org.apache.inlong.sort.filesystem.shaded.com.amazonaws.services.kms.model.ReplicateKeyRequest Maven / Gradle / Ivy
/*
* Copyright 2017-2022 Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License"). You may not use this file except in compliance with
* the License. A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
* CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions
* and limitations under the License.
*/
package com.amazonaws.services.kms.model;
import java.io.Serializable;
import javax.annotation.Generated;
import com.amazonaws.AmazonWebServiceRequest;
/**
*
* @see AWS API
* Documentation
*/
@Generated("com.amazonaws:aws-java-sdk-code-generator")
public class ReplicateKeyRequest extends com.amazonaws.AmazonWebServiceRequest implements Serializable, Cloneable {
/**
*
* Identifies the multi-Region primary key that is being replicated. To determine whether a KMS key is a
* multi-Region primary key, use the DescribeKey operation to check the value of the
* MultiRegionKeyType
property.
*
*
* Specify the key ID or key ARN of a multi-Region primary key.
*
*
* For example:
*
*
* -
*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
*
*/
private String keyId;
/**
*
* The Region ID of the Amazon Web Services Region for this replica key.
*
*
* Enter the Region ID, such as us-east-1
or ap-southeast-2
. For a list of Amazon Web
* Services Regions in which KMS is supported, see KMS service endpoints in the
* Amazon Web Services General Reference.
*
*
*
* HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to replicate an HMAC KMS key in an
* Amazon Web Services Region in which HMAC keys are not supported, the ReplicateKey
operation returns
* an UnsupportedOperationException
. For a list of Regions in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key
* Management Service Developer Guide.
*
*
*
* The replica must be in a different Amazon Web Services Region than its primary key and other replicas of that
* primary key, but in the same Amazon Web Services partition. KMS must be available in the replica Region. If the
* Region is not enabled by default, the Amazon Web Services account must be enabled in the Region. For information
* about Amazon Web Services partitions, see Amazon Resource Names
* (ARNs) in the Amazon Web Services General Reference. For information about enabling and disabling
* Regions, see Enabling a Region
* and Disabling a
* Region in the Amazon Web Services General Reference.
*
*/
private String replicaRegion;
/**
*
* The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy, KMS
* attaches the default key
* policy to the KMS key.
*
*
* The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a different
* key policy for each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck
to true, the key policy must give the caller
* kms:PutKeyPolicy
permission on the replica key. This reduces the risk that the KMS key becomes
* unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role),
* you might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Identity and Access Management User
* Guide .
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020
) through the end of the ASCII character
* range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
).
*
*
* -
*
* The tab (\u0009
), line feed (\u000A
), and carriage return (\u000D
) special
* characters
*
*
*
*
* For information about key policies, see Key policies in KMS in the
* Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in
* the Identity and Access Management User Guide .
*
*/
private String policy;
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy
request on the KMS key.
*
*
* The default value is false.
*
*/
private Boolean bypassPolicyLockoutSafetyCheck;
/**
*
* A description of the KMS key. The default value is an empty string (no description).
*
*
* The description is not a shared property of multi-Region keys. You can specify the same description or a
* different description for each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*/
private String description;
/**
*
* Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key
* in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*/
private com.amazonaws.internal.SdkInternalList tags;
/**
*
* Identifies the multi-Region primary key that is being replicated. To determine whether a KMS key is a
* multi-Region primary key, use the DescribeKey operation to check the value of the
* MultiRegionKeyType
property.
*
*
* Specify the key ID or key ARN of a multi-Region primary key.
*
*
* For example:
*
*
* -
*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
*
*
* @param keyId
* Identifies the multi-Region primary key that is being replicated. To determine whether a KMS key is a
* multi-Region primary key, use the DescribeKey operation to check the value of the
* MultiRegionKeyType
property.
*
* Specify the key ID or key ARN of a multi-Region primary key.
*
*
* For example:
*
*
* -
*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
*/
public void setKeyId(String keyId) {
this.keyId = keyId;
}
/**
*
* Identifies the multi-Region primary key that is being replicated. To determine whether a KMS key is a
* multi-Region primary key, use the DescribeKey operation to check the value of the
* MultiRegionKeyType
property.
*
*
* Specify the key ID or key ARN of a multi-Region primary key.
*
*
* For example:
*
*
* -
*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
*
*
* @return Identifies the multi-Region primary key that is being replicated. To determine whether a KMS key is a
* multi-Region primary key, use the DescribeKey operation to check the value of the
* MultiRegionKeyType
property.
*
* Specify the key ID or key ARN of a multi-Region primary key.
*
*
* For example:
*
*
* -
*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
*/
public String getKeyId() {
return this.keyId;
}
/**
*
* Identifies the multi-Region primary key that is being replicated. To determine whether a KMS key is a
* multi-Region primary key, use the DescribeKey operation to check the value of the
* MultiRegionKeyType
property.
*
*
* Specify the key ID or key ARN of a multi-Region primary key.
*
*
* For example:
*
*
* -
*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
*
*
* @param keyId
* Identifies the multi-Region primary key that is being replicated. To determine whether a KMS key is a
* multi-Region primary key, use the DescribeKey operation to check the value of the
* MultiRegionKeyType
property.
*
* Specify the key ID or key ARN of a multi-Region primary key.
*
*
* For example:
*
*
* -
*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab
*
*
* -
*
* Key ARN: arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
*
*
*
*
* To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReplicateKeyRequest withKeyId(String keyId) {
setKeyId(keyId);
return this;
}
/**
*
* The Region ID of the Amazon Web Services Region for this replica key.
*
*
* Enter the Region ID, such as us-east-1
or ap-southeast-2
. For a list of Amazon Web
* Services Regions in which KMS is supported, see KMS service endpoints in the
* Amazon Web Services General Reference.
*
*
*
* HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to replicate an HMAC KMS key in an
* Amazon Web Services Region in which HMAC keys are not supported, the ReplicateKey
operation returns
* an UnsupportedOperationException
. For a list of Regions in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key
* Management Service Developer Guide.
*
*
*
* The replica must be in a different Amazon Web Services Region than its primary key and other replicas of that
* primary key, but in the same Amazon Web Services partition. KMS must be available in the replica Region. If the
* Region is not enabled by default, the Amazon Web Services account must be enabled in the Region. For information
* about Amazon Web Services partitions, see Amazon Resource Names
* (ARNs) in the Amazon Web Services General Reference. For information about enabling and disabling
* Regions, see Enabling a Region
* and Disabling a
* Region in the Amazon Web Services General Reference.
*
*
* @param replicaRegion
* The Region ID of the Amazon Web Services Region for this replica key.
*
* Enter the Region ID, such as us-east-1
or ap-southeast-2
. For a list of Amazon
* Web Services Regions in which KMS is supported, see KMS service endpoints in the
* Amazon Web Services General Reference.
*
*
*
* HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to replicate an HMAC KMS
* key in an Amazon Web Services Region in which HMAC keys are not supported, the ReplicateKey
* operation returns an UnsupportedOperationException
. For a list of Regions in which HMAC KMS
* keys are supported, see HMAC
* keys in KMS in the Key Management Service Developer Guide.
*
*
*
* The replica must be in a different Amazon Web Services Region than its primary key and other replicas of
* that primary key, but in the same Amazon Web Services partition. KMS must be available in the replica
* Region. If the Region is not enabled by default, the Amazon Web Services account must be enabled in the
* Region. For information about Amazon Web Services partitions, see Amazon Resource Names
* (ARNs) in the Amazon Web Services General Reference. For information about enabling and
* disabling Regions, see Enabling a
* Region and Disabling a
* Region in the Amazon Web Services General Reference.
*/
public void setReplicaRegion(String replicaRegion) {
this.replicaRegion = replicaRegion;
}
/**
*
* The Region ID of the Amazon Web Services Region for this replica key.
*
*
* Enter the Region ID, such as us-east-1
or ap-southeast-2
. For a list of Amazon Web
* Services Regions in which KMS is supported, see KMS service endpoints in the
* Amazon Web Services General Reference.
*
*
*
* HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to replicate an HMAC KMS key in an
* Amazon Web Services Region in which HMAC keys are not supported, the ReplicateKey
operation returns
* an UnsupportedOperationException
. For a list of Regions in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key
* Management Service Developer Guide.
*
*
*
* The replica must be in a different Amazon Web Services Region than its primary key and other replicas of that
* primary key, but in the same Amazon Web Services partition. KMS must be available in the replica Region. If the
* Region is not enabled by default, the Amazon Web Services account must be enabled in the Region. For information
* about Amazon Web Services partitions, see Amazon Resource Names
* (ARNs) in the Amazon Web Services General Reference. For information about enabling and disabling
* Regions, see Enabling a Region
* and Disabling a
* Region in the Amazon Web Services General Reference.
*
*
* @return The Region ID of the Amazon Web Services Region for this replica key.
*
* Enter the Region ID, such as us-east-1
or ap-southeast-2
. For a list of Amazon
* Web Services Regions in which KMS is supported, see KMS service endpoints in the
* Amazon Web Services General Reference.
*
*
*
* HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to replicate an HMAC KMS
* key in an Amazon Web Services Region in which HMAC keys are not supported, the ReplicateKey
* operation returns an UnsupportedOperationException
. For a list of Regions in which HMAC KMS
* keys are supported, see HMAC
* keys in KMS in the Key Management Service Developer Guide.
*
*
*
* The replica must be in a different Amazon Web Services Region than its primary key and other replicas of
* that primary key, but in the same Amazon Web Services partition. KMS must be available in the replica
* Region. If the Region is not enabled by default, the Amazon Web Services account must be enabled in the
* Region. For information about Amazon Web Services partitions, see Amazon Resource Names
* (ARNs) in the Amazon Web Services General Reference. For information about enabling and
* disabling Regions, see Enabling a
* Region and Disabling a
* Region in the Amazon Web Services General Reference.
*/
public String getReplicaRegion() {
return this.replicaRegion;
}
/**
*
* The Region ID of the Amazon Web Services Region for this replica key.
*
*
* Enter the Region ID, such as us-east-1
or ap-southeast-2
. For a list of Amazon Web
* Services Regions in which KMS is supported, see KMS service endpoints in the
* Amazon Web Services General Reference.
*
*
*
* HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to replicate an HMAC KMS key in an
* Amazon Web Services Region in which HMAC keys are not supported, the ReplicateKey
operation returns
* an UnsupportedOperationException
. For a list of Regions in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key
* Management Service Developer Guide.
*
*
*
* The replica must be in a different Amazon Web Services Region than its primary key and other replicas of that
* primary key, but in the same Amazon Web Services partition. KMS must be available in the replica Region. If the
* Region is not enabled by default, the Amazon Web Services account must be enabled in the Region. For information
* about Amazon Web Services partitions, see Amazon Resource Names
* (ARNs) in the Amazon Web Services General Reference. For information about enabling and disabling
* Regions, see Enabling a Region
* and Disabling a
* Region in the Amazon Web Services General Reference.
*
*
* @param replicaRegion
* The Region ID of the Amazon Web Services Region for this replica key.
*
* Enter the Region ID, such as us-east-1
or ap-southeast-2
. For a list of Amazon
* Web Services Regions in which KMS is supported, see KMS service endpoints in the
* Amazon Web Services General Reference.
*
*
*
* HMAC KMS keys are not supported in all Amazon Web Services Regions. If you try to replicate an HMAC KMS
* key in an Amazon Web Services Region in which HMAC keys are not supported, the ReplicateKey
* operation returns an UnsupportedOperationException
. For a list of Regions in which HMAC KMS
* keys are supported, see HMAC
* keys in KMS in the Key Management Service Developer Guide.
*
*
*
* The replica must be in a different Amazon Web Services Region than its primary key and other replicas of
* that primary key, but in the same Amazon Web Services partition. KMS must be available in the replica
* Region. If the Region is not enabled by default, the Amazon Web Services account must be enabled in the
* Region. For information about Amazon Web Services partitions, see Amazon Resource Names
* (ARNs) in the Amazon Web Services General Reference. For information about enabling and
* disabling Regions, see Enabling a
* Region and Disabling a
* Region in the Amazon Web Services General Reference.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReplicateKeyRequest withReplicaRegion(String replicaRegion) {
setReplicaRegion(replicaRegion);
return this;
}
/**
*
* The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy, KMS
* attaches the default key
* policy to the KMS key.
*
*
* The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a different
* key policy for each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck
to true, the key policy must give the caller
* kms:PutKeyPolicy
permission on the replica key. This reduces the risk that the KMS key becomes
* unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role),
* you might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Identity and Access Management User
* Guide .
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020
) through the end of the ASCII character
* range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
).
*
*
* -
*
* The tab (\u0009
), line feed (\u000A
), and carriage return (\u000D
) special
* characters
*
*
*
*
* For information about key policies, see Key policies in KMS in the
* Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in
* the Identity and Access Management User Guide .
*
*
* @param policy
* The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy,
* KMS attaches the default
* key policy to the KMS key.
*
* The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a
* different key policy for each key in a set of related multi-Region keys. KMS does not synchronize this
* property.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck
to true, the key policy must give the caller
* kms:PutKeyPolicy
permission on the replica key. This reduces the risk that the KMS key
* becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM
* user or role), you might need to enforce a delay before including the new principal in a key policy
* because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Identity and Access Management
* User Guide .
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020
) through the end of the ASCII
* character range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
* ).
*
*
* -
*
* The tab (\u0009
), line feed (\u000A
), and carriage return (\u000D
)
* special characters
*
*
*
*
* For information about key policies, see Key policies in KMS in
* the Key Management Service Developer Guide. For help writing and formatting a JSON policy document,
* see the IAM JSON Policy
* Reference in the Identity and Access Management User Guide .
*/
public void setPolicy(String policy) {
this.policy = policy;
}
/**
*
* The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy, KMS
* attaches the default key
* policy to the KMS key.
*
*
* The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a different
* key policy for each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck
to true, the key policy must give the caller
* kms:PutKeyPolicy
permission on the replica key. This reduces the risk that the KMS key becomes
* unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role),
* you might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Identity and Access Management User
* Guide .
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020
) through the end of the ASCII character
* range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
).
*
*
* -
*
* The tab (\u0009
), line feed (\u000A
), and carriage return (\u000D
) special
* characters
*
*
*
*
* For information about key policies, see Key policies in KMS in the
* Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in
* the Identity and Access Management User Guide .
*
*
* @return The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy,
* KMS attaches the default
* key policy to the KMS key.
*
* The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a
* different key policy for each key in a set of related multi-Region keys. KMS does not synchronize this
* property.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck
to true, the key policy must give the caller
* kms:PutKeyPolicy
permission on the replica key. This reduces the risk that the KMS key
* becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an
* IAM user or role), you might need to enforce a delay before including the new principal in a key policy
* because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Identity and Access Management
* User Guide .
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020
) through the end of the ASCII
* character range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
* ).
*
*
* -
*
* The tab (\u0009
), line feed (\u000A
), and carriage return (\u000D
)
* special characters
*
*
*
*
* For information about key policies, see Key policies in KMS in
* the Key Management Service Developer Guide. For help writing and formatting a JSON policy
* document, see the IAM
* JSON Policy Reference in the Identity and Access Management User Guide .
*/
public String getPolicy() {
return this.policy;
}
/**
*
* The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy, KMS
* attaches the default key
* policy to the KMS key.
*
*
* The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a different
* key policy for each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck
to true, the key policy must give the caller
* kms:PutKeyPolicy
permission on the replica key. This reduces the risk that the KMS key becomes
* unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy must exist
* and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM user or role),
* you might need to enforce a delay before including the new principal in a key policy because the new principal
* might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Identity and Access Management User
* Guide .
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020
) through the end of the ASCII character
* range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
).
*
*
* -
*
* The tab (\u0009
), line feed (\u000A
), and carriage return (\u000D
) special
* characters
*
*
*
*
* For information about key policies, see Key policies in KMS in the
* Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in
* the Identity and Access Management User Guide .
*
*
* @param policy
* The key policy to attach to the KMS key. This parameter is optional. If you do not provide a key policy,
* KMS attaches the default
* key policy to the KMS key.
*
* The key policy is not a shared property of multi-Region keys. You can specify the same key policy or a
* different key policy for each key in a set of related multi-Region keys. KMS does not synchronize this
* property.
*
*
* If you provide a key policy, it must meet the following criteria:
*
*
* -
*
* If you don't set BypassPolicyLockoutSafetyCheck
to true, the key policy must give the caller
* kms:PutKeyPolicy
permission on the replica key. This reduces the risk that the KMS key
* becomes unmanageable. For more information, refer to the scenario in the Default Key Policy section of the Key Management Service Developer Guide .
*
*
* -
*
* Each statement in the key policy must contain one or more principals. The principals in the key policy
* must exist and be visible to KMS. When you create a new Amazon Web Services principal (for example, an IAM
* user or role), you might need to enforce a delay before including the new principal in a key policy
* because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Identity and Access Management
* User Guide .
*
*
*
*
* A key policy document can include only the following characters:
*
*
* -
*
* Printable ASCII characters from the space character (\u0020
) through the end of the ASCII
* character range.
*
*
* -
*
* Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF
* ).
*
*
* -
*
* The tab (\u0009
), line feed (\u000A
), and carriage return (\u000D
)
* special characters
*
*
*
*
* For information about key policies, see Key policies in KMS in
* the Key Management Service Developer Guide. For help writing and formatting a JSON policy document,
* see the IAM JSON Policy
* Reference in the Identity and Access Management User Guide .
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReplicateKeyRequest withPolicy(String policy) {
setPolicy(policy);
return this;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy
request on the KMS key.
*
*
* The default value is false.
*
*
* @param bypassPolicyLockoutSafetyCheck
* A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value
* to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy
request on the KMS key.
*
*
* The default value is false.
*/
public void setBypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
this.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy
request on the KMS key.
*
*
* The default value is false.
*
*
* @return A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this
* value to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy
request on the KMS key.
*
*
* The default value is false.
*/
public Boolean getBypassPolicyLockoutSafetyCheck() {
return this.bypassPolicyLockoutSafetyCheck;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy
request on the KMS key.
*
*
* The default value is false.
*
*
* @param bypassPolicyLockoutSafetyCheck
* A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value
* to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy
request on the KMS key.
*
*
* The default value is false.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReplicateKeyRequest withBypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) {
setBypassPolicyLockoutSafetyCheck(bypassPolicyLockoutSafetyCheck);
return this;
}
/**
*
* A flag to indicate whether to bypass the key policy lockout safety check.
*
*
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to
* true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy
request on the KMS key.
*
*
* The default value is false.
*
*
* @return A flag to indicate whether to bypass the key policy lockout safety check.
*
* Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this
* value to true indiscriminately.
*
*
* For more information, refer to the scenario in the Default Key Policy section in the Key Management Service Developer Guide.
*
*
*
* Use this parameter only when you intend to prevent the principal that is making the request from making a
* subsequent PutKeyPolicy
request on the KMS key.
*
*
* The default value is false.
*/
public Boolean isBypassPolicyLockoutSafetyCheck() {
return this.bypassPolicyLockoutSafetyCheck;
}
/**
*
* A description of the KMS key. The default value is an empty string (no description).
*
*
* The description is not a shared property of multi-Region keys. You can specify the same description or a
* different description for each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* @param description
* A description of the KMS key. The default value is an empty string (no description).
*
* The description is not a shared property of multi-Region keys. You can specify the same description or a
* different description for each key in a set of related multi-Region keys. KMS does not synchronize this
* property.
*/
public void setDescription(String description) {
this.description = description;
}
/**
*
* A description of the KMS key. The default value is an empty string (no description).
*
*
* The description is not a shared property of multi-Region keys. You can specify the same description or a
* different description for each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* @return A description of the KMS key. The default value is an empty string (no description).
*
* The description is not a shared property of multi-Region keys. You can specify the same description or a
* different description for each key in a set of related multi-Region keys. KMS does not synchronize this
* property.
*/
public String getDescription() {
return this.description;
}
/**
*
* A description of the KMS key. The default value is an empty string (no description).
*
*
* The description is not a shared property of multi-Region keys. You can specify the same description or a
* different description for each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* @param description
* A description of the KMS key. The default value is an empty string (no description).
*
* The description is not a shared property of multi-Region keys. You can specify the same description or a
* different description for each key in a set of related multi-Region keys. KMS does not synchronize this
* property.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReplicateKeyRequest withDescription(String description) {
setDescription(description);
return this;
}
/**
*
* Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key
* in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*
* @return Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To
* tag an existing KMS key, use the TagResource operation.
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key
* Management Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for
* each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the
* tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag
* key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value
* with the specified one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For
* details, see Tagging
* Keys.
*/
public java.util.List getTags() {
if (tags == null) {
tags = new com.amazonaws.internal.SdkInternalList();
}
return tags;
}
/**
*
* Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key
* in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*
* @param tags
* Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To
* tag an existing KMS key, use the TagResource operation.
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key
* Management Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for
* each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the
* tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag
* key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value
* with the specified one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For
* details, see Tagging
* Keys.
*/
public void setTags(java.util.Collection tags) {
if (tags == null) {
this.tags = null;
return;
}
this.tags = new com.amazonaws.internal.SdkInternalList(tags);
}
/**
*
* Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key
* in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*
* NOTE: This method appends the values to the existing list (if any). Use
* {@link #setTags(java.util.Collection)} or {@link #withTags(java.util.Collection)} if you want to override the
* existing values.
*
*
* @param tags
* Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To
* tag an existing KMS key, use the TagResource operation.
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key
* Management Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for
* each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the
* tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag
* key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value
* with the specified one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For
* details, see Tagging
* Keys.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReplicateKeyRequest withTags(Tag... tags) {
if (this.tags == null) {
setTags(new com.amazonaws.internal.SdkInternalList(tags.length));
}
for (Tag ele : tags) {
this.tags.add(ele);
}
return this;
}
/**
*
* Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To tag an
* existing KMS key, use the TagResource operation.
*
*
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key Management
* Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for each key
* in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the tag
* value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag key. If you
* specify an existing tag key with a different tag value, KMS replaces the current tag value with the specified
* one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
* usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging Keys.
*
*
* @param tags
* Assigns one or more tags to the replica key. Use this parameter to tag the KMS key when it is created. To
* tag an existing KMS key, use the TagResource operation.
*
* Tagging or untagging a KMS key can allow or deny permission to the KMS key. For details, see ABAC in KMS in the Key
* Management Service Developer Guide.
*
*
*
* To use this parameter, you must have kms:TagResource permission in an IAM policy.
*
*
* Tags are not a shared property of multi-Region keys. You can specify the same tags or different tags for
* each key in a set of related multi-Region keys. KMS does not synchronize this property.
*
*
* Each tag consists of a tag key and a tag value. Both the tag key and the tag value are required, but the
* tag value can be an empty (null) string. You cannot have more than one tag on a KMS key with the same tag
* key. If you specify an existing tag key with a different tag value, KMS replaces the current tag value
* with the specified one.
*
*
* When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation
* report with usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For
* details, see Tagging
* Keys.
* @return Returns a reference to this object so that method calls can be chained together.
*/
public ReplicateKeyRequest withTags(java.util.Collection tags) {
setTags(tags);
return this;
}
/**
* Returns a string representation of this object. This is useful for testing and debugging. Sensitive data will be
* redacted from this string using a placeholder value.
*
* @return A string representation of this object.
*
* @see java.lang.Object#toString()
*/
@Override
public String toString() {
StringBuilder sb = new StringBuilder();
sb.append("{");
if (getKeyId() != null)
sb.append("KeyId: ").append(getKeyId()).append(",");
if (getReplicaRegion() != null)
sb.append("ReplicaRegion: ").append(getReplicaRegion()).append(",");
if (getPolicy() != null)
sb.append("Policy: ").append(getPolicy()).append(",");
if (getBypassPolicyLockoutSafetyCheck() != null)
sb.append("BypassPolicyLockoutSafetyCheck: ").append(getBypassPolicyLockoutSafetyCheck()).append(",");
if (getDescription() != null)
sb.append("Description: ").append(getDescription()).append(",");
if (getTags() != null)
sb.append("Tags: ").append(getTags());
sb.append("}");
return sb.toString();
}
@Override
public boolean equals(Object obj) {
if (this == obj)
return true;
if (obj == null)
return false;
if (obj instanceof ReplicateKeyRequest == false)
return false;
ReplicateKeyRequest other = (ReplicateKeyRequest) obj;
if (other.getKeyId() == null ^ this.getKeyId() == null)
return false;
if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == false)
return false;
if (other.getReplicaRegion() == null ^ this.getReplicaRegion() == null)
return false;
if (other.getReplicaRegion() != null && other.getReplicaRegion().equals(this.getReplicaRegion()) == false)
return false;
if (other.getPolicy() == null ^ this.getPolicy() == null)
return false;
if (other.getPolicy() != null && other.getPolicy().equals(this.getPolicy()) == false)
return false;
if (other.getBypassPolicyLockoutSafetyCheck() == null ^ this.getBypassPolicyLockoutSafetyCheck() == null)
return false;
if (other.getBypassPolicyLockoutSafetyCheck() != null
&& other.getBypassPolicyLockoutSafetyCheck().equals(this.getBypassPolicyLockoutSafetyCheck()) == false)
return false;
if (other.getDescription() == null ^ this.getDescription() == null)
return false;
if (other.getDescription() != null && other.getDescription().equals(this.getDescription()) == false)
return false;
if (other.getTags() == null ^ this.getTags() == null)
return false;
if (other.getTags() != null && other.getTags().equals(this.getTags()) == false)
return false;
return true;
}
@Override
public int hashCode() {
final int prime = 31;
int hashCode = 1;
hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode());
hashCode = prime * hashCode + ((getReplicaRegion() == null) ? 0 : getReplicaRegion().hashCode());
hashCode = prime * hashCode + ((getPolicy() == null) ? 0 : getPolicy().hashCode());
hashCode = prime * hashCode + ((getBypassPolicyLockoutSafetyCheck() == null) ? 0 : getBypassPolicyLockoutSafetyCheck().hashCode());
hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode());
hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode());
return hashCode;
}
@Override
public ReplicateKeyRequest clone() {
return (ReplicateKeyRequest) super.clone();
}
}