Copyright | (c) 2013-2021 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Synopsis
- data CustomKeyStoresListEntry = CustomKeyStoresListEntry' {}
- newCustomKeyStoresListEntry :: CustomKeyStoresListEntry
- customKeyStoresListEntry_customKeyStoreName :: Lens' CustomKeyStoresListEntry (Maybe Text)
- customKeyStoresListEntry_trustAnchorCertificate :: Lens' CustomKeyStoresListEntry (Maybe Text)
- customKeyStoresListEntry_connectionErrorCode :: Lens' CustomKeyStoresListEntry (Maybe ConnectionErrorCodeType)
- customKeyStoresListEntry_creationDate :: Lens' CustomKeyStoresListEntry (Maybe UTCTime)
- customKeyStoresListEntry_cloudHsmClusterId :: Lens' CustomKeyStoresListEntry (Maybe Text)
- customKeyStoresListEntry_customKeyStoreId :: Lens' CustomKeyStoresListEntry (Maybe Text)
- customKeyStoresListEntry_connectionState :: Lens' CustomKeyStoresListEntry (Maybe ConnectionStateType)
Documentation
data CustomKeyStoresListEntry Source #
Contains information about each custom key store in the custom key store list.
See: newCustomKeyStoresListEntry
smart constructor.
CustomKeyStoresListEntry' | |
|
Instances
newCustomKeyStoresListEntry :: CustomKeyStoresListEntry Source #
Create a value of CustomKeyStoresListEntry
with all optional fields omitted.
Use generic-lens or optics to modify other optional fields.
The following record fields are available, with the corresponding lenses provided for backwards compatibility:
$sel:customKeyStoreName:CustomKeyStoresListEntry'
, customKeyStoresListEntry_customKeyStoreName
- The user-specified friendly name for the custom key store.
$sel:trustAnchorCertificate:CustomKeyStoresListEntry'
, customKeyStoresListEntry_trustAnchorCertificate
- The trust anchor certificate of the associated CloudHSM cluster. When
you
initialize the cluster,
you create this certificate and save it in the customerCA.crt
file.
$sel:connectionErrorCode:CustomKeyStoresListEntry'
, customKeyStoresListEntry_connectionErrorCode
- Describes the connection error. This field appears in the response only
when the ConnectionState
is FAILED
. For help resolving these errors,
see
How to Fix a Connection Failure
in Key Management Service Developer Guide.
Valid values are:
CLUSTER_NOT_FOUND
- KMS cannot find the CloudHSM cluster with the specified cluster ID.INSUFFICIENT_CLOUDHSM_HSMS
- The associated CloudHSM cluster does not contain any active HSMs. To connect a custom key store to its CloudHSM cluster, the cluster must contain at least one active HSM.INTERNAL_ERROR
- KMS could not complete the request due to an internal error. Retry the request. ForConnectCustomKeyStore
requests, disconnect the custom key store before trying to connect again.INVALID_CREDENTIALS
- KMS does not have the correct password for thekmsuser
crypto user in the CloudHSM cluster. Before you can connect your custom key store to its CloudHSM cluster, you must change thekmsuser
account password and update the key store password value for the custom key store.NETWORK_ERRORS
- Network errors are preventing KMS from connecting to the custom key store.SUBNET_NOT_FOUND
- A subnet in the CloudHSM cluster configuration was deleted. If KMS cannot find all of the subnets in the cluster configuration, attempts to connect the custom key store to the CloudHSM cluster fail. To fix this error, create a cluster from a recent backup and associate it with your custom key store. (This process creates a new cluster configuration with a VPC and private subnets.) For details, see How to Fix a Connection Failure in the Key Management Service Developer Guide.USER_LOCKED_OUT
- Thekmsuser
CU account is locked out of the associated CloudHSM cluster due to too many failed password attempts. Before you can connect your custom key store to its CloudHSM cluster, you must change thekmsuser
account password and update the key store password value for the custom key store.USER_LOGGED_IN
- Thekmsuser
CU account is logged into the the associated CloudHSM cluster. This prevents KMS from rotating thekmsuser
account password and logging into the cluster. Before you can connect your custom key store to its CloudHSM cluster, you must log thekmsuser
CU out of the cluster. If you changed thekmsuser
password to log into the cluster, you must also and update the key store password value for the custom key store. For help, see How to Log Out and Reconnect in the Key Management Service Developer Guide.USER_NOT_FOUND
- KMS cannot find akmsuser
CU account in the associated CloudHSM cluster. Before you can connect your custom key store to its CloudHSM cluster, you must create akmsuser
CU account in the cluster, and then update the key store password value for the custom key store.
$sel:creationDate:CustomKeyStoresListEntry'
, customKeyStoresListEntry_creationDate
- The date and time when the custom key store was created.
$sel:cloudHsmClusterId:CustomKeyStoresListEntry'
, customKeyStoresListEntry_cloudHsmClusterId
- A unique identifier for the CloudHSM cluster that is associated with the
custom key store.
$sel:customKeyStoreId:CustomKeyStoresListEntry'
, customKeyStoresListEntry_customKeyStoreId
- A unique identifier for the custom key store.
$sel:connectionState:CustomKeyStoresListEntry'
, customKeyStoresListEntry_connectionState
- Indicates whether the custom key store is connected to its CloudHSM
cluster.
You can create and use KMS keys in your custom key stores only when its
connection state is CONNECTED
.
The value is DISCONNECTED
if the key store has never been connected or
you use the DisconnectCustomKeyStore operation to disconnect it. If the
value is CONNECTED
but you are having trouble using the custom key
store, make sure that its associated CloudHSM cluster is active and
contains at least one active HSM.
A value of FAILED
indicates that an attempt to connect was
unsuccessful. The ConnectionErrorCode
field in the response indicates
the cause of the failure. For help resolving a connection failure, see
Troubleshooting a Custom Key Store
in the Key Management Service Developer Guide.
customKeyStoresListEntry_customKeyStoreName :: Lens' CustomKeyStoresListEntry (Maybe Text) Source #
The user-specified friendly name for the custom key store.
customKeyStoresListEntry_trustAnchorCertificate :: Lens' CustomKeyStoresListEntry (Maybe Text) Source #
The trust anchor certificate of the associated CloudHSM cluster. When
you
initialize the cluster,
you create this certificate and save it in the customerCA.crt
file.
customKeyStoresListEntry_connectionErrorCode :: Lens' CustomKeyStoresListEntry (Maybe ConnectionErrorCodeType) Source #
Describes the connection error. This field appears in the response only
when the ConnectionState
is FAILED
. For help resolving these errors,
see
How to Fix a Connection Failure
in Key Management Service Developer Guide.
Valid values are:
CLUSTER_NOT_FOUND
- KMS cannot find the CloudHSM cluster with the specified cluster ID.INSUFFICIENT_CLOUDHSM_HSMS
- The associated CloudHSM cluster does not contain any active HSMs. To connect a custom key store to its CloudHSM cluster, the cluster must contain at least one active HSM.INTERNAL_ERROR
- KMS could not complete the request due to an internal error. Retry the request. ForConnectCustomKeyStore
requests, disconnect the custom key store before trying to connect again.INVALID_CREDENTIALS
- KMS does not have the correct password for thekmsuser
crypto user in the CloudHSM cluster. Before you can connect your custom key store to its CloudHSM cluster, you must change thekmsuser
account password and update the key store password value for the custom key store.NETWORK_ERRORS
- Network errors are preventing KMS from connecting to the custom key store.SUBNET_NOT_FOUND
- A subnet in the CloudHSM cluster configuration was deleted. If KMS cannot find all of the subnets in the cluster configuration, attempts to connect the custom key store to the CloudHSM cluster fail. To fix this error, create a cluster from a recent backup and associate it with your custom key store. (This process creates a new cluster configuration with a VPC and private subnets.) For details, see How to Fix a Connection Failure in the Key Management Service Developer Guide.USER_LOCKED_OUT
- Thekmsuser
CU account is locked out of the associated CloudHSM cluster due to too many failed password attempts. Before you can connect your custom key store to its CloudHSM cluster, you must change thekmsuser
account password and update the key store password value for the custom key store.USER_LOGGED_IN
- Thekmsuser
CU account is logged into the the associated CloudHSM cluster. This prevents KMS from rotating thekmsuser
account password and logging into the cluster. Before you can connect your custom key store to its CloudHSM cluster, you must log thekmsuser
CU out of the cluster. If you changed thekmsuser
password to log into the cluster, you must also and update the key store password value for the custom key store. For help, see How to Log Out and Reconnect in the Key Management Service Developer Guide.USER_NOT_FOUND
- KMS cannot find akmsuser
CU account in the associated CloudHSM cluster. Before you can connect your custom key store to its CloudHSM cluster, you must create akmsuser
CU account in the cluster, and then update the key store password value for the custom key store.
customKeyStoresListEntry_creationDate :: Lens' CustomKeyStoresListEntry (Maybe UTCTime) Source #
The date and time when the custom key store was created.
customKeyStoresListEntry_cloudHsmClusterId :: Lens' CustomKeyStoresListEntry (Maybe Text) Source #
A unique identifier for the CloudHSM cluster that is associated with the custom key store.
customKeyStoresListEntry_customKeyStoreId :: Lens' CustomKeyStoresListEntry (Maybe Text) Source #
A unique identifier for the custom key store.
customKeyStoresListEntry_connectionState :: Lens' CustomKeyStoresListEntry (Maybe ConnectionStateType) Source #
Indicates whether the custom key store is connected to its CloudHSM cluster.
You can create and use KMS keys in your custom key stores only when its
connection state is CONNECTED
.
The value is DISCONNECTED
if the key store has never been connected or
you use the DisconnectCustomKeyStore operation to disconnect it. If the
value is CONNECTED
but you are having trouble using the custom key
store, make sure that its associated CloudHSM cluster is active and
contains at least one active HSM.
A value of FAILED
indicates that an attempt to connect was
unsuccessful. The ConnectionErrorCode
field in the response indicates
the cause of the failure. For help resolving a connection failure, see
Troubleshooting a Custom Key Store
in the Key Management Service Developer Guide.