at any time. // // To connect a custom key store, its associated AWS CloudHSM cluster must have // at least one active HSM. To get the number of active HSMs in a cluster, use // the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. To add HSMs to the cluster, use the CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. // // The connection process can take an extended amount of time to complete; up // to 20 minutes. This operation starts the connection process, but it does // not wait for it to complete. When it succeeds, this operation quickly returns // an HTTP 200 response and a JSON object with no properties. However, this // response does not indicate that the custom key store is connected. To get // the connection state of the custom key store, use the DescribeCustomKeyStores // operation. // // During the connection process, AWS KMS finds the AWS CloudHSM cluster that // is associated with the custom key store, creates the connection infrastructure, // connects to the cluster, logs into the AWS CloudHSM client as the kmsuser // crypto user (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) // (CU), and rotates its password. // // The ConnectCustomKeyStore operation might fail for various reasons. To find // the reason, use the DescribeCustomKeyStores operation and see the ConnectionErrorCode // in the response. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry. // // To fix the failure, use the DisconnectCustomKeyStore operation to disconnect // the custom key store, correct the error, use the UpdateCustomKeyStore operation // if necessary, and then use ConnectCustomKeyStore again. // // If you are having trouble connecting or disconnecting a custom key store, // see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ConnectCustomKeyStore for usage and error information. // // Returned Error Codes: // * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException" // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. // // * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. // // This exception is thrown under the following conditions: // // * You requested the CreateKey or GenerateRandom operation in a custom // key store that is not connected. These operations are valid only when // the custom key store ConnectionState is CONNECTED. // // * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // // * You requested the ConnectCustomKeyStore operation on a custom key store // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // // * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" // The request was rejected because the associated AWS CloudHSM cluster did // not meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. // // * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security // group ID. These rules are set by default when you create the cluster. // Do not delete or change them. To get information about a particular security // group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // // * The cluster must contain at least as many HSMs as the operation requires. // To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the AWS CloudHSM cluster must have at least two active HSMs, // each in a different Availability Zone. For the ConnectCustomKeyStore operation, // the AWS CloudHSM must contain at least one active HSM. // // For information about the requirements for an AWS CloudHSM cluster that is // associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the AWS Key Management Service Developer Guide. For information about // creating a private subnet for an AWS CloudHSM cluster, see Create a Private // Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the AWS CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the AWS CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ConnectCustomKeyStore func (c *KMS) ConnectCustomKeyStore(input *ConnectCustomKeyStoreInput) (*ConnectCustomKeyStoreOutput, error) { req, out := c.ConnectCustomKeyStoreRequest(input) return out, req.Send() } // ConnectCustomKeyStoreWithContext is the same as ConnectCustomKeyStore with the addition of // the ability to pass a context and additional request options. // // See ConnectCustomKeyStore for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ConnectCustomKeyStoreWithContext(ctx aws.Context, input *ConnectCustomKeyStoreInput, opts ...request.Option) (*ConnectCustomKeyStoreOutput, error) { req, out := c.ConnectCustomKeyStoreRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opCreateAlias = "CreateAlias" // CreateAliasRequest generates a "aws/request.Request" representing the // client's request for the CreateAlias operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See CreateAlias for more information on using the CreateAlias // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the CreateAliasRequest method. // req, resp := client.CreateAliasRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias func (c *KMS) CreateAliasRequest(input *CreateAliasInput) (req *request.Request, output *CreateAliasOutput) { op := &request.Operation{ Name: opCreateAlias, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CreateAliasInput{} } output = &CreateAliasOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // CreateAlias API operation for AWS Key Management Service. // // Creates a display name for a customer managed customer master key (CMK). // You can use an alias to identify a CMK in selected operations, such as Encrypt // and GenerateDataKey. // // Each CMK can have multiple aliases, but each alias points to only one CMK. // The alias name must be unique in the AWS account and region. To simplify // code that runs in multiple regions, use the same alias name, but point it // to a different CMK in each region. // // Because an alias is not a property of a CMK, you can delete and change the // aliases of a CMK without affecting the CMK. Also, aliases do not appear in // the response from the DescribeKey operation. To get the aliases of all CMKs, // use the ListAliases operation. // // The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. // It can contain only alphanumeric characters, forward slashes (/), underscores // (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ // prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // // The alias and the CMK it is mapped to must be in the same AWS account and // the same region. You cannot perform this operation on an alias in a different // AWS account. // // To map an existing alias to a different CMK, call UpdateAlias. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation CreateAlias for usage and error information. // // Returned Error Codes: // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeAlreadyExistsException "AlreadyExistsException" // The request was rejected because it attempted to create a resource that already // exists. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidAliasNameException "InvalidAliasNameException" // The request was rejected because the specified alias name is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, // see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateAlias func (c *KMS) CreateAlias(input *CreateAliasInput) (*CreateAliasOutput, error) { req, out := c.CreateAliasRequest(input) return out, req.Send() } // CreateAliasWithContext is the same as CreateAlias with the addition of // the ability to pass a context and additional request options. // // See CreateAlias for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) CreateAliasWithContext(ctx aws.Context, input *CreateAliasInput, opts ...request.Option) (*CreateAliasOutput, error) { req, out := c.CreateAliasRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opCreateCustomKeyStore = "CreateCustomKeyStore" // CreateCustomKeyStoreRequest generates a "aws/request.Request" representing the // client's request for the CreateCustomKeyStore operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See CreateCustomKeyStore for more information on using the CreateCustomKeyStore // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the CreateCustomKeyStoreRequest method. // req, resp := client.CreateCustomKeyStoreRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore func (c *KMS) CreateCustomKeyStoreRequest(input *CreateCustomKeyStoreInput) (req *request.Request, output *CreateCustomKeyStoreOutput) { op := &request.Operation{ Name: opCreateCustomKeyStore, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CreateCustomKeyStoreInput{} } output = &CreateCustomKeyStoreOutput{} req = c.newRequest(op, input, output) return } // CreateCustomKeyStore API operation for AWS Key Management Service. // // Creates a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // that is associated with an AWS CloudHSM cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html) // that you own and manage. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // // Before you create the custom key store, you must assemble the required elements, // including an AWS CloudHSM cluster that fulfills the requirements for a custom // key store. For details about the required elements, see Assemble the Prerequisites // (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the AWS Key Management Service Developer Guide. // // When the operation completes successfully, it returns the ID of the new custom // key store. Before you can use your new custom key store, you need to use // the ConnectCustomKeyStore operation to connect the new key store to its AWS // CloudHSM cluster. Even if you are not going to use your custom key store // immediately, you might want to connect it to verify that all settings are // correct and then disconnect it until you are ready to use it. // // For help with failures, see Troubleshooting a Custom Key Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation CreateCustomKeyStore for usage and error information. // // Returned Error Codes: // * ErrCodeCloudHsmClusterInUseException "CloudHsmClusterInUseException" // The request was rejected because the specified AWS CloudHSM cluster is already // associated with a custom key store or it shares a backup history with a cluster // that is associated with a custom key store. Each custom key store must be // associated with a different AWS CloudHSM cluster. // // Clusters that share a backup history have the same cluster certificate. To // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // * ErrCodeCustomKeyStoreNameInUseException "CustomKeyStoreNameInUseException" // The request was rejected because the specified custom key store name is already // assigned to another custom key store in the account. Try again with a custom // key store name that is unique in the account. // // * ErrCodeCloudHsmClusterNotFoundException "CloudHsmClusterNotFoundException" // The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster // with the specified cluster ID. Retry the request with a different cluster // ID. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException" // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. // // * ErrCodeIncorrectTrustAnchorException "IncorrectTrustAnchorException" // The request was rejected because the trust anchor certificate in the request // is not the trust anchor certificate for the specified AWS CloudHSM cluster. // // When you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create the trust anchor certificate and save it in the customerCA.crt // file. // // * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" // The request was rejected because the associated AWS CloudHSM cluster did // not meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. // // * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security // group ID. These rules are set by default when you create the cluster. // Do not delete or change them. To get information about a particular security // group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // // * The cluster must contain at least as many HSMs as the operation requires. // To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the AWS CloudHSM cluster must have at least two active HSMs, // each in a different Availability Zone. For the ConnectCustomKeyStore operation, // the AWS CloudHSM must contain at least one active HSM. // // For information about the requirements for an AWS CloudHSM cluster that is // associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the AWS Key Management Service Developer Guide. For information about // creating a private subnet for an AWS CloudHSM cluster, see Create a Private // Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the AWS CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the AWS CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateCustomKeyStore func (c *KMS) CreateCustomKeyStore(input *CreateCustomKeyStoreInput) (*CreateCustomKeyStoreOutput, error) { req, out := c.CreateCustomKeyStoreRequest(input) return out, req.Send() } // CreateCustomKeyStoreWithContext is the same as CreateCustomKeyStore with the addition of // the ability to pass a context and additional request options. // // See CreateCustomKeyStore for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) CreateCustomKeyStoreWithContext(ctx aws.Context, input *CreateCustomKeyStoreInput, opts ...request.Option) (*CreateCustomKeyStoreOutput, error) { req, out := c.CreateCustomKeyStoreRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opCreateGrant = "CreateGrant" // CreateGrantRequest generates a "aws/request.Request" representing the // client's request for the CreateGrant operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See CreateGrant for more information on using the CreateGrant // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the CreateGrantRequest method. // req, resp := client.CreateGrantRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant func (c *KMS) CreateGrantRequest(input *CreateGrantInput) (req *request.Request, output *CreateGrantOutput) { op := &request.Operation{ Name: opCreateGrant, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CreateGrantInput{} } output = &CreateGrantOutput{} req = c.newRequest(op, input, output) return } // CreateGrant API operation for AWS Key Management Service. // // Adds a grant to a customer master key (CMK). The grant allows the grantee // principal to use the CMK when the conditions specified in the grant are met. // When setting permissions, grants are an alternative to key policies. // // To create a grant that allows a cryptographic operation only when the encryption // context in the operation request matches or includes a specified encryption // context, use the Constraints parameter. For details, see GrantConstraints. // // To perform this operation on a CMK in a different AWS account, specify the // key ARN in the value of the KeyId parameter. For more information about grants, // see Grants (https://docs.aws.amazon.com/kms/latest/developerguide/grants.html) // in the AWS Key Management Service Developer Guide . // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation CreateGrant for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDisabledException "DisabledException" // The request was rejected because the specified CMK is not enabled. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" // The request was rejected because the specified grant token is not valid. // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, // see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateGrant func (c *KMS) CreateGrant(input *CreateGrantInput) (*CreateGrantOutput, error) { req, out := c.CreateGrantRequest(input) return out, req.Send() } // CreateGrantWithContext is the same as CreateGrant with the addition of // the ability to pass a context and additional request options. // // See CreateGrant for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) CreateGrantWithContext(ctx aws.Context, input *CreateGrantInput, opts ...request.Option) (*CreateGrantOutput, error) { req, out := c.CreateGrantRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opCreateKey = "CreateKey" // CreateKeyRequest generates a "aws/request.Request" representing the // client's request for the CreateKey operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See CreateKey for more information on using the CreateKey // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the CreateKeyRequest method. // req, resp := client.CreateKeyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey func (c *KMS) CreateKeyRequest(input *CreateKeyInput) (req *request.Request, output *CreateKeyOutput) { op := &request.Operation{ Name: opCreateKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &CreateKeyInput{} } output = &CreateKeyOutput{} req = c.newRequest(op, input, output) return } // CreateKey API operation for AWS Key Management Service. // // Creates a customer managed customer master key (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) // (CMK) in your AWS account. // // You can use a CMK to encrypt small amounts of data (up to 4096 bytes) directly. // But CMKs are more commonly used to encrypt the data keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#data-keys) // that are used to encrypt data. // // To create a CMK for imported key material, use the Origin parameter with // a value of EXTERNAL. // // To create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // use the CustomKeyStoreId parameter to specify the custom key store. You must // also use the Origin parameter with a value of AWS_CLOUDHSM. The AWS CloudHSM // cluster that is associated with the custom key store must have at least two // active HSMs in different Availability Zones in the AWS Region. // // You cannot use this operation to create a CMK in a different AWS account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation CreateKey for usage and error information. // // Returned Error Codes: // * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" // The request was rejected because the specified policy is not syntactically // or semantically correct. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, // see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeTagException "TagException" // The request was rejected because one or more tags are not valid. // // * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // // * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. // // This exception is thrown under the following conditions: // // * You requested the CreateKey or GenerateRandom operation in a custom // key store that is not connected. These operations are valid only when // the custom key store ConnectionState is CONNECTED. // // * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // // * You requested the ConnectCustomKeyStore operation on a custom key store // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // // * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" // The request was rejected because the associated AWS CloudHSM cluster did // not meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. // // * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security // group ID. These rules are set by default when you create the cluster. // Do not delete or change them. To get information about a particular security // group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // // * The cluster must contain at least as many HSMs as the operation requires. // To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the AWS CloudHSM cluster must have at least two active HSMs, // each in a different Availability Zone. For the ConnectCustomKeyStore operation, // the AWS CloudHSM must contain at least one active HSM. // // For information about the requirements for an AWS CloudHSM cluster that is // associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the AWS Key Management Service Developer Guide. For information about // creating a private subnet for an AWS CloudHSM cluster, see Create a Private // Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the AWS CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the AWS CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CreateKey func (c *KMS) CreateKey(input *CreateKeyInput) (*CreateKeyOutput, error) { req, out := c.CreateKeyRequest(input) return out, req.Send() } // CreateKeyWithContext is the same as CreateKey with the addition of // the ability to pass a context and additional request options. // // See CreateKey for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) CreateKeyWithContext(ctx aws.Context, input *CreateKeyInput, opts ...request.Option) (*CreateKeyOutput, error) { req, out := c.CreateKeyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDecrypt = "Decrypt" // DecryptRequest generates a "aws/request.Request" representing the // client's request for the Decrypt operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See Decrypt for more information on using the Decrypt // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the DecryptRequest method. // req, resp := client.DecryptRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output *DecryptOutput) { op := &request.Operation{ Name: opDecrypt, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DecryptInput{} } output = &DecryptOutput{} req = c.newRequest(op, input, output) return } // Decrypt API operation for AWS Key Management Service. // // Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted // by using any of the following operations: // // * GenerateDataKey // // * GenerateDataKeyWithoutPlaintext // // * Encrypt // // Whenever possible, use key policies to give users permission to call the // Decrypt operation on the CMK, instead of IAM policies. Otherwise, you might // create an IAM user policy that gives the user Decrypt permission on all CMKs. // This user could decrypt ciphertext that was encrypted by CMKs in other accounts // if the key policy for the cross-account CMK permits it. If you must use an // IAM policy for Decrypt permissions, limit the user to particular CMKs or // particular trusted accounts. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation Decrypt for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDisabledException "DisabledException" // The request was rejected because the specified CMK is not enabled. // // * ErrCodeInvalidCiphertextException "InvalidCiphertextException" // The request was rejected because the specified ciphertext, or additional // authenticated data incorporated into the ciphertext, such as the encryption // context, is corrupted, missing, or otherwise invalid. // // * ErrCodeKeyUnavailableException "KeyUnavailableException" // The request was rejected because the specified CMK was not available. The // request can be retried. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" // The request was rejected because the specified grant token is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Decrypt func (c *KMS) Decrypt(input *DecryptInput) (*DecryptOutput, error) { req, out := c.DecryptRequest(input) return out, req.Send() } // DecryptWithContext is the same as Decrypt with the addition of // the ability to pass a context and additional request options. // // See Decrypt for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) DecryptWithContext(ctx aws.Context, input *DecryptInput, opts ...request.Option) (*DecryptOutput, error) { req, out := c.DecryptRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDeleteAlias = "DeleteAlias" // DeleteAliasRequest generates a "aws/request.Request" representing the // client's request for the DeleteAlias operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DeleteAlias for more information on using the DeleteAlias // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the DeleteAliasRequest method. // req, resp := client.DeleteAliasRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias func (c *KMS) DeleteAliasRequest(input *DeleteAliasInput) (req *request.Request, output *DeleteAliasOutput) { op := &request.Operation{ Name: opDeleteAlias, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DeleteAliasInput{} } output = &DeleteAliasOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // DeleteAlias API operation for AWS Key Management Service. // // Deletes the specified alias. You cannot perform this operation on an alias // in a different AWS account. // // Because an alias is not a property of a CMK, you can delete and change the // aliases of a CMK without affecting the CMK. Also, aliases do not appear in // the response from the DescribeKey operation. To get the aliases of all CMKs, // use the ListAliases operation. // // Each CMK can have multiple aliases. To change the alias of a CMK, use DeleteAlias // to delete the current alias and CreateAlias to create a new alias. To associate // an existing alias with a different customer master key (CMK), call UpdateAlias. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation DeleteAlias for usage and error information. // // Returned Error Codes: // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteAlias func (c *KMS) DeleteAlias(input *DeleteAliasInput) (*DeleteAliasOutput, error) { req, out := c.DeleteAliasRequest(input) return out, req.Send() } // DeleteAliasWithContext is the same as DeleteAlias with the addition of // the ability to pass a context and additional request options. // // See DeleteAlias for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) DeleteAliasWithContext(ctx aws.Context, input *DeleteAliasInput, opts ...request.Option) (*DeleteAliasOutput, error) { req, out := c.DeleteAliasRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDeleteCustomKeyStore = "DeleteCustomKeyStore" // DeleteCustomKeyStoreRequest generates a "aws/request.Request" representing the // client's request for the DeleteCustomKeyStore operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DeleteCustomKeyStore for more information on using the DeleteCustomKeyStore // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the DeleteCustomKeyStoreRequest method. // req, resp := client.DeleteCustomKeyStoreRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStore func (c *KMS) DeleteCustomKeyStoreRequest(input *DeleteCustomKeyStoreInput) (req *request.Request, output *DeleteCustomKeyStoreOutput) { op := &request.Operation{ Name: opDeleteCustomKeyStore, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DeleteCustomKeyStoreInput{} } output = &DeleteCustomKeyStoreOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // DeleteCustomKeyStore API operation for AWS Key Management Service. // // Deletes a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // This operation does not delete the AWS CloudHSM cluster that is associated // with the custom key store, or affect any users or keys in the cluster. // // The custom key store that you delete cannot contain any AWS KMS customer // master keys (CMKs) (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). // Before deleting the key store, verify that you will never need to use any // of the CMKs in the key store for any cryptographic operations. Then, use // ScheduleKeyDeletion to delete the AWS KMS customer master keys (CMKs) from // the key store. When the scheduled waiting period expires, the ScheduleKeyDeletion // operation deletes the CMKs. Then it makes a best effort to delete the key // material from the associated cluster. However, you might need to manually // delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) // from the cluster and its backups. // // After all CMKs are deleted from AWS KMS, use DisconnectCustomKeyStore to // disconnect the key store from AWS KMS. Then, you can delete the custom key // store. // // Instead of deleting the custom key store, consider using DisconnectCustomKeyStore // to disconnect it from AWS KMS. While the key store is disconnected, you cannot // create or use the CMKs in the key store. But, you do not need to delete CMKs // and you can reconnect a disconnected custom key store at any time. // // If the operation succeeds, it returns a JSON object with no properties. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation DeleteCustomKeyStore for usage and error information. // // Returned Error Codes: // * ErrCodeCustomKeyStoreHasCMKsException "CustomKeyStoreHasCMKsException" // The request was rejected because the custom key store contains AWS KMS customer // master keys (CMKs). After verifying that you do not need to use the CMKs, // use the ScheduleKeyDeletion operation to delete the CMKs. After they are // deleted, you can delete the custom key store. // // * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. // // This exception is thrown under the following conditions: // // * You requested the CreateKey or GenerateRandom operation in a custom // key store that is not connected. These operations are valid only when // the custom key store ConnectionState is CONNECTED. // // * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // // * You requested the ConnectCustomKeyStore operation on a custom key store // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // // * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteCustomKeyStore func (c *KMS) DeleteCustomKeyStore(input *DeleteCustomKeyStoreInput) (*DeleteCustomKeyStoreOutput, error) { req, out := c.DeleteCustomKeyStoreRequest(input) return out, req.Send() } // DeleteCustomKeyStoreWithContext is the same as DeleteCustomKeyStore with the addition of // the ability to pass a context and additional request options. // // See DeleteCustomKeyStore for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) DeleteCustomKeyStoreWithContext(ctx aws.Context, input *DeleteCustomKeyStoreInput, opts ...request.Option) (*DeleteCustomKeyStoreOutput, error) { req, out := c.DeleteCustomKeyStoreRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDeleteImportedKeyMaterial = "DeleteImportedKeyMaterial" // DeleteImportedKeyMaterialRequest generates a "aws/request.Request" representing the // client's request for the DeleteImportedKeyMaterial operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DeleteImportedKeyMaterial for more information on using the DeleteImportedKeyMaterial // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the DeleteImportedKeyMaterialRequest method. // req, resp := client.DeleteImportedKeyMaterialRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial func (c *KMS) DeleteImportedKeyMaterialRequest(input *DeleteImportedKeyMaterialInput) (req *request.Request, output *DeleteImportedKeyMaterialOutput) { op := &request.Operation{ Name: opDeleteImportedKeyMaterial, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DeleteImportedKeyMaterialInput{} } output = &DeleteImportedKeyMaterialOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // DeleteImportedKeyMaterial API operation for AWS Key Management Service. // // Deletes key material that you previously imported. This operation makes the // specified customer master key (CMK) unusable. For more information about // importing key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. You cannot perform this // operation on a CMK in a different AWS account. // // When the specified CMK is in the PendingDeletion state, this operation does // not change the CMK's state. Otherwise, it changes the CMK's state to PendingImport. // // After you delete key material, you can use ImportKeyMaterial to reimport // the same key material into the CMK. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation DeleteImportedKeyMaterial for usage and error information. // // Returned Error Codes: // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DeleteImportedKeyMaterial func (c *KMS) DeleteImportedKeyMaterial(input *DeleteImportedKeyMaterialInput) (*DeleteImportedKeyMaterialOutput, error) { req, out := c.DeleteImportedKeyMaterialRequest(input) return out, req.Send() } // DeleteImportedKeyMaterialWithContext is the same as DeleteImportedKeyMaterial with the addition of // the ability to pass a context and additional request options. // // See DeleteImportedKeyMaterial for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) DeleteImportedKeyMaterialWithContext(ctx aws.Context, input *DeleteImportedKeyMaterialInput, opts ...request.Option) (*DeleteImportedKeyMaterialOutput, error) { req, out := c.DeleteImportedKeyMaterialRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDescribeCustomKeyStores = "DescribeCustomKeyStores" // DescribeCustomKeyStoresRequest generates a "aws/request.Request" representing the // client's request for the DescribeCustomKeyStores operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DescribeCustomKeyStores for more information on using the DescribeCustomKeyStores // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the DescribeCustomKeyStoresRequest method. // req, resp := client.DescribeCustomKeyStoresRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores func (c *KMS) DescribeCustomKeyStoresRequest(input *DescribeCustomKeyStoresInput) (req *request.Request, output *DescribeCustomKeyStoresOutput) { op := &request.Operation{ Name: opDescribeCustomKeyStores, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DescribeCustomKeyStoresInput{} } output = &DescribeCustomKeyStoresOutput{} req = c.newRequest(op, input, output) return } // DescribeCustomKeyStores API operation for AWS Key Management Service. // // Gets information about custom key stores (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // in the account and region. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // // By default, this operation returns information about all custom key stores // in the account and region. To get only information about a particular custom // key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter // (but not both). // // To determine whether the custom key store is connected to its AWS CloudHSM // cluster, use the ConnectionState element in the response. If an attempt to // connect the custom key store failed, the ConnectionState value is FAILED // and the ConnectionErrorCode element in the response indicates the cause of // the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry. // // Custom key stores have a DISCONNECTED connection state if the key store has // never been connected or you use the DisconnectCustomKeyStore operation to // disconnect it. If your custom key store state is CONNECTED but you are having // trouble using it, make sure that its associated AWS CloudHSM cluster is active // and contains the minimum number of HSMs required for the operation, if any. // // For help repairing your custom key store, see the Troubleshooting Custom // Key Stores (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // topic in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation DescribeCustomKeyStores for usage and error information. // // Returned Error Codes: // * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeCustomKeyStores func (c *KMS) DescribeCustomKeyStores(input *DescribeCustomKeyStoresInput) (*DescribeCustomKeyStoresOutput, error) { req, out := c.DescribeCustomKeyStoresRequest(input) return out, req.Send() } // DescribeCustomKeyStoresWithContext is the same as DescribeCustomKeyStores with the addition of // the ability to pass a context and additional request options. // // See DescribeCustomKeyStores for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) DescribeCustomKeyStoresWithContext(ctx aws.Context, input *DescribeCustomKeyStoresInput, opts ...request.Option) (*DescribeCustomKeyStoresOutput, error) { req, out := c.DescribeCustomKeyStoresRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDescribeKey = "DescribeKey" // DescribeKeyRequest generates a "aws/request.Request" representing the // client's request for the DescribeKey operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DescribeKey for more information on using the DescribeKey // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the DescribeKeyRequest method. // req, resp := client.DescribeKeyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey func (c *KMS) DescribeKeyRequest(input *DescribeKeyInput) (req *request.Request, output *DescribeKeyOutput) { op := &request.Operation{ Name: opDescribeKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DescribeKeyInput{} } output = &DescribeKeyOutput{} req = c.newRequest(op, input, output) return } // DescribeKey API operation for AWS Key Management Service. // // Provides detailed information about the specified customer master key (CMK). // // You can use DescribeKey on a predefined AWS alias, that is, an AWS alias // with no key ID. When you do, AWS KMS associates the alias with an AWS managed // CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) // and returns its KeyId and Arn in the response. // // To perform this operation on a CMK in a different AWS account, specify the // key ARN or alias ARN in the value of the KeyId parameter. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation DescribeKey for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DescribeKey func (c *KMS) DescribeKey(input *DescribeKeyInput) (*DescribeKeyOutput, error) { req, out := c.DescribeKeyRequest(input) return out, req.Send() } // DescribeKeyWithContext is the same as DescribeKey with the addition of // the ability to pass a context and additional request options. // // See DescribeKey for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) DescribeKeyWithContext(ctx aws.Context, input *DescribeKeyInput, opts ...request.Option) (*DescribeKeyOutput, error) { req, out := c.DescribeKeyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDisableKey = "DisableKey" // DisableKeyRequest generates a "aws/request.Request" representing the // client's request for the DisableKey operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DisableKey for more information on using the DisableKey // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the DisableKeyRequest method. // req, resp := client.DisableKeyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey func (c *KMS) DisableKeyRequest(input *DisableKeyInput) (req *request.Request, output *DisableKeyOutput) { op := &request.Operation{ Name: opDisableKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DisableKeyInput{} } output = &DisableKeyOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // DisableKey API operation for AWS Key Management Service. // // Sets the state of a customer master key (CMK) to disabled, thereby preventing // its use for cryptographic operations. You cannot perform this operation on // a CMK in a different AWS account. // // For more information about how key state affects the use of a CMK, see How // Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide . // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation DisableKey for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKey func (c *KMS) DisableKey(input *DisableKeyInput) (*DisableKeyOutput, error) { req, out := c.DisableKeyRequest(input) return out, req.Send() } // DisableKeyWithContext is the same as DisableKey with the addition of // the ability to pass a context and additional request options. // // See DisableKey for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) DisableKeyWithContext(ctx aws.Context, input *DisableKeyInput, opts ...request.Option) (*DisableKeyOutput, error) { req, out := c.DisableKeyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDisableKeyRotation = "DisableKeyRotation" // DisableKeyRotationRequest generates a "aws/request.Request" representing the // client's request for the DisableKeyRotation operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DisableKeyRotation for more information on using the DisableKeyRotation // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the DisableKeyRotationRequest method. // req, resp := client.DisableKeyRotationRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation func (c *KMS) DisableKeyRotationRequest(input *DisableKeyRotationInput) (req *request.Request, output *DisableKeyRotationOutput) { op := &request.Operation{ Name: opDisableKeyRotation, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DisableKeyRotationInput{} } output = &DisableKeyRotationOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // DisableKeyRotation API operation for AWS Key Management Service. // // Disables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // for the specified customer master key (CMK). You cannot perform this operation // on a CMK in a different AWS account. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation DisableKeyRotation for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDisabledException "DisabledException" // The request was rejected because the specified CMK is not enabled. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisableKeyRotation func (c *KMS) DisableKeyRotation(input *DisableKeyRotationInput) (*DisableKeyRotationOutput, error) { req, out := c.DisableKeyRotationRequest(input) return out, req.Send() } // DisableKeyRotationWithContext is the same as DisableKeyRotation with the addition of // the ability to pass a context and additional request options. // // See DisableKeyRotation for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) DisableKeyRotationWithContext(ctx aws.Context, input *DisableKeyRotationInput, opts ...request.Option) (*DisableKeyRotationOutput, error) { req, out := c.DisableKeyRotationRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opDisconnectCustomKeyStore = "DisconnectCustomKeyStore" // DisconnectCustomKeyStoreRequest generates a "aws/request.Request" representing the // client's request for the DisconnectCustomKeyStore operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See DisconnectCustomKeyStore for more information on using the DisconnectCustomKeyStore // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the DisconnectCustomKeyStoreRequest method. // req, resp := client.DisconnectCustomKeyStoreRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStore func (c *KMS) DisconnectCustomKeyStoreRequest(input *DisconnectCustomKeyStoreInput) (req *request.Request, output *DisconnectCustomKeyStoreOutput) { op := &request.Operation{ Name: opDisconnectCustomKeyStore, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &DisconnectCustomKeyStoreInput{} } output = &DisconnectCustomKeyStoreOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // DisconnectCustomKeyStore API operation for AWS Key Management Service. // // Disconnects the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // from its associated AWS CloudHSM cluster. While a custom key store is disconnected, // you can manage the custom key store and its customer master keys (CMKs), // but you cannot create or use CMKs in the custom key store. You can reconnect // the custom key store at any time. // // While a custom key store is disconnected, all attempts to create customer // master keys (CMKs) in the custom key store or to use existing CMKs in cryptographic // operations will fail. This action can prevent users from storing and accessing // sensitive data. // // To find the connection state of a custom key store, use the DescribeCustomKeyStores // operation. To reconnect a custom key store, use the ConnectCustomKeyStore // operation. // // If the operation succeeds, it returns a JSON object with no properties. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation DisconnectCustomKeyStore for usage and error information. // // Returned Error Codes: // * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. // // This exception is thrown under the following conditions: // // * You requested the CreateKey or GenerateRandom operation in a custom // key store that is not connected. These operations are valid only when // the custom key store ConnectionState is CONNECTED. // // * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // // * You requested the ConnectCustomKeyStore operation on a custom key store // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // // * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/DisconnectCustomKeyStore func (c *KMS) DisconnectCustomKeyStore(input *DisconnectCustomKeyStoreInput) (*DisconnectCustomKeyStoreOutput, error) { req, out := c.DisconnectCustomKeyStoreRequest(input) return out, req.Send() } // DisconnectCustomKeyStoreWithContext is the same as DisconnectCustomKeyStore with the addition of // the ability to pass a context and additional request options. // // See DisconnectCustomKeyStore for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) DisconnectCustomKeyStoreWithContext(ctx aws.Context, input *DisconnectCustomKeyStoreInput, opts ...request.Option) (*DisconnectCustomKeyStoreOutput, error) { req, out := c.DisconnectCustomKeyStoreRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opEnableKey = "EnableKey" // EnableKeyRequest generates a "aws/request.Request" representing the // client's request for the EnableKey operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See EnableKey for more information on using the EnableKey // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the EnableKeyRequest method. // req, resp := client.EnableKeyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey func (c *KMS) EnableKeyRequest(input *EnableKeyInput) (req *request.Request, output *EnableKeyOutput) { op := &request.Operation{ Name: opEnableKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &EnableKeyInput{} } output = &EnableKeyOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // EnableKey API operation for AWS Key Management Service. // // Sets the key state of a customer master key (CMK) to enabled. This allows // you to use the CMK for cryptographic operations. You cannot perform this // operation on a CMK in a different AWS account. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation EnableKey for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, // see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKey func (c *KMS) EnableKey(input *EnableKeyInput) (*EnableKeyOutput, error) { req, out := c.EnableKeyRequest(input) return out, req.Send() } // EnableKeyWithContext is the same as EnableKey with the addition of // the ability to pass a context and additional request options. // // See EnableKey for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) EnableKeyWithContext(ctx aws.Context, input *EnableKeyInput, opts ...request.Option) (*EnableKeyOutput, error) { req, out := c.EnableKeyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opEnableKeyRotation = "EnableKeyRotation" // EnableKeyRotationRequest generates a "aws/request.Request" representing the // client's request for the EnableKeyRotation operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See EnableKeyRotation for more information on using the EnableKeyRotation // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the EnableKeyRotationRequest method. // req, resp := client.EnableKeyRotationRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation func (c *KMS) EnableKeyRotationRequest(input *EnableKeyRotationInput) (req *request.Request, output *EnableKeyRotationOutput) { op := &request.Operation{ Name: opEnableKeyRotation, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &EnableKeyRotationInput{} } output = &EnableKeyRotationOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // EnableKeyRotation API operation for AWS Key Management Service. // // Enables automatic rotation of the key material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // for the specified customer master key (CMK). You cannot perform this operation // on a CMK in a different AWS account. // // You cannot enable automatic rotation of CMKs with imported key material or // CMKs in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation EnableKeyRotation for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDisabledException "DisabledException" // The request was rejected because the specified CMK is not enabled. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/EnableKeyRotation func (c *KMS) EnableKeyRotation(input *EnableKeyRotationInput) (*EnableKeyRotationOutput, error) { req, out := c.EnableKeyRotationRequest(input) return out, req.Send() } // EnableKeyRotationWithContext is the same as EnableKeyRotation with the addition of // the ability to pass a context and additional request options. // // See EnableKeyRotation for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) EnableKeyRotationWithContext(ctx aws.Context, input *EnableKeyRotationInput, opts ...request.Option) (*EnableKeyRotationOutput, error) { req, out := c.EnableKeyRotationRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opEncrypt = "Encrypt" // EncryptRequest generates a "aws/request.Request" representing the // client's request for the Encrypt operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See Encrypt for more information on using the Encrypt // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the EncryptRequest method. // req, resp := client.EncryptRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt func (c *KMS) EncryptRequest(input *EncryptInput) (req *request.Request, output *EncryptOutput) { op := &request.Operation{ Name: opEncrypt, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &EncryptInput{} } output = &EncryptOutput{} req = c.newRequest(op, input, output) return } // Encrypt API operation for AWS Key Management Service. // // Encrypts plaintext into ciphertext by using a customer master key (CMK). // The Encrypt operation has two primary use cases: // // * You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such // as an RSA key, a database password, or other sensitive information. // // * You can use the Encrypt operation to move encrypted data from one AWS // region to another. In the first region, generate a data key and use the // plaintext key to encrypt the data. Then, in the new region, call the Encrypt // method on same plaintext data key. Now, you can safely move the encrypted // data and encrypted data key to the new region, and decrypt in the new // region when necessary. // // You don't need use this operation to encrypt a data key within a region. // The GenerateDataKey and GenerateDataKeyWithoutPlaintext operations return // an encrypted data key. // // Also, you don't need to use this operation to encrypt data in your application. // You can use the plaintext and encrypted data keys that the GenerateDataKey // operation returns. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // To perform this operation on a CMK in a different AWS account, specify the // key ARN or alias ARN in the value of the KeyId parameter. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation Encrypt for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDisabledException "DisabledException" // The request was rejected because the specified CMK is not enabled. // // * ErrCodeKeyUnavailableException "KeyUnavailableException" // The request was rejected because the specified CMK was not available. The // request can be retried. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" // The request was rejected because the specified KeySpec value is not valid. // // * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" // The request was rejected because the specified grant token is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/Encrypt func (c *KMS) Encrypt(input *EncryptInput) (*EncryptOutput, error) { req, out := c.EncryptRequest(input) return out, req.Send() } // EncryptWithContext is the same as Encrypt with the addition of // the ability to pass a context and additional request options. // // See Encrypt for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) EncryptWithContext(ctx aws.Context, input *EncryptInput, opts ...request.Option) (*EncryptOutput, error) { req, out := c.EncryptRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opGenerateDataKey = "GenerateDataKey" // GenerateDataKeyRequest generates a "aws/request.Request" representing the // client's request for the GenerateDataKey operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See GenerateDataKey for more information on using the GenerateDataKey // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the GenerateDataKeyRequest method. // req, resp := client.GenerateDataKeyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.Request, output *GenerateDataKeyOutput) { op := &request.Operation{ Name: opGenerateDataKey, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GenerateDataKeyInput{} } output = &GenerateDataKeyOutput{} req = c.newRequest(op, input, output) return } // GenerateDataKey API operation for AWS Key Management Service. // // Generates a unique data key. This operation returns a plaintext copy of the // data key and a copy that is encrypted under a customer master key (CMK) that // you specify. You can use the plaintext key to encrypt your data outside of // KMS and store the encrypted data key with the encrypted data. // // GenerateDataKey returns a unique data key for each request. The bytes in // the key are not related to the caller or CMK that is used to encrypt the // data key. // // To generate a data key, you need to specify the customer master key (CMK) // that will be used to encrypt the data key. You must also specify the length // of the data key using either the KeySpec or NumberOfBytes field (but not // both). For common key lengths (128-bit and 256-bit symmetric keys), we recommend // that you use KeySpec. To perform this operation on a CMK in a different AWS // account, specify the key ARN or alias ARN in the value of the KeyId parameter. // // You will find the plaintext copy of the data key in the Plaintext field of // the response, and the encrypted copy of the data key in the CiphertextBlob // field. // // We recommend that you use the following pattern to encrypt data locally in // your application: // // Use the GenerateDataKey operation to get a data encryption key. // // Use the plaintext data key (returned in the Plaintext field of the response) // to encrypt data locally, then erase the plaintext data key from memory. // // Store the encrypted data key (returned in the CiphertextBlob field of the // response) alongside the locally encrypted data. // // To decrypt data locally: // // Use the Decrypt operation to decrypt the encrypted data key. The operation // returns a plaintext copy of the data key. // // Use the plaintext data key to decrypt data locally, then erase the plaintext // data key from memory. // // To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. // To get a cryptographically secure random byte string, use GenerateRandom. // // You can use the optional encryption context to add additional security to // your encryption operation. When you specify an EncryptionContext in the GenerateDataKey // operation, you must specify the same encryption context (a case-sensitive // exact match) in your request to Decrypt the data key. Otherwise, the request // to decrypt fails with an InvalidCiphertextException. For more information, // see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the AWS Key Management Service Developer Guide . // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation GenerateDataKey for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDisabledException "DisabledException" // The request was rejected because the specified CMK is not enabled. // // * ErrCodeKeyUnavailableException "KeyUnavailableException" // The request was rejected because the specified CMK was not available. The // request can be retried. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" // The request was rejected because the specified KeySpec value is not valid. // // * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" // The request was rejected because the specified grant token is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKey func (c *KMS) GenerateDataKey(input *GenerateDataKeyInput) (*GenerateDataKeyOutput, error) { req, out := c.GenerateDataKeyRequest(input) return out, req.Send() } // GenerateDataKeyWithContext is the same as GenerateDataKey with the addition of // the ability to pass a context and additional request options. // // See GenerateDataKey for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) GenerateDataKeyWithContext(ctx aws.Context, input *GenerateDataKeyInput, opts ...request.Option) (*GenerateDataKeyOutput, error) { req, out := c.GenerateDataKeyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" // GenerateDataKeyWithoutPlaintextRequest generates a "aws/request.Request" representing the // client's request for the GenerateDataKeyWithoutPlaintext operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See GenerateDataKeyWithoutPlaintext for more information on using the GenerateDataKeyWithoutPlaintext // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the GenerateDataKeyWithoutPlaintextRequest method. // req, resp := client.GenerateDataKeyWithoutPlaintextRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext func (c *KMS) GenerateDataKeyWithoutPlaintextRequest(input *GenerateDataKeyWithoutPlaintextInput) (req *request.Request, output *GenerateDataKeyWithoutPlaintextOutput) { op := &request.Operation{ Name: opGenerateDataKeyWithoutPlaintext, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GenerateDataKeyWithoutPlaintextInput{} } output = &GenerateDataKeyWithoutPlaintextOutput{} req = c.newRequest(op, input, output) return } // GenerateDataKeyWithoutPlaintext API operation for AWS Key Management Service. // // Generates a unique data key. This operation returns a data key that is encrypted // under a customer master key (CMK) that you specify. GenerateDataKeyWithoutPlaintext // is identical to GenerateDataKey except that returns only the encrypted copy // of the data key. // // Like GenerateDataKey, GenerateDataKeyWithoutPlaintext returns a unique data // key for each request. The bytes in the key are not related to the caller // or CMK that is used to encrypt the data key. // // This operation is useful for systems that need to encrypt data at some point, // but not immediately. When you need to encrypt the data, you call the Decrypt // operation on the encrypted copy of the key. // // It's also useful in distributed systems with different levels of trust. For // example, you might store encrypted data in containers. One component of your // system creates new containers and stores an encrypted data key with each // container. Then, a different component puts the data into the containers. // That component first decrypts the data key, uses the plaintext data key to // encrypt data, puts the encrypted data into the container, and then destroys // the plaintext data key. In this system, the component that creates the containers // never sees the plaintext data key. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation GenerateDataKeyWithoutPlaintext for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDisabledException "DisabledException" // The request was rejected because the specified CMK is not enabled. // // * ErrCodeKeyUnavailableException "KeyUnavailableException" // The request was rejected because the specified CMK was not available. The // request can be retried. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" // The request was rejected because the specified KeySpec value is not valid. // // * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" // The request was rejected because the specified grant token is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateDataKeyWithoutPlaintext func (c *KMS) GenerateDataKeyWithoutPlaintext(input *GenerateDataKeyWithoutPlaintextInput) (*GenerateDataKeyWithoutPlaintextOutput, error) { req, out := c.GenerateDataKeyWithoutPlaintextRequest(input) return out, req.Send() } // GenerateDataKeyWithoutPlaintextWithContext is the same as GenerateDataKeyWithoutPlaintext with the addition of // the ability to pass a context and additional request options. // // See GenerateDataKeyWithoutPlaintext for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) GenerateDataKeyWithoutPlaintextWithContext(ctx aws.Context, input *GenerateDataKeyWithoutPlaintextInput, opts ...request.Option) (*GenerateDataKeyWithoutPlaintextOutput, error) { req, out := c.GenerateDataKeyWithoutPlaintextRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opGenerateRandom = "GenerateRandom" // GenerateRandomRequest generates a "aws/request.Request" representing the // client's request for the GenerateRandom operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See GenerateRandom for more information on using the GenerateRandom // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the GenerateRandomRequest method. // req, resp := client.GenerateRandomRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom func (c *KMS) GenerateRandomRequest(input *GenerateRandomInput) (req *request.Request, output *GenerateRandomOutput) { op := &request.Operation{ Name: opGenerateRandom, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GenerateRandomInput{} } output = &GenerateRandomOutput{} req = c.newRequest(op, input, output) return } // GenerateRandom API operation for AWS Key Management Service. // // Returns a random byte string that is cryptographically secure. // // By default, the random byte string is generated in AWS KMS. To generate the // byte string in the AWS CloudHSM cluster that is associated with a custom // key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // specify the custom key store ID. // // For more information about entropy and random number generation, see the // AWS Key Management Service Cryptographic Details (https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf) // whitepaper. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation GenerateRandom for usage and error information. // // Returned Error Codes: // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // // * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. // // This exception is thrown under the following conditions: // // * You requested the CreateKey or GenerateRandom operation in a custom // key store that is not connected. These operations are valid only when // the custom key store ConnectionState is CONNECTED. // // * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // // * You requested the ConnectCustomKeyStore operation on a custom key store // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GenerateRandom func (c *KMS) GenerateRandom(input *GenerateRandomInput) (*GenerateRandomOutput, error) { req, out := c.GenerateRandomRequest(input) return out, req.Send() } // GenerateRandomWithContext is the same as GenerateRandom with the addition of // the ability to pass a context and additional request options. // // See GenerateRandom for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) GenerateRandomWithContext(ctx aws.Context, input *GenerateRandomInput, opts ...request.Option) (*GenerateRandomOutput, error) { req, out := c.GenerateRandomRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opGetKeyPolicy = "GetKeyPolicy" // GetKeyPolicyRequest generates a "aws/request.Request" representing the // client's request for the GetKeyPolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See GetKeyPolicy for more information on using the GetKeyPolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the GetKeyPolicyRequest method. // req, resp := client.GetKeyPolicyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy func (c *KMS) GetKeyPolicyRequest(input *GetKeyPolicyInput) (req *request.Request, output *GetKeyPolicyOutput) { op := &request.Operation{ Name: opGetKeyPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GetKeyPolicyInput{} } output = &GetKeyPolicyOutput{} req = c.newRequest(op, input, output) return } // GetKeyPolicy API operation for AWS Key Management Service. // // Gets a key policy attached to the specified customer master key (CMK). You // cannot perform this operation on a CMK in a different AWS account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation GetKeyPolicy for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyPolicy func (c *KMS) GetKeyPolicy(input *GetKeyPolicyInput) (*GetKeyPolicyOutput, error) { req, out := c.GetKeyPolicyRequest(input) return out, req.Send() } // GetKeyPolicyWithContext is the same as GetKeyPolicy with the addition of // the ability to pass a context and additional request options. // // See GetKeyPolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) GetKeyPolicyWithContext(ctx aws.Context, input *GetKeyPolicyInput, opts ...request.Option) (*GetKeyPolicyOutput, error) { req, out := c.GetKeyPolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opGetKeyRotationStatus = "GetKeyRotationStatus" // GetKeyRotationStatusRequest generates a "aws/request.Request" representing the // client's request for the GetKeyRotationStatus operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See GetKeyRotationStatus for more information on using the GetKeyRotationStatus // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the GetKeyRotationStatusRequest method. // req, resp := client.GetKeyRotationStatusRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus func (c *KMS) GetKeyRotationStatusRequest(input *GetKeyRotationStatusInput) (req *request.Request, output *GetKeyRotationStatusOutput) { op := &request.Operation{ Name: opGetKeyRotationStatus, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GetKeyRotationStatusInput{} } output = &GetKeyRotationStatusOutput{} req = c.newRequest(op, input, output) return } // GetKeyRotationStatus API operation for AWS Key Management Service. // // Gets a Boolean value that indicates whether automatic rotation of the key // material (https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html) // is enabled for the specified customer master key (CMK). // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * Disabled: The key rotation status does not change when you disable a // CMK. However, while the CMK is disabled, AWS KMS does not rotate the backing // key. // // * Pending deletion: While a CMK is pending deletion, its key rotation // status is false and AWS KMS does not rotate the backing key. If you cancel // the deletion, the original key rotation status is restored. // // To perform this operation on a CMK in a different AWS account, specify the // key ARN in the value of the KeyId parameter. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation GetKeyRotationStatus for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetKeyRotationStatus func (c *KMS) GetKeyRotationStatus(input *GetKeyRotationStatusInput) (*GetKeyRotationStatusOutput, error) { req, out := c.GetKeyRotationStatusRequest(input) return out, req.Send() } // GetKeyRotationStatusWithContext is the same as GetKeyRotationStatus with the addition of // the ability to pass a context and additional request options. // // See GetKeyRotationStatus for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) GetKeyRotationStatusWithContext(ctx aws.Context, input *GetKeyRotationStatusInput, opts ...request.Option) (*GetKeyRotationStatusOutput, error) { req, out := c.GetKeyRotationStatusRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opGetParametersForImport = "GetParametersForImport" // GetParametersForImportRequest generates a "aws/request.Request" representing the // client's request for the GetParametersForImport operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See GetParametersForImport for more information on using the GetParametersForImport // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the GetParametersForImportRequest method. // req, resp := client.GetParametersForImportRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport func (c *KMS) GetParametersForImportRequest(input *GetParametersForImportInput) (req *request.Request, output *GetParametersForImportOutput) { op := &request.Operation{ Name: opGetParametersForImport, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &GetParametersForImportInput{} } output = &GetParametersForImportOutput{} req = c.newRequest(op, input, output) return } // GetParametersForImport API operation for AWS Key Management Service. // // Returns the items you need in order to import key material into AWS KMS from // your existing key management infrastructure. For more information about importing // key material into AWS KMS, see Importing Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. // // You must specify the key ID of the customer master key (CMK) into which you // will import key material. This CMK's Origin must be EXTERNAL. You must also // specify the wrapping algorithm and type of wrapping key (public key) that // you will use to encrypt the key material. You cannot perform this operation // on a CMK in a different AWS account. // // This operation returns a public key and an import token. Use the public key // to encrypt the key material. Store the import token to send with a subsequent // ImportKeyMaterial request. The public key and import token from the same // response must be used together. These items are valid for 24 hours. When // they expire, they cannot be used for a subsequent ImportKeyMaterial request. // To get new ones, send another GetParametersForImport request. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation GetParametersForImport for usage and error information. // // Returned Error Codes: // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/GetParametersForImport func (c *KMS) GetParametersForImport(input *GetParametersForImportInput) (*GetParametersForImportOutput, error) { req, out := c.GetParametersForImportRequest(input) return out, req.Send() } // GetParametersForImportWithContext is the same as GetParametersForImport with the addition of // the ability to pass a context and additional request options. // // See GetParametersForImport for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) GetParametersForImportWithContext(ctx aws.Context, input *GetParametersForImportInput, opts ...request.Option) (*GetParametersForImportOutput, error) { req, out := c.GetParametersForImportRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opImportKeyMaterial = "ImportKeyMaterial" // ImportKeyMaterialRequest generates a "aws/request.Request" representing the // client's request for the ImportKeyMaterial operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ImportKeyMaterial for more information on using the ImportKeyMaterial // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ImportKeyMaterialRequest method. // req, resp := client.ImportKeyMaterialRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial func (c *KMS) ImportKeyMaterialRequest(input *ImportKeyMaterialInput) (req *request.Request, output *ImportKeyMaterialOutput) { op := &request.Operation{ Name: opImportKeyMaterial, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &ImportKeyMaterialInput{} } output = &ImportKeyMaterialOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // ImportKeyMaterial API operation for AWS Key Management Service. // // Imports key material into an existing AWS KMS customer master key (CMK) that // was created without key material. You cannot perform this operation on a // CMK in a different AWS account. For more information about creating CMKs // with no key material and then importing key material, see Importing Key Material // (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. // // Before using this operation, call GetParametersForImport. Its response includes // a public key and an import token. Use the public key to encrypt the key material. // Then, submit the import token from the same GetParametersForImport response. // // When calling this operation, you must specify the following values: // // * The key ID or key ARN of a CMK with no key material. Its Origin must // be EXTERNAL. To create a CMK with no key material, call CreateKey and // set the value of its Origin parameter to EXTERNAL. To get the Origin of // a CMK, call DescribeKey.) // // * The encrypted key material. To get the public key to encrypt the key // material, call GetParametersForImport. // // * The import token that GetParametersForImport returned. This token and // the public key used to encrypt the key material must have come from the // same response. // // * Whether the key material expires and if so, when. If you set an expiration // date, you can change it only by reimporting the same key material and // specifying a new expiration date. If the key material expires, AWS KMS // deletes the key material and the CMK becomes unusable. To use the CMK // again, you must reimport the same key material. // // When this operation is successful, the key state of the CMK changes from // PendingImport to Enabled, and you can use the CMK. After you successfully // import key material into a CMK, you can reimport the same key material into // that CMK, but you cannot import different key material. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ImportKeyMaterial for usage and error information. // // Returned Error Codes: // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidCiphertextException "InvalidCiphertextException" // The request was rejected because the specified ciphertext, or additional // authenticated data incorporated into the ciphertext, such as the encryption // context, is corrupted, missing, or otherwise invalid. // // * ErrCodeIncorrectKeyMaterialException "IncorrectKeyMaterialException" // The request was rejected because the provided key material is invalid or // is not the same key material that was previously imported into this customer // master key (CMK). // // * ErrCodeExpiredImportTokenException "ExpiredImportTokenException" // The request was rejected because the provided import token is expired. Use // GetParametersForImport to get a new import token and public key, use the // new public key to encrypt the key material, and then try the request again. // // * ErrCodeInvalidImportTokenException "InvalidImportTokenException" // The request was rejected because the provided import token is invalid or // is associated with a different customer master key (CMK). // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ImportKeyMaterial func (c *KMS) ImportKeyMaterial(input *ImportKeyMaterialInput) (*ImportKeyMaterialOutput, error) { req, out := c.ImportKeyMaterialRequest(input) return out, req.Send() } // ImportKeyMaterialWithContext is the same as ImportKeyMaterial with the addition of // the ability to pass a context and additional request options. // // See ImportKeyMaterial for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ImportKeyMaterialWithContext(ctx aws.Context, input *ImportKeyMaterialInput, opts ...request.Option) (*ImportKeyMaterialOutput, error) { req, out := c.ImportKeyMaterialRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opListAliases = "ListAliases" // ListAliasesRequest generates a "aws/request.Request" representing the // client's request for the ListAliases operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ListAliases for more information on using the ListAliases // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ListAliasesRequest method. // req, resp := client.ListAliasesRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases func (c *KMS) ListAliasesRequest(input *ListAliasesInput) (req *request.Request, output *ListAliasesOutput) { op := &request.Operation{ Name: opListAliases, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", TruncationToken: "Truncated", }, } if input == nil { input = &ListAliasesInput{} } output = &ListAliasesOutput{} req = c.newRequest(op, input, output) return } // ListAliases API operation for AWS Key Management Service. // // Gets a list of aliases in the caller's AWS account and region. You cannot // list aliases in other accounts. For more information about aliases, see CreateAlias. // // By default, the ListAliases command returns all aliases in the account and // region. To get only the aliases that point to a particular customer master // key (CMK), use the KeyId parameter. // // The ListAliases response can include aliases that you created and associated // with your customer managed CMKs, and aliases that AWS created and associated // with AWS managed CMKs in your account. You can recognize AWS aliases because // their names have the format aws/, such as aws/dynamodb. // // The response might also include aliases that have no TargetKeyId field. These // are predefined aliases that AWS has created but has not yet associated with // a CMK. Aliases that AWS creates in your account, including predefined aliases, // do not count against your AWS KMS aliases limit (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit). // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ListAliases for usage and error information. // // Returned Error Codes: // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidMarkerException "InvalidMarkerException" // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListAliases func (c *KMS) ListAliases(input *ListAliasesInput) (*ListAliasesOutput, error) { req, out := c.ListAliasesRequest(input) return out, req.Send() } // ListAliasesWithContext is the same as ListAliases with the addition of // the ability to pass a context and additional request options. // // See ListAliases for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListAliasesWithContext(ctx aws.Context, input *ListAliasesInput, opts ...request.Option) (*ListAliasesOutput, error) { req, out := c.ListAliasesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } // ListAliasesPages iterates over the pages of a ListAliases operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // // See ListAliases method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // // // Example iterating over at most 3 pages of a ListAliases operation. // pageNum := 0 // err := client.ListAliasesPages(params, // func(page *kms.ListAliasesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) // func (c *KMS) ListAliasesPages(input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool) error { return c.ListAliasesPagesWithContext(aws.BackgroundContext(), input, fn) } // ListAliasesPagesWithContext same as ListAliasesPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListAliasesPagesWithContext(ctx aws.Context, input *ListAliasesInput, fn func(*ListAliasesOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { var inCpy *ListAliasesInput if input != nil { tmp := *input inCpy = &tmp } req, _ := c.ListAliasesRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil }, } cont := true for p.Next() && cont { cont = fn(p.Page().(*ListAliasesOutput), !p.HasNextPage()) } return p.Err() } const opListGrants = "ListGrants" // ListGrantsRequest generates a "aws/request.Request" representing the // client's request for the ListGrants operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ListGrants for more information on using the ListGrants // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ListGrantsRequest method. // req, resp := client.ListGrantsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants func (c *KMS) ListGrantsRequest(input *ListGrantsInput) (req *request.Request, output *ListGrantsResponse) { op := &request.Operation{ Name: opListGrants, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", TruncationToken: "Truncated", }, } if input == nil { input = &ListGrantsInput{} } output = &ListGrantsResponse{} req = c.newRequest(op, input, output) return } // ListGrants API operation for AWS Key Management Service. // // Gets a list of all grants for the specified customer master key (CMK). // // To perform this operation on a CMK in a different AWS account, specify the // key ARN in the value of the KeyId parameter. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ListGrants for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidMarkerException "InvalidMarkerException" // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListGrants func (c *KMS) ListGrants(input *ListGrantsInput) (*ListGrantsResponse, error) { req, out := c.ListGrantsRequest(input) return out, req.Send() } // ListGrantsWithContext is the same as ListGrants with the addition of // the ability to pass a context and additional request options. // // See ListGrants for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListGrantsWithContext(ctx aws.Context, input *ListGrantsInput, opts ...request.Option) (*ListGrantsResponse, error) { req, out := c.ListGrantsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } // ListGrantsPages iterates over the pages of a ListGrants operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // // See ListGrants method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // // // Example iterating over at most 3 pages of a ListGrants operation. // pageNum := 0 // err := client.ListGrantsPages(params, // func(page *kms.ListGrantsResponse, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) // func (c *KMS) ListGrantsPages(input *ListGrantsInput, fn func(*ListGrantsResponse, bool) bool) error { return c.ListGrantsPagesWithContext(aws.BackgroundContext(), input, fn) } // ListGrantsPagesWithContext same as ListGrantsPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListGrantsPagesWithContext(ctx aws.Context, input *ListGrantsInput, fn func(*ListGrantsResponse, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { var inCpy *ListGrantsInput if input != nil { tmp := *input inCpy = &tmp } req, _ := c.ListGrantsRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil }, } cont := true for p.Next() && cont { cont = fn(p.Page().(*ListGrantsResponse), !p.HasNextPage()) } return p.Err() } const opListKeyPolicies = "ListKeyPolicies" // ListKeyPoliciesRequest generates a "aws/request.Request" representing the // client's request for the ListKeyPolicies operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ListKeyPolicies for more information on using the ListKeyPolicies // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ListKeyPoliciesRequest method. // req, resp := client.ListKeyPoliciesRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies func (c *KMS) ListKeyPoliciesRequest(input *ListKeyPoliciesInput) (req *request.Request, output *ListKeyPoliciesOutput) { op := &request.Operation{ Name: opListKeyPolicies, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", TruncationToken: "Truncated", }, } if input == nil { input = &ListKeyPoliciesInput{} } output = &ListKeyPoliciesOutput{} req = c.newRequest(op, input, output) return } // ListKeyPolicies API operation for AWS Key Management Service. // // Gets the names of the key policies that are attached to a customer master // key (CMK). This operation is designed to get policy names that you can use // in a GetKeyPolicy operation. However, the only valid policy name is default. // You cannot perform this operation on a CMK in a different AWS account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ListKeyPolicies for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeyPolicies func (c *KMS) ListKeyPolicies(input *ListKeyPoliciesInput) (*ListKeyPoliciesOutput, error) { req, out := c.ListKeyPoliciesRequest(input) return out, req.Send() } // ListKeyPoliciesWithContext is the same as ListKeyPolicies with the addition of // the ability to pass a context and additional request options. // // See ListKeyPolicies for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListKeyPoliciesWithContext(ctx aws.Context, input *ListKeyPoliciesInput, opts ...request.Option) (*ListKeyPoliciesOutput, error) { req, out := c.ListKeyPoliciesRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } // ListKeyPoliciesPages iterates over the pages of a ListKeyPolicies operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // // See ListKeyPolicies method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // // // Example iterating over at most 3 pages of a ListKeyPolicies operation. // pageNum := 0 // err := client.ListKeyPoliciesPages(params, // func(page *kms.ListKeyPoliciesOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) // func (c *KMS) ListKeyPoliciesPages(input *ListKeyPoliciesInput, fn func(*ListKeyPoliciesOutput, bool) bool) error { return c.ListKeyPoliciesPagesWithContext(aws.BackgroundContext(), input, fn) } // ListKeyPoliciesPagesWithContext same as ListKeyPoliciesPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListKeyPoliciesPagesWithContext(ctx aws.Context, input *ListKeyPoliciesInput, fn func(*ListKeyPoliciesOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { var inCpy *ListKeyPoliciesInput if input != nil { tmp := *input inCpy = &tmp } req, _ := c.ListKeyPoliciesRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil }, } cont := true for p.Next() && cont { cont = fn(p.Page().(*ListKeyPoliciesOutput), !p.HasNextPage()) } return p.Err() } const opListKeys = "ListKeys" // ListKeysRequest generates a "aws/request.Request" representing the // client's request for the ListKeys operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ListKeys for more information on using the ListKeys // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ListKeysRequest method. // req, resp := client.ListKeysRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys func (c *KMS) ListKeysRequest(input *ListKeysInput) (req *request.Request, output *ListKeysOutput) { op := &request.Operation{ Name: opListKeys, HTTPMethod: "POST", HTTPPath: "/", Paginator: &request.Paginator{ InputTokens: []string{"Marker"}, OutputTokens: []string{"NextMarker"}, LimitToken: "Limit", TruncationToken: "Truncated", }, } if input == nil { input = &ListKeysInput{} } output = &ListKeysOutput{} req = c.newRequest(op, input, output) return } // ListKeys API operation for AWS Key Management Service. // // Gets a list of all customer master keys (CMKs) in the caller's AWS account // and region. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ListKeys for usage and error information. // // Returned Error Codes: // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidMarkerException "InvalidMarkerException" // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListKeys func (c *KMS) ListKeys(input *ListKeysInput) (*ListKeysOutput, error) { req, out := c.ListKeysRequest(input) return out, req.Send() } // ListKeysWithContext is the same as ListKeys with the addition of // the ability to pass a context and additional request options. // // See ListKeys for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListKeysWithContext(ctx aws.Context, input *ListKeysInput, opts ...request.Option) (*ListKeysOutput, error) { req, out := c.ListKeysRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } // ListKeysPages iterates over the pages of a ListKeys operation, // calling the "fn" function with the response data for each page. To stop // iterating, return false from the fn function. // // See ListKeys method for more information on how to use this operation. // // Note: This operation can generate multiple requests to a service. // // // Example iterating over at most 3 pages of a ListKeys operation. // pageNum := 0 // err := client.ListKeysPages(params, // func(page *kms.ListKeysOutput, lastPage bool) bool { // pageNum++ // fmt.Println(page) // return pageNum <= 3 // }) // func (c *KMS) ListKeysPages(input *ListKeysInput, fn func(*ListKeysOutput, bool) bool) error { return c.ListKeysPagesWithContext(aws.BackgroundContext(), input, fn) } // ListKeysPagesWithContext same as ListKeysPages except // it takes a Context and allows setting request options on the pages. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListKeysPagesWithContext(ctx aws.Context, input *ListKeysInput, fn func(*ListKeysOutput, bool) bool, opts ...request.Option) error { p := request.Pagination{ NewRequest: func() (*request.Request, error) { var inCpy *ListKeysInput if input != nil { tmp := *input inCpy = &tmp } req, _ := c.ListKeysRequest(inCpy) req.SetContext(ctx) req.ApplyOptions(opts...) return req, nil }, } cont := true for p.Next() && cont { cont = fn(p.Page().(*ListKeysOutput), !p.HasNextPage()) } return p.Err() } const opListResourceTags = "ListResourceTags" // ListResourceTagsRequest generates a "aws/request.Request" representing the // client's request for the ListResourceTags operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ListResourceTags for more information on using the ListResourceTags // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ListResourceTagsRequest method. // req, resp := client.ListResourceTagsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTags func (c *KMS) ListResourceTagsRequest(input *ListResourceTagsInput) (req *request.Request, output *ListResourceTagsOutput) { op := &request.Operation{ Name: opListResourceTags, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &ListResourceTagsInput{} } output = &ListResourceTagsOutput{} req = c.newRequest(op, input, output) return } // ListResourceTags API operation for AWS Key Management Service. // // Returns a list of all tags for the specified customer master key (CMK). // // You cannot perform this operation on a CMK in a different AWS account. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ListResourceTags for usage and error information. // // Returned Error Codes: // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeInvalidMarkerException "InvalidMarkerException" // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListResourceTags func (c *KMS) ListResourceTags(input *ListResourceTagsInput) (*ListResourceTagsOutput, error) { req, out := c.ListResourceTagsRequest(input) return out, req.Send() } // ListResourceTagsWithContext is the same as ListResourceTags with the addition of // the ability to pass a context and additional request options. // // See ListResourceTags for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListResourceTagsWithContext(ctx aws.Context, input *ListResourceTagsInput, opts ...request.Option) (*ListResourceTagsOutput, error) { req, out := c.ListResourceTagsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opListRetirableGrants = "ListRetirableGrants" // ListRetirableGrantsRequest generates a "aws/request.Request" representing the // client's request for the ListRetirableGrants operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ListRetirableGrants for more information on using the ListRetirableGrants // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ListRetirableGrantsRequest method. // req, resp := client.ListRetirableGrantsRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants func (c *KMS) ListRetirableGrantsRequest(input *ListRetirableGrantsInput) (req *request.Request, output *ListGrantsResponse) { op := &request.Operation{ Name: opListRetirableGrants, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &ListRetirableGrantsInput{} } output = &ListGrantsResponse{} req = c.newRequest(op, input, output) return } // ListRetirableGrants API operation for AWS Key Management Service. // // Returns a list of all grants for which the grant's RetiringPrincipal matches // the one specified. // // A typical use is to list all grants that you are able to retire. To retire // a grant, use RetireGrant. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ListRetirableGrants for usage and error information. // // Returned Error Codes: // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidMarkerException "InvalidMarkerException" // The request was rejected because the marker that specifies where pagination // should next begin is not valid. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ListRetirableGrants func (c *KMS) ListRetirableGrants(input *ListRetirableGrantsInput) (*ListGrantsResponse, error) { req, out := c.ListRetirableGrantsRequest(input) return out, req.Send() } // ListRetirableGrantsWithContext is the same as ListRetirableGrants with the addition of // the ability to pass a context and additional request options. // // See ListRetirableGrants for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ListRetirableGrantsWithContext(ctx aws.Context, input *ListRetirableGrantsInput, opts ...request.Option) (*ListGrantsResponse, error) { req, out := c.ListRetirableGrantsRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opPutKeyPolicy = "PutKeyPolicy" // PutKeyPolicyRequest generates a "aws/request.Request" representing the // client's request for the PutKeyPolicy operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See PutKeyPolicy for more information on using the PutKeyPolicy // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the PutKeyPolicyRequest method. // req, resp := client.PutKeyPolicyRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy func (c *KMS) PutKeyPolicyRequest(input *PutKeyPolicyInput) (req *request.Request, output *PutKeyPolicyOutput) { op := &request.Operation{ Name: opPutKeyPolicy, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &PutKeyPolicyInput{} } output = &PutKeyPolicyOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // PutKeyPolicy API operation for AWS Key Management Service. // // Attaches a key policy to the specified customer master key (CMK). You cannot // perform this operation on a CMK in a different AWS account. // // For more information about key policies, see Key Policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation PutKeyPolicy for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeMalformedPolicyDocumentException "MalformedPolicyDocumentException" // The request was rejected because the specified policy is not syntactically // or semantically correct. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeUnsupportedOperationException "UnsupportedOperationException" // The request was rejected because a specified parameter is not supported or // a specified resource is not valid for this operation. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, // see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicy func (c *KMS) PutKeyPolicy(input *PutKeyPolicyInput) (*PutKeyPolicyOutput, error) { req, out := c.PutKeyPolicyRequest(input) return out, req.Send() } // PutKeyPolicyWithContext is the same as PutKeyPolicy with the addition of // the ability to pass a context and additional request options. // // See PutKeyPolicy for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) PutKeyPolicyWithContext(ctx aws.Context, input *PutKeyPolicyInput, opts ...request.Option) (*PutKeyPolicyOutput, error) { req, out := c.PutKeyPolicyRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opReEncrypt = "ReEncrypt" // ReEncryptRequest generates a "aws/request.Request" representing the // client's request for the ReEncrypt operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ReEncrypt for more information on using the ReEncrypt // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ReEncryptRequest method. // req, resp := client.ReEncryptRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt func (c *KMS) ReEncryptRequest(input *ReEncryptInput) (req *request.Request, output *ReEncryptOutput) { op := &request.Operation{ Name: opReEncrypt, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &ReEncryptInput{} } output = &ReEncryptOutput{} req = c.newRequest(op, input, output) return } // ReEncrypt API operation for AWS Key Management Service. // // Encrypts data on the server side with a new customer master key (CMK) without // exposing the plaintext of the data on the client side. The data is first // decrypted and then reencrypted. You can also use this operation to change // the encryption context of a ciphertext. // // You can reencrypt data using CMKs in different AWS accounts. // // Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom // on the source CMK and once as ReEncryptTo on the destination CMK. We recommend // that you include the "kms:ReEncrypt*" permission in your key policies (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) // to permit reencryption from or to the CMK. This permission is automatically // included in the key policy when you create a CMK through the console. But // you must include it manually when you create a CMK programmatically or when // you set a key policy with the PutKeyPolicy operation. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ReEncrypt for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDisabledException "DisabledException" // The request was rejected because the specified CMK is not enabled. // // * ErrCodeInvalidCiphertextException "InvalidCiphertextException" // The request was rejected because the specified ciphertext, or additional // authenticated data incorporated into the ciphertext, such as the encryption // context, is corrupted, missing, or otherwise invalid. // // * ErrCodeKeyUnavailableException "KeyUnavailableException" // The request was rejected because the specified CMK was not available. The // request can be retried. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidKeyUsageException "InvalidKeyUsageException" // The request was rejected because the specified KeySpec value is not valid. // // * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" // The request was rejected because the specified grant token is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ReEncrypt func (c *KMS) ReEncrypt(input *ReEncryptInput) (*ReEncryptOutput, error) { req, out := c.ReEncryptRequest(input) return out, req.Send() } // ReEncryptWithContext is the same as ReEncrypt with the addition of // the ability to pass a context and additional request options. // // See ReEncrypt for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ReEncryptWithContext(ctx aws.Context, input *ReEncryptInput, opts ...request.Option) (*ReEncryptOutput, error) { req, out := c.ReEncryptRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opRetireGrant = "RetireGrant" // RetireGrantRequest generates a "aws/request.Request" representing the // client's request for the RetireGrant operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See RetireGrant for more information on using the RetireGrant // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the RetireGrantRequest method. // req, resp := client.RetireGrantRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant func (c *KMS) RetireGrantRequest(input *RetireGrantInput) (req *request.Request, output *RetireGrantOutput) { op := &request.Operation{ Name: opRetireGrant, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &RetireGrantInput{} } output = &RetireGrantOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // RetireGrant API operation for AWS Key Management Service. // // Retires a grant. To clean up, you can retire a grant when you're done using // it. You should revoke a grant when you intend to actively deny operations // that depend on it. The following are permitted to call this API: // // * The AWS account (root user) under which the grant was created // // * The RetiringPrincipal, if present in the grant // // * The GranteePrincipal, if RetireGrant is an operation specified in the // grant // // You must identify the grant to retire by its grant token or by a combination // of the grant ID and the Amazon Resource Name (ARN) of the customer master // key (CMK). A grant token is a unique variable-length base64-encoded string. // A grant ID is a 64 character unique identifier of a grant. The CreateGrant // operation returns both. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation RetireGrant for usage and error information. // // Returned Error Codes: // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeInvalidGrantTokenException "InvalidGrantTokenException" // The request was rejected because the specified grant token is not valid. // // * ErrCodeInvalidGrantIdException "InvalidGrantIdException" // The request was rejected because the specified GrantId is not valid. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RetireGrant func (c *KMS) RetireGrant(input *RetireGrantInput) (*RetireGrantOutput, error) { req, out := c.RetireGrantRequest(input) return out, req.Send() } // RetireGrantWithContext is the same as RetireGrant with the addition of // the ability to pass a context and additional request options. // // See RetireGrant for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) RetireGrantWithContext(ctx aws.Context, input *RetireGrantInput, opts ...request.Option) (*RetireGrantOutput, error) { req, out := c.RetireGrantRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opRevokeGrant = "RevokeGrant" // RevokeGrantRequest generates a "aws/request.Request" representing the // client's request for the RevokeGrant operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See RevokeGrant for more information on using the RevokeGrant // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the RevokeGrantRequest method. // req, resp := client.RevokeGrantRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant func (c *KMS) RevokeGrantRequest(input *RevokeGrantInput) (req *request.Request, output *RevokeGrantOutput) { op := &request.Operation{ Name: opRevokeGrant, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &RevokeGrantInput{} } output = &RevokeGrantOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // RevokeGrant API operation for AWS Key Management Service. // // Revokes the specified grant for the specified customer master key (CMK). // You can revoke a grant to actively deny operations that depend on it. // // To perform this operation on a CMK in a different AWS account, specify the // key ARN in the value of the KeyId parameter. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation RevokeGrant for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeInvalidGrantIdException "InvalidGrantIdException" // The request was rejected because the specified GrantId is not valid. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/RevokeGrant func (c *KMS) RevokeGrant(input *RevokeGrantInput) (*RevokeGrantOutput, error) { req, out := c.RevokeGrantRequest(input) return out, req.Send() } // RevokeGrantWithContext is the same as RevokeGrant with the addition of // the ability to pass a context and additional request options. // // See RevokeGrant for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) RevokeGrantWithContext(ctx aws.Context, input *RevokeGrantInput, opts ...request.Option) (*RevokeGrantOutput, error) { req, out := c.RevokeGrantRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opScheduleKeyDeletion = "ScheduleKeyDeletion" // ScheduleKeyDeletionRequest generates a "aws/request.Request" representing the // client's request for the ScheduleKeyDeletion operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See ScheduleKeyDeletion for more information on using the ScheduleKeyDeletion // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the ScheduleKeyDeletionRequest method. // req, resp := client.ScheduleKeyDeletionRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion func (c *KMS) ScheduleKeyDeletionRequest(input *ScheduleKeyDeletionInput) (req *request.Request, output *ScheduleKeyDeletionOutput) { op := &request.Operation{ Name: opScheduleKeyDeletion, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &ScheduleKeyDeletionInput{} } output = &ScheduleKeyDeletionOutput{} req = c.newRequest(op, input, output) return } // ScheduleKeyDeletion API operation for AWS Key Management Service. // // Schedules the deletion of a customer master key (CMK). You may provide a // waiting period, specified in days, before deletion occurs. If you do not // provide a waiting period, the default period of 30 days is used. When this // operation is successful, the key state of the CMK changes to PendingDeletion. // Before the waiting period ends, you can use CancelKeyDeletion to cancel the // deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK // and all AWS KMS data associated with it, including all aliases that refer // to it. // // Deleting a CMK is a destructive and potentially dangerous operation. When // a CMK is deleted, all data that was encrypted under the CMK is unrecoverable. // To prevent the use of a CMK without deleting it, use DisableKey. // // If you schedule deletion of a CMK from a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // when the waiting period expires, ScheduleKeyDeletion deletes the CMK from // AWS KMS. Then AWS KMS makes a best effort to delete the key material from // the associated AWS CloudHSM cluster. However, you might need to manually // delete the orphaned key material (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key) // from the cluster and its backups. // // You cannot perform this operation on a CMK in a different AWS account. // // For more information about scheduling a CMK for deletion, see Deleting Customer // Master Keys (https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html) // in the AWS Key Management Service Developer Guide. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation ScheduleKeyDeletion for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/ScheduleKeyDeletion func (c *KMS) ScheduleKeyDeletion(input *ScheduleKeyDeletionInput) (*ScheduleKeyDeletionOutput, error) { req, out := c.ScheduleKeyDeletionRequest(input) return out, req.Send() } // ScheduleKeyDeletionWithContext is the same as ScheduleKeyDeletion with the addition of // the ability to pass a context and additional request options. // // See ScheduleKeyDeletion for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) ScheduleKeyDeletionWithContext(ctx aws.Context, input *ScheduleKeyDeletionInput, opts ...request.Option) (*ScheduleKeyDeletionOutput, error) { req, out := c.ScheduleKeyDeletionRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opTagResource = "TagResource" // TagResourceRequest generates a "aws/request.Request" representing the // client's request for the TagResource operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See TagResource for more information on using the TagResource // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the TagResourceRequest method. // req, resp := client.TagResourceRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResource func (c *KMS) TagResourceRequest(input *TagResourceInput) (req *request.Request, output *TagResourceOutput) { op := &request.Operation{ Name: opTagResource, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &TagResourceInput{} } output = &TagResourceOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // TagResource API operation for AWS Key Management Service. // // Adds or edits tags for a customer master key (CMK). You cannot perform this // operation on a CMK in a different AWS account. // // Each tag consists of a tag key and a tag value. Tag keys and tag values are // both required, but tag values can be empty (null) strings. // // You can only use a tag key once for each CMK. If you use the tag key again, // AWS KMS replaces the current tag value with the specified value. // // For information about the rules that apply to tag keys and tag values, see // User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) // in the AWS Billing and Cost Management User Guide. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation TagResource for usage and error information. // // Returned Error Codes: // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeLimitExceededException "LimitExceededException" // The request was rejected because a limit was exceeded. For more information, // see Limits (https://docs.aws.amazon.com/kms/latest/developerguide/limits.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeTagException "TagException" // The request was rejected because one or more tags are not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/TagResource func (c *KMS) TagResource(input *TagResourceInput) (*TagResourceOutput, error) { req, out := c.TagResourceRequest(input) return out, req.Send() } // TagResourceWithContext is the same as TagResource with the addition of // the ability to pass a context and additional request options. // // See TagResource for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) TagResourceWithContext(ctx aws.Context, input *TagResourceInput, opts ...request.Option) (*TagResourceOutput, error) { req, out := c.TagResourceRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opUntagResource = "UntagResource" // UntagResourceRequest generates a "aws/request.Request" representing the // client's request for the UntagResource operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See UntagResource for more information on using the UntagResource // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the UntagResourceRequest method. // req, resp := client.UntagResourceRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResource func (c *KMS) UntagResourceRequest(input *UntagResourceInput) (req *request.Request, output *UntagResourceOutput) { op := &request.Operation{ Name: opUntagResource, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &UntagResourceInput{} } output = &UntagResourceOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // UntagResource API operation for AWS Key Management Service. // // Removes the specified tags from the specified customer master key (CMK). // You cannot perform this operation on a CMK in a different AWS account. // // To remove a tag, specify the tag key. To change the tag value of an existing // tag key, use TagResource. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation UntagResource for usage and error information. // // Returned Error Codes: // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // * ErrCodeTagException "TagException" // The request was rejected because one or more tags are not valid. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UntagResource func (c *KMS) UntagResource(input *UntagResourceInput) (*UntagResourceOutput, error) { req, out := c.UntagResourceRequest(input) return out, req.Send() } // UntagResourceWithContext is the same as UntagResource with the addition of // the ability to pass a context and additional request options. // // See UntagResource for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) UntagResourceWithContext(ctx aws.Context, input *UntagResourceInput, opts ...request.Option) (*UntagResourceOutput, error) { req, out := c.UntagResourceRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opUpdateAlias = "UpdateAlias" // UpdateAliasRequest generates a "aws/request.Request" representing the // client's request for the UpdateAlias operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See UpdateAlias for more information on using the UpdateAlias // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the UpdateAliasRequest method. // req, resp := client.UpdateAliasRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias func (c *KMS) UpdateAliasRequest(input *UpdateAliasInput) (req *request.Request, output *UpdateAliasOutput) { op := &request.Operation{ Name: opUpdateAlias, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &UpdateAliasInput{} } output = &UpdateAliasOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // UpdateAlias API operation for AWS Key Management Service. // // Associates an existing alias with a different customer master key (CMK). // Each CMK can have multiple aliases, but the aliases must be unique within // the account and region. You cannot perform this operation on an alias in // a different AWS account. // // This operation works only on existing aliases. To change the alias of a CMK // to a new value, use CreateAlias to create a new alias and DeleteAlias to // delete the old alias. // // Because an alias is not a property of a CMK, you can create, update, and // delete the aliases of a CMK without affecting the CMK. Also, aliases do not // appear in the response from the DescribeKey operation. To get the aliases // of all CMKs in the account, use the ListAliases operation. // // The alias name must begin with alias/ followed by a name, such as alias/ExampleAlias. // It can contain only alphanumeric characters, forward slashes (/), underscores // (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ // prefix is reserved for AWS managed CMKs (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation UpdateAlias for usage and error information. // // Returned Error Codes: // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateAlias func (c *KMS) UpdateAlias(input *UpdateAliasInput) (*UpdateAliasOutput, error) { req, out := c.UpdateAliasRequest(input) return out, req.Send() } // UpdateAliasWithContext is the same as UpdateAlias with the addition of // the ability to pass a context and additional request options. // // See UpdateAlias for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) UpdateAliasWithContext(ctx aws.Context, input *UpdateAliasInput, opts ...request.Option) (*UpdateAliasOutput, error) { req, out := c.UpdateAliasRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opUpdateCustomKeyStore = "UpdateCustomKeyStore" // UpdateCustomKeyStoreRequest generates a "aws/request.Request" representing the // client's request for the UpdateCustomKeyStore operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See UpdateCustomKeyStore for more information on using the UpdateCustomKeyStore // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the UpdateCustomKeyStoreRequest method. // req, resp := client.UpdateCustomKeyStoreRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore func (c *KMS) UpdateCustomKeyStoreRequest(input *UpdateCustomKeyStoreInput) (req *request.Request, output *UpdateCustomKeyStoreOutput) { op := &request.Operation{ Name: opUpdateCustomKeyStore, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &UpdateCustomKeyStoreInput{} } output = &UpdateCustomKeyStoreOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // UpdateCustomKeyStore API operation for AWS Key Management Service. // // Changes the properties of a custom key store. Use the CustomKeyStoreId parameter // to identify the custom key store you want to edit. Use the remaining parameters // to change the properties of the custom key store. // // You can only update a custom key store that is disconnected. To disconnect // the custom key store, use DisconnectCustomKeyStore. To reconnect the custom // key store after the update completes, use ConnectCustomKeyStore. To find // the connection state of a custom key store, use the DescribeCustomKeyStores // operation. // // Use the parameters of UpdateCustomKeyStore to edit your keystore settings. // // * Use the NewCustomKeyStoreName parameter to change the friendly name // of the custom key store to the value that you specify. // // * Use the KeyStorePassword parameter tell AWS KMS the current password // of the kmsuser crypto user (CU) (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) // in the associated AWS CloudHSM cluster. You can use this parameter to // fix connection failures (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-password) // that occur when AWS KMS cannot log into the associated cluster because // the kmsuser password has changed. This value does not change the password // in the AWS CloudHSM cluster. // // * Use the CloudHsmClusterId parameter to associate the custom key store // with a different, but related, AWS CloudHSM cluster. You can use this // parameter to repair a custom key store if its AWS CloudHSM cluster becomes // corrupted or is deleted, or when you need to create or restore a cluster // from a backup. // // If the operation succeeds, it returns a JSON object with no properties. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation UpdateCustomKeyStore for usage and error information. // // Returned Error Codes: // * ErrCodeCustomKeyStoreNotFoundException "CustomKeyStoreNotFoundException" // The request was rejected because AWS KMS cannot find a custom key store with // the specified key store name or ID. // // * ErrCodeCloudHsmClusterNotFoundException "CloudHsmClusterNotFoundException" // The request was rejected because AWS KMS cannot find the AWS CloudHSM cluster // with the specified cluster ID. Retry the request with a different cluster // ID. // // * ErrCodeCloudHsmClusterNotRelatedException "CloudHsmClusterNotRelatedException" // The request was rejected because the specified AWS CloudHSM cluster has a // different cluster certificate than the original cluster. You cannot use the // operation to specify an unrelated cluster. // // Specify a cluster that shares a backup history with the original cluster. // This includes clusters that were created from a backup of the current cluster, // and clusters that were created from the same backup that produced the current // cluster. // // Clusters that share a backup history have the same cluster certificate. To // view the cluster certificate of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // * ErrCodeCustomKeyStoreInvalidStateException "CustomKeyStoreInvalidStateException" // The request was rejected because of the ConnectionState of the custom key // store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores // operation. // // This exception is thrown under the following conditions: // // * You requested the CreateKey or GenerateRandom operation in a custom // key store that is not connected. These operations are valid only when // the custom key store ConnectionState is CONNECTED. // // * You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation // on a custom key store that is not disconnected. This operation is valid // only when the custom key store ConnectionState is DISCONNECTED. // // * You requested the ConnectCustomKeyStore operation on a custom key store // with a ConnectionState of DISCONNECTING or FAILED. This operation is valid // for all other ConnectionState values. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeCloudHsmClusterNotActiveException "CloudHsmClusterNotActiveException" // The request was rejected because the AWS CloudHSM cluster that is associated // with the custom key store is not active. Initialize and activate the cluster // and try the command again. For detailed instructions, see Getting Started // (https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html) // in the AWS CloudHSM User Guide. // // * ErrCodeCloudHsmClusterInvalidConfigurationException "CloudHsmClusterInvalidConfigurationException" // The request was rejected because the associated AWS CloudHSM cluster did // not meet the configuration requirements for a custom key store. // // * The cluster must be configured with private subnets in at least two // different Availability Zones in the Region. // // * The security group for the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // (cloudhsm-cluster--sg) must include inbound rules and outbound // rules that allow TCP traffic on ports 2223-2225. The Source in the inbound // rules and the Destination in the outbound rules must match the security // group ID. These rules are set by default when you create the cluster. // Do not delete or change them. To get information about a particular security // group, use the DescribeSecurityGroups (https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html) // operation. // // * The cluster must contain at least as many HSMs as the operation requires. // To add HSMs, use the AWS CloudHSM CreateHsm (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html) // operation. For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey // operations, the AWS CloudHSM cluster must have at least two active HSMs, // each in a different Availability Zone. For the ConnectCustomKeyStore operation, // the AWS CloudHSM must contain at least one active HSM. // // For information about the requirements for an AWS CloudHSM cluster that is // associated with a custom key store, see Assemble the Prerequisites (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // in the AWS Key Management Service Developer Guide. For information about // creating a private subnet for an AWS CloudHSM cluster, see Create a Private // Subnet (https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html) // in the AWS CloudHSM User Guide. For information about cluster security groups, // see Configure a Default Security Group (https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html) // in the AWS CloudHSM User Guide . // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateCustomKeyStore func (c *KMS) UpdateCustomKeyStore(input *UpdateCustomKeyStoreInput) (*UpdateCustomKeyStoreOutput, error) { req, out := c.UpdateCustomKeyStoreRequest(input) return out, req.Send() } // UpdateCustomKeyStoreWithContext is the same as UpdateCustomKeyStore with the addition of // the ability to pass a context and additional request options. // // See UpdateCustomKeyStore for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) UpdateCustomKeyStoreWithContext(ctx aws.Context, input *UpdateCustomKeyStoreInput, opts ...request.Option) (*UpdateCustomKeyStoreOutput, error) { req, out := c.UpdateCustomKeyStoreRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } const opUpdateKeyDescription = "UpdateKeyDescription" // UpdateKeyDescriptionRequest generates a "aws/request.Request" representing the // client's request for the UpdateKeyDescription operation. The "output" return // value will be populated with the request's response once the request completes // successfully. // // Use "Send" method on the returned Request to send the API call to the service. // the "output" return value is not valid until after Send returns without error. // // See UpdateKeyDescription for more information on using the UpdateKeyDescription // API call, and error handling. // // This method is useful when you want to inject custom logic or configuration // into the SDK's request lifecycle. Such as custom headers, or retry logic. // // // // Example sending a request using the UpdateKeyDescriptionRequest method. // req, resp := client.UpdateKeyDescriptionRequest(params) // // err := req.Send() // if err == nil { // resp is now filled // fmt.Println(resp) // } // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription func (c *KMS) UpdateKeyDescriptionRequest(input *UpdateKeyDescriptionInput) (req *request.Request, output *UpdateKeyDescriptionOutput) { op := &request.Operation{ Name: opUpdateKeyDescription, HTTPMethod: "POST", HTTPPath: "/", } if input == nil { input = &UpdateKeyDescriptionInput{} } output = &UpdateKeyDescriptionOutput{} req = c.newRequest(op, input, output) req.Handlers.Unmarshal.Swap(jsonrpc.UnmarshalHandler.Name, protocol.UnmarshalDiscardBodyHandler) return } // UpdateKeyDescription API operation for AWS Key Management Service. // // Updates the description of a customer master key (CMK). To see the description // of a CMK, use DescribeKey. // // You cannot perform this operation on a CMK in a different AWS account. // // The result of this operation varies with the key state of the CMK. For details, // see How Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // Returns awserr.Error for service API and SDK errors. Use runtime type assertions // with awserr.Error's Code and Message methods to get detailed information about // the error. // // See the AWS API reference guide for AWS Key Management Service's // API operation UpdateKeyDescription for usage and error information. // // Returned Error Codes: // * ErrCodeNotFoundException "NotFoundException" // The request was rejected because the specified entity or resource could not // be found. // // * ErrCodeInvalidArnException "InvalidArnException" // The request was rejected because a specified ARN, or an ARN in a key policy, // is not valid. // // * ErrCodeDependencyTimeoutException "DependencyTimeoutException" // The system timed out while trying to fulfill the request. The request can // be retried. // // * ErrCodeInternalException "KMSInternalException" // The request was rejected because an internal exception occurred. The request // can be retried. // // * ErrCodeInvalidStateException "KMSInvalidStateException" // The request was rejected because the state of the specified resource is not // valid for this request. // // For more information about how key state affects the use of a CMK, see How // Key State Affects Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. // // See also, https://docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/UpdateKeyDescription func (c *KMS) UpdateKeyDescription(input *UpdateKeyDescriptionInput) (*UpdateKeyDescriptionOutput, error) { req, out := c.UpdateKeyDescriptionRequest(input) return out, req.Send() } // UpdateKeyDescriptionWithContext is the same as UpdateKeyDescription with the addition of // the ability to pass a context and additional request options. // // See UpdateKeyDescription for details on how to use this API operation. // // The context must be non-nil and will be used for request cancellation. If // the context is nil a panic will occur. In the future the SDK may create // sub-contexts for http.Requests. See https://golang.org/pkg/context/ // for more information on using Contexts. func (c *KMS) UpdateKeyDescriptionWithContext(ctx aws.Context, input *UpdateKeyDescriptionInput, opts ...request.Option) (*UpdateKeyDescriptionOutput, error) { req, out := c.UpdateKeyDescriptionRequest(input) req.SetContext(ctx) req.ApplyOptions(opts...) return out, req.Send() } // Contains information about an alias. type AliasListEntry struct { _ struct{} `type:"structure"` // String that contains the key ARN. AliasArn *string `min:"20" type:"string"` // String that contains the alias. This value begins with alias/. AliasName *string `min:"1" type:"string"` // String that contains the key identifier referred to by the alias. TargetKeyId *string `min:"1" type:"string"` } // String returns the string representation func (s AliasListEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s AliasListEntry) GoString() string { return s.String() } // SetAliasArn sets the AliasArn field's value. func (s *AliasListEntry) SetAliasArn(v string) *AliasListEntry { s.AliasArn = &v return s } // SetAliasName sets the AliasName field's value. func (s *AliasListEntry) SetAliasName(v string) *AliasListEntry { s.AliasName = &v return s } // SetTargetKeyId sets the TargetKeyId field's value. func (s *AliasListEntry) SetTargetKeyId(v string) *AliasListEntry { s.TargetKeyId = &v return s } type CancelKeyDeletionInput struct { _ struct{} `type:"structure"` // The unique identifier for the customer master key (CMK) for which to cancel // deletion. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s CancelKeyDeletionInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CancelKeyDeletionInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *CancelKeyDeletionInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CancelKeyDeletionInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *CancelKeyDeletionInput) SetKeyId(v string) *CancelKeyDeletionInput { s.KeyId = &v return s } type CancelKeyDeletionOutput struct { _ struct{} `type:"structure"` // The unique identifier of the master key for which deletion is canceled. KeyId *string `min:"1" type:"string"` } // String returns the string representation func (s CancelKeyDeletionOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CancelKeyDeletionOutput) GoString() string { return s.String() } // SetKeyId sets the KeyId field's value. func (s *CancelKeyDeletionOutput) SetKeyId(v string) *CancelKeyDeletionOutput { s.KeyId = &v return s } type ConnectCustomKeyStoreInput struct { _ struct{} `type:"structure"` // Enter the key store ID of the custom key store that you want to connect. // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. // // CustomKeyStoreId is a required field CustomKeyStoreId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s ConnectCustomKeyStoreInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ConnectCustomKeyStoreInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ConnectCustomKeyStoreInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ConnectCustomKeyStoreInput"} if s.CustomKeyStoreId == nil { invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) } if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *ConnectCustomKeyStoreInput) SetCustomKeyStoreId(v string) *ConnectCustomKeyStoreInput { s.CustomKeyStoreId = &v return s } type ConnectCustomKeyStoreOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s ConnectCustomKeyStoreOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ConnectCustomKeyStoreOutput) GoString() string { return s.String() } type CreateAliasInput struct { _ struct{} `type:"structure"` // Specifies the alias name. This value must begin with alias/ followed by a // name, such as alias/ExampleAlias. The alias name cannot begin with alias/aws/. // The alias/aws/ prefix is reserved for AWS managed CMKs. // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` // Identifies the CMK to which the alias refers. Specify the key ID or the Amazon // Resource Name (ARN) of the CMK. You cannot specify another alias. For help // finding the key ID and ARN, see Finding the Key ID and ARN (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) // in the AWS Key Management Service Developer Guide. // // TargetKeyId is a required field TargetKeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s CreateAliasInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateAliasInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *CreateAliasInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateAliasInput"} if s.AliasName == nil { invalidParams.Add(request.NewErrParamRequired("AliasName")) } if s.AliasName != nil && len(*s.AliasName) < 1 { invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) } if s.TargetKeyId == nil { invalidParams.Add(request.NewErrParamRequired("TargetKeyId")) } if s.TargetKeyId != nil && len(*s.TargetKeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("TargetKeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetAliasName sets the AliasName field's value. func (s *CreateAliasInput) SetAliasName(v string) *CreateAliasInput { s.AliasName = &v return s } // SetTargetKeyId sets the TargetKeyId field's value. func (s *CreateAliasInput) SetTargetKeyId(v string) *CreateAliasInput { s.TargetKeyId = &v return s } type CreateAliasOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s CreateAliasOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateAliasOutput) GoString() string { return s.String() } type CreateCustomKeyStoreInput struct { _ struct{} `type:"structure"` // Identifies the AWS CloudHSM cluster for the custom key store. Enter the cluster // ID of any active AWS CloudHSM cluster that is not already associated with // a custom key store. To find the cluster ID, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. // // CloudHsmClusterId is a required field CloudHsmClusterId *string `min:"19" type:"string" required:"true"` // Specifies a friendly name for the custom key store. The name must be unique // in your AWS account. // // CustomKeyStoreName is a required field CustomKeyStoreName *string `min:"1" type:"string" required:"true"` // Enter the password of the kmsuser crypto user (CU) account (https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser) // in the specified AWS CloudHSM cluster. AWS KMS logs into the cluster as this // user to manage key material on your behalf. // // This parameter tells AWS KMS the kmsuser account password; it does not change // the password in the AWS CloudHSM cluster. // // KeyStorePassword is a required field KeyStorePassword *string `min:"1" type:"string" required:"true" sensitive:"true"` // Enter the content of the trust anchor certificate for the cluster. This is // the content of the customerCA.crt file that you created when you initialized // the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html). // // TrustAnchorCertificate is a required field TrustAnchorCertificate *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s CreateCustomKeyStoreInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateCustomKeyStoreInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *CreateCustomKeyStoreInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateCustomKeyStoreInput"} if s.CloudHsmClusterId == nil { invalidParams.Add(request.NewErrParamRequired("CloudHsmClusterId")) } if s.CloudHsmClusterId != nil && len(*s.CloudHsmClusterId) < 19 { invalidParams.Add(request.NewErrParamMinLen("CloudHsmClusterId", 19)) } if s.CustomKeyStoreName == nil { invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreName")) } if s.CustomKeyStoreName != nil && len(*s.CustomKeyStoreName) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreName", 1)) } if s.KeyStorePassword == nil { invalidParams.Add(request.NewErrParamRequired("KeyStorePassword")) } if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 1)) } if s.TrustAnchorCertificate == nil { invalidParams.Add(request.NewErrParamRequired("TrustAnchorCertificate")) } if s.TrustAnchorCertificate != nil && len(*s.TrustAnchorCertificate) < 1 { invalidParams.Add(request.NewErrParamMinLen("TrustAnchorCertificate", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetCloudHsmClusterId sets the CloudHsmClusterId field's value. func (s *CreateCustomKeyStoreInput) SetCloudHsmClusterId(v string) *CreateCustomKeyStoreInput { s.CloudHsmClusterId = &v return s } // SetCustomKeyStoreName sets the CustomKeyStoreName field's value. func (s *CreateCustomKeyStoreInput) SetCustomKeyStoreName(v string) *CreateCustomKeyStoreInput { s.CustomKeyStoreName = &v return s } // SetKeyStorePassword sets the KeyStorePassword field's value. func (s *CreateCustomKeyStoreInput) SetKeyStorePassword(v string) *CreateCustomKeyStoreInput { s.KeyStorePassword = &v return s } // SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value. func (s *CreateCustomKeyStoreInput) SetTrustAnchorCertificate(v string) *CreateCustomKeyStoreInput { s.TrustAnchorCertificate = &v return s } type CreateCustomKeyStoreOutput struct { _ struct{} `type:"structure"` // A unique identifier for the new custom key store. CustomKeyStoreId *string `min:"1" type:"string"` } // String returns the string representation func (s CreateCustomKeyStoreOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateCustomKeyStoreOutput) GoString() string { return s.String() } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *CreateCustomKeyStoreOutput) SetCustomKeyStoreId(v string) *CreateCustomKeyStoreOutput { s.CustomKeyStoreId = &v return s } type CreateGrantInput struct { _ struct{} `type:"structure"` // Allows a cryptographic operation only when the encryption context matches // or includes the encryption context specified in this structure. For more // information about encryption context, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the AWS Key Management Service Developer Guide . Constraints *GrantConstraints `type:"structure"` // A list of grant tokens. // // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // The principal that is given permission to perform the operations that the // grant permits. // // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM // users, IAM roles, federated users, and assumed role users. For examples of // the ARN syntax to use for specifying a principal, see AWS Identity and Access // Management (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) // in the Example ARNs section of the AWS General Reference. // // GranteePrincipal is a required field GranteePrincipal *string `min:"1" type:"string" required:"true"` // The unique identifier for the customer master key (CMK) that the grant applies // to. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify // a CMK in a different AWS account, you must use the key ARN. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // A friendly name for identifying the grant. Use this value to prevent the // unintended creation of duplicate grants when retrying this request. // // When this value is absent, all CreateGrant requests result in a new grant // with a unique GrantId even if all the supplied parameters are identical. // This can result in unintended duplicates when you retry the CreateGrant request. // // When this value is present, you can retry a CreateGrant request with identical // parameters; if the grant already exists, the original GrantId is returned // without creating a new grant. Note that the returned grant token is unique // with every CreateGrant request, even when a duplicate GrantId is returned. // All grant tokens obtained in this way can be used interchangeably. Name *string `min:"1" type:"string"` // A list of operations that the grant permits. // // Operations is a required field Operations []*string `type:"list" required:"true"` // The principal that is given permission to retire the grant by using RetireGrant // operation. // // To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM // users, federated users, and assumed role users. For examples of the ARN syntax // to use for specifying a principal, see AWS Identity and Access Management // (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) // in the Example ARNs section of the AWS General Reference. RetiringPrincipal *string `min:"1" type:"string"` } // String returns the string representation func (s CreateGrantInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateGrantInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *CreateGrantInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateGrantInput"} if s.GranteePrincipal == nil { invalidParams.Add(request.NewErrParamRequired("GranteePrincipal")) } if s.GranteePrincipal != nil && len(*s.GranteePrincipal) < 1 { invalidParams.Add(request.NewErrParamMinLen("GranteePrincipal", 1)) } if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Name != nil && len(*s.Name) < 1 { invalidParams.Add(request.NewErrParamMinLen("Name", 1)) } if s.Operations == nil { invalidParams.Add(request.NewErrParamRequired("Operations")) } if s.RetiringPrincipal != nil && len(*s.RetiringPrincipal) < 1 { invalidParams.Add(request.NewErrParamMinLen("RetiringPrincipal", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetConstraints sets the Constraints field's value. func (s *CreateGrantInput) SetConstraints(v *GrantConstraints) *CreateGrantInput { s.Constraints = v return s } // SetGrantTokens sets the GrantTokens field's value. func (s *CreateGrantInput) SetGrantTokens(v []*string) *CreateGrantInput { s.GrantTokens = v return s } // SetGranteePrincipal sets the GranteePrincipal field's value. func (s *CreateGrantInput) SetGranteePrincipal(v string) *CreateGrantInput { s.GranteePrincipal = &v return s } // SetKeyId sets the KeyId field's value. func (s *CreateGrantInput) SetKeyId(v string) *CreateGrantInput { s.KeyId = &v return s } // SetName sets the Name field's value. func (s *CreateGrantInput) SetName(v string) *CreateGrantInput { s.Name = &v return s } // SetOperations sets the Operations field's value. func (s *CreateGrantInput) SetOperations(v []*string) *CreateGrantInput { s.Operations = v return s } // SetRetiringPrincipal sets the RetiringPrincipal field's value. func (s *CreateGrantInput) SetRetiringPrincipal(v string) *CreateGrantInput { s.RetiringPrincipal = &v return s } type CreateGrantOutput struct { _ struct{} `type:"structure"` // The unique identifier for the grant. // // You can use the GrantId in a subsequent RetireGrant or RevokeGrant operation. GrantId *string `min:"1" type:"string"` // The grant token. // // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantToken *string `min:"1" type:"string"` } // String returns the string representation func (s CreateGrantOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateGrantOutput) GoString() string { return s.String() } // SetGrantId sets the GrantId field's value. func (s *CreateGrantOutput) SetGrantId(v string) *CreateGrantOutput { s.GrantId = &v return s } // SetGrantToken sets the GrantToken field's value. func (s *CreateGrantOutput) SetGrantToken(v string) *CreateGrantOutput { s.GrantToken = &v return s } type CreateKeyInput struct { _ struct{} `type:"structure"` // A flag to indicate whether to bypass the key policy lockout safety check. // // Setting this value to true increases the risk that the CMK becomes unmanageable. // Do not set this value to true indiscriminately. // // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section in the AWS Key Management Service Developer Guide . // // Use this parameter only when you include a policy in the request and you // intend to prevent the principal that is making the request from making a // subsequent PutKeyPolicy request on the CMK. // // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` // Creates the CMK in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // and the key material in its associated AWS CloudHSM cluster. To create a // CMK in a custom key store, you must also specify the Origin parameter with // a value of AWS_CLOUDHSM. The AWS CloudHSM cluster that is associated with // the custom key store must have at least two active HSMs, each in a different // Availability Zone in the Region. // // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. // // The response includes the custom key store ID and the ID of the AWS CloudHSM // cluster. // // This operation is part of the Custom Key Store feature (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // feature in AWS KMS, which combines the convenience and extensive integration // of AWS KMS with the isolation and control of a single-tenant key store. CustomKeyStoreId *string `min:"1" type:"string"` // A description of the CMK. // // Use a description that helps you decide whether the CMK is appropriate for // a task. Description *string `type:"string"` // The cryptographic operations for which you can use the CMK. The only valid // value is ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and // decrypt data. KeyUsage *string `type:"string" enum:"KeyUsageType"` // The source of the key material for the CMK. You cannot change the origin // after you create the CMK. // // The default is AWS_KMS, which means AWS KMS creates the key material in its // own key store. // // When the parameter value is EXTERNAL, AWS KMS creates a CMK without key material // so that you can import key material from your existing key management infrastructure. // For more information about importing key material into AWS KMS, see Importing // Key Material (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html) // in the AWS Key Management Service Developer Guide. // // When the parameter value is AWS_CLOUDHSM, AWS KMS creates the CMK in an AWS // KMS custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // and creates its key material in the associated AWS CloudHSM cluster. You // must also use the CustomKeyStoreId parameter to identify the custom key store. Origin *string `type:"string" enum:"OriginType"` // The key policy to attach to the CMK. // // If you provide a key policy, it must meet the following criteria: // // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy // must allow the principal that is making the CreateKey request to make // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that // the CMK becomes unmanageable. For more information, refer to the scenario // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section of the AWS Key Management Service Developer Guide . // // * Each statement in the key policy must contain one or more principals. // The principals in the key policy must exist and be visible to AWS KMS. // When you create a new AWS principal (for example, an IAM user or role), // you might need to enforce a delay before including the new principal in // a key policy because the new principal might not be immediately visible // to AWS KMS. For more information, see Changes that I make are not always // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the AWS Identity and Access Management User Guide. // // If you do not provide a key policy, AWS KMS attaches a default key policy // to the CMK. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default) // in the AWS Key Management Service Developer Guide. // // The key policy size limit is 32 kilobytes (32768 bytes). Policy *string `min:"1" type:"string"` // One or more tags. Each tag consists of a tag key and a tag value. Tag keys // and tag values are both required, but tag values can be empty (null) strings. // // Use this parameter to tag the CMK when it is created. Alternately, you can // omit this parameter and instead tag the CMK after it is created using TagResource. Tags []*Tag `type:"list"` } // String returns the string representation func (s CreateKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateKeyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *CreateKeyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "CreateKeyInput"} if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) } if s.Policy != nil && len(*s.Policy) < 1 { invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) } if s.Tags != nil { for i, v := range s.Tags { if v == nil { continue } if err := v.Validate(); err != nil { invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) } } } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value. func (s *CreateKeyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *CreateKeyInput { s.BypassPolicyLockoutSafetyCheck = &v return s } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *CreateKeyInput) SetCustomKeyStoreId(v string) *CreateKeyInput { s.CustomKeyStoreId = &v return s } // SetDescription sets the Description field's value. func (s *CreateKeyInput) SetDescription(v string) *CreateKeyInput { s.Description = &v return s } // SetKeyUsage sets the KeyUsage field's value. func (s *CreateKeyInput) SetKeyUsage(v string) *CreateKeyInput { s.KeyUsage = &v return s } // SetOrigin sets the Origin field's value. func (s *CreateKeyInput) SetOrigin(v string) *CreateKeyInput { s.Origin = &v return s } // SetPolicy sets the Policy field's value. func (s *CreateKeyInput) SetPolicy(v string) *CreateKeyInput { s.Policy = &v return s } // SetTags sets the Tags field's value. func (s *CreateKeyInput) SetTags(v []*Tag) *CreateKeyInput { s.Tags = v return s } type CreateKeyOutput struct { _ struct{} `type:"structure"` // Metadata associated with the CMK. KeyMetadata *KeyMetadata `type:"structure"` } // String returns the string representation func (s CreateKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CreateKeyOutput) GoString() string { return s.String() } // SetKeyMetadata sets the KeyMetadata field's value. func (s *CreateKeyOutput) SetKeyMetadata(v *KeyMetadata) *CreateKeyOutput { s.KeyMetadata = v return s } // Contains information about each custom key store in the custom key store // list. type CustomKeyStoresListEntry struct { _ struct{} `type:"structure"` // A unique identifier for the AWS CloudHSM cluster that is associated with // the custom key store. CloudHsmClusterId *string `min:"19" type:"string"` // Describes the connection error. Valid values are: // // * CLUSTER_NOT_FOUND - AWS KMS cannot find the AWS CloudHSM cluster with // the specified cluster ID. // // * INSUFFICIENT_CLOUDHSM_HSMS - The associated AWS CloudHSM cluster does // not contain any active HSMs. To connect a custom key store to its AWS // CloudHSM cluster, the cluster must contain at least one active HSM. // // * INTERNAL_ERROR - AWS KMS could not complete the request due to an internal // error. Retry the request. For ConnectCustomKeyStore requests, disconnect // the custom key store before trying to connect again. // // * INVALID_CREDENTIALS - AWS KMS does not have the correct password for // the kmsuser crypto user in the AWS CloudHSM cluster. // // * NETWORK_ERRORS - Network errors are preventing AWS KMS from connecting // to the custom key store. // // * USER_LOCKED_OUT - The kmsuser CU account is locked out of the associated // AWS CloudHSM cluster due to too many failed password attempts. Before // you can connect your custom key store to its AWS CloudHSM cluster, you // must change the kmsuser account password and update the password value // for the custom key store. // // For help with connection failures, see Troubleshooting Custom Key Stores // (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. ConnectionErrorCode *string `type:"string" enum:"ConnectionErrorCodeType"` // Indicates whether the custom key store is connected to its AWS CloudHSM cluster. // // You can create and use CMKs in your custom key stores only when its connection // state is CONNECTED. // // The value is DISCONNECTED if the key store has never been connected or you // use the DisconnectCustomKeyStore operation to disconnect it. If the value // is CONNECTED but you are having trouble using the custom key store, make // sure that its associated AWS CloudHSM cluster is active and contains at least // one active HSM. // // A value of FAILED indicates that an attempt to connect was unsuccessful. // For help resolving a connection failure, see Troubleshooting a Custom Key // Store (https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html) // in the AWS Key Management Service Developer Guide. ConnectionState *string `type:"string" enum:"ConnectionStateType"` // The date and time when the custom key store was created. CreationDate *time.Time `type:"timestamp"` // A unique identifier for the custom key store. CustomKeyStoreId *string `min:"1" type:"string"` // The user-specified friendly name for the custom key store. CustomKeyStoreName *string `min:"1" type:"string"` // The trust anchor certificate of the associated AWS CloudHSM cluster. When // you initialize the cluster (https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr), // you create this certificate and save it in the customerCA.crt file. TrustAnchorCertificate *string `min:"1" type:"string"` } // String returns the string representation func (s CustomKeyStoresListEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s CustomKeyStoresListEntry) GoString() string { return s.String() } // SetCloudHsmClusterId sets the CloudHsmClusterId field's value. func (s *CustomKeyStoresListEntry) SetCloudHsmClusterId(v string) *CustomKeyStoresListEntry { s.CloudHsmClusterId = &v return s } // SetConnectionErrorCode sets the ConnectionErrorCode field's value. func (s *CustomKeyStoresListEntry) SetConnectionErrorCode(v string) *CustomKeyStoresListEntry { s.ConnectionErrorCode = &v return s } // SetConnectionState sets the ConnectionState field's value. func (s *CustomKeyStoresListEntry) SetConnectionState(v string) *CustomKeyStoresListEntry { s.ConnectionState = &v return s } // SetCreationDate sets the CreationDate field's value. func (s *CustomKeyStoresListEntry) SetCreationDate(v time.Time) *CustomKeyStoresListEntry { s.CreationDate = &v return s } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *CustomKeyStoresListEntry) SetCustomKeyStoreId(v string) *CustomKeyStoresListEntry { s.CustomKeyStoreId = &v return s } // SetCustomKeyStoreName sets the CustomKeyStoreName field's value. func (s *CustomKeyStoresListEntry) SetCustomKeyStoreName(v string) *CustomKeyStoresListEntry { s.CustomKeyStoreName = &v return s } // SetTrustAnchorCertificate sets the TrustAnchorCertificate field's value. func (s *CustomKeyStoresListEntry) SetTrustAnchorCertificate(v string) *CustomKeyStoresListEntry { s.TrustAnchorCertificate = &v return s } type DecryptInput struct { _ struct{} `type:"structure"` // Ciphertext to be decrypted. The blob includes metadata. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. // // CiphertextBlob is a required field CiphertextBlob []byte `min:"1" type:"blob" required:"true"` // The encryption context. If this was specified in the Encrypt function, it // must be specified here or the decryption operation will fail. For more information, // see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` } // String returns the string representation func (s DecryptInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DecryptInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DecryptInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DecryptInput"} if s.CiphertextBlob == nil { invalidParams.Add(request.NewErrParamRequired("CiphertextBlob")) } if s.CiphertextBlob != nil && len(s.CiphertextBlob) < 1 { invalidParams.Add(request.NewErrParamMinLen("CiphertextBlob", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetCiphertextBlob sets the CiphertextBlob field's value. func (s *DecryptInput) SetCiphertextBlob(v []byte) *DecryptInput { s.CiphertextBlob = v return s } // SetEncryptionContext sets the EncryptionContext field's value. func (s *DecryptInput) SetEncryptionContext(v map[string]*string) *DecryptInput { s.EncryptionContext = v return s } // SetGrantTokens sets the GrantTokens field's value. func (s *DecryptInput) SetGrantTokens(v []*string) *DecryptInput { s.GrantTokens = v return s } type DecryptOutput struct { _ struct{} `type:"structure"` // ARN of the key used to perform the decryption. This value is returned if // no errors are encountered during the operation. KeyId *string `min:"1" type:"string"` // Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value // is Base64-encoded. Otherwise, it is not encoded. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` } // String returns the string representation func (s DecryptOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DecryptOutput) GoString() string { return s.String() } // SetKeyId sets the KeyId field's value. func (s *DecryptOutput) SetKeyId(v string) *DecryptOutput { s.KeyId = &v return s } // SetPlaintext sets the Plaintext field's value. func (s *DecryptOutput) SetPlaintext(v []byte) *DecryptOutput { s.Plaintext = v return s } type DeleteAliasInput struct { _ struct{} `type:"structure"` // The alias to be deleted. The alias name must begin with alias/ followed by // the alias name, such as alias/ExampleAlias. // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s DeleteAliasInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DeleteAliasInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DeleteAliasInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DeleteAliasInput"} if s.AliasName == nil { invalidParams.Add(request.NewErrParamRequired("AliasName")) } if s.AliasName != nil && len(*s.AliasName) < 1 { invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetAliasName sets the AliasName field's value. func (s *DeleteAliasInput) SetAliasName(v string) *DeleteAliasInput { s.AliasName = &v return s } type DeleteAliasOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s DeleteAliasOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DeleteAliasOutput) GoString() string { return s.String() } type DeleteCustomKeyStoreInput struct { _ struct{} `type:"structure"` // Enter the ID of the custom key store you want to delete. To find the ID of // a custom key store, use the DescribeCustomKeyStores operation. // // CustomKeyStoreId is a required field CustomKeyStoreId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s DeleteCustomKeyStoreInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DeleteCustomKeyStoreInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DeleteCustomKeyStoreInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DeleteCustomKeyStoreInput"} if s.CustomKeyStoreId == nil { invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) } if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *DeleteCustomKeyStoreInput) SetCustomKeyStoreId(v string) *DeleteCustomKeyStoreInput { s.CustomKeyStoreId = &v return s } type DeleteCustomKeyStoreOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s DeleteCustomKeyStoreOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DeleteCustomKeyStoreOutput) GoString() string { return s.String() } type DeleteImportedKeyMaterialInput struct { _ struct{} `type:"structure"` // Identifies the CMK from which you are deleting imported key material. The // Origin of the CMK must be EXTERNAL. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s DeleteImportedKeyMaterialInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DeleteImportedKeyMaterialInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DeleteImportedKeyMaterialInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DeleteImportedKeyMaterialInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *DeleteImportedKeyMaterialInput) SetKeyId(v string) *DeleteImportedKeyMaterialInput { s.KeyId = &v return s } type DeleteImportedKeyMaterialOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s DeleteImportedKeyMaterialOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DeleteImportedKeyMaterialOutput) GoString() string { return s.String() } type DescribeCustomKeyStoresInput struct { _ struct{} `type:"structure"` // Gets only information about the specified custom key store. Enter the key // store ID. // // By default, this operation gets information about all custom key stores in // the account and region. To limit the output to a particular custom key store, // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, // but not both. CustomKeyStoreId *string `min:"1" type:"string"` // Gets only information about the specified custom key store. Enter the friendly // name of the custom key store. // // By default, this operation gets information about all custom key stores in // the account and region. To limit the output to a particular custom key store, // you can use either the CustomKeyStoreId or CustomKeyStoreName parameter, // but not both. CustomKeyStoreName *string `min:"1" type:"string"` // Use this parameter to specify the maximum number of items to return. When // this value is present, AWS KMS does not return more than the specified number // of items, but it might return fewer. Limit *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with // truncated results. Set it to the value of NextMarker from the truncated response // you just received. Marker *string `min:"1" type:"string"` } // String returns the string representation func (s DescribeCustomKeyStoresInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DescribeCustomKeyStoresInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DescribeCustomKeyStoresInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DescribeCustomKeyStoresInput"} if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) } if s.CustomKeyStoreName != nil && len(*s.CustomKeyStoreName) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreName", 1)) } if s.Limit != nil && *s.Limit < 1 { invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } if s.Marker != nil && len(*s.Marker) < 1 { invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *DescribeCustomKeyStoresInput) SetCustomKeyStoreId(v string) *DescribeCustomKeyStoresInput { s.CustomKeyStoreId = &v return s } // SetCustomKeyStoreName sets the CustomKeyStoreName field's value. func (s *DescribeCustomKeyStoresInput) SetCustomKeyStoreName(v string) *DescribeCustomKeyStoresInput { s.CustomKeyStoreName = &v return s } // SetLimit sets the Limit field's value. func (s *DescribeCustomKeyStoresInput) SetLimit(v int64) *DescribeCustomKeyStoresInput { s.Limit = &v return s } // SetMarker sets the Marker field's value. func (s *DescribeCustomKeyStoresInput) SetMarker(v string) *DescribeCustomKeyStoresInput { s.Marker = &v return s } type DescribeCustomKeyStoresOutput struct { _ struct{} `type:"structure"` // Contains metadata about each custom key store. CustomKeyStores []*CustomKeyStoresListEntry `type:"list"` // When Truncated is true, this element is present and contains the value to // use for the Marker parameter in a subsequent request. NextMarker *string `min:"1" type:"string"` // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } // String returns the string representation func (s DescribeCustomKeyStoresOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DescribeCustomKeyStoresOutput) GoString() string { return s.String() } // SetCustomKeyStores sets the CustomKeyStores field's value. func (s *DescribeCustomKeyStoresOutput) SetCustomKeyStores(v []*CustomKeyStoresListEntry) *DescribeCustomKeyStoresOutput { s.CustomKeyStores = v return s } // SetNextMarker sets the NextMarker field's value. func (s *DescribeCustomKeyStoresOutput) SetNextMarker(v string) *DescribeCustomKeyStoresOutput { s.NextMarker = &v return s } // SetTruncated sets the Truncated field's value. func (s *DescribeCustomKeyStoresOutput) SetTruncated(v bool) *DescribeCustomKeyStoresOutput { s.Truncated = &v return s } type DescribeKeyInput struct { _ struct{} `type:"structure"` // A list of grant tokens. // // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // Describes the specified customer master key (CMK). // // If you specify a predefined AWS alias (an AWS alias with no key ID), KMS // associates the alias with an AWS managed CMK (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) // and returns its KeyId and Arn in the response. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify // a CMK in a different AWS account, you must use the key ARN or alias ARN. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // * Alias name: alias/ExampleAlias // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To // get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s DescribeKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DescribeKeyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DescribeKeyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DescribeKeyInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetGrantTokens sets the GrantTokens field's value. func (s *DescribeKeyInput) SetGrantTokens(v []*string) *DescribeKeyInput { s.GrantTokens = v return s } // SetKeyId sets the KeyId field's value. func (s *DescribeKeyInput) SetKeyId(v string) *DescribeKeyInput { s.KeyId = &v return s } type DescribeKeyOutput struct { _ struct{} `type:"structure"` // Metadata associated with the key. KeyMetadata *KeyMetadata `type:"structure"` } // String returns the string representation func (s DescribeKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DescribeKeyOutput) GoString() string { return s.String() } // SetKeyMetadata sets the KeyMetadata field's value. func (s *DescribeKeyOutput) SetKeyMetadata(v *KeyMetadata) *DescribeKeyOutput { s.KeyMetadata = v return s } type DisableKeyInput struct { _ struct{} `type:"structure"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s DisableKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisableKeyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DisableKeyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DisableKeyInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *DisableKeyInput) SetKeyId(v string) *DisableKeyInput { s.KeyId = &v return s } type DisableKeyOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s DisableKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisableKeyOutput) GoString() string { return s.String() } type DisableKeyRotationInput struct { _ struct{} `type:"structure"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s DisableKeyRotationInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisableKeyRotationInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DisableKeyRotationInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DisableKeyRotationInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *DisableKeyRotationInput) SetKeyId(v string) *DisableKeyRotationInput { s.KeyId = &v return s } type DisableKeyRotationOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s DisableKeyRotationOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisableKeyRotationOutput) GoString() string { return s.String() } type DisconnectCustomKeyStoreInput struct { _ struct{} `type:"structure"` // Enter the ID of the custom key store you want to disconnect. To find the // ID of a custom key store, use the DescribeCustomKeyStores operation. // // CustomKeyStoreId is a required field CustomKeyStoreId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s DisconnectCustomKeyStoreInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisconnectCustomKeyStoreInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *DisconnectCustomKeyStoreInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "DisconnectCustomKeyStoreInput"} if s.CustomKeyStoreId == nil { invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) } if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *DisconnectCustomKeyStoreInput) SetCustomKeyStoreId(v string) *DisconnectCustomKeyStoreInput { s.CustomKeyStoreId = &v return s } type DisconnectCustomKeyStoreOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s DisconnectCustomKeyStoreOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s DisconnectCustomKeyStoreOutput) GoString() string { return s.String() } type EnableKeyInput struct { _ struct{} `type:"structure"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s EnableKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EnableKeyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *EnableKeyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "EnableKeyInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *EnableKeyInput) SetKeyId(v string) *EnableKeyInput { s.KeyId = &v return s } type EnableKeyOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s EnableKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EnableKeyOutput) GoString() string { return s.String() } type EnableKeyRotationInput struct { _ struct{} `type:"structure"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s EnableKeyRotationInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EnableKeyRotationInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *EnableKeyRotationInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "EnableKeyRotationInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *EnableKeyRotationInput) SetKeyId(v string) *EnableKeyRotationInput { s.KeyId = &v return s } type EnableKeyRotationOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s EnableKeyRotationOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EnableKeyRotationOutput) GoString() string { return s.String() } type EncryptInput struct { _ struct{} `type:"structure"` // Name-value pair that specifies the encryption context to be used for authenticated // encryption. If used here, the same value must be supplied to the Decrypt // API or decryption will fail. For more information, see Encryption Context // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // A unique identifier for the customer master key (CMK). // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify // a CMK in a different AWS account, you must use the key ARN or alias ARN. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // * Alias name: alias/ExampleAlias // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To // get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Data to be encrypted. // // Plaintext is automatically base64 encoded/decoded by the SDK. // // Plaintext is a required field Plaintext []byte `min:"1" type:"blob" required:"true" sensitive:"true"` } // String returns the string representation func (s EncryptInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EncryptInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *EncryptInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "EncryptInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Plaintext == nil { invalidParams.Add(request.NewErrParamRequired("Plaintext")) } if s.Plaintext != nil && len(s.Plaintext) < 1 { invalidParams.Add(request.NewErrParamMinLen("Plaintext", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetEncryptionContext sets the EncryptionContext field's value. func (s *EncryptInput) SetEncryptionContext(v map[string]*string) *EncryptInput { s.EncryptionContext = v return s } // SetGrantTokens sets the GrantTokens field's value. func (s *EncryptInput) SetGrantTokens(v []*string) *EncryptInput { s.GrantTokens = v return s } // SetKeyId sets the KeyId field's value. func (s *EncryptInput) SetKeyId(v string) *EncryptInput { s.KeyId = &v return s } // SetPlaintext sets the Plaintext field's value. func (s *EncryptInput) SetPlaintext(v []byte) *EncryptInput { s.Plaintext = v return s } type EncryptOutput struct { _ struct{} `type:"structure"` // The encrypted plaintext. When you use the HTTP API or the AWS CLI, the value // is Base64-encoded. Otherwise, it is not encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` // The ID of the key used during encryption. KeyId *string `min:"1" type:"string"` } // String returns the string representation func (s EncryptOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s EncryptOutput) GoString() string { return s.String() } // SetCiphertextBlob sets the CiphertextBlob field's value. func (s *EncryptOutput) SetCiphertextBlob(v []byte) *EncryptOutput { s.CiphertextBlob = v return s } // SetKeyId sets the KeyId field's value. func (s *EncryptOutput) SetKeyId(v string) *EncryptOutput { s.KeyId = &v return s } type GenerateDataKeyInput struct { _ struct{} `type:"structure"` // A set of key-value pairs that represents additional authenticated data. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the AWS Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // An identifier for the CMK that encrypts the data key. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify // a CMK in a different AWS account, you must use the key ARN or alias ARN. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // * Alias name: alias/ExampleAlias // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To // get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // The length of the data key. Use AES_128 to generate a 128-bit symmetric key, // or AES_256 to generate a 256-bit symmetric key. KeySpec *string `type:"string" enum:"DataKeySpec"` // The length of the data key in bytes. For example, use the value 64 to generate // a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit // and 256-bit symmetric keys), we recommend that you use the KeySpec field // instead of this one. NumberOfBytes *int64 `min:"1" type:"integer"` } // String returns the string representation func (s GenerateDataKeyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateDataKeyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *GenerateDataKeyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GenerateDataKeyInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetEncryptionContext sets the EncryptionContext field's value. func (s *GenerateDataKeyInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyInput { s.EncryptionContext = v return s } // SetGrantTokens sets the GrantTokens field's value. func (s *GenerateDataKeyInput) SetGrantTokens(v []*string) *GenerateDataKeyInput { s.GrantTokens = v return s } // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyInput) SetKeyId(v string) *GenerateDataKeyInput { s.KeyId = &v return s } // SetKeySpec sets the KeySpec field's value. func (s *GenerateDataKeyInput) SetKeySpec(v string) *GenerateDataKeyInput { s.KeySpec = &v return s } // SetNumberOfBytes sets the NumberOfBytes field's value. func (s *GenerateDataKeyInput) SetNumberOfBytes(v int64) *GenerateDataKeyInput { s.NumberOfBytes = &v return s } type GenerateDataKeyOutput struct { _ struct{} `type:"structure"` // The encrypted copy of the data key. When you use the HTTP API or the AWS // CLI, the value is Base64-encoded. Otherwise, it is not encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` // The identifier of the CMK that encrypted the data key. KeyId *string `min:"1" type:"string"` // The plaintext data key. When you use the HTTP API or the AWS CLI, the value // is Base64-encoded. Otherwise, it is not encoded. Use this data key to encrypt // your data outside of KMS. Then, remove it from memory as soon as possible. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` } // String returns the string representation func (s GenerateDataKeyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateDataKeyOutput) GoString() string { return s.String() } // SetCiphertextBlob sets the CiphertextBlob field's value. func (s *GenerateDataKeyOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyOutput { s.CiphertextBlob = v return s } // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyOutput) SetKeyId(v string) *GenerateDataKeyOutput { s.KeyId = &v return s } // SetPlaintext sets the Plaintext field's value. func (s *GenerateDataKeyOutput) SetPlaintext(v []byte) *GenerateDataKeyOutput { s.Plaintext = v return s } type GenerateDataKeyWithoutPlaintextInput struct { _ struct{} `type:"structure"` // A set of key-value pairs that represents additional authenticated data. // // For more information, see Encryption Context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context) // in the AWS Key Management Service Developer Guide. EncryptionContext map[string]*string `type:"map"` // A list of grant tokens. // // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // The identifier of the customer master key (CMK) that encrypts the data key. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify // a CMK in a different AWS account, you must use the key ARN or alias ARN. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // * Alias name: alias/ExampleAlias // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To // get the alias name and alias ARN, use ListAliases. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // The length of the data key. Use AES_128 to generate a 128-bit symmetric key, // or AES_256 to generate a 256-bit symmetric key. KeySpec *string `type:"string" enum:"DataKeySpec"` // The length of the data key in bytes. For example, use the value 64 to generate // a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit // and 256-bit symmetric keys), we recommend that you use the KeySpec field // instead of this one. NumberOfBytes *int64 `min:"1" type:"integer"` } // String returns the string representation func (s GenerateDataKeyWithoutPlaintextInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateDataKeyWithoutPlaintextInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *GenerateDataKeyWithoutPlaintextInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GenerateDataKeyWithoutPlaintextInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetEncryptionContext sets the EncryptionContext field's value. func (s *GenerateDataKeyWithoutPlaintextInput) SetEncryptionContext(v map[string]*string) *GenerateDataKeyWithoutPlaintextInput { s.EncryptionContext = v return s } // SetGrantTokens sets the GrantTokens field's value. func (s *GenerateDataKeyWithoutPlaintextInput) SetGrantTokens(v []*string) *GenerateDataKeyWithoutPlaintextInput { s.GrantTokens = v return s } // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyWithoutPlaintextInput) SetKeyId(v string) *GenerateDataKeyWithoutPlaintextInput { s.KeyId = &v return s } // SetKeySpec sets the KeySpec field's value. func (s *GenerateDataKeyWithoutPlaintextInput) SetKeySpec(v string) *GenerateDataKeyWithoutPlaintextInput { s.KeySpec = &v return s } // SetNumberOfBytes sets the NumberOfBytes field's value. func (s *GenerateDataKeyWithoutPlaintextInput) SetNumberOfBytes(v int64) *GenerateDataKeyWithoutPlaintextInput { s.NumberOfBytes = &v return s } type GenerateDataKeyWithoutPlaintextOutput struct { _ struct{} `type:"structure"` // The encrypted data key. When you use the HTTP API or the AWS CLI, the value // is Base64-encoded. Otherwise, it is not encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` // The identifier of the CMK that encrypted the data key. KeyId *string `min:"1" type:"string"` } // String returns the string representation func (s GenerateDataKeyWithoutPlaintextOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateDataKeyWithoutPlaintextOutput) GoString() string { return s.String() } // SetCiphertextBlob sets the CiphertextBlob field's value. func (s *GenerateDataKeyWithoutPlaintextOutput) SetCiphertextBlob(v []byte) *GenerateDataKeyWithoutPlaintextOutput { s.CiphertextBlob = v return s } // SetKeyId sets the KeyId field's value. func (s *GenerateDataKeyWithoutPlaintextOutput) SetKeyId(v string) *GenerateDataKeyWithoutPlaintextOutput { s.KeyId = &v return s } type GenerateRandomInput struct { _ struct{} `type:"structure"` // Generates the random byte string in the AWS CloudHSM cluster that is associated // with the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html). // To find the ID of a custom key store, use the DescribeCustomKeyStores operation. CustomKeyStoreId *string `min:"1" type:"string"` // The length of the byte string. NumberOfBytes *int64 `min:"1" type:"integer"` } // String returns the string representation func (s GenerateRandomInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateRandomInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *GenerateRandomInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GenerateRandomInput"} if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) } if s.NumberOfBytes != nil && *s.NumberOfBytes < 1 { invalidParams.Add(request.NewErrParamMinValue("NumberOfBytes", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *GenerateRandomInput) SetCustomKeyStoreId(v string) *GenerateRandomInput { s.CustomKeyStoreId = &v return s } // SetNumberOfBytes sets the NumberOfBytes field's value. func (s *GenerateRandomInput) SetNumberOfBytes(v int64) *GenerateRandomInput { s.NumberOfBytes = &v return s } type GenerateRandomOutput struct { _ struct{} `type:"structure"` // The random byte string. When you use the HTTP API or the AWS CLI, the value // is Base64-encoded. Otherwise, it is not encoded. // // Plaintext is automatically base64 encoded/decoded by the SDK. Plaintext []byte `min:"1" type:"blob" sensitive:"true"` } // String returns the string representation func (s GenerateRandomOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GenerateRandomOutput) GoString() string { return s.String() } // SetPlaintext sets the Plaintext field's value. func (s *GenerateRandomOutput) SetPlaintext(v []byte) *GenerateRandomOutput { s.Plaintext = v return s } type GetKeyPolicyInput struct { _ struct{} `type:"structure"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Specifies the name of the key policy. The only valid name is default. To // get the names of key policies, use ListKeyPolicies. // // PolicyName is a required field PolicyName *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s GetKeyPolicyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetKeyPolicyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *GetKeyPolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GetKeyPolicyInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.PolicyName == nil { invalidParams.Add(request.NewErrParamRequired("PolicyName")) } if s.PolicyName != nil && len(*s.PolicyName) < 1 { invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *GetKeyPolicyInput) SetKeyId(v string) *GetKeyPolicyInput { s.KeyId = &v return s } // SetPolicyName sets the PolicyName field's value. func (s *GetKeyPolicyInput) SetPolicyName(v string) *GetKeyPolicyInput { s.PolicyName = &v return s } type GetKeyPolicyOutput struct { _ struct{} `type:"structure"` // A key policy document in JSON format. Policy *string `min:"1" type:"string"` } // String returns the string representation func (s GetKeyPolicyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetKeyPolicyOutput) GoString() string { return s.String() } // SetPolicy sets the Policy field's value. func (s *GetKeyPolicyOutput) SetPolicy(v string) *GetKeyPolicyOutput { s.Policy = &v return s } type GetKeyRotationStatusInput struct { _ struct{} `type:"structure"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify // a CMK in a different AWS account, you must use the key ARN. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s GetKeyRotationStatusInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetKeyRotationStatusInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *GetKeyRotationStatusInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GetKeyRotationStatusInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *GetKeyRotationStatusInput) SetKeyId(v string) *GetKeyRotationStatusInput { s.KeyId = &v return s } type GetKeyRotationStatusOutput struct { _ struct{} `type:"structure"` // A Boolean value that specifies whether key rotation is enabled. KeyRotationEnabled *bool `type:"boolean"` } // String returns the string representation func (s GetKeyRotationStatusOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetKeyRotationStatusOutput) GoString() string { return s.String() } // SetKeyRotationEnabled sets the KeyRotationEnabled field's value. func (s *GetKeyRotationStatusOutput) SetKeyRotationEnabled(v bool) *GetKeyRotationStatusOutput { s.KeyRotationEnabled = &v return s } type GetParametersForImportInput struct { _ struct{} `type:"structure"` // The identifier of the CMK into which you will import key material. The CMK's // Origin must be EXTERNAL. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // The algorithm you will use to encrypt the key material before importing it // with ImportKeyMaterial. For more information, see Encrypt the Key Material // (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html) // in the AWS Key Management Service Developer Guide. // // WrappingAlgorithm is a required field WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"` // The type of wrapping key (public key) to return in the response. Only 2048-bit // RSA public keys are supported. // // WrappingKeySpec is a required field WrappingKeySpec *string `type:"string" required:"true" enum:"WrappingKeySpec"` } // String returns the string representation func (s GetParametersForImportInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetParametersForImportInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *GetParametersForImportInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "GetParametersForImportInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.WrappingAlgorithm == nil { invalidParams.Add(request.NewErrParamRequired("WrappingAlgorithm")) } if s.WrappingKeySpec == nil { invalidParams.Add(request.NewErrParamRequired("WrappingKeySpec")) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *GetParametersForImportInput) SetKeyId(v string) *GetParametersForImportInput { s.KeyId = &v return s } // SetWrappingAlgorithm sets the WrappingAlgorithm field's value. func (s *GetParametersForImportInput) SetWrappingAlgorithm(v string) *GetParametersForImportInput { s.WrappingAlgorithm = &v return s } // SetWrappingKeySpec sets the WrappingKeySpec field's value. func (s *GetParametersForImportInput) SetWrappingKeySpec(v string) *GetParametersForImportInput { s.WrappingKeySpec = &v return s } type GetParametersForImportOutput struct { _ struct{} `type:"structure"` // The import token to send in a subsequent ImportKeyMaterial request. // // ImportToken is automatically base64 encoded/decoded by the SDK. ImportToken []byte `min:"1" type:"blob"` // The identifier of the CMK to use in a subsequent ImportKeyMaterial request. // This is the same CMK specified in the GetParametersForImport request. KeyId *string `min:"1" type:"string"` // The time at which the import token and public key are no longer valid. After // this time, you cannot use them to make an ImportKeyMaterial request and you // must send another GetParametersForImport request to get new ones. ParametersValidTo *time.Time `type:"timestamp"` // The public key to use to encrypt the key material before importing it with // ImportKeyMaterial. // // PublicKey is automatically base64 encoded/decoded by the SDK. PublicKey []byte `min:"1" type:"blob" sensitive:"true"` } // String returns the string representation func (s GetParametersForImportOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GetParametersForImportOutput) GoString() string { return s.String() } // SetImportToken sets the ImportToken field's value. func (s *GetParametersForImportOutput) SetImportToken(v []byte) *GetParametersForImportOutput { s.ImportToken = v return s } // SetKeyId sets the KeyId field's value. func (s *GetParametersForImportOutput) SetKeyId(v string) *GetParametersForImportOutput { s.KeyId = &v return s } // SetParametersValidTo sets the ParametersValidTo field's value. func (s *GetParametersForImportOutput) SetParametersValidTo(v time.Time) *GetParametersForImportOutput { s.ParametersValidTo = &v return s } // SetPublicKey sets the PublicKey field's value. func (s *GetParametersForImportOutput) SetPublicKey(v []byte) *GetParametersForImportOutput { s.PublicKey = v return s } // Use this structure to allow cryptographic operations in the grant only when // the operation request includes the specified encryption context (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context). // // AWS KMS applies the grant constraints only when the grant allows a cryptographic // operation that accepts an encryption context as input, such as the following. // // * Encrypt // // * Decrypt // // * GenerateDataKey // // * GenerateDataKeyWithoutPlaintext // // * ReEncrypt // // AWS KMS does not apply the grant constraints to other operations, such as // DescribeKey or ScheduleKeyDeletion. // // In a cryptographic operation, the encryption context in the decryption operation // must be an exact, case-sensitive match for the keys and values in the encryption // context of the encryption operation. Only the order of the pairs can vary. // // However, in a grant constraint, the key in each key-value pair is not case // sensitive, but the value is case sensitive. // // To avoid confusion, do not use multiple encryption context pairs that differ // only by case. To require a fully case-sensitive encryption context, use the // kms:EncryptionContext: and kms:EncryptionContextKeys conditions in an IAM // or key policy. For details, see kms:EncryptionContext: (https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context) // in the AWS Key Management Service Developer Guide . type GrantConstraints struct { _ struct{} `type:"structure"` // A list of key-value pairs that must match the encryption context in the cryptographic // operation request. The grant allows the operation only when the encryption // context in the request is the same as the encryption context specified in // this constraint. EncryptionContextEquals map[string]*string `type:"map"` // A list of key-value pairs that must be included in the encryption context // of the cryptographic operation request. The grant allows the cryptographic // operation only when the encryption context in the request includes the key-value // pairs specified in this constraint, although it can include additional key-value // pairs. EncryptionContextSubset map[string]*string `type:"map"` } // String returns the string representation func (s GrantConstraints) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GrantConstraints) GoString() string { return s.String() } // SetEncryptionContextEquals sets the EncryptionContextEquals field's value. func (s *GrantConstraints) SetEncryptionContextEquals(v map[string]*string) *GrantConstraints { s.EncryptionContextEquals = v return s } // SetEncryptionContextSubset sets the EncryptionContextSubset field's value. func (s *GrantConstraints) SetEncryptionContextSubset(v map[string]*string) *GrantConstraints { s.EncryptionContextSubset = v return s } // Contains information about an entry in a list of grants. type GrantListEntry struct { _ struct{} `type:"structure"` // A list of key-value pairs that must be present in the encryption context // of certain subsequent operations that the grant allows. Constraints *GrantConstraints `type:"structure"` // The date and time when the grant was created. CreationDate *time.Time `type:"timestamp"` // The unique identifier for the grant. GrantId *string `min:"1" type:"string"` // The principal that receives the grant's permissions. GranteePrincipal *string `min:"1" type:"string"` // The AWS account under which the grant was issued. IssuingAccount *string `min:"1" type:"string"` // The unique identifier for the customer master key (CMK) to which the grant // applies. KeyId *string `min:"1" type:"string"` // The friendly name that identifies the grant. If a name was provided in the // CreateGrant request, that name is returned. Otherwise this value is null. Name *string `min:"1" type:"string"` // The list of operations permitted by the grant. Operations []*string `type:"list"` // The principal that can retire the grant. RetiringPrincipal *string `min:"1" type:"string"` } // String returns the string representation func (s GrantListEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s GrantListEntry) GoString() string { return s.String() } // SetConstraints sets the Constraints field's value. func (s *GrantListEntry) SetConstraints(v *GrantConstraints) *GrantListEntry { s.Constraints = v return s } // SetCreationDate sets the CreationDate field's value. func (s *GrantListEntry) SetCreationDate(v time.Time) *GrantListEntry { s.CreationDate = &v return s } // SetGrantId sets the GrantId field's value. func (s *GrantListEntry) SetGrantId(v string) *GrantListEntry { s.GrantId = &v return s } // SetGranteePrincipal sets the GranteePrincipal field's value. func (s *GrantListEntry) SetGranteePrincipal(v string) *GrantListEntry { s.GranteePrincipal = &v return s } // SetIssuingAccount sets the IssuingAccount field's value. func (s *GrantListEntry) SetIssuingAccount(v string) *GrantListEntry { s.IssuingAccount = &v return s } // SetKeyId sets the KeyId field's value. func (s *GrantListEntry) SetKeyId(v string) *GrantListEntry { s.KeyId = &v return s } // SetName sets the Name field's value. func (s *GrantListEntry) SetName(v string) *GrantListEntry { s.Name = &v return s } // SetOperations sets the Operations field's value. func (s *GrantListEntry) SetOperations(v []*string) *GrantListEntry { s.Operations = v return s } // SetRetiringPrincipal sets the RetiringPrincipal field's value. func (s *GrantListEntry) SetRetiringPrincipal(v string) *GrantListEntry { s.RetiringPrincipal = &v return s } type ImportKeyMaterialInput struct { _ struct{} `type:"structure"` // The encrypted key material to import. It must be encrypted with the public // key that you received in the response to a previous GetParametersForImport // request, using the wrapping algorithm that you specified in that request. // // EncryptedKeyMaterial is automatically base64 encoded/decoded by the SDK. // // EncryptedKeyMaterial is a required field EncryptedKeyMaterial []byte `min:"1" type:"blob" required:"true"` // Specifies whether the key material expires. The default is KEY_MATERIAL_EXPIRES, // in which case you must include the ValidTo parameter. When this parameter // is set to KEY_MATERIAL_DOES_NOT_EXPIRE, you must omit the ValidTo parameter. ExpirationModel *string `type:"string" enum:"ExpirationModelType"` // The import token that you received in the response to a previous GetParametersForImport // request. It must be from the same response that contained the public key // that you used to encrypt the key material. // // ImportToken is automatically base64 encoded/decoded by the SDK. // // ImportToken is a required field ImportToken []byte `min:"1" type:"blob" required:"true"` // The identifier of the CMK to import the key material into. The CMK's Origin // must be EXTERNAL. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // The time at which the imported key material expires. When the key material // expires, AWS KMS deletes the key material and the CMK becomes unusable. You // must omit this parameter when the ExpirationModel parameter is set to KEY_MATERIAL_DOES_NOT_EXPIRE. // Otherwise it is required. ValidTo *time.Time `type:"timestamp"` } // String returns the string representation func (s ImportKeyMaterialInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ImportKeyMaterialInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ImportKeyMaterialInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ImportKeyMaterialInput"} if s.EncryptedKeyMaterial == nil { invalidParams.Add(request.NewErrParamRequired("EncryptedKeyMaterial")) } if s.EncryptedKeyMaterial != nil && len(s.EncryptedKeyMaterial) < 1 { invalidParams.Add(request.NewErrParamMinLen("EncryptedKeyMaterial", 1)) } if s.ImportToken == nil { invalidParams.Add(request.NewErrParamRequired("ImportToken")) } if s.ImportToken != nil && len(s.ImportToken) < 1 { invalidParams.Add(request.NewErrParamMinLen("ImportToken", 1)) } if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetEncryptedKeyMaterial sets the EncryptedKeyMaterial field's value. func (s *ImportKeyMaterialInput) SetEncryptedKeyMaterial(v []byte) *ImportKeyMaterialInput { s.EncryptedKeyMaterial = v return s } // SetExpirationModel sets the ExpirationModel field's value. func (s *ImportKeyMaterialInput) SetExpirationModel(v string) *ImportKeyMaterialInput { s.ExpirationModel = &v return s } // SetImportToken sets the ImportToken field's value. func (s *ImportKeyMaterialInput) SetImportToken(v []byte) *ImportKeyMaterialInput { s.ImportToken = v return s } // SetKeyId sets the KeyId field's value. func (s *ImportKeyMaterialInput) SetKeyId(v string) *ImportKeyMaterialInput { s.KeyId = &v return s } // SetValidTo sets the ValidTo field's value. func (s *ImportKeyMaterialInput) SetValidTo(v time.Time) *ImportKeyMaterialInput { s.ValidTo = &v return s } type ImportKeyMaterialOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s ImportKeyMaterialOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ImportKeyMaterialOutput) GoString() string { return s.String() } // Contains information about each entry in the key list. type KeyListEntry struct { _ struct{} `type:"structure"` // ARN of the key. KeyArn *string `min:"20" type:"string"` // Unique identifier of the key. KeyId *string `min:"1" type:"string"` } // String returns the string representation func (s KeyListEntry) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s KeyListEntry) GoString() string { return s.String() } // SetKeyArn sets the KeyArn field's value. func (s *KeyListEntry) SetKeyArn(v string) *KeyListEntry { s.KeyArn = &v return s } // SetKeyId sets the KeyId field's value. func (s *KeyListEntry) SetKeyId(v string) *KeyListEntry { s.KeyId = &v return s } // Contains metadata about a customer master key (CMK). // // This data type is used as a response element for the CreateKey and DescribeKey // operations. type KeyMetadata struct { _ struct{} `type:"structure"` // The twelve-digit account ID of the AWS account that owns the CMK. AWSAccountId *string `type:"string"` // The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management // Service (AWS KMS) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms) // in the Example ARNs section of the AWS General Reference. Arn *string `min:"20" type:"string"` // The cluster ID of the AWS CloudHSM cluster that contains the key material // for the CMK. When you create a CMK in a custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html), // AWS KMS creates the key material for the CMK in the associated AWS CloudHSM // cluster. This value is present only when the CMK is created in a custom key // store. CloudHsmClusterId *string `min:"19" type:"string"` // The date and time when the CMK was created. CreationDate *time.Time `type:"timestamp"` // A unique identifier for the custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html) // that contains the CMK. This value is present only when the CMK is created // in a custom key store. CustomKeyStoreId *string `min:"1" type:"string"` // The date and time after which AWS KMS deletes the CMK. This value is present // only when KeyState is PendingDeletion. DeletionDate *time.Time `type:"timestamp"` // The description of the CMK. Description *string `type:"string"` // Specifies whether the CMK is enabled. When KeyState is Enabled this value // is true, otherwise it is false. Enabled *bool `type:"boolean"` // Specifies whether the CMK's key material expires. This value is present only // when Origin is EXTERNAL, otherwise this value is omitted. ExpirationModel *string `type:"string" enum:"ExpirationModelType"` // The globally unique identifier for the CMK. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // The manager of the CMK. CMKs in your AWS account are either customer managed // or AWS managed. For more information about the difference, see Customer Master // Keys (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys) // in the AWS Key Management Service Developer Guide. KeyManager *string `type:"string" enum:"KeyManagerType"` // The state of the CMK. // // For more information about how key state affects the use of a CMK, see How // Key State Affects the Use of a Customer Master Key (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) // in the AWS Key Management Service Developer Guide. KeyState *string `type:"string" enum:"KeyState"` // The cryptographic operations for which you can use the CMK. The only valid // value is ENCRYPT_DECRYPT, which means you can use the CMK to encrypt and // decrypt data. KeyUsage *string `type:"string" enum:"KeyUsageType"` // The source of the CMK's key material. When this value is AWS_KMS, AWS KMS // created the key material. When this value is EXTERNAL, the key material was // imported from your existing key management infrastructure or the CMK lacks // key material. When this value is AWS_CLOUDHSM, the key material was created // in the AWS CloudHSM cluster associated with a custom key store. Origin *string `type:"string" enum:"OriginType"` // The time at which the imported key material expires. When the key material // expires, AWS KMS deletes the key material and the CMK becomes unusable. This // value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel // is KEY_MATERIAL_EXPIRES, otherwise this value is omitted. ValidTo *time.Time `type:"timestamp"` } // String returns the string representation func (s KeyMetadata) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s KeyMetadata) GoString() string { return s.String() } // SetAWSAccountId sets the AWSAccountId field's value. func (s *KeyMetadata) SetAWSAccountId(v string) *KeyMetadata { s.AWSAccountId = &v return s } // SetArn sets the Arn field's value. func (s *KeyMetadata) SetArn(v string) *KeyMetadata { s.Arn = &v return s } // SetCloudHsmClusterId sets the CloudHsmClusterId field's value. func (s *KeyMetadata) SetCloudHsmClusterId(v string) *KeyMetadata { s.CloudHsmClusterId = &v return s } // SetCreationDate sets the CreationDate field's value. func (s *KeyMetadata) SetCreationDate(v time.Time) *KeyMetadata { s.CreationDate = &v return s } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *KeyMetadata) SetCustomKeyStoreId(v string) *KeyMetadata { s.CustomKeyStoreId = &v return s } // SetDeletionDate sets the DeletionDate field's value. func (s *KeyMetadata) SetDeletionDate(v time.Time) *KeyMetadata { s.DeletionDate = &v return s } // SetDescription sets the Description field's value. func (s *KeyMetadata) SetDescription(v string) *KeyMetadata { s.Description = &v return s } // SetEnabled sets the Enabled field's value. func (s *KeyMetadata) SetEnabled(v bool) *KeyMetadata { s.Enabled = &v return s } // SetExpirationModel sets the ExpirationModel field's value. func (s *KeyMetadata) SetExpirationModel(v string) *KeyMetadata { s.ExpirationModel = &v return s } // SetKeyId sets the KeyId field's value. func (s *KeyMetadata) SetKeyId(v string) *KeyMetadata { s.KeyId = &v return s } // SetKeyManager sets the KeyManager field's value. func (s *KeyMetadata) SetKeyManager(v string) *KeyMetadata { s.KeyManager = &v return s } // SetKeyState sets the KeyState field's value. func (s *KeyMetadata) SetKeyState(v string) *KeyMetadata { s.KeyState = &v return s } // SetKeyUsage sets the KeyUsage field's value. func (s *KeyMetadata) SetKeyUsage(v string) *KeyMetadata { s.KeyUsage = &v return s } // SetOrigin sets the Origin field's value. func (s *KeyMetadata) SetOrigin(v string) *KeyMetadata { s.Origin = &v return s } // SetValidTo sets the ValidTo field's value. func (s *KeyMetadata) SetValidTo(v time.Time) *KeyMetadata { s.ValidTo = &v return s } type ListAliasesInput struct { _ struct{} `type:"structure"` // Lists only aliases that refer to the specified CMK. The value of this parameter // can be the ID or Amazon Resource Name (ARN) of a CMK in the caller's account // and region. You cannot use an alias name or alias ARN in this value. // // This parameter is optional. If you omit it, ListAliases returns all aliases // in the account and region. KeyId *string `min:"1" type:"string"` // Use this parameter to specify the maximum number of items to return. When // this value is present, AWS KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and // 100, inclusive. If you do not include a value, it defaults to 50. Limit *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with // truncated results. Set it to the value of NextMarker from the truncated response // you just received. Marker *string `min:"1" type:"string"` } // String returns the string representation func (s ListAliasesInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListAliasesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ListAliasesInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListAliasesInput"} if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Limit != nil && *s.Limit < 1 { invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } if s.Marker != nil && len(*s.Marker) < 1 { invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *ListAliasesInput) SetKeyId(v string) *ListAliasesInput { s.KeyId = &v return s } // SetLimit sets the Limit field's value. func (s *ListAliasesInput) SetLimit(v int64) *ListAliasesInput { s.Limit = &v return s } // SetMarker sets the Marker field's value. func (s *ListAliasesInput) SetMarker(v string) *ListAliasesInput { s.Marker = &v return s } type ListAliasesOutput struct { _ struct{} `type:"structure"` // A list of aliases. Aliases []*AliasListEntry `type:"list"` // When Truncated is true, this element is present and contains the value to // use for the Marker parameter in a subsequent request. NextMarker *string `min:"1" type:"string"` // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } // String returns the string representation func (s ListAliasesOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListAliasesOutput) GoString() string { return s.String() } // SetAliases sets the Aliases field's value. func (s *ListAliasesOutput) SetAliases(v []*AliasListEntry) *ListAliasesOutput { s.Aliases = v return s } // SetNextMarker sets the NextMarker field's value. func (s *ListAliasesOutput) SetNextMarker(v string) *ListAliasesOutput { s.NextMarker = &v return s } // SetTruncated sets the Truncated field's value. func (s *ListAliasesOutput) SetTruncated(v bool) *ListAliasesOutput { s.Truncated = &v return s } type ListGrantsInput struct { _ struct{} `type:"structure"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify // a CMK in a different AWS account, you must use the key ARN. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Use this parameter to specify the maximum number of items to return. When // this value is present, AWS KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and // 100, inclusive. If you do not include a value, it defaults to 50. Limit *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with // truncated results. Set it to the value of NextMarker from the truncated response // you just received. Marker *string `min:"1" type:"string"` } // String returns the string representation func (s ListGrantsInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListGrantsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ListGrantsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListGrantsInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Limit != nil && *s.Limit < 1 { invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } if s.Marker != nil && len(*s.Marker) < 1 { invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *ListGrantsInput) SetKeyId(v string) *ListGrantsInput { s.KeyId = &v return s } // SetLimit sets the Limit field's value. func (s *ListGrantsInput) SetLimit(v int64) *ListGrantsInput { s.Limit = &v return s } // SetMarker sets the Marker field's value. func (s *ListGrantsInput) SetMarker(v string) *ListGrantsInput { s.Marker = &v return s } type ListGrantsResponse struct { _ struct{} `type:"structure"` // A list of grants. Grants []*GrantListEntry `type:"list"` // When Truncated is true, this element is present and contains the value to // use for the Marker parameter in a subsequent request. NextMarker *string `min:"1" type:"string"` // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } // String returns the string representation func (s ListGrantsResponse) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListGrantsResponse) GoString() string { return s.String() } // SetGrants sets the Grants field's value. func (s *ListGrantsResponse) SetGrants(v []*GrantListEntry) *ListGrantsResponse { s.Grants = v return s } // SetNextMarker sets the NextMarker field's value. func (s *ListGrantsResponse) SetNextMarker(v string) *ListGrantsResponse { s.NextMarker = &v return s } // SetTruncated sets the Truncated field's value. func (s *ListGrantsResponse) SetTruncated(v bool) *ListGrantsResponse { s.Truncated = &v return s } type ListKeyPoliciesInput struct { _ struct{} `type:"structure"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Use this parameter to specify the maximum number of items to return. When // this value is present, AWS KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and // 1000, inclusive. If you do not include a value, it defaults to 100. // // Only one policy can be attached to a key. Limit *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with // truncated results. Set it to the value of NextMarker from the truncated response // you just received. Marker *string `min:"1" type:"string"` } // String returns the string representation func (s ListKeyPoliciesInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListKeyPoliciesInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ListKeyPoliciesInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListKeyPoliciesInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Limit != nil && *s.Limit < 1 { invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } if s.Marker != nil && len(*s.Marker) < 1 { invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *ListKeyPoliciesInput) SetKeyId(v string) *ListKeyPoliciesInput { s.KeyId = &v return s } // SetLimit sets the Limit field's value. func (s *ListKeyPoliciesInput) SetLimit(v int64) *ListKeyPoliciesInput { s.Limit = &v return s } // SetMarker sets the Marker field's value. func (s *ListKeyPoliciesInput) SetMarker(v string) *ListKeyPoliciesInput { s.Marker = &v return s } type ListKeyPoliciesOutput struct { _ struct{} `type:"structure"` // When Truncated is true, this element is present and contains the value to // use for the Marker parameter in a subsequent request. NextMarker *string `min:"1" type:"string"` // A list of key policy names. The only valid value is default. PolicyNames []*string `type:"list"` // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } // String returns the string representation func (s ListKeyPoliciesOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListKeyPoliciesOutput) GoString() string { return s.String() } // SetNextMarker sets the NextMarker field's value. func (s *ListKeyPoliciesOutput) SetNextMarker(v string) *ListKeyPoliciesOutput { s.NextMarker = &v return s } // SetPolicyNames sets the PolicyNames field's value. func (s *ListKeyPoliciesOutput) SetPolicyNames(v []*string) *ListKeyPoliciesOutput { s.PolicyNames = v return s } // SetTruncated sets the Truncated field's value. func (s *ListKeyPoliciesOutput) SetTruncated(v bool) *ListKeyPoliciesOutput { s.Truncated = &v return s } type ListKeysInput struct { _ struct{} `type:"structure"` // Use this parameter to specify the maximum number of items to return. When // this value is present, AWS KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and // 1000, inclusive. If you do not include a value, it defaults to 100. Limit *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with // truncated results. Set it to the value of NextMarker from the truncated response // you just received. Marker *string `min:"1" type:"string"` } // String returns the string representation func (s ListKeysInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListKeysInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ListKeysInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListKeysInput"} if s.Limit != nil && *s.Limit < 1 { invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } if s.Marker != nil && len(*s.Marker) < 1 { invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetLimit sets the Limit field's value. func (s *ListKeysInput) SetLimit(v int64) *ListKeysInput { s.Limit = &v return s } // SetMarker sets the Marker field's value. func (s *ListKeysInput) SetMarker(v string) *ListKeysInput { s.Marker = &v return s } type ListKeysOutput struct { _ struct{} `type:"structure"` // A list of customer master keys (CMKs). Keys []*KeyListEntry `type:"list"` // When Truncated is true, this element is present and contains the value to // use for the Marker parameter in a subsequent request. NextMarker *string `min:"1" type:"string"` // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } // String returns the string representation func (s ListKeysOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListKeysOutput) GoString() string { return s.String() } // SetKeys sets the Keys field's value. func (s *ListKeysOutput) SetKeys(v []*KeyListEntry) *ListKeysOutput { s.Keys = v return s } // SetNextMarker sets the NextMarker field's value. func (s *ListKeysOutput) SetNextMarker(v string) *ListKeysOutput { s.NextMarker = &v return s } // SetTruncated sets the Truncated field's value. func (s *ListKeysOutput) SetTruncated(v bool) *ListKeysOutput { s.Truncated = &v return s } type ListResourceTagsInput struct { _ struct{} `type:"structure"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // Use this parameter to specify the maximum number of items to return. When // this value is present, AWS KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and // 50, inclusive. If you do not include a value, it defaults to 50. Limit *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with // truncated results. Set it to the value of NextMarker from the truncated response // you just received. // // Do not attempt to construct this value. Use only the value of NextMarker // from the truncated response you just received. Marker *string `min:"1" type:"string"` } // String returns the string representation func (s ListResourceTagsInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListResourceTagsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ListResourceTagsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListResourceTagsInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Limit != nil && *s.Limit < 1 { invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } if s.Marker != nil && len(*s.Marker) < 1 { invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *ListResourceTagsInput) SetKeyId(v string) *ListResourceTagsInput { s.KeyId = &v return s } // SetLimit sets the Limit field's value. func (s *ListResourceTagsInput) SetLimit(v int64) *ListResourceTagsInput { s.Limit = &v return s } // SetMarker sets the Marker field's value. func (s *ListResourceTagsInput) SetMarker(v string) *ListResourceTagsInput { s.Marker = &v return s } type ListResourceTagsOutput struct { _ struct{} `type:"structure"` // When Truncated is true, this element is present and contains the value to // use for the Marker parameter in a subsequent request. // // Do not assume or infer any information from this value. NextMarker *string `min:"1" type:"string"` // A list of tags. Each tag consists of a tag key and a tag value. Tags []*Tag `type:"list"` // A flag that indicates whether there are more items in the list. When this // value is true, the list in this response is truncated. To get more items, // pass the value of the NextMarker element in thisresponse to the Marker parameter // in a subsequent request. Truncated *bool `type:"boolean"` } // String returns the string representation func (s ListResourceTagsOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListResourceTagsOutput) GoString() string { return s.String() } // SetNextMarker sets the NextMarker field's value. func (s *ListResourceTagsOutput) SetNextMarker(v string) *ListResourceTagsOutput { s.NextMarker = &v return s } // SetTags sets the Tags field's value. func (s *ListResourceTagsOutput) SetTags(v []*Tag) *ListResourceTagsOutput { s.Tags = v return s } // SetTruncated sets the Truncated field's value. func (s *ListResourceTagsOutput) SetTruncated(v bool) *ListResourceTagsOutput { s.Truncated = &v return s } type ListRetirableGrantsInput struct { _ struct{} `type:"structure"` // Use this parameter to specify the maximum number of items to return. When // this value is present, AWS KMS does not return more than the specified number // of items, but it might return fewer. // // This value is optional. If you include a value, it must be between 1 and // 100, inclusive. If you do not include a value, it defaults to 50. Limit *int64 `min:"1" type:"integer"` // Use this parameter in a subsequent request after you receive a response with // truncated results. Set it to the value of NextMarker from the truncated response // you just received. Marker *string `min:"1" type:"string"` // The retiring principal for which to list grants. // // To specify the retiring principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) // of an AWS principal. Valid AWS principals include AWS accounts (root), IAM // users, federated users, and assumed role users. For examples of the ARN syntax // for specifying a principal, see AWS Identity and Access Management (IAM) // (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam) // in the Example ARNs section of the Amazon Web Services General Reference. // // RetiringPrincipal is a required field RetiringPrincipal *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s ListRetirableGrantsInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ListRetirableGrantsInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ListRetirableGrantsInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ListRetirableGrantsInput"} if s.Limit != nil && *s.Limit < 1 { invalidParams.Add(request.NewErrParamMinValue("Limit", 1)) } if s.Marker != nil && len(*s.Marker) < 1 { invalidParams.Add(request.NewErrParamMinLen("Marker", 1)) } if s.RetiringPrincipal == nil { invalidParams.Add(request.NewErrParamRequired("RetiringPrincipal")) } if s.RetiringPrincipal != nil && len(*s.RetiringPrincipal) < 1 { invalidParams.Add(request.NewErrParamMinLen("RetiringPrincipal", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetLimit sets the Limit field's value. func (s *ListRetirableGrantsInput) SetLimit(v int64) *ListRetirableGrantsInput { s.Limit = &v return s } // SetMarker sets the Marker field's value. func (s *ListRetirableGrantsInput) SetMarker(v string) *ListRetirableGrantsInput { s.Marker = &v return s } // SetRetiringPrincipal sets the RetiringPrincipal field's value. func (s *ListRetirableGrantsInput) SetRetiringPrincipal(v string) *ListRetirableGrantsInput { s.RetiringPrincipal = &v return s } type PutKeyPolicyInput struct { _ struct{} `type:"structure"` // A flag to indicate whether to bypass the key policy lockout safety check. // // Setting this value to true increases the risk that the CMK becomes unmanageable. // Do not set this value to true indiscriminately. // // For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section in the AWS Key Management Service Developer Guide. // // Use this parameter only when you intend to prevent the principal that is // making the request from making a subsequent PutKeyPolicy request on the CMK. // // The default value is false. BypassPolicyLockoutSafetyCheck *bool `type:"boolean"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // The key policy to attach to the CMK. // // The key policy must meet the following criteria: // // * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy // must allow the principal that is making the PutKeyPolicy request to make // a subsequent PutKeyPolicy request on the CMK. This reduces the risk that // the CMK becomes unmanageable. For more information, refer to the scenario // in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) // section of the AWS Key Management Service Developer Guide. // // * Each statement in the key policy must contain one or more principals. // The principals in the key policy must exist and be visible to AWS KMS. // When you create a new AWS principal (for example, an IAM user or role), // you might need to enforce a delay before including the new principal in // a key policy because the new principal might not be immediately visible // to AWS KMS. For more information, see Changes that I make are not always // immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) // in the AWS Identity and Access Management User Guide. // // The key policy size limit is 32 kilobytes (32768 bytes). // // Policy is a required field Policy *string `min:"1" type:"string" required:"true"` // The name of the key policy. The only valid value is default. // // PolicyName is a required field PolicyName *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s PutKeyPolicyInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s PutKeyPolicyInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *PutKeyPolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "PutKeyPolicyInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Policy == nil { invalidParams.Add(request.NewErrParamRequired("Policy")) } if s.Policy != nil && len(*s.Policy) < 1 { invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) } if s.PolicyName == nil { invalidParams.Add(request.NewErrParamRequired("PolicyName")) } if s.PolicyName != nil && len(*s.PolicyName) < 1 { invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value. func (s *PutKeyPolicyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *PutKeyPolicyInput { s.BypassPolicyLockoutSafetyCheck = &v return s } // SetKeyId sets the KeyId field's value. func (s *PutKeyPolicyInput) SetKeyId(v string) *PutKeyPolicyInput { s.KeyId = &v return s } // SetPolicy sets the Policy field's value. func (s *PutKeyPolicyInput) SetPolicy(v string) *PutKeyPolicyInput { s.Policy = &v return s } // SetPolicyName sets the PolicyName field's value. func (s *PutKeyPolicyInput) SetPolicyName(v string) *PutKeyPolicyInput { s.PolicyName = &v return s } type PutKeyPolicyOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s PutKeyPolicyOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s PutKeyPolicyOutput) GoString() string { return s.String() } type ReEncryptInput struct { _ struct{} `type:"structure"` // Ciphertext of the data to reencrypt. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. // // CiphertextBlob is a required field CiphertextBlob []byte `min:"1" type:"blob" required:"true"` // Encryption context to use when the data is reencrypted. DestinationEncryptionContext map[string]*string `type:"map"` // A unique identifier for the CMK that is used to reencrypt the data. // // To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, // or alias ARN. When using an alias name, prefix it with "alias/". To specify // a CMK in a different AWS account, you must use the key ARN or alias ARN. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // * Alias name: alias/ExampleAlias // // * Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To // get the alias name and alias ARN, use ListAliases. // // DestinationKeyId is a required field DestinationKeyId *string `min:"1" type:"string" required:"true"` // A list of grant tokens. // // For more information, see Grant Tokens (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token) // in the AWS Key Management Service Developer Guide. GrantTokens []*string `type:"list"` // Encryption context used to encrypt and decrypt the data specified in the // CiphertextBlob parameter. SourceEncryptionContext map[string]*string `type:"map"` } // String returns the string representation func (s ReEncryptInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ReEncryptInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ReEncryptInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ReEncryptInput"} if s.CiphertextBlob == nil { invalidParams.Add(request.NewErrParamRequired("CiphertextBlob")) } if s.CiphertextBlob != nil && len(s.CiphertextBlob) < 1 { invalidParams.Add(request.NewErrParamMinLen("CiphertextBlob", 1)) } if s.DestinationKeyId == nil { invalidParams.Add(request.NewErrParamRequired("DestinationKeyId")) } if s.DestinationKeyId != nil && len(*s.DestinationKeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("DestinationKeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetCiphertextBlob sets the CiphertextBlob field's value. func (s *ReEncryptInput) SetCiphertextBlob(v []byte) *ReEncryptInput { s.CiphertextBlob = v return s } // SetDestinationEncryptionContext sets the DestinationEncryptionContext field's value. func (s *ReEncryptInput) SetDestinationEncryptionContext(v map[string]*string) *ReEncryptInput { s.DestinationEncryptionContext = v return s } // SetDestinationKeyId sets the DestinationKeyId field's value. func (s *ReEncryptInput) SetDestinationKeyId(v string) *ReEncryptInput { s.DestinationKeyId = &v return s } // SetGrantTokens sets the GrantTokens field's value. func (s *ReEncryptInput) SetGrantTokens(v []*string) *ReEncryptInput { s.GrantTokens = v return s } // SetSourceEncryptionContext sets the SourceEncryptionContext field's value. func (s *ReEncryptInput) SetSourceEncryptionContext(v map[string]*string) *ReEncryptInput { s.SourceEncryptionContext = v return s } type ReEncryptOutput struct { _ struct{} `type:"structure"` // The reencrypted data. When you use the HTTP API or the AWS CLI, the value // is Base64-encoded. Otherwise, it is not encoded. // // CiphertextBlob is automatically base64 encoded/decoded by the SDK. CiphertextBlob []byte `min:"1" type:"blob"` // Unique identifier of the CMK used to reencrypt the data. KeyId *string `min:"1" type:"string"` // Unique identifier of the CMK used to originally encrypt the data. SourceKeyId *string `min:"1" type:"string"` } // String returns the string representation func (s ReEncryptOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ReEncryptOutput) GoString() string { return s.String() } // SetCiphertextBlob sets the CiphertextBlob field's value. func (s *ReEncryptOutput) SetCiphertextBlob(v []byte) *ReEncryptOutput { s.CiphertextBlob = v return s } // SetKeyId sets the KeyId field's value. func (s *ReEncryptOutput) SetKeyId(v string) *ReEncryptOutput { s.KeyId = &v return s } // SetSourceKeyId sets the SourceKeyId field's value. func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput { s.SourceKeyId = &v return s } type RetireGrantInput struct { _ struct{} `type:"structure"` // Unique identifier of the grant to retire. The grant ID is returned in the // response to a CreateGrant operation. // // * Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123 GrantId *string `min:"1" type:"string"` // Token that identifies the grant to be retired. GrantToken *string `min:"1" type:"string"` // The Amazon Resource Name (ARN) of the CMK associated with the grant. // // For example: arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab KeyId *string `min:"1" type:"string"` } // String returns the string representation func (s RetireGrantInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s RetireGrantInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *RetireGrantInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "RetireGrantInput"} if s.GrantId != nil && len(*s.GrantId) < 1 { invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) } if s.GrantToken != nil && len(*s.GrantToken) < 1 { invalidParams.Add(request.NewErrParamMinLen("GrantToken", 1)) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetGrantId sets the GrantId field's value. func (s *RetireGrantInput) SetGrantId(v string) *RetireGrantInput { s.GrantId = &v return s } // SetGrantToken sets the GrantToken field's value. func (s *RetireGrantInput) SetGrantToken(v string) *RetireGrantInput { s.GrantToken = &v return s } // SetKeyId sets the KeyId field's value. func (s *RetireGrantInput) SetKeyId(v string) *RetireGrantInput { s.KeyId = &v return s } type RetireGrantOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s RetireGrantOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s RetireGrantOutput) GoString() string { return s.String() } type RevokeGrantInput struct { _ struct{} `type:"structure"` // Identifier of the grant to be revoked. // // GrantId is a required field GrantId *string `min:"1" type:"string" required:"true"` // A unique identifier for the customer master key associated with the grant. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify // a CMK in a different AWS account, you must use the key ARN. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s RevokeGrantInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s RevokeGrantInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *RevokeGrantInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "RevokeGrantInput"} if s.GrantId == nil { invalidParams.Add(request.NewErrParamRequired("GrantId")) } if s.GrantId != nil && len(*s.GrantId) < 1 { invalidParams.Add(request.NewErrParamMinLen("GrantId", 1)) } if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetGrantId sets the GrantId field's value. func (s *RevokeGrantInput) SetGrantId(v string) *RevokeGrantInput { s.GrantId = &v return s } // SetKeyId sets the KeyId field's value. func (s *RevokeGrantInput) SetKeyId(v string) *RevokeGrantInput { s.KeyId = &v return s } type RevokeGrantOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s RevokeGrantOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s RevokeGrantOutput) GoString() string { return s.String() } type ScheduleKeyDeletionInput struct { _ struct{} `type:"structure"` // The unique identifier of the customer master key (CMK) to delete. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // The waiting period, specified in number of days. After the waiting period // ends, AWS KMS deletes the customer master key (CMK). // // This value is optional. If you include a value, it must be between 7 and // 30, inclusive. If you do not include a value, it defaults to 30. PendingWindowInDays *int64 `min:"1" type:"integer"` } // String returns the string representation func (s ScheduleKeyDeletionInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ScheduleKeyDeletionInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *ScheduleKeyDeletionInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "ScheduleKeyDeletionInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.PendingWindowInDays != nil && *s.PendingWindowInDays < 1 { invalidParams.Add(request.NewErrParamMinValue("PendingWindowInDays", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *ScheduleKeyDeletionInput) SetKeyId(v string) *ScheduleKeyDeletionInput { s.KeyId = &v return s } // SetPendingWindowInDays sets the PendingWindowInDays field's value. func (s *ScheduleKeyDeletionInput) SetPendingWindowInDays(v int64) *ScheduleKeyDeletionInput { s.PendingWindowInDays = &v return s } type ScheduleKeyDeletionOutput struct { _ struct{} `type:"structure"` // The date and time after which AWS KMS deletes the customer master key (CMK). DeletionDate *time.Time `type:"timestamp"` // The unique identifier of the customer master key (CMK) for which deletion // is scheduled. KeyId *string `min:"1" type:"string"` } // String returns the string representation func (s ScheduleKeyDeletionOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s ScheduleKeyDeletionOutput) GoString() string { return s.String() } // SetDeletionDate sets the DeletionDate field's value. func (s *ScheduleKeyDeletionOutput) SetDeletionDate(v time.Time) *ScheduleKeyDeletionOutput { s.DeletionDate = &v return s } // SetKeyId sets the KeyId field's value. func (s *ScheduleKeyDeletionOutput) SetKeyId(v string) *ScheduleKeyDeletionOutput { s.KeyId = &v return s } // A key-value pair. A tag consists of a tag key and a tag value. Tag keys and // tag values are both required, but tag values can be empty (null) strings. // // For information about the rules that apply to tag keys and tag values, see // User-Defined Tag Restrictions (https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html) // in the AWS Billing and Cost Management User Guide. type Tag struct { _ struct{} `type:"structure"` // The key of the tag. // // TagKey is a required field TagKey *string `min:"1" type:"string" required:"true"` // The value of the tag. // // TagValue is a required field TagValue *string `type:"string" required:"true"` } // String returns the string representation func (s Tag) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s Tag) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *Tag) Validate() error { invalidParams := request.ErrInvalidParams{Context: "Tag"} if s.TagKey == nil { invalidParams.Add(request.NewErrParamRequired("TagKey")) } if s.TagKey != nil && len(*s.TagKey) < 1 { invalidParams.Add(request.NewErrParamMinLen("TagKey", 1)) } if s.TagValue == nil { invalidParams.Add(request.NewErrParamRequired("TagValue")) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetTagKey sets the TagKey field's value. func (s *Tag) SetTagKey(v string) *Tag { s.TagKey = &v return s } // SetTagValue sets the TagValue field's value. func (s *Tag) SetTagValue(v string) *Tag { s.TagValue = &v return s } type TagResourceInput struct { _ struct{} `type:"structure"` // A unique identifier for the CMK you are tagging. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // One or more tags. Each tag consists of a tag key and a tag value. // // Tags is a required field Tags []*Tag `type:"list" required:"true"` } // String returns the string representation func (s TagResourceInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s TagResourceInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *TagResourceInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "TagResourceInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Tags == nil { invalidParams.Add(request.NewErrParamRequired("Tags")) } if s.Tags != nil { for i, v := range s.Tags { if v == nil { continue } if err := v.Validate(); err != nil { invalidParams.AddNested(fmt.Sprintf("%s[%v]", "Tags", i), err.(request.ErrInvalidParams)) } } } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *TagResourceInput) SetKeyId(v string) *TagResourceInput { s.KeyId = &v return s } // SetTags sets the Tags field's value. func (s *TagResourceInput) SetTags(v []*Tag) *TagResourceInput { s.Tags = v return s } type TagResourceOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s TagResourceOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s TagResourceOutput) GoString() string { return s.String() } type UntagResourceInput struct { _ struct{} `type:"structure"` // A unique identifier for the CMK from which you are removing tags. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` // One or more tag keys. Specify only the tag keys, not the tag values. // // TagKeys is a required field TagKeys []*string `type:"list" required:"true"` } // String returns the string representation func (s UntagResourceInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UntagResourceInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *UntagResourceInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "UntagResourceInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.TagKeys == nil { invalidParams.Add(request.NewErrParamRequired("TagKeys")) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetKeyId sets the KeyId field's value. func (s *UntagResourceInput) SetKeyId(v string) *UntagResourceInput { s.KeyId = &v return s } // SetTagKeys sets the TagKeys field's value. func (s *UntagResourceInput) SetTagKeys(v []*string) *UntagResourceInput { s.TagKeys = v return s } type UntagResourceOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s UntagResourceOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UntagResourceOutput) GoString() string { return s.String() } type UpdateAliasInput struct { _ struct{} `type:"structure"` // Specifies the name of the alias to change. This value must begin with alias/ // followed by the alias name, such as alias/ExampleAlias. // // AliasName is a required field AliasName *string `min:"1" type:"string" required:"true"` // Unique identifier of the customer master key (CMK) to be mapped to the alias. // When the update operation completes, the alias will point to this CMK. // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // To verify that the alias is mapped to the correct CMK, use ListAliases. // // TargetKeyId is a required field TargetKeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s UpdateAliasInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateAliasInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *UpdateAliasInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "UpdateAliasInput"} if s.AliasName == nil { invalidParams.Add(request.NewErrParamRequired("AliasName")) } if s.AliasName != nil && len(*s.AliasName) < 1 { invalidParams.Add(request.NewErrParamMinLen("AliasName", 1)) } if s.TargetKeyId == nil { invalidParams.Add(request.NewErrParamRequired("TargetKeyId")) } if s.TargetKeyId != nil && len(*s.TargetKeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("TargetKeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetAliasName sets the AliasName field's value. func (s *UpdateAliasInput) SetAliasName(v string) *UpdateAliasInput { s.AliasName = &v return s } // SetTargetKeyId sets the TargetKeyId field's value. func (s *UpdateAliasInput) SetTargetKeyId(v string) *UpdateAliasInput { s.TargetKeyId = &v return s } type UpdateAliasOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s UpdateAliasOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateAliasOutput) GoString() string { return s.String() } type UpdateCustomKeyStoreInput struct { _ struct{} `type:"structure"` // Associates the custom key store with a related AWS CloudHSM cluster. // // Enter the cluster ID of the cluster that you used to create the custom key // store or a cluster that shares a backup history and has the same cluster // certificate as the original cluster. You cannot use this parameter to associate // a custom key store with an unrelated cluster. In addition, the replacement // cluster must fulfill the requirements (https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore) // for a cluster associated with a custom key store. To view the cluster certificate // of a cluster, use the DescribeClusters (https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html) // operation. CloudHsmClusterId *string `min:"19" type:"string"` // Identifies the custom key store that you want to update. Enter the ID of // the custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores // operation. // // CustomKeyStoreId is a required field CustomKeyStoreId *string `min:"1" type:"string" required:"true"` // Enter the current password of the kmsuser crypto user (CU) in the AWS CloudHSM // cluster that is associated with the custom key store. // // This parameter tells AWS KMS the current password of the kmsuser crypto user // (CU). It does not set or change the password of any users in the AWS CloudHSM // cluster. KeyStorePassword *string `min:"1" type:"string" sensitive:"true"` // Changes the friendly name of the custom key store to the value that you specify. // The custom key store name must be unique in the AWS account. NewCustomKeyStoreName *string `min:"1" type:"string"` } // String returns the string representation func (s UpdateCustomKeyStoreInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateCustomKeyStoreInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *UpdateCustomKeyStoreInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "UpdateCustomKeyStoreInput"} if s.CloudHsmClusterId != nil && len(*s.CloudHsmClusterId) < 19 { invalidParams.Add(request.NewErrParamMinLen("CloudHsmClusterId", 19)) } if s.CustomKeyStoreId == nil { invalidParams.Add(request.NewErrParamRequired("CustomKeyStoreId")) } if s.CustomKeyStoreId != nil && len(*s.CustomKeyStoreId) < 1 { invalidParams.Add(request.NewErrParamMinLen("CustomKeyStoreId", 1)) } if s.KeyStorePassword != nil && len(*s.KeyStorePassword) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyStorePassword", 1)) } if s.NewCustomKeyStoreName != nil && len(*s.NewCustomKeyStoreName) < 1 { invalidParams.Add(request.NewErrParamMinLen("NewCustomKeyStoreName", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetCloudHsmClusterId sets the CloudHsmClusterId field's value. func (s *UpdateCustomKeyStoreInput) SetCloudHsmClusterId(v string) *UpdateCustomKeyStoreInput { s.CloudHsmClusterId = &v return s } // SetCustomKeyStoreId sets the CustomKeyStoreId field's value. func (s *UpdateCustomKeyStoreInput) SetCustomKeyStoreId(v string) *UpdateCustomKeyStoreInput { s.CustomKeyStoreId = &v return s } // SetKeyStorePassword sets the KeyStorePassword field's value. func (s *UpdateCustomKeyStoreInput) SetKeyStorePassword(v string) *UpdateCustomKeyStoreInput { s.KeyStorePassword = &v return s } // SetNewCustomKeyStoreName sets the NewCustomKeyStoreName field's value. func (s *UpdateCustomKeyStoreInput) SetNewCustomKeyStoreName(v string) *UpdateCustomKeyStoreInput { s.NewCustomKeyStoreName = &v return s } type UpdateCustomKeyStoreOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s UpdateCustomKeyStoreOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateCustomKeyStoreOutput) GoString() string { return s.String() } type UpdateKeyDescriptionInput struct { _ struct{} `type:"structure"` // New description for the CMK. // // Description is a required field Description *string `type:"string" required:"true"` // A unique identifier for the customer master key (CMK). // // Specify the key ID or the Amazon Resource Name (ARN) of the CMK. // // For example: // // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab // // * Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab // // To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. // // KeyId is a required field KeyId *string `min:"1" type:"string" required:"true"` } // String returns the string representation func (s UpdateKeyDescriptionInput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateKeyDescriptionInput) GoString() string { return s.String() } // Validate inspects the fields of the type to determine if they are valid. func (s *UpdateKeyDescriptionInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "UpdateKeyDescriptionInput"} if s.Description == nil { invalidParams.Add(request.NewErrParamRequired("Description")) } if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil } // SetDescription sets the Description field's value. func (s *UpdateKeyDescriptionInput) SetDescription(v string) *UpdateKeyDescriptionInput { s.Description = &v return s } // SetKeyId sets the KeyId field's value. func (s *UpdateKeyDescriptionInput) SetKeyId(v string) *UpdateKeyDescriptionInput { s.KeyId = &v return s } type UpdateKeyDescriptionOutput struct { _ struct{} `type:"structure"` } // String returns the string representation func (s UpdateKeyDescriptionOutput) String() string { return awsutil.Prettify(s) } // GoString returns the string representation func (s UpdateKeyDescriptionOutput) GoString() string { return s.String() } const ( // AlgorithmSpecRsaesPkcs1V15 is a AlgorithmSpec enum value AlgorithmSpecRsaesPkcs1V15 = "RSAES_PKCS1_V1_5" // AlgorithmSpecRsaesOaepSha1 is a AlgorithmSpec enum value AlgorithmSpecRsaesOaepSha1 = "RSAES_OAEP_SHA_1" // AlgorithmSpecRsaesOaepSha256 is a AlgorithmSpec enum value AlgorithmSpecRsaesOaepSha256 = "RSAES_OAEP_SHA_256" ) const ( // ConnectionErrorCodeTypeInvalidCredentials is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeInvalidCredentials = "INVALID_CREDENTIALS" // ConnectionErrorCodeTypeClusterNotFound is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeClusterNotFound = "CLUSTER_NOT_FOUND" // ConnectionErrorCodeTypeNetworkErrors is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeNetworkErrors = "NETWORK_ERRORS" // ConnectionErrorCodeTypeInternalError is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeInternalError = "INTERNAL_ERROR" // ConnectionErrorCodeTypeInsufficientCloudhsmHsms is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeInsufficientCloudhsmHsms = "INSUFFICIENT_CLOUDHSM_HSMS" // ConnectionErrorCodeTypeUserLockedOut is a ConnectionErrorCodeType enum value ConnectionErrorCodeTypeUserLockedOut = "USER_LOCKED_OUT" ) const ( // ConnectionStateTypeConnected is a ConnectionStateType enum value ConnectionStateTypeConnected = "CONNECTED" // ConnectionStateTypeConnecting is a ConnectionStateType enum value ConnectionStateTypeConnecting = "CONNECTING" // ConnectionStateTypeFailed is a ConnectionStateType enum value ConnectionStateTypeFailed = "FAILED" // ConnectionStateTypeDisconnected is a ConnectionStateType enum value ConnectionStateTypeDisconnected = "DISCONNECTED" // ConnectionStateTypeDisconnecting is a ConnectionStateType enum value ConnectionStateTypeDisconnecting = "DISCONNECTING" ) const ( // DataKeySpecAes256 is a DataKeySpec enum value DataKeySpecAes256 = "AES_256" // DataKeySpecAes128 is a DataKeySpec enum value DataKeySpecAes128 = "AES_128" ) const ( // ExpirationModelTypeKeyMaterialExpires is a ExpirationModelType enum value ExpirationModelTypeKeyMaterialExpires = "KEY_MATERIAL_EXPIRES" // ExpirationModelTypeKeyMaterialDoesNotExpire is a ExpirationModelType enum value ExpirationModelTypeKeyMaterialDoesNotExpire = "KEY_MATERIAL_DOES_NOT_EXPIRE" ) const ( // GrantOperationDecrypt is a GrantOperation enum value GrantOperationDecrypt = "Decrypt" // GrantOperationEncrypt is a GrantOperation enum value GrantOperationEncrypt = "Encrypt" // GrantOperationGenerateDataKey is a GrantOperation enum value GrantOperationGenerateDataKey = "GenerateDataKey" // GrantOperationGenerateDataKeyWithoutPlaintext is a GrantOperation enum value GrantOperationGenerateDataKeyWithoutPlaintext = "GenerateDataKeyWithoutPlaintext" // GrantOperationReEncryptFrom is a GrantOperation enum value GrantOperationReEncryptFrom = "ReEncryptFrom" // GrantOperationReEncryptTo is a GrantOperation enum value GrantOperationReEncryptTo = "ReEncryptTo" // GrantOperationCreateGrant is a GrantOperation enum value GrantOperationCreateGrant = "CreateGrant" // GrantOperationRetireGrant is a GrantOperation enum value GrantOperationRetireGrant = "RetireGrant" // GrantOperationDescribeKey is a GrantOperation enum value GrantOperationDescribeKey = "DescribeKey" ) const ( // KeyManagerTypeAws is a KeyManagerType enum value KeyManagerTypeAws = "AWS" // KeyManagerTypeCustomer is a KeyManagerType enum value KeyManagerTypeCustomer = "CUSTOMER" ) const ( // KeyStateEnabled is a KeyState enum value KeyStateEnabled = "Enabled" // KeyStateDisabled is a KeyState enum value KeyStateDisabled = "Disabled" // KeyStatePendingDeletion is a KeyState enum value KeyStatePendingDeletion = "PendingDeletion" // KeyStatePendingImport is a KeyState enum value KeyStatePendingImport = "PendingImport" // KeyStateUnavailable is a KeyState enum value KeyStateUnavailable = "Unavailable" ) const ( // KeyUsageTypeEncryptDecrypt is a KeyUsageType enum value KeyUsageTypeEncryptDecrypt = "ENCRYPT_DECRYPT" ) const ( // OriginTypeAwsKms is a OriginType enum value OriginTypeAwsKms = "AWS_KMS" // OriginTypeExternal is a OriginType enum value OriginTypeExternal = "EXTERNAL" // OriginTypeAwsCloudhsm is a OriginType enum value OriginTypeAwsCloudhsm = "AWS_CLOUDHSM" ) const ( // WrappingKeySpecRsa2048 is a WrappingKeySpec enum value WrappingKeySpecRsa2048 = "RSA_2048" )