packages feed

amazonka-kms 0.2.2 → 0.2.3

raw patch · 21 files changed

+199/−80 lines, 21 filesdep ~amazonka-corePVP ok

version bump matches the API change (PVP)

Dependency ranges changed: amazonka-core

API changes (from Hackage documentation)

Files

amazonka-kms.cabal view
@@ -1,5 +1,5 @@ name:                  amazonka-kms-version:               0.2.2+version:               0.2.3 synopsis:              Amazon Key Management Service SDK. homepage:              https://github.com/brendanhay/amazonka license:               OtherLicense@@ -69,5 +69,5 @@     other-modules:      build-depends:-          amazonka-core == 0.2.2.*+          amazonka-core == 0.2.3.*         , base          >= 4.7     && < 5
gen/Network/AWS/KMS/CreateAlias.hs view
@@ -79,7 +79,10 @@ caAliasName = lens _caAliasName (\s a -> s { _caAliasName = a })  -- | An identifier of the key for which you are creating the alias. This value--- cannot be another alias.+-- cannot be another alias but can be a globally unique identifier or a fully+-- specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- caTargetKeyId :: Lens' CreateAlias Text caTargetKeyId = lens _caTargetKeyId (\s a -> s { _caTargetKeyId = a }) 
gen/Network/AWS/KMS/CreateGrant.hs view
@@ -23,12 +23,10 @@ -- Derived from AWS service descriptions, licensed under Apache 2.0.  -- | Adds a grant to a key to specify who can access the key and under what--- conditions. Grants are alternate permission mechanisms to key policies. If--- absent, access to the key is evaluated based on IAM policies attached to the--- user. By default, grants do not expire. Grants can be listed, retired, or--- revoked as indicated by the following APIs. Typically, when you are finished--- using a grant, you retire it. When you want to end a grant immediately,--- revoke it. For more information about grants, see <http://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants>.  'ListGrants' 'RetireGrant' 'RevokeGrant'+-- conditions. Grants are alternate permission mechanisms to key policies. For+-- more information about grants, see <http://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants> in the developer guide. If a grant+-- is absent, access to the key is evaluated based on IAM policies attached to+-- the user.  'ListGrants' 'RetireGrant' 'RevokeGrant' -- -- <http://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html> module Network.AWS.KMS.CreateGrant@@ -101,7 +99,7 @@ cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints) cgConstraints = lens _cgConstraints (\s a -> s { _cgConstraints = a }) --- | List of grant tokens.+-- | For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>. cgGrantTokens :: Lens' CreateGrant [Text] cgGrantTokens = lens _cgGrantTokens (\s a -> s { _cgGrantTokens = a }) . _List @@ -111,14 +109,16 @@ cgGranteePrincipal =     lens _cgGranteePrincipal (\s a -> s { _cgGranteePrincipal = a }) --- | A unique key identifier for a customer master key. This value can be a--- globally unique identifier, an ARN, or an alias.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- cgKeyId :: Lens' CreateGrant Text cgKeyId = lens _cgKeyId (\s a -> s { _cgKeyId = a })  -- | List of operations permitted by the grant. This can be any combination of one -- or more of the following values:  Decrypt Encrypt GenerateDataKey GenerateDataKeyWithoutPlaintext--- ReEncryptFrom ReEncryptTo CreateGrant+-- ReEncryptFrom ReEncryptTo CreateGrant RetireGrant cgOperations :: Lens' CreateGrant [GrantOperation] cgOperations = lens _cgOperations (\s a -> s { _cgOperations = a }) . _List @@ -150,9 +150,7 @@ cgrGrantId :: Lens' CreateGrantResponse (Maybe Text) cgrGrantId = lens _cgrGrantId (\s a -> s { _cgrGrantId = a }) --- | The grant token. A grant token is a string that identifies a grant and which--- can be used to make a grant take effect immediately. A token contains all of--- the information necessary to create a grant.+-- | For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>. cgrGrantToken :: Lens' CreateGrantResponse (Maybe Text) cgrGrantToken = lens _cgrGrantToken (\s a -> s { _cgrGrantToken = a }) 
gen/Network/AWS/KMS/Decrypt.hs view
@@ -23,8 +23,17 @@ -- Derived from AWS service descriptions, licensed under Apache 2.0.  -- | Decrypts ciphertext. Ciphertext is plaintext that has been previously--- encrypted by using the 'Encrypt' function.+-- encrypted by using any of the following functions:  'GenerateDataKey' 'GenerateDataKeyWithoutPlaintext' 'Encrypt' --+-- Note that if a caller has been granted access permissions to all keys+-- (through, for example, IAM user policies that grant 'Decrypt' permission on all+-- resources), then ciphertext encrypted by using keys in other accounts where+-- the key grants access to the caller can be decrypted. To remedy this, we+-- recommend that you do not grant 'Decrypt' access in an IAM user policy. Instead+-- grant 'Decrypt' access only in key policies. If you must grant 'Decrypt' access+-- in an IAM user policy, you should scope the resource to specific keys or to+-- specific trusted accounts.+-- -- <http://docs.aws.amazon.com/kms/latest/APIReference/API_Decrypt.html> module Network.AWS.KMS.Decrypt     (@@ -75,7 +84,7 @@     , _dGrantTokens       = mempty     } --- | Ciphertext including metadata.+-- | Ciphertext to be decrypted. The blob includes metadata. dCiphertextBlob :: Lens' Decrypt Base64 dCiphertextBlob = lens _dCiphertextBlob (\s a -> s { _dCiphertextBlob = a }) @@ -87,8 +96,7 @@     lens _dEncryptionContext (\s a -> s { _dEncryptionContext = a })         . _Map --- | A list of grant tokens that represent grants which can be used to provide--- long term permissions to perform decryption.+-- | For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>. dGrantTokens :: Lens' Decrypt [Text] dGrantTokens = lens _dGrantTokens (\s a -> s { _dGrantTokens = a }) . _List @@ -111,8 +119,8 @@     , _drPlaintext = Nothing     } --- | Unique identifier created by the system for the key. This value is always--- returned as long as no errors are encountered during the operation.+-- | ARN of the key used to perform the decryption. This value is returned if no+-- errors are encountered during the operation. drKeyId :: Lens' DecryptResponse (Maybe Text) drKeyId = lens _drKeyId (\s a -> s { _drKeyId = a }) 
gen/Network/AWS/KMS/DescribeKey.hs view
@@ -63,8 +63,12 @@     { _dk1KeyId = p1     } --- | Unique identifier of the customer master key to be described. This can be an--- ARN, an alias, or a globally unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier, a fully specified ARN to either an alias or a key, or an+-- alias name prefixed by "alias/".  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Alias ARN Example - arn:aws:kms:us-east-1:123456789012:/alias/MyAliasName+-- Globally Unique Key ID Example - 12345678-1234-1234-123456789012 Alias Name+-- Example - alias/MyAliasName dk1KeyId :: Lens' DescribeKey Text dk1KeyId = lens _dk1KeyId (\s a -> s { _dk1KeyId = a }) 
gen/Network/AWS/KMS/DisableKey.hs view
@@ -61,8 +61,10 @@     { _dkKeyId = p1     } --- | Unique identifier of the customer master key to be disabled. This can be an--- ARN, an alias, or a globally unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- dkKeyId :: Lens' DisableKey Text dkKeyId = lens _dkKeyId (\s a -> s { _dkKeyId = a }) 
gen/Network/AWS/KMS/DisableKeyRotation.hs view
@@ -61,8 +61,10 @@     { _dkrKeyId = p1     } --- | Unique identifier of the customer master key for which rotation is to be--- disabled. This can be an ARN, an alias, or a globally unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- dkrKeyId :: Lens' DisableKeyRotation Text dkrKeyId = lens _dkrKeyId (\s a -> s { _dkrKeyId = a }) 
gen/Network/AWS/KMS/EnableKey.hs view
@@ -62,8 +62,10 @@     { _ekKeyId = p1     } --- | Unique identifier of the customer master key to be enabled. This can be an--- ARN, an alias, or a globally unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- ekKeyId :: Lens' EnableKey Text ekKeyId = lens _ekKeyId (\s a -> s { _ekKeyId = a }) 
gen/Network/AWS/KMS/EnableKeyRotation.hs view
@@ -61,8 +61,10 @@     { _ekrKeyId = p1     } --- | Unique identifier of the customer master key for which rotation is to be--- enabled. This can be an ARN, an alias, or a globally unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- ekrKeyId :: Lens' EnableKeyRotation Text ekrKeyId = lens _ekrKeyId (\s a -> s { _ekrKeyId = a }) 
gen/Network/AWS/KMS/Encrypt.hs view
@@ -22,8 +22,22 @@ -- -- Derived from AWS service descriptions, licensed under Apache 2.0. --- | Encrypts plaintext into ciphertext by using a customer master key.+-- | Encrypts plaintext into ciphertext by using a customer master key. The 'Encrypt'+-- function has two primary use cases:  You can encrypt up to 4 KB of arbitrary+-- data such as an RSA key, a database password, or other sensitive customer+-- information. If you are moving encrypted data from one region to another, you+-- can use this API to encrypt in the new region the plaintext data key that was+-- used to encrypt the data in the original region. This provides you with an+-- encrypted copy of the data key that can be decrypted in the new region and+-- used there to decrypt the encrypted data. --+-- Unless you are moving encrypted data from one region to another, you don't+-- use this function to encrypt a generated data key within a region. You+-- retrieve data keys already encrypted by calling the 'GenerateDataKey' or 'GenerateDataKeyWithoutPlaintext' function. Data keys don't need to be encrypted again by calling 'Encrypt'.+--+-- If you want to encrypt data locally in your application, you can use the 'GenerateDataKey' function to return a plaintext data encryption key and a copy of the key+-- encrypted under the customer master key (CMK) of your choosing.+-- -- <http://docs.aws.amazon.com/kms/latest/APIReference/API_Encrypt.html> module Network.AWS.KMS.Encrypt     (@@ -80,20 +94,24 @@     , _eGrantTokens       = mempty     } --- | Name:value pair that specifies the encryption context to be used for--- authenticated encryption. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/crypto_authen.html Authenticated Encryption>.+-- | Name/value pair that specifies the encryption context to be used for+-- authenticated encryption. If used here, the same value must be supplied to+-- the 'Decrypt' API or decryption will fail. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html EncryptionContext>. eEncryptionContext :: Lens' Encrypt (HashMap Text Text) eEncryptionContext =     lens _eEncryptionContext (\s a -> s { _eEncryptionContext = a })         . _Map --- | A list of grant tokens that represent grants which can be used to provide--- long term permissions to perform encryption.+-- | For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>. eGrantTokens :: Lens' Encrypt [Text] eGrantTokens = lens _eGrantTokens (\s a -> s { _eGrantTokens = a }) . _List --- | Unique identifier of the customer master. This can be an ARN, an alias, or--- the Key ID.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier, a fully specified ARN to either an alias or a key, or an+-- alias name prefixed by "alias/".  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Alias ARN Example - arn:aws:kms:us-east-1:123456789012:/alias/MyAliasName+-- Globally Unique Key ID Example - 12345678-1234-1234-123456789012 Alias Name+-- Example - alias/MyAliasName eKeyId :: Lens' Encrypt Text eKeyId = lens _eKeyId (\s a -> s { _eKeyId = a }) @@ -120,7 +138,8 @@     , _erKeyId          = Nothing     } --- | The encrypted plaintext.+-- | The encrypted plaintext. If you are using the CLI, the value is Base64+-- encoded. Otherwise, it is not encoded. erCiphertextBlob :: Lens' EncryptResponse (Maybe Base64) erCiphertextBlob = lens _erCiphertextBlob (\s a -> s { _erCiphertextBlob = a }) 
gen/Network/AWS/KMS/GenerateDataKey.hs view
@@ -22,9 +22,37 @@ -- -- Derived from AWS service descriptions, licensed under Apache 2.0. --- | Generates a secure data key. Data keys are used to encrypt and decrypt data.--- They are wrapped by customer master keys.+-- | Generates a data key that you can use in your application to locally encrypt+-- data. This call returns a plaintext version of the key in the 'Plaintext' field+-- of the response object and an encrypted copy of the key in the 'CiphertextBlob'+-- field. The key is encrypted by using the master key specified by the 'KeyId'+-- field. To decrypt the encrypted key, pass it to the 'Decrypt' API. --+-- We recommend that you use the following pattern to locally encrypt data:+-- call the 'GenerateDataKey' API, use the key returned in the 'Plaintext' response+-- field to locally encrypt data, and then erase the plaintext data key from+-- memory. Store the encrypted data key (contained in the 'CiphertextBlob' field)+-- alongside of the locally encrypted data.+--+-- You should not call the 'Encrypt' function to re-encrypt your data keys within+-- a region. 'GenerateDataKey' always returns the data key encrypted and tied to+-- the customer master key that will be used to decrypt it. There is no need to+-- decrypt it twice.  If you decide to use the optional 'EncryptionContext'+-- parameter, you must also store the context in full or at least store enough+-- information along with the encrypted data to be able to reconstruct the+-- context when submitting the ciphertext to the 'Decrypt' API. It is a good+-- practice to choose a context that you can reconstruct on the fly to better+-- secure the ciphertext. For more information about how this parameter is used,+-- see <http://docs.aws.amazon.com/kms/latest/developerguide/encrypt-context.html Encryption Context>.+--+-- To decrypt data, pass the encrypted data key to the 'Decrypt' API. 'Decrypt'+-- uses the associated master key to decrypt the encrypted data key and returns+-- it as plaintext. Use the plaintext data key to locally decrypt your data and+-- then erase the key from memory. You must specify the encryption context, if+-- any, that you specified when you generated the key. The encryption context is+-- logged by CloudTrail, and you can use this log to help track the use of+-- particular data.+-- -- <http://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKey.html> module Network.AWS.KMS.GenerateDataKey     (@@ -94,13 +122,16 @@     lens _gdkEncryptionContext (\s a -> s { _gdkEncryptionContext = a })         . _Map --- | A list of grant tokens that represent grants which can be used to provide--- long term permissions to generate a key.+-- | For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>. gdkGrantTokens :: Lens' GenerateDataKey [Text] gdkGrantTokens = lens _gdkGrantTokens (\s a -> s { _gdkGrantTokens = a }) . _List --- | Unique identifier of the key. This can be an ARN, an alias, or a globally--- unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier, a fully specified ARN to either an alias or a key, or an+-- alias name prefixed by "alias/".  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Alias ARN Example - arn:aws:kms:us-east-1:123456789012:/alias/MyAliasName+-- Globally Unique Key ID Example - 12345678-1234-1234-123456789012 Alias Name+-- Example - alias/MyAliasName gdkKeyId :: Lens' GenerateDataKey Text gdkKeyId = lens _gdkKeyId (\s a -> s { _gdkKeyId = a }) @@ -110,7 +141,7 @@ gdkKeySpec = lens _gdkKeySpec (\s a -> s { _gdkKeySpec = a })  -- | Integer that contains the number of bytes to generate. Common values are 128,--- 256, 512, 1024 and so on. 1024 is the current limit.+-- 256, 512, and 1024. 1024 is the current limit. We recommend that you use the 'KeySpec' parameter instead. gdkNumberOfBytes :: Lens' GenerateDataKey (Maybe Natural) gdkNumberOfBytes = lens _gdkNumberOfBytes (\s a -> s { _gdkNumberOfBytes = a }) . mapping _Nat @@ -137,19 +168,25 @@     , _gdkrKeyId          = Nothing     } --- | Ciphertext that contains the wrapped key. You must store the blob and--- encryption context so that the ciphertext can be decrypted. You must provide--- both the ciphertext blob and the encryption context.+-- | Ciphertext that contains the encrypted data key. You must store the blob and+-- enough information to reconstruct the encryption context so that the data+-- encrypted by using the key can later be decrypted. You must provide both the+-- ciphertext blob and the encryption context to the 'Decrypt' API to recover the+-- plaintext data key and decrypt the object.+--+-- If you are using the CLI, the value is Base64 encoded. Otherwise, it is not+-- encoded. gdkrCiphertextBlob :: Lens' GenerateDataKeyResponse (Maybe Base64) gdkrCiphertextBlob =     lens _gdkrCiphertextBlob (\s a -> s { _gdkrCiphertextBlob = a }) --- | System generated unique identifier for the key.+-- | System generated unique identifier of the key to be used to decrypt the+-- encrypted copy of the data key. gdkrKeyId :: Lens' GenerateDataKeyResponse (Maybe Text) gdkrKeyId = lens _gdkrKeyId (\s a -> s { _gdkrKeyId = a }) --- | Plaintext that contains the unwrapped key. Use this for encryption and--- decryption and then remove it from memory as soon as possible.+-- | Plaintext that contains the data key. Use this for encryption and decryption+-- and then remove it from memory as soon as possible. gdkrPlaintext :: Lens' GenerateDataKeyResponse (Maybe Base64) gdkrPlaintext = lens _gdkrPlaintext (\s a -> s { _gdkrPlaintext = a }) 
gen/Network/AWS/KMS/GenerateDataKeyWithoutPlaintext.hs view
@@ -22,8 +22,11 @@ -- -- Derived from AWS service descriptions, licensed under Apache 2.0. --- | Returns a key wrapped by a customer master key without the plaintext copy of--- that key. To retrieve the plaintext, see 'GenerateDataKey'.+-- | Returns a data key encrypted by a customer master key without the plaintext+-- copy of that key. Otherwise, this API functions exactly like 'GenerateDataKey'.+-- You can use this API to, for example, satisfy an audit requirement that an+-- encrypted key be made available without exposing the plaintext copy of that+-- key. -- -- <http://docs.aws.amazon.com/kms/latest/APIReference/API_GenerateDataKeyWithoutPlaintext.html> module Network.AWS.KMS.GenerateDataKeyWithoutPlaintext@@ -92,13 +95,16 @@     lens _gdkwpEncryptionContext (\s a -> s { _gdkwpEncryptionContext = a })         . _Map --- | A list of grant tokens that represent grants which can be used to provide--- long term permissions to generate a key.+-- | For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>. gdkwpGrantTokens :: Lens' GenerateDataKeyWithoutPlaintext [Text] gdkwpGrantTokens = lens _gdkwpGrantTokens (\s a -> s { _gdkwpGrantTokens = a }) . _List --- | Unique identifier of the key. This can be an ARN, an alias, or a globally--- unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier, a fully specified ARN to either an alias or a key, or an+-- alias name prefixed by "alias/".  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Alias ARN Example - arn:aws:kms:us-east-1:123456789012:/alias/MyAliasName+-- Globally Unique Key ID Example - 12345678-1234-1234-123456789012 Alias Name+-- Example - alias/MyAliasName gdkwpKeyId :: Lens' GenerateDataKeyWithoutPlaintext Text gdkwpKeyId = lens _gdkwpKeyId (\s a -> s { _gdkwpKeyId = a }) @@ -108,7 +114,8 @@ gdkwpKeySpec = lens _gdkwpKeySpec (\s a -> s { _gdkwpKeySpec = a })  -- | Integer that contains the number of bytes to generate. Common values are 128,--- 256, 512, 1024 and so on.+-- 256, 512, 1024 and so on. We recommend that you use the 'KeySpec' parameter+-- instead. gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural) gdkwpNumberOfBytes =     lens _gdkwpNumberOfBytes (\s a -> s { _gdkwpNumberOfBytes = a })@@ -133,13 +140,17 @@     , _gdkwprKeyId          = Nothing     } --- | Ciphertext that contains the wrapped key. You must store the blob and--- encryption context so that the key can be used in a future operation.+-- | Ciphertext that contains the wrapped data key. You must store the blob and+-- encryption context so that the key can be used in a future decrypt operation.+--+-- If you are using the CLI, the value is Base64 encoded. Otherwise, it is not+-- encoded. gdkwprCiphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Base64) gdkwprCiphertextBlob =     lens _gdkwprCiphertextBlob (\s a -> s { _gdkwprCiphertextBlob = a }) --- | System generated unique identifier for the key.+-- | System generated unique identifier of the key to be used to decrypt the+-- encrypted copy of the data key. gdkwprKeyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text) gdkwprKeyId = lens _gdkwprKeyId (\s a -> s { _gdkwprKeyId = a }) 
gen/Network/AWS/KMS/GetKeyPolicy.hs view
@@ -69,8 +69,10 @@     , _gkpPolicyName = p2     } --- | Unique identifier of the key. This can be an ARN, an alias, or a globally--- unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- gkpKeyId :: Lens' GetKeyPolicy Text gkpKeyId = lens _gkpKeyId (\s a -> s { _gkpKeyId = a }) 
gen/Network/AWS/KMS/GetKeyRotationStatus.hs view
@@ -64,8 +64,10 @@     { _gkrsKeyId = p1     } --- | Unique identifier of the key. This can be an ARN, an alias, or a globally--- unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- gkrsKeyId :: Lens' GetKeyRotationStatus Text gkrsKeyId = lens _gkrsKeyId (\s a -> s { _gkrsKeyId = a }) 
gen/Network/AWS/KMS/ListGrants.hs view
@@ -75,8 +75,10 @@     , _lgMarker = Nothing     } --- | Unique identifier of the key. This can be an ARN, an alias, or a globally--- unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- lgKeyId :: Lens' ListGrants Text lgKeyId = lens _lgKeyId (\s a -> s { _lgKeyId = a }) 
gen/Network/AWS/KMS/ListKeyPolicies.hs view
@@ -75,8 +75,12 @@     , _lkpMarker = Nothing     } --- | Unique identifier of the key. This can be an ARN, an alias, or a globally--- unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier, a fully specified ARN to either an alias or a key, or an+-- alias name prefixed by "alias/".  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Alias ARN Example - arn:aws:kms:us-east-1:123456789012:/alias/MyAliasName+-- Globally Unique Key ID Example - 12345678-1234-1234-123456789012 Alias Name+-- Example - alias/MyAliasName lkpKeyId :: Lens' ListKeyPolicies Text lkpKeyId = lens _lkpKeyId (\s a -> s { _lkpKeyId = a }) 
gen/Network/AWS/KMS/PutKeyPolicy.hs view
@@ -73,8 +73,10 @@     , _pkpPolicy     = p3     } --- | Unique identifier of the key. This can be an ARN, an alias, or a globally--- unique identifier.+-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- pkpKeyId :: Lens' PutKeyPolicy Text pkpKeyId = lens _pkpKeyId (\s a -> s { _pkpKeyId = a }) 
gen/Network/AWS/KMS/ReEncrypt.hs view
@@ -100,13 +100,18 @@         (\s a -> s { _reDestinationEncryptionContext = a })             . _Map --- | Key identifier of the key used to re-encrypt the data.+-- | A unique identifier for the customer master key used to re-encrypt the data.+-- This value can be a globally unique identifier, a fully specified ARN to+-- either an alias or a key, or an alias name prefixed by "alias/".  Key ARN+-- Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Alias ARN Example - arn:aws:kms:us-east-1:123456789012:/alias/MyAliasName+-- Globally Unique Key ID Example - 12345678-1234-1234-123456789012 Alias Name+-- Example - alias/MyAliasName reDestinationKeyId :: Lens' ReEncrypt Text reDestinationKeyId =     lens _reDestinationKeyId (\s a -> s { _reDestinationKeyId = a }) --- | Grant tokens that identify the grants that have permissions for the--- encryption and decryption process.+-- | For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens>. reGrantTokens :: Lens' ReEncrypt [Text] reGrantTokens = lens _reGrantTokens (\s a -> s { _reGrantTokens = a }) . _List @@ -140,7 +145,8 @@     , _rerKeyId          = Nothing     } --- | The re-encrypted data.+-- | The re-encrypted data. If you are using the CLI, the value is Base64 encoded.+-- Otherwise, it is not encoded. rerCiphertextBlob :: Lens' ReEncryptResponse (Maybe Base64) rerCiphertextBlob =     lens _rerCiphertextBlob (\s a -> s { _rerCiphertextBlob = a })
gen/Network/AWS/KMS/RetireGrant.hs view
@@ -24,7 +24,9 @@  -- | Retires a grant. You can retire a grant when you're done using it to clean -- up. You should revoke a grant when you intend to actively deny operations--- that depend on it.+-- that depend on it. The following are permitted to call this API:  The account+-- that created the grant The 'RetiringPrincipal', if present The 'GranteePrincipal', if+-- 'RetireGrant' is a grantee operation -- -- <http://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html> module Network.AWS.KMS.RetireGrant
gen/Network/AWS/KMS/RevokeGrant.hs view
@@ -72,7 +72,11 @@ rgGrantId :: Lens' RevokeGrant Text rgGrantId = lens _rgGrantId (\s a -> s { _rgGrantId = a }) --- | Unique identifier of the key associated with the grant.+-- | A unique identifier for the customer master key associated with the grant.+-- This value can be a globally unique identifier or the fully specified ARN to+-- a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- rgKeyId :: Lens' RevokeGrant Text rgKeyId = lens _rgKeyId (\s a -> s { _rgKeyId = a }) 
gen/Network/AWS/KMS/UpdateKeyDescription.hs view
@@ -22,7 +22,9 @@ -- -- Derived from AWS service descriptions, licensed under Apache 2.0. --- | <http://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateKeyDescription.html>+-- | Updates the description of a key.+--+-- <http://docs.aws.amazon.com/kms/latest/APIReference/API_UpdateKeyDescription.html> module Network.AWS.KMS.UpdateKeyDescription     (     -- * Request@@ -65,9 +67,14 @@     , _ukdDescription = p2     } +-- | New description for the key. ukdDescription :: Lens' UpdateKeyDescription Text ukdDescription = lens _ukdDescription (\s a -> s { _ukdDescription = a }) +-- | A unique identifier for the customer master key. This value can be a globally+-- unique identifier or the fully specified ARN to a key.  Key ARN Example -+-- arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-123456789012+-- ukdKeyId :: Lens' UpdateKeyDescription Text ukdKeyId = lens _ukdKeyId (\s a -> s { _ukdKeyId = a })