String keyId
The unique identifier for the customer master key (CMK) for which to cancel deletion.
To specify this value, use the unique key ID or the Amazon Resource Name (ARN) of the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd- 56ef-1234567890ab
To obtain the unique key ID and key ARN for a given CMK, use ListKeys or DescribeKey.
String keyId
The unique identifier of the master key for which deletion is canceled.
String aliasName
String that contains the display name. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/AWS" are reserved.
String targetKeyId
An identifier of the key for which you are creating the alias. This value cannot be another alias but can be a globally unique identifier or a fully specified ARN to a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
String keyId
The unique identifier for the customer master key (CMK) that the grant applies to.
To specify this value, use the globally unique key ID or the Amazon Resource Name (ARN) of the key. Examples:
Globally unique key ID: 12345678-1234-1234-1234-123456789012
Key ARN: arn:aws:kms:us-west-2:123456789012:key/12345678-1234-1234-1234- 123456789012
String granteePrincipal
The principal that is given permission to perform the operations that the grant permits.
To specify the principal, use the Amazon Resource Name (ARN) of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see AWS Identity and Access Management (IAM) in the Example ARNs section of the AWS General Reference.
String retiringPrincipal
The principal that is given permission to retire the grant by using RetireGrant operation.
To specify the principal, use the Amazon Resource Name (ARN) of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see AWS Identity and Access Management (IAM) in the Example ARNs section of the AWS General Reference.
com.amazonaws.internal.SdkInternalList<T> operations
A list of operations that the grant permits. The list can contain any combination of one or more of the following values:
GrantConstraints constraints
The conditions under which the operations permitted by the grant are allowed.
You can use this value to allow the operations permitted by the grant only when a specified encryption context is present. For more information, see Encryption Context in the AWS Key Management Service Developer Guide.
com.amazonaws.internal.SdkInternalList<T> grantTokens
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
String name
A friendly name for identifying the grant. Use this value to prevent unintended creation of duplicate grants when retrying this request.
When this value is absent, all CreateGrant requests result
in a new grant with a unique GrantId even if all the
supplied parameters are identical. This can result in unintended
duplicates when you retry the CreateGrant request.
When this value is present, you can retry a CreateGrant
request with identical parameters; if the grant already exists, the
original GrantId is returned without creating a new grant.
Note that the returned grant token is unique with every
CreateGrant request, even when a duplicate
GrantId is returned. All grant tokens obtained in this way
can be used interchangeably.
String grantToken
The grant token.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
String grantId
The unique identifier for the grant.
You can use the GrantId in a subsequent RetireGrant
or RevokeGrant operation.
String policy
The key policy to attach to the CMK.
If you specify a key policy, it must meet the following criteria:
It must allow the principal making the CreateKey request to
make a subsequent PutKeyPolicy request on the CMK. This reduces
the likelihood that the CMK becomes unmanageable. For more information,
refer to the scenario in the Default Key Policy section in the AWS Key Management Service
Developer Guide.
The principal(s) specified in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before specifying the new principal in a key policy because the new principal might not immediately be visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the IAM User Guide.
If you do not specify a policy, AWS KMS attaches a default key policy to the CMK. For more information, see Default Key Policy in the AWS Key Management Service Developer Guide.
The policy size limit is 32 KiB (32768 bytes).
String description
A description of the CMK.
Use a description that helps you decide whether the CMK is appropriate for a task.
String keyUsage
The intended use of the CMK.
You can use CMKs only for symmetric encryption and decryption.
Boolean bypassPolicyLockoutSafetyCheck
A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you include a policy in the request and you intend to prevent the principal making the request from making a subsequent PutKeyPolicy request on the CMK.
The default value is false.
KeyMetadata keyMetadata
Metadata associated with the CMK.
ByteBuffer ciphertextBlob
Ciphertext to be decrypted. The blob includes metadata.
com.amazonaws.internal.SdkInternalMap<K,V> encryptionContext
The encryption context. If this was specified in the Encrypt function, it must be specified here or the decryption operation will fail. For more information, see Encryption Context.
com.amazonaws.internal.SdkInternalList<T> grantTokens
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
String keyId
ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.
ByteBuffer plaintext
Decrypted plaintext data. This value may not be returned if the customer master key is not available or if you didn't have permission to use it.
String aliasName
The alias to be deleted. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/AWS" are reserved.
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
Alias Name Example - alias/MyAliasName
com.amazonaws.internal.SdkInternalList<T> grantTokens
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
KeyMetadata keyMetadata
Metadata associated with the key.
String keyId
A unique identifier for the CMK.
Use the CMK's unique identifier or its Amazon Resource Name (ARN). For example:
Unique ID: 1234abcd-12ab-34cd-56ef-1234567890ab
ARN: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd- 56ef-1234567890ab
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
Alias Name Example - alias/MyAliasName
ByteBuffer plaintext
Data to be encrypted.
com.amazonaws.internal.SdkInternalMap<K,V> encryptionContext
Name/value pair that specifies the encryption context to be used for
authenticated encryption. If used here, the same value must be supplied
to the Decrypt API or decryption will fail. For more
information, see Encryption Context.
com.amazonaws.internal.SdkInternalList<T> grantTokens
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
ByteBuffer ciphertextBlob
The encrypted plaintext. If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.
String keyId
The ID of the key used during encryption.
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
Alias Name Example - alias/MyAliasName
com.amazonaws.internal.SdkInternalMap<K,V> encryptionContext
Name/value pair that contains additional data to be authenticated during the encryption and decryption processes that use the key. This value is logged by AWS CloudTrail to provide context around the data encrypted by the key.
Integer numberOfBytes
Integer that contains the number of bytes to generate. Common values are
128, 256, 512, and 1024. 1024 is the current limit. We recommend that you
use the KeySpec parameter instead.
String keySpec
Value that identifies the encryption algorithm and key size to generate a data key for. Currently this can be AES_128 or AES_256.
com.amazonaws.internal.SdkInternalList<T> grantTokens
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
ByteBuffer ciphertextBlob
Ciphertext that contains the encrypted data key. You must store the blob and enough information to reconstruct the encryption context so that the data encrypted by using the key can later be decrypted. You must provide both the ciphertext blob and the encryption context to the Decrypt API to recover the plaintext data key and decrypt the object.
If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.
ByteBuffer plaintext
Plaintext that contains the data key. Use this for encryption and decryption and then remove it from memory as soon as possible.
String keyId
System generated unique identifier of the key to be used to decrypt the encrypted copy of the data key.
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
Alias Name Example - alias/MyAliasName
com.amazonaws.internal.SdkInternalMap<K,V> encryptionContext
Name:value pair that contains additional data to be authenticated during the encryption and decryption processes.
String keySpec
Value that identifies the encryption algorithm and key size. Currently this can be AES_128 or AES_256.
Integer numberOfBytes
Integer that contains the number of bytes to generate. Common values are
128, 256, 512, 1024 and so on. We recommend that you use the
KeySpec parameter instead.
com.amazonaws.internal.SdkInternalList<T> grantTokens
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
ByteBuffer ciphertextBlob
Ciphertext that contains the wrapped data key. You must store the blob and encryption context so that the key can be used in a future decrypt operation.
If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.
String keyId
System generated unique identifier of the key to be used to decrypt the encrypted copy of the data key.
Integer numberOfBytes
Integer that contains the number of bytes to generate. Common values are 128, 256, 512, 1024 and so on. The current limit is 1024 bytes.
ByteBuffer plaintext
Plaintext that contains the unpredictable byte string.
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
String policyName
String that contains the name of the policy. Currently, this must be "default". Policy names can be discovered by calling ListKeyPolicies.
String policy
A policy document in JSON format.
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
Boolean keyRotationEnabled
A Boolean value that specifies whether key rotation is enabled.
com.amazonaws.internal.SdkInternalMap<K,V> encryptionContextSubset
Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.
com.amazonaws.internal.SdkInternalMap<K,V> encryptionContextEquals
Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.
String keyId
The unique identifier for the customer master key (CMK) to which the grant applies.
String grantId
The unique identifier for the grant.
String name
The friendly name that identifies the grant. If a name was provided in the CreateGrant request, that name is returned. Otherwise this value is null.
Date creationDate
The date and time when the grant was created.
String granteePrincipal
The principal that receives the grant's permissions.
String retiringPrincipal
The principal that can retire the grant.
String issuingAccount
The AWS account under which the grant was issued.
com.amazonaws.internal.SdkInternalList<T> operations
The list of operations permitted by the grant.
GrantConstraints constraints
The conditions under which the grant's operations are allowed.
String aWSAccountId
The twelve-digit account ID of the AWS account that owns the key.
String keyId
The globally unique identifier for the key.
String arn
The Amazon Resource Name (ARN) of the key. For examples, see AWS Key Management Service (AWS KMS) in the Example ARNs section of the AWS General Reference.
Date creationDate
The date and time when the key was created.
Boolean enabled
Specifies whether the key is enabled. When KeyState is
Enabled this value is true, otherwise it is false.
String description
The friendly description of the key.
String keyUsage
String keyState
The state of the customer master key (CMK).
For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a Customer Master Key in the AWS Key Management Service Developer Guide.
Date deletionDate
The date and time after which AWS KMS deletes the customer master key
(CMK). This value is present only when KeyState is
PendingDeletion, otherwise this value is null.
Integer limit
When paginating results, specify the maximum number of items to return in
the response. If additional items exist beyond the number you specify,
the Truncated element in the response is set to true.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
String marker
Use this parameter only when paginating results and only in a subsequent
request after you receive a response with truncated results. Set it to
the value of NextMarker from the response you just received.
com.amazonaws.internal.SdkInternalList<T> aliases
A list of key aliases in the user's account.
String nextMarker
When Truncated is true, this value is present and contains
the value to use for the Marker parameter in a subsequent
pagination request.
Boolean truncated
A flag that indicates whether there are more items in the list. If your
results were truncated, you can use the Marker parameter to
make a subsequent pagination request to retrieve more items in the list.
Integer limit
When paginating results, specify the maximum number of items to return in
the response. If additional items exist beyond the number you specify,
the Truncated element in the response is set to true.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
String marker
Use this parameter only when paginating results and only in a subsequent
request after you receive a response with truncated results. Set it to
the value of NextMarker from the response you just received.
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
com.amazonaws.internal.SdkInternalList<T> grants
A list of grants.
String nextMarker
When Truncated is true, this value is present and contains
the value to use for the Marker parameter in a subsequent
pagination request.
Boolean truncated
A flag that indicates whether there are more items in the list. If your
results were truncated, you can use the Marker parameter to
make a subsequent pagination request to retrieve more items in the list.
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
Alias Name Example - alias/MyAliasName
Integer limit
When paginating results, specify the maximum number of items to return in
the response. If additional items exist beyond the number you specify,
the Truncated element in the response is set to true.
This value is optional. If you include a value, it must be between 1 and 1000, inclusive. If you do not include a value, it defaults to 100.
Currently only 1 policy can be attached to a key.
String marker
Use this parameter only when paginating results and only in a subsequent
request after you receive a response with truncated results. Set it to
the value of NextMarker from the response you just received.
com.amazonaws.internal.SdkInternalList<T> policyNames
A list of policy names. Currently, there is only one policy and it is named "Default".
String nextMarker
When Truncated is true, this value is present and contains
the value to use for the Marker parameter in a subsequent
pagination request.
Boolean truncated
A flag that indicates whether there are more items in the list. If your
results were truncated, you can use the Marker parameter to
make a subsequent pagination request to retrieve more items in the list.
Integer limit
When paginating results, specify the maximum number of items to return in
the response. If additional items exist beyond the number you specify,
the Truncated element in the response is set to true.
This value is optional. If you include a value, it must be between 1 and 1000, inclusive. If you do not include a value, it defaults to 100.
String marker
Use this parameter only when paginating results and only in a subsequent
request after you receive a response with truncated results. Set it to
the value of NextMarker from the response you just received.
com.amazonaws.internal.SdkInternalList<T> keys
A list of keys.
String nextMarker
When Truncated is true, this value is present and contains
the value to use for the Marker parameter in a subsequent
pagination request.
Boolean truncated
A flag that indicates whether there are more items in the list. If your
results were truncated, you can use the Marker parameter to
make a subsequent pagination request to retrieve more items in the list.
Integer limit
When paginating results, specify the maximum number of items to return in
the response. If additional items exist beyond the number you specify,
the Truncated element in the response is set to true.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
String marker
Use this parameter only when paginating results and only in a subsequent
request after you receive a response with truncated results. Set it to
the value of NextMarker from the response you just received.
String retiringPrincipal
The retiring principal for which to list grants.
To specify the retiring principal, use the Amazon Resource Name (ARN) of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see AWS Identity and Access Management (IAM) in the Example ARNs section of the Amazon Web Services General Reference.
com.amazonaws.internal.SdkInternalList<T> grants
A list of grants.
String nextMarker
When Truncated is true, this value is present and contains
the value to use for the Marker parameter in a subsequent
pagination request.
Boolean truncated
A flag that indicates whether there are more items in the list. If your
results were truncated, you can use the Marker parameter to
make a subsequent pagination request to retrieve more items in the list.
String keyId
A unique identifier for the CMK.
Use the CMK's unique identifier or its Amazon Resource Name (ARN). For example:
Unique ID: 1234abcd-12ab-34cd-56ef-1234567890ab
ARN: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd- 56ef-1234567890ab
String policyName
The name of the key policy.
This value must be default.
String policy
The key policy to attach to the CMK.
The key policy must meet the following criteria:
It must allow the principal making the PutKeyPolicy request
to make a subsequent PutKeyPolicy request on the CMK. This
reduces the likelihood that the CMK becomes unmanageable. For more
information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service
Developer Guide.
The principal(s) specified in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before specifying the new principal in a key policy because the new principal might not immediately be visible to AWS KMS. For more information, see Changes that I make are not always immediately visible in the IAM User Guide.
The policy size limit is 32 KiB (32768 bytes).
Boolean bypassPolicyLockoutSafetyCheck
A flag to indicate whether to bypass the key policy lockout safety check.
Setting this value to true increases the likelihood that the CMK becomes unmanageable. Do not set this value to true indiscriminately.
For more information, refer to the scenario in the Default Key Policy section in the AWS Key Management Service Developer Guide.
Use this parameter only when you intend to prevent the principal making
the request from making a subsequent PutKeyPolicy request on
the CMK.
The default value is false.
ByteBuffer ciphertextBlob
Ciphertext of the data to re-encrypt.
com.amazonaws.internal.SdkInternalMap<K,V> sourceEncryptionContext
Encryption context used to encrypt and decrypt the data specified in the
CiphertextBlob parameter.
String destinationKeyId
A unique identifier for the customer master key used to re-encrypt the data. This value can be a globally unique identifier, a fully specified ARN to either an alias or a key, or an alias name prefixed by "alias/".
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Alias ARN Example - arn:aws:kms:us-east-1:123456789012:alias/MyAliasName
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
Alias Name Example - alias/MyAliasName
com.amazonaws.internal.SdkInternalMap<K,V> destinationEncryptionContext
Encryption context to be used when the data is re-encrypted.
com.amazonaws.internal.SdkInternalList<T> grantTokens
A list of grant tokens.
For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.
ByteBuffer ciphertextBlob
The re-encrypted data. If you are using the CLI, the value is Base64 encoded. Otherwise, it is not encoded.
String sourceKeyId
Unique identifier of the key used to originally encrypt the data.
String keyId
Unique identifier of the key used to re-encrypt the data.
String grantToken
Token that identifies the grant to be retired.
String keyId
A unique identifier for the customer master key associated with the grant. This value can be a globally unique identifier or a fully specified ARN of the key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
String grantId
Unique identifier of the grant to be retired. The grant ID is returned by
the CreateGrant function.
Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123
String keyId
A unique identifier for the customer master key associated with the grant. This value can be a globally unique identifier or the fully specified ARN to a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
String grantId
Identifier of the grant to be revoked.
String keyId
The unique identifier for the customer master key (CMK) to delete.
To specify this value, use the unique key ID or the Amazon Resource Name (ARN) of the CMK. Examples:
Unique key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
Key ARN: arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd- 56ef-1234567890ab
To obtain the unique key ID and key ARN for a given CMK, use ListKeys or DescribeKey.
Integer pendingWindowInDays
The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the customer master key (CMK).
This value is optional. If you include a value, it must be between 7 and 30, inclusive. If you do not include a value, it defaults to 30.
String aliasName
String that contains the name of the alias to be modified. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/aws" are reserved.
String targetKeyId
Unique identifier of the customer master key to be mapped to the alias. This value can be a globally unique identifier or the fully specified ARN of a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
You can call ListAliases to verify that the alias is mapped to the
correct TargetKeyId.
String keyId
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key.
Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234 -1234-123456789012
Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
String description
New description for the key.
Copyright © 2016. All rights reserved.