cdk-amazon-chime-resources

{ "version": "1.0", "examples": { "CancelKeyDeletion": [ { "input": { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "output": { "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, "comments": { "input": { "KeyId": "The identifier of the KMS key whose deletion you are canceling. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key." }, "output": { "KeyId": "The ARN of the KMS key whose deletion you canceled." } }, "description": "The following example cancels deletion of the specified KMS key.", "id": "to-cancel-deletion-of-a-cmk-1477428535102", "title": "To cancel deletion of a KMS key" } ], "ConnectCustomKeyStore": [ { "input": { "CustomKeyStoreId": "cks-1234567890abcdef0" }, "output": { }, "comments": { "input": { "CustomKeyStoreId": "The ID of the AWS KMS custom key store." }, "output": { } }, "description": "This example connects an AWS KMS custom key store to its backing key store. For an AWS CloudHSM key store, it connects the key store to its AWS CloudHSM cluster. For an external key store, it connects the key store to the external key store proxy that communicates with your external key manager. This operation does not return any data. To verify that the custom key store is connected, use the <code>DescribeCustomKeyStores</code> operation.", "id": "to-connect-a-custom-key-store-1628626947750", "title": "To connect a custom key store" } ], "CreateAlias": [ { "input": { "AliasName": "alias/ExampleAlias", "TargetKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "comments": { "input": { "AliasName": "The alias to create. Aliases must begin with 'alias/'. Do not use aliases that begin with 'alias/aws' because they are reserved for use by AWS.", "TargetKeyId": "The identifier of the KMS key whose alias you are creating. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key." } }, "description": "The following example creates an alias for the specified KMS key.", "id": "to-create-an-alias-1477505685119", "title": "To create an alias" } ], "CreateCustomKeyStore": [ { "input": { "CloudHsmClusterId": "cluster-1a23b4cdefg", "CustomKeyStoreName": "ExampleKeyStore", "KeyStorePassword": "kmsPswd", "TrustAnchorCertificate": "<certificate-goes-here>" }, "output": { "CustomKeyStoreId": "cks-1234567890abcdef0" }, "comments": { "input": { "CloudHsmClusterId": "The ID of the CloudHSM cluster.", "CustomKeyStoreName": "A friendly name for the custom key store.", "KeyStorePassword": "The password for the kmsuser CU account in the specified cluster.", "TrustAnchorCertificate": "The content of the customerCA.crt file that you created when you initialized the cluster." }, "output": { "CustomKeyStoreId": "The ID of the new custom key store." } }, "description": "This example creates a custom key store that is associated with an AWS CloudHSM cluster.", "id": "to-create-an-aws-cloudhsm-custom-key-store-1", "title": "To create an AWS CloudHSM key store" }, { "input": { "CustomKeyStoreName": "ExampleVPCEndpointKeyStore", "CustomKeyStoreType": "EXTERNAL_KEY_STORE", "XksProxyAuthenticationCredential": { "AccessKeyId": "ABCDE12345670EXAMPLE", "RawSecretAccessKey": "DXjSUawnel2fr6SKC7G25CNxTyWKE5PF9XX6H/u9pSo=" }, "XksProxyConnectivity": "VPC_ENDPOINT_SERVICE", "XksProxyUriEndpoint": "https://myproxy-private.xks.example.com", "XksProxyUriPath": "/example-prefix/kms/xks/v1", "XksProxyVpcEndpointServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1" }, "output": { "CustomKeyStoreId": "cks-1234567890abcdef0" }, "comments": { "input": { "CustomKeyStoreName": "A friendly name for the custom key store", "CustomKeyStoreType": "For external key stores, the value must be EXTERNAL_KEY_STORE", "XksProxyAuthenticationCredential": "The access key ID and secret access key that KMS uses to authenticate to your external key store proxy", "XksProxyConnectivity": "Indicates how AWS KMS communicates with the external key store proxy", "XksProxyUriEndpoint": "The URI that AWS KMS uses to connect to the external key store proxy", "XksProxyUriPath": "The URI path to the external key store proxy APIs", "XksProxyVpcEndpointServiceName": "The VPC endpoint service that KMS uses to communicate with the external key store proxy" }, "output": { "CustomKeyStoreId": "The ID of the new custom key store." } }, "description": "This example creates an external key store that uses an Amazon VPC endpoint service to communicate with AWS KMS.", "id": "to-create-an-external-custom-key-store-with-vpc-connectivity-2", "title": "To create an external key store with VPC endpoint service connectivity" }, { "input": { "CustomKeyStoreName": "ExamplePublicEndpointKeyStore", "CustomKeyStoreType": "EXTERNAL_KEY_STORE", "XksProxyAuthenticationCredential": { "AccessKeyId": "ABCDE12345670EXAMPLE", "RawSecretAccessKey": "DXjSUawnel2fr6SKC7G25CNxTyWKE5PF9XX6H/u9pSo=" }, "XksProxyConnectivity": "PUBLIC_ENDPOINT", "XksProxyUriEndpoint": "https://myproxy.xks.example.com", "XksProxyUriPath": "/kms/xks/v1" }, "output": { "CustomKeyStoreId": "cks-987654321abcdef0" }, "comments": { "input": { "CustomKeyStoreName": "A friendly name for the custom key store", "CustomKeyStoreType": "For external key stores, the value must be EXTERNAL_KEY_STORE", "XksProxyAuthenticationCredential": "The access key ID and secret access key that KMS uses to authenticate to your external key store proxy", "XksProxyConnectivity": "Indicates how AWS KMS communicates with the external key store proxy", "XksProxyUriEndpoint": "The URI that AWS KMS uses to connect to the external key store proxy", "XksProxyUriPath": "The URI path to your external key store proxy API" }, "output": { "CustomKeyStoreId": "The ID of the new custom key store." } }, "description": "This example creates an external key store with public endpoint connectivity.", "id": "to-create-an-external-custom-key-store-with-a-public-endpoint-3", "title": "To create an external key store with public endpoint connectivity" } ], "CreateGrant": [ { "input": { "GranteePrincipal": "arn:aws:iam::111122223333:role/ExampleRole", "KeyId": "arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Operations": [ "Encrypt", "Decrypt" ] }, "output": { "GrantId": "0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60", "GrantToken": "AQpAM2RhZTk1MGMyNTk2ZmZmMzEyYWVhOWViN2I1MWM4Mzc0MWFiYjc0ZDE1ODkyNGFlNTIzODZhMzgyZjBlNGY3NiKIAgEBAgB4Pa6VDCWW__MSrqnre1HIN0Grt00ViSSuUjhqOC8OT3YAAADfMIHcBgkqhkiG9w0BBwaggc4wgcsCAQAwgcUGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMmqLyBTAegIn9XlK5AgEQgIGXZQjkBcl1dykDdqZBUQ6L1OfUivQy7JVYO2-ZJP7m6f1g8GzV47HX5phdtONAP7K_HQIflcgpkoCqd_fUnE114mSmiagWkbQ5sqAVV3ov-VeqgrvMe5ZFEWLMSluvBAqdjHEdMIkHMlhlj4ENZbzBfo9Wxk8b8SnwP4kc4gGivedzFXo-dwN8fxjjq_ZZ9JFOj2ijIbj5FyogDCN0drOfi8RORSEuCEmPvjFRMFAwcmwFkN2NPp89amA" }, "comments": { "input": { "GranteePrincipal": "The identity that is given permission to perform the operations specified in the grant.", "KeyId": "The identifier of the KMS key to which the grant applies. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key.", "Operations": "A list of operations that the grant allows." }, "output": { "GrantId": "The unique identifier of the grant.", "GrantToken": "The grant token." } }, "description": "The following example creates a grant that allows the specified IAM role to encrypt data with the specified KMS key.", "id": "to-create-a-grant-1477972226782", "title": "To create a grant" } ], "CreateKey": [ { "input": { }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": "2017-07-05T14:04:55-07:00", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "", "Enabled": true, "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "SYMMETRIC_DEFAULT", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": false, "Origin": "AWS_KMS" } }, "comments": { "input": { "Tags": "One or more tags. Each tag consists of a tag key and a tag value." }, "output": { "KeyMetadata": "Detailed information about the KMS key that this operation creates." } }, "description": "The following example creates a symmetric KMS key for encryption and decryption. No parameters are required for this operation.", "id": "to-create-a-cmk-1", "title": "To create a KMS key" }, { "input": { "KeySpec": "RSA_4096", "KeyUsage": "ENCRYPT_DECRYPT" }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": "2021-04-05T14:04:55-07:00", "CustomerMasterKeySpec": "RSA_4096", "Description": "", "Enabled": true, "EncryptionAlgorithms": [ "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256" ], "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "RSA_4096", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": false, "Origin": "AWS_KMS" } }, "comments": { "input": { "KeySpec": "Describes the type of key material in the KMS key.", "KeyUsage": "The cryptographic operations for which you can use the KMS key." }, "output": { "KeyMetadata": "Detailed information about the KMS key that this operation creates." } }, "description": "This example creates a KMS key that contains an asymmetric RSA key pair for encryption and decryption. The key spec and key usage can't be changed after the key is created.", "id": "to-create-an-asymmetric-rsa-kms-key-for-encryption-and-decryption-2", "title": "To create an asymmetric RSA KMS key for encryption and decryption" }, { "input": { "KeySpec": "ECC_NIST_P521", "KeyUsage": "SIGN_VERIFY" }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": "2019-12-02T07:48:55-07:00", "CustomerMasterKeySpec": "ECC_NIST_P521", "Description": "", "Enabled": true, "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "ECC_NIST_P521", "KeyState": "Enabled", "KeyUsage": "SIGN_VERIFY", "MultiRegion": false, "Origin": "AWS_KMS", "SigningAlgorithms": [ "ECDSA_SHA_512" ] } }, "comments": { "input": { "KeySpec": "Describes the type of key material in the KMS key.", "KeyUsage": "The cryptographic operations for which you can use the KMS key." }, "output": { "KeyMetadata": "Detailed information about the KMS key that this operation creates." } }, "description": "This example creates a KMS key that contains an asymmetric elliptic curve (ECC) key pair for signing and verification. The key usage is required even though \"SIGN_VERIFY\" is the only valid value for ECC KMS keys. The key spec and key usage can't be changed after the key is created.", "id": "to-create-an-asymmetric-elliptic-curve-kms-key-for-signing-and-verification-3", "title": "To create an asymmetric elliptic curve KMS key for signing and verification" }, { "input": { "KeySpec": "HMAC_384", "KeyUsage": "GENERATE_VERIFY_MAC" }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": "2022-04-05T14:04:55-07:00", "CustomerMasterKeySpec": "HMAC_384", "Description": "", "Enabled": true, "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "HMAC_384", "KeyState": "Enabled", "KeyUsage": "GENERATE_VERIFY_MAC", "MacAlgorithms": [ "HMAC_SHA_384" ], "MultiRegion": false, "Origin": "AWS_KMS" } }, "comments": { "input": { "KeySpec": "Describes the type of key material in the KMS key.", "KeyUsage": "The cryptographic operations for which you can use the KMS key." }, "output": { "KeyMetadata": "Detailed information about the KMS key that this operation creates." } }, "description": "This example creates a 384-bit symmetric HMAC KMS key. The GENERATE_VERIFY_MAC key usage value is required even though it's the only valid value for HMAC KMS keys. The key spec and key usage can't be changed after the key is created.", "id": "to-create-an-hmac-kms-key-1630628752841", "title": "To create an HMAC KMS key" }, { "input": { "MultiRegion": true }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab", "CreationDate": "2021-09-02T016:15:21-09:00", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "", "Enabled": true, "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "KeyId": "mrk-1234abcd12ab34cd56ef12345678990ab", "KeyManager": "CUSTOMER", "KeySpec": "SYMMETRIC_DEFAULT", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": true, "MultiRegionConfiguration": { "MultiRegionKeyType": "PRIMARY", "PrimaryKey": { "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef12345678990ab", "Region": "us-west-2" }, "ReplicaKeys": [ ] }, "Origin": "AWS_KMS" } }, "comments": { "input": { "MultiRegion": "Indicates whether the KMS key is a multi-Region (True) or regional (False) key." }, "output": { "KeyMetadata": "Detailed information about the KMS key that this operation creates." } }, "description": "This example creates a multi-Region primary symmetric encryption key. Because the default values for all parameters create a symmetric encryption key, only the MultiRegion parameter is required for this KMS key.", "id": "to-create-a-multi-region-primary-kms-key-4", "title": "To create a multi-Region primary KMS key" }, { "input": { "Origin": "EXTERNAL" }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": "2019-12-02T07:48:55-07:00", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "", "Enabled": false, "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "SYMMETRIC_DEFAULT", "KeyState": "PendingImport", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": false, "Origin": "EXTERNAL" } }, "comments": { "input": { "Origin": "The source of the key material for the KMS key." }, "output": { "KeyMetadata": "Detailed information about the KMS key that this operation creates." } }, "description": "This example creates a KMS key with no key material. When the operation is complete, you can import your own key material into the KMS key. To create this KMS key, set the Origin parameter to EXTERNAL.", "id": "to-create-a-kms-key-for-imported-key-material-5", "title": "To create a KMS key for imported key material" }, { "input": { "CustomKeyStoreId": "cks-1234567890abcdef0", "Origin": "AWS_CLOUDHSM" }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CloudHsmClusterId": "cluster-1a23b4cdefg", "CreationDate": "2019-12-02T07:48:55-07:00", "CustomKeyStoreId": "cks-1234567890abcdef0", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "", "Enabled": true, "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "SYMMETRIC_DEFAULT", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": false, "Origin": "AWS_CLOUDHSM" } }, "comments": { "input": { "CustomKeyStoreId": "Identifies the custom key store that hosts the KMS key.", "Origin": "Indicates the source of the key material for the KMS key." }, "output": { "KeyMetadata": "Detailed information about the KMS key that this operation creates." } }, "description": "This example creates a KMS key in the specified AWS CloudHSM key store. The operation creates the KMS key and its metadata in AWS KMS and creates the key material in the AWS CloudHSM cluster associated with the custom key store. This example requires the CustomKeyStoreId and Origin parameters.", "id": "to-create-a-kms-key-in-an-aws-cloudhsm-custom-key-store-6", "title": "To create a KMS key in an AWS CloudHSM key store" }, { "input": { "CustomKeyStoreId": "cks-9876543210fedcba9", "Origin": "EXTERNAL_KEY_STORE", "XksKeyId": "bb8562717f809024" }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-east-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321", "CreationDate": "2022-02-02T07:48:55-07:00", "CustomKeyStoreId": "cks-9876543210fedcba9", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "", "Enabled": true, "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "KeyId": "0987dcba-09fe-87dc-65ba-ab0987654321", "KeyManager": "CUSTOMER", "KeySpec": "SYMMETRIC_DEFAULT", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": false, "Origin": "EXTERNAL_KEY_STORE", "XksKeyConfiguration": { "Id": "bb8562717f809024" } } }, "comments": { "input": { "CustomKeyStoreId": "Identifies the custom key store that hosts the KMS key.", "Origin": "Indicates the source of the key material for the KMS key.", "XksKeyId": "Identifies the encryption key in your external key manager that is associated with the KMS key" }, "output": { "KeyMetadata": "Detailed information about the KMS key that this operation creates." } }, "description": "This example creates a KMS key in the specified external key store. It uses the XksKeyId parameter to associate the KMS key with an existing symmetric encryption key in your external key manager. This CustomKeyStoreId, Origin, and XksKeyId parameters are required in this operation.", "id": "to-create-a-kms-key-in-an-external-custom-key-store-7", "title": "To create a KMS key in an external key store" } ], "Decrypt": [ { "input": { "CiphertextBlob": "<binary data>", "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, "output": { "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Plaintext": "<binary data>" }, "comments": { "input": { "CiphertextBlob": "The encrypted data (ciphertext).", "KeyId": "A key identifier for the KMS key to use to decrypt the data." }, "output": { "KeyId": "The Amazon Resource Name (ARN) of the KMS key that was used to decrypt the data.", "Plaintext": "The decrypted (plaintext) data." } }, "description": "The following example decrypts data that was encrypted with a KMS key.", "id": "to-decrypt-data-1478281622886", "title": "To decrypt data" } ], "DeleteAlias": [ { "input": { "AliasName": "alias/ExampleAlias" }, "comments": { "input": { "AliasName": "The alias to delete." } }, "description": "The following example deletes the specified alias.", "id": "to-delete-an-alias-1478285209338", "title": "To delete an alias" } ], "DeleteCustomKeyStore": [ { "input": { "CustomKeyStoreId": "cks-1234567890abcdef0" }, "output": { }, "comments": { "input": { "CustomKeyStoreId": "The ID of the custom key store to be deleted." }, "output": { } }, "description": "This example deletes a custom key store from AWS KMS. This operation does not affect the backing key store, such as a CloudHSM cluster, external key store proxy, or your external key manager. This operation doesn't return any data. To verify that the operation was successful, use the DescribeCustomKeyStores operation.", "id": "to-delete-a-custom-key-store-from-aws-kms-1628630837145", "title": "To delete a custom key store from AWS KMS" } ], "DeleteImportedKeyMaterial": [ { "input": { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "comments": { "input": { "KeyId": "The identifier of the KMS key whose imported key material you are deleting. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key." } }, "description": "The following example deletes the imported key material from the specified KMS key.", "id": "to-delete-imported-key-material-1478561674507", "title": "To delete imported key material" } ], "DescribeCustomKeyStores": [ { "input": { }, "output": { "CustomKeyStores": [ ] }, "comments": { "input": { }, "output": { "CustomKeyStores": "Details about each custom key store in the account and Region." } }, "description": "This example gets detailed information about all AWS KMS custom key stores in an AWS account and Region. To get all key stores, do not enter a custom key store name or ID.", "id": "to-get-detailed-information-about-custom-key-stores-in-the-account-and-region-1", "title": "To get detailed information about custom key stores in the account and Region" }, { "input": { "CustomKeyStoreName": "ExampleKeyStore" }, "output": { "CustomKeyStores": [ { "CloudHsmClusterId": "cluster-1a23b4cdefg", "ConnectionState": "CONNECTED", "CreationDate": "1.499288695918E9", "CustomKeyStoreId": "cks-1234567890abcdef0", "CustomKeyStoreName": "ExampleKeyStore", "CustomKeyStoreType": "AWS_CLOUDHSM", "TrustAnchorCertificate": "<certificate appears here>" } ] }, "comments": { "input": { "CustomKeyStoreName": "The friendly name of the custom key store." }, "output": { "CustomKeyStores": "Detailed information about the specified custom key store." } }, "description": "This example gets detailed information about a particular AWS CloudHSM key store by specifying its friendly name. To limit the output to a particular custom key store, provide either the custom key store name or ID.", "id": "to-get-detailed-information-about-a-cloudhsm-custom-key-store-by-name-2", "title": "To get detailed information about an AWS CloudHSM key store by specifying its friendly name" }, { "input": { "CustomKeyStoreId": "cks-9876543210fedcba9" }, "output": { "CustomKeyStores": [ { "ConnectionState": "CONNECTED", "CreationDate": "1.599288695918E9", "CustomKeyStoreId": "cks-9876543210fedcba9", "CustomKeyStoreName": "ExampleExternalKeyStore", "CustomKeyStoreType": "EXTERNAL_KEY_STORE", "XksProxyConfiguration": { "AccessKeyId": "ABCDE12345670EXAMPLE", "Connectivity": "PUBLIC_ENDPOINT", "UriEndpoint": "https://myproxy.xks.example.com", "UriPath": "/kms/xks/v1" } } ] }, "comments": { "input": { "CustomKeyStoreId": "The ID of the custom key store." }, "output": { "CustomKeyStores": "Detailed information about the specified custom key store." } }, "description": "This example gets detailed information about an external key store by specifying its ID. The example external key store proxy uses public endpoint connectivity.", "id": "to-get-detailed-information-about-an-external-key-store--3", "title": "To get detailed information about an external key store by specifying its ID" }, { "input": { "CustomKeyStoreName": "VPCExternalKeystore" }, "output": { "CustomKeyStores": [ { "ConnectionState": "CONNECTED", "CreationDate": "1.643057863.842", "CustomKeyStoreId": "cks-876543210fedcba98", "CustomKeyStoreName": "ExampleVPCExternalKeyStore", "CustomKeyStoreType": "EXTERNAL_KEY_STORE", "XksProxyConfiguration": { "AccessKeyId": "ABCDE12345670EXAMPLE", "Connectivity": "VPC_ENDPOINT_SERVICE", "UriEndpoint": "https://myproxy-private.xks.example.com", "UriPath": "/example-prefix/kms/xks/v1", "VpcEndpointServiceName": "com.amazonaws.vpce.us-east-1.vpce-svc-example1" } } ] }, "comments": { "input": { "CustomKeyStoreId": "The ID of the custom key store." }, "output": { "CustomKeyStores": "Detailed information about the specified custom key store." } }, "description": "This example gets detailed information about a particular external key store by specifying its friendly name. To limit the output to a particular custom key store, provide either the custom key store name or ID. The proxy URI path for this external key store includes an optional prefix. Also, because this example external key store uses VPC endpoint connectivity, the response includes the associated VPC endpoint service name.", "id": "to-get-detailed-information-about-an-external-custom-key-store-by-name-4", "title": "To get detailed information about an external key store VPC endpoint connectivity by specifying its friendly name" } ], "DescribeKey": [ { "input": { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": "2017-07-05T14:04:55-07:00", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "", "Enabled": true, "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "SYMMETRIC_DEFAULT", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": false, "Origin": "AWS_KMS" } }, "comments": { "input": { "KeyId": "An identifier for the KMS key. You can use the key ID, key ARN, alias name, alias ARN of the KMS key." }, "output": { "KeyMetadata": "An object that contains information about the specified KMS key." } }, "description": "The following example gets metadata for a symmetric encryption KMS key.", "id": "get-key-details-1", "title": "To get details about a KMS key" }, { "input": { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": 1571767572.317, "CustomerMasterKeySpec": "RSA_2048", "Description": "", "Enabled": false, "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "RSA_2048", "KeyState": "Disabled", "KeyUsage": "SIGN_VERIFY", "MultiRegion": false, "Origin": "AWS_KMS", "SigningAlgorithms": [ "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512" ] } }, "comments": { "input": { "KeyId": "An identifier for the KMS key. You can use the key ID, key ARN, alias name, alias ARN of the KMS key." }, "output": { "KeyMetadata": "An object that contains information about the specified KMS key." } }, "description": "The following example gets metadata for an asymmetric RSA KMS key used for signing and verification.", "id": "to-get-details-about-an-rsa-asymmetric-kms-key-2", "title": "To get details about an RSA asymmetric KMS key" }, { "input": { "KeyId": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab" }, "output": { "KeyMetadata": { "AWSAccountId": "111122223333", "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "CreationDate": 1586329200.918, "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "", "Enabled": true, "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "KeyId": "mrk-1234abcd12ab34cd56ef1234567890ab", "KeyManager": "CUSTOMER", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": true, "MultiRegionConfiguration": { "MultiRegionKeyType": "PRIMARY", "PrimaryKey": { "Arn": "arn:aws:kms:us-west-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "Region": "us-west-2" }, "ReplicaKeys": [ { "Arn": "arn:aws:kms:eu-west-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "Region": "eu-west-1" }, { "Arn": "arn:aws:kms:ap-northeast-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "Region": "ap-northeast-1" }, { "Arn": "arn:aws:kms:sa-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab", "Region": "sa-east-1" } ] }, "Origin": "AWS_KMS" } }, "comments": { "input": { "KeyId": "An identifier for the KMS key. You can use the key ID, key ARN, alias name, alias ARN of the KMS key." }, "output": { "KeyMetadata": "An object that contains information about the specified KMS key." } }, "description": "The following example gets metadata for a multi-Region replica key. This multi-Region key is a symmetric encryption key. DescribeKey returns information about the primary key and all of its replicas.", "id": "to-get-details-about-a-multi-region-key-3", "title": "To get details about a multi-Region key" }, { "input": { "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, "output": { "KeyMetadata": { "AWSAccountId": "123456789012", "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": 1566160362.664, "CustomerMasterKeySpec": "HMAC_256", "Description": "Development test key", "Enabled": true, "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeyState": "Enabled", "KeyUsage": "GENERATE_VERIFY_MAC", "MacAlgorithms": [ "HMAC_SHA_256" ], "MultiRegion": false, "Origin": "AWS_KMS" } }, "comments": { "input": { "KeyId": "An identifier for the KMS key. You can use the key ID, key ARN, alias name, alias ARN of the KMS key." }, "output": { "KeyMetadata": "An object that contains information about the specified KMS key." } }, "description": "The following example gets the metadata of an HMAC KMS key.", "id": "to-get-details-about-an-hmac-kms-key-4", "title": "To get details about an HMAC KMS key" }, { "input": { "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, "output": { "KeyMetadata": { "AWSAccountId": "123456789012", "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CloudHsmClusterId": "cluster-1a23b4cdefg", "CreationDate": 1646160362.664, "CustomKeyStoreId": "cks-1234567890abcdef0", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "CloudHSM key store test key", "Enabled": true, "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "SYMMETRIC_DEFAULT", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": false, "Origin": "AWS_CLOUDHSM" } }, "comments": { "input": { "KeyId": "An identifier for the KMS key. You can use the key ID, key ARN, alias name, alias ARN of the KMS key." }, "output": { "KeyMetadata": "An object that contains information about the specified KMS key." } }, "description": "The following example gets the metadata of a KMS key in an AWS CloudHSM key store.", "id": "to-get-details-about-a-kms-key-in-an-AWS-CloudHSM-key-store-5", "title": "To get details about a KMS key in an AWS CloudHSM key store" }, { "input": { "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, "output": { "KeyMetadata": { "AWSAccountId": "123456789012", "Arn": "arn:aws:kms:us-west-2:123456789012:key/1234abcd-12ab-34cd-56ef-1234567890ab", "CreationDate": 1646160362.664, "CustomKeyStoreId": "cks-1234567890abcdef0", "CustomerMasterKeySpec": "SYMMETRIC_DEFAULT", "Description": "External key store test key", "Enabled": true, "EncryptionAlgorithms": [ "SYMMETRIC_DEFAULT" ], "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "KeyManager": "CUSTOMER", "KeySpec": "SYMMETRIC_DEFAULT", "KeyState": "Enabled", "KeyUsage": "ENCRYPT_DECRYPT", "MultiRegion": false, "Origin": "EXTERNAL_KEY_STORE", "XksKeyConfiguration": { "Id": "bb8562717f809024" } } }, "comments": { "input": { "KeyId": "An identifier for the KMS key. You can use the key ID, key ARN, alias name, alias ARN of the KMS key." }, "output": { "KeyMetadata": "An object that contains information about the specified KMS key." } }, "description": "The following example gets the metadata of a KMS key in an external key store.", "id": "to-get-details-about-a-kms-key-in-an-external-key-store-6", "title": "To get details about a KMS key in an external key store" } ], "DisableKey": [ { "input": { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "comments": { "input": { "KeyId": "The identifier of the KMS key to disable. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key." } }, "description": "The following example disables the specified KMS key.", "id": "to-disable-a-cmk-1478566583659", "title": "To disable a KMS key" } ], "DisableKeyRotation": [ { "input": { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "comments": { "input": { "KeyId": "The identifier of the KMS key whose key material will no longer be rotated. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key." } }, "description": "The following example disables automatic annual rotation of the key material for the specified KMS key.", "id": "to-disable-automatic-rotation-of-key-material-1478624396092", "title": "To disable automatic rotation of key material" } ], "DisconnectCustomKeyStore": [ { "input": { "CustomKeyStoreId": "cks-1234567890abcdef0" }, "output": { }, "comments": { "input": { "CustomKeyStoreId": "The ID of the custom key store." }, "output": { } }, "description": "This example disconnects an AWS KMS custom key store from its backing key store. For an AWS CloudHSM key store, it disconnects the key store from its AWS CloudHSM cluster. For an external key store, it disconnects the key store from the external key store proxy that communicates with your external key manager. This operation doesn't return any data. To verify that the custom key store is disconnected, use the <code>DescribeCustomKeyStores</code> operation.", "id": "to-disconnect-a-custom-key-store-from-its-cloudhsm-cluster-1628627955156", "title": "To disconnect a custom key store from its CloudHSM cluster" } ], "EnableKey": [ { "input": { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "comments": { "input": { "KeyId": "The identifier of the KMS key to enable. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key." } }, "description": "The following example enables the specified KMS key.", "id": "to-enable-a-cmk-1478627501129", "title": "To enable a KMS key" } ], "EnableKeyRotation": [ { "input": { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab" }, "comments": { "input": { "KeyId": "The identifier of the KMS key whose key material will be rotated annually. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key." } }, "description": "The following example enables automatic annual rotation of the key material for the specified KMS key.", "id": "to-enable-automatic-rotation-of-key-material-1478629109677", "title": "To enable automatic rotation of key material" } ], "Encrypt": [ { "input": { "KeyId": "1234abcd-12ab-34cd-56ef-1234567890ab", "Plaintext": "<binary data>" }, "output": { "CiphertextBlob": "<binary data>", "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, "comments": { "input": { "KeyId": "The identifier of the KMS key to use for encryption. You can use the key ID or Amazon Resource Name (ARN) of the KMS key, or the name or ARN of an alias that refers to the KMS key.", "Plaintext": "The data to encrypt." }, "output": { "CiphertextBlob": "The encrypted data (ciphertext).", "KeyId": "The ARN of the KMS key that was used to encrypt the data." } }, "description": "The following example encrypts data with the specified KMS key.", "id": "to-encrypt-data-1478906026012", "title": "To encrypt data" } ], "GenerateDataKey": [ { "input": { "KeyId": "alias/ExampleAlias", "KeySpec": "AES_256" }, "output": { "CiphertextBlob": "<binary data>", "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "Plaintext": "<binary data>" }, "comments": { "input": { "KeyId": "The identifier of the KMS key to use to encrypt the data key. You can use the key ID or Amazon Resource Name (ARN) of the KMS key, or the name or ARN of an alias that refers to the KMS key.", "KeySpec": "Specifies the type of data key to return." }, "output": { "CiphertextBlob": "The encrypted data key.", "KeyId": "The ARN of the KMS key that was used to encrypt the data key.", "Plaintext": "The unencrypted (plaintext) data key." } }, "description": "The following example generates a 256-bit symmetric data encryption key (data key) in two formats. One is the unencrypted (plainext) data key, and the other is the data key encrypted with the specified KMS key.", "id": "to-generate-a-data-key-1478912956062", "title": "To generate a data key" } ], "GenerateDataKeyPair": [ { "input": { "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "KeyPairSpec": "RSA_3072" }, "output": { "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "KeyPairSpec": "RSA_3072", "PrivateKeyCiphertextBlob": "<binary data>", "PrivateKeyPlaintext": "<binary data>", "PublicKey": "<binary data>" }, "comments": { "input": { "KeyId": "The key ID of the symmetric encryption KMS key that encrypts the private RSA key in the data key pair.", "KeyPairSpec": "The requested key spec of the RSA data key pair." }, "output": { "KeyId": "The key ARN of the symmetric encryption KMS key that was used to encrypt the private key.", "KeyPairSpec": "The actual key spec of the RSA data key pair.", "PrivateKeyCiphertextBlob": "The encrypted private key of the RSA data key pair.", "PrivateKeyPlaintext": "The plaintext private key of the RSA data key pair.", "PublicKey": "The public key (plaintext) of the RSA data key pair." } }, "description": "This example generates an RSA data key pair for encryption and decryption. The operation returns a plaintext public key and private key, and a copy of the private key that is encrypted under a symmetric encryption KMS key that you specify.", "id": "to-generate-an-rsa-key-pair-for-encryption-and-decryption-1628619376878", "title": "To generate an RSA key pair for encryption and decryption" } ], "GenerateDataKeyPairWithoutPlaintext": [ { "input": { "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "KeyPairSpec": "ECC_NIST_P521" }, "output": { "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab", "KeyPairSpec": "ECC_NIST_P521", "PrivateKeyCiphertextBlob": "<binary data>", "PublicKey": "<binary data>" }, "comments": { "input": { "KeyId": "The symmetric encryption KMS key that encrypts the private key of the ECC data key pair.", "KeyPairSpec": "The requested key spec of the ECC asymmetric data key pair." }, "output": { "KeyId": "The key ARN of the symmetric encryption KMS key that encrypted the private key in the ECC asymmetric data key pair.", "KeyPairSpec": "The actual key spec of the ECC asymmetric data key pair.", "PrivateKeyCiphertextBlob": "The encrypted private key of the asymmetric ECC data key pair.", "PublicKey": "The public key (plaintext)." } }, "description": "This example returns an asymmetric elliptic curve (ECC) data key pair. The private key is encrypted under the symmetric encryption KMS key that you specify. This operation doesn't return a plaintext (unencrypted) private key.", "id": "to-generate-an-asymmetric-data-key-pair-without-a-plaintext-key-1628620971564", "title": "To generate an asymmetric data key pair without a plaintext key" } ], "GenerateDataKeyWithoutPlaintext": [ { "input": { "KeyId": "alias/ExampleAlias", "KeySpec": "AES_256" }, "output": { "CiphertextBlob": "<binary data>", "KeyId": "arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab" }, "comments": { "input": {