libZSservicesZSamazonka-kmsZSamazonka-kms
Copyright(c) 2013-2021 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone

Amazonka.KMS

Contents

Description

Derived from API version 2014-11-01 of the AWS service descriptions, licensed under Apache 2.0.

Key Management Service

Key Management Service (KMS) is an encryption and key management web service. This guide describes the KMS operations that you can call programmatically. For general information about KMS, see the Key Management Service Developer Guide .

KMS is replacing the term customer master key (CMK) with KMS key and KMS key. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.

Amazon Web Services provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to KMS and other Amazon Web Services services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to download and install them, see Tools for Amazon Web Services.

We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.

Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.

Signing Requests

Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do not use your Amazon Web Services account (root) access key ID and secret key for everyday work with KMS. Instead, use the access key ID and secret access key for an IAM user. You can also use the Amazon Web Services Security Token Service to generate temporary security credentials that you can use to sign requests.

All KMS operations require Signature Version 4.

Logging API Requests

KMS supports CloudTrail, a service that logs Amazon Web Services API calls and related events for your Amazon Web Services account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the CloudTrail User Guide.

Additional Resources

For more information about credentials and request signing, see the following:

Commonly Used API Operations

Of the API operations discussed in this guide, the following will prove the most useful for most applications. You will likely perform operations other than these, such as creating keys and assigning policies, by using the console.

  • Encrypt
  • Decrypt
  • GenerateDataKey
  • GenerateDataKeyWithoutPlaintext
Synopsis

Service Configuration

defaultService :: Service Source #

API version 2014-11-01 of the Amazon Key Management Service SDK configuration.

Errors

Error matchers are designed for use with the functions provided by Control.Exception.Lens. This allows catching (and rethrowing) service specific errors returned by KMS.

InvalidMarkerException

_InvalidMarkerException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the marker that specifies where pagination should next begin is not valid.

KMSInvalidStateException

_KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the state of the specified resource is not valid for this request.

For more information about how key state affects the use of a KMS key, see Key state: Effect on your KMS key in the /Key Management Service Developer Guide/ .

InvalidKeyUsageException

_InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected for one of the following reasons:

  • The KeyUsage value of the KMS key is incompatible with the API operation.
  • The encryption algorithm or signing algorithm specified for the operation is incompatible with the type of key material in the KMS key (KeySpec).

For encrypting, decrypting, re-encrypting, and generating data keys, the KeyUsage must be ENCRYPT_DECRYPT. For signing and verifying, the KeyUsage must be SIGN_VERIFY. To find the KeyUsage of a KMS key, use the DescribeKey operation.

To find the encryption or signing algorithms supported for a particular KMS key, use the DescribeKey operation.

MalformedPolicyDocumentException

_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified policy is not syntactically or semantically correct.

CustomKeyStoreNameInUseException

_CustomKeyStoreNameInUseException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified custom key store name is already assigned to another custom key store in the account. Try again with a custom key store name that is unique in the account.

UnsupportedOperationException

_UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation.

DisabledException

_DisabledException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified KMS key is not enabled.

KeyUnavailableException

_KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified KMS key was not available. You can retry the request.

IncorrectKeyMaterialException

_IncorrectKeyMaterialException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the key material in the request is, expired, invalid, or is not the same key material that was previously imported into this KMS key.

KMSInternalException

_KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because an internal exception occurred. The request can be retried.

TagException

_TagException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because one or more tags are not valid.

CustomKeyStoreHasCMKsException

_CustomKeyStoreHasCMKsException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the custom key store contains KMS keys. After verifying that you do not need to use the KMS keys, use the ScheduleKeyDeletion operation to delete the KMS keys. After they are deleted, you can delete the custom key store.

InvalidImportTokenException

_InvalidImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the provided import token is invalid or is associated with a different KMS key.

CloudHsmClusterNotRelatedException

_CloudHsmClusterNotRelatedException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified CloudHSM cluster has a different cluster certificate than the original cluster. You cannot use the operation to specify an unrelated cluster.

Specify a cluster that shares a backup history with the original cluster. This includes clusters that were created from a backup of the current cluster, and clusters that were created from the same backup that produced the current cluster.

Clusters that share a backup history have the same cluster certificate. To view the cluster certificate of a cluster, use the DescribeClusters operation.

IncorrectTrustAnchorException

_IncorrectTrustAnchorException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the trust anchor certificate in the request is not the trust anchor certificate for the specified CloudHSM cluster.

When you initialize the cluster, you create the trust anchor certificate and save it in the customerCA.crt file.

CloudHsmClusterInvalidConfigurationException

_CloudHsmClusterInvalidConfigurationException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the associated CloudHSM cluster did not meet the configuration requirements for a custom key store.

  • The cluster must be configured with private subnets in at least two different Availability Zones in the Region.
  • The security group for the cluster (cloudhsm-cluster-<cluster-id>-sg) must include inbound rules and outbound rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the Destination in the outbound rules must match the security group ID. These rules are set by default when you create the cluster. Do not delete or change them. To get information about a particular security group, use the DescribeSecurityGroups operation.
  • The cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the CloudHSM CreateHsm operation.

    For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the ConnectCustomKeyStore operation, the CloudHSM must contain at least one active HSM.

For information about the requirements for an CloudHSM cluster that is associated with a custom key store, see Assemble the Prerequisites in the Key Management Service Developer Guide. For information about creating a private subnet for an CloudHSM cluster, see Create a Private Subnet in the CloudHSM User Guide. For information about cluster security groups, see Configure a Default Security Group in the /CloudHSM User Guide/ .

CloudHsmClusterNotActiveException

_CloudHsmClusterNotActiveException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the CloudHSM cluster that is associated with the custom key store is not active. Initialize and activate the cluster and try the command again. For detailed instructions, see Getting Started in the CloudHSM User Guide.

CloudHsmClusterNotFoundException

_CloudHsmClusterNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because KMS cannot find the CloudHSM cluster with the specified cluster ID. Retry the request with a different cluster ID.

NotFoundException

_NotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified entity or resource could not be found.

KMSInvalidSignatureException

_KMSInvalidSignatureException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the signature verification failed. Signature verification fails when it cannot confirm that signature was produced by signing the specified message with the specified KMS key and signing algorithm.

InvalidAliasNameException

_InvalidAliasNameException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified alias name is not valid.

CustomKeyStoreNotFoundException

_CustomKeyStoreNotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because KMS cannot find a custom key store with the specified key store name or ID.

CustomKeyStoreInvalidStateException

_CustomKeyStoreInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because of the ConnectionState of the custom key store. To get the ConnectionState of a custom key store, use the DescribeCustomKeyStores operation.

This exception is thrown under the following conditions:

  • You requested the CreateKey or GenerateRandom operation in a custom key store that is not connected. These operations are valid only when the custom key store ConnectionState is CONNECTED.
  • You requested the UpdateCustomKeyStore or DeleteCustomKeyStore operation on a custom key store that is not disconnected. This operation is valid only when the custom key store ConnectionState is DISCONNECTED.
  • You requested the ConnectCustomKeyStore operation on a custom key store with a ConnectionState of DISCONNECTING or FAILED. This operation is valid for all other ConnectionState values.

InvalidGrantIdException

_InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified GrantId is not valid.

InvalidGrantTokenException

_InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified grant token is not valid.

InvalidArnException

_InvalidArnException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because a specified ARN, or an ARN in a key policy, is not valid.

DependencyTimeoutException

_DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The system timed out while trying to fulfill the request. The request can be retried.

ExpiredImportTokenException

_ExpiredImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified import token is expired. Use GetParametersForImport to get a new import token and public key, use the new public key to encrypt the key material, and then try the request again.

InvalidCiphertextException

_InvalidCiphertextException :: AsError a => Getting (First ServiceError) a ServiceError Source #

From the Decrypt or ReEncrypt operation, the request was rejected because the specified ciphertext, or additional authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted, missing, or otherwise invalid.

From the ImportKeyMaterial operation, the request was rejected because KMS could not decrypt the encrypted (wrapped) key material.

CloudHsmClusterInUseException

_CloudHsmClusterInUseException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified CloudHSM cluster is already associated with a custom key store or it shares a backup history with a cluster that is associated with a custom key store. Each custom key store must be associated with a different CloudHSM cluster.

Clusters that share a backup history have the same cluster certificate. To view the cluster certificate of a cluster, use the DescribeClusters operation.

IncorrectKeyException

_IncorrectKeyException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because the specified KMS key cannot decrypt the data. The KeyId in a Decrypt request and the SourceKeyId in a ReEncrypt request must identify the same KMS key that was used to encrypt the ciphertext.

AlreadyExistsException

_AlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because it attempted to create a resource that already exists.

LimitExceededException

_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #

The request was rejected because a quota was exceeded. For more information, see Quotas in the Key Management Service Developer Guide.

Waiters

Waiters poll by repeatedly sending a request until some remote success condition configured by the Wait specification is fulfilled. The Wait specification determines how many attempts should be made, in addition to delay and retry strategies.

Operations

Some AWS operations return results that are incomplete and require subsequent requests in order to obtain the entire result set. The process of sending subsequent requests to continue where a previous request left off is called pagination. For example, the ListObjects operation of Amazon S3 returns up to 1000 objects at a time, and you must send subsequent requests with the appropriate Marker in order to retrieve the next page of results.

Operations that have an AWSPager instance can transparently perform subsequent requests, correctly setting Markers and other request facets to iterate through the entire result set of a truncated API operation. Operations which support this have an additional note in the documentation.

Many operations have the ability to filter results on the server side. See the individual operation parameters for details.

Encrypt

data Encrypt Source #

See: newEncrypt smart constructor.

Instances

Instances details
Eq Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Methods

(==) :: Encrypt -> Encrypt -> Bool #

(/=) :: Encrypt -> Encrypt -> Bool #

Show Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Generic Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Associated Types

type Rep Encrypt :: Type -> Type #

Methods

from :: Encrypt -> Rep Encrypt x #

to :: Rep Encrypt x -> Encrypt #

NFData Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Methods

rnf :: Encrypt -> () #

Hashable Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Methods

hashWithSalt :: Int -> Encrypt -> Int #

hash :: Encrypt -> Int #

ToJSON Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

AWSRequest Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Associated Types

type AWSResponse Encrypt #

ToHeaders Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Methods

toHeaders :: Encrypt -> [Header] #

ToPath Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Methods

toPath :: Encrypt -> ByteString #

ToQuery Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

type Rep Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

type AWSResponse Encrypt Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

newEncrypt Source #

Create a value of Encrypt with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:encryptionContext:Encrypt', encrypt_encryptionContext - Specifies the encryption context that will be used to encrypt the data. An encryption context is valid only for cryptographic operations with a symmetric KMS key. The standard asymmetric encryption algorithms that KMS uses do not support an encryption context.

An encryption context is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric KMS key, but it is highly recommended.

For more information, see Encryption Context in the Key Management Service Developer Guide.

$sel:grantTokens:Encrypt', encrypt_grantTokens - A list of grant tokens.

Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

$sel:encryptionAlgorithm:Encrypt', encrypt_encryptionAlgorithm - Specifies the encryption algorithm that KMS will use to encrypt the plaintext message. The algorithm must be compatible with the KMS key that you specify.

This parameter is required only for asymmetric KMS keys. The default value, SYMMETRIC_DEFAULT, is the algorithm used for symmetric KMS keys. If you are using an asymmetric KMS key, we recommend RSAES_OAEP_SHA_256.

$sel:keyId:Encrypt', encrypt_keyId - Identifies the KMS key to use in the encryption operation.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name: alias/ExampleAlias
  • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

$sel:plaintext:Encrypt', encrypt_plaintext - Data to be encrypted.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

data EncryptResponse Source #

See: newEncryptResponse smart constructor.

Instances

Instances details
Eq EncryptResponse Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Read EncryptResponse Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Show EncryptResponse Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Generic EncryptResponse Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Associated Types

type Rep EncryptResponse :: Type -> Type #

NFData EncryptResponse Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

Methods

rnf :: EncryptResponse -> () #

type Rep EncryptResponse Source # 
Instance details

Defined in Amazonka.KMS.Encrypt

type Rep EncryptResponse = D1 ('MetaData "EncryptResponse" "Amazonka.KMS.Encrypt" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "EncryptResponse'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "encryptionAlgorithm") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe EncryptionAlgorithmSpec))) :*: (S1 ('MetaSel ('Just "ciphertextBlob") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Base64)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int))))

newEncryptResponse Source #

Create a value of EncryptResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyId:Encrypt', encryptResponse_keyId - The Amazon Resource Name (key ARN) of the KMS key that was used to encrypt the plaintext.

$sel:encryptionAlgorithm:Encrypt', encryptResponse_encryptionAlgorithm - The encryption algorithm that was used to encrypt the plaintext.

$sel:ciphertextBlob:EncryptResponse', encryptResponse_ciphertextBlob - The encrypted plaintext. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:httpStatus:EncryptResponse', encryptResponse_httpStatus - The response's http status code.

CreateCustomKeyStore

data CreateCustomKeyStore Source #

See: newCreateCustomKeyStore smart constructor.

Instances

Instances details
Eq CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

Show CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

Generic CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

Associated Types

type Rep CreateCustomKeyStore :: Type -> Type #

NFData CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

Methods

rnf :: CreateCustomKeyStore -> () #

Hashable CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

ToJSON CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

AWSRequest CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

Associated Types

type AWSResponse CreateCustomKeyStore #

ToHeaders CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

ToPath CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

ToQuery CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

type Rep CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

type Rep CreateCustomKeyStore = D1 ('MetaData "CreateCustomKeyStore" "Amazonka.KMS.CreateCustomKeyStore" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "CreateCustomKeyStore'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "customKeyStoreName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "cloudHsmClusterId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)) :*: (S1 ('MetaSel ('Just "trustAnchorCertificate") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "keyStorePassword") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Sensitive Text)))))
type AWSResponse CreateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

newCreateCustomKeyStore Source #

Create a value of CreateCustomKeyStore with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:customKeyStoreName:CreateCustomKeyStore', createCustomKeyStore_customKeyStoreName - Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account.

$sel:cloudHsmClusterId:CreateCustomKeyStore', createCustomKeyStore_cloudHsmClusterId - Identifies the CloudHSM cluster for the custom key store. Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To find the cluster ID, use the DescribeClusters operation.

$sel:trustAnchorCertificate:CreateCustomKeyStore', createCustomKeyStore_trustAnchorCertificate - Enter the content of the trust anchor certificate for the cluster. This is the content of the customerCA.crt file that you created when you initialized the cluster.

$sel:keyStorePassword:CreateCustomKeyStore', createCustomKeyStore_keyStorePassword - Enter the password of the kmsuser crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as this user to manage key material on your behalf.

The password must be a string of 7 to 32 characters. Its value is case sensitive.

This parameter tells KMS the kmsuser account password; it does not change the password in the CloudHSM cluster.

data CreateCustomKeyStoreResponse Source #

See: newCreateCustomKeyStoreResponse smart constructor.

Instances

Instances details
Eq CreateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

Read CreateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

Show CreateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

Generic CreateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

Associated Types

type Rep CreateCustomKeyStoreResponse :: Type -> Type #

NFData CreateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

type Rep CreateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateCustomKeyStore

type Rep CreateCustomKeyStoreResponse = D1 ('MetaData "CreateCustomKeyStoreResponse" "Amazonka.KMS.CreateCustomKeyStore" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "CreateCustomKeyStoreResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "customKeyStoreId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))

newCreateCustomKeyStoreResponse Source #

Create a value of CreateCustomKeyStoreResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:customKeyStoreId:CreateCustomKeyStoreResponse', createCustomKeyStoreResponse_customKeyStoreId - A unique identifier for the new custom key store.

$sel:httpStatus:CreateCustomKeyStoreResponse', createCustomKeyStoreResponse_httpStatus - The response's http status code.

ListGrants (Paginated)

data ListGrants Source #

See: newListGrants smart constructor.

Instances

Instances details
Eq ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

Read ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

Show ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

Generic ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

Associated Types

type Rep ListGrants :: Type -> Type #

NFData ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

Methods

rnf :: ListGrants -> () #

Hashable ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

ToJSON ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

AWSPager ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

AWSRequest ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

Associated Types

type AWSResponse ListGrants #

ToHeaders ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

Methods

toHeaders :: ListGrants -> [Header] #

ToPath ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

ToQuery ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

type Rep ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

type Rep ListGrants = D1 ('MetaData "ListGrants" "Amazonka.KMS.ListGrants" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ListGrants'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "grantId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "granteePrincipal") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))) :*: (S1 ('MetaSel ('Just "marker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "limit") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Natural)) :*: S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))))
type AWSResponse ListGrants Source # 
Instance details

Defined in Amazonka.KMS.ListGrants

newListGrants Source #

Create a value of ListGrants with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:grantId:ListGrants', listGrants_grantId - Returns only the grant with the specified grant ID. The grant ID uniquely identifies the grant.

$sel:granteePrincipal:ListGrants', listGrants_granteePrincipal - Returns only grants where the specified principal is the grantee principal for the grant.

$sel:marker:ListGrants', listGrants_marker - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

$sel:limit:ListGrants', listGrants_limit - Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

$sel:keyId:ListGrants', listGrants_keyId - Returns only grants for the specified KMS key. This parameter is required.

Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

data ListGrantsResponse Source #

See: newListGrantsResponse smart constructor.

Instances

Instances details
Eq ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Read ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Show ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Generic ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Associated Types

type Rep ListGrantsResponse :: Type -> Type #

NFData ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Methods

rnf :: ListGrantsResponse -> () #

Hashable ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

FromJSON ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

type Rep ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

type Rep ListGrantsResponse = D1 ('MetaData "ListGrantsResponse" "Amazonka.KMS.Types.ListGrantsResponse" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ListGrantsResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "truncated") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :*: (S1 ('MetaSel ('Just "grants") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [GrantListEntry])) :*: S1 ('MetaSel ('Just "nextMarker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)))))

newListGrantsResponse :: ListGrantsResponse Source #

Create a value of ListGrantsResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:truncated:ListGrantsResponse', listGrantsResponse_truncated - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in thisresponse to the Marker parameter in a subsequent request.

$sel:grants:ListGrantsResponse', listGrantsResponse_grants - A list of grants.

$sel:nextMarker:ListGrantsResponse', listGrantsResponse_nextMarker - When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.

DisableKeyRotation

data DisableKeyRotation Source #

See: newDisableKeyRotation smart constructor.

Instances

Instances details
Eq DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Read DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Show DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Generic DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Associated Types

type Rep DisableKeyRotation :: Type -> Type #

NFData DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Methods

rnf :: DisableKeyRotation -> () #

Hashable DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

ToJSON DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

AWSRequest DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Associated Types

type AWSResponse DisableKeyRotation #

ToHeaders DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

ToPath DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

ToQuery DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

type Rep DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

type Rep DisableKeyRotation = D1 ('MetaData "DisableKeyRotation" "Amazonka.KMS.DisableKeyRotation" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "DisableKeyRotation'" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse DisableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

newDisableKeyRotation Source #

Create a value of DisableKeyRotation with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyId:DisableKeyRotation', disableKeyRotation_keyId - Identifies a symmetric KMS key. You cannot enable or disable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

data DisableKeyRotationResponse Source #

See: newDisableKeyRotationResponse smart constructor.

Instances

Instances details
Eq DisableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Read DisableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Show DisableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Generic DisableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

Associated Types

type Rep DisableKeyRotationResponse :: Type -> Type #

NFData DisableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

type Rep DisableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.DisableKeyRotation

type Rep DisableKeyRotationResponse = D1 ('MetaData "DisableKeyRotationResponse" "Amazonka.KMS.DisableKeyRotation" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "DisableKeyRotationResponse'" 'PrefixI 'False) (U1 :: Type -> Type))

newDisableKeyRotationResponse :: DisableKeyRotationResponse Source #

Create a value of DisableKeyRotationResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

Verify

data Verify Source #

See: newVerify smart constructor.

Instances

Instances details
Eq Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

Methods

(==) :: Verify -> Verify -> Bool #

(/=) :: Verify -> Verify -> Bool #

Show Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

Generic Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

Associated Types

type Rep Verify :: Type -> Type #

Methods

from :: Verify -> Rep Verify x #

to :: Rep Verify x -> Verify #

NFData Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

Methods

rnf :: Verify -> () #

Hashable Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

Methods

hashWithSalt :: Int -> Verify -> Int #

hash :: Verify -> Int #

ToJSON Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

AWSRequest Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

Associated Types

type AWSResponse Verify #

ToHeaders Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

Methods

toHeaders :: Verify -> [Header] #

ToPath Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

Methods

toPath :: Verify -> ByteString #

ToQuery Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

type Rep Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

type AWSResponse Verify Source # 
Instance details

Defined in Amazonka.KMS.Verify

newVerify Source #

Create a value of Verify with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:messageType:Verify', verify_messageType - Tells KMS whether the value of the Message parameter is a message or message digest. The default value, RAW, indicates a message. To indicate a message digest, enter DIGEST.

Use the DIGEST value only when the value of the Message parameter is a message digest. If you use the DIGEST value with a raw message, the security of the verification operation can be compromised.

$sel:grantTokens:Verify', verify_grantTokens - A list of grant tokens.

Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

$sel:keyId:Verify', verify_keyId - Identifies the asymmetric KMS key that will be used to verify the signature. This must be the same KMS key that was used to generate the signature. If you specify a different KMS key, the signature verification fails.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name: alias/ExampleAlias
  • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

$sel:message:Verify', verify_message - Specifies the message that was signed. You can submit a raw message of up to 4096 bytes, or a hash digest of the message. If you submit a digest, use the MessageType parameter with a value of DIGEST.

If the message specified here is different from the message that was signed, the signature verification fails. A message and its hash digest are considered to be the same message.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:signature:Verify', verify_signature - The signature that the Sign operation generated.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:signingAlgorithm:Verify', verify_signingAlgorithm - The signing algorithm that was used to sign the message. If you submit a different algorithm, the signature verification fails.

data VerifyResponse Source #

See: newVerifyResponse smart constructor.

Instances

Instances details
Eq VerifyResponse Source # 
Instance details

Defined in Amazonka.KMS.Verify

Read VerifyResponse Source # 
Instance details

Defined in Amazonka.KMS.Verify

Show VerifyResponse Source # 
Instance details

Defined in Amazonka.KMS.Verify

Generic VerifyResponse Source # 
Instance details

Defined in Amazonka.KMS.Verify

Associated Types

type Rep VerifyResponse :: Type -> Type #

NFData VerifyResponse Source # 
Instance details

Defined in Amazonka.KMS.Verify

Methods

rnf :: VerifyResponse -> () #

type Rep VerifyResponse Source # 
Instance details

Defined in Amazonka.KMS.Verify

type Rep VerifyResponse = D1 ('MetaData "VerifyResponse" "Amazonka.KMS.Verify" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "VerifyResponse'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "signingAlgorithm") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe SigningAlgorithmSpec)) :*: S1 ('MetaSel ('Just "signatureValid") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool))) :*: (S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int))))

newVerifyResponse Source #

Create a value of VerifyResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:signingAlgorithm:Verify', verifyResponse_signingAlgorithm - The signing algorithm that was used to verify the signature.

$sel:signatureValid:VerifyResponse', verifyResponse_signatureValid - A Boolean value that indicates whether the signature was verified. A value of True indicates that the Signature was produced by signing the Message with the specified KeyID and SigningAlgorithm. If the signature is not verified, the Verify operation fails with a KMSInvalidSignatureException exception.

$sel:keyId:Verify', verifyResponse_keyId - The Amazon Resource Name (key ARN) of the asymmetric KMS key that was used to verify the signature.

$sel:httpStatus:VerifyResponse', verifyResponse_httpStatus - The response's http status code.

GenerateDataKeyWithoutPlaintext

data GenerateDataKeyWithoutPlaintext Source #

See: newGenerateDataKeyWithoutPlaintext smart constructor.

Instances

Instances details
Eq GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

Read GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

Show GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

Generic GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

Associated Types

type Rep GenerateDataKeyWithoutPlaintext :: Type -> Type #

NFData GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

Hashable GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

ToJSON GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

AWSRequest GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

ToHeaders GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

ToPath GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

ToQuery GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

type Rep GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

type Rep GenerateDataKeyWithoutPlaintext = D1 ('MetaData "GenerateDataKeyWithoutPlaintext" "Amazonka.KMS.GenerateDataKeyWithoutPlaintext" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "GenerateDataKeyWithoutPlaintext'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "keySpec") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe DataKeySpec)) :*: S1 ('MetaSel ('Just "encryptionContext") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (HashMap Text Text)))) :*: (S1 ('MetaSel ('Just "numberOfBytes") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Natural)) :*: (S1 ('MetaSel ('Just "grantTokens") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [Text])) :*: S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))))
type AWSResponse GenerateDataKeyWithoutPlaintext Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

newGenerateDataKeyWithoutPlaintext Source #

Create a value of GenerateDataKeyWithoutPlaintext with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keySpec:GenerateDataKeyWithoutPlaintext', generateDataKeyWithoutPlaintext_keySpec - The length of the data key. Use AES_128 to generate a 128-bit symmetric key, or AES_256 to generate a 256-bit symmetric key.

$sel:encryptionContext:GenerateDataKeyWithoutPlaintext', generateDataKeyWithoutPlaintext_encryptionContext - Specifies the encryption context that will be used when encrypting the data key.

An encryption context is a collection of non-secret key-value pairs that represents additional authenticated data. When you use an encryption context to encrypt data, you must specify the same (an exact case-sensitive match) encryption context to decrypt the data. An encryption context is optional when encrypting with a symmetric KMS key, but it is highly recommended.

For more information, see Encryption Context in the Key Management Service Developer Guide.

$sel:numberOfBytes:GenerateDataKeyWithoutPlaintext', generateDataKeyWithoutPlaintext_numberOfBytes - The length of the data key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use the KeySpec field instead of this one.

$sel:grantTokens:GenerateDataKeyWithoutPlaintext', generateDataKeyWithoutPlaintext_grantTokens - A list of grant tokens.

Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

$sel:keyId:GenerateDataKeyWithoutPlaintext', generateDataKeyWithoutPlaintext_keyId - The identifier of the symmetric KMS key that encrypts the data key.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name: alias/ExampleAlias
  • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

data GenerateDataKeyWithoutPlaintextResponse Source #

Instances

Instances details
Eq GenerateDataKeyWithoutPlaintextResponse Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

Read GenerateDataKeyWithoutPlaintextResponse Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

Show GenerateDataKeyWithoutPlaintextResponse Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

Generic GenerateDataKeyWithoutPlaintextResponse Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

NFData GenerateDataKeyWithoutPlaintextResponse Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

type Rep GenerateDataKeyWithoutPlaintextResponse Source # 
Instance details

Defined in Amazonka.KMS.GenerateDataKeyWithoutPlaintext

type Rep GenerateDataKeyWithoutPlaintextResponse = D1 ('MetaData "GenerateDataKeyWithoutPlaintextResponse" "Amazonka.KMS.GenerateDataKeyWithoutPlaintext" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "GenerateDataKeyWithoutPlaintextResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "ciphertextBlob") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Base64)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int))))

newGenerateDataKeyWithoutPlaintextResponse Source #

Create a value of GenerateDataKeyWithoutPlaintextResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyId:GenerateDataKeyWithoutPlaintext', generateDataKeyWithoutPlaintextResponse_keyId - The Amazon Resource Name (key ARN) of the KMS key that encrypted the data key.

$sel:ciphertextBlob:GenerateDataKeyWithoutPlaintextResponse', generateDataKeyWithoutPlaintextResponse_ciphertextBlob - The encrypted data key. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:httpStatus:GenerateDataKeyWithoutPlaintextResponse', generateDataKeyWithoutPlaintextResponse_httpStatus - The response's http status code.

UpdateCustomKeyStore

data UpdateCustomKeyStore Source #

See: newUpdateCustomKeyStore smart constructor.

Instances

Instances details
Eq UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

Show UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

Generic UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

Associated Types

type Rep UpdateCustomKeyStore :: Type -> Type #

NFData UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

Methods

rnf :: UpdateCustomKeyStore -> () #

Hashable UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

ToJSON UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

AWSRequest UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

Associated Types

type AWSResponse UpdateCustomKeyStore #

ToHeaders UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

ToPath UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

ToQuery UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

type Rep UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

type Rep UpdateCustomKeyStore = D1 ('MetaData "UpdateCustomKeyStore" "Amazonka.KMS.UpdateCustomKeyStore" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "UpdateCustomKeyStore'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "keyStorePassword") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (Sensitive Text))) :*: S1 ('MetaSel ('Just "cloudHsmClusterId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))) :*: (S1 ('MetaSel ('Just "newCustomKeyStoreName'") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "customKeyStoreId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))
type AWSResponse UpdateCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

newUpdateCustomKeyStore Source #

Create a value of UpdateCustomKeyStore with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyStorePassword:UpdateCustomKeyStore', updateCustomKeyStore_keyStorePassword - Enter the current password of the kmsuser crypto user (CU) in the CloudHSM cluster that is associated with the custom key store.

This parameter tells KMS the current password of the kmsuser crypto user (CU). It does not set or change the password of any users in the CloudHSM cluster.

$sel:cloudHsmClusterId:UpdateCustomKeyStore', updateCustomKeyStore_cloudHsmClusterId - Associates the custom key store with a related CloudHSM cluster.

Enter the cluster ID of the cluster that you used to create the custom key store or a cluster that shares a backup history and has the same cluster certificate as the original cluster. You cannot use this parameter to associate a custom key store with an unrelated cluster. In addition, the replacement cluster must fulfill the requirements for a cluster associated with a custom key store. To view the cluster certificate of a cluster, use the DescribeClusters operation.

$sel:newCustomKeyStoreName':UpdateCustomKeyStore', updateCustomKeyStore_newCustomKeyStoreName - Changes the friendly name of the custom key store to the value that you specify. The custom key store name must be unique in the Amazon Web Services account.

$sel:customKeyStoreId:UpdateCustomKeyStore', updateCustomKeyStore_customKeyStoreId - Identifies the custom key store that you want to update. Enter the ID of the custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.

data UpdateCustomKeyStoreResponse Source #

See: newUpdateCustomKeyStoreResponse smart constructor.

Instances

Instances details
Eq UpdateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

Read UpdateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

Show UpdateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

Generic UpdateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

Associated Types

type Rep UpdateCustomKeyStoreResponse :: Type -> Type #

NFData UpdateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

type Rep UpdateCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdateCustomKeyStore

type Rep UpdateCustomKeyStoreResponse = D1 ('MetaData "UpdateCustomKeyStoreResponse" "Amazonka.KMS.UpdateCustomKeyStore" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "UpdateCustomKeyStoreResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))

newUpdateCustomKeyStoreResponse Source #

Create a value of UpdateCustomKeyStoreResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:httpStatus:UpdateCustomKeyStoreResponse', updateCustomKeyStoreResponse_httpStatus - The response's http status code.

GetParametersForImport

data GetParametersForImport Source #

See: newGetParametersForImport smart constructor.

Instances

Instances details
Eq GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

Read GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

Show GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

Generic GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

Associated Types

type Rep GetParametersForImport :: Type -> Type #

NFData GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

Methods

rnf :: GetParametersForImport -> () #

Hashable GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

ToJSON GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

AWSRequest GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

Associated Types

type AWSResponse GetParametersForImport #

ToHeaders GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

ToPath GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

ToQuery GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

type Rep GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

type Rep GetParametersForImport = D1 ('MetaData "GetParametersForImport" "Amazonka.KMS.GetParametersForImport" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "GetParametersForImport'" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: (S1 ('MetaSel ('Just "wrappingAlgorithm") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 AlgorithmSpec) :*: S1 ('MetaSel ('Just "wrappingKeySpec") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 WrappingKeySpec))))
type AWSResponse GetParametersForImport Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

newGetParametersForImport Source #

Create a value of GetParametersForImport with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyId:GetParametersForImport', getParametersForImport_keyId - The identifier of the symmetric KMS key into which you will import key material. The Origin of the KMS key must be EXTERNAL.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

$sel:wrappingAlgorithm:GetParametersForImport', getParametersForImport_wrappingAlgorithm - The algorithm you will use to encrypt the key material before importing it with ImportKeyMaterial. For more information, see Encrypt the Key Material in the Key Management Service Developer Guide.

$sel:wrappingKeySpec:GetParametersForImport', getParametersForImport_wrappingKeySpec - The type of wrapping key (public key) to return in the response. Only 2048-bit RSA public keys are supported.

data GetParametersForImportResponse Source #

See: newGetParametersForImportResponse smart constructor.

Instances

Instances details
Eq GetParametersForImportResponse Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

Show GetParametersForImportResponse Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

Generic GetParametersForImportResponse Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

Associated Types

type Rep GetParametersForImportResponse :: Type -> Type #

NFData GetParametersForImportResponse Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

type Rep GetParametersForImportResponse Source # 
Instance details

Defined in Amazonka.KMS.GetParametersForImport

type Rep GetParametersForImportResponse = D1 ('MetaData "GetParametersForImportResponse" "Amazonka.KMS.GetParametersForImport" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "GetParametersForImportResponse'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "publicKey") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe (Sensitive Base64)))) :*: (S1 ('MetaSel ('Just "parametersValidTo") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe POSIX)) :*: (S1 ('MetaSel ('Just "importToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Base64)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))))

newGetParametersForImportResponse Source #

Create a value of GetParametersForImportResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyId:GetParametersForImport', getParametersForImportResponse_keyId - The Amazon Resource Name (key ARN) of the KMS key to use in a subsequent ImportKeyMaterial request. This is the same KMS key specified in the GetParametersForImport request.

$sel:publicKey:GetParametersForImportResponse', getParametersForImportResponse_publicKey - The public key to use to encrypt the key material before importing it with ImportKeyMaterial.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:parametersValidTo:GetParametersForImportResponse', getParametersForImportResponse_parametersValidTo - The time at which the import token and public key are no longer valid. After this time, you cannot use them to make an ImportKeyMaterial request and you must send another GetParametersForImport request to get new ones.

$sel:importToken:GetParametersForImportResponse', getParametersForImportResponse_importToken - The import token to send in a subsequent ImportKeyMaterial request.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:httpStatus:GetParametersForImportResponse', getParametersForImportResponse_httpStatus - The response's http status code.

EnableKeyRotation

data EnableKeyRotation Source #

See: newEnableKeyRotation smart constructor.

Constructors

EnableKeyRotation' Text 

Instances

Instances details
Eq EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Read EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Show EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Generic EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Associated Types

type Rep EnableKeyRotation :: Type -> Type #

NFData EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Methods

rnf :: EnableKeyRotation -> () #

Hashable EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

ToJSON EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

AWSRequest EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Associated Types

type AWSResponse EnableKeyRotation #

ToHeaders EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

ToPath EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

ToQuery EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

type Rep EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

type Rep EnableKeyRotation = D1 ('MetaData "EnableKeyRotation" "Amazonka.KMS.EnableKeyRotation" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "EnableKeyRotation'" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse EnableKeyRotation Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

newEnableKeyRotation Source #

Create a value of EnableKeyRotation with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyId:EnableKeyRotation', enableKeyRotation_keyId - Identifies a symmetric KMS key. You cannot enable automatic rotation of asymmetric KMS keys, KMS keys with imported key material, or KMS keys in a custom key store. To enable or disable automatic rotation of a set of related multi-Region keys, set the property on the primary key.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

data EnableKeyRotationResponse Source #

See: newEnableKeyRotationResponse smart constructor.

Instances

Instances details
Eq EnableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Read EnableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Show EnableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Generic EnableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

Associated Types

type Rep EnableKeyRotationResponse :: Type -> Type #

NFData EnableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

type Rep EnableKeyRotationResponse Source # 
Instance details

Defined in Amazonka.KMS.EnableKeyRotation

type Rep EnableKeyRotationResponse = D1 ('MetaData "EnableKeyRotationResponse" "Amazonka.KMS.EnableKeyRotation" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "EnableKeyRotationResponse'" 'PrefixI 'False) (U1 :: Type -> Type))

newEnableKeyRotationResponse :: EnableKeyRotationResponse Source #

Create a value of EnableKeyRotationResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

DeleteCustomKeyStore

data DeleteCustomKeyStore Source #

See: newDeleteCustomKeyStore smart constructor.

Instances

Instances details
Eq DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Read DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Show DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Generic DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Associated Types

type Rep DeleteCustomKeyStore :: Type -> Type #

NFData DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Methods

rnf :: DeleteCustomKeyStore -> () #

Hashable DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

ToJSON DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

AWSRequest DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Associated Types

type AWSResponse DeleteCustomKeyStore #

ToHeaders DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

ToPath DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

ToQuery DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

type Rep DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

type Rep DeleteCustomKeyStore = D1 ('MetaData "DeleteCustomKeyStore" "Amazonka.KMS.DeleteCustomKeyStore" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "DeleteCustomKeyStore'" 'PrefixI 'True) (S1 ('MetaSel ('Just "customKeyStoreId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse DeleteCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

newDeleteCustomKeyStore Source #

Create a value of DeleteCustomKeyStore with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:customKeyStoreId:DeleteCustomKeyStore', deleteCustomKeyStore_customKeyStoreId - Enter the ID of the custom key store you want to delete. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.

data DeleteCustomKeyStoreResponse Source #

See: newDeleteCustomKeyStoreResponse smart constructor.

Instances

Instances details
Eq DeleteCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Read DeleteCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Show DeleteCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Generic DeleteCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

Associated Types

type Rep DeleteCustomKeyStoreResponse :: Type -> Type #

NFData DeleteCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

type Rep DeleteCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.DeleteCustomKeyStore

type Rep DeleteCustomKeyStoreResponse = D1 ('MetaData "DeleteCustomKeyStoreResponse" "Amazonka.KMS.DeleteCustomKeyStore" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "DeleteCustomKeyStoreResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))

newDeleteCustomKeyStoreResponse Source #

Create a value of DeleteCustomKeyStoreResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:httpStatus:DeleteCustomKeyStoreResponse', deleteCustomKeyStoreResponse_httpStatus - The response's http status code.

CreateAlias

data CreateAlias Source #

See: newCreateAlias smart constructor.

Constructors

CreateAlias' Text Text 

Instances

Instances details
Eq CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

Read CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

Show CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

Generic CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

Associated Types

type Rep CreateAlias :: Type -> Type #

NFData CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

Methods

rnf :: CreateAlias -> () #

Hashable CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

ToJSON CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

AWSRequest CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

Associated Types

type AWSResponse CreateAlias #

ToHeaders CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

Methods

toHeaders :: CreateAlias -> [Header] #

ToPath CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

ToQuery CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

type Rep CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

type Rep CreateAlias = D1 ('MetaData "CreateAlias" "Amazonka.KMS.CreateAlias" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "CreateAlias'" 'PrefixI 'True) (S1 ('MetaSel ('Just "aliasName") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "targetKeyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse CreateAlias Source # 
Instance details

Defined in Amazonka.KMS.CreateAlias

newCreateAlias Source #

Create a value of CreateAlias with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:aliasName:CreateAlias', createAlias_aliasName - Specifies the alias name. This value must begin with alias/ followed by a name, such as alias/ExampleAlias.

The AliasName value must be string of 1-256 characters. It can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). The alias name cannot begin with alias/aws/. The alias/aws/ prefix is reserved for Amazon Web Services managed keys.

$sel:targetKeyId:CreateAlias', createAlias_targetKeyId - Associates the alias with the specified customer managed key. The KMS key must be in the same Amazon Web Services Region.

A valid key ID is required. If you supply a null or empty string value, this operation returns an error.

For help finding the key ID and ARN, see Finding the Key ID and ARN in the /Key Management Service Developer Guide/ .

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

data CreateAliasResponse Source #

See: newCreateAliasResponse smart constructor.

Constructors

CreateAliasResponse' 

newCreateAliasResponse :: CreateAliasResponse Source #

Create a value of CreateAliasResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

CreateGrant

data CreateGrant Source #

See: newCreateGrant smart constructor.

Instances

Instances details
Eq CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Read CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Show CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Generic CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Associated Types

type Rep CreateGrant :: Type -> Type #

NFData CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Methods

rnf :: CreateGrant -> () #

Hashable CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

ToJSON CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

AWSRequest CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Associated Types

type AWSResponse CreateGrant #

ToHeaders CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Methods

toHeaders :: CreateGrant -> [Header] #

ToPath CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

ToQuery CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

type Rep CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

type AWSResponse CreateGrant Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

newCreateGrant Source #

Create a value of CreateGrant with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:retiringPrincipal:CreateGrant', createGrant_retiringPrincipal - The principal that has permission to use the RetireGrant operation to retire the grant.

To specify the principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the /Amazon Web Services General Reference/.

The grant determines the retiring principal. Other principals might have permission to retire the grant or revoke the grant. For details, see RevokeGrant and Retiring and revoking grants in the Key Management Service Developer Guide.

$sel:grantTokens:CreateGrant', createGrant_grantTokens - A list of grant tokens.

Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

$sel:constraints:CreateGrant', createGrant_constraints - Specifies a grant constraint.

KMS supports the EncryptionContextEquals and EncryptionContextSubset grant constraints. Each constraint value can include up to 8 encryption context pairs. The encryption context value in each constraint cannot exceed 384 characters.

These grant constraints allow the permissions in the grant only when the encryption context in the request matches (EncryptionContextEquals) or includes (EncryptionContextSubset) the encryption context specified in this structure. For information about grant constraints, see Using grant constraints in the Key Management Service Developer Guide. For more information about encryption context, see Encryption Context in the /Key Management Service Developer Guide/ .

The encryption context grant constraints are supported only on operations that include an encryption context. You cannot use an encryption context grant constraint for cryptographic operations with asymmetric KMS keys or for management operations, such as DescribeKey or RetireGrant.

$sel:name:CreateGrant', createGrant_name - A friendly name for the grant. Use this value to prevent the unintended creation of duplicate grants when retrying this request.

When this value is absent, all CreateGrant requests result in a new grant with a unique GrantId even if all the supplied parameters are identical. This can result in unintended duplicates when you retry the CreateGrant request.

When this value is present, you can retry a CreateGrant request with identical parameters; if the grant already exists, the original GrantId is returned without creating a new grant. Note that the returned grant token is unique with every CreateGrant request, even when a duplicate GrantId is returned. All grant tokens for the same grant ID can be used interchangeably.

$sel:keyId:CreateGrant', createGrant_keyId - Identifies the KMS key for the grant. The grant gives principals permission to use this KMS key.

Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

$sel:granteePrincipal:CreateGrant', createGrant_granteePrincipal - The identity that gets the permissions specified in the grant.

To specify the principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, IAM roles, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the /Amazon Web Services General Reference/.

$sel:operations:CreateGrant', createGrant_operations - A list of operations that the grant permits.

The operation must be supported on the KMS key. For example, you cannot create a grant for a symmetric KMS key that allows the Sign operation, or a grant for an asymmetric KMS key that allows the GenerateDataKey operation. If you try, KMS returns a ValidationError exception. For details, see Grant operations in the Key Management Service Developer Guide.

data CreateGrantResponse Source #

See: newCreateGrantResponse smart constructor.

Instances

Instances details
Eq CreateGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Read CreateGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Show CreateGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Generic CreateGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Associated Types

type Rep CreateGrantResponse :: Type -> Type #

NFData CreateGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

Methods

rnf :: CreateGrantResponse -> () #

type Rep CreateGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.CreateGrant

type Rep CreateGrantResponse = D1 ('MetaData "CreateGrantResponse" "Amazonka.KMS.CreateGrant" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "CreateGrantResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "grantId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "grantToken") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int))))

newCreateGrantResponse Source #

Create a value of CreateGrantResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:grantId:CreateGrantResponse', createGrantResponse_grantId - The unique identifier for the grant.

You can use the GrantId in a ListGrants, RetireGrant, or RevokeGrant operation.

$sel:grantToken:CreateGrantResponse', createGrantResponse_grantToken - The grant token.

Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

$sel:httpStatus:CreateGrantResponse', createGrantResponse_httpStatus - The response's http status code.

ListAliases (Paginated)

data ListAliases Source #

See: newListAliases smart constructor.

Instances

Instances details
Eq ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Read ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Show ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Generic ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Associated Types

type Rep ListAliases :: Type -> Type #

NFData ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Methods

rnf :: ListAliases -> () #

Hashable ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

ToJSON ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

AWSPager ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

AWSRequest ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Associated Types

type AWSResponse ListAliases #

ToHeaders ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Methods

toHeaders :: ListAliases -> [Header] #

ToPath ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

ToQuery ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

type Rep ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

type Rep ListAliases = D1 ('MetaData "ListAliases" "Amazonka.KMS.ListAliases" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ListAliases'" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "marker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "limit") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Natural)))))
type AWSResponse ListAliases Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

newListAliases :: ListAliases Source #

Create a value of ListAliases with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyId:ListAliases', listAliases_keyId - Lists only aliases that are associated with the specified KMS key. Enter a KMS key in your Amazon Web Services account.

This parameter is optional. If you omit it, ListAliases returns all aliases in the account and Region.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

$sel:marker:ListAliases', listAliases_marker - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

$sel:limit:ListAliases', listAliases_limit - Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

data ListAliasesResponse Source #

See: newListAliasesResponse smart constructor.

Instances

Instances details
Eq ListAliasesResponse Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Read ListAliasesResponse Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Show ListAliasesResponse Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Generic ListAliasesResponse Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Associated Types

type Rep ListAliasesResponse :: Type -> Type #

NFData ListAliasesResponse Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

Methods

rnf :: ListAliasesResponse -> () #

type Rep ListAliasesResponse Source # 
Instance details

Defined in Amazonka.KMS.ListAliases

type Rep ListAliasesResponse = D1 ('MetaData "ListAliasesResponse" "Amazonka.KMS.ListAliases" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ListAliasesResponse'" 'PrefixI 'True) ((S1 ('MetaSel ('Just "truncated") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :*: S1 ('MetaSel ('Just "aliases") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [AliasListEntry]))) :*: (S1 ('MetaSel ('Just "nextMarker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int))))

newListAliasesResponse Source #

Create a value of ListAliasesResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:truncated:ListAliasesResponse', listAliasesResponse_truncated - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in thisresponse to the Marker parameter in a subsequent request.

$sel:aliases:ListAliasesResponse', listAliasesResponse_aliases - A list of aliases.

$sel:nextMarker:ListAliasesResponse', listAliasesResponse_nextMarker - When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.

$sel:httpStatus:ListAliasesResponse', listAliasesResponse_httpStatus - The response's http status code.

UpdatePrimaryRegion

data UpdatePrimaryRegion Source #

See: newUpdatePrimaryRegion smart constructor.

Instances

Instances details
Eq UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Read UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Show UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Generic UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Associated Types

type Rep UpdatePrimaryRegion :: Type -> Type #

NFData UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Methods

rnf :: UpdatePrimaryRegion -> () #

Hashable UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

ToJSON UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

AWSRequest UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Associated Types

type AWSResponse UpdatePrimaryRegion #

ToHeaders UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

ToPath UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

ToQuery UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

type Rep UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

type Rep UpdatePrimaryRegion = D1 ('MetaData "UpdatePrimaryRegion" "Amazonka.KMS.UpdatePrimaryRegion" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "UpdatePrimaryRegion'" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "primaryRegion") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse UpdatePrimaryRegion Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

newUpdatePrimaryRegion Source #

Create a value of UpdatePrimaryRegion with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyId:UpdatePrimaryRegion', updatePrimaryRegion_keyId - Identifies the current primary key. When the operation completes, this KMS key will be a replica key.

Specify the key ID or key ARN of a multi-Region primary key.

For example:

  • Key ID: mrk-1234abcd12ab34cd56ef1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

$sel:primaryRegion:UpdatePrimaryRegion', updatePrimaryRegion_primaryRegion - The Amazon Web Services Region of the new primary key. Enter the Region ID, such as us-east-1 or ap-southeast-2. There must be an existing replica key in this Region.

When the operation completes, the multi-Region key in this Region will be the primary key.

data UpdatePrimaryRegionResponse Source #

See: newUpdatePrimaryRegionResponse smart constructor.

Instances

Instances details
Eq UpdatePrimaryRegionResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Read UpdatePrimaryRegionResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Show UpdatePrimaryRegionResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Generic UpdatePrimaryRegionResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

Associated Types

type Rep UpdatePrimaryRegionResponse :: Type -> Type #

NFData UpdatePrimaryRegionResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

type Rep UpdatePrimaryRegionResponse Source # 
Instance details

Defined in Amazonka.KMS.UpdatePrimaryRegion

type Rep UpdatePrimaryRegionResponse = D1 ('MetaData "UpdatePrimaryRegionResponse" "Amazonka.KMS.UpdatePrimaryRegion" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "UpdatePrimaryRegionResponse'" 'PrefixI 'False) (U1 :: Type -> Type))

newUpdatePrimaryRegionResponse :: UpdatePrimaryRegionResponse Source #

Create a value of UpdatePrimaryRegionResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

ConnectCustomKeyStore

data ConnectCustomKeyStore Source #

See: newConnectCustomKeyStore smart constructor.

Instances

Instances details
Eq ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Read ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Show ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Generic ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Associated Types

type Rep ConnectCustomKeyStore :: Type -> Type #

NFData ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Methods

rnf :: ConnectCustomKeyStore -> () #

Hashable ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

ToJSON ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

AWSRequest ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Associated Types

type AWSResponse ConnectCustomKeyStore #

ToHeaders ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

ToPath ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

ToQuery ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

type Rep ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

type Rep ConnectCustomKeyStore = D1 ('MetaData "ConnectCustomKeyStore" "Amazonka.KMS.ConnectCustomKeyStore" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ConnectCustomKeyStore'" 'PrefixI 'True) (S1 ('MetaSel ('Just "customKeyStoreId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse ConnectCustomKeyStore Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

newConnectCustomKeyStore Source #

Create a value of ConnectCustomKeyStore with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:customKeyStoreId:ConnectCustomKeyStore', connectCustomKeyStore_customKeyStoreId - Enter the key store ID of the custom key store that you want to connect. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.

data ConnectCustomKeyStoreResponse Source #

See: newConnectCustomKeyStoreResponse smart constructor.

Instances

Instances details
Eq ConnectCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Read ConnectCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Show ConnectCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Generic ConnectCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

Associated Types

type Rep ConnectCustomKeyStoreResponse :: Type -> Type #

NFData ConnectCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

type Rep ConnectCustomKeyStoreResponse Source # 
Instance details

Defined in Amazonka.KMS.ConnectCustomKeyStore

type Rep ConnectCustomKeyStoreResponse = D1 ('MetaData "ConnectCustomKeyStoreResponse" "Amazonka.KMS.ConnectCustomKeyStore" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ConnectCustomKeyStoreResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "httpStatus") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Int)))

newConnectCustomKeyStoreResponse Source #

Create a value of ConnectCustomKeyStoreResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:httpStatus:ConnectCustomKeyStoreResponse', connectCustomKeyStoreResponse_httpStatus - The response's http status code.

ListRetirableGrants

data ListRetirableGrants Source #

See: newListRetirableGrants smart constructor.

Instances

Instances details
Eq ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

Read ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

Show ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

Generic ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

Associated Types

type Rep ListRetirableGrants :: Type -> Type #

NFData ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

Methods

rnf :: ListRetirableGrants -> () #

Hashable ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

ToJSON ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

AWSRequest ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

Associated Types

type AWSResponse ListRetirableGrants #

ToHeaders ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

ToPath ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

ToQuery ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

type Rep ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

type Rep ListRetirableGrants = D1 ('MetaData "ListRetirableGrants" "Amazonka.KMS.ListRetirableGrants" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ListRetirableGrants'" 'PrefixI 'True) (S1 ('MetaSel ('Just "marker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :*: (S1 ('MetaSel ('Just "limit") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Natural)) :*: S1 ('MetaSel ('Just "retiringPrincipal") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))
type AWSResponse ListRetirableGrants Source # 
Instance details

Defined in Amazonka.KMS.ListRetirableGrants

newListRetirableGrants Source #

Create a value of ListRetirableGrants with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:marker:ListRetirableGrants', listRetirableGrants_marker - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

$sel:limit:ListRetirableGrants', listRetirableGrants_limit - Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

$sel:retiringPrincipal:ListRetirableGrants', listRetirableGrants_retiringPrincipal - The retiring principal for which to list grants. Enter a principal in your Amazon Web Services account.

To specify the retiring principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the /Amazon Web Services General Reference/.

data ListGrantsResponse Source #

See: newListGrantsResponse smart constructor.

Instances

Instances details
Eq ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Read ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Show ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Generic ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Associated Types

type Rep ListGrantsResponse :: Type -> Type #

NFData ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

Methods

rnf :: ListGrantsResponse -> () #

Hashable ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

FromJSON ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

type Rep ListGrantsResponse Source # 
Instance details

Defined in Amazonka.KMS.Types.ListGrantsResponse

type Rep ListGrantsResponse = D1 ('MetaData "ListGrantsResponse" "Amazonka.KMS.Types.ListGrantsResponse" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ListGrantsResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "truncated") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :*: (S1 ('MetaSel ('Just "grants") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [GrantListEntry])) :*: S1 ('MetaSel ('Just "nextMarker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)))))

newListGrantsResponse :: ListGrantsResponse Source #

Create a value of ListGrantsResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:truncated:ListGrantsResponse', listGrantsResponse_truncated - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in thisresponse to the Marker parameter in a subsequent request.

$sel:grants:ListGrantsResponse', listGrantsResponse_grants - A list of grants.

$sel:nextMarker:ListGrantsResponse', listGrantsResponse_nextMarker - When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.

GetPublicKey

data GetPublicKey Source #

See: newGetPublicKey smart constructor.

Constructors

GetPublicKey' (Maybe [Text]) Text 

Instances

Instances details
Eq GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Read GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Show GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Generic GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Associated Types

type Rep GetPublicKey :: Type -> Type #

NFData GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Methods

rnf :: GetPublicKey -> () #

Hashable GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

ToJSON GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

AWSRequest GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Associated Types

type AWSResponse GetPublicKey #

ToHeaders GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

ToPath GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

ToQuery GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

type Rep GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

type Rep GetPublicKey = D1 ('MetaData "GetPublicKey" "Amazonka.KMS.GetPublicKey" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "GetPublicKey'" 'PrefixI 'True) (S1 ('MetaSel ('Just "grantTokens") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [Text])) :*: S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse GetPublicKey Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

newGetPublicKey Source #

Create a value of GetPublicKey with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:grantTokens:GetPublicKey', getPublicKey_grantTokens - A list of grant tokens.

Use a grant token when your permission to call this operation comes from a new grant that has not yet achieved eventual consistency. For more information, see Grant token and Using a grant token in the Key Management Service Developer Guide.

$sel:keyId:GetPublicKey', getPublicKey_keyId - Identifies the asymmetric KMS key that includes the public key.

To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a KMS key in a different Amazon Web Services account, you must use the key ARN or alias ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
  • Alias name: alias/ExampleAlias
  • Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

data GetPublicKeyResponse Source #

See: newGetPublicKeyResponse smart constructor.

Instances

Instances details
Eq GetPublicKeyResponse Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Read GetPublicKeyResponse Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Show GetPublicKeyResponse Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Generic GetPublicKeyResponse Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Associated Types

type Rep GetPublicKeyResponse :: Type -> Type #

NFData GetPublicKeyResponse Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

Methods

rnf :: GetPublicKeyResponse -> () #

type Rep GetPublicKeyResponse Source # 
Instance details

Defined in Amazonka.KMS.GetPublicKey

newGetPublicKeyResponse Source #

Create a value of GetPublicKeyResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keySpec:GetPublicKeyResponse', getPublicKeyResponse_keySpec - The type of the of the public key that was downloaded.

$sel:keyId:GetPublicKey', getPublicKeyResponse_keyId - The Amazon Resource Name (key ARN) of the asymmetric KMS key from which the public key was downloaded.

$sel:customerMasterKeySpec:GetPublicKeyResponse', getPublicKeyResponse_customerMasterKeySpec - Instead, use the KeySpec field in the GetPublicKey response.

The KeySpec and CustomerMasterKeySpec fields have the same value. We recommend that you use the KeySpec field in your code. However, to avoid breaking changes, KMS will support both fields.

$sel:encryptionAlgorithms:GetPublicKeyResponse', getPublicKeyResponse_encryptionAlgorithms - The encryption algorithms that KMS supports for this key.

This information is critical. If a public key encrypts data outside of KMS by using an unsupported encryption algorithm, the ciphertext cannot be decrypted.

This field appears in the response only when the KeyUsage of the public key is ENCRYPT_DECRYPT.

$sel:publicKey:GetPublicKeyResponse', getPublicKeyResponse_publicKey - The exported public key.

The value is a DER-encoded X.509 public key, also known as SubjectPublicKeyInfo (SPKI), as defined in RFC 5280. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:signingAlgorithms:GetPublicKeyResponse', getPublicKeyResponse_signingAlgorithms - The signing algorithms that KMS supports for this key.

This field appears in the response only when the KeyUsage of the public key is SIGN_VERIFY.

$sel:keyUsage:GetPublicKeyResponse', getPublicKeyResponse_keyUsage - The permitted use of the public key. Valid values are ENCRYPT_DECRYPT or SIGN_VERIFY.

This information is critical. If a public key with SIGN_VERIFY key usage encrypts data outside of KMS, the ciphertext cannot be decrypted.

$sel:httpStatus:GetPublicKeyResponse', getPublicKeyResponse_httpStatus - The response's http status code.

GenerateRandom

data GenerateRandom Source #

See: newGenerateRandom smart constructor.

Instances

Instances details
Eq GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

Read GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

Show GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

Generic GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

Associated Types

type Rep GenerateRandom :: Type -> Type #

NFData GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

Methods

rnf :: GenerateRandom -> () #

Hashable GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

ToJSON GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

AWSRequest GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

Associated Types

type AWSResponse GenerateRandom #

ToHeaders GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

ToPath GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

ToQuery GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

type Rep GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

type Rep GenerateRandom = D1 ('MetaData "GenerateRandom" "Amazonka.KMS.GenerateRandom" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "GenerateRandom'" 'PrefixI 'True) (S1 ('MetaSel ('Just "numberOfBytes") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Natural)) :*: S1 ('MetaSel ('Just "customKeyStoreId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text))))
type AWSResponse GenerateRandom Source # 
Instance details

Defined in Amazonka.KMS.GenerateRandom

newGenerateRandom :: GenerateRandom Source #

Create a value of GenerateRandom with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:numberOfBytes:GenerateRandom', generateRandom_numberOfBytes - The length of the byte string.

$sel:customKeyStoreId:GenerateRandom', generateRandom_customKeyStoreId - Generates the random byte string in the CloudHSM cluster that is associated with the specified custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.

data GenerateRandomResponse Source #

See: newGenerateRandomResponse smart constructor.

newGenerateRandomResponse Source #

Create a value of GenerateRandomResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:plaintext:GenerateRandomResponse', generateRandomResponse_plaintext - The random byte string. When you use the HTTP API or the Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is not Base64-encoded.-- -- Note: This Lens automatically encodes and decodes Base64 data. -- The underlying isomorphism will encode to Base64 representation during -- serialisation, and decode from Base64 representation during deserialisation. -- This Lens accepts and returns only raw unencoded data.

$sel:httpStatus:GenerateRandomResponse', generateRandomResponse_httpStatus - The response's http status code.

CreateKey

data CreateKey Source #

See: newCreateKey smart constructor.

Instances

Instances details
Eq CreateKey Source # 
Instance details

Defined in Amazonka.KMS.CreateKey

Read CreateKey Source # 
Instance details

Defined in Amazonka.KMS.CreateKey

Show CreateKey Source # 
Instance details

Defined in Amazonka.KMS.CreateKey

Generic CreateKey Source # 
Instance details

Defined in Amazonka.KMS.CreateKey

Associated Types

type Rep CreateKey :: Type -> Type #

Methods

from :: CreateKey -> Rep CreateKey x #

to ::