{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE TypeFamilies #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-binds #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.KMS.ReplicateKey -- Copyright : (c) 2013-2021 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com> -- Stability : auto-generated -- Portability : non-portable (GHC extensions) -- -- Replicates a multi-Region key into the specified Region. This operation -- creates a multi-Region replica key based on a multi-Region primary key -- in a different Region of the same Amazon Web Services partition. You can -- create multiple replicas of a primary key, but each must be in a -- different Region. To create a multi-Region primary key, use the -- CreateKey operation. -- -- This operation supports /multi-Region keys/, an KMS feature that lets -- you create multiple interoperable KMS keys in different Amazon Web -- Services Regions. Because these KMS keys have the same key ID, key -- material, and other metadata, you can use them interchangeably to -- encrypt data in one Amazon Web Services Region and decrypt it in a -- different Amazon Web Services Region without re-encrypting the data or -- making a cross-Region call. For more information about multi-Region -- keys, see -- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Using multi-Region keys> -- in the /Key Management Service Developer Guide/. -- -- A /replica key/ is a fully-functional KMS key that can be used -- independently of its primary and peer replica keys. A primary key and -- its replica keys share properties that make them interoperable. They -- have the same -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id key ID> -- and key material. They also have the same -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec key spec>, -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage key usage>, -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin key material origin>, -- and -- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html automatic key rotation status>. -- KMS automatically synchronizes these shared properties among related -- multi-Region keys. All other properties of a replica key can differ, -- including its -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html key policy>, -- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html tags>, -- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html aliases>, -- and -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html key state>. -- KMS pricing and quotas for KMS keys apply to each primary key and -- replica key. -- -- When this operation completes, the new replica key has a transient key -- state of @Creating@. This key state changes to @Enabled@ (or -- @PendingImport@) after a few seconds when the process of creating the -- new replica key is complete. While the key state is @Creating@, you can -- manage key, but you cannot yet use it in cryptographic operations. If -- you are creating and using the replica key programmatically, retry on -- @KMSInvalidStateException@ or call @DescribeKey@ to check its @KeyState@ -- value before using it. For details about the @Creating@ key state, see -- <kms/latest/developerguide/key-state.html Key state: Effect on your KMS key> -- in the /Key Management Service Developer Guide/. -- -- The CloudTrail log of a @ReplicateKey@ operation records a -- @ReplicateKey@ operation in the primary key\'s Region and a CreateKey -- operation in the replica key\'s Region. -- -- If you replicate a multi-Region primary key with imported key material, -- the replica key is created with no key material. You must import the -- same key material that you imported into the primary key. For details, -- see -- <kms/latest/developerguide/multi-region-keys-import.html Importing key material into multi-Region keys> -- in the /Key Management Service Developer Guide/. -- -- To convert a replica key to a primary key, use the UpdatePrimaryRegion -- operation. -- -- @ReplicateKey@ uses different default values for the @KeyPolicy@ and -- @Tags@ parameters than those used in the KMS console. For details, see -- the parameter descriptions. -- -- __Cross-account use__: No. You cannot use this operation to create a -- replica key in a different Amazon Web Services account. -- -- __Required permissions__: -- -- - @kms:ReplicateKey@ on the primary key (in the primary key\'s -- Region). Include this permission in the primary key\'s key policy. -- -- - @kms:CreateKey@ in an IAM policy in the replica Region. -- -- - To use the @Tags@ parameter, @kms:TagResource@ in an IAM policy in -- the replica Region. -- -- __Related operations__ -- -- - CreateKey -- -- - UpdatePrimaryRegion module Amazonka.KMS.ReplicateKey ( -- * Creating a Request ReplicateKey (..), newReplicateKey, -- * Request Lenses replicateKey_bypassPolicyLockoutSafetyCheck, replicateKey_policy, replicateKey_description, replicateKey_tags, replicateKey_keyId, replicateKey_replicaRegion, -- * Destructuring the Response ReplicateKeyResponse (..), newReplicateKeyResponse, -- * Response Lenses replicateKeyResponse_replicaKeyMetadata, replicateKeyResponse_replicaPolicy, replicateKeyResponse_replicaTags, replicateKeyResponse_httpStatus, ) where import qualified Amazonka.Core as Core import Amazonka.KMS.Types import qualified Amazonka.Lens as Lens import qualified Amazonka.Prelude as Prelude import qualified Amazonka.Request as Request import qualified Amazonka.Response as Response -- | /See:/ 'newReplicateKey' smart constructor. data ReplicateKey = ReplicateKey' { -- | A flag to indicate whether to bypass the key policy lockout safety -- check. -- -- Setting this value to true increases the risk that the KMS key becomes -- unmanageable. Do not set this value to true indiscriminately. -- -- For more information, refer to the scenario in the -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> -- section in the /Key Management Service Developer Guide/. -- -- Use this parameter only when you intend to prevent the principal that is -- making the request from making a subsequent @PutKeyPolicy@ request on -- the KMS key. -- -- The default value is false. ReplicateKey -> Maybe Bool bypassPolicyLockoutSafetyCheck :: Prelude.Maybe Prelude.Bool, -- | The key policy to attach to the KMS key. This parameter is optional. If -- you do not provide a key policy, KMS attaches the -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default default key policy> -- to the KMS key. -- -- The key policy is not a shared property of multi-Region keys. You can -- specify the same key policy or a different key policy for each key in a -- set of related multi-Region keys. KMS does not synchronize this -- property. -- -- If you provide a key policy, it must meet the following criteria: -- -- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key -- policy must give the caller @kms:PutKeyPolicy@ permission on the -- replica key. This reduces the risk that the KMS key becomes -- unmanageable. For more information, refer to the scenario in the -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> -- section of the //Key Management Service Developer Guide// . -- -- - Each statement in the key policy must contain one or more -- principals. The principals in the key policy must exist and be -- visible to KMS. When you create a new Amazon Web Services principal -- (for example, an IAM user or role), you might need to enforce a -- delay before including the new principal in a key policy because the -- new principal might not be immediately visible to KMS. For more -- information, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible> -- in the //Identity and Access Management User Guide// . -- -- - The key policy size quota is 32 kilobytes (32768 bytes). ReplicateKey -> Maybe Text policy :: Prelude.Maybe Prelude.Text, -- | A description of the KMS key. The default value is an empty string (no -- description). -- -- The description is not a shared property of multi-Region keys. You can -- specify the same description or a different description for each key in -- a set of related multi-Region keys. KMS does not synchronize this -- property. ReplicateKey -> Maybe Text description :: Prelude.Maybe Prelude.Text, -- | Assigns one or more tags to the replica key. Use this parameter to tag -- the KMS key when it is created. To tag an existing KMS key, use the -- TagResource operation. -- -- Tagging or untagging a KMS key can allow or deny permission to the KMS -- key. For details, see -- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html Using ABAC in KMS> -- in the /Key Management Service Developer Guide/. -- -- To use this parameter, you must have -- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource> -- permission in an IAM policy. -- -- Tags are not a shared property of multi-Region keys. You can specify the -- same tags or different tags for each key in a set of related -- multi-Region keys. KMS does not synchronize this property. -- -- Each tag consists of a tag key and a tag value. Both the tag key and the -- tag value are required, but the tag value can be an empty (null) string. -- You cannot have more than one tag on a KMS key with the same tag key. If -- you specify an existing tag key with a different tag value, KMS replaces -- the current tag value with the specified one. -- -- When you add tags to an Amazon Web Services resource, Amazon Web -- Services generates a cost allocation report with usage and costs -- aggregated by tags. Tags can also be used to control access to a KMS -- key. For details, see -- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging Keys>. :: Prelude.Maybe [Tag], -- | Identifies the multi-Region primary key that is being replicated. To -- determine whether a KMS key is a multi-Region primary key, use the -- DescribeKey operation to check the value of the @MultiRegionKeyType@ -- property. -- -- Specify the key ID or key ARN of a multi-Region primary key. -- -- For example: -- -- - Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@ -- -- - Key ARN: -- @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@ -- -- To get the key ID and key ARN for a KMS key, use ListKeys or -- DescribeKey. ReplicateKey -> Text keyId :: Prelude.Text, -- | The Region ID of the Amazon Web Services Region for this replica key. -- -- Enter the Region ID, such as @us-east-1@ or @ap-southeast-2@. For a list -- of Amazon Web Services Regions in which KMS is supported, see -- <https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region KMS service endpoints> -- in the /Amazon Web Services General Reference/. -- -- The replica must be in a different Amazon Web Services Region than its -- primary key and other replicas of that primary key, but in the same -- Amazon Web Services partition. KMS must be available in the replica -- Region. If the Region is not enabled by default, the Amazon Web Services -- account must be enabled in the Region. -- -- For information about Amazon Web Services partitions, see -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.> -- For information about enabling and disabling Regions, see -- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable Enabling a Region> -- and -- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-disable Disabling a Region> -- in the /Amazon Web Services General Reference/. ReplicateKey -> Text replicaRegion :: Prelude.Text } deriving (ReplicateKey -> ReplicateKey -> Bool (ReplicateKey -> ReplicateKey -> Bool) -> (ReplicateKey -> ReplicateKey -> Bool) -> Eq ReplicateKey forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a /= :: ReplicateKey -> ReplicateKey -> Bool $c/= :: ReplicateKey -> ReplicateKey -> Bool == :: ReplicateKey -> ReplicateKey -> Bool $c== :: ReplicateKey -> ReplicateKey -> Bool Prelude.Eq, ReadPrec [ReplicateKey] ReadPrec ReplicateKey Int -> ReadS ReplicateKey ReadS [ReplicateKey] (Int -> ReadS ReplicateKey) -> ReadS [ReplicateKey] -> ReadPrec ReplicateKey -> ReadPrec [ReplicateKey] -> Read ReplicateKey forall a. (Int -> ReadS a) -> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a readListPrec :: ReadPrec [ReplicateKey] $creadListPrec :: ReadPrec [ReplicateKey] readPrec :: ReadPrec ReplicateKey $creadPrec :: ReadPrec ReplicateKey readList :: ReadS [ReplicateKey] $creadList :: ReadS [ReplicateKey] readsPrec :: Int -> ReadS ReplicateKey $creadsPrec :: Int -> ReadS ReplicateKey Prelude.Read, Int -> ReplicateKey -> ShowS [ReplicateKey] -> ShowS ReplicateKey -> String (Int -> ReplicateKey -> ShowS) -> (ReplicateKey -> String) -> ([ReplicateKey] -> ShowS) -> Show ReplicateKey forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [ReplicateKey] -> ShowS $cshowList :: [ReplicateKey] -> ShowS show :: ReplicateKey -> String $cshow :: ReplicateKey -> String showsPrec :: Int -> ReplicateKey -> ShowS $cshowsPrec :: Int -> ReplicateKey -> ShowS Prelude.Show, (forall x. ReplicateKey -> Rep ReplicateKey x) -> (forall x. Rep ReplicateKey x -> ReplicateKey) -> Generic ReplicateKey forall x. Rep ReplicateKey x -> ReplicateKey forall x. ReplicateKey -> Rep ReplicateKey x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep ReplicateKey x -> ReplicateKey $cfrom :: forall x. ReplicateKey -> Rep ReplicateKey x Prelude.Generic) -- | -- Create a value of 'ReplicateKey' with all optional fields omitted. -- -- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'bypassPolicyLockoutSafetyCheck', 'replicateKey_bypassPolicyLockoutSafetyCheck' - A flag to indicate whether to bypass the key policy lockout safety -- check. -- -- Setting this value to true increases the risk that the KMS key becomes -- unmanageable. Do not set this value to true indiscriminately. -- -- For more information, refer to the scenario in the -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> -- section in the /Key Management Service Developer Guide/. -- -- Use this parameter only when you intend to prevent the principal that is -- making the request from making a subsequent @PutKeyPolicy@ request on -- the KMS key. -- -- The default value is false. -- -- 'policy', 'replicateKey_policy' - The key policy to attach to the KMS key. This parameter is optional. If -- you do not provide a key policy, KMS attaches the -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default default key policy> -- to the KMS key. -- -- The key policy is not a shared property of multi-Region keys. You can -- specify the same key policy or a different key policy for each key in a -- set of related multi-Region keys. KMS does not synchronize this -- property. -- -- If you provide a key policy, it must meet the following criteria: -- -- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key -- policy must give the caller @kms:PutKeyPolicy@ permission on the -- replica key. This reduces the risk that the KMS key becomes -- unmanageable. For more information, refer to the scenario in the -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> -- section of the //Key Management Service Developer Guide// . -- -- - Each statement in the key policy must contain one or more -- principals. The principals in the key policy must exist and be -- visible to KMS. When you create a new Amazon Web Services principal -- (for example, an IAM user or role), you might need to enforce a -- delay before including the new principal in a key policy because the -- new principal might not be immediately visible to KMS. For more -- information, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible> -- in the //Identity and Access Management User Guide// . -- -- - The key policy size quota is 32 kilobytes (32768 bytes). -- -- 'description', 'replicateKey_description' - A description of the KMS key. The default value is an empty string (no -- description). -- -- The description is not a shared property of multi-Region keys. You can -- specify the same description or a different description for each key in -- a set of related multi-Region keys. KMS does not synchronize this -- property. -- -- 'tags', 'replicateKey_tags' - Assigns one or more tags to the replica key. Use this parameter to tag -- the KMS key when it is created. To tag an existing KMS key, use the -- TagResource operation. -- -- Tagging or untagging a KMS key can allow or deny permission to the KMS -- key. For details, see -- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html Using ABAC in KMS> -- in the /Key Management Service Developer Guide/. -- -- To use this parameter, you must have -- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource> -- permission in an IAM policy. -- -- Tags are not a shared property of multi-Region keys. You can specify the -- same tags or different tags for each key in a set of related -- multi-Region keys. KMS does not synchronize this property. -- -- Each tag consists of a tag key and a tag value. Both the tag key and the -- tag value are required, but the tag value can be an empty (null) string. -- You cannot have more than one tag on a KMS key with the same tag key. If -- you specify an existing tag key with a different tag value, KMS replaces -- the current tag value with the specified one. -- -- When you add tags to an Amazon Web Services resource, Amazon Web -- Services generates a cost allocation report with usage and costs -- aggregated by tags. Tags can also be used to control access to a KMS -- key. For details, see -- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging Keys>. -- -- 'keyId', 'replicateKey_keyId' - Identifies the multi-Region primary key that is being replicated. To -- determine whether a KMS key is a multi-Region primary key, use the -- DescribeKey operation to check the value of the @MultiRegionKeyType@ -- property. -- -- Specify the key ID or key ARN of a multi-Region primary key. -- -- For example: -- -- - Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@ -- -- - Key ARN: -- @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@ -- -- To get the key ID and key ARN for a KMS key, use ListKeys or -- DescribeKey. -- -- 'replicaRegion', 'replicateKey_replicaRegion' - The Region ID of the Amazon Web Services Region for this replica key. -- -- Enter the Region ID, such as @us-east-1@ or @ap-southeast-2@. For a list -- of Amazon Web Services Regions in which KMS is supported, see -- <https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region KMS service endpoints> -- in the /Amazon Web Services General Reference/. -- -- The replica must be in a different Amazon Web Services Region than its -- primary key and other replicas of that primary key, but in the same -- Amazon Web Services partition. KMS must be available in the replica -- Region. If the Region is not enabled by default, the Amazon Web Services -- account must be enabled in the Region. -- -- For information about Amazon Web Services partitions, see -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.> -- For information about enabling and disabling Regions, see -- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable Enabling a Region> -- and -- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-disable Disabling a Region> -- in the /Amazon Web Services General Reference/. newReplicateKey :: -- | 'keyId' Prelude.Text -> -- | 'replicaRegion' Prelude.Text -> ReplicateKey newReplicateKey :: Text -> Text -> ReplicateKey newReplicateKey Text pKeyId_ Text pReplicaRegion_ = ReplicateKey' :: Maybe Bool -> Maybe Text -> Maybe Text -> Maybe [Tag] -> Text -> Text -> ReplicateKey ReplicateKey' { $sel:bypassPolicyLockoutSafetyCheck:ReplicateKey' :: Maybe Bool bypassPolicyLockoutSafetyCheck = Maybe Bool forall a. Maybe a Prelude.Nothing, $sel:policy:ReplicateKey' :: Maybe Text policy = Maybe Text forall a. Maybe a Prelude.Nothing, $sel:description:ReplicateKey' :: Maybe Text description = Maybe Text forall a. Maybe a Prelude.Nothing, $sel:tags:ReplicateKey' :: Maybe [Tag] tags = Maybe [Tag] forall a. Maybe a Prelude.Nothing, $sel:keyId:ReplicateKey' :: Text keyId = Text pKeyId_, $sel:replicaRegion:ReplicateKey' :: Text replicaRegion = Text pReplicaRegion_ } -- | A flag to indicate whether to bypass the key policy lockout safety -- check. -- -- Setting this value to true increases the risk that the KMS key becomes -- unmanageable. Do not set this value to true indiscriminately. -- -- For more information, refer to the scenario in the -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> -- section in the /Key Management Service Developer Guide/. -- -- Use this parameter only when you intend to prevent the principal that is -- making the request from making a subsequent @PutKeyPolicy@ request on -- the KMS key. -- -- The default value is false. replicateKey_bypassPolicyLockoutSafetyCheck :: Lens.Lens' ReplicateKey (Prelude.Maybe Prelude.Bool) replicateKey_bypassPolicyLockoutSafetyCheck :: (Maybe Bool -> f (Maybe Bool)) -> ReplicateKey -> f ReplicateKey replicateKey_bypassPolicyLockoutSafetyCheck = (ReplicateKey -> Maybe Bool) -> (ReplicateKey -> Maybe Bool -> ReplicateKey) -> Lens ReplicateKey ReplicateKey (Maybe Bool) (Maybe Bool) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKey' {Maybe Bool bypassPolicyLockoutSafetyCheck :: Maybe Bool $sel:bypassPolicyLockoutSafetyCheck:ReplicateKey' :: ReplicateKey -> Maybe Bool bypassPolicyLockoutSafetyCheck} -> Maybe Bool bypassPolicyLockoutSafetyCheck) (\s :: ReplicateKey s@ReplicateKey' {} Maybe Bool a -> ReplicateKey s {$sel:bypassPolicyLockoutSafetyCheck:ReplicateKey' :: Maybe Bool bypassPolicyLockoutSafetyCheck = Maybe Bool a} :: ReplicateKey) -- | The key policy to attach to the KMS key. This parameter is optional. If -- you do not provide a key policy, KMS attaches the -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default default key policy> -- to the KMS key. -- -- The key policy is not a shared property of multi-Region keys. You can -- specify the same key policy or a different key policy for each key in a -- set of related multi-Region keys. KMS does not synchronize this -- property. -- -- If you provide a key policy, it must meet the following criteria: -- -- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key -- policy must give the caller @kms:PutKeyPolicy@ permission on the -- replica key. This reduces the risk that the KMS key becomes -- unmanageable. For more information, refer to the scenario in the -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> -- section of the //Key Management Service Developer Guide// . -- -- - Each statement in the key policy must contain one or more -- principals. The principals in the key policy must exist and be -- visible to KMS. When you create a new Amazon Web Services principal -- (for example, an IAM user or role), you might need to enforce a -- delay before including the new principal in a key policy because the -- new principal might not be immediately visible to KMS. For more -- information, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible> -- in the //Identity and Access Management User Guide// . -- -- - The key policy size quota is 32 kilobytes (32768 bytes). replicateKey_policy :: Lens.Lens' ReplicateKey (Prelude.Maybe Prelude.Text) replicateKey_policy :: (Maybe Text -> f (Maybe Text)) -> ReplicateKey -> f ReplicateKey replicateKey_policy = (ReplicateKey -> Maybe Text) -> (ReplicateKey -> Maybe Text -> ReplicateKey) -> Lens ReplicateKey ReplicateKey (Maybe Text) (Maybe Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKey' {Maybe Text policy :: Maybe Text $sel:policy:ReplicateKey' :: ReplicateKey -> Maybe Text policy} -> Maybe Text policy) (\s :: ReplicateKey s@ReplicateKey' {} Maybe Text a -> ReplicateKey s {$sel:policy:ReplicateKey' :: Maybe Text policy = Maybe Text a} :: ReplicateKey) -- | A description of the KMS key. The default value is an empty string (no -- description). -- -- The description is not a shared property of multi-Region keys. You can -- specify the same description or a different description for each key in -- a set of related multi-Region keys. KMS does not synchronize this -- property. replicateKey_description :: Lens.Lens' ReplicateKey (Prelude.Maybe Prelude.Text) replicateKey_description :: (Maybe Text -> f (Maybe Text)) -> ReplicateKey -> f ReplicateKey replicateKey_description = (ReplicateKey -> Maybe Text) -> (ReplicateKey -> Maybe Text -> ReplicateKey) -> Lens ReplicateKey ReplicateKey (Maybe Text) (Maybe Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKey' {Maybe Text description :: Maybe Text $sel:description:ReplicateKey' :: ReplicateKey -> Maybe Text description} -> Maybe Text description) (\s :: ReplicateKey s@ReplicateKey' {} Maybe Text a -> ReplicateKey s {$sel:description:ReplicateKey' :: Maybe Text description = Maybe Text a} :: ReplicateKey) -- | Assigns one or more tags to the replica key. Use this parameter to tag -- the KMS key when it is created. To tag an existing KMS key, use the -- TagResource operation. -- -- Tagging or untagging a KMS key can allow or deny permission to the KMS -- key. For details, see -- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html Using ABAC in KMS> -- in the /Key Management Service Developer Guide/. -- -- To use this parameter, you must have -- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource> -- permission in an IAM policy. -- -- Tags are not a shared property of multi-Region keys. You can specify the -- same tags or different tags for each key in a set of related -- multi-Region keys. KMS does not synchronize this property. -- -- Each tag consists of a tag key and a tag value. Both the tag key and the -- tag value are required, but the tag value can be an empty (null) string. -- You cannot have more than one tag on a KMS key with the same tag key. If -- you specify an existing tag key with a different tag value, KMS replaces -- the current tag value with the specified one. -- -- When you add tags to an Amazon Web Services resource, Amazon Web -- Services generates a cost allocation report with usage and costs -- aggregated by tags. Tags can also be used to control access to a KMS -- key. For details, see -- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging Keys>. replicateKey_tags :: Lens.Lens' ReplicateKey (Prelude.Maybe [Tag]) = (ReplicateKey -> Maybe [Tag]) -> (ReplicateKey -> Maybe [Tag] -> ReplicateKey) -> Lens ReplicateKey ReplicateKey (Maybe [Tag]) (Maybe [Tag]) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKey' {Maybe [Tag] tags :: Maybe [Tag] $sel:tags:ReplicateKey' :: ReplicateKey -> Maybe [Tag] tags} -> Maybe [Tag] tags) (\s :: ReplicateKey s@ReplicateKey' {} Maybe [Tag] a -> ReplicateKey s {$sel:tags:ReplicateKey' :: Maybe [Tag] tags = Maybe [Tag] a} :: ReplicateKey) ((Maybe [Tag] -> f (Maybe [Tag])) -> ReplicateKey -> f ReplicateKey) -> ((Maybe [Tag] -> f (Maybe [Tag])) -> Maybe [Tag] -> f (Maybe [Tag])) -> (Maybe [Tag] -> f (Maybe [Tag])) -> ReplicateKey -> f ReplicateKey forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. AnIso [Tag] [Tag] [Tag] [Tag] -> Iso (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag]) forall (f :: * -> *) (g :: * -> *) s t a b. (Functor f, Functor g) => AnIso s t a b -> Iso (f s) (g t) (f a) (g b) Lens.mapping AnIso [Tag] [Tag] [Tag] [Tag] forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced -- | Identifies the multi-Region primary key that is being replicated. To -- determine whether a KMS key is a multi-Region primary key, use the -- DescribeKey operation to check the value of the @MultiRegionKeyType@ -- property. -- -- Specify the key ID or key ARN of a multi-Region primary key. -- -- For example: -- -- - Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@ -- -- - Key ARN: -- @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@ -- -- To get the key ID and key ARN for a KMS key, use ListKeys or -- DescribeKey. replicateKey_keyId :: Lens.Lens' ReplicateKey Prelude.Text replicateKey_keyId :: (Text -> f Text) -> ReplicateKey -> f ReplicateKey replicateKey_keyId = (ReplicateKey -> Text) -> (ReplicateKey -> Text -> ReplicateKey) -> Lens ReplicateKey ReplicateKey Text Text forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKey' {Text keyId :: Text $sel:keyId:ReplicateKey' :: ReplicateKey -> Text keyId} -> Text keyId) (\s :: ReplicateKey s@ReplicateKey' {} Text a -> ReplicateKey s {$sel:keyId:ReplicateKey' :: Text keyId = Text a} :: ReplicateKey) -- | The Region ID of the Amazon Web Services Region for this replica key. -- -- Enter the Region ID, such as @us-east-1@ or @ap-southeast-2@. For a list -- of Amazon Web Services Regions in which KMS is supported, see -- <https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region KMS service endpoints> -- in the /Amazon Web Services General Reference/. -- -- The replica must be in a different Amazon Web Services Region than its -- primary key and other replicas of that primary key, but in the same -- Amazon Web Services partition. KMS must be available in the replica -- Region. If the Region is not enabled by default, the Amazon Web Services -- account must be enabled in the Region. -- -- For information about Amazon Web Services partitions, see -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs) in the Amazon Web Services General Reference.> -- For information about enabling and disabling Regions, see -- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable Enabling a Region> -- and -- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-disable Disabling a Region> -- in the /Amazon Web Services General Reference/. replicateKey_replicaRegion :: Lens.Lens' ReplicateKey Prelude.Text replicateKey_replicaRegion :: (Text -> f Text) -> ReplicateKey -> f ReplicateKey replicateKey_replicaRegion = (ReplicateKey -> Text) -> (ReplicateKey -> Text -> ReplicateKey) -> Lens ReplicateKey ReplicateKey Text Text forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKey' {Text replicaRegion :: Text $sel:replicaRegion:ReplicateKey' :: ReplicateKey -> Text replicaRegion} -> Text replicaRegion) (\s :: ReplicateKey s@ReplicateKey' {} Text a -> ReplicateKey s {$sel:replicaRegion:ReplicateKey' :: Text replicaRegion = Text a} :: ReplicateKey) instance Core.AWSRequest ReplicateKey where type AWSResponse ReplicateKey = ReplicateKeyResponse request :: ReplicateKey -> Request ReplicateKey request = Service -> ReplicateKey -> Request ReplicateKey forall a. (ToRequest a, ToJSON a) => Service -> a -> Request a Request.postJSON Service defaultService response :: Logger -> Service -> Proxy ReplicateKey -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse ReplicateKey))) response = (Int -> ResponseHeaders -> Object -> Either String (AWSResponse ReplicateKey)) -> Logger -> Service -> Proxy ReplicateKey -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse ReplicateKey))) forall (m :: * -> *) a. MonadResource m => (Int -> ResponseHeaders -> Object -> Either String (AWSResponse a)) -> Logger -> Service -> Proxy a -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse a))) Response.receiveJSON ( \Int s ResponseHeaders h Object x -> Maybe KeyMetadata -> Maybe Text -> Maybe [Tag] -> Int -> ReplicateKeyResponse ReplicateKeyResponse' (Maybe KeyMetadata -> Maybe Text -> Maybe [Tag] -> Int -> ReplicateKeyResponse) -> Either String (Maybe KeyMetadata) -> Either String (Maybe Text -> Maybe [Tag] -> Int -> ReplicateKeyResponse) forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> (Object x Object -> Text -> Either String (Maybe KeyMetadata) forall a. FromJSON a => Object -> Text -> Either String (Maybe a) Core..?> Text "ReplicaKeyMetadata") Either String (Maybe Text -> Maybe [Tag] -> Int -> ReplicateKeyResponse) -> Either String (Maybe Text) -> Either String (Maybe [Tag] -> Int -> ReplicateKeyResponse) forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Object x Object -> Text -> Either String (Maybe Text) forall a. FromJSON a => Object -> Text -> Either String (Maybe a) Core..?> Text "ReplicaPolicy") Either String (Maybe [Tag] -> Int -> ReplicateKeyResponse) -> Either String (Maybe [Tag]) -> Either String (Int -> ReplicateKeyResponse) forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Object x Object -> Text -> Either String (Maybe (Maybe [Tag])) forall a. FromJSON a => Object -> Text -> Either String (Maybe a) Core..?> Text "ReplicaTags" Either String (Maybe (Maybe [Tag])) -> Maybe [Tag] -> Either String (Maybe [Tag]) forall (f :: * -> *) a. Functor f => f (Maybe a) -> a -> f a Core..!@ Maybe [Tag] forall a. Monoid a => a Prelude.mempty) Either String (Int -> ReplicateKeyResponse) -> Either String Int -> Either String ReplicateKeyResponse forall (f :: * -> *) a b. Applicative f => f (a -> b) -> f a -> f b Prelude.<*> (Int -> Either String Int forall (f :: * -> *) a. Applicative f => a -> f a Prelude.pure (Int -> Int forall a. Enum a => a -> Int Prelude.fromEnum Int s)) ) instance Prelude.Hashable ReplicateKey instance Prelude.NFData ReplicateKey instance Core.ToHeaders ReplicateKey where toHeaders :: ReplicateKey -> ResponseHeaders toHeaders = ResponseHeaders -> ReplicateKey -> ResponseHeaders forall a b. a -> b -> a Prelude.const ( [ResponseHeaders] -> ResponseHeaders forall a. Monoid a => [a] -> a Prelude.mconcat [ HeaderName "X-Amz-Target" HeaderName -> ByteString -> ResponseHeaders forall a. ToHeader a => HeaderName -> a -> ResponseHeaders Core.=# (ByteString "TrentService.ReplicateKey" :: Prelude.ByteString), HeaderName "Content-Type" HeaderName -> ByteString -> ResponseHeaders forall a. ToHeader a => HeaderName -> a -> ResponseHeaders Core.=# ( ByteString "application/x-amz-json-1.1" :: Prelude.ByteString ) ] ) instance Core.ToJSON ReplicateKey where toJSON :: ReplicateKey -> Value toJSON ReplicateKey' {Maybe Bool Maybe [Tag] Maybe Text Text replicaRegion :: Text keyId :: Text tags :: Maybe [Tag] description :: Maybe Text policy :: Maybe Text bypassPolicyLockoutSafetyCheck :: Maybe Bool $sel:replicaRegion:ReplicateKey' :: ReplicateKey -> Text $sel:keyId:ReplicateKey' :: ReplicateKey -> Text $sel:tags:ReplicateKey' :: ReplicateKey -> Maybe [Tag] $sel:description:ReplicateKey' :: ReplicateKey -> Maybe Text $sel:policy:ReplicateKey' :: ReplicateKey -> Maybe Text $sel:bypassPolicyLockoutSafetyCheck:ReplicateKey' :: ReplicateKey -> Maybe Bool ..} = [Pair] -> Value Core.object ( [Maybe Pair] -> [Pair] forall a. [Maybe a] -> [a] Prelude.catMaybes [ (Text "BypassPolicyLockoutSafetyCheck" Text -> Bool -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..=) (Bool -> Pair) -> Maybe Bool -> Maybe Pair forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe Bool bypassPolicyLockoutSafetyCheck, (Text "Policy" Text -> Text -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe Text policy, (Text "Description" Text -> Text -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..=) (Text -> Pair) -> Maybe Text -> Maybe Pair forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe Text description, (Text "Tags" Text -> [Tag] -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..=) ([Tag] -> Pair) -> Maybe [Tag] -> Maybe Pair forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe [Tag] tags, Pair -> Maybe Pair forall a. a -> Maybe a Prelude.Just (Text "KeyId" Text -> Text -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..= Text keyId), Pair -> Maybe Pair forall a. a -> Maybe a Prelude.Just (Text "ReplicaRegion" Text -> Text -> Pair forall kv v. (KeyValue kv, ToJSON v) => Text -> v -> kv Core..= Text replicaRegion) ] ) instance Core.ToPath ReplicateKey where toPath :: ReplicateKey -> ByteString toPath = ByteString -> ReplicateKey -> ByteString forall a b. a -> b -> a Prelude.const ByteString "/" instance Core.ToQuery ReplicateKey where toQuery :: ReplicateKey -> QueryString toQuery = QueryString -> ReplicateKey -> QueryString forall a b. a -> b -> a Prelude.const QueryString forall a. Monoid a => a Prelude.mempty -- | /See:/ 'newReplicateKeyResponse' smart constructor. data ReplicateKeyResponse = ReplicateKeyResponse' { -- | Displays details about the new replica key, including its Amazon -- Resource Name -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>) -- and -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html key state>. -- It also includes the ARN and Amazon Web Services Region of its primary -- key and other replica keys. ReplicateKeyResponse -> Maybe KeyMetadata replicaKeyMetadata :: Prelude.Maybe KeyMetadata, -- | The key policy of the new replica key. The value is a key policy -- document in JSON format. ReplicateKeyResponse -> Maybe Text replicaPolicy :: Prelude.Maybe Prelude.Text, -- | The tags on the new replica key. The value is a list of tag key and tag -- value pairs. ReplicateKeyResponse -> Maybe [Tag] replicaTags :: Prelude.Maybe [Tag], -- | The response's http status code. ReplicateKeyResponse -> Int httpStatus :: Prelude.Int } deriving (ReplicateKeyResponse -> ReplicateKeyResponse -> Bool (ReplicateKeyResponse -> ReplicateKeyResponse -> Bool) -> (ReplicateKeyResponse -> ReplicateKeyResponse -> Bool) -> Eq ReplicateKeyResponse forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a /= :: ReplicateKeyResponse -> ReplicateKeyResponse -> Bool $c/= :: ReplicateKeyResponse -> ReplicateKeyResponse -> Bool == :: ReplicateKeyResponse -> ReplicateKeyResponse -> Bool $c== :: ReplicateKeyResponse -> ReplicateKeyResponse -> Bool Prelude.Eq, ReadPrec [ReplicateKeyResponse] ReadPrec ReplicateKeyResponse Int -> ReadS ReplicateKeyResponse ReadS [ReplicateKeyResponse] (Int -> ReadS ReplicateKeyResponse) -> ReadS [ReplicateKeyResponse] -> ReadPrec ReplicateKeyResponse -> ReadPrec [ReplicateKeyResponse] -> Read ReplicateKeyResponse forall a. (Int -> ReadS a) -> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a readListPrec :: ReadPrec [ReplicateKeyResponse] $creadListPrec :: ReadPrec [ReplicateKeyResponse] readPrec :: ReadPrec ReplicateKeyResponse $creadPrec :: ReadPrec ReplicateKeyResponse readList :: ReadS [ReplicateKeyResponse] $creadList :: ReadS [ReplicateKeyResponse] readsPrec :: Int -> ReadS ReplicateKeyResponse $creadsPrec :: Int -> ReadS ReplicateKeyResponse Prelude.Read, Int -> ReplicateKeyResponse -> ShowS [ReplicateKeyResponse] -> ShowS ReplicateKeyResponse -> String (Int -> ReplicateKeyResponse -> ShowS) -> (ReplicateKeyResponse -> String) -> ([ReplicateKeyResponse] -> ShowS) -> Show ReplicateKeyResponse forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [ReplicateKeyResponse] -> ShowS $cshowList :: [ReplicateKeyResponse] -> ShowS show :: ReplicateKeyResponse -> String $cshow :: ReplicateKeyResponse -> String showsPrec :: Int -> ReplicateKeyResponse -> ShowS $cshowsPrec :: Int -> ReplicateKeyResponse -> ShowS Prelude.Show, (forall x. ReplicateKeyResponse -> Rep ReplicateKeyResponse x) -> (forall x. Rep ReplicateKeyResponse x -> ReplicateKeyResponse) -> Generic ReplicateKeyResponse forall x. Rep ReplicateKeyResponse x -> ReplicateKeyResponse forall x. ReplicateKeyResponse -> Rep ReplicateKeyResponse x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep ReplicateKeyResponse x -> ReplicateKeyResponse $cfrom :: forall x. ReplicateKeyResponse -> Rep ReplicateKeyResponse x Prelude.Generic) -- | -- Create a value of 'ReplicateKeyResponse' with all optional fields omitted. -- -- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'replicaKeyMetadata', 'replicateKeyResponse_replicaKeyMetadata' - Displays details about the new replica key, including its Amazon -- Resource Name -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>) -- and -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html key state>. -- It also includes the ARN and Amazon Web Services Region of its primary -- key and other replica keys. -- -- 'replicaPolicy', 'replicateKeyResponse_replicaPolicy' - The key policy of the new replica key. The value is a key policy -- document in JSON format. -- -- 'replicaTags', 'replicateKeyResponse_replicaTags' - The tags on the new replica key. The value is a list of tag key and tag -- value pairs. -- -- 'httpStatus', 'replicateKeyResponse_httpStatus' - The response's http status code. newReplicateKeyResponse :: -- | 'httpStatus' Prelude.Int -> ReplicateKeyResponse newReplicateKeyResponse :: Int -> ReplicateKeyResponse newReplicateKeyResponse Int pHttpStatus_ = ReplicateKeyResponse' :: Maybe KeyMetadata -> Maybe Text -> Maybe [Tag] -> Int -> ReplicateKeyResponse ReplicateKeyResponse' { $sel:replicaKeyMetadata:ReplicateKeyResponse' :: Maybe KeyMetadata replicaKeyMetadata = Maybe KeyMetadata forall a. Maybe a Prelude.Nothing, $sel:replicaPolicy:ReplicateKeyResponse' :: Maybe Text replicaPolicy = Maybe Text forall a. Maybe a Prelude.Nothing, $sel:replicaTags:ReplicateKeyResponse' :: Maybe [Tag] replicaTags = Maybe [Tag] forall a. Maybe a Prelude.Nothing, $sel:httpStatus:ReplicateKeyResponse' :: Int httpStatus = Int pHttpStatus_ } -- | Displays details about the new replica key, including its Amazon -- Resource Name -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>) -- and -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html key state>. -- It also includes the ARN and Amazon Web Services Region of its primary -- key and other replica keys. replicateKeyResponse_replicaKeyMetadata :: Lens.Lens' ReplicateKeyResponse (Prelude.Maybe KeyMetadata) replicateKeyResponse_replicaKeyMetadata :: (Maybe KeyMetadata -> f (Maybe KeyMetadata)) -> ReplicateKeyResponse -> f ReplicateKeyResponse replicateKeyResponse_replicaKeyMetadata = (ReplicateKeyResponse -> Maybe KeyMetadata) -> (ReplicateKeyResponse -> Maybe KeyMetadata -> ReplicateKeyResponse) -> Lens ReplicateKeyResponse ReplicateKeyResponse (Maybe KeyMetadata) (Maybe KeyMetadata) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKeyResponse' {Maybe KeyMetadata replicaKeyMetadata :: Maybe KeyMetadata $sel:replicaKeyMetadata:ReplicateKeyResponse' :: ReplicateKeyResponse -> Maybe KeyMetadata replicaKeyMetadata} -> Maybe KeyMetadata replicaKeyMetadata) (\s :: ReplicateKeyResponse s@ReplicateKeyResponse' {} Maybe KeyMetadata a -> ReplicateKeyResponse s {$sel:replicaKeyMetadata:ReplicateKeyResponse' :: Maybe KeyMetadata replicaKeyMetadata = Maybe KeyMetadata a} :: ReplicateKeyResponse) -- | The key policy of the new replica key. The value is a key policy -- document in JSON format. replicateKeyResponse_replicaPolicy :: Lens.Lens' ReplicateKeyResponse (Prelude.Maybe Prelude.Text) replicateKeyResponse_replicaPolicy :: (Maybe Text -> f (Maybe Text)) -> ReplicateKeyResponse -> f ReplicateKeyResponse replicateKeyResponse_replicaPolicy = (ReplicateKeyResponse -> Maybe Text) -> (ReplicateKeyResponse -> Maybe Text -> ReplicateKeyResponse) -> Lens ReplicateKeyResponse ReplicateKeyResponse (Maybe Text) (Maybe Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKeyResponse' {Maybe Text replicaPolicy :: Maybe Text $sel:replicaPolicy:ReplicateKeyResponse' :: ReplicateKeyResponse -> Maybe Text replicaPolicy} -> Maybe Text replicaPolicy) (\s :: ReplicateKeyResponse s@ReplicateKeyResponse' {} Maybe Text a -> ReplicateKeyResponse s {$sel:replicaPolicy:ReplicateKeyResponse' :: Maybe Text replicaPolicy = Maybe Text a} :: ReplicateKeyResponse) -- | The tags on the new replica key. The value is a list of tag key and tag -- value pairs. replicateKeyResponse_replicaTags :: Lens.Lens' ReplicateKeyResponse (Prelude.Maybe [Tag]) replicateKeyResponse_replicaTags :: (Maybe [Tag] -> f (Maybe [Tag])) -> ReplicateKeyResponse -> f ReplicateKeyResponse replicateKeyResponse_replicaTags = (ReplicateKeyResponse -> Maybe [Tag]) -> (ReplicateKeyResponse -> Maybe [Tag] -> ReplicateKeyResponse) -> Lens ReplicateKeyResponse ReplicateKeyResponse (Maybe [Tag]) (Maybe [Tag]) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKeyResponse' {Maybe [Tag] replicaTags :: Maybe [Tag] $sel:replicaTags:ReplicateKeyResponse' :: ReplicateKeyResponse -> Maybe [Tag] replicaTags} -> Maybe [Tag] replicaTags) (\s :: ReplicateKeyResponse s@ReplicateKeyResponse' {} Maybe [Tag] a -> ReplicateKeyResponse s {$sel:replicaTags:ReplicateKeyResponse' :: Maybe [Tag] replicaTags = Maybe [Tag] a} :: ReplicateKeyResponse) ((Maybe [Tag] -> f (Maybe [Tag])) -> ReplicateKeyResponse -> f ReplicateKeyResponse) -> ((Maybe [Tag] -> f (Maybe [Tag])) -> Maybe [Tag] -> f (Maybe [Tag])) -> (Maybe [Tag] -> f (Maybe [Tag])) -> ReplicateKeyResponse -> f ReplicateKeyResponse forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. AnIso [Tag] [Tag] [Tag] [Tag] -> Iso (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag]) (Maybe [Tag]) forall (f :: * -> *) (g :: * -> *) s t a b. (Functor f, Functor g) => AnIso s t a b -> Iso (f s) (g t) (f a) (g b) Lens.mapping AnIso [Tag] [Tag] [Tag] [Tag] forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced -- | The response's http status code. replicateKeyResponse_httpStatus :: Lens.Lens' ReplicateKeyResponse Prelude.Int replicateKeyResponse_httpStatus :: (Int -> f Int) -> ReplicateKeyResponse -> f ReplicateKeyResponse replicateKeyResponse_httpStatus = (ReplicateKeyResponse -> Int) -> (ReplicateKeyResponse -> Int -> ReplicateKeyResponse) -> Lens ReplicateKeyResponse ReplicateKeyResponse Int Int forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\ReplicateKeyResponse' {Int httpStatus :: Int $sel:httpStatus:ReplicateKeyResponse' :: ReplicateKeyResponse -> Int httpStatus} -> Int httpStatus) (\s :: ReplicateKeyResponse s@ReplicateKeyResponse' {} Int a -> ReplicateKeyResponse s {$sel:httpStatus:ReplicateKeyResponse' :: Int httpStatus = Int a} :: ReplicateKeyResponse) instance Prelude.NFData ReplicateKeyResponse