com.ibm.cloud.objectstorage.services.kms.AWSKMS Maven / Gradle / Ivy

Show more of this group Show more artifacts with this name
Show all versions of ibm-cos-java-sdk-bundle Show documentation

A single bundled dependency that includes all service and dependent JARs with third-party libraries relocated to different namespaces.

There is a newer version: 2.13.4

Show newest version

/* * Copyright 2014-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with * the License. A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR * CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions * and limitations under the License. */ package com.ibm.cloud.objectstorage.services.kms; import javax.annotation.Generated; import com.ibm.cloud.objectstorage.*; import com.ibm.cloud.objectstorage.regions.*; import com.ibm.cloud.objectstorage.services.kms.model.*; /** * Interface for accessing KMS. * * Note: Do not directly implement this interface, new methods are added to it regularly. Extend from * {@link com.ibm.cloud.objectstorage.services.kms.AbstractAWSKMS} instead. * * * AWS Key Management Service * * AWS Key Management Service (AWS KMS) is an encryption and key management web service. This guide describes the AWS * KMS operations that you can call programmatically. For general information about AWS KMS, see the AWS Key Management Service Developer Guide * . * * * * AWS provides SDKs that consist of libraries and sample code for various programming languages and platforms (Java, * Ruby, .Net, macOS, Android, etc.). The SDKs provide a convenient way to create programmatic access to AWS KMS and * other AWS services. For example, the SDKs take care of tasks such as signing requests (see below), managing errors, * and retrying requests automatically. For more information about the AWS SDKs, including how to download and install * them, see Tools for Amazon Web Services. * * * * We recommend that you use the AWS SDKs to make programmatic API calls to AWS KMS. * * * Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher * suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral * Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes. * * * Signing Requests * * * Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do * not use your AWS account (root) access key ID and secret key for everyday work with AWS KMS. Instead, use the * access key ID and secret access key for an IAM user. You can also use the AWS Security Token Service to generate * temporary security credentials that you can use to sign requests. * * * All AWS KMS operations require Signature Version 4. * * * Logging API Requests * * * AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS account and * delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can * determine what requests were made to AWS KMS, who made the request, when it was made, and so on. To learn more about * CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide. * * * Additional Resources * * * For more information about credentials and request signing, see the following: * * * * * AWS Security Credentials - * This topic provides general information about the types of credentials used for accessing AWS. * * * * * Temporary Security * Credentials - This section of the IAM User Guide describes how to create and use temporary security * credentials. * * * * * Signature Version 4 Signing * Process - This set of topics walks you through the process of signing a request using an access key ID and a * secret access key. * * * * * Commonly Used API Operations * * * Of the API operations discussed in this guide, the following will prove the most useful for most applications. You * will likely perform operations other than these, such as creating keys and assigning policies, by using the console. * * * * * Encrypt * * * * * Decrypt * * * * * GenerateDataKey * * * * * GenerateDataKeyWithoutPlaintext * * * */ @Generated("com.amazonaws:aws-java-sdk-code-generator") public interface AWSKMS { /** * The region metadata service name for computing region endpoints. You can use this value to retrieve metadata * (such as supported regions) of the service. * * @see RegionUtils#getRegionsForService(String) */ String ENDPOINT_PREFIX = "kms"; /** * Overrides the default endpoint for this client ("https://kms.us-east-1.amazonaws.com/"). Callers can use this * method to control which AWS region they want to work with. * * Callers can pass in just the endpoint (ex: "kms.us-east-1.amazonaws.com/") or a full URL, including the protocol * (ex: "https://kms.us-east-1.amazonaws.com/"). If the protocol is not specified here, the default protocol from * this client's {@link ClientConfiguration} will be used, which by default is HTTPS. * * For more information on using AWS regions with the AWS SDK for Java, and a complete list of all available * endpoints for all AWS services, see: * http://developer.amazonwebservices.com/connect/entry.jspa?externalID=3912 * * This method is not threadsafe. An endpoint should be configured when the client is created and before any * service requests are made. Changing it afterwards creates inevitable race conditions for any service requests in * transit or retrying. * * @param endpoint * The endpoint (ex: "kms.us-east-1.amazonaws.com/") or a full URL, including the protocol (ex: * "https://kms.us-east-1.amazonaws.com/") of the region specific AWS endpoint this client will communicate * with. * @deprecated use {@link AwsClientBuilder#setEndpointConfiguration(AwsClientBuilder.EndpointConfiguration)} for * example: * {@code builder.setEndpointConfiguration(new EndpointConfiguration(endpoint, signingRegion));} */ @Deprecated void setEndpoint(String endpoint); /** * An alternative to {@link AWSKMS#setEndpoint(String)}, sets the regional endpoint for this client's service calls. * Callers can use this method to control which AWS region they want to work with. * * By default, all service endpoints in all regions use the https protocol. To use http instead, specify it in the * {@link ClientConfiguration} supplied at construction. * * This method is not threadsafe. A region should be configured when the client is created and before any service * requests are made. Changing it afterwards creates inevitable race conditions for any service requests in transit * or retrying. * * @param region * The region this client will communicate with. See {@link Region#getRegion(com.ibm.cloud.objectstorage.regions.Regions)} * for accessing a given region. Must not be null and must be a region where the service is available. * * @see Region#getRegion(com.ibm.cloud.objectstorage.regions.Regions) * @see Region#createClient(Class, com.ibm.cloud.objectstorage.auth.AWSCredentialsProvider, ClientConfiguration) * @see Region#isServiceSupported(String) * @deprecated use {@link AwsClientBuilder#setRegion(String)} */ @Deprecated void setRegion(Region region); /** * * Cancels the deletion of a customer master key (CMK). When this operation is successful, the CMK is set to the * Disabled state. To enable a CMK, use EnableKey. * * * For more information about scheduling and canceling deletion of a CMK, see Deleting Customer Master Keys * in the AWS Key Management Service Developer Guide. * * * @param cancelKeyDeletionRequest * @return Result of the CancelKeyDeletion operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.CancelKeyDeletion * @see AWS API * Documentation */ CancelKeyDeletionResult cancelKeyDeletion(CancelKeyDeletionRequest cancelKeyDeletionRequest); /** * * Creates a display name for a customer master key. An alias can be used to identify a key and should be unique. * The console enforces a one-to-one mapping between the alias and a key. An alias name can contain only * alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An alias must start with the word * "alias" followed by a forward slash (alias/). An alias that begins with "aws" after the forward slash * (alias/aws...) is reserved by Amazon Web Services (AWS). * * * The alias and the key it is mapped to must be in the same AWS account and the same region. * * * To map an alias to a different key, call UpdateAlias. * * * @param createAliasRequest * @return Result of the CreateAlias operation returned by the service. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws AlreadyExistsException * The request was rejected because it attempted to create a resource that already exists. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidAliasNameException * The request was rejected because the specified alias name is not valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws LimitExceededException * The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key * Management Service Developer Guide. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.CreateAlias * @see AWS API * Documentation */ CreateAliasResult createAlias(CreateAliasRequest createAliasRequest); /** * * Adds a grant to a key to specify who can use the key and under what conditions. Grants are alternate permission * mechanisms to key policies. * * * For more information about grants, see Grants in the AWS Key Management * Service Developer Guide. * * * @param createGrantRequest * @return Result of the CreateGrant operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DisabledException * The request was rejected because the specified CMK is not enabled. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws InvalidGrantTokenException * The request was rejected because the specified grant token is not valid. * @throws LimitExceededException * The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key * Management Service Developer Guide. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.CreateGrant * @see AWS API * Documentation */ CreateGrantResult createGrant(CreateGrantRequest createGrantRequest); /** * * Creates a customer master key (CMK). * * * You can use a CMK to encrypt small amounts of data (4 KiB or less) directly, but CMKs are more commonly used to * encrypt data encryption keys (DEKs), which are used to encrypt raw data. For more information about DEKs and the * difference between CMKs and DEKs, see the following: * * * * * The GenerateDataKey operation * * * * * AWS Key Management Service * Concepts in the AWS Key Management Service Developer Guide * * * * * @param createKeyRequest * @return Result of the CreateKey operation returned by the service. * @throws MalformedPolicyDocumentException * The request was rejected because the specified policy is not syntactically or semantically correct. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws UnsupportedOperationException * The request was rejected because a specified parameter is not supported or a specified resource is not * valid for this operation. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws LimitExceededException * The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key * Management Service Developer Guide. * @throws TagException * The request was rejected because one or more tags are not valid. * @sample AWSKMS.CreateKey * @see AWS API * Documentation */ CreateKeyResult createKey(CreateKeyRequest createKeyRequest); /** * Simplified method form for invoking the CreateKey operation. * * @see #createKey(CreateKeyRequest) */ CreateKeyResult createKey(); /** * * Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following * functions: * * * * * GenerateDataKey * * * * * GenerateDataKeyWithoutPlaintext * * * * * Encrypt * * * * * Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies * that grant Decrypt permission on all resources), then ciphertext encrypted by using keys in other * accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not * grant Decrypt access in an IAM user policy. Instead grant Decrypt access only in key * policies. If you must grant Decrypt access in an IAM user policy, you should scope the resource to * specific keys or to specific trusted accounts. * * * @param decryptRequest * @return Result of the Decrypt operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DisabledException * The request was rejected because the specified CMK is not enabled. * @throws InvalidCiphertextException * The request was rejected because the specified ciphertext has been corrupted or is otherwise invalid. * @throws KeyUnavailableException * The request was rejected because the specified CMK was not available. The request can be retried. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidGrantTokenException * The request was rejected because the specified grant token is not valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.Decrypt * @see AWS API * Documentation */ DecryptResult decrypt(DecryptRequest decryptRequest); /** * * Deletes the specified alias. To map an alias to a different key, call UpdateAlias. * * * @param deleteAliasRequest * @return Result of the DeleteAlias operation returned by the service. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.DeleteAlias * @see AWS API * Documentation */ DeleteAliasResult deleteAlias(DeleteAliasRequest deleteAliasRequest); /** * * Deletes key material that you previously imported and makes the specified customer master key (CMK) unusable. For * more information about importing key material into AWS KMS, see Importing Key Material in the * AWS Key Management Service Developer Guide. * * * When the specified CMK is in the PendingDeletion state, this operation does not change the CMK's * state. Otherwise, it changes the CMK's state to PendingImport. * * * After you delete key material, you can use ImportKeyMaterial to reimport the same key material into the * CMK. * * * @param deleteImportedKeyMaterialRequest * @return Result of the DeleteImportedKeyMaterial operation returned by the service. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws UnsupportedOperationException * The request was rejected because a specified parameter is not supported or a specified resource is not * valid for this operation. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.DeleteImportedKeyMaterial * @see AWS * API Documentation */ DeleteImportedKeyMaterialResult deleteImportedKeyMaterial(DeleteImportedKeyMaterialRequest deleteImportedKeyMaterialRequest); /** * * Provides detailed information about the specified customer master key. * * * @param describeKeyRequest * @return Result of the DescribeKey operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @sample AWSKMS.DescribeKey * @see AWS API * Documentation */ DescribeKeyResult describeKey(DescribeKeyRequest describeKeyRequest); /** * * Sets the state of a customer master key (CMK) to disabled, thereby preventing its use for cryptographic * operations. For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * * * @param disableKeyRequest * @return Result of the DisableKey operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.DisableKey * @see AWS API * Documentation */ DisableKeyResult disableKey(DisableKeyRequest disableKeyRequest); /** * * Disables rotation of the specified key. * * * @param disableKeyRotationRequest * @return Result of the DisableKeyRotation operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DisabledException * The request was rejected because the specified CMK is not enabled. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @throws UnsupportedOperationException * The request was rejected because a specified parameter is not supported or a specified resource is not * valid for this operation. * @sample AWSKMS.DisableKeyRotation * @see AWS API * Documentation */ DisableKeyRotationResult disableKeyRotation(DisableKeyRotationRequest disableKeyRotationRequest); /** * * Marks a key as enabled, thereby permitting its use. * * * @param enableKeyRequest * @return Result of the EnableKey operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws LimitExceededException * The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key * Management Service Developer Guide. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.EnableKey * @see AWS API * Documentation */ EnableKeyResult enableKey(EnableKeyRequest enableKeyRequest); /** * * Enables rotation of the specified customer master key. * * * @param enableKeyRotationRequest * @return Result of the EnableKeyRotation operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DisabledException * The request was rejected because the specified CMK is not enabled. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @throws UnsupportedOperationException * The request was rejected because a specified parameter is not supported or a specified resource is not * valid for this operation. * @sample AWSKMS.EnableKeyRotation * @see AWS API * Documentation */ EnableKeyRotationResult enableKeyRotation(EnableKeyRotationRequest enableKeyRotationRequest); /** * * Encrypts plaintext into ciphertext by using a customer master key. The Encrypt function has two * primary use cases: * * * * * You can encrypt up to 4 KB of arbitrary data such as an RSA key, a database password, or other sensitive customer * information. * * * * * If you are moving encrypted data from one region to another, you can use this API to encrypt in the new region * the plaintext data key that was used to encrypt the data in the original region. This provides you with an * encrypted copy of the data key that can be decrypted in the new region and used there to decrypt the encrypted * data. * * * * * Unless you are moving encrypted data from one region to another, you don't use this function to encrypt a * generated data key within a region. You retrieve data keys already encrypted by calling the * GenerateDataKey or GenerateDataKeyWithoutPlaintext function. Data keys don't need to be encrypted * again by calling Encrypt. * * * If you want to encrypt data locally in your application, you can use the GenerateDataKey function to * return a plaintext data encryption key and a copy of the key encrypted under the customer master key (CMK) of * your choosing. * * * @param encryptRequest * @return Result of the Encrypt operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DisabledException * The request was rejected because the specified CMK is not enabled. * @throws KeyUnavailableException * The request was rejected because the specified CMK was not available. The request can be retried. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidKeyUsageException * The request was rejected because the specified KeySpec value is not valid. * @throws InvalidGrantTokenException * The request was rejected because the specified grant token is not valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.Encrypt * @see AWS API * Documentation */ EncryptResult encrypt(EncryptRequest encryptRequest); /** * * Returns a data encryption key that you can use in your application to encrypt data locally. * * * You must specify the customer master key (CMK) under which to generate the data key. You must also specify the * length of the data key using either the KeySpec or NumberOfBytes field. You must * specify one field or the other, but not both. For common key lengths (128-bit and 256-bit symmetric keys), we * recommend that you use KeySpec. * * * This operation returns a plaintext copy of the data key in the Plaintext field of the response, and * an encrypted copy of the data key in the CiphertextBlob field. The data key is encrypted under the * CMK specified in the KeyId field of the request. * * * We recommend that you use the following pattern to encrypt data locally in your application: * * * * * Use this operation (GenerateDataKey) to retrieve a data encryption key. * * * * * Use the plaintext data encryption key (returned in the Plaintext field of the response) to encrypt * data locally, then erase the plaintext data key from memory. * * * * * Store the encrypted data key (returned in the CiphertextBlob field of the response) alongside the * locally encrypted data. * * * * * To decrypt data locally: * * * * * Use the Decrypt operation to decrypt the encrypted data key into a plaintext copy of the data key. * * * * * Use the plaintext data key to decrypt data locally, then erase the plaintext data key from memory. * * * * * To return only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext. To return a random * byte string that is cryptographically secure, use GenerateRandom. * * * If you use the optional EncryptionContext field, you must store at least enough information to be * able to reconstruct the full encryption context when you later send the ciphertext to the Decrypt * operation. It is a good practice to choose an encryption context that you can reconstruct on the fly to better * secure the ciphertext. For more information, see Encryption Context in the * AWS Key Management Service Developer Guide. * * * @param generateDataKeyRequest * @return Result of the GenerateDataKey operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DisabledException * The request was rejected because the specified CMK is not enabled. * @throws KeyUnavailableException * The request was rejected because the specified CMK was not available. The request can be retried. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidKeyUsageException * The request was rejected because the specified KeySpec value is not valid. * @throws InvalidGrantTokenException * The request was rejected because the specified grant token is not valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.GenerateDataKey * @see AWS API * Documentation */ GenerateDataKeyResult generateDataKey(GenerateDataKeyRequest generateDataKeyRequest); /** * * Returns a data encryption key encrypted under a customer master key (CMK). This operation is identical to * GenerateDataKey but returns only the encrypted copy of the data key. * * * This operation is useful in a system that has multiple components with different degrees of trust. For example, * consider a system that stores encrypted data in containers. Each container stores the encrypted data and an * encrypted copy of the data key. One component of the system, called the control plane, creates new * containers. When it creates a new container, it uses this operation (GenerateDataKeyWithoutPlaintext * ) to get an encrypted data key and then stores it in the container. Later, a different component of the system, * called the data plane, puts encrypted data into the containers. To do this, it passes the encrypted data * key to the Decrypt operation, then uses the returned plaintext data key to encrypt data, and finally * stores the encrypted data in the container. In this system, the control plane never sees the plaintext data key. * * * @param generateDataKeyWithoutPlaintextRequest * @return Result of the GenerateDataKeyWithoutPlaintext operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DisabledException * The request was rejected because the specified CMK is not enabled. * @throws KeyUnavailableException * The request was rejected because the specified CMK was not available. The request can be retried. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidKeyUsageException * The request was rejected because the specified KeySpec value is not valid. * @throws InvalidGrantTokenException * The request was rejected because the specified grant token is not valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.GenerateDataKeyWithoutPlaintext * @see AWS API Documentation */ GenerateDataKeyWithoutPlaintextResult generateDataKeyWithoutPlaintext(GenerateDataKeyWithoutPlaintextRequest generateDataKeyWithoutPlaintextRequest); /** * * Returns a random byte string that is cryptographically secure. * * * For more information about entropy and random number generation, see the AWS Key Management Service * Cryptographic Details whitepaper. * * * @param generateRandomRequest * @return Result of the GenerateRandom operation returned by the service. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @sample AWSKMS.GenerateRandom * @see AWS API * Documentation */ GenerateRandomResult generateRandom(GenerateRandomRequest generateRandomRequest); /** * Simplified method form for invoking the GenerateRandom operation. * * @see #generateRandom(GenerateRandomRequest) */ GenerateRandomResult generateRandom(); /** * * Retrieves a policy attached to the specified key. * * * @param getKeyPolicyRequest * @return Result of the GetKeyPolicy operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.GetKeyPolicy * @see AWS API * Documentation */ GetKeyPolicyResult getKeyPolicy(GetKeyPolicyRequest getKeyPolicyRequest); /** * * Retrieves a Boolean value that indicates whether key rotation is enabled for the specified key. * * * @param getKeyRotationStatusRequest * @return Result of the GetKeyRotationStatus operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @throws UnsupportedOperationException * The request was rejected because a specified parameter is not supported or a specified resource is not * valid for this operation. * @sample AWSKMS.GetKeyRotationStatus * @see AWS API * Documentation */ GetKeyRotationStatusResult getKeyRotationStatus(GetKeyRotationStatusRequest getKeyRotationStatusRequest); /** * * Returns the items you need in order to import key material into AWS KMS from your existing key management * infrastructure. For more information about importing key material into AWS KMS, see Importing Key Material in the * AWS Key Management Service Developer Guide. * * * You must specify the key ID of the customer master key (CMK) into which you will import key material. This CMK's * Origin must be EXTERNAL. You must also specify the wrapping algorithm and type of * wrapping key (public key) that you will use to encrypt the key material. * * * This operation returns a public key and an import token. Use the public key to encrypt the key material. Store * the import token to send with a subsequent ImportKeyMaterial request. The public key and import token from * the same response must be used together. These items are valid for 24 hours, after which they cannot be used for * a subsequent ImportKeyMaterial request. To retrieve new ones, send another * GetParametersForImport request. * * * @param getParametersForImportRequest * @return Result of the GetParametersForImport operation returned by the service. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws UnsupportedOperationException * The request was rejected because a specified parameter is not supported or a specified resource is not * valid for this operation. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.GetParametersForImport * @see AWS API * Documentation */ GetParametersForImportResult getParametersForImport(GetParametersForImportRequest getParametersForImportRequest); /** * * Imports key material into an AWS KMS customer master key (CMK) from your existing key management infrastructure. * For more information about importing key material into AWS KMS, see Importing Key Material in the * AWS Key Management Service Developer Guide. * * * You must specify the key ID of the CMK to import the key material into. This CMK's Origin must be * EXTERNAL. You must also send an import token and the encrypted key material. Send the import token * that you received in the same GetParametersForImport response that contained the public key that you used * to encrypt the key material. You must also specify whether the key material expires and if so, when. When the key * material expires, AWS KMS deletes the key material and the CMK becomes unusable. To use the CMK again, you can * reimport the same key material. If you set an expiration date, you can change it only by reimporting the same key * material and specifying a new expiration date. * * * When this operation is successful, the specified CMK's key state changes to Enabled, and you can use * the CMK. * * * After you successfully import key material into a CMK, you can reimport the same key material into that CMK, but * you cannot import different key material. * * * @param importKeyMaterialRequest * @return Result of the ImportKeyMaterial operation returned by the service. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws UnsupportedOperationException * The request was rejected because a specified parameter is not supported or a specified resource is not * valid for this operation. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @throws InvalidCiphertextException * The request was rejected because the specified ciphertext has been corrupted or is otherwise invalid. * @throws IncorrectKeyMaterialException * The request was rejected because the provided key material is invalid or is not the same key material * that was previously imported into this customer master key (CMK). * @throws ExpiredImportTokenException * The request was rejected because the provided import token is expired. Use GetParametersForImport * to retrieve a new import token and public key, use the new public key to encrypt the key material, and * then try the request again. * @throws InvalidImportTokenException * The request was rejected because the provided import token is invalid or is associated with a different * customer master key (CMK). * @sample AWSKMS.ImportKeyMaterial * @see AWS API * Documentation */ ImportKeyMaterialResult importKeyMaterial(ImportKeyMaterialRequest importKeyMaterialRequest); /** * * Lists all of the key aliases in the account. * * * @param listAliasesRequest * @return Result of the ListAliases operation returned by the service. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidMarkerException * The request was rejected because the marker that specifies where pagination should next begin is not * valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @sample AWSKMS.ListAliases * @see AWS API * Documentation */ ListAliasesResult listAliases(ListAliasesRequest listAliasesRequest); /** * Simplified method form for invoking the ListAliases operation. * * @see #listAliases(ListAliasesRequest) */ ListAliasesResult listAliases(); /** * * List the grants for a specified key. * * * @param listGrantsRequest * @return Result of the ListGrants operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidMarkerException * The request was rejected because the marker that specifies where pagination should next begin is not * valid. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.ListGrants * @see AWS API * Documentation */ ListGrantsResult listGrants(ListGrantsRequest listGrantsRequest); /** * * Retrieves a list of policies attached to a key. * * * @param listKeyPoliciesRequest * @return Result of the ListKeyPolicies operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.ListKeyPolicies * @see AWS API * Documentation */ ListKeyPoliciesResult listKeyPolicies(ListKeyPoliciesRequest listKeyPoliciesRequest); /** * * Lists the customer master keys. * * * @param listKeysRequest * @return Result of the ListKeys operation returned by the service. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws InvalidMarkerException * The request was rejected because the marker that specifies where pagination should next begin is not * valid. * @sample AWSKMS.ListKeys * @see AWS API * Documentation */ ListKeysResult listKeys(ListKeysRequest listKeysRequest); /** * Simplified method form for invoking the ListKeys operation. * * @see #listKeys(ListKeysRequest) */ ListKeysResult listKeys(); /** * * Returns a list of all tags for the specified customer master key (CMK). * * * @param listResourceTagsRequest * @return Result of the ListResourceTags operation returned by the service. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws InvalidMarkerException * The request was rejected because the marker that specifies where pagination should next begin is not * valid. * @sample AWSKMS.ListResourceTags * @see AWS API * Documentation */ ListResourceTagsResult listResourceTags(ListResourceTagsRequest listResourceTagsRequest); /** * * Returns a list of all grants for which the grant's RetiringPrincipal matches the one specified. * * * A typical use is to list all grants that you are able to retire. To retire a grant, use RetireGrant. * * * @param listRetirableGrantsRequest * @return Result of the ListRetirableGrants operation returned by the service. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidMarkerException * The request was rejected because the marker that specifies where pagination should next begin is not * valid. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @sample AWSKMS.ListRetirableGrants * @see AWS API * Documentation */ ListRetirableGrantsResult listRetirableGrants(ListRetirableGrantsRequest listRetirableGrantsRequest); /** * * Attaches a key policy to the specified customer master key (CMK). * * * For more information about key policies, see Key Policies in the AWS Key * Management Service Developer Guide. * * * @param putKeyPolicyRequest * @return Result of the PutKeyPolicy operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws MalformedPolicyDocumentException * The request was rejected because the specified policy is not syntactically or semantically correct. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws UnsupportedOperationException * The request was rejected because a specified parameter is not supported or a specified resource is not * valid for this operation. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws LimitExceededException * The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key * Management Service Developer Guide. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.PutKeyPolicy * @see AWS API * Documentation */ PutKeyPolicyResult putKeyPolicy(PutKeyPolicyRequest putKeyPolicyRequest); /** * * Encrypts data on the server side with a new customer master key (CMK) without exposing the plaintext of the data * on the client side. The data is first decrypted and then reencrypted. You can also use this operation to change * the encryption context of a ciphertext. * * * Unlike other operations, ReEncrypt is authorized twice, once as ReEncryptFrom on the * source CMK and once as ReEncryptTo on the destination CMK. We recommend that you include the * "kms:ReEncrypt*" permission in your key policies to permit * reencryption from or to the CMK. This permission is automatically included in the key policy when you create a * CMK through the console, but you must include it manually when you create a CMK programmatically or when you set * a key policy with the PutKeyPolicy operation. * * * @param reEncryptRequest * @return Result of the ReEncrypt operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DisabledException * The request was rejected because the specified CMK is not enabled. * @throws InvalidCiphertextException * The request was rejected because the specified ciphertext has been corrupted or is otherwise invalid. * @throws KeyUnavailableException * The request was rejected because the specified CMK was not available. The request can be retried. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidKeyUsageException * The request was rejected because the specified KeySpec value is not valid. * @throws InvalidGrantTokenException * The request was rejected because the specified grant token is not valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.ReEncrypt * @see AWS API * Documentation */ ReEncryptResult reEncrypt(ReEncryptRequest reEncryptRequest); /** * * Retires a grant. To clean up, you can retire a grant when you're done using it. You should revoke a grant when * you intend to actively deny operations that depend on it. The following are permitted to call this API: * * * * * The AWS account (root user) under which the grant was created * * * * * The RetiringPrincipal, if present in the grant * * * * * The GranteePrincipal, if RetireGrant is an operation specified in the grant * * * * * You must identify the grant to retire by its grant token or by a combination of the grant ID and the Amazon * Resource Name (ARN) of the customer master key (CMK). A grant token is a unique variable-length base64-encoded * string. A grant ID is a 64 character unique identifier of a grant. The CreateGrant operation returns both. * * * @param retireGrantRequest * @return Result of the RetireGrant operation returned by the service. * @throws InvalidGrantTokenException * The request was rejected because the specified grant token is not valid. * @throws InvalidGrantIdException * The request was rejected because the specified GrantId is not valid. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.RetireGrant * @see AWS API * Documentation */ RetireGrantResult retireGrant(RetireGrantRequest retireGrantRequest); /** * Simplified method form for invoking the RetireGrant operation. * * @see #retireGrant(RetireGrantRequest) */ RetireGrantResult retireGrant(); /** * * Revokes a grant. You can revoke a grant to actively deny operations that depend on it. * * * @param revokeGrantRequest * @return Result of the RevokeGrant operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws InvalidGrantIdException * The request was rejected because the specified GrantId is not valid. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.RevokeGrant * @see AWS API * Documentation */ RevokeGrantResult revokeGrant(RevokeGrantRequest revokeGrantRequest); /** * * Schedules the deletion of a customer master key (CMK). You may provide a waiting period, specified in days, * before deletion occurs. If you do not provide a waiting period, the default period of 30 days is used. When this * operation is successful, the state of the CMK changes to PendingDeletion. Before the waiting period * ends, you can use CancelKeyDeletion to cancel the deletion of the CMK. After the waiting period ends, AWS * KMS deletes the CMK and all AWS KMS data associated with it, including all aliases that refer to it. * * * * Deleting a CMK is a destructive and potentially dangerous operation. When a CMK is deleted, all data that was * encrypted under the CMK is rendered unrecoverable. To restrict the use of a CMK without deleting it, use * DisableKey. * * * * For more information about scheduling a CMK for deletion, see Deleting Customer Master Keys * in the AWS Key Management Service Developer Guide. * * * @param scheduleKeyDeletionRequest * @return Result of the ScheduleKeyDeletion operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.ScheduleKeyDeletion * @see AWS API * Documentation */ ScheduleKeyDeletionResult scheduleKeyDeletion(ScheduleKeyDeletionRequest scheduleKeyDeletionRequest); /** * * Adds or overwrites one or more tags for the specified customer master key (CMK). * * * Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be * empty (null) strings. * * * You cannot use the same tag key more than once per CMK. For example, consider a CMK with one tag whose tag key is * Purpose and tag value is Test. If you send a TagResource request for this * CMK with a tag key of Purpose and a tag value of Prod, it does not create a second tag. * Instead, the original tag is overwritten with the new tag value. * * * @param tagResourceRequest * @return Result of the TagResource operation returned by the service. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @throws LimitExceededException * The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key * Management Service Developer Guide. * @throws TagException * The request was rejected because one or more tags are not valid. * @sample AWSKMS.TagResource * @see AWS API * Documentation */ TagResourceResult tagResource(TagResourceRequest tagResourceRequest); /** * * Removes the specified tag or tags from the specified customer master key (CMK). * * * To remove a tag, you specify the tag key for each tag to remove. You do not specify the tag value. To overwrite * the tag value for an existing tag, use TagResource. * * * @param untagResourceRequest * @return Result of the UntagResource operation returned by the service. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @throws TagException * The request was rejected because one or more tags are not valid. * @sample AWSKMS.UntagResource * @see AWS API * Documentation */ UntagResourceResult untagResource(UntagResourceRequest untagResourceRequest); /** * * Updates an alias to map it to a different key. * * * An alias is not a property of a key. Therefore, an alias can be mapped to and unmapped from an existing key * without changing the properties of the key. * * * An alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An * alias must start with the word "alias" followed by a forward slash (alias/). An alias that begins with "aws" * after the forward slash (alias/aws...) is reserved by Amazon Web Services (AWS). * * * The alias and the key it is mapped to must be in the same AWS account and the same region. * * * @param updateAliasRequest * @return Result of the UpdateAlias operation returned by the service. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.UpdateAlias * @see AWS API * Documentation */ UpdateAliasResult updateAlias(UpdateAliasRequest updateAliasRequest); /** * * Updates the description of a customer master key (CMK). * * * @param updateKeyDescriptionRequest * @return Result of the UpdateKeyDescription operation returned by the service. * @throws NotFoundException * The request was rejected because the specified entity or resource could not be found. * @throws InvalidArnException * The request was rejected because a specified ARN was not valid. * @throws DependencyTimeoutException * The system timed out while trying to fulfill the request. The request can be retried. * @throws KMSInternalException * The request was rejected because an internal exception occurred. The request can be retried. * @throws KMSInvalidStateException * The request was rejected because the state of the specified resource is not valid for this request. * * For more information about how key state affects the use of a CMK, see How Key State Affects Use of a * Customer Master Key in the AWS Key Management Service Developer Guide. * @sample AWSKMS.UpdateKeyDescription * @see AWS API * Documentation */ UpdateKeyDescriptionResult updateKeyDescription(UpdateKeyDescriptionRequest updateKeyDescriptionRequest); /** * Shuts down this client object, releasing any resources that might be held open. This is an optional method, and * callers are not expected to call it, but can if they want to explicitly release any open resources. Once a client * has been shutdown, it should not be used to make any more requests. */ void shutdown(); /** * Returns additional metadata for a previously executed successful request, typically used for debugging issues * where a service isn't acting as expected. This data isn't considered part of the result data returned by an * operation, so it's available through this separate, diagnostic interface. *

* Response metadata is only cached for a limited period of time, so if you need to access this extra diagnostic * information for an executed request, you should use this method to retrieve it as soon as possible after * executing a request. * * @param request * The originally executed request. * * @return The response metadata for the specified request, or null if none is available. */ ResponseMetadata getCachedResponseMetadata(AmazonWebServiceRequest request); }