amazonka-kms 1.6.1 → 2.0
raw patch · 200 files changed
+28052/−7676 lines, 200 filesdep +case-insensitivedep ~amazonka-coredep ~amazonka-testdep ~basesetup-changedPVP ok
version bump matches the API change (PVP)
Dependencies added: case-insensitive
Dependency ranges changed: amazonka-core, amazonka-test, base
API changes (from Hackage documentation)
- Network.AWS.KMS: AES128 :: DataKeySpec
- Network.AWS.KMS: AES256 :: DataKeySpec
- Network.AWS.KMS: AWS :: KeyManagerType
- Network.AWS.KMS: AWSKMS :: OriginType
- Network.AWS.KMS: CreateGrant :: GrantOperation
- Network.AWS.KMS: Customer :: KeyManagerType
- Network.AWS.KMS: Decrypt :: GrantOperation
- Network.AWS.KMS: DescribeKey :: GrantOperation
- Network.AWS.KMS: Disabled :: KeyState
- Network.AWS.KMS: Enabled :: KeyState
- Network.AWS.KMS: Encrypt :: GrantOperation
- Network.AWS.KMS: EncryptDecrypt :: KeyUsageType
- Network.AWS.KMS: External :: OriginType
- Network.AWS.KMS: GenerateDataKey :: GrantOperation
- Network.AWS.KMS: GenerateDataKeyWithoutPlaintext :: GrantOperation
- Network.AWS.KMS: KeyMaterialDoesNotExpire :: ExpirationModelType
- Network.AWS.KMS: KeyMaterialExpires :: ExpirationModelType
- Network.AWS.KMS: PendingDeletion :: KeyState
- Network.AWS.KMS: PendingImport :: KeyState
- Network.AWS.KMS: ReEncryptFrom :: GrantOperation
- Network.AWS.KMS: ReEncryptTo :: GrantOperation
- Network.AWS.KMS: RetireGrant :: GrantOperation
- Network.AWS.KMS: Rsa2048 :: WrappingKeySpec
- Network.AWS.KMS: RsaesOaepSha1 :: AlgorithmSpec
- Network.AWS.KMS: RsaesOaepSha256 :: AlgorithmSpec
- Network.AWS.KMS: RsaesPKCS1V15 :: AlgorithmSpec
- Network.AWS.KMS: _AlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _DisabledException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _ExpiredImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _IncorrectKeyMaterialException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _InvalidAliasNameException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _InvalidCiphertextException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _InvalidImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _InvalidMarkerException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _NotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _TagException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: _UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS: aleAliasARN :: Lens' AliasListEntry (Maybe Text)
- Network.AWS.KMS: aleAliasName :: Lens' AliasListEntry (Maybe Text)
- Network.AWS.KMS: aleTargetKeyId :: Lens' AliasListEntry (Maybe Text)
- Network.AWS.KMS: aliasListEntry :: AliasListEntry
- Network.AWS.KMS: data AlgorithmSpec
- Network.AWS.KMS: data AliasListEntry
- Network.AWS.KMS: data DataKeySpec
- Network.AWS.KMS: data ExpirationModelType
- Network.AWS.KMS: data GrantConstraints
- Network.AWS.KMS: data GrantListEntry
- Network.AWS.KMS: data GrantOperation
- Network.AWS.KMS: data KeyListEntry
- Network.AWS.KMS: data KeyManagerType
- Network.AWS.KMS: data KeyMetadata
- Network.AWS.KMS: data KeyState
- Network.AWS.KMS: data KeyUsageType
- Network.AWS.KMS: data ListGrantsResponse
- Network.AWS.KMS: data OriginType
- Network.AWS.KMS: data Tag
- Network.AWS.KMS: data WrappingKeySpec
- Network.AWS.KMS: gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text)
- Network.AWS.KMS: gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text)
- Network.AWS.KMS: gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints)
- Network.AWS.KMS: gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime)
- Network.AWS.KMS: gleGrantId :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS: gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS: gleIssuingAccount :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS: gleKeyId :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS: gleName :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS: gleOperations :: Lens' GrantListEntry [GrantOperation]
- Network.AWS.KMS: gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS: grantConstraints :: GrantConstraints
- Network.AWS.KMS: grantListEntry :: GrantListEntry
- Network.AWS.KMS: keyListEntry :: KeyListEntry
- Network.AWS.KMS: keyMetadata :: Text -> KeyMetadata
- Network.AWS.KMS: kleKeyARN :: Lens' KeyListEntry (Maybe Text)
- Network.AWS.KMS: kleKeyId :: Lens' KeyListEntry (Maybe Text)
- Network.AWS.KMS: kmARN :: Lens' KeyMetadata (Maybe Text)
- Network.AWS.KMS: kmAWSAccountId :: Lens' KeyMetadata (Maybe Text)
- Network.AWS.KMS: kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime)
- Network.AWS.KMS: kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime)
- Network.AWS.KMS: kmDescription :: Lens' KeyMetadata (Maybe Text)
- Network.AWS.KMS: kmEnabled :: Lens' KeyMetadata (Maybe Bool)
- Network.AWS.KMS: kmExpirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType)
- Network.AWS.KMS: kmKeyId :: Lens' KeyMetadata Text
- Network.AWS.KMS: kmKeyManager :: Lens' KeyMetadata (Maybe KeyManagerType)
- Network.AWS.KMS: kmKeyState :: Lens' KeyMetadata (Maybe KeyState)
- Network.AWS.KMS: kmKeyUsage :: Lens' KeyMetadata (Maybe KeyUsageType)
- Network.AWS.KMS: kmOrigin :: Lens' KeyMetadata (Maybe OriginType)
- Network.AWS.KMS: kmValidTo :: Lens' KeyMetadata (Maybe UTCTime)
- Network.AWS.KMS: kms :: Service
- Network.AWS.KMS: lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
- Network.AWS.KMS: lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
- Network.AWS.KMS: lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
- Network.AWS.KMS: listGrantsResponse :: ListGrantsResponse
- Network.AWS.KMS: tag :: Text -> Text -> Tag
- Network.AWS.KMS: tagTagKey :: Lens' Tag Text
- Network.AWS.KMS: tagTagValue :: Lens' Tag Text
- Network.AWS.KMS.CancelKeyDeletion: cancelKeyDeletion :: Text -> CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: cancelKeyDeletionResponse :: Int -> CancelKeyDeletionResponse
- Network.AWS.KMS.CancelKeyDeletion: ckdKeyId :: Lens' CancelKeyDeletion Text
- Network.AWS.KMS.CancelKeyDeletion: ckdrsKeyId :: Lens' CancelKeyDeletionResponse (Maybe Text)
- Network.AWS.KMS.CancelKeyDeletion: ckdrsResponseStatus :: Lens' CancelKeyDeletionResponse Int
- Network.AWS.KMS.CancelKeyDeletion: data CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: data CancelKeyDeletionResponse
- Network.AWS.KMS.CancelKeyDeletion: instance Control.DeepSeq.NFData Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance Control.DeepSeq.NFData Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
- Network.AWS.KMS.CancelKeyDeletion: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance Data.Data.Data Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance Data.Data.Data Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
- Network.AWS.KMS.CancelKeyDeletion: instance Data.Hashable.Class.Hashable Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance GHC.Classes.Eq Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance GHC.Classes.Eq Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
- Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Generic Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance GHC.Generics.Generic Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
- Network.AWS.KMS.CancelKeyDeletion: instance GHC.Read.Read Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance GHC.Read.Read Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
- Network.AWS.KMS.CancelKeyDeletion: instance GHC.Show.Show Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance GHC.Show.Show Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
- Network.AWS.KMS.CancelKeyDeletion: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CancelKeyDeletion: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.CancelKeyDeletion.CancelKeyDeletion
- Network.AWS.KMS.CreateAlias: caAliasName :: Lens' CreateAlias Text
- Network.AWS.KMS.CreateAlias: caTargetKeyId :: Lens' CreateAlias Text
- Network.AWS.KMS.CreateAlias: createAlias :: Text -> Text -> CreateAlias
- Network.AWS.KMS.CreateAlias: createAliasResponse :: CreateAliasResponse
- Network.AWS.KMS.CreateAlias: data CreateAlias
- Network.AWS.KMS.CreateAlias: data CreateAliasResponse
- Network.AWS.KMS.CreateAlias: instance Control.DeepSeq.NFData Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance Control.DeepSeq.NFData Network.AWS.KMS.CreateAlias.CreateAliasResponse
- Network.AWS.KMS.CreateAlias: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance Data.Data.Data Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance Data.Data.Data Network.AWS.KMS.CreateAlias.CreateAliasResponse
- Network.AWS.KMS.CreateAlias: instance Data.Hashable.Class.Hashable Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance GHC.Classes.Eq Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance GHC.Classes.Eq Network.AWS.KMS.CreateAlias.CreateAliasResponse
- Network.AWS.KMS.CreateAlias: instance GHC.Generics.Generic Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance GHC.Generics.Generic Network.AWS.KMS.CreateAlias.CreateAliasResponse
- Network.AWS.KMS.CreateAlias: instance GHC.Read.Read Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance GHC.Read.Read Network.AWS.KMS.CreateAlias.CreateAliasResponse
- Network.AWS.KMS.CreateAlias: instance GHC.Show.Show Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance GHC.Show.Show Network.AWS.KMS.CreateAlias.CreateAliasResponse
- Network.AWS.KMS.CreateAlias: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateAlias: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.CreateAlias.CreateAlias
- Network.AWS.KMS.CreateGrant: cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints)
- Network.AWS.KMS.CreateGrant: cgGrantTokens :: Lens' CreateGrant [Text]
- Network.AWS.KMS.CreateGrant: cgGranteePrincipal :: Lens' CreateGrant Text
- Network.AWS.KMS.CreateGrant: cgKeyId :: Lens' CreateGrant Text
- Network.AWS.KMS.CreateGrant: cgName :: Lens' CreateGrant (Maybe Text)
- Network.AWS.KMS.CreateGrant: cgOperations :: Lens' CreateGrant [GrantOperation]
- Network.AWS.KMS.CreateGrant: cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text)
- Network.AWS.KMS.CreateGrant: cgrsGrantId :: Lens' CreateGrantResponse (Maybe Text)
- Network.AWS.KMS.CreateGrant: cgrsGrantToken :: Lens' CreateGrantResponse (Maybe Text)
- Network.AWS.KMS.CreateGrant: cgrsResponseStatus :: Lens' CreateGrantResponse Int
- Network.AWS.KMS.CreateGrant: createGrant :: Text -> Text -> CreateGrant
- Network.AWS.KMS.CreateGrant: createGrantResponse :: Int -> CreateGrantResponse
- Network.AWS.KMS.CreateGrant: data CreateGrant
- Network.AWS.KMS.CreateGrant: data CreateGrantResponse
- Network.AWS.KMS.CreateGrant: instance Control.DeepSeq.NFData Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance Control.DeepSeq.NFData Network.AWS.KMS.CreateGrant.CreateGrantResponse
- Network.AWS.KMS.CreateGrant: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance Data.Data.Data Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance Data.Data.Data Network.AWS.KMS.CreateGrant.CreateGrantResponse
- Network.AWS.KMS.CreateGrant: instance Data.Hashable.Class.Hashable Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance GHC.Classes.Eq Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance GHC.Classes.Eq Network.AWS.KMS.CreateGrant.CreateGrantResponse
- Network.AWS.KMS.CreateGrant: instance GHC.Generics.Generic Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance GHC.Generics.Generic Network.AWS.KMS.CreateGrant.CreateGrantResponse
- Network.AWS.KMS.CreateGrant: instance GHC.Read.Read Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance GHC.Read.Read Network.AWS.KMS.CreateGrant.CreateGrantResponse
- Network.AWS.KMS.CreateGrant: instance GHC.Show.Show Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance GHC.Show.Show Network.AWS.KMS.CreateGrant.CreateGrantResponse
- Network.AWS.KMS.CreateGrant: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateGrant: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.CreateGrant.CreateGrant
- Network.AWS.KMS.CreateKey: ckBypassPolicyLockoutSafetyCheck :: Lens' CreateKey (Maybe Bool)
- Network.AWS.KMS.CreateKey: ckDescription :: Lens' CreateKey (Maybe Text)
- Network.AWS.KMS.CreateKey: ckKeyUsage :: Lens' CreateKey (Maybe KeyUsageType)
- Network.AWS.KMS.CreateKey: ckOrigin :: Lens' CreateKey (Maybe OriginType)
- Network.AWS.KMS.CreateKey: ckPolicy :: Lens' CreateKey (Maybe Text)
- Network.AWS.KMS.CreateKey: ckTags :: Lens' CreateKey [Tag]
- Network.AWS.KMS.CreateKey: ckrsKeyMetadata :: Lens' CreateKeyResponse (Maybe KeyMetadata)
- Network.AWS.KMS.CreateKey: ckrsResponseStatus :: Lens' CreateKeyResponse Int
- Network.AWS.KMS.CreateKey: createKey :: CreateKey
- Network.AWS.KMS.CreateKey: createKeyResponse :: Int -> CreateKeyResponse
- Network.AWS.KMS.CreateKey: data CreateKey
- Network.AWS.KMS.CreateKey: data CreateKeyResponse
- Network.AWS.KMS.CreateKey: instance Control.DeepSeq.NFData Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance Control.DeepSeq.NFData Network.AWS.KMS.CreateKey.CreateKeyResponse
- Network.AWS.KMS.CreateKey: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance Data.Data.Data Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance Data.Data.Data Network.AWS.KMS.CreateKey.CreateKeyResponse
- Network.AWS.KMS.CreateKey: instance Data.Hashable.Class.Hashable Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance GHC.Classes.Eq Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance GHC.Classes.Eq Network.AWS.KMS.CreateKey.CreateKeyResponse
- Network.AWS.KMS.CreateKey: instance GHC.Generics.Generic Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance GHC.Generics.Generic Network.AWS.KMS.CreateKey.CreateKeyResponse
- Network.AWS.KMS.CreateKey: instance GHC.Read.Read Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance GHC.Read.Read Network.AWS.KMS.CreateKey.CreateKeyResponse
- Network.AWS.KMS.CreateKey: instance GHC.Show.Show Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance GHC.Show.Show Network.AWS.KMS.CreateKey.CreateKeyResponse
- Network.AWS.KMS.CreateKey: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.CreateKey: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.CreateKey.CreateKey
- Network.AWS.KMS.Decrypt: data Decrypt
- Network.AWS.KMS.Decrypt: data DecryptResponse
- Network.AWS.KMS.Decrypt: decCiphertextBlob :: Lens' Decrypt ByteString
- Network.AWS.KMS.Decrypt: decEncryptionContext :: Lens' Decrypt (HashMap Text Text)
- Network.AWS.KMS.Decrypt: decGrantTokens :: Lens' Decrypt [Text]
- Network.AWS.KMS.Decrypt: decrypt :: ByteString -> Decrypt
- Network.AWS.KMS.Decrypt: decryptResponse :: Int -> DecryptResponse
- Network.AWS.KMS.Decrypt: drsKeyId :: Lens' DecryptResponse (Maybe Text)
- Network.AWS.KMS.Decrypt: drsPlaintext :: Lens' DecryptResponse (Maybe ByteString)
- Network.AWS.KMS.Decrypt: drsResponseStatus :: Lens' DecryptResponse Int
- Network.AWS.KMS.Decrypt: instance Control.DeepSeq.NFData Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance Control.DeepSeq.NFData Network.AWS.KMS.Decrypt.DecryptResponse
- Network.AWS.KMS.Decrypt: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance Data.Data.Data Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance Data.Data.Data Network.AWS.KMS.Decrypt.DecryptResponse
- Network.AWS.KMS.Decrypt: instance Data.Hashable.Class.Hashable Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance GHC.Classes.Eq Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance GHC.Classes.Eq Network.AWS.KMS.Decrypt.DecryptResponse
- Network.AWS.KMS.Decrypt: instance GHC.Generics.Generic Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance GHC.Generics.Generic Network.AWS.KMS.Decrypt.DecryptResponse
- Network.AWS.KMS.Decrypt: instance GHC.Read.Read Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance GHC.Show.Show Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance GHC.Show.Show Network.AWS.KMS.Decrypt.DecryptResponse
- Network.AWS.KMS.Decrypt: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.Decrypt: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.Decrypt.Decrypt
- Network.AWS.KMS.DeleteAlias: daAliasName :: Lens' DeleteAlias Text
- Network.AWS.KMS.DeleteAlias: data DeleteAlias
- Network.AWS.KMS.DeleteAlias: data DeleteAliasResponse
- Network.AWS.KMS.DeleteAlias: deleteAlias :: Text -> DeleteAlias
- Network.AWS.KMS.DeleteAlias: deleteAliasResponse :: DeleteAliasResponse
- Network.AWS.KMS.DeleteAlias: instance Control.DeepSeq.NFData Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance Control.DeepSeq.NFData Network.AWS.KMS.DeleteAlias.DeleteAliasResponse
- Network.AWS.KMS.DeleteAlias: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance Data.Data.Data Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance Data.Data.Data Network.AWS.KMS.DeleteAlias.DeleteAliasResponse
- Network.AWS.KMS.DeleteAlias: instance Data.Hashable.Class.Hashable Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance GHC.Classes.Eq Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance GHC.Classes.Eq Network.AWS.KMS.DeleteAlias.DeleteAliasResponse
- Network.AWS.KMS.DeleteAlias: instance GHC.Generics.Generic Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance GHC.Generics.Generic Network.AWS.KMS.DeleteAlias.DeleteAliasResponse
- Network.AWS.KMS.DeleteAlias: instance GHC.Read.Read Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance GHC.Read.Read Network.AWS.KMS.DeleteAlias.DeleteAliasResponse
- Network.AWS.KMS.DeleteAlias: instance GHC.Show.Show Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance GHC.Show.Show Network.AWS.KMS.DeleteAlias.DeleteAliasResponse
- Network.AWS.KMS.DeleteAlias: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteAlias: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.DeleteAlias.DeleteAlias
- Network.AWS.KMS.DeleteImportedKeyMaterial: data DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: data DeleteImportedKeyMaterialResponse
- Network.AWS.KMS.DeleteImportedKeyMaterial: deleteImportedKeyMaterial :: Text -> DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: deleteImportedKeyMaterialResponse :: DeleteImportedKeyMaterialResponse
- Network.AWS.KMS.DeleteImportedKeyMaterial: dikmKeyId :: Lens' DeleteImportedKeyMaterial Text
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Control.DeepSeq.NFData Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Control.DeepSeq.NFData Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Data.Data.Data Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Data.Data.Data Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Data.Hashable.Class.Hashable Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance GHC.Classes.Eq Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance GHC.Classes.Eq Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance GHC.Generics.Generic Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance GHC.Generics.Generic Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance GHC.Read.Read Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance GHC.Read.Read Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance GHC.Show.Show Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance GHC.Show.Show Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DeleteImportedKeyMaterial: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
- Network.AWS.KMS.DescribeKey: dGrantTokens :: Lens' DescribeKey [Text]
- Network.AWS.KMS.DescribeKey: dKeyId :: Lens' DescribeKey Text
- Network.AWS.KMS.DescribeKey: data DescribeKey
- Network.AWS.KMS.DescribeKey: data DescribeKeyResponse
- Network.AWS.KMS.DescribeKey: describeKey :: Text -> DescribeKey
- Network.AWS.KMS.DescribeKey: describeKeyResponse :: Int -> DescribeKeyResponse
- Network.AWS.KMS.DescribeKey: dkrsKeyMetadata :: Lens' DescribeKeyResponse (Maybe KeyMetadata)
- Network.AWS.KMS.DescribeKey: dkrsResponseStatus :: Lens' DescribeKeyResponse Int
- Network.AWS.KMS.DescribeKey: instance Control.DeepSeq.NFData Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance Control.DeepSeq.NFData Network.AWS.KMS.DescribeKey.DescribeKeyResponse
- Network.AWS.KMS.DescribeKey: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance Data.Data.Data Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance Data.Data.Data Network.AWS.KMS.DescribeKey.DescribeKeyResponse
- Network.AWS.KMS.DescribeKey: instance Data.Hashable.Class.Hashable Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance GHC.Classes.Eq Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance GHC.Classes.Eq Network.AWS.KMS.DescribeKey.DescribeKeyResponse
- Network.AWS.KMS.DescribeKey: instance GHC.Generics.Generic Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance GHC.Generics.Generic Network.AWS.KMS.DescribeKey.DescribeKeyResponse
- Network.AWS.KMS.DescribeKey: instance GHC.Read.Read Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance GHC.Read.Read Network.AWS.KMS.DescribeKey.DescribeKeyResponse
- Network.AWS.KMS.DescribeKey: instance GHC.Show.Show Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance GHC.Show.Show Network.AWS.KMS.DescribeKey.DescribeKeyResponse
- Network.AWS.KMS.DescribeKey: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DescribeKey: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.DescribeKey.DescribeKey
- Network.AWS.KMS.DisableKey: data DisableKey
- Network.AWS.KMS.DisableKey: data DisableKeyResponse
- Network.AWS.KMS.DisableKey: disableKey :: Text -> DisableKey
- Network.AWS.KMS.DisableKey: disableKeyResponse :: DisableKeyResponse
- Network.AWS.KMS.DisableKey: dkKeyId :: Lens' DisableKey Text
- Network.AWS.KMS.DisableKey: instance Control.DeepSeq.NFData Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance Control.DeepSeq.NFData Network.AWS.KMS.DisableKey.DisableKeyResponse
- Network.AWS.KMS.DisableKey: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance Data.Data.Data Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance Data.Data.Data Network.AWS.KMS.DisableKey.DisableKeyResponse
- Network.AWS.KMS.DisableKey: instance Data.Hashable.Class.Hashable Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance GHC.Classes.Eq Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance GHC.Classes.Eq Network.AWS.KMS.DisableKey.DisableKeyResponse
- Network.AWS.KMS.DisableKey: instance GHC.Generics.Generic Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance GHC.Generics.Generic Network.AWS.KMS.DisableKey.DisableKeyResponse
- Network.AWS.KMS.DisableKey: instance GHC.Read.Read Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance GHC.Read.Read Network.AWS.KMS.DisableKey.DisableKeyResponse
- Network.AWS.KMS.DisableKey: instance GHC.Show.Show Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance GHC.Show.Show Network.AWS.KMS.DisableKey.DisableKeyResponse
- Network.AWS.KMS.DisableKey: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKey: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.DisableKey.DisableKey
- Network.AWS.KMS.DisableKeyRotation: data DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: data DisableKeyRotationResponse
- Network.AWS.KMS.DisableKeyRotation: disableKeyRotation :: Text -> DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: disableKeyRotationResponse :: DisableKeyRotationResponse
- Network.AWS.KMS.DisableKeyRotation: dkrKeyId :: Lens' DisableKeyRotation Text
- Network.AWS.KMS.DisableKeyRotation: instance Control.DeepSeq.NFData Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance Control.DeepSeq.NFData Network.AWS.KMS.DisableKeyRotation.DisableKeyRotationResponse
- Network.AWS.KMS.DisableKeyRotation: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance Data.Data.Data Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance Data.Data.Data Network.AWS.KMS.DisableKeyRotation.DisableKeyRotationResponse
- Network.AWS.KMS.DisableKeyRotation: instance Data.Hashable.Class.Hashable Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance GHC.Classes.Eq Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance GHC.Classes.Eq Network.AWS.KMS.DisableKeyRotation.DisableKeyRotationResponse
- Network.AWS.KMS.DisableKeyRotation: instance GHC.Generics.Generic Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance GHC.Generics.Generic Network.AWS.KMS.DisableKeyRotation.DisableKeyRotationResponse
- Network.AWS.KMS.DisableKeyRotation: instance GHC.Read.Read Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance GHC.Read.Read Network.AWS.KMS.DisableKeyRotation.DisableKeyRotationResponse
- Network.AWS.KMS.DisableKeyRotation: instance GHC.Show.Show Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance GHC.Show.Show Network.AWS.KMS.DisableKeyRotation.DisableKeyRotationResponse
- Network.AWS.KMS.DisableKeyRotation: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.DisableKeyRotation: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.DisableKeyRotation.DisableKeyRotation
- Network.AWS.KMS.EnableKey: data EnableKey
- Network.AWS.KMS.EnableKey: data EnableKeyResponse
- Network.AWS.KMS.EnableKey: ekKeyId :: Lens' EnableKey Text
- Network.AWS.KMS.EnableKey: enableKey :: Text -> EnableKey
- Network.AWS.KMS.EnableKey: enableKeyResponse :: EnableKeyResponse
- Network.AWS.KMS.EnableKey: instance Control.DeepSeq.NFData Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance Control.DeepSeq.NFData Network.AWS.KMS.EnableKey.EnableKeyResponse
- Network.AWS.KMS.EnableKey: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance Data.Data.Data Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance Data.Data.Data Network.AWS.KMS.EnableKey.EnableKeyResponse
- Network.AWS.KMS.EnableKey: instance Data.Hashable.Class.Hashable Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance GHC.Classes.Eq Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance GHC.Classes.Eq Network.AWS.KMS.EnableKey.EnableKeyResponse
- Network.AWS.KMS.EnableKey: instance GHC.Generics.Generic Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance GHC.Generics.Generic Network.AWS.KMS.EnableKey.EnableKeyResponse
- Network.AWS.KMS.EnableKey: instance GHC.Read.Read Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance GHC.Read.Read Network.AWS.KMS.EnableKey.EnableKeyResponse
- Network.AWS.KMS.EnableKey: instance GHC.Show.Show Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance GHC.Show.Show Network.AWS.KMS.EnableKey.EnableKeyResponse
- Network.AWS.KMS.EnableKey: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKey: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.EnableKey.EnableKey
- Network.AWS.KMS.EnableKeyRotation: data EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: data EnableKeyRotationResponse
- Network.AWS.KMS.EnableKeyRotation: ekrKeyId :: Lens' EnableKeyRotation Text
- Network.AWS.KMS.EnableKeyRotation: enableKeyRotation :: Text -> EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: enableKeyRotationResponse :: EnableKeyRotationResponse
- Network.AWS.KMS.EnableKeyRotation: instance Control.DeepSeq.NFData Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance Control.DeepSeq.NFData Network.AWS.KMS.EnableKeyRotation.EnableKeyRotationResponse
- Network.AWS.KMS.EnableKeyRotation: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance Data.Data.Data Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance Data.Data.Data Network.AWS.KMS.EnableKeyRotation.EnableKeyRotationResponse
- Network.AWS.KMS.EnableKeyRotation: instance Data.Hashable.Class.Hashable Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance GHC.Classes.Eq Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance GHC.Classes.Eq Network.AWS.KMS.EnableKeyRotation.EnableKeyRotationResponse
- Network.AWS.KMS.EnableKeyRotation: instance GHC.Generics.Generic Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance GHC.Generics.Generic Network.AWS.KMS.EnableKeyRotation.EnableKeyRotationResponse
- Network.AWS.KMS.EnableKeyRotation: instance GHC.Read.Read Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance GHC.Read.Read Network.AWS.KMS.EnableKeyRotation.EnableKeyRotationResponse
- Network.AWS.KMS.EnableKeyRotation: instance GHC.Show.Show Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance GHC.Show.Show Network.AWS.KMS.EnableKeyRotation.EnableKeyRotationResponse
- Network.AWS.KMS.EnableKeyRotation: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.EnableKeyRotation: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.EnableKeyRotation.EnableKeyRotation
- Network.AWS.KMS.Encrypt: data Encrypt
- Network.AWS.KMS.Encrypt: data EncryptResponse
- Network.AWS.KMS.Encrypt: eEncryptionContext :: Lens' Encrypt (HashMap Text Text)
- Network.AWS.KMS.Encrypt: eGrantTokens :: Lens' Encrypt [Text]
- Network.AWS.KMS.Encrypt: eKeyId :: Lens' Encrypt Text
- Network.AWS.KMS.Encrypt: ePlaintext :: Lens' Encrypt ByteString
- Network.AWS.KMS.Encrypt: encrypt :: Text -> ByteString -> Encrypt
- Network.AWS.KMS.Encrypt: encryptResponse :: Int -> EncryptResponse
- Network.AWS.KMS.Encrypt: ersCiphertextBlob :: Lens' EncryptResponse (Maybe ByteString)
- Network.AWS.KMS.Encrypt: ersKeyId :: Lens' EncryptResponse (Maybe Text)
- Network.AWS.KMS.Encrypt: ersResponseStatus :: Lens' EncryptResponse Int
- Network.AWS.KMS.Encrypt: instance Control.DeepSeq.NFData Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance Control.DeepSeq.NFData Network.AWS.KMS.Encrypt.EncryptResponse
- Network.AWS.KMS.Encrypt: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance Data.Data.Data Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance Data.Data.Data Network.AWS.KMS.Encrypt.EncryptResponse
- Network.AWS.KMS.Encrypt: instance Data.Hashable.Class.Hashable Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance GHC.Classes.Eq Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance GHC.Classes.Eq Network.AWS.KMS.Encrypt.EncryptResponse
- Network.AWS.KMS.Encrypt: instance GHC.Generics.Generic Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance GHC.Generics.Generic Network.AWS.KMS.Encrypt.EncryptResponse
- Network.AWS.KMS.Encrypt: instance GHC.Read.Read Network.AWS.KMS.Encrypt.EncryptResponse
- Network.AWS.KMS.Encrypt: instance GHC.Show.Show Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance GHC.Show.Show Network.AWS.KMS.Encrypt.EncryptResponse
- Network.AWS.KMS.Encrypt: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.Encrypt: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.Encrypt.Encrypt
- Network.AWS.KMS.GenerateDataKey: data GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: data GenerateDataKeyResponse
- Network.AWS.KMS.GenerateDataKey: gdkEncryptionContext :: Lens' GenerateDataKey (HashMap Text Text)
- Network.AWS.KMS.GenerateDataKey: gdkGrantTokens :: Lens' GenerateDataKey [Text]
- Network.AWS.KMS.GenerateDataKey: gdkKeyId :: Lens' GenerateDataKey Text
- Network.AWS.KMS.GenerateDataKey: gdkKeySpec :: Lens' GenerateDataKey (Maybe DataKeySpec)
- Network.AWS.KMS.GenerateDataKey: gdkNumberOfBytes :: Lens' GenerateDataKey (Maybe Natural)
- Network.AWS.KMS.GenerateDataKey: gdkrsCiphertextBlob :: Lens' GenerateDataKeyResponse ByteString
- Network.AWS.KMS.GenerateDataKey: gdkrsKeyId :: Lens' GenerateDataKeyResponse Text
- Network.AWS.KMS.GenerateDataKey: gdkrsPlaintext :: Lens' GenerateDataKeyResponse ByteString
- Network.AWS.KMS.GenerateDataKey: gdkrsResponseStatus :: Lens' GenerateDataKeyResponse Int
- Network.AWS.KMS.GenerateDataKey: generateDataKey :: Text -> GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: generateDataKeyResponse :: Int -> Text -> ByteString -> ByteString -> GenerateDataKeyResponse
- Network.AWS.KMS.GenerateDataKey: instance Control.DeepSeq.NFData Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance Control.DeepSeq.NFData Network.AWS.KMS.GenerateDataKey.GenerateDataKeyResponse
- Network.AWS.KMS.GenerateDataKey: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance Data.Data.Data Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance Data.Data.Data Network.AWS.KMS.GenerateDataKey.GenerateDataKeyResponse
- Network.AWS.KMS.GenerateDataKey: instance Data.Hashable.Class.Hashable Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance GHC.Classes.Eq Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance GHC.Classes.Eq Network.AWS.KMS.GenerateDataKey.GenerateDataKeyResponse
- Network.AWS.KMS.GenerateDataKey: instance GHC.Generics.Generic Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance GHC.Generics.Generic Network.AWS.KMS.GenerateDataKey.GenerateDataKeyResponse
- Network.AWS.KMS.GenerateDataKey: instance GHC.Read.Read Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance GHC.Show.Show Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance GHC.Show.Show Network.AWS.KMS.GenerateDataKey.GenerateDataKeyResponse
- Network.AWS.KMS.GenerateDataKey: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKey: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.GenerateDataKey.GenerateDataKey
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: data GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: data GenerateDataKeyWithoutPlaintextResponse
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: gdkwpEncryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (HashMap Text Text)
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: gdkwpGrantTokens :: Lens' GenerateDataKeyWithoutPlaintext [Text]
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: gdkwpKeyId :: Lens' GenerateDataKeyWithoutPlaintext Text
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: gdkwpKeySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec)
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural)
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: gdkwprsCiphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe ByteString)
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: gdkwprsKeyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text)
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: gdkwprsResponseStatus :: Lens' GenerateDataKeyWithoutPlaintextResponse Int
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintext :: Text -> GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintextResponse :: Int -> GenerateDataKeyWithoutPlaintextResponse
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Control.DeepSeq.NFData Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Control.DeepSeq.NFData Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Data.Data.Data Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Data.Data.Data Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Data.Hashable.Class.Hashable Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Classes.Eq Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Classes.Eq Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Generics.Generic Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Generics.Generic Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Read.Read Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Read.Read Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Show.Show Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Show.Show Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateDataKeyWithoutPlaintext: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
- Network.AWS.KMS.GenerateRandom: data GenerateRandom
- Network.AWS.KMS.GenerateRandom: data GenerateRandomResponse
- Network.AWS.KMS.GenerateRandom: generateRandom :: GenerateRandom
- Network.AWS.KMS.GenerateRandom: generateRandomResponse :: Int -> GenerateRandomResponse
- Network.AWS.KMS.GenerateRandom: grNumberOfBytes :: Lens' GenerateRandom (Maybe Natural)
- Network.AWS.KMS.GenerateRandom: grrsPlaintext :: Lens' GenerateRandomResponse (Maybe ByteString)
- Network.AWS.KMS.GenerateRandom: grrsResponseStatus :: Lens' GenerateRandomResponse Int
- Network.AWS.KMS.GenerateRandom: instance Control.DeepSeq.NFData Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance Control.DeepSeq.NFData Network.AWS.KMS.GenerateRandom.GenerateRandomResponse
- Network.AWS.KMS.GenerateRandom: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance Data.Data.Data Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance Data.Data.Data Network.AWS.KMS.GenerateRandom.GenerateRandomResponse
- Network.AWS.KMS.GenerateRandom: instance Data.Hashable.Class.Hashable Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance GHC.Classes.Eq Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance GHC.Classes.Eq Network.AWS.KMS.GenerateRandom.GenerateRandomResponse
- Network.AWS.KMS.GenerateRandom: instance GHC.Generics.Generic Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance GHC.Generics.Generic Network.AWS.KMS.GenerateRandom.GenerateRandomResponse
- Network.AWS.KMS.GenerateRandom: instance GHC.Read.Read Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance GHC.Show.Show Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance GHC.Show.Show Network.AWS.KMS.GenerateRandom.GenerateRandomResponse
- Network.AWS.KMS.GenerateRandom: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GenerateRandom: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.GenerateRandom.GenerateRandom
- Network.AWS.KMS.GetKeyPolicy: data GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: data GetKeyPolicyResponse
- Network.AWS.KMS.GetKeyPolicy: getKeyPolicy :: Text -> Text -> GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: getKeyPolicyResponse :: Int -> GetKeyPolicyResponse
- Network.AWS.KMS.GetKeyPolicy: gkpKeyId :: Lens' GetKeyPolicy Text
- Network.AWS.KMS.GetKeyPolicy: gkpPolicyName :: Lens' GetKeyPolicy Text
- Network.AWS.KMS.GetKeyPolicy: gkprsPolicy :: Lens' GetKeyPolicyResponse (Maybe Text)
- Network.AWS.KMS.GetKeyPolicy: gkprsResponseStatus :: Lens' GetKeyPolicyResponse Int
- Network.AWS.KMS.GetKeyPolicy: instance Control.DeepSeq.NFData Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance Control.DeepSeq.NFData Network.AWS.KMS.GetKeyPolicy.GetKeyPolicyResponse
- Network.AWS.KMS.GetKeyPolicy: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance Data.Data.Data Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance Data.Data.Data Network.AWS.KMS.GetKeyPolicy.GetKeyPolicyResponse
- Network.AWS.KMS.GetKeyPolicy: instance Data.Hashable.Class.Hashable Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance GHC.Classes.Eq Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance GHC.Classes.Eq Network.AWS.KMS.GetKeyPolicy.GetKeyPolicyResponse
- Network.AWS.KMS.GetKeyPolicy: instance GHC.Generics.Generic Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance GHC.Generics.Generic Network.AWS.KMS.GetKeyPolicy.GetKeyPolicyResponse
- Network.AWS.KMS.GetKeyPolicy: instance GHC.Read.Read Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance GHC.Read.Read Network.AWS.KMS.GetKeyPolicy.GetKeyPolicyResponse
- Network.AWS.KMS.GetKeyPolicy: instance GHC.Show.Show Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance GHC.Show.Show Network.AWS.KMS.GetKeyPolicy.GetKeyPolicyResponse
- Network.AWS.KMS.GetKeyPolicy: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyPolicy: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.GetKeyPolicy.GetKeyPolicy
- Network.AWS.KMS.GetKeyRotationStatus: data GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: data GetKeyRotationStatusResponse
- Network.AWS.KMS.GetKeyRotationStatus: getKeyRotationStatus :: Text -> GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: getKeyRotationStatusResponse :: Int -> GetKeyRotationStatusResponse
- Network.AWS.KMS.GetKeyRotationStatus: gkrsKeyId :: Lens' GetKeyRotationStatus Text
- Network.AWS.KMS.GetKeyRotationStatus: gkrsrsKeyRotationEnabled :: Lens' GetKeyRotationStatusResponse (Maybe Bool)
- Network.AWS.KMS.GetKeyRotationStatus: gkrsrsResponseStatus :: Lens' GetKeyRotationStatusResponse Int
- Network.AWS.KMS.GetKeyRotationStatus: instance Control.DeepSeq.NFData Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance Control.DeepSeq.NFData Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
- Network.AWS.KMS.GetKeyRotationStatus: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance Data.Data.Data Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance Data.Data.Data Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
- Network.AWS.KMS.GetKeyRotationStatus: instance Data.Hashable.Class.Hashable Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance GHC.Classes.Eq Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance GHC.Classes.Eq Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
- Network.AWS.KMS.GetKeyRotationStatus: instance GHC.Generics.Generic Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance GHC.Generics.Generic Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
- Network.AWS.KMS.GetKeyRotationStatus: instance GHC.Read.Read Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance GHC.Read.Read Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
- Network.AWS.KMS.GetKeyRotationStatus: instance GHC.Show.Show Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance GHC.Show.Show Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
- Network.AWS.KMS.GetKeyRotationStatus: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetKeyRotationStatus: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.GetKeyRotationStatus.GetKeyRotationStatus
- Network.AWS.KMS.GetParametersForImport: data GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: data GetParametersForImportResponse
- Network.AWS.KMS.GetParametersForImport: getParametersForImport :: Text -> AlgorithmSpec -> WrappingKeySpec -> GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: getParametersForImportResponse :: Int -> GetParametersForImportResponse
- Network.AWS.KMS.GetParametersForImport: gpfiKeyId :: Lens' GetParametersForImport Text
- Network.AWS.KMS.GetParametersForImport: gpfiWrappingAlgorithm :: Lens' GetParametersForImport AlgorithmSpec
- Network.AWS.KMS.GetParametersForImport: gpfiWrappingKeySpec :: Lens' GetParametersForImport WrappingKeySpec
- Network.AWS.KMS.GetParametersForImport: gpfirsImportToken :: Lens' GetParametersForImportResponse (Maybe ByteString)
- Network.AWS.KMS.GetParametersForImport: gpfirsKeyId :: Lens' GetParametersForImportResponse (Maybe Text)
- Network.AWS.KMS.GetParametersForImport: gpfirsParametersValidTo :: Lens' GetParametersForImportResponse (Maybe UTCTime)
- Network.AWS.KMS.GetParametersForImport: gpfirsPublicKey :: Lens' GetParametersForImportResponse (Maybe ByteString)
- Network.AWS.KMS.GetParametersForImport: gpfirsResponseStatus :: Lens' GetParametersForImportResponse Int
- Network.AWS.KMS.GetParametersForImport: instance Control.DeepSeq.NFData Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance Control.DeepSeq.NFData Network.AWS.KMS.GetParametersForImport.GetParametersForImportResponse
- Network.AWS.KMS.GetParametersForImport: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance Data.Data.Data Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance Data.Data.Data Network.AWS.KMS.GetParametersForImport.GetParametersForImportResponse
- Network.AWS.KMS.GetParametersForImport: instance Data.Hashable.Class.Hashable Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance GHC.Classes.Eq Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance GHC.Classes.Eq Network.AWS.KMS.GetParametersForImport.GetParametersForImportResponse
- Network.AWS.KMS.GetParametersForImport: instance GHC.Generics.Generic Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance GHC.Generics.Generic Network.AWS.KMS.GetParametersForImport.GetParametersForImportResponse
- Network.AWS.KMS.GetParametersForImport: instance GHC.Read.Read Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance GHC.Show.Show Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance GHC.Show.Show Network.AWS.KMS.GetParametersForImport.GetParametersForImportResponse
- Network.AWS.KMS.GetParametersForImport: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.GetParametersForImport: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.GetParametersForImport.GetParametersForImport
- Network.AWS.KMS.ImportKeyMaterial: data ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: data ImportKeyMaterialResponse
- Network.AWS.KMS.ImportKeyMaterial: ikmEncryptedKeyMaterial :: Lens' ImportKeyMaterial ByteString
- Network.AWS.KMS.ImportKeyMaterial: ikmExpirationModel :: Lens' ImportKeyMaterial (Maybe ExpirationModelType)
- Network.AWS.KMS.ImportKeyMaterial: ikmImportToken :: Lens' ImportKeyMaterial ByteString
- Network.AWS.KMS.ImportKeyMaterial: ikmKeyId :: Lens' ImportKeyMaterial Text
- Network.AWS.KMS.ImportKeyMaterial: ikmValidTo :: Lens' ImportKeyMaterial (Maybe UTCTime)
- Network.AWS.KMS.ImportKeyMaterial: ikmrsResponseStatus :: Lens' ImportKeyMaterialResponse Int
- Network.AWS.KMS.ImportKeyMaterial: importKeyMaterial :: Text -> ByteString -> ByteString -> ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: importKeyMaterialResponse :: Int -> ImportKeyMaterialResponse
- Network.AWS.KMS.ImportKeyMaterial: instance Control.DeepSeq.NFData Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance Control.DeepSeq.NFData Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
- Network.AWS.KMS.ImportKeyMaterial: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance Data.Data.Data Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance Data.Data.Data Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
- Network.AWS.KMS.ImportKeyMaterial: instance Data.Hashable.Class.Hashable Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance GHC.Classes.Eq Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance GHC.Classes.Eq Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
- Network.AWS.KMS.ImportKeyMaterial: instance GHC.Generics.Generic Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance GHC.Generics.Generic Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
- Network.AWS.KMS.ImportKeyMaterial: instance GHC.Read.Read Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance GHC.Read.Read Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
- Network.AWS.KMS.ImportKeyMaterial: instance GHC.Show.Show Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance GHC.Show.Show Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
- Network.AWS.KMS.ImportKeyMaterial: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ImportKeyMaterial: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ImportKeyMaterial.ImportKeyMaterial
- Network.AWS.KMS.ListAliases: data ListAliases
- Network.AWS.KMS.ListAliases: data ListAliasesResponse
- Network.AWS.KMS.ListAliases: instance Control.DeepSeq.NFData Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance Control.DeepSeq.NFData Network.AWS.KMS.ListAliases.ListAliasesResponse
- Network.AWS.KMS.ListAliases: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance Data.Data.Data Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance Data.Data.Data Network.AWS.KMS.ListAliases.ListAliasesResponse
- Network.AWS.KMS.ListAliases: instance Data.Hashable.Class.Hashable Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance GHC.Classes.Eq Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance GHC.Classes.Eq Network.AWS.KMS.ListAliases.ListAliasesResponse
- Network.AWS.KMS.ListAliases: instance GHC.Generics.Generic Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance GHC.Generics.Generic Network.AWS.KMS.ListAliases.ListAliasesResponse
- Network.AWS.KMS.ListAliases: instance GHC.Read.Read Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance GHC.Read.Read Network.AWS.KMS.ListAliases.ListAliasesResponse
- Network.AWS.KMS.ListAliases: instance GHC.Show.Show Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance GHC.Show.Show Network.AWS.KMS.ListAliases.ListAliasesResponse
- Network.AWS.KMS.ListAliases: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance Network.AWS.Pager.AWSPager Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ListAliases.ListAliases
- Network.AWS.KMS.ListAliases: laLimit :: Lens' ListAliases (Maybe Natural)
- Network.AWS.KMS.ListAliases: laMarker :: Lens' ListAliases (Maybe Text)
- Network.AWS.KMS.ListAliases: larsAliases :: Lens' ListAliasesResponse [AliasListEntry]
- Network.AWS.KMS.ListAliases: larsNextMarker :: Lens' ListAliasesResponse (Maybe Text)
- Network.AWS.KMS.ListAliases: larsResponseStatus :: Lens' ListAliasesResponse Int
- Network.AWS.KMS.ListAliases: larsTruncated :: Lens' ListAliasesResponse (Maybe Bool)
- Network.AWS.KMS.ListAliases: listAliases :: ListAliases
- Network.AWS.KMS.ListAliases: listAliasesResponse :: Int -> ListAliasesResponse
- Network.AWS.KMS.ListGrants: data ListGrants
- Network.AWS.KMS.ListGrants: data ListGrantsResponse
- Network.AWS.KMS.ListGrants: instance Control.DeepSeq.NFData Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance Data.Data.Data Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance Data.Hashable.Class.Hashable Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance GHC.Classes.Eq Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance GHC.Generics.Generic Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance GHC.Read.Read Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance GHC.Show.Show Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance Network.AWS.Pager.AWSPager Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ListGrants.ListGrants
- Network.AWS.KMS.ListGrants: lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
- Network.AWS.KMS.ListGrants: lgKeyId :: Lens' ListGrants Text
- Network.AWS.KMS.ListGrants: lgLimit :: Lens' ListGrants (Maybe Natural)
- Network.AWS.KMS.ListGrants: lgMarker :: Lens' ListGrants (Maybe Text)
- Network.AWS.KMS.ListGrants: lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
- Network.AWS.KMS.ListGrants: lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
- Network.AWS.KMS.ListGrants: listGrants :: Text -> ListGrants
- Network.AWS.KMS.ListGrants: listGrantsResponse :: ListGrantsResponse
- Network.AWS.KMS.ListKeyPolicies: data ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: data ListKeyPoliciesResponse
- Network.AWS.KMS.ListKeyPolicies: instance Control.DeepSeq.NFData Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance Control.DeepSeq.NFData Network.AWS.KMS.ListKeyPolicies.ListKeyPoliciesResponse
- Network.AWS.KMS.ListKeyPolicies: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance Data.Data.Data Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance Data.Data.Data Network.AWS.KMS.ListKeyPolicies.ListKeyPoliciesResponse
- Network.AWS.KMS.ListKeyPolicies: instance Data.Hashable.Class.Hashable Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance GHC.Classes.Eq Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance GHC.Classes.Eq Network.AWS.KMS.ListKeyPolicies.ListKeyPoliciesResponse
- Network.AWS.KMS.ListKeyPolicies: instance GHC.Generics.Generic Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance GHC.Generics.Generic Network.AWS.KMS.ListKeyPolicies.ListKeyPoliciesResponse
- Network.AWS.KMS.ListKeyPolicies: instance GHC.Read.Read Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance GHC.Read.Read Network.AWS.KMS.ListKeyPolicies.ListKeyPoliciesResponse
- Network.AWS.KMS.ListKeyPolicies: instance GHC.Show.Show Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance GHC.Show.Show Network.AWS.KMS.ListKeyPolicies.ListKeyPoliciesResponse
- Network.AWS.KMS.ListKeyPolicies: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance Network.AWS.Pager.AWSPager Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ListKeyPolicies.ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: listKeyPolicies :: Text -> ListKeyPolicies
- Network.AWS.KMS.ListKeyPolicies: listKeyPoliciesResponse :: Int -> ListKeyPoliciesResponse
- Network.AWS.KMS.ListKeyPolicies: lkpKeyId :: Lens' ListKeyPolicies Text
- Network.AWS.KMS.ListKeyPolicies: lkpLimit :: Lens' ListKeyPolicies (Maybe Natural)
- Network.AWS.KMS.ListKeyPolicies: lkpMarker :: Lens' ListKeyPolicies (Maybe Text)
- Network.AWS.KMS.ListKeyPolicies: lkprsNextMarker :: Lens' ListKeyPoliciesResponse (Maybe Text)
- Network.AWS.KMS.ListKeyPolicies: lkprsPolicyNames :: Lens' ListKeyPoliciesResponse [Text]
- Network.AWS.KMS.ListKeyPolicies: lkprsResponseStatus :: Lens' ListKeyPoliciesResponse Int
- Network.AWS.KMS.ListKeyPolicies: lkprsTruncated :: Lens' ListKeyPoliciesResponse (Maybe Bool)
- Network.AWS.KMS.ListKeys: data ListKeys
- Network.AWS.KMS.ListKeys: data ListKeysResponse
- Network.AWS.KMS.ListKeys: instance Control.DeepSeq.NFData Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance Control.DeepSeq.NFData Network.AWS.KMS.ListKeys.ListKeysResponse
- Network.AWS.KMS.ListKeys: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance Data.Data.Data Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance Data.Data.Data Network.AWS.KMS.ListKeys.ListKeysResponse
- Network.AWS.KMS.ListKeys: instance Data.Hashable.Class.Hashable Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance GHC.Classes.Eq Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance GHC.Classes.Eq Network.AWS.KMS.ListKeys.ListKeysResponse
- Network.AWS.KMS.ListKeys: instance GHC.Generics.Generic Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance GHC.Generics.Generic Network.AWS.KMS.ListKeys.ListKeysResponse
- Network.AWS.KMS.ListKeys: instance GHC.Read.Read Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance GHC.Read.Read Network.AWS.KMS.ListKeys.ListKeysResponse
- Network.AWS.KMS.ListKeys: instance GHC.Show.Show Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance GHC.Show.Show Network.AWS.KMS.ListKeys.ListKeysResponse
- Network.AWS.KMS.ListKeys: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance Network.AWS.Pager.AWSPager Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ListKeys.ListKeys
- Network.AWS.KMS.ListKeys: listKeys :: ListKeys
- Network.AWS.KMS.ListKeys: listKeysResponse :: Int -> ListKeysResponse
- Network.AWS.KMS.ListKeys: lkLimit :: Lens' ListKeys (Maybe Natural)
- Network.AWS.KMS.ListKeys: lkMarker :: Lens' ListKeys (Maybe Text)
- Network.AWS.KMS.ListKeys: lkrsKeys :: Lens' ListKeysResponse [KeyListEntry]
- Network.AWS.KMS.ListKeys: lkrsNextMarker :: Lens' ListKeysResponse (Maybe Text)
- Network.AWS.KMS.ListKeys: lkrsResponseStatus :: Lens' ListKeysResponse Int
- Network.AWS.KMS.ListKeys: lkrsTruncated :: Lens' ListKeysResponse (Maybe Bool)
- Network.AWS.KMS.ListResourceTags: data ListResourceTags
- Network.AWS.KMS.ListResourceTags: data ListResourceTagsResponse
- Network.AWS.KMS.ListResourceTags: instance Control.DeepSeq.NFData Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance Control.DeepSeq.NFData Network.AWS.KMS.ListResourceTags.ListResourceTagsResponse
- Network.AWS.KMS.ListResourceTags: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance Data.Data.Data Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance Data.Data.Data Network.AWS.KMS.ListResourceTags.ListResourceTagsResponse
- Network.AWS.KMS.ListResourceTags: instance Data.Hashable.Class.Hashable Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance GHC.Classes.Eq Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance GHC.Classes.Eq Network.AWS.KMS.ListResourceTags.ListResourceTagsResponse
- Network.AWS.KMS.ListResourceTags: instance GHC.Generics.Generic Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance GHC.Generics.Generic Network.AWS.KMS.ListResourceTags.ListResourceTagsResponse
- Network.AWS.KMS.ListResourceTags: instance GHC.Read.Read Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance GHC.Read.Read Network.AWS.KMS.ListResourceTags.ListResourceTagsResponse
- Network.AWS.KMS.ListResourceTags: instance GHC.Show.Show Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance GHC.Show.Show Network.AWS.KMS.ListResourceTags.ListResourceTagsResponse
- Network.AWS.KMS.ListResourceTags: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ListResourceTags.ListResourceTags
- Network.AWS.KMS.ListResourceTags: listResourceTags :: Text -> ListResourceTags
- Network.AWS.KMS.ListResourceTags: listResourceTagsResponse :: Int -> ListResourceTagsResponse
- Network.AWS.KMS.ListResourceTags: lrtKeyId :: Lens' ListResourceTags Text
- Network.AWS.KMS.ListResourceTags: lrtLimit :: Lens' ListResourceTags (Maybe Natural)
- Network.AWS.KMS.ListResourceTags: lrtMarker :: Lens' ListResourceTags (Maybe Text)
- Network.AWS.KMS.ListResourceTags: lrtrsNextMarker :: Lens' ListResourceTagsResponse (Maybe Text)
- Network.AWS.KMS.ListResourceTags: lrtrsResponseStatus :: Lens' ListResourceTagsResponse Int
- Network.AWS.KMS.ListResourceTags: lrtrsTags :: Lens' ListResourceTagsResponse [Tag]
- Network.AWS.KMS.ListResourceTags: lrtrsTruncated :: Lens' ListResourceTagsResponse (Maybe Bool)
- Network.AWS.KMS.ListRetirableGrants: data ListGrantsResponse
- Network.AWS.KMS.ListRetirableGrants: data ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance Control.DeepSeq.NFData Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance Data.Data.Data Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance Data.Hashable.Class.Hashable Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance GHC.Classes.Eq Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance GHC.Generics.Generic Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance GHC.Read.Read Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance GHC.Show.Show Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ListRetirableGrants.ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
- Network.AWS.KMS.ListRetirableGrants: lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
- Network.AWS.KMS.ListRetirableGrants: lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
- Network.AWS.KMS.ListRetirableGrants: listGrantsResponse :: ListGrantsResponse
- Network.AWS.KMS.ListRetirableGrants: listRetirableGrants :: Text -> ListRetirableGrants
- Network.AWS.KMS.ListRetirableGrants: lrgLimit :: Lens' ListRetirableGrants (Maybe Natural)
- Network.AWS.KMS.ListRetirableGrants: lrgMarker :: Lens' ListRetirableGrants (Maybe Text)
- Network.AWS.KMS.ListRetirableGrants: lrgRetiringPrincipal :: Lens' ListRetirableGrants Text
- Network.AWS.KMS.PutKeyPolicy: data PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: data PutKeyPolicyResponse
- Network.AWS.KMS.PutKeyPolicy: instance Control.DeepSeq.NFData Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance Control.DeepSeq.NFData Network.AWS.KMS.PutKeyPolicy.PutKeyPolicyResponse
- Network.AWS.KMS.PutKeyPolicy: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance Data.Data.Data Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance Data.Data.Data Network.AWS.KMS.PutKeyPolicy.PutKeyPolicyResponse
- Network.AWS.KMS.PutKeyPolicy: instance Data.Hashable.Class.Hashable Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance GHC.Classes.Eq Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance GHC.Classes.Eq Network.AWS.KMS.PutKeyPolicy.PutKeyPolicyResponse
- Network.AWS.KMS.PutKeyPolicy: instance GHC.Generics.Generic Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance GHC.Generics.Generic Network.AWS.KMS.PutKeyPolicy.PutKeyPolicyResponse
- Network.AWS.KMS.PutKeyPolicy: instance GHC.Read.Read Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance GHC.Read.Read Network.AWS.KMS.PutKeyPolicy.PutKeyPolicyResponse
- Network.AWS.KMS.PutKeyPolicy: instance GHC.Show.Show Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance GHC.Show.Show Network.AWS.KMS.PutKeyPolicy.PutKeyPolicyResponse
- Network.AWS.KMS.PutKeyPolicy: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.PutKeyPolicy.PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: pkpBypassPolicyLockoutSafetyCheck :: Lens' PutKeyPolicy (Maybe Bool)
- Network.AWS.KMS.PutKeyPolicy: pkpKeyId :: Lens' PutKeyPolicy Text
- Network.AWS.KMS.PutKeyPolicy: pkpPolicy :: Lens' PutKeyPolicy Text
- Network.AWS.KMS.PutKeyPolicy: pkpPolicyName :: Lens' PutKeyPolicy Text
- Network.AWS.KMS.PutKeyPolicy: putKeyPolicy :: Text -> Text -> Text -> PutKeyPolicy
- Network.AWS.KMS.PutKeyPolicy: putKeyPolicyResponse :: PutKeyPolicyResponse
- Network.AWS.KMS.ReEncrypt: data ReEncrypt
- Network.AWS.KMS.ReEncrypt: data ReEncryptResponse
- Network.AWS.KMS.ReEncrypt: instance Control.DeepSeq.NFData Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance Control.DeepSeq.NFData Network.AWS.KMS.ReEncrypt.ReEncryptResponse
- Network.AWS.KMS.ReEncrypt: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance Data.Data.Data Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance Data.Data.Data Network.AWS.KMS.ReEncrypt.ReEncryptResponse
- Network.AWS.KMS.ReEncrypt: instance Data.Hashable.Class.Hashable Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance GHC.Classes.Eq Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance GHC.Classes.Eq Network.AWS.KMS.ReEncrypt.ReEncryptResponse
- Network.AWS.KMS.ReEncrypt: instance GHC.Generics.Generic Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance GHC.Generics.Generic Network.AWS.KMS.ReEncrypt.ReEncryptResponse
- Network.AWS.KMS.ReEncrypt: instance GHC.Read.Read Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance GHC.Read.Read Network.AWS.KMS.ReEncrypt.ReEncryptResponse
- Network.AWS.KMS.ReEncrypt: instance GHC.Show.Show Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance GHC.Show.Show Network.AWS.KMS.ReEncrypt.ReEncryptResponse
- Network.AWS.KMS.ReEncrypt: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ReEncrypt.ReEncrypt
- Network.AWS.KMS.ReEncrypt: reCiphertextBlob :: Lens' ReEncrypt ByteString
- Network.AWS.KMS.ReEncrypt: reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)
- Network.AWS.KMS.ReEncrypt: reDestinationKeyId :: Lens' ReEncrypt Text
- Network.AWS.KMS.ReEncrypt: reEncrypt :: ByteString -> Text -> ReEncrypt
- Network.AWS.KMS.ReEncrypt: reEncryptResponse :: Int -> ReEncryptResponse
- Network.AWS.KMS.ReEncrypt: reGrantTokens :: Lens' ReEncrypt [Text]
- Network.AWS.KMS.ReEncrypt: reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)
- Network.AWS.KMS.ReEncrypt: rersCiphertextBlob :: Lens' ReEncryptResponse (Maybe ByteString)
- Network.AWS.KMS.ReEncrypt: rersKeyId :: Lens' ReEncryptResponse (Maybe Text)
- Network.AWS.KMS.ReEncrypt: rersResponseStatus :: Lens' ReEncryptResponse Int
- Network.AWS.KMS.ReEncrypt: rersSourceKeyId :: Lens' ReEncryptResponse (Maybe Text)
- Network.AWS.KMS.RetireGrant: data RetireGrant
- Network.AWS.KMS.RetireGrant: data RetireGrantResponse
- Network.AWS.KMS.RetireGrant: instance Control.DeepSeq.NFData Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance Control.DeepSeq.NFData Network.AWS.KMS.RetireGrant.RetireGrantResponse
- Network.AWS.KMS.RetireGrant: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance Data.Data.Data Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance Data.Data.Data Network.AWS.KMS.RetireGrant.RetireGrantResponse
- Network.AWS.KMS.RetireGrant: instance Data.Hashable.Class.Hashable Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance GHC.Classes.Eq Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance GHC.Classes.Eq Network.AWS.KMS.RetireGrant.RetireGrantResponse
- Network.AWS.KMS.RetireGrant: instance GHC.Generics.Generic Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance GHC.Generics.Generic Network.AWS.KMS.RetireGrant.RetireGrantResponse
- Network.AWS.KMS.RetireGrant: instance GHC.Read.Read Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance GHC.Read.Read Network.AWS.KMS.RetireGrant.RetireGrantResponse
- Network.AWS.KMS.RetireGrant: instance GHC.Show.Show Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance GHC.Show.Show Network.AWS.KMS.RetireGrant.RetireGrantResponse
- Network.AWS.KMS.RetireGrant: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.RetireGrant.RetireGrant
- Network.AWS.KMS.RetireGrant: retireGrant :: RetireGrant
- Network.AWS.KMS.RetireGrant: retireGrantResponse :: RetireGrantResponse
- Network.AWS.KMS.RetireGrant: rgGrantId :: Lens' RetireGrant (Maybe Text)
- Network.AWS.KMS.RetireGrant: rgGrantToken :: Lens' RetireGrant (Maybe Text)
- Network.AWS.KMS.RetireGrant: rgKeyId :: Lens' RetireGrant (Maybe Text)
- Network.AWS.KMS.RevokeGrant: data RevokeGrant
- Network.AWS.KMS.RevokeGrant: data RevokeGrantResponse
- Network.AWS.KMS.RevokeGrant: instance Control.DeepSeq.NFData Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance Control.DeepSeq.NFData Network.AWS.KMS.RevokeGrant.RevokeGrantResponse
- Network.AWS.KMS.RevokeGrant: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance Data.Data.Data Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance Data.Data.Data Network.AWS.KMS.RevokeGrant.RevokeGrantResponse
- Network.AWS.KMS.RevokeGrant: instance Data.Hashable.Class.Hashable Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance GHC.Classes.Eq Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance GHC.Classes.Eq Network.AWS.KMS.RevokeGrant.RevokeGrantResponse
- Network.AWS.KMS.RevokeGrant: instance GHC.Generics.Generic Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance GHC.Generics.Generic Network.AWS.KMS.RevokeGrant.RevokeGrantResponse
- Network.AWS.KMS.RevokeGrant: instance GHC.Read.Read Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance GHC.Read.Read Network.AWS.KMS.RevokeGrant.RevokeGrantResponse
- Network.AWS.KMS.RevokeGrant: instance GHC.Show.Show Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance GHC.Show.Show Network.AWS.KMS.RevokeGrant.RevokeGrantResponse
- Network.AWS.KMS.RevokeGrant: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.RevokeGrant.RevokeGrant
- Network.AWS.KMS.RevokeGrant: rGrantId :: Lens' RevokeGrant Text
- Network.AWS.KMS.RevokeGrant: rKeyId :: Lens' RevokeGrant Text
- Network.AWS.KMS.RevokeGrant: revokeGrant :: Text -> Text -> RevokeGrant
- Network.AWS.KMS.RevokeGrant: revokeGrantResponse :: RevokeGrantResponse
- Network.AWS.KMS.ScheduleKeyDeletion: data ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: data ScheduleKeyDeletionResponse
- Network.AWS.KMS.ScheduleKeyDeletion: instance Control.DeepSeq.NFData Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance Control.DeepSeq.NFData Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
- Network.AWS.KMS.ScheduleKeyDeletion: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance Data.Data.Data Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance Data.Data.Data Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
- Network.AWS.KMS.ScheduleKeyDeletion: instance Data.Hashable.Class.Hashable Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Classes.Eq Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Classes.Eq Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
- Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Generic Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Generics.Generic Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
- Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Read.Read Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Read.Read Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
- Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Show.Show Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance GHC.Show.Show Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
- Network.AWS.KMS.ScheduleKeyDeletion: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: scheduleKeyDeletion :: Text -> ScheduleKeyDeletion
- Network.AWS.KMS.ScheduleKeyDeletion: scheduleKeyDeletionResponse :: Int -> ScheduleKeyDeletionResponse
- Network.AWS.KMS.ScheduleKeyDeletion: skdKeyId :: Lens' ScheduleKeyDeletion Text
- Network.AWS.KMS.ScheduleKeyDeletion: skdPendingWindowInDays :: Lens' ScheduleKeyDeletion (Maybe Natural)
- Network.AWS.KMS.ScheduleKeyDeletion: skdrsDeletionDate :: Lens' ScheduleKeyDeletionResponse (Maybe UTCTime)
- Network.AWS.KMS.ScheduleKeyDeletion: skdrsKeyId :: Lens' ScheduleKeyDeletionResponse (Maybe Text)
- Network.AWS.KMS.ScheduleKeyDeletion: skdrsResponseStatus :: Lens' ScheduleKeyDeletionResponse Int
- Network.AWS.KMS.TagResource: data TagResource
- Network.AWS.KMS.TagResource: data TagResourceResponse
- Network.AWS.KMS.TagResource: instance Control.DeepSeq.NFData Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance Control.DeepSeq.NFData Network.AWS.KMS.TagResource.TagResourceResponse
- Network.AWS.KMS.TagResource: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance Data.Data.Data Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance Data.Data.Data Network.AWS.KMS.TagResource.TagResourceResponse
- Network.AWS.KMS.TagResource: instance Data.Hashable.Class.Hashable Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance GHC.Classes.Eq Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance GHC.Classes.Eq Network.AWS.KMS.TagResource.TagResourceResponse
- Network.AWS.KMS.TagResource: instance GHC.Generics.Generic Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance GHC.Generics.Generic Network.AWS.KMS.TagResource.TagResourceResponse
- Network.AWS.KMS.TagResource: instance GHC.Read.Read Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance GHC.Read.Read Network.AWS.KMS.TagResource.TagResourceResponse
- Network.AWS.KMS.TagResource: instance GHC.Show.Show Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance GHC.Show.Show Network.AWS.KMS.TagResource.TagResourceResponse
- Network.AWS.KMS.TagResource: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.TagResource.TagResource
- Network.AWS.KMS.TagResource: tagResource :: Text -> TagResource
- Network.AWS.KMS.TagResource: tagResourceResponse :: TagResourceResponse
- Network.AWS.KMS.TagResource: trKeyId :: Lens' TagResource Text
- Network.AWS.KMS.TagResource: trTags :: Lens' TagResource [Tag]
- Network.AWS.KMS.Types: AES128 :: DataKeySpec
- Network.AWS.KMS.Types: AES256 :: DataKeySpec
- Network.AWS.KMS.Types: AWS :: KeyManagerType
- Network.AWS.KMS.Types: AWSKMS :: OriginType
- Network.AWS.KMS.Types: CreateGrant :: GrantOperation
- Network.AWS.KMS.Types: Customer :: KeyManagerType
- Network.AWS.KMS.Types: Decrypt :: GrantOperation
- Network.AWS.KMS.Types: DescribeKey :: GrantOperation
- Network.AWS.KMS.Types: Disabled :: KeyState
- Network.AWS.KMS.Types: Enabled :: KeyState
- Network.AWS.KMS.Types: Encrypt :: GrantOperation
- Network.AWS.KMS.Types: EncryptDecrypt :: KeyUsageType
- Network.AWS.KMS.Types: External :: OriginType
- Network.AWS.KMS.Types: GenerateDataKey :: GrantOperation
- Network.AWS.KMS.Types: GenerateDataKeyWithoutPlaintext :: GrantOperation
- Network.AWS.KMS.Types: KeyMaterialDoesNotExpire :: ExpirationModelType
- Network.AWS.KMS.Types: KeyMaterialExpires :: ExpirationModelType
- Network.AWS.KMS.Types: PendingDeletion :: KeyState
- Network.AWS.KMS.Types: PendingImport :: KeyState
- Network.AWS.KMS.Types: ReEncryptFrom :: GrantOperation
- Network.AWS.KMS.Types: ReEncryptTo :: GrantOperation
- Network.AWS.KMS.Types: RetireGrant :: GrantOperation
- Network.AWS.KMS.Types: Rsa2048 :: WrappingKeySpec
- Network.AWS.KMS.Types: RsaesOaepSha1 :: AlgorithmSpec
- Network.AWS.KMS.Types: RsaesOaepSha256 :: AlgorithmSpec
- Network.AWS.KMS.Types: RsaesPKCS1V15 :: AlgorithmSpec
- Network.AWS.KMS.Types: _AlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _DisabledException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _ExpiredImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _IncorrectKeyMaterialException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _InvalidAliasNameException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _InvalidCiphertextException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _InvalidImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _InvalidMarkerException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _NotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _TagException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: _UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- Network.AWS.KMS.Types: aleAliasARN :: Lens' AliasListEntry (Maybe Text)
- Network.AWS.KMS.Types: aleAliasName :: Lens' AliasListEntry (Maybe Text)
- Network.AWS.KMS.Types: aleTargetKeyId :: Lens' AliasListEntry (Maybe Text)
- Network.AWS.KMS.Types: aliasListEntry :: AliasListEntry
- Network.AWS.KMS.Types: data AlgorithmSpec
- Network.AWS.KMS.Types: data AliasListEntry
- Network.AWS.KMS.Types: data DataKeySpec
- Network.AWS.KMS.Types: data ExpirationModelType
- Network.AWS.KMS.Types: data GrantConstraints
- Network.AWS.KMS.Types: data GrantListEntry
- Network.AWS.KMS.Types: data GrantOperation
- Network.AWS.KMS.Types: data KeyListEntry
- Network.AWS.KMS.Types: data KeyManagerType
- Network.AWS.KMS.Types: data KeyMetadata
- Network.AWS.KMS.Types: data KeyState
- Network.AWS.KMS.Types: data KeyUsageType
- Network.AWS.KMS.Types: data ListGrantsResponse
- Network.AWS.KMS.Types: data OriginType
- Network.AWS.KMS.Types: data Tag
- Network.AWS.KMS.Types: data WrappingKeySpec
- Network.AWS.KMS.Types: gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text)
- Network.AWS.KMS.Types: gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text)
- Network.AWS.KMS.Types: gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints)
- Network.AWS.KMS.Types: gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime)
- Network.AWS.KMS.Types: gleGrantId :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS.Types: gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS.Types: gleIssuingAccount :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS.Types: gleKeyId :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS.Types: gleName :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS.Types: gleOperations :: Lens' GrantListEntry [GrantOperation]
- Network.AWS.KMS.Types: gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text)
- Network.AWS.KMS.Types: grantConstraints :: GrantConstraints
- Network.AWS.KMS.Types: grantListEntry :: GrantListEntry
- Network.AWS.KMS.Types: keyListEntry :: KeyListEntry
- Network.AWS.KMS.Types: keyMetadata :: Text -> KeyMetadata
- Network.AWS.KMS.Types: kleKeyARN :: Lens' KeyListEntry (Maybe Text)
- Network.AWS.KMS.Types: kleKeyId :: Lens' KeyListEntry (Maybe Text)
- Network.AWS.KMS.Types: kmARN :: Lens' KeyMetadata (Maybe Text)
- Network.AWS.KMS.Types: kmAWSAccountId :: Lens' KeyMetadata (Maybe Text)
- Network.AWS.KMS.Types: kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime)
- Network.AWS.KMS.Types: kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime)
- Network.AWS.KMS.Types: kmDescription :: Lens' KeyMetadata (Maybe Text)
- Network.AWS.KMS.Types: kmEnabled :: Lens' KeyMetadata (Maybe Bool)
- Network.AWS.KMS.Types: kmExpirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType)
- Network.AWS.KMS.Types: kmKeyId :: Lens' KeyMetadata Text
- Network.AWS.KMS.Types: kmKeyManager :: Lens' KeyMetadata (Maybe KeyManagerType)
- Network.AWS.KMS.Types: kmKeyState :: Lens' KeyMetadata (Maybe KeyState)
- Network.AWS.KMS.Types: kmKeyUsage :: Lens' KeyMetadata (Maybe KeyUsageType)
- Network.AWS.KMS.Types: kmOrigin :: Lens' KeyMetadata (Maybe OriginType)
- Network.AWS.KMS.Types: kmValidTo :: Lens' KeyMetadata (Maybe UTCTime)
- Network.AWS.KMS.Types: kms :: Service
- Network.AWS.KMS.Types: lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
- Network.AWS.KMS.Types: lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
- Network.AWS.KMS.Types: lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
- Network.AWS.KMS.Types: listGrantsResponse :: ListGrantsResponse
- Network.AWS.KMS.Types: tag :: Text -> Text -> Tag
- Network.AWS.KMS.Types: tagTagKey :: Lens' Tag Text
- Network.AWS.KMS.Types: tagTagValue :: Lens' Tag Text
- Network.AWS.KMS.UntagResource: data UntagResource
- Network.AWS.KMS.UntagResource: data UntagResourceResponse
- Network.AWS.KMS.UntagResource: instance Control.DeepSeq.NFData Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance Control.DeepSeq.NFData Network.AWS.KMS.UntagResource.UntagResourceResponse
- Network.AWS.KMS.UntagResource: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance Data.Data.Data Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance Data.Data.Data Network.AWS.KMS.UntagResource.UntagResourceResponse
- Network.AWS.KMS.UntagResource: instance Data.Hashable.Class.Hashable Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance GHC.Classes.Eq Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance GHC.Classes.Eq Network.AWS.KMS.UntagResource.UntagResourceResponse
- Network.AWS.KMS.UntagResource: instance GHC.Generics.Generic Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance GHC.Generics.Generic Network.AWS.KMS.UntagResource.UntagResourceResponse
- Network.AWS.KMS.UntagResource: instance GHC.Read.Read Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance GHC.Read.Read Network.AWS.KMS.UntagResource.UntagResourceResponse
- Network.AWS.KMS.UntagResource: instance GHC.Show.Show Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance GHC.Show.Show Network.AWS.KMS.UntagResource.UntagResourceResponse
- Network.AWS.KMS.UntagResource: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.UntagResource.UntagResource
- Network.AWS.KMS.UntagResource: untagResource :: Text -> UntagResource
- Network.AWS.KMS.UntagResource: untagResourceResponse :: UntagResourceResponse
- Network.AWS.KMS.UntagResource: urKeyId :: Lens' UntagResource Text
- Network.AWS.KMS.UntagResource: urTagKeys :: Lens' UntagResource [Text]
- Network.AWS.KMS.UpdateAlias: data UpdateAlias
- Network.AWS.KMS.UpdateAlias: data UpdateAliasResponse
- Network.AWS.KMS.UpdateAlias: instance Control.DeepSeq.NFData Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance Control.DeepSeq.NFData Network.AWS.KMS.UpdateAlias.UpdateAliasResponse
- Network.AWS.KMS.UpdateAlias: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance Data.Data.Data Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance Data.Data.Data Network.AWS.KMS.UpdateAlias.UpdateAliasResponse
- Network.AWS.KMS.UpdateAlias: instance Data.Hashable.Class.Hashable Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance GHC.Classes.Eq Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance GHC.Classes.Eq Network.AWS.KMS.UpdateAlias.UpdateAliasResponse
- Network.AWS.KMS.UpdateAlias: instance GHC.Generics.Generic Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance GHC.Generics.Generic Network.AWS.KMS.UpdateAlias.UpdateAliasResponse
- Network.AWS.KMS.UpdateAlias: instance GHC.Read.Read Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance GHC.Read.Read Network.AWS.KMS.UpdateAlias.UpdateAliasResponse
- Network.AWS.KMS.UpdateAlias: instance GHC.Show.Show Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance GHC.Show.Show Network.AWS.KMS.UpdateAlias.UpdateAliasResponse
- Network.AWS.KMS.UpdateAlias: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.UpdateAlias.UpdateAlias
- Network.AWS.KMS.UpdateAlias: uaAliasName :: Lens' UpdateAlias Text
- Network.AWS.KMS.UpdateAlias: uaTargetKeyId :: Lens' UpdateAlias Text
- Network.AWS.KMS.UpdateAlias: updateAlias :: Text -> Text -> UpdateAlias
- Network.AWS.KMS.UpdateAlias: updateAliasResponse :: UpdateAliasResponse
- Network.AWS.KMS.UpdateKeyDescription: data UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: data UpdateKeyDescriptionResponse
- Network.AWS.KMS.UpdateKeyDescription: instance Control.DeepSeq.NFData Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance Control.DeepSeq.NFData Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
- Network.AWS.KMS.UpdateKeyDescription: instance Data.Aeson.Types.ToJSON.ToJSON Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance Data.Data.Data Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance Data.Data.Data Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
- Network.AWS.KMS.UpdateKeyDescription: instance Data.Hashable.Class.Hashable Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance GHC.Classes.Eq Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance GHC.Classes.Eq Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
- Network.AWS.KMS.UpdateKeyDescription: instance GHC.Generics.Generic Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance GHC.Generics.Generic Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
- Network.AWS.KMS.UpdateKeyDescription: instance GHC.Read.Read Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance GHC.Read.Read Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
- Network.AWS.KMS.UpdateKeyDescription: instance GHC.Show.Show Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance GHC.Show.Show Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
- Network.AWS.KMS.UpdateKeyDescription: instance Network.AWS.Data.Headers.ToHeaders Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance Network.AWS.Data.Path.ToPath Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance Network.AWS.Data.Query.ToQuery Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: instance Network.AWS.Types.AWSRequest Network.AWS.KMS.UpdateKeyDescription.UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: ukdDescription :: Lens' UpdateKeyDescription Text
- Network.AWS.KMS.UpdateKeyDescription: ukdKeyId :: Lens' UpdateKeyDescription Text
- Network.AWS.KMS.UpdateKeyDescription: updateKeyDescription :: Text -> Text -> UpdateKeyDescription
- Network.AWS.KMS.UpdateKeyDescription: updateKeyDescriptionResponse :: UpdateKeyDescriptionResponse
+ Amazonka.KMS: AlgorithmSpec' :: Text -> AlgorithmSpec
+ Amazonka.KMS: AliasListEntry' :: Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> AliasListEntry
+ Amazonka.KMS: CancelKeyDeletion' :: Text -> CancelKeyDeletion
+ Amazonka.KMS: CancelKeyDeletionResponse' :: Maybe Text -> Int -> CancelKeyDeletionResponse
+ Amazonka.KMS: ConnectCustomKeyStore' :: Text -> ConnectCustomKeyStore
+ Amazonka.KMS: ConnectCustomKeyStoreResponse' :: Int -> ConnectCustomKeyStoreResponse
+ Amazonka.KMS: ConnectionErrorCodeType' :: Text -> ConnectionErrorCodeType
+ Amazonka.KMS: ConnectionStateType' :: Text -> ConnectionStateType
+ Amazonka.KMS: CreateAlias' :: Text -> Text -> CreateAlias
+ Amazonka.KMS: CreateAliasResponse' :: CreateAliasResponse
+ Amazonka.KMS: CreateCustomKeyStore' :: Maybe Text -> Maybe CustomKeyStoreType -> Maybe (Sensitive Text) -> Maybe Text -> Maybe XksProxyAuthenticationCredentialType -> Maybe XksProxyConnectivityType -> Maybe Text -> Maybe Text -> Maybe Text -> Text -> CreateCustomKeyStore
+ Amazonka.KMS: CreateCustomKeyStoreResponse' :: Maybe Text -> Int -> CreateCustomKeyStoreResponse
+ Amazonka.KMS: CreateGrant' :: Maybe GrantConstraints -> Maybe [Text] -> Maybe Text -> Maybe Text -> Text -> Text -> [GrantOperation] -> CreateGrant
+ Amazonka.KMS: CreateGrantResponse' :: Maybe Text -> Maybe Text -> Int -> CreateGrantResponse
+ Amazonka.KMS: CreateKey' :: Maybe Bool -> Maybe Text -> Maybe CustomerMasterKeySpec -> Maybe Text -> Maybe KeySpec -> Maybe KeyUsageType -> Maybe Bool -> Maybe OriginType -> Maybe Text -> Maybe [Tag] -> Maybe Text -> CreateKey
+ Amazonka.KMS: CreateKeyResponse' :: Maybe KeyMetadata -> Int -> CreateKeyResponse
+ Amazonka.KMS: CustomKeyStoreType' :: Text -> CustomKeyStoreType
+ Amazonka.KMS: CustomKeyStoresListEntry' :: Maybe Text -> Maybe ConnectionErrorCodeType -> Maybe ConnectionStateType -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe CustomKeyStoreType -> Maybe Text -> Maybe XksProxyConfigurationType -> CustomKeyStoresListEntry
+ Amazonka.KMS: CustomerMasterKeySpec' :: Text -> CustomerMasterKeySpec
+ Amazonka.KMS: DataKeyPairSpec' :: Text -> DataKeyPairSpec
+ Amazonka.KMS: DataKeySpec' :: Text -> DataKeySpec
+ Amazonka.KMS: Decrypt' :: Maybe EncryptionAlgorithmSpec -> Maybe (HashMap Text Text) -> Maybe [Text] -> Maybe Text -> Base64 -> Decrypt
+ Amazonka.KMS: DecryptResponse' :: Maybe EncryptionAlgorithmSpec -> Maybe Text -> Maybe (Sensitive Base64) -> Int -> DecryptResponse
+ Amazonka.KMS: DeleteAlias' :: Text -> DeleteAlias
+ Amazonka.KMS: DeleteAliasResponse' :: DeleteAliasResponse
+ Amazonka.KMS: DeleteCustomKeyStore' :: Text -> DeleteCustomKeyStore
+ Amazonka.KMS: DeleteCustomKeyStoreResponse' :: Int -> DeleteCustomKeyStoreResponse
+ Amazonka.KMS: DeleteImportedKeyMaterial' :: Text -> DeleteImportedKeyMaterial
+ Amazonka.KMS: DeleteImportedKeyMaterialResponse' :: DeleteImportedKeyMaterialResponse
+ Amazonka.KMS: DescribeCustomKeyStores' :: Maybe Text -> Maybe Text -> Maybe Natural -> Maybe Text -> DescribeCustomKeyStores
+ Amazonka.KMS: DescribeCustomKeyStoresResponse' :: Maybe [CustomKeyStoresListEntry] -> Maybe Text -> Maybe Bool -> Int -> DescribeCustomKeyStoresResponse
+ Amazonka.KMS: DescribeKey' :: Maybe [Text] -> Text -> DescribeKey
+ Amazonka.KMS: DescribeKeyResponse' :: Maybe KeyMetadata -> Int -> DescribeKeyResponse
+ Amazonka.KMS: DisableKey' :: Text -> DisableKey
+ Amazonka.KMS: DisableKeyResponse' :: DisableKeyResponse
+ Amazonka.KMS: DisableKeyRotation' :: Text -> DisableKeyRotation
+ Amazonka.KMS: DisableKeyRotationResponse' :: DisableKeyRotationResponse
+ Amazonka.KMS: DisconnectCustomKeyStore' :: Text -> DisconnectCustomKeyStore
+ Amazonka.KMS: DisconnectCustomKeyStoreResponse' :: Int -> DisconnectCustomKeyStoreResponse
+ Amazonka.KMS: EnableKey' :: Text -> EnableKey
+ Amazonka.KMS: EnableKeyResponse' :: EnableKeyResponse
+ Amazonka.KMS: EnableKeyRotation' :: Text -> EnableKeyRotation
+ Amazonka.KMS: EnableKeyRotationResponse' :: EnableKeyRotationResponse
+ Amazonka.KMS: Encrypt' :: Maybe EncryptionAlgorithmSpec -> Maybe (HashMap Text Text) -> Maybe [Text] -> Text -> Sensitive Base64 -> Encrypt
+ Amazonka.KMS: EncryptResponse' :: Maybe Base64 -> Maybe EncryptionAlgorithmSpec -> Maybe Text -> Int -> EncryptResponse
+ Amazonka.KMS: EncryptionAlgorithmSpec' :: Text -> EncryptionAlgorithmSpec
+ Amazonka.KMS: ExpirationModelType' :: Text -> ExpirationModelType
+ Amazonka.KMS: GenerateDataKey' :: Maybe (HashMap Text Text) -> Maybe [Text] -> Maybe DataKeySpec -> Maybe Natural -> Text -> GenerateDataKey
+ Amazonka.KMS: GenerateDataKeyPair' :: Maybe (HashMap Text Text) -> Maybe [Text] -> Text -> DataKeyPairSpec -> GenerateDataKeyPair
+ Amazonka.KMS: GenerateDataKeyPairResponse' :: Maybe Text -> Maybe DataKeyPairSpec -> Maybe Base64 -> Maybe (Sensitive Base64) -> Maybe Base64 -> Int -> GenerateDataKeyPairResponse
+ Amazonka.KMS: GenerateDataKeyPairWithoutPlaintext' :: Maybe (HashMap Text Text) -> Maybe [Text] -> Text -> DataKeyPairSpec -> GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS: GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe Text -> Maybe DataKeyPairSpec -> Maybe Base64 -> Maybe Base64 -> Int -> GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS: GenerateDataKeyResponse' :: Int -> Text -> Sensitive Base64 -> Base64 -> GenerateDataKeyResponse
+ Amazonka.KMS: GenerateDataKeyWithoutPlaintext' :: Maybe (HashMap Text Text) -> Maybe [Text] -> Maybe DataKeySpec -> Maybe Natural -> Text -> GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS: GenerateDataKeyWithoutPlaintextResponse' :: Maybe Base64 -> Maybe Text -> Int -> GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS: GenerateMac' :: Maybe [Text] -> Sensitive Base64 -> Text -> MacAlgorithmSpec -> GenerateMac
+ Amazonka.KMS: GenerateMacResponse' :: Maybe Text -> Maybe Base64 -> Maybe MacAlgorithmSpec -> Int -> GenerateMacResponse
+ Amazonka.KMS: GenerateRandom' :: Maybe Text -> Maybe Natural -> GenerateRandom
+ Amazonka.KMS: GenerateRandomResponse' :: Maybe (Sensitive Base64) -> Int -> GenerateRandomResponse
+ Amazonka.KMS: GetKeyPolicy' :: Text -> Text -> GetKeyPolicy
+ Amazonka.KMS: GetKeyPolicyResponse' :: Maybe Text -> Int -> GetKeyPolicyResponse
+ Amazonka.KMS: GetKeyRotationStatus' :: Text -> GetKeyRotationStatus
+ Amazonka.KMS: GetKeyRotationStatusResponse' :: Maybe Bool -> Int -> GetKeyRotationStatusResponse
+ Amazonka.KMS: GetParametersForImport' :: Text -> AlgorithmSpec -> WrappingKeySpec -> GetParametersForImport
+ Amazonka.KMS: GetParametersForImportResponse' :: Maybe Base64 -> Maybe Text -> Maybe POSIX -> Maybe (Sensitive Base64) -> Int -> GetParametersForImportResponse
+ Amazonka.KMS: GetPublicKey' :: Maybe [Text] -> Text -> GetPublicKey
+ Amazonka.KMS: GetPublicKeyResponse' :: Maybe CustomerMasterKeySpec -> Maybe [EncryptionAlgorithmSpec] -> Maybe Text -> Maybe KeySpec -> Maybe KeyUsageType -> Maybe Base64 -> Maybe [SigningAlgorithmSpec] -> Int -> GetPublicKeyResponse
+ Amazonka.KMS: GrantConstraints' :: Maybe (HashMap Text Text) -> Maybe (HashMap Text Text) -> GrantConstraints
+ Amazonka.KMS: GrantListEntry' :: Maybe GrantConstraints -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe [GrantOperation] -> Maybe Text -> GrantListEntry
+ Amazonka.KMS: GrantOperation' :: Text -> GrantOperation
+ Amazonka.KMS: ImportKeyMaterial' :: Maybe ExpirationModelType -> Maybe POSIX -> Text -> Base64 -> Base64 -> ImportKeyMaterial
+ Amazonka.KMS: ImportKeyMaterialResponse' :: Int -> ImportKeyMaterialResponse
+ Amazonka.KMS: KeyListEntry' :: Maybe Text -> Maybe Text -> KeyListEntry
+ Amazonka.KMS: KeyManagerType' :: Text -> KeyManagerType
+ Amazonka.KMS: KeyMetadata' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe CustomerMasterKeySpec -> Maybe POSIX -> Maybe Text -> Maybe Bool -> Maybe [EncryptionAlgorithmSpec] -> Maybe ExpirationModelType -> Maybe KeyManagerType -> Maybe KeySpec -> Maybe KeyState -> Maybe KeyUsageType -> Maybe [MacAlgorithmSpec] -> Maybe Bool -> Maybe MultiRegionConfiguration -> Maybe OriginType -> Maybe Natural -> Maybe [SigningAlgorithmSpec] -> Maybe POSIX -> Maybe XksKeyConfigurationType -> Text -> KeyMetadata
+ Amazonka.KMS: KeySpec' :: Text -> KeySpec
+ Amazonka.KMS: KeyState' :: Text -> KeyState
+ Amazonka.KMS: KeyUsageType' :: Text -> KeyUsageType
+ Amazonka.KMS: ListAliases' :: Maybe Text -> Maybe Natural -> Maybe Text -> ListAliases
+ Amazonka.KMS: ListAliasesResponse' :: Maybe [AliasListEntry] -> Maybe Text -> Maybe Bool -> Int -> ListAliasesResponse
+ Amazonka.KMS: ListGrants' :: Maybe Text -> Maybe Text -> Maybe Natural -> Maybe Text -> Text -> ListGrants
+ Amazonka.KMS: ListGrantsResponse' :: Maybe [GrantListEntry] -> Maybe Text -> Maybe Bool -> ListGrantsResponse
+ Amazonka.KMS: ListKeyPolicies' :: Maybe Natural -> Maybe Text -> Text -> ListKeyPolicies
+ Amazonka.KMS: ListKeyPoliciesResponse' :: Maybe Text -> Maybe [Text] -> Maybe Bool -> Int -> ListKeyPoliciesResponse
+ Amazonka.KMS: ListKeys' :: Maybe Natural -> Maybe Text -> ListKeys
+ Amazonka.KMS: ListKeysResponse' :: Maybe [KeyListEntry] -> Maybe Text -> Maybe Bool -> Int -> ListKeysResponse
+ Amazonka.KMS: ListResourceTags' :: Maybe Natural -> Maybe Text -> Text -> ListResourceTags
+ Amazonka.KMS: ListResourceTagsResponse' :: Maybe Text -> Maybe [Tag] -> Maybe Bool -> Int -> ListResourceTagsResponse
+ Amazonka.KMS: ListRetirableGrants' :: Maybe Natural -> Maybe Text -> Text -> ListRetirableGrants
+ Amazonka.KMS: MacAlgorithmSpec' :: Text -> MacAlgorithmSpec
+ Amazonka.KMS: MessageType' :: Text -> MessageType
+ Amazonka.KMS: MultiRegionConfiguration' :: Maybe MultiRegionKeyType -> Maybe MultiRegionKey -> Maybe [MultiRegionKey] -> MultiRegionConfiguration
+ Amazonka.KMS: MultiRegionKey' :: Maybe Text -> Maybe Text -> MultiRegionKey
+ Amazonka.KMS: MultiRegionKeyType' :: Text -> MultiRegionKeyType
+ Amazonka.KMS: OriginType' :: Text -> OriginType
+ Amazonka.KMS: PutKeyPolicy' :: Maybe Bool -> Text -> Text -> Text -> PutKeyPolicy
+ Amazonka.KMS: PutKeyPolicyResponse' :: PutKeyPolicyResponse
+ Amazonka.KMS: ReEncrypt' :: Maybe EncryptionAlgorithmSpec -> Maybe (HashMap Text Text) -> Maybe [Text] -> Maybe EncryptionAlgorithmSpec -> Maybe (HashMap Text Text) -> Maybe Text -> Base64 -> Text -> ReEncrypt
+ Amazonka.KMS: ReEncryptResponse' :: Maybe Base64 -> Maybe EncryptionAlgorithmSpec -> Maybe Text -> Maybe EncryptionAlgorithmSpec -> Maybe Text -> Int -> ReEncryptResponse
+ Amazonka.KMS: ReplicateKey' :: Maybe Bool -> Maybe Text -> Maybe Text -> Maybe [Tag] -> Text -> Text -> ReplicateKey
+ Amazonka.KMS: ReplicateKeyResponse' :: Maybe KeyMetadata -> Maybe Text -> Maybe [Tag] -> Int -> ReplicateKeyResponse
+ Amazonka.KMS: RetireGrant' :: Maybe Text -> Maybe Text -> Maybe Text -> RetireGrant
+ Amazonka.KMS: RetireGrantResponse' :: RetireGrantResponse
+ Amazonka.KMS: RevokeGrant' :: Text -> Text -> RevokeGrant
+ Amazonka.KMS: RevokeGrantResponse' :: RevokeGrantResponse
+ Amazonka.KMS: ScheduleKeyDeletion' :: Maybe Natural -> Text -> ScheduleKeyDeletion
+ Amazonka.KMS: ScheduleKeyDeletionResponse' :: Maybe POSIX -> Maybe Text -> Maybe KeyState -> Maybe Natural -> Int -> ScheduleKeyDeletionResponse
+ Amazonka.KMS: Sign' :: Maybe [Text] -> Maybe MessageType -> Text -> Sensitive Base64 -> SigningAlgorithmSpec -> Sign
+ Amazonka.KMS: SignResponse' :: Maybe Text -> Maybe Base64 -> Maybe SigningAlgorithmSpec -> Int -> SignResponse
+ Amazonka.KMS: SigningAlgorithmSpec' :: Text -> SigningAlgorithmSpec
+ Amazonka.KMS: Tag' :: Text -> Text -> Tag
+ Amazonka.KMS: TagResource' :: Text -> [Tag] -> TagResource
+ Amazonka.KMS: TagResourceResponse' :: TagResourceResponse
+ Amazonka.KMS: UntagResource' :: Text -> [Text] -> UntagResource
+ Amazonka.KMS: UntagResourceResponse' :: UntagResourceResponse
+ Amazonka.KMS: UpdateAlias' :: Text -> Text -> UpdateAlias
+ Amazonka.KMS: UpdateAliasResponse' :: UpdateAliasResponse
+ Amazonka.KMS: UpdateCustomKeyStore' :: Maybe Text -> Maybe (Sensitive Text) -> Maybe Text -> Maybe XksProxyAuthenticationCredentialType -> Maybe XksProxyConnectivityType -> Maybe Text -> Maybe Text -> Maybe Text -> Text -> UpdateCustomKeyStore
+ Amazonka.KMS: UpdateCustomKeyStoreResponse' :: Int -> UpdateCustomKeyStoreResponse
+ Amazonka.KMS: UpdateKeyDescription' :: Text -> Text -> UpdateKeyDescription
+ Amazonka.KMS: UpdateKeyDescriptionResponse' :: UpdateKeyDescriptionResponse
+ Amazonka.KMS: UpdatePrimaryRegion' :: Text -> Text -> UpdatePrimaryRegion
+ Amazonka.KMS: UpdatePrimaryRegionResponse' :: UpdatePrimaryRegionResponse
+ Amazonka.KMS: Verify' :: Maybe [Text] -> Maybe MessageType -> Text -> Sensitive Base64 -> Base64 -> SigningAlgorithmSpec -> Verify
+ Amazonka.KMS: VerifyMac' :: Maybe [Text] -> Sensitive Base64 -> Text -> MacAlgorithmSpec -> Base64 -> VerifyMac
+ Amazonka.KMS: VerifyMacResponse' :: Maybe Text -> Maybe MacAlgorithmSpec -> Maybe Bool -> Int -> VerifyMacResponse
+ Amazonka.KMS: VerifyResponse' :: Maybe Text -> Maybe Bool -> Maybe SigningAlgorithmSpec -> Int -> VerifyResponse
+ Amazonka.KMS: WrappingKeySpec' :: Text -> WrappingKeySpec
+ Amazonka.KMS: XksKeyConfigurationType' :: Maybe Text -> XksKeyConfigurationType
+ Amazonka.KMS: XksProxyAuthenticationCredentialType' :: Sensitive Text -> Sensitive Text -> XksProxyAuthenticationCredentialType
+ Amazonka.KMS: XksProxyConfigurationType' :: Maybe (Sensitive Text) -> Maybe XksProxyConnectivityType -> Maybe Text -> Maybe Text -> Maybe Text -> XksProxyConfigurationType
+ Amazonka.KMS: XksProxyConnectivityType' :: Text -> XksProxyConnectivityType
+ Amazonka.KMS: [fromAlgorithmSpec] :: AlgorithmSpec -> Text
+ Amazonka.KMS: [fromConnectionErrorCodeType] :: ConnectionErrorCodeType -> Text
+ Amazonka.KMS: [fromConnectionStateType] :: ConnectionStateType -> Text
+ Amazonka.KMS: [fromCustomKeyStoreType] :: CustomKeyStoreType -> Text
+ Amazonka.KMS: [fromCustomerMasterKeySpec] :: CustomerMasterKeySpec -> Text
+ Amazonka.KMS: [fromDataKeyPairSpec] :: DataKeyPairSpec -> Text
+ Amazonka.KMS: [fromDataKeySpec] :: DataKeySpec -> Text
+ Amazonka.KMS: [fromEncryptionAlgorithmSpec] :: EncryptionAlgorithmSpec -> Text
+ Amazonka.KMS: [fromExpirationModelType] :: ExpirationModelType -> Text
+ Amazonka.KMS: [fromGrantOperation] :: GrantOperation -> Text
+ Amazonka.KMS: [fromKeyManagerType] :: KeyManagerType -> Text
+ Amazonka.KMS: [fromKeySpec] :: KeySpec -> Text
+ Amazonka.KMS: [fromKeyState] :: KeyState -> Text
+ Amazonka.KMS: [fromKeyUsageType] :: KeyUsageType -> Text
+ Amazonka.KMS: [fromMacAlgorithmSpec] :: MacAlgorithmSpec -> Text
+ Amazonka.KMS: [fromMessageType] :: MessageType -> Text
+ Amazonka.KMS: [fromMultiRegionKeyType] :: MultiRegionKeyType -> Text
+ Amazonka.KMS: [fromOriginType] :: OriginType -> Text
+ Amazonka.KMS: [fromSigningAlgorithmSpec] :: SigningAlgorithmSpec -> Text
+ Amazonka.KMS: [fromWrappingKeySpec] :: WrappingKeySpec -> Text
+ Amazonka.KMS: [fromXksProxyConnectivityType] :: XksProxyConnectivityType -> Text
+ Amazonka.KMS: _AlreadyExistsException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _CloudHsmClusterInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _CloudHsmClusterInvalidConfigurationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _CloudHsmClusterNotActiveException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _CloudHsmClusterNotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _CloudHsmClusterNotRelatedException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _CustomKeyStoreHasCMKsException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _CustomKeyStoreInvalidStateException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _CustomKeyStoreNameInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _CustomKeyStoreNotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _DependencyTimeoutException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _DisabledException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _ExpiredImportTokenException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _IncorrectKeyException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _IncorrectKeyMaterialException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _IncorrectTrustAnchorException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _InvalidAliasNameException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _InvalidArnException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _InvalidCiphertextException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _InvalidGrantIdException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _InvalidGrantTokenException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _InvalidImportTokenException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _InvalidKeyUsageException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _InvalidMarkerException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _KMSInternalException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _KMSInvalidMacException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _KMSInvalidSignatureException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _KMSInvalidStateException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _KeyUnavailableException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _LimitExceededException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _MalformedPolicyDocumentException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _NotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _TagException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _UnsupportedOperationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksKeyAlreadyInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksKeyInvalidConfigurationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksKeyNotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksProxyIncorrectAuthenticationCredentialException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksProxyInvalidConfigurationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksProxyInvalidResponseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksProxyUriEndpointInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksProxyUriInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksProxyUriUnreachableException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksProxyVpcEndpointServiceInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksProxyVpcEndpointServiceInvalidConfigurationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: _XksProxyVpcEndpointServiceNotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS: data AliasListEntry
+ Amazonka.KMS: data CancelKeyDeletion
+ Amazonka.KMS: data CancelKeyDeletionResponse
+ Amazonka.KMS: data ConnectCustomKeyStore
+ Amazonka.KMS: data ConnectCustomKeyStoreResponse
+ Amazonka.KMS: data CreateAlias
+ Amazonka.KMS: data CreateAliasResponse
+ Amazonka.KMS: data CreateCustomKeyStore
+ Amazonka.KMS: data CreateCustomKeyStoreResponse
+ Amazonka.KMS: data CreateGrant
+ Amazonka.KMS: data CreateGrantResponse
+ Amazonka.KMS: data CreateKey
+ Amazonka.KMS: data CreateKeyResponse
+ Amazonka.KMS: data CustomKeyStoresListEntry
+ Amazonka.KMS: data Decrypt
+ Amazonka.KMS: data DecryptResponse
+ Amazonka.KMS: data DeleteAlias
+ Amazonka.KMS: data DeleteAliasResponse
+ Amazonka.KMS: data DeleteCustomKeyStore
+ Amazonka.KMS: data DeleteCustomKeyStoreResponse
+ Amazonka.KMS: data DeleteImportedKeyMaterial
+ Amazonka.KMS: data DeleteImportedKeyMaterialResponse
+ Amazonka.KMS: data DescribeCustomKeyStores
+ Amazonka.KMS: data DescribeCustomKeyStoresResponse
+ Amazonka.KMS: data DescribeKey
+ Amazonka.KMS: data DescribeKeyResponse
+ Amazonka.KMS: data DisableKey
+ Amazonka.KMS: data DisableKeyResponse
+ Amazonka.KMS: data DisableKeyRotation
+ Amazonka.KMS: data DisableKeyRotationResponse
+ Amazonka.KMS: data DisconnectCustomKeyStore
+ Amazonka.KMS: data DisconnectCustomKeyStoreResponse
+ Amazonka.KMS: data EnableKey
+ Amazonka.KMS: data EnableKeyResponse
+ Amazonka.KMS: data EnableKeyRotation
+ Amazonka.KMS: data EnableKeyRotationResponse
+ Amazonka.KMS: data Encrypt
+ Amazonka.KMS: data EncryptResponse
+ Amazonka.KMS: data GenerateDataKey
+ Amazonka.KMS: data GenerateDataKeyPair
+ Amazonka.KMS: data GenerateDataKeyPairResponse
+ Amazonka.KMS: data GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS: data GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS: data GenerateDataKeyResponse
+ Amazonka.KMS: data GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS: data GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS: data GenerateMac
+ Amazonka.KMS: data GenerateMacResponse
+ Amazonka.KMS: data GenerateRandom
+ Amazonka.KMS: data GenerateRandomResponse
+ Amazonka.KMS: data GetKeyPolicy
+ Amazonka.KMS: data GetKeyPolicyResponse
+ Amazonka.KMS: data GetKeyRotationStatus
+ Amazonka.KMS: data GetKeyRotationStatusResponse
+ Amazonka.KMS: data GetParametersForImport
+ Amazonka.KMS: data GetParametersForImportResponse
+ Amazonka.KMS: data GetPublicKey
+ Amazonka.KMS: data GetPublicKeyResponse
+ Amazonka.KMS: data GrantConstraints
+ Amazonka.KMS: data GrantListEntry
+ Amazonka.KMS: data ImportKeyMaterial
+ Amazonka.KMS: data ImportKeyMaterialResponse
+ Amazonka.KMS: data KeyListEntry
+ Amazonka.KMS: data KeyMetadata
+ Amazonka.KMS: data ListAliases
+ Amazonka.KMS: data ListAliasesResponse
+ Amazonka.KMS: data ListGrants
+ Amazonka.KMS: data ListGrantsResponse
+ Amazonka.KMS: data ListKeyPolicies
+ Amazonka.KMS: data ListKeyPoliciesResponse
+ Amazonka.KMS: data ListKeys
+ Amazonka.KMS: data ListKeysResponse
+ Amazonka.KMS: data ListResourceTags
+ Amazonka.KMS: data ListResourceTagsResponse
+ Amazonka.KMS: data ListRetirableGrants
+ Amazonka.KMS: data MultiRegionConfiguration
+ Amazonka.KMS: data MultiRegionKey
+ Amazonka.KMS: data PutKeyPolicy
+ Amazonka.KMS: data PutKeyPolicyResponse
+ Amazonka.KMS: data ReEncrypt
+ Amazonka.KMS: data ReEncryptResponse
+ Amazonka.KMS: data ReplicateKey
+ Amazonka.KMS: data ReplicateKeyResponse
+ Amazonka.KMS: data RetireGrant
+ Amazonka.KMS: data RetireGrantResponse
+ Amazonka.KMS: data RevokeGrant
+ Amazonka.KMS: data RevokeGrantResponse
+ Amazonka.KMS: data ScheduleKeyDeletion
+ Amazonka.KMS: data ScheduleKeyDeletionResponse
+ Amazonka.KMS: data Sign
+ Amazonka.KMS: data SignResponse
+ Amazonka.KMS: data Tag
+ Amazonka.KMS: data TagResource
+ Amazonka.KMS: data TagResourceResponse
+ Amazonka.KMS: data UntagResource
+ Amazonka.KMS: data UntagResourceResponse
+ Amazonka.KMS: data UpdateAlias
+ Amazonka.KMS: data UpdateAliasResponse
+ Amazonka.KMS: data UpdateCustomKeyStore
+ Amazonka.KMS: data UpdateCustomKeyStoreResponse
+ Amazonka.KMS: data UpdateKeyDescription
+ Amazonka.KMS: data UpdateKeyDescriptionResponse
+ Amazonka.KMS: data UpdatePrimaryRegion
+ Amazonka.KMS: data UpdatePrimaryRegionResponse
+ Amazonka.KMS: data Verify
+ Amazonka.KMS: data VerifyMac
+ Amazonka.KMS: data VerifyMacResponse
+ Amazonka.KMS: data VerifyResponse
+ Amazonka.KMS: data XksKeyConfigurationType
+ Amazonka.KMS: data XksProxyAuthenticationCredentialType
+ Amazonka.KMS: data XksProxyConfigurationType
+ Amazonka.KMS: defaultService :: Service
+ Amazonka.KMS: newAliasListEntry :: AliasListEntry
+ Amazonka.KMS: newCancelKeyDeletion :: Text -> CancelKeyDeletion
+ Amazonka.KMS: newCancelKeyDeletionResponse :: Int -> CancelKeyDeletionResponse
+ Amazonka.KMS: newConnectCustomKeyStore :: Text -> ConnectCustomKeyStore
+ Amazonka.KMS: newConnectCustomKeyStoreResponse :: Int -> ConnectCustomKeyStoreResponse
+ Amazonka.KMS: newCreateAlias :: Text -> Text -> CreateAlias
+ Amazonka.KMS: newCreateAliasResponse :: CreateAliasResponse
+ Amazonka.KMS: newCreateCustomKeyStore :: Text -> CreateCustomKeyStore
+ Amazonka.KMS: newCreateCustomKeyStoreResponse :: Int -> CreateCustomKeyStoreResponse
+ Amazonka.KMS: newCreateGrant :: Text -> Text -> CreateGrant
+ Amazonka.KMS: newCreateGrantResponse :: Int -> CreateGrantResponse
+ Amazonka.KMS: newCreateKey :: CreateKey
+ Amazonka.KMS: newCreateKeyResponse :: Int -> CreateKeyResponse
+ Amazonka.KMS: newCustomKeyStoresListEntry :: CustomKeyStoresListEntry
+ Amazonka.KMS: newDecrypt :: ByteString -> Decrypt
+ Amazonka.KMS: newDecryptResponse :: Int -> DecryptResponse
+ Amazonka.KMS: newDeleteAlias :: Text -> DeleteAlias
+ Amazonka.KMS: newDeleteAliasResponse :: DeleteAliasResponse
+ Amazonka.KMS: newDeleteCustomKeyStore :: Text -> DeleteCustomKeyStore
+ Amazonka.KMS: newDeleteCustomKeyStoreResponse :: Int -> DeleteCustomKeyStoreResponse
+ Amazonka.KMS: newDeleteImportedKeyMaterial :: Text -> DeleteImportedKeyMaterial
+ Amazonka.KMS: newDeleteImportedKeyMaterialResponse :: DeleteImportedKeyMaterialResponse
+ Amazonka.KMS: newDescribeCustomKeyStores :: DescribeCustomKeyStores
+ Amazonka.KMS: newDescribeCustomKeyStoresResponse :: Int -> DescribeCustomKeyStoresResponse
+ Amazonka.KMS: newDescribeKey :: Text -> DescribeKey
+ Amazonka.KMS: newDescribeKeyResponse :: Int -> DescribeKeyResponse
+ Amazonka.KMS: newDisableKey :: Text -> DisableKey
+ Amazonka.KMS: newDisableKeyResponse :: DisableKeyResponse
+ Amazonka.KMS: newDisableKeyRotation :: Text -> DisableKeyRotation
+ Amazonka.KMS: newDisableKeyRotationResponse :: DisableKeyRotationResponse
+ Amazonka.KMS: newDisconnectCustomKeyStore :: Text -> DisconnectCustomKeyStore
+ Amazonka.KMS: newDisconnectCustomKeyStoreResponse :: Int -> DisconnectCustomKeyStoreResponse
+ Amazonka.KMS: newEnableKey :: Text -> EnableKey
+ Amazonka.KMS: newEnableKeyResponse :: EnableKeyResponse
+ Amazonka.KMS: newEnableKeyRotation :: Text -> EnableKeyRotation
+ Amazonka.KMS: newEnableKeyRotationResponse :: EnableKeyRotationResponse
+ Amazonka.KMS: newEncrypt :: Text -> ByteString -> Encrypt
+ Amazonka.KMS: newEncryptResponse :: Int -> EncryptResponse
+ Amazonka.KMS: newGenerateDataKey :: Text -> GenerateDataKey
+ Amazonka.KMS: newGenerateDataKeyPair :: Text -> DataKeyPairSpec -> GenerateDataKeyPair
+ Amazonka.KMS: newGenerateDataKeyPairResponse :: Int -> GenerateDataKeyPairResponse
+ Amazonka.KMS: newGenerateDataKeyPairWithoutPlaintext :: Text -> DataKeyPairSpec -> GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS: newGenerateDataKeyPairWithoutPlaintextResponse :: Int -> GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS: newGenerateDataKeyResponse :: Int -> Text -> ByteString -> ByteString -> GenerateDataKeyResponse
+ Amazonka.KMS: newGenerateDataKeyWithoutPlaintext :: Text -> GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS: newGenerateDataKeyWithoutPlaintextResponse :: Int -> GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS: newGenerateMac :: ByteString -> Text -> MacAlgorithmSpec -> GenerateMac
+ Amazonka.KMS: newGenerateMacResponse :: Int -> GenerateMacResponse
+ Amazonka.KMS: newGenerateRandom :: GenerateRandom
+ Amazonka.KMS: newGenerateRandomResponse :: Int -> GenerateRandomResponse
+ Amazonka.KMS: newGetKeyPolicy :: Text -> Text -> GetKeyPolicy
+ Amazonka.KMS: newGetKeyPolicyResponse :: Int -> GetKeyPolicyResponse
+ Amazonka.KMS: newGetKeyRotationStatus :: Text -> GetKeyRotationStatus
+ Amazonka.KMS: newGetKeyRotationStatusResponse :: Int -> GetKeyRotationStatusResponse
+ Amazonka.KMS: newGetParametersForImport :: Text -> AlgorithmSpec -> WrappingKeySpec -> GetParametersForImport
+ Amazonka.KMS: newGetParametersForImportResponse :: Int -> GetParametersForImportResponse
+ Amazonka.KMS: newGetPublicKey :: Text -> GetPublicKey
+ Amazonka.KMS: newGetPublicKeyResponse :: Int -> GetPublicKeyResponse
+ Amazonka.KMS: newGrantConstraints :: GrantConstraints
+ Amazonka.KMS: newGrantListEntry :: GrantListEntry
+ Amazonka.KMS: newImportKeyMaterial :: Text -> ByteString -> ByteString -> ImportKeyMaterial
+ Amazonka.KMS: newImportKeyMaterialResponse :: Int -> ImportKeyMaterialResponse
+ Amazonka.KMS: newKeyListEntry :: KeyListEntry
+ Amazonka.KMS: newKeyMetadata :: Text -> KeyMetadata
+ Amazonka.KMS: newListAliases :: ListAliases
+ Amazonka.KMS: newListAliasesResponse :: Int -> ListAliasesResponse
+ Amazonka.KMS: newListGrants :: Text -> ListGrants
+ Amazonka.KMS: newListGrantsResponse :: ListGrantsResponse
+ Amazonka.KMS: newListKeyPolicies :: Text -> ListKeyPolicies
+ Amazonka.KMS: newListKeyPoliciesResponse :: Int -> ListKeyPoliciesResponse
+ Amazonka.KMS: newListKeys :: ListKeys
+ Amazonka.KMS: newListKeysResponse :: Int -> ListKeysResponse
+ Amazonka.KMS: newListResourceTags :: Text -> ListResourceTags
+ Amazonka.KMS: newListResourceTagsResponse :: Int -> ListResourceTagsResponse
+ Amazonka.KMS: newListRetirableGrants :: Text -> ListRetirableGrants
+ Amazonka.KMS: newMultiRegionConfiguration :: MultiRegionConfiguration
+ Amazonka.KMS: newMultiRegionKey :: MultiRegionKey
+ Amazonka.KMS: newPutKeyPolicy :: Text -> Text -> Text -> PutKeyPolicy
+ Amazonka.KMS: newPutKeyPolicyResponse :: PutKeyPolicyResponse
+ Amazonka.KMS: newReEncrypt :: ByteString -> Text -> ReEncrypt
+ Amazonka.KMS: newReEncryptResponse :: Int -> ReEncryptResponse
+ Amazonka.KMS: newReplicateKey :: Text -> Text -> ReplicateKey
+ Amazonka.KMS: newReplicateKeyResponse :: Int -> ReplicateKeyResponse
+ Amazonka.KMS: newRetireGrant :: RetireGrant
+ Amazonka.KMS: newRetireGrantResponse :: RetireGrantResponse
+ Amazonka.KMS: newRevokeGrant :: Text -> Text -> RevokeGrant
+ Amazonka.KMS: newRevokeGrantResponse :: RevokeGrantResponse
+ Amazonka.KMS: newScheduleKeyDeletion :: Text -> ScheduleKeyDeletion
+ Amazonka.KMS: newScheduleKeyDeletionResponse :: Int -> ScheduleKeyDeletionResponse
+ Amazonka.KMS: newSign :: Text -> ByteString -> SigningAlgorithmSpec -> Sign
+ Amazonka.KMS: newSignResponse :: Int -> SignResponse
+ Amazonka.KMS: newTag :: Text -> Text -> Tag
+ Amazonka.KMS: newTagResource :: Text -> TagResource
+ Amazonka.KMS: newTagResourceResponse :: TagResourceResponse
+ Amazonka.KMS: newUntagResource :: Text -> UntagResource
+ Amazonka.KMS: newUntagResourceResponse :: UntagResourceResponse
+ Amazonka.KMS: newUpdateAlias :: Text -> Text -> UpdateAlias
+ Amazonka.KMS: newUpdateAliasResponse :: UpdateAliasResponse
+ Amazonka.KMS: newUpdateCustomKeyStore :: Text -> UpdateCustomKeyStore
+ Amazonka.KMS: newUpdateCustomKeyStoreResponse :: Int -> UpdateCustomKeyStoreResponse
+ Amazonka.KMS: newUpdateKeyDescription :: Text -> Text -> UpdateKeyDescription
+ Amazonka.KMS: newUpdateKeyDescriptionResponse :: UpdateKeyDescriptionResponse
+ Amazonka.KMS: newUpdatePrimaryRegion :: Text -> Text -> UpdatePrimaryRegion
+ Amazonka.KMS: newUpdatePrimaryRegionResponse :: UpdatePrimaryRegionResponse
+ Amazonka.KMS: newVerify :: Text -> ByteString -> ByteString -> SigningAlgorithmSpec -> Verify
+ Amazonka.KMS: newVerifyMac :: ByteString -> Text -> MacAlgorithmSpec -> ByteString -> VerifyMac
+ Amazonka.KMS: newVerifyMacResponse :: Int -> VerifyMacResponse
+ Amazonka.KMS: newVerifyResponse :: Int -> VerifyResponse
+ Amazonka.KMS: newXksKeyConfigurationType :: XksKeyConfigurationType
+ Amazonka.KMS: newXksProxyAuthenticationCredentialType :: Text -> Text -> XksProxyAuthenticationCredentialType
+ Amazonka.KMS: newXksProxyConfigurationType :: XksProxyConfigurationType
+ Amazonka.KMS: newtype AlgorithmSpec
+ Amazonka.KMS: newtype ConnectionErrorCodeType
+ Amazonka.KMS: newtype ConnectionStateType
+ Amazonka.KMS: newtype CustomKeyStoreType
+ Amazonka.KMS: newtype CustomerMasterKeySpec
+ Amazonka.KMS: newtype DataKeyPairSpec
+ Amazonka.KMS: newtype DataKeySpec
+ Amazonka.KMS: newtype EncryptionAlgorithmSpec
+ Amazonka.KMS: newtype ExpirationModelType
+ Amazonka.KMS: newtype GrantOperation
+ Amazonka.KMS: newtype KeyManagerType
+ Amazonka.KMS: newtype KeySpec
+ Amazonka.KMS: newtype KeyState
+ Amazonka.KMS: newtype KeyUsageType
+ Amazonka.KMS: newtype MacAlgorithmSpec
+ Amazonka.KMS: newtype MessageType
+ Amazonka.KMS: newtype MultiRegionKeyType
+ Amazonka.KMS: newtype OriginType
+ Amazonka.KMS: newtype SigningAlgorithmSpec
+ Amazonka.KMS: newtype WrappingKeySpec
+ Amazonka.KMS: newtype XksProxyConnectivityType
+ Amazonka.KMS: pattern AlgorithmSpec_RSAES_OAEP_SHA_1 :: AlgorithmSpec
+ Amazonka.KMS: pattern AlgorithmSpec_RSAES_OAEP_SHA_256 :: AlgorithmSpec
+ Amazonka.KMS: pattern AlgorithmSpec_RSAES_PKCS1_V1_5 :: AlgorithmSpec
+ Amazonka.KMS: pattern ConnectionErrorCodeType_CLUSTER_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_INTERNAL_ERROR :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_INVALID_CREDENTIALS :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_NETWORK_ERRORS :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_SUBNET_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_USER_LOCKED_OUT :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_USER_LOGGED_IN :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_USER_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_XKS_PROXY_ACCESS_DENIED :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_CONFIGURATION :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_RESPONSE :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_TLS_CONFIGURATION :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_XKS_PROXY_NOT_REACHABLE :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_XKS_PROXY_TIMED_OUT :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS: pattern ConnectionStateType_CONNECTED :: ConnectionStateType
+ Amazonka.KMS: pattern ConnectionStateType_CONNECTING :: ConnectionStateType
+ Amazonka.KMS: pattern ConnectionStateType_DISCONNECTED :: ConnectionStateType
+ Amazonka.KMS: pattern ConnectionStateType_DISCONNECTING :: ConnectionStateType
+ Amazonka.KMS: pattern ConnectionStateType_FAILED :: ConnectionStateType
+ Amazonka.KMS: pattern CustomKeyStoreType_AWS_CLOUDHSM :: CustomKeyStoreType
+ Amazonka.KMS: pattern CustomKeyStoreType_EXTERNAL_KEY_STORE :: CustomKeyStoreType
+ Amazonka.KMS: pattern CustomerMasterKeySpec_ECC_NIST_P256 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_ECC_NIST_P384 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_ECC_NIST_P521 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_ECC_SECG_P256K1 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_HMAC_224 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_HMAC_256 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_HMAC_384 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_HMAC_512 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_RSA_2048 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_RSA_3072 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_RSA_4096 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_SM2 :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern CustomerMasterKeySpec_SYMMETRIC_DEFAULT :: CustomerMasterKeySpec
+ Amazonka.KMS: pattern DataKeyPairSpec_ECC_NIST_P256 :: DataKeyPairSpec
+ Amazonka.KMS: pattern DataKeyPairSpec_ECC_NIST_P384 :: DataKeyPairSpec
+ Amazonka.KMS: pattern DataKeyPairSpec_ECC_NIST_P521 :: DataKeyPairSpec
+ Amazonka.KMS: pattern DataKeyPairSpec_ECC_SECG_P256K1 :: DataKeyPairSpec
+ Amazonka.KMS: pattern DataKeyPairSpec_RSA_2048 :: DataKeyPairSpec
+ Amazonka.KMS: pattern DataKeyPairSpec_RSA_3072 :: DataKeyPairSpec
+ Amazonka.KMS: pattern DataKeyPairSpec_RSA_4096 :: DataKeyPairSpec
+ Amazonka.KMS: pattern DataKeyPairSpec_SM2 :: DataKeyPairSpec
+ Amazonka.KMS: pattern DataKeySpec_AES_128 :: DataKeySpec
+ Amazonka.KMS: pattern DataKeySpec_AES_256 :: DataKeySpec
+ Amazonka.KMS: pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1 :: EncryptionAlgorithmSpec
+ Amazonka.KMS: pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256 :: EncryptionAlgorithmSpec
+ Amazonka.KMS: pattern EncryptionAlgorithmSpec_SM2PKE :: EncryptionAlgorithmSpec
+ Amazonka.KMS: pattern EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT :: EncryptionAlgorithmSpec
+ Amazonka.KMS: pattern ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE :: ExpirationModelType
+ Amazonka.KMS: pattern ExpirationModelType_KEY_MATERIAL_EXPIRES :: ExpirationModelType
+ Amazonka.KMS: pattern GrantOperation_CreateGrant :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_Decrypt :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_DescribeKey :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_Encrypt :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_GenerateDataKey :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_GenerateDataKeyPair :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_GenerateDataKeyPairWithoutPlaintext :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_GenerateDataKeyWithoutPlaintext :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_GenerateMac :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_GetPublicKey :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_ReEncryptFrom :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_ReEncryptTo :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_RetireGrant :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_Sign :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_Verify :: GrantOperation
+ Amazonka.KMS: pattern GrantOperation_VerifyMac :: GrantOperation
+ Amazonka.KMS: pattern KeyManagerType_AWS :: KeyManagerType
+ Amazonka.KMS: pattern KeyManagerType_CUSTOMER :: KeyManagerType
+ Amazonka.KMS: pattern KeySpec_ECC_NIST_P256 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_ECC_NIST_P384 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_ECC_NIST_P521 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_ECC_SECG_P256K1 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_HMAC_224 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_HMAC_256 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_HMAC_384 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_HMAC_512 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_RSA_2048 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_RSA_3072 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_RSA_4096 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_SM2 :: KeySpec
+ Amazonka.KMS: pattern KeySpec_SYMMETRIC_DEFAULT :: KeySpec
+ Amazonka.KMS: pattern KeyState_Creating :: KeyState
+ Amazonka.KMS: pattern KeyState_Disabled :: KeyState
+ Amazonka.KMS: pattern KeyState_Enabled :: KeyState
+ Amazonka.KMS: pattern KeyState_PendingDeletion :: KeyState
+ Amazonka.KMS: pattern KeyState_PendingImport :: KeyState
+ Amazonka.KMS: pattern KeyState_PendingReplicaDeletion :: KeyState
+ Amazonka.KMS: pattern KeyState_Unavailable :: KeyState
+ Amazonka.KMS: pattern KeyState_Updating :: KeyState
+ Amazonka.KMS: pattern KeyUsageType_ENCRYPT_DECRYPT :: KeyUsageType
+ Amazonka.KMS: pattern KeyUsageType_GENERATE_VERIFY_MAC :: KeyUsageType
+ Amazonka.KMS: pattern KeyUsageType_SIGN_VERIFY :: KeyUsageType
+ Amazonka.KMS: pattern MacAlgorithmSpec_HMAC_SHA_224 :: MacAlgorithmSpec
+ Amazonka.KMS: pattern MacAlgorithmSpec_HMAC_SHA_256 :: MacAlgorithmSpec
+ Amazonka.KMS: pattern MacAlgorithmSpec_HMAC_SHA_384 :: MacAlgorithmSpec
+ Amazonka.KMS: pattern MacAlgorithmSpec_HMAC_SHA_512 :: MacAlgorithmSpec
+ Amazonka.KMS: pattern MessageType_DIGEST :: MessageType
+ Amazonka.KMS: pattern MessageType_RAW :: MessageType
+ Amazonka.KMS: pattern MultiRegionKeyType_PRIMARY :: MultiRegionKeyType
+ Amazonka.KMS: pattern MultiRegionKeyType_REPLICA :: MultiRegionKeyType
+ Amazonka.KMS: pattern OriginType_AWS_CLOUDHSM :: OriginType
+ Amazonka.KMS: pattern OriginType_AWS_KMS :: OriginType
+ Amazonka.KMS: pattern OriginType_EXTERNAL :: OriginType
+ Amazonka.KMS: pattern OriginType_EXTERNAL_KEY_STORE :: OriginType
+ Amazonka.KMS: pattern SigningAlgorithmSpec_ECDSA_SHA_256 :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern SigningAlgorithmSpec_ECDSA_SHA_384 :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern SigningAlgorithmSpec_ECDSA_SHA_512 :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256 :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384 :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512 :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_256 :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_384 :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_512 :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern SigningAlgorithmSpec_SM2DSA :: SigningAlgorithmSpec
+ Amazonka.KMS: pattern WrappingKeySpec_RSA_2048 :: WrappingKeySpec
+ Amazonka.KMS: pattern XksProxyConnectivityType_PUBLIC_ENDPOINT :: XksProxyConnectivityType
+ Amazonka.KMS: pattern XksProxyConnectivityType_VPC_ENDPOINT_SERVICE :: XksProxyConnectivityType
+ Amazonka.KMS.CancelKeyDeletion: CancelKeyDeletion' :: Text -> CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: CancelKeyDeletionResponse' :: Maybe Text -> Int -> CancelKeyDeletionResponse
+ Amazonka.KMS.CancelKeyDeletion: [$sel:httpStatus:CancelKeyDeletionResponse'] :: CancelKeyDeletionResponse -> Int
+ Amazonka.KMS.CancelKeyDeletion: [$sel:keyId:CancelKeyDeletion'] :: CancelKeyDeletion -> Text
+ Amazonka.KMS.CancelKeyDeletion: [$sel:keyId:CancelKeyDeletionResponse'] :: CancelKeyDeletionResponse -> Maybe Text
+ Amazonka.KMS.CancelKeyDeletion: cancelKeyDeletionResponse_httpStatus :: Lens' CancelKeyDeletionResponse Int
+ Amazonka.KMS.CancelKeyDeletion: cancelKeyDeletionResponse_keyId :: Lens' CancelKeyDeletionResponse (Maybe Text)
+ Amazonka.KMS.CancelKeyDeletion: cancelKeyDeletion_keyId :: Lens' CancelKeyDeletion Text
+ Amazonka.KMS.CancelKeyDeletion: data CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: data CancelKeyDeletionResponse
+ Amazonka.KMS.CancelKeyDeletion: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance Amazonka.Data.Path.ToPath Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance Amazonka.Types.AWSRequest Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance Control.DeepSeq.NFData Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance Control.DeepSeq.NFData Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Amazonka.KMS.CancelKeyDeletion: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance Data.Hashable.Class.Hashable Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance GHC.Classes.Eq Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance GHC.Classes.Eq Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Amazonka.KMS.CancelKeyDeletion: instance GHC.Generics.Generic Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance GHC.Generics.Generic Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Amazonka.KMS.CancelKeyDeletion: instance GHC.Read.Read Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance GHC.Read.Read Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Amazonka.KMS.CancelKeyDeletion: instance GHC.Show.Show Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: instance GHC.Show.Show Amazonka.KMS.CancelKeyDeletion.CancelKeyDeletionResponse
+ Amazonka.KMS.CancelKeyDeletion: newCancelKeyDeletion :: Text -> CancelKeyDeletion
+ Amazonka.KMS.CancelKeyDeletion: newCancelKeyDeletionResponse :: Int -> CancelKeyDeletionResponse
+ Amazonka.KMS.ConnectCustomKeyStore: ConnectCustomKeyStore' :: Text -> ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: ConnectCustomKeyStoreResponse' :: Int -> ConnectCustomKeyStoreResponse
+ Amazonka.KMS.ConnectCustomKeyStore: [$sel:customKeyStoreId:ConnectCustomKeyStore'] :: ConnectCustomKeyStore -> Text
+ Amazonka.KMS.ConnectCustomKeyStore: [$sel:httpStatus:ConnectCustomKeyStoreResponse'] :: ConnectCustomKeyStoreResponse -> Int
+ Amazonka.KMS.ConnectCustomKeyStore: connectCustomKeyStoreResponse_httpStatus :: Lens' ConnectCustomKeyStoreResponse Int
+ Amazonka.KMS.ConnectCustomKeyStore: connectCustomKeyStore_customKeyStoreId :: Lens' ConnectCustomKeyStore Text
+ Amazonka.KMS.ConnectCustomKeyStore: data ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: data ConnectCustomKeyStoreResponse
+ Amazonka.KMS.ConnectCustomKeyStore: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance Amazonka.Types.AWSRequest Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStoreResponse
+ Amazonka.KMS.ConnectCustomKeyStore: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance Data.Hashable.Class.Hashable Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStoreResponse
+ Amazonka.KMS.ConnectCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStoreResponse
+ Amazonka.KMS.ConnectCustomKeyStore: instance GHC.Read.Read Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance GHC.Read.Read Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStoreResponse
+ Amazonka.KMS.ConnectCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.ConnectCustomKeyStore.ConnectCustomKeyStoreResponse
+ Amazonka.KMS.ConnectCustomKeyStore: newConnectCustomKeyStore :: Text -> ConnectCustomKeyStore
+ Amazonka.KMS.ConnectCustomKeyStore: newConnectCustomKeyStoreResponse :: Int -> ConnectCustomKeyStoreResponse
+ Amazonka.KMS.CreateAlias: CreateAlias' :: Text -> Text -> CreateAlias
+ Amazonka.KMS.CreateAlias: CreateAliasResponse' :: CreateAliasResponse
+ Amazonka.KMS.CreateAlias: [$sel:aliasName:CreateAlias'] :: CreateAlias -> Text
+ Amazonka.KMS.CreateAlias: [$sel:targetKeyId:CreateAlias'] :: CreateAlias -> Text
+ Amazonka.KMS.CreateAlias: createAlias_aliasName :: Lens' CreateAlias Text
+ Amazonka.KMS.CreateAlias: createAlias_targetKeyId :: Lens' CreateAlias Text
+ Amazonka.KMS.CreateAlias: data CreateAlias
+ Amazonka.KMS.CreateAlias: data CreateAliasResponse
+ Amazonka.KMS.CreateAlias: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance Amazonka.Data.Path.ToPath Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance Amazonka.Types.AWSRequest Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance Control.DeepSeq.NFData Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance Control.DeepSeq.NFData Amazonka.KMS.CreateAlias.CreateAliasResponse
+ Amazonka.KMS.CreateAlias: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance Data.Hashable.Class.Hashable Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance GHC.Classes.Eq Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance GHC.Classes.Eq Amazonka.KMS.CreateAlias.CreateAliasResponse
+ Amazonka.KMS.CreateAlias: instance GHC.Generics.Generic Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance GHC.Generics.Generic Amazonka.KMS.CreateAlias.CreateAliasResponse
+ Amazonka.KMS.CreateAlias: instance GHC.Read.Read Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance GHC.Read.Read Amazonka.KMS.CreateAlias.CreateAliasResponse
+ Amazonka.KMS.CreateAlias: instance GHC.Show.Show Amazonka.KMS.CreateAlias.CreateAlias
+ Amazonka.KMS.CreateAlias: instance GHC.Show.Show Amazonka.KMS.CreateAlias.CreateAliasResponse
+ Amazonka.KMS.CreateAlias: newCreateAlias :: Text -> Text -> CreateAlias
+ Amazonka.KMS.CreateAlias: newCreateAliasResponse :: CreateAliasResponse
+ Amazonka.KMS.CreateCustomKeyStore: CreateCustomKeyStore' :: Maybe Text -> Maybe CustomKeyStoreType -> Maybe (Sensitive Text) -> Maybe Text -> Maybe XksProxyAuthenticationCredentialType -> Maybe XksProxyConnectivityType -> Maybe Text -> Maybe Text -> Maybe Text -> Text -> CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: CreateCustomKeyStoreResponse' :: Maybe Text -> Int -> CreateCustomKeyStoreResponse
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:cloudHsmClusterId:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:customKeyStoreId:CreateCustomKeyStoreResponse'] :: CreateCustomKeyStoreResponse -> Maybe Text
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:customKeyStoreName:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Text
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:customKeyStoreType:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Maybe CustomKeyStoreType
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:httpStatus:CreateCustomKeyStoreResponse'] :: CreateCustomKeyStoreResponse -> Int
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:keyStorePassword:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Maybe (Sensitive Text)
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:trustAnchorCertificate:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:xksProxyAuthenticationCredential:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Maybe XksProxyAuthenticationCredentialType
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:xksProxyConnectivity:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Maybe XksProxyConnectivityType
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:xksProxyUriEndpoint:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:xksProxyUriPath:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.CreateCustomKeyStore: [$sel:xksProxyVpcEndpointServiceName:CreateCustomKeyStore'] :: CreateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStoreResponse_customKeyStoreId :: Lens' CreateCustomKeyStoreResponse (Maybe Text)
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStoreResponse_httpStatus :: Lens' CreateCustomKeyStoreResponse Int
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_cloudHsmClusterId :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_customKeyStoreName :: Lens' CreateCustomKeyStore Text
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_customKeyStoreType :: Lens' CreateCustomKeyStore (Maybe CustomKeyStoreType)
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_keyStorePassword :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_trustAnchorCertificate :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_xksProxyAuthenticationCredential :: Lens' CreateCustomKeyStore (Maybe XksProxyAuthenticationCredentialType)
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_xksProxyConnectivity :: Lens' CreateCustomKeyStore (Maybe XksProxyConnectivityType)
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_xksProxyUriEndpoint :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_xksProxyUriPath :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.CreateCustomKeyStore: createCustomKeyStore_xksProxyVpcEndpointServiceName :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.CreateCustomKeyStore: data CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: data CreateCustomKeyStoreResponse
+ Amazonka.KMS.CreateCustomKeyStore: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance Amazonka.Data.Path.ToPath Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance Amazonka.Types.AWSRequest Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStoreResponse
+ Amazonka.KMS.CreateCustomKeyStore: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance Data.Hashable.Class.Hashable Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStoreResponse
+ Amazonka.KMS.CreateCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStoreResponse
+ Amazonka.KMS.CreateCustomKeyStore: instance GHC.Read.Read Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStoreResponse
+ Amazonka.KMS.CreateCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.CreateCustomKeyStore.CreateCustomKeyStoreResponse
+ Amazonka.KMS.CreateCustomKeyStore: newCreateCustomKeyStore :: Text -> CreateCustomKeyStore
+ Amazonka.KMS.CreateCustomKeyStore: newCreateCustomKeyStoreResponse :: Int -> CreateCustomKeyStoreResponse
+ Amazonka.KMS.CreateGrant: CreateGrant' :: Maybe GrantConstraints -> Maybe [Text] -> Maybe Text -> Maybe Text -> Text -> Text -> [GrantOperation] -> CreateGrant
+ Amazonka.KMS.CreateGrant: CreateGrantResponse' :: Maybe Text -> Maybe Text -> Int -> CreateGrantResponse
+ Amazonka.KMS.CreateGrant: [$sel:constraints:CreateGrant'] :: CreateGrant -> Maybe GrantConstraints
+ Amazonka.KMS.CreateGrant: [$sel:grantId:CreateGrantResponse'] :: CreateGrantResponse -> Maybe Text
+ Amazonka.KMS.CreateGrant: [$sel:grantToken:CreateGrantResponse'] :: CreateGrantResponse -> Maybe Text
+ Amazonka.KMS.CreateGrant: [$sel:grantTokens:CreateGrant'] :: CreateGrant -> Maybe [Text]
+ Amazonka.KMS.CreateGrant: [$sel:granteePrincipal:CreateGrant'] :: CreateGrant -> Text
+ Amazonka.KMS.CreateGrant: [$sel:httpStatus:CreateGrantResponse'] :: CreateGrantResponse -> Int
+ Amazonka.KMS.CreateGrant: [$sel:keyId:CreateGrant'] :: CreateGrant -> Text
+ Amazonka.KMS.CreateGrant: [$sel:name:CreateGrant'] :: CreateGrant -> Maybe Text
+ Amazonka.KMS.CreateGrant: [$sel:operations:CreateGrant'] :: CreateGrant -> [GrantOperation]
+ Amazonka.KMS.CreateGrant: [$sel:retiringPrincipal:CreateGrant'] :: CreateGrant -> Maybe Text
+ Amazonka.KMS.CreateGrant: createGrantResponse_grantId :: Lens' CreateGrantResponse (Maybe Text)
+ Amazonka.KMS.CreateGrant: createGrantResponse_grantToken :: Lens' CreateGrantResponse (Maybe Text)
+ Amazonka.KMS.CreateGrant: createGrantResponse_httpStatus :: Lens' CreateGrantResponse Int
+ Amazonka.KMS.CreateGrant: createGrant_constraints :: Lens' CreateGrant (Maybe GrantConstraints)
+ Amazonka.KMS.CreateGrant: createGrant_grantTokens :: Lens' CreateGrant (Maybe [Text])
+ Amazonka.KMS.CreateGrant: createGrant_granteePrincipal :: Lens' CreateGrant Text
+ Amazonka.KMS.CreateGrant: createGrant_keyId :: Lens' CreateGrant Text
+ Amazonka.KMS.CreateGrant: createGrant_name :: Lens' CreateGrant (Maybe Text)
+ Amazonka.KMS.CreateGrant: createGrant_operations :: Lens' CreateGrant [GrantOperation]
+ Amazonka.KMS.CreateGrant: createGrant_retiringPrincipal :: Lens' CreateGrant (Maybe Text)
+ Amazonka.KMS.CreateGrant: data CreateGrant
+ Amazonka.KMS.CreateGrant: data CreateGrantResponse
+ Amazonka.KMS.CreateGrant: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance Amazonka.Data.Path.ToPath Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance Amazonka.Types.AWSRequest Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance Control.DeepSeq.NFData Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance Control.DeepSeq.NFData Amazonka.KMS.CreateGrant.CreateGrantResponse
+ Amazonka.KMS.CreateGrant: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance Data.Hashable.Class.Hashable Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance GHC.Classes.Eq Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance GHC.Classes.Eq Amazonka.KMS.CreateGrant.CreateGrantResponse
+ Amazonka.KMS.CreateGrant: instance GHC.Generics.Generic Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance GHC.Generics.Generic Amazonka.KMS.CreateGrant.CreateGrantResponse
+ Amazonka.KMS.CreateGrant: instance GHC.Read.Read Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance GHC.Read.Read Amazonka.KMS.CreateGrant.CreateGrantResponse
+ Amazonka.KMS.CreateGrant: instance GHC.Show.Show Amazonka.KMS.CreateGrant.CreateGrant
+ Amazonka.KMS.CreateGrant: instance GHC.Show.Show Amazonka.KMS.CreateGrant.CreateGrantResponse
+ Amazonka.KMS.CreateGrant: newCreateGrant :: Text -> Text -> CreateGrant
+ Amazonka.KMS.CreateGrant: newCreateGrantResponse :: Int -> CreateGrantResponse
+ Amazonka.KMS.CreateKey: CreateKey' :: Maybe Bool -> Maybe Text -> Maybe CustomerMasterKeySpec -> Maybe Text -> Maybe KeySpec -> Maybe KeyUsageType -> Maybe Bool -> Maybe OriginType -> Maybe Text -> Maybe [Tag] -> Maybe Text -> CreateKey
+ Amazonka.KMS.CreateKey: CreateKeyResponse' :: Maybe KeyMetadata -> Int -> CreateKeyResponse
+ Amazonka.KMS.CreateKey: [$sel:bypassPolicyLockoutSafetyCheck:CreateKey'] :: CreateKey -> Maybe Bool
+ Amazonka.KMS.CreateKey: [$sel:customKeyStoreId:CreateKey'] :: CreateKey -> Maybe Text
+ Amazonka.KMS.CreateKey: [$sel:customerMasterKeySpec:CreateKey'] :: CreateKey -> Maybe CustomerMasterKeySpec
+ Amazonka.KMS.CreateKey: [$sel:description:CreateKey'] :: CreateKey -> Maybe Text
+ Amazonka.KMS.CreateKey: [$sel:httpStatus:CreateKeyResponse'] :: CreateKeyResponse -> Int
+ Amazonka.KMS.CreateKey: [$sel:keyMetadata:CreateKeyResponse'] :: CreateKeyResponse -> Maybe KeyMetadata
+ Amazonka.KMS.CreateKey: [$sel:keySpec:CreateKey'] :: CreateKey -> Maybe KeySpec
+ Amazonka.KMS.CreateKey: [$sel:keyUsage:CreateKey'] :: CreateKey -> Maybe KeyUsageType
+ Amazonka.KMS.CreateKey: [$sel:multiRegion:CreateKey'] :: CreateKey -> Maybe Bool
+ Amazonka.KMS.CreateKey: [$sel:origin:CreateKey'] :: CreateKey -> Maybe OriginType
+ Amazonka.KMS.CreateKey: [$sel:policy:CreateKey'] :: CreateKey -> Maybe Text
+ Amazonka.KMS.CreateKey: [$sel:tags:CreateKey'] :: CreateKey -> Maybe [Tag]
+ Amazonka.KMS.CreateKey: [$sel:xksKeyId:CreateKey'] :: CreateKey -> Maybe Text
+ Amazonka.KMS.CreateKey: createKeyResponse_httpStatus :: Lens' CreateKeyResponse Int
+ Amazonka.KMS.CreateKey: createKeyResponse_keyMetadata :: Lens' CreateKeyResponse (Maybe KeyMetadata)
+ Amazonka.KMS.CreateKey: createKey_bypassPolicyLockoutSafetyCheck :: Lens' CreateKey (Maybe Bool)
+ Amazonka.KMS.CreateKey: createKey_customKeyStoreId :: Lens' CreateKey (Maybe Text)
+ Amazonka.KMS.CreateKey: createKey_customerMasterKeySpec :: Lens' CreateKey (Maybe CustomerMasterKeySpec)
+ Amazonka.KMS.CreateKey: createKey_description :: Lens' CreateKey (Maybe Text)
+ Amazonka.KMS.CreateKey: createKey_keySpec :: Lens' CreateKey (Maybe KeySpec)
+ Amazonka.KMS.CreateKey: createKey_keyUsage :: Lens' CreateKey (Maybe KeyUsageType)
+ Amazonka.KMS.CreateKey: createKey_multiRegion :: Lens' CreateKey (Maybe Bool)
+ Amazonka.KMS.CreateKey: createKey_origin :: Lens' CreateKey (Maybe OriginType)
+ Amazonka.KMS.CreateKey: createKey_policy :: Lens' CreateKey (Maybe Text)
+ Amazonka.KMS.CreateKey: createKey_tags :: Lens' CreateKey (Maybe [Tag])
+ Amazonka.KMS.CreateKey: createKey_xksKeyId :: Lens' CreateKey (Maybe Text)
+ Amazonka.KMS.CreateKey: data CreateKey
+ Amazonka.KMS.CreateKey: data CreateKeyResponse
+ Amazonka.KMS.CreateKey: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance Amazonka.Data.Path.ToPath Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance Amazonka.Types.AWSRequest Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance Control.DeepSeq.NFData Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance Control.DeepSeq.NFData Amazonka.KMS.CreateKey.CreateKeyResponse
+ Amazonka.KMS.CreateKey: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance Data.Hashable.Class.Hashable Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance GHC.Classes.Eq Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance GHC.Classes.Eq Amazonka.KMS.CreateKey.CreateKeyResponse
+ Amazonka.KMS.CreateKey: instance GHC.Generics.Generic Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance GHC.Generics.Generic Amazonka.KMS.CreateKey.CreateKeyResponse
+ Amazonka.KMS.CreateKey: instance GHC.Read.Read Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance GHC.Read.Read Amazonka.KMS.CreateKey.CreateKeyResponse
+ Amazonka.KMS.CreateKey: instance GHC.Show.Show Amazonka.KMS.CreateKey.CreateKey
+ Amazonka.KMS.CreateKey: instance GHC.Show.Show Amazonka.KMS.CreateKey.CreateKeyResponse
+ Amazonka.KMS.CreateKey: newCreateKey :: CreateKey
+ Amazonka.KMS.CreateKey: newCreateKeyResponse :: Int -> CreateKeyResponse
+ Amazonka.KMS.Decrypt: Decrypt' :: Maybe EncryptionAlgorithmSpec -> Maybe (HashMap Text Text) -> Maybe [Text] -> Maybe Text -> Base64 -> Decrypt
+ Amazonka.KMS.Decrypt: DecryptResponse' :: Maybe EncryptionAlgorithmSpec -> Maybe Text -> Maybe (Sensitive Base64) -> Int -> DecryptResponse
+ Amazonka.KMS.Decrypt: [$sel:ciphertextBlob:Decrypt'] :: Decrypt -> Base64
+ Amazonka.KMS.Decrypt: [$sel:encryptionAlgorithm:Decrypt'] :: Decrypt -> Maybe EncryptionAlgorithmSpec
+ Amazonka.KMS.Decrypt: [$sel:encryptionAlgorithm:DecryptResponse'] :: DecryptResponse -> Maybe EncryptionAlgorithmSpec
+ Amazonka.KMS.Decrypt: [$sel:encryptionContext:Decrypt'] :: Decrypt -> Maybe (HashMap Text Text)
+ Amazonka.KMS.Decrypt: [$sel:grantTokens:Decrypt'] :: Decrypt -> Maybe [Text]
+ Amazonka.KMS.Decrypt: [$sel:httpStatus:DecryptResponse'] :: DecryptResponse -> Int
+ Amazonka.KMS.Decrypt: [$sel:keyId:Decrypt'] :: Decrypt -> Maybe Text
+ Amazonka.KMS.Decrypt: [$sel:keyId:DecryptResponse'] :: DecryptResponse -> Maybe Text
+ Amazonka.KMS.Decrypt: [$sel:plaintext:DecryptResponse'] :: DecryptResponse -> Maybe (Sensitive Base64)
+ Amazonka.KMS.Decrypt: data Decrypt
+ Amazonka.KMS.Decrypt: data DecryptResponse
+ Amazonka.KMS.Decrypt: decryptResponse_encryptionAlgorithm :: Lens' DecryptResponse (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Decrypt: decryptResponse_httpStatus :: Lens' DecryptResponse Int
+ Amazonka.KMS.Decrypt: decryptResponse_keyId :: Lens' DecryptResponse (Maybe Text)
+ Amazonka.KMS.Decrypt: decryptResponse_plaintext :: Lens' DecryptResponse (Maybe ByteString)
+ Amazonka.KMS.Decrypt: decrypt_ciphertextBlob :: Lens' Decrypt ByteString
+ Amazonka.KMS.Decrypt: decrypt_encryptionAlgorithm :: Lens' Decrypt (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Decrypt: decrypt_encryptionContext :: Lens' Decrypt (Maybe (HashMap Text Text))
+ Amazonka.KMS.Decrypt: decrypt_grantTokens :: Lens' Decrypt (Maybe [Text])
+ Amazonka.KMS.Decrypt: decrypt_keyId :: Lens' Decrypt (Maybe Text)
+ Amazonka.KMS.Decrypt: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance Amazonka.Data.Path.ToPath Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance Amazonka.Types.AWSRequest Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance Control.DeepSeq.NFData Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance Control.DeepSeq.NFData Amazonka.KMS.Decrypt.DecryptResponse
+ Amazonka.KMS.Decrypt: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance Data.Hashable.Class.Hashable Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance GHC.Classes.Eq Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance GHC.Classes.Eq Amazonka.KMS.Decrypt.DecryptResponse
+ Amazonka.KMS.Decrypt: instance GHC.Generics.Generic Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance GHC.Generics.Generic Amazonka.KMS.Decrypt.DecryptResponse
+ Amazonka.KMS.Decrypt: instance GHC.Read.Read Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance GHC.Show.Show Amazonka.KMS.Decrypt.Decrypt
+ Amazonka.KMS.Decrypt: instance GHC.Show.Show Amazonka.KMS.Decrypt.DecryptResponse
+ Amazonka.KMS.Decrypt: newDecrypt :: ByteString -> Decrypt
+ Amazonka.KMS.Decrypt: newDecryptResponse :: Int -> DecryptResponse
+ Amazonka.KMS.DeleteAlias: DeleteAlias' :: Text -> DeleteAlias
+ Amazonka.KMS.DeleteAlias: DeleteAliasResponse' :: DeleteAliasResponse
+ Amazonka.KMS.DeleteAlias: [$sel:aliasName:DeleteAlias'] :: DeleteAlias -> Text
+ Amazonka.KMS.DeleteAlias: data DeleteAlias
+ Amazonka.KMS.DeleteAlias: data DeleteAliasResponse
+ Amazonka.KMS.DeleteAlias: deleteAlias_aliasName :: Lens' DeleteAlias Text
+ Amazonka.KMS.DeleteAlias: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance Amazonka.Data.Path.ToPath Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance Amazonka.Types.AWSRequest Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance Control.DeepSeq.NFData Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance Control.DeepSeq.NFData Amazonka.KMS.DeleteAlias.DeleteAliasResponse
+ Amazonka.KMS.DeleteAlias: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance Data.Hashable.Class.Hashable Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance GHC.Classes.Eq Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance GHC.Classes.Eq Amazonka.KMS.DeleteAlias.DeleteAliasResponse
+ Amazonka.KMS.DeleteAlias: instance GHC.Generics.Generic Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance GHC.Generics.Generic Amazonka.KMS.DeleteAlias.DeleteAliasResponse
+ Amazonka.KMS.DeleteAlias: instance GHC.Read.Read Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance GHC.Read.Read Amazonka.KMS.DeleteAlias.DeleteAliasResponse
+ Amazonka.KMS.DeleteAlias: instance GHC.Show.Show Amazonka.KMS.DeleteAlias.DeleteAlias
+ Amazonka.KMS.DeleteAlias: instance GHC.Show.Show Amazonka.KMS.DeleteAlias.DeleteAliasResponse
+ Amazonka.KMS.DeleteAlias: newDeleteAlias :: Text -> DeleteAlias
+ Amazonka.KMS.DeleteAlias: newDeleteAliasResponse :: DeleteAliasResponse
+ Amazonka.KMS.DeleteCustomKeyStore: DeleteCustomKeyStore' :: Text -> DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: DeleteCustomKeyStoreResponse' :: Int -> DeleteCustomKeyStoreResponse
+ Amazonka.KMS.DeleteCustomKeyStore: [$sel:customKeyStoreId:DeleteCustomKeyStore'] :: DeleteCustomKeyStore -> Text
+ Amazonka.KMS.DeleteCustomKeyStore: [$sel:httpStatus:DeleteCustomKeyStoreResponse'] :: DeleteCustomKeyStoreResponse -> Int
+ Amazonka.KMS.DeleteCustomKeyStore: data DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: data DeleteCustomKeyStoreResponse
+ Amazonka.KMS.DeleteCustomKeyStore: deleteCustomKeyStoreResponse_httpStatus :: Lens' DeleteCustomKeyStoreResponse Int
+ Amazonka.KMS.DeleteCustomKeyStore: deleteCustomKeyStore_customKeyStoreId :: Lens' DeleteCustomKeyStore Text
+ Amazonka.KMS.DeleteCustomKeyStore: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance Amazonka.Data.Path.ToPath Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance Amazonka.Types.AWSRequest Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStoreResponse
+ Amazonka.KMS.DeleteCustomKeyStore: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance Data.Hashable.Class.Hashable Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStoreResponse
+ Amazonka.KMS.DeleteCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStoreResponse
+ Amazonka.KMS.DeleteCustomKeyStore: instance GHC.Read.Read Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance GHC.Read.Read Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStoreResponse
+ Amazonka.KMS.DeleteCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.DeleteCustomKeyStore.DeleteCustomKeyStoreResponse
+ Amazonka.KMS.DeleteCustomKeyStore: newDeleteCustomKeyStore :: Text -> DeleteCustomKeyStore
+ Amazonka.KMS.DeleteCustomKeyStore: newDeleteCustomKeyStoreResponse :: Int -> DeleteCustomKeyStoreResponse
+ Amazonka.KMS.DeleteImportedKeyMaterial: DeleteImportedKeyMaterial' :: Text -> DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: DeleteImportedKeyMaterialResponse' :: DeleteImportedKeyMaterialResponse
+ Amazonka.KMS.DeleteImportedKeyMaterial: [$sel:keyId:DeleteImportedKeyMaterial'] :: DeleteImportedKeyMaterial -> Text
+ Amazonka.KMS.DeleteImportedKeyMaterial: data DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: data DeleteImportedKeyMaterialResponse
+ Amazonka.KMS.DeleteImportedKeyMaterial: deleteImportedKeyMaterial_keyId :: Lens' DeleteImportedKeyMaterial Text
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance Amazonka.Data.Path.ToPath Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance Amazonka.Types.AWSRequest Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance Control.DeepSeq.NFData Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance Control.DeepSeq.NFData Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance Data.Hashable.Class.Hashable Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance GHC.Classes.Eq Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance GHC.Classes.Eq Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance GHC.Generics.Generic Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance GHC.Generics.Generic Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance GHC.Read.Read Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance GHC.Read.Read Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance GHC.Show.Show Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: instance GHC.Show.Show Amazonka.KMS.DeleteImportedKeyMaterial.DeleteImportedKeyMaterialResponse
+ Amazonka.KMS.DeleteImportedKeyMaterial: newDeleteImportedKeyMaterial :: Text -> DeleteImportedKeyMaterial
+ Amazonka.KMS.DeleteImportedKeyMaterial: newDeleteImportedKeyMaterialResponse :: DeleteImportedKeyMaterialResponse
+ Amazonka.KMS.DescribeCustomKeyStores: DescribeCustomKeyStores' :: Maybe Text -> Maybe Text -> Maybe Natural -> Maybe Text -> DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: DescribeCustomKeyStoresResponse' :: Maybe [CustomKeyStoresListEntry] -> Maybe Text -> Maybe Bool -> Int -> DescribeCustomKeyStoresResponse
+ Amazonka.KMS.DescribeCustomKeyStores: [$sel:customKeyStoreId:DescribeCustomKeyStores'] :: DescribeCustomKeyStores -> Maybe Text
+ Amazonka.KMS.DescribeCustomKeyStores: [$sel:customKeyStoreName:DescribeCustomKeyStores'] :: DescribeCustomKeyStores -> Maybe Text
+ Amazonka.KMS.DescribeCustomKeyStores: [$sel:customKeyStores:DescribeCustomKeyStoresResponse'] :: DescribeCustomKeyStoresResponse -> Maybe [CustomKeyStoresListEntry]
+ Amazonka.KMS.DescribeCustomKeyStores: [$sel:httpStatus:DescribeCustomKeyStoresResponse'] :: DescribeCustomKeyStoresResponse -> Int
+ Amazonka.KMS.DescribeCustomKeyStores: [$sel:limit:DescribeCustomKeyStores'] :: DescribeCustomKeyStores -> Maybe Natural
+ Amazonka.KMS.DescribeCustomKeyStores: [$sel:marker:DescribeCustomKeyStores'] :: DescribeCustomKeyStores -> Maybe Text
+ Amazonka.KMS.DescribeCustomKeyStores: [$sel:nextMarker:DescribeCustomKeyStoresResponse'] :: DescribeCustomKeyStoresResponse -> Maybe Text
+ Amazonka.KMS.DescribeCustomKeyStores: [$sel:truncated:DescribeCustomKeyStoresResponse'] :: DescribeCustomKeyStoresResponse -> Maybe Bool
+ Amazonka.KMS.DescribeCustomKeyStores: data DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: data DescribeCustomKeyStoresResponse
+ Amazonka.KMS.DescribeCustomKeyStores: describeCustomKeyStoresResponse_customKeyStores :: Lens' DescribeCustomKeyStoresResponse (Maybe [CustomKeyStoresListEntry])
+ Amazonka.KMS.DescribeCustomKeyStores: describeCustomKeyStoresResponse_httpStatus :: Lens' DescribeCustomKeyStoresResponse Int
+ Amazonka.KMS.DescribeCustomKeyStores: describeCustomKeyStoresResponse_nextMarker :: Lens' DescribeCustomKeyStoresResponse (Maybe Text)
+ Amazonka.KMS.DescribeCustomKeyStores: describeCustomKeyStoresResponse_truncated :: Lens' DescribeCustomKeyStoresResponse (Maybe Bool)
+ Amazonka.KMS.DescribeCustomKeyStores: describeCustomKeyStores_customKeyStoreId :: Lens' DescribeCustomKeyStores (Maybe Text)
+ Amazonka.KMS.DescribeCustomKeyStores: describeCustomKeyStores_customKeyStoreName :: Lens' DescribeCustomKeyStores (Maybe Text)
+ Amazonka.KMS.DescribeCustomKeyStores: describeCustomKeyStores_limit :: Lens' DescribeCustomKeyStores (Maybe Natural)
+ Amazonka.KMS.DescribeCustomKeyStores: describeCustomKeyStores_marker :: Lens' DescribeCustomKeyStores (Maybe Text)
+ Amazonka.KMS.DescribeCustomKeyStores: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance Amazonka.Data.Path.ToPath Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance Amazonka.Pager.AWSPager Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance Amazonka.Types.AWSRequest Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance Control.DeepSeq.NFData Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance Control.DeepSeq.NFData Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStoresResponse
+ Amazonka.KMS.DescribeCustomKeyStores: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance Data.Hashable.Class.Hashable Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance GHC.Classes.Eq Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance GHC.Classes.Eq Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStoresResponse
+ Amazonka.KMS.DescribeCustomKeyStores: instance GHC.Generics.Generic Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance GHC.Generics.Generic Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStoresResponse
+ Amazonka.KMS.DescribeCustomKeyStores: instance GHC.Read.Read Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance GHC.Show.Show Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: instance GHC.Show.Show Amazonka.KMS.DescribeCustomKeyStores.DescribeCustomKeyStoresResponse
+ Amazonka.KMS.DescribeCustomKeyStores: newDescribeCustomKeyStores :: DescribeCustomKeyStores
+ Amazonka.KMS.DescribeCustomKeyStores: newDescribeCustomKeyStoresResponse :: Int -> DescribeCustomKeyStoresResponse
+ Amazonka.KMS.DescribeKey: DescribeKey' :: Maybe [Text] -> Text -> DescribeKey
+ Amazonka.KMS.DescribeKey: DescribeKeyResponse' :: Maybe KeyMetadata -> Int -> DescribeKeyResponse
+ Amazonka.KMS.DescribeKey: [$sel:grantTokens:DescribeKey'] :: DescribeKey -> Maybe [Text]
+ Amazonka.KMS.DescribeKey: [$sel:httpStatus:DescribeKeyResponse'] :: DescribeKeyResponse -> Int
+ Amazonka.KMS.DescribeKey: [$sel:keyId:DescribeKey'] :: DescribeKey -> Text
+ Amazonka.KMS.DescribeKey: [$sel:keyMetadata:DescribeKeyResponse'] :: DescribeKeyResponse -> Maybe KeyMetadata
+ Amazonka.KMS.DescribeKey: data DescribeKey
+ Amazonka.KMS.DescribeKey: data DescribeKeyResponse
+ Amazonka.KMS.DescribeKey: describeKeyResponse_httpStatus :: Lens' DescribeKeyResponse Int
+ Amazonka.KMS.DescribeKey: describeKeyResponse_keyMetadata :: Lens' DescribeKeyResponse (Maybe KeyMetadata)
+ Amazonka.KMS.DescribeKey: describeKey_grantTokens :: Lens' DescribeKey (Maybe [Text])
+ Amazonka.KMS.DescribeKey: describeKey_keyId :: Lens' DescribeKey Text
+ Amazonka.KMS.DescribeKey: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance Amazonka.Data.Path.ToPath Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance Amazonka.Types.AWSRequest Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance Control.DeepSeq.NFData Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance Control.DeepSeq.NFData Amazonka.KMS.DescribeKey.DescribeKeyResponse
+ Amazonka.KMS.DescribeKey: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance Data.Hashable.Class.Hashable Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance GHC.Classes.Eq Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance GHC.Classes.Eq Amazonka.KMS.DescribeKey.DescribeKeyResponse
+ Amazonka.KMS.DescribeKey: instance GHC.Generics.Generic Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance GHC.Generics.Generic Amazonka.KMS.DescribeKey.DescribeKeyResponse
+ Amazonka.KMS.DescribeKey: instance GHC.Read.Read Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance GHC.Read.Read Amazonka.KMS.DescribeKey.DescribeKeyResponse
+ Amazonka.KMS.DescribeKey: instance GHC.Show.Show Amazonka.KMS.DescribeKey.DescribeKey
+ Amazonka.KMS.DescribeKey: instance GHC.Show.Show Amazonka.KMS.DescribeKey.DescribeKeyResponse
+ Amazonka.KMS.DescribeKey: newDescribeKey :: Text -> DescribeKey
+ Amazonka.KMS.DescribeKey: newDescribeKeyResponse :: Int -> DescribeKeyResponse
+ Amazonka.KMS.DisableKey: DisableKey' :: Text -> DisableKey
+ Amazonka.KMS.DisableKey: DisableKeyResponse' :: DisableKeyResponse
+ Amazonka.KMS.DisableKey: [$sel:keyId:DisableKey'] :: DisableKey -> Text
+ Amazonka.KMS.DisableKey: data DisableKey
+ Amazonka.KMS.DisableKey: data DisableKeyResponse
+ Amazonka.KMS.DisableKey: disableKey_keyId :: Lens' DisableKey Text
+ Amazonka.KMS.DisableKey: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance Amazonka.Data.Path.ToPath Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance Amazonka.Types.AWSRequest Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance Control.DeepSeq.NFData Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance Control.DeepSeq.NFData Amazonka.KMS.DisableKey.DisableKeyResponse
+ Amazonka.KMS.DisableKey: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance Data.Hashable.Class.Hashable Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance GHC.Classes.Eq Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance GHC.Classes.Eq Amazonka.KMS.DisableKey.DisableKeyResponse
+ Amazonka.KMS.DisableKey: instance GHC.Generics.Generic Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance GHC.Generics.Generic Amazonka.KMS.DisableKey.DisableKeyResponse
+ Amazonka.KMS.DisableKey: instance GHC.Read.Read Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance GHC.Read.Read Amazonka.KMS.DisableKey.DisableKeyResponse
+ Amazonka.KMS.DisableKey: instance GHC.Show.Show Amazonka.KMS.DisableKey.DisableKey
+ Amazonka.KMS.DisableKey: instance GHC.Show.Show Amazonka.KMS.DisableKey.DisableKeyResponse
+ Amazonka.KMS.DisableKey: newDisableKey :: Text -> DisableKey
+ Amazonka.KMS.DisableKey: newDisableKeyResponse :: DisableKeyResponse
+ Amazonka.KMS.DisableKeyRotation: DisableKeyRotation' :: Text -> DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: DisableKeyRotationResponse' :: DisableKeyRotationResponse
+ Amazonka.KMS.DisableKeyRotation: [$sel:keyId:DisableKeyRotation'] :: DisableKeyRotation -> Text
+ Amazonka.KMS.DisableKeyRotation: data DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: data DisableKeyRotationResponse
+ Amazonka.KMS.DisableKeyRotation: disableKeyRotation_keyId :: Lens' DisableKeyRotation Text
+ Amazonka.KMS.DisableKeyRotation: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance Amazonka.Data.Path.ToPath Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance Amazonka.Types.AWSRequest Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance Control.DeepSeq.NFData Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance Control.DeepSeq.NFData Amazonka.KMS.DisableKeyRotation.DisableKeyRotationResponse
+ Amazonka.KMS.DisableKeyRotation: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance Data.Hashable.Class.Hashable Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance GHC.Classes.Eq Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance GHC.Classes.Eq Amazonka.KMS.DisableKeyRotation.DisableKeyRotationResponse
+ Amazonka.KMS.DisableKeyRotation: instance GHC.Generics.Generic Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance GHC.Generics.Generic Amazonka.KMS.DisableKeyRotation.DisableKeyRotationResponse
+ Amazonka.KMS.DisableKeyRotation: instance GHC.Read.Read Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance GHC.Read.Read Amazonka.KMS.DisableKeyRotation.DisableKeyRotationResponse
+ Amazonka.KMS.DisableKeyRotation: instance GHC.Show.Show Amazonka.KMS.DisableKeyRotation.DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: instance GHC.Show.Show Amazonka.KMS.DisableKeyRotation.DisableKeyRotationResponse
+ Amazonka.KMS.DisableKeyRotation: newDisableKeyRotation :: Text -> DisableKeyRotation
+ Amazonka.KMS.DisableKeyRotation: newDisableKeyRotationResponse :: DisableKeyRotationResponse
+ Amazonka.KMS.DisconnectCustomKeyStore: DisconnectCustomKeyStore' :: Text -> DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: DisconnectCustomKeyStoreResponse' :: Int -> DisconnectCustomKeyStoreResponse
+ Amazonka.KMS.DisconnectCustomKeyStore: [$sel:customKeyStoreId:DisconnectCustomKeyStore'] :: DisconnectCustomKeyStore -> Text
+ Amazonka.KMS.DisconnectCustomKeyStore: [$sel:httpStatus:DisconnectCustomKeyStoreResponse'] :: DisconnectCustomKeyStoreResponse -> Int
+ Amazonka.KMS.DisconnectCustomKeyStore: data DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: data DisconnectCustomKeyStoreResponse
+ Amazonka.KMS.DisconnectCustomKeyStore: disconnectCustomKeyStoreResponse_httpStatus :: Lens' DisconnectCustomKeyStoreResponse Int
+ Amazonka.KMS.DisconnectCustomKeyStore: disconnectCustomKeyStore_customKeyStoreId :: Lens' DisconnectCustomKeyStore Text
+ Amazonka.KMS.DisconnectCustomKeyStore: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance Amazonka.Data.Path.ToPath Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance Amazonka.Types.AWSRequest Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStoreResponse
+ Amazonka.KMS.DisconnectCustomKeyStore: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance Data.Hashable.Class.Hashable Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStoreResponse
+ Amazonka.KMS.DisconnectCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStoreResponse
+ Amazonka.KMS.DisconnectCustomKeyStore: instance GHC.Read.Read Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance GHC.Read.Read Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStoreResponse
+ Amazonka.KMS.DisconnectCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.DisconnectCustomKeyStore.DisconnectCustomKeyStoreResponse
+ Amazonka.KMS.DisconnectCustomKeyStore: newDisconnectCustomKeyStore :: Text -> DisconnectCustomKeyStore
+ Amazonka.KMS.DisconnectCustomKeyStore: newDisconnectCustomKeyStoreResponse :: Int -> DisconnectCustomKeyStoreResponse
+ Amazonka.KMS.EnableKey: EnableKey' :: Text -> EnableKey
+ Amazonka.KMS.EnableKey: EnableKeyResponse' :: EnableKeyResponse
+ Amazonka.KMS.EnableKey: [$sel:keyId:EnableKey'] :: EnableKey -> Text
+ Amazonka.KMS.EnableKey: data EnableKey
+ Amazonka.KMS.EnableKey: data EnableKeyResponse
+ Amazonka.KMS.EnableKey: enableKey_keyId :: Lens' EnableKey Text
+ Amazonka.KMS.EnableKey: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance Amazonka.Data.Path.ToPath Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance Amazonka.Types.AWSRequest Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance Control.DeepSeq.NFData Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance Control.DeepSeq.NFData Amazonka.KMS.EnableKey.EnableKeyResponse
+ Amazonka.KMS.EnableKey: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance Data.Hashable.Class.Hashable Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance GHC.Classes.Eq Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance GHC.Classes.Eq Amazonka.KMS.EnableKey.EnableKeyResponse
+ Amazonka.KMS.EnableKey: instance GHC.Generics.Generic Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance GHC.Generics.Generic Amazonka.KMS.EnableKey.EnableKeyResponse
+ Amazonka.KMS.EnableKey: instance GHC.Read.Read Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance GHC.Read.Read Amazonka.KMS.EnableKey.EnableKeyResponse
+ Amazonka.KMS.EnableKey: instance GHC.Show.Show Amazonka.KMS.EnableKey.EnableKey
+ Amazonka.KMS.EnableKey: instance GHC.Show.Show Amazonka.KMS.EnableKey.EnableKeyResponse
+ Amazonka.KMS.EnableKey: newEnableKey :: Text -> EnableKey
+ Amazonka.KMS.EnableKey: newEnableKeyResponse :: EnableKeyResponse
+ Amazonka.KMS.EnableKeyRotation: EnableKeyRotation' :: Text -> EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: EnableKeyRotationResponse' :: EnableKeyRotationResponse
+ Amazonka.KMS.EnableKeyRotation: [$sel:keyId:EnableKeyRotation'] :: EnableKeyRotation -> Text
+ Amazonka.KMS.EnableKeyRotation: data EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: data EnableKeyRotationResponse
+ Amazonka.KMS.EnableKeyRotation: enableKeyRotation_keyId :: Lens' EnableKeyRotation Text
+ Amazonka.KMS.EnableKeyRotation: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance Amazonka.Data.Path.ToPath Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance Amazonka.Types.AWSRequest Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance Control.DeepSeq.NFData Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance Control.DeepSeq.NFData Amazonka.KMS.EnableKeyRotation.EnableKeyRotationResponse
+ Amazonka.KMS.EnableKeyRotation: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance Data.Hashable.Class.Hashable Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance GHC.Classes.Eq Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance GHC.Classes.Eq Amazonka.KMS.EnableKeyRotation.EnableKeyRotationResponse
+ Amazonka.KMS.EnableKeyRotation: instance GHC.Generics.Generic Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance GHC.Generics.Generic Amazonka.KMS.EnableKeyRotation.EnableKeyRotationResponse
+ Amazonka.KMS.EnableKeyRotation: instance GHC.Read.Read Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance GHC.Read.Read Amazonka.KMS.EnableKeyRotation.EnableKeyRotationResponse
+ Amazonka.KMS.EnableKeyRotation: instance GHC.Show.Show Amazonka.KMS.EnableKeyRotation.EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: instance GHC.Show.Show Amazonka.KMS.EnableKeyRotation.EnableKeyRotationResponse
+ Amazonka.KMS.EnableKeyRotation: newEnableKeyRotation :: Text -> EnableKeyRotation
+ Amazonka.KMS.EnableKeyRotation: newEnableKeyRotationResponse :: EnableKeyRotationResponse
+ Amazonka.KMS.Encrypt: Encrypt' :: Maybe EncryptionAlgorithmSpec -> Maybe (HashMap Text Text) -> Maybe [Text] -> Text -> Sensitive Base64 -> Encrypt
+ Amazonka.KMS.Encrypt: EncryptResponse' :: Maybe Base64 -> Maybe EncryptionAlgorithmSpec -> Maybe Text -> Int -> EncryptResponse
+ Amazonka.KMS.Encrypt: [$sel:ciphertextBlob:EncryptResponse'] :: EncryptResponse -> Maybe Base64
+ Amazonka.KMS.Encrypt: [$sel:encryptionAlgorithm:Encrypt'] :: Encrypt -> Maybe EncryptionAlgorithmSpec
+ Amazonka.KMS.Encrypt: [$sel:encryptionAlgorithm:EncryptResponse'] :: EncryptResponse -> Maybe EncryptionAlgorithmSpec
+ Amazonka.KMS.Encrypt: [$sel:encryptionContext:Encrypt'] :: Encrypt -> Maybe (HashMap Text Text)
+ Amazonka.KMS.Encrypt: [$sel:grantTokens:Encrypt'] :: Encrypt -> Maybe [Text]
+ Amazonka.KMS.Encrypt: [$sel:httpStatus:EncryptResponse'] :: EncryptResponse -> Int
+ Amazonka.KMS.Encrypt: [$sel:keyId:Encrypt'] :: Encrypt -> Text
+ Amazonka.KMS.Encrypt: [$sel:keyId:EncryptResponse'] :: EncryptResponse -> Maybe Text
+ Amazonka.KMS.Encrypt: [$sel:plaintext:Encrypt'] :: Encrypt -> Sensitive Base64
+ Amazonka.KMS.Encrypt: data Encrypt
+ Amazonka.KMS.Encrypt: data EncryptResponse
+ Amazonka.KMS.Encrypt: encryptResponse_ciphertextBlob :: Lens' EncryptResponse (Maybe ByteString)
+ Amazonka.KMS.Encrypt: encryptResponse_encryptionAlgorithm :: Lens' EncryptResponse (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Encrypt: encryptResponse_httpStatus :: Lens' EncryptResponse Int
+ Amazonka.KMS.Encrypt: encryptResponse_keyId :: Lens' EncryptResponse (Maybe Text)
+ Amazonka.KMS.Encrypt: encrypt_encryptionAlgorithm :: Lens' Encrypt (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Encrypt: encrypt_encryptionContext :: Lens' Encrypt (Maybe (HashMap Text Text))
+ Amazonka.KMS.Encrypt: encrypt_grantTokens :: Lens' Encrypt (Maybe [Text])
+ Amazonka.KMS.Encrypt: encrypt_keyId :: Lens' Encrypt Text
+ Amazonka.KMS.Encrypt: encrypt_plaintext :: Lens' Encrypt ByteString
+ Amazonka.KMS.Encrypt: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance Amazonka.Data.Path.ToPath Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance Amazonka.Types.AWSRequest Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance Control.DeepSeq.NFData Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance Control.DeepSeq.NFData Amazonka.KMS.Encrypt.EncryptResponse
+ Amazonka.KMS.Encrypt: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance Data.Hashable.Class.Hashable Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance GHC.Classes.Eq Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance GHC.Classes.Eq Amazonka.KMS.Encrypt.EncryptResponse
+ Amazonka.KMS.Encrypt: instance GHC.Generics.Generic Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance GHC.Generics.Generic Amazonka.KMS.Encrypt.EncryptResponse
+ Amazonka.KMS.Encrypt: instance GHC.Read.Read Amazonka.KMS.Encrypt.EncryptResponse
+ Amazonka.KMS.Encrypt: instance GHC.Show.Show Amazonka.KMS.Encrypt.Encrypt
+ Amazonka.KMS.Encrypt: instance GHC.Show.Show Amazonka.KMS.Encrypt.EncryptResponse
+ Amazonka.KMS.Encrypt: newEncrypt :: Text -> ByteString -> Encrypt
+ Amazonka.KMS.Encrypt: newEncryptResponse :: Int -> EncryptResponse
+ Amazonka.KMS.GenerateDataKey: GenerateDataKey' :: Maybe (HashMap Text Text) -> Maybe [Text] -> Maybe DataKeySpec -> Maybe Natural -> Text -> GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: GenerateDataKeyResponse' :: Int -> Text -> Sensitive Base64 -> Base64 -> GenerateDataKeyResponse
+ Amazonka.KMS.GenerateDataKey: [$sel:ciphertextBlob:GenerateDataKeyResponse'] :: GenerateDataKeyResponse -> Base64
+ Amazonka.KMS.GenerateDataKey: [$sel:encryptionContext:GenerateDataKey'] :: GenerateDataKey -> Maybe (HashMap Text Text)
+ Amazonka.KMS.GenerateDataKey: [$sel:grantTokens:GenerateDataKey'] :: GenerateDataKey -> Maybe [Text]
+ Amazonka.KMS.GenerateDataKey: [$sel:httpStatus:GenerateDataKeyResponse'] :: GenerateDataKeyResponse -> Int
+ Amazonka.KMS.GenerateDataKey: [$sel:keyId:GenerateDataKey'] :: GenerateDataKey -> Text
+ Amazonka.KMS.GenerateDataKey: [$sel:keyId:GenerateDataKeyResponse'] :: GenerateDataKeyResponse -> Text
+ Amazonka.KMS.GenerateDataKey: [$sel:keySpec:GenerateDataKey'] :: GenerateDataKey -> Maybe DataKeySpec
+ Amazonka.KMS.GenerateDataKey: [$sel:numberOfBytes:GenerateDataKey'] :: GenerateDataKey -> Maybe Natural
+ Amazonka.KMS.GenerateDataKey: [$sel:plaintext:GenerateDataKeyResponse'] :: GenerateDataKeyResponse -> Sensitive Base64
+ Amazonka.KMS.GenerateDataKey: data GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: data GenerateDataKeyResponse
+ Amazonka.KMS.GenerateDataKey: generateDataKeyResponse_ciphertextBlob :: Lens' GenerateDataKeyResponse ByteString
+ Amazonka.KMS.GenerateDataKey: generateDataKeyResponse_httpStatus :: Lens' GenerateDataKeyResponse Int
+ Amazonka.KMS.GenerateDataKey: generateDataKeyResponse_keyId :: Lens' GenerateDataKeyResponse Text
+ Amazonka.KMS.GenerateDataKey: generateDataKeyResponse_plaintext :: Lens' GenerateDataKeyResponse ByteString
+ Amazonka.KMS.GenerateDataKey: generateDataKey_encryptionContext :: Lens' GenerateDataKey (Maybe (HashMap Text Text))
+ Amazonka.KMS.GenerateDataKey: generateDataKey_grantTokens :: Lens' GenerateDataKey (Maybe [Text])
+ Amazonka.KMS.GenerateDataKey: generateDataKey_keyId :: Lens' GenerateDataKey Text
+ Amazonka.KMS.GenerateDataKey: generateDataKey_keySpec :: Lens' GenerateDataKey (Maybe DataKeySpec)
+ Amazonka.KMS.GenerateDataKey: generateDataKey_numberOfBytes :: Lens' GenerateDataKey (Maybe Natural)
+ Amazonka.KMS.GenerateDataKey: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance Amazonka.Types.AWSRequest Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateDataKey.GenerateDataKeyResponse
+ Amazonka.KMS.GenerateDataKey: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance Data.Hashable.Class.Hashable Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance GHC.Classes.Eq Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance GHC.Classes.Eq Amazonka.KMS.GenerateDataKey.GenerateDataKeyResponse
+ Amazonka.KMS.GenerateDataKey: instance GHC.Generics.Generic Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance GHC.Generics.Generic Amazonka.KMS.GenerateDataKey.GenerateDataKeyResponse
+ Amazonka.KMS.GenerateDataKey: instance GHC.Read.Read Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance GHC.Show.Show Amazonka.KMS.GenerateDataKey.GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: instance GHC.Show.Show Amazonka.KMS.GenerateDataKey.GenerateDataKeyResponse
+ Amazonka.KMS.GenerateDataKey: newGenerateDataKey :: Text -> GenerateDataKey
+ Amazonka.KMS.GenerateDataKey: newGenerateDataKeyResponse :: Int -> Text -> ByteString -> ByteString -> GenerateDataKeyResponse
+ Amazonka.KMS.GenerateDataKeyPair: GenerateDataKeyPair' :: Maybe (HashMap Text Text) -> Maybe [Text] -> Text -> DataKeyPairSpec -> GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: GenerateDataKeyPairResponse' :: Maybe Text -> Maybe DataKeyPairSpec -> Maybe Base64 -> Maybe (Sensitive Base64) -> Maybe Base64 -> Int -> GenerateDataKeyPairResponse
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:encryptionContext:GenerateDataKeyPair'] :: GenerateDataKeyPair -> Maybe (HashMap Text Text)
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:grantTokens:GenerateDataKeyPair'] :: GenerateDataKeyPair -> Maybe [Text]
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:httpStatus:GenerateDataKeyPairResponse'] :: GenerateDataKeyPairResponse -> Int
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:keyId:GenerateDataKeyPair'] :: GenerateDataKeyPair -> Text
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:keyId:GenerateDataKeyPairResponse'] :: GenerateDataKeyPairResponse -> Maybe Text
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:keyPairSpec:GenerateDataKeyPair'] :: GenerateDataKeyPair -> DataKeyPairSpec
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:keyPairSpec:GenerateDataKeyPairResponse'] :: GenerateDataKeyPairResponse -> Maybe DataKeyPairSpec
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:privateKeyCiphertextBlob:GenerateDataKeyPairResponse'] :: GenerateDataKeyPairResponse -> Maybe Base64
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:privateKeyPlaintext:GenerateDataKeyPairResponse'] :: GenerateDataKeyPairResponse -> Maybe (Sensitive Base64)
+ Amazonka.KMS.GenerateDataKeyPair: [$sel:publicKey:GenerateDataKeyPairResponse'] :: GenerateDataKeyPairResponse -> Maybe Base64
+ Amazonka.KMS.GenerateDataKeyPair: data GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: data GenerateDataKeyPairResponse
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPairResponse_httpStatus :: Lens' GenerateDataKeyPairResponse Int
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPairResponse_keyId :: Lens' GenerateDataKeyPairResponse (Maybe Text)
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPairResponse_keyPairSpec :: Lens' GenerateDataKeyPairResponse (Maybe DataKeyPairSpec)
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPairResponse_privateKeyCiphertextBlob :: Lens' GenerateDataKeyPairResponse (Maybe ByteString)
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPairResponse_privateKeyPlaintext :: Lens' GenerateDataKeyPairResponse (Maybe ByteString)
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPairResponse_publicKey :: Lens' GenerateDataKeyPairResponse (Maybe ByteString)
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPair_encryptionContext :: Lens' GenerateDataKeyPair (Maybe (HashMap Text Text))
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPair_grantTokens :: Lens' GenerateDataKeyPair (Maybe [Text])
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPair_keyId :: Lens' GenerateDataKeyPair Text
+ Amazonka.KMS.GenerateDataKeyPair: generateDataKeyPair_keyPairSpec :: Lens' GenerateDataKeyPair DataKeyPairSpec
+ Amazonka.KMS.GenerateDataKeyPair: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance Amazonka.Types.AWSRequest Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPairResponse
+ Amazonka.KMS.GenerateDataKeyPair: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance Data.Hashable.Class.Hashable Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance GHC.Classes.Eq Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance GHC.Classes.Eq Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPairResponse
+ Amazonka.KMS.GenerateDataKeyPair: instance GHC.Generics.Generic Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance GHC.Generics.Generic Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPairResponse
+ Amazonka.KMS.GenerateDataKeyPair: instance GHC.Read.Read Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance GHC.Show.Show Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: instance GHC.Show.Show Amazonka.KMS.GenerateDataKeyPair.GenerateDataKeyPairResponse
+ Amazonka.KMS.GenerateDataKeyPair: newGenerateDataKeyPair :: Text -> DataKeyPairSpec -> GenerateDataKeyPair
+ Amazonka.KMS.GenerateDataKeyPair: newGenerateDataKeyPairResponse :: Int -> GenerateDataKeyPairResponse
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: GenerateDataKeyPairWithoutPlaintext' :: Maybe (HashMap Text Text) -> Maybe [Text] -> Text -> DataKeyPairSpec -> GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: GenerateDataKeyPairWithoutPlaintextResponse' :: Maybe Text -> Maybe DataKeyPairSpec -> Maybe Base64 -> Maybe Base64 -> Int -> GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: [$sel:encryptionContext:GenerateDataKeyPairWithoutPlaintext'] :: GenerateDataKeyPairWithoutPlaintext -> Maybe (HashMap Text Text)
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: [$sel:grantTokens:GenerateDataKeyPairWithoutPlaintext'] :: GenerateDataKeyPairWithoutPlaintext -> Maybe [Text]
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: [$sel:httpStatus:GenerateDataKeyPairWithoutPlaintextResponse'] :: GenerateDataKeyPairWithoutPlaintextResponse -> Int
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: [$sel:keyId:GenerateDataKeyPairWithoutPlaintext'] :: GenerateDataKeyPairWithoutPlaintext -> Text
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: [$sel:keyId:GenerateDataKeyPairWithoutPlaintextResponse'] :: GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Text
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: [$sel:keyPairSpec:GenerateDataKeyPairWithoutPlaintext'] :: GenerateDataKeyPairWithoutPlaintext -> DataKeyPairSpec
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: [$sel:keyPairSpec:GenerateDataKeyPairWithoutPlaintextResponse'] :: GenerateDataKeyPairWithoutPlaintextResponse -> Maybe DataKeyPairSpec
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: [$sel:privateKeyCiphertextBlob:GenerateDataKeyPairWithoutPlaintextResponse'] :: GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Base64
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: [$sel:publicKey:GenerateDataKeyPairWithoutPlaintextResponse'] :: GenerateDataKeyPairWithoutPlaintextResponse -> Maybe Base64
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: data GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: data GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: generateDataKeyPairWithoutPlaintextResponse_httpStatus :: Lens' GenerateDataKeyPairWithoutPlaintextResponse Int
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: generateDataKeyPairWithoutPlaintextResponse_keyId :: Lens' GenerateDataKeyPairWithoutPlaintextResponse (Maybe Text)
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: generateDataKeyPairWithoutPlaintextResponse_keyPairSpec :: Lens' GenerateDataKeyPairWithoutPlaintextResponse (Maybe DataKeyPairSpec)
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob :: Lens' GenerateDataKeyPairWithoutPlaintextResponse (Maybe ByteString)
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: generateDataKeyPairWithoutPlaintextResponse_publicKey :: Lens' GenerateDataKeyPairWithoutPlaintextResponse (Maybe ByteString)
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: generateDataKeyPairWithoutPlaintext_encryptionContext :: Lens' GenerateDataKeyPairWithoutPlaintext (Maybe (HashMap Text Text))
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: generateDataKeyPairWithoutPlaintext_grantTokens :: Lens' GenerateDataKeyPairWithoutPlaintext (Maybe [Text])
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: generateDataKeyPairWithoutPlaintext_keyId :: Lens' GenerateDataKeyPairWithoutPlaintext Text
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: generateDataKeyPairWithoutPlaintext_keyPairSpec :: Lens' GenerateDataKeyPairWithoutPlaintext DataKeyPairSpec
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance Amazonka.Types.AWSRequest Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance Data.Hashable.Class.Hashable Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance GHC.Classes.Eq Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance GHC.Classes.Eq Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance GHC.Generics.Generic Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance GHC.Generics.Generic Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance GHC.Read.Read Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance GHC.Read.Read Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance GHC.Show.Show Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: instance GHC.Show.Show Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext.GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: newGenerateDataKeyPairWithoutPlaintext :: Text -> DataKeyPairSpec -> GenerateDataKeyPairWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext: newGenerateDataKeyPairWithoutPlaintextResponse :: Int -> GenerateDataKeyPairWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: GenerateDataKeyWithoutPlaintext' :: Maybe (HashMap Text Text) -> Maybe [Text] -> Maybe DataKeySpec -> Maybe Natural -> Text -> GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: GenerateDataKeyWithoutPlaintextResponse' :: Maybe Base64 -> Maybe Text -> Int -> GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: [$sel:ciphertextBlob:GenerateDataKeyWithoutPlaintextResponse'] :: GenerateDataKeyWithoutPlaintextResponse -> Maybe Base64
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: [$sel:encryptionContext:GenerateDataKeyWithoutPlaintext'] :: GenerateDataKeyWithoutPlaintext -> Maybe (HashMap Text Text)
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: [$sel:grantTokens:GenerateDataKeyWithoutPlaintext'] :: GenerateDataKeyWithoutPlaintext -> Maybe [Text]
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: [$sel:httpStatus:GenerateDataKeyWithoutPlaintextResponse'] :: GenerateDataKeyWithoutPlaintextResponse -> Int
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: [$sel:keyId:GenerateDataKeyWithoutPlaintext'] :: GenerateDataKeyWithoutPlaintext -> Text
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: [$sel:keyId:GenerateDataKeyWithoutPlaintextResponse'] :: GenerateDataKeyWithoutPlaintextResponse -> Maybe Text
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: [$sel:keySpec:GenerateDataKeyWithoutPlaintext'] :: GenerateDataKeyWithoutPlaintext -> Maybe DataKeySpec
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: [$sel:numberOfBytes:GenerateDataKeyWithoutPlaintext'] :: GenerateDataKeyWithoutPlaintext -> Maybe Natural
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: data GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: data GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintextResponse_ciphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe ByteString)
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintextResponse_httpStatus :: Lens' GenerateDataKeyWithoutPlaintextResponse Int
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintextResponse_keyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text)
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintext_encryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (Maybe (HashMap Text Text))
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintext_grantTokens :: Lens' GenerateDataKeyWithoutPlaintext (Maybe [Text])
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintext_keyId :: Lens' GenerateDataKeyWithoutPlaintext Text
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintext_keySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec)
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: generateDataKeyWithoutPlaintext_numberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural)
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance Amazonka.Types.AWSRequest Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance Data.Hashable.Class.Hashable Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Classes.Eq Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Classes.Eq Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Generics.Generic Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Generics.Generic Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Read.Read Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Read.Read Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Show.Show Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: instance GHC.Show.Show Amazonka.KMS.GenerateDataKeyWithoutPlaintext.GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: newGenerateDataKeyWithoutPlaintext :: Text -> GenerateDataKeyWithoutPlaintext
+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext: newGenerateDataKeyWithoutPlaintextResponse :: Int -> GenerateDataKeyWithoutPlaintextResponse
+ Amazonka.KMS.GenerateMac: GenerateMac' :: Maybe [Text] -> Sensitive Base64 -> Text -> MacAlgorithmSpec -> GenerateMac
+ Amazonka.KMS.GenerateMac: GenerateMacResponse' :: Maybe Text -> Maybe Base64 -> Maybe MacAlgorithmSpec -> Int -> GenerateMacResponse
+ Amazonka.KMS.GenerateMac: [$sel:grantTokens:GenerateMac'] :: GenerateMac -> Maybe [Text]
+ Amazonka.KMS.GenerateMac: [$sel:httpStatus:GenerateMacResponse'] :: GenerateMacResponse -> Int
+ Amazonka.KMS.GenerateMac: [$sel:keyId:GenerateMac'] :: GenerateMac -> Text
+ Amazonka.KMS.GenerateMac: [$sel:keyId:GenerateMacResponse'] :: GenerateMacResponse -> Maybe Text
+ Amazonka.KMS.GenerateMac: [$sel:mac:GenerateMacResponse'] :: GenerateMacResponse -> Maybe Base64
+ Amazonka.KMS.GenerateMac: [$sel:macAlgorithm:GenerateMac'] :: GenerateMac -> MacAlgorithmSpec
+ Amazonka.KMS.GenerateMac: [$sel:macAlgorithm:GenerateMacResponse'] :: GenerateMacResponse -> Maybe MacAlgorithmSpec
+ Amazonka.KMS.GenerateMac: [$sel:message:GenerateMac'] :: GenerateMac -> Sensitive Base64
+ Amazonka.KMS.GenerateMac: data GenerateMac
+ Amazonka.KMS.GenerateMac: data GenerateMacResponse
+ Amazonka.KMS.GenerateMac: generateMacResponse_httpStatus :: Lens' GenerateMacResponse Int
+ Amazonka.KMS.GenerateMac: generateMacResponse_keyId :: Lens' GenerateMacResponse (Maybe Text)
+ Amazonka.KMS.GenerateMac: generateMacResponse_mac :: Lens' GenerateMacResponse (Maybe ByteString)
+ Amazonka.KMS.GenerateMac: generateMacResponse_macAlgorithm :: Lens' GenerateMacResponse (Maybe MacAlgorithmSpec)
+ Amazonka.KMS.GenerateMac: generateMac_grantTokens :: Lens' GenerateMac (Maybe [Text])
+ Amazonka.KMS.GenerateMac: generateMac_keyId :: Lens' GenerateMac Text
+ Amazonka.KMS.GenerateMac: generateMac_macAlgorithm :: Lens' GenerateMac MacAlgorithmSpec
+ Amazonka.KMS.GenerateMac: generateMac_message :: Lens' GenerateMac ByteString
+ Amazonka.KMS.GenerateMac: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance Amazonka.Types.AWSRequest Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateMac.GenerateMacResponse
+ Amazonka.KMS.GenerateMac: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance Data.Hashable.Class.Hashable Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance GHC.Classes.Eq Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance GHC.Classes.Eq Amazonka.KMS.GenerateMac.GenerateMacResponse
+ Amazonka.KMS.GenerateMac: instance GHC.Generics.Generic Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance GHC.Generics.Generic Amazonka.KMS.GenerateMac.GenerateMacResponse
+ Amazonka.KMS.GenerateMac: instance GHC.Read.Read Amazonka.KMS.GenerateMac.GenerateMacResponse
+ Amazonka.KMS.GenerateMac: instance GHC.Show.Show Amazonka.KMS.GenerateMac.GenerateMac
+ Amazonka.KMS.GenerateMac: instance GHC.Show.Show Amazonka.KMS.GenerateMac.GenerateMacResponse
+ Amazonka.KMS.GenerateMac: newGenerateMac :: ByteString -> Text -> MacAlgorithmSpec -> GenerateMac
+ Amazonka.KMS.GenerateMac: newGenerateMacResponse :: Int -> GenerateMacResponse
+ Amazonka.KMS.GenerateRandom: GenerateRandom' :: Maybe Text -> Maybe Natural -> GenerateRandom
+ Amazonka.KMS.GenerateRandom: GenerateRandomResponse' :: Maybe (Sensitive Base64) -> Int -> GenerateRandomResponse
+ Amazonka.KMS.GenerateRandom: [$sel:customKeyStoreId:GenerateRandom'] :: GenerateRandom -> Maybe Text
+ Amazonka.KMS.GenerateRandom: [$sel:httpStatus:GenerateRandomResponse'] :: GenerateRandomResponse -> Int
+ Amazonka.KMS.GenerateRandom: [$sel:numberOfBytes:GenerateRandom'] :: GenerateRandom -> Maybe Natural
+ Amazonka.KMS.GenerateRandom: [$sel:plaintext:GenerateRandomResponse'] :: GenerateRandomResponse -> Maybe (Sensitive Base64)
+ Amazonka.KMS.GenerateRandom: data GenerateRandom
+ Amazonka.KMS.GenerateRandom: data GenerateRandomResponse
+ Amazonka.KMS.GenerateRandom: generateRandomResponse_httpStatus :: Lens' GenerateRandomResponse Int
+ Amazonka.KMS.GenerateRandom: generateRandomResponse_plaintext :: Lens' GenerateRandomResponse (Maybe ByteString)
+ Amazonka.KMS.GenerateRandom: generateRandom_customKeyStoreId :: Lens' GenerateRandom (Maybe Text)
+ Amazonka.KMS.GenerateRandom: generateRandom_numberOfBytes :: Lens' GenerateRandom (Maybe Natural)
+ Amazonka.KMS.GenerateRandom: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance Amazonka.Types.AWSRequest Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance Control.DeepSeq.NFData Amazonka.KMS.GenerateRandom.GenerateRandomResponse
+ Amazonka.KMS.GenerateRandom: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance Data.Hashable.Class.Hashable Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance GHC.Classes.Eq Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance GHC.Classes.Eq Amazonka.KMS.GenerateRandom.GenerateRandomResponse
+ Amazonka.KMS.GenerateRandom: instance GHC.Generics.Generic Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance GHC.Generics.Generic Amazonka.KMS.GenerateRandom.GenerateRandomResponse
+ Amazonka.KMS.GenerateRandom: instance GHC.Read.Read Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance GHC.Show.Show Amazonka.KMS.GenerateRandom.GenerateRandom
+ Amazonka.KMS.GenerateRandom: instance GHC.Show.Show Amazonka.KMS.GenerateRandom.GenerateRandomResponse
+ Amazonka.KMS.GenerateRandom: newGenerateRandom :: GenerateRandom
+ Amazonka.KMS.GenerateRandom: newGenerateRandomResponse :: Int -> GenerateRandomResponse
+ Amazonka.KMS.GetKeyPolicy: GetKeyPolicy' :: Text -> Text -> GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: GetKeyPolicyResponse' :: Maybe Text -> Int -> GetKeyPolicyResponse
+ Amazonka.KMS.GetKeyPolicy: [$sel:httpStatus:GetKeyPolicyResponse'] :: GetKeyPolicyResponse -> Int
+ Amazonka.KMS.GetKeyPolicy: [$sel:keyId:GetKeyPolicy'] :: GetKeyPolicy -> Text
+ Amazonka.KMS.GetKeyPolicy: [$sel:policy:GetKeyPolicyResponse'] :: GetKeyPolicyResponse -> Maybe Text
+ Amazonka.KMS.GetKeyPolicy: [$sel:policyName:GetKeyPolicy'] :: GetKeyPolicy -> Text
+ Amazonka.KMS.GetKeyPolicy: data GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: data GetKeyPolicyResponse
+ Amazonka.KMS.GetKeyPolicy: getKeyPolicyResponse_httpStatus :: Lens' GetKeyPolicyResponse Int
+ Amazonka.KMS.GetKeyPolicy: getKeyPolicyResponse_policy :: Lens' GetKeyPolicyResponse (Maybe Text)
+ Amazonka.KMS.GetKeyPolicy: getKeyPolicy_keyId :: Lens' GetKeyPolicy Text
+ Amazonka.KMS.GetKeyPolicy: getKeyPolicy_policyName :: Lens' GetKeyPolicy Text
+ Amazonka.KMS.GetKeyPolicy: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance Amazonka.Types.AWSRequest Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance Control.DeepSeq.NFData Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance Control.DeepSeq.NFData Amazonka.KMS.GetKeyPolicy.GetKeyPolicyResponse
+ Amazonka.KMS.GetKeyPolicy: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance Data.Hashable.Class.Hashable Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance GHC.Classes.Eq Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance GHC.Classes.Eq Amazonka.KMS.GetKeyPolicy.GetKeyPolicyResponse
+ Amazonka.KMS.GetKeyPolicy: instance GHC.Generics.Generic Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance GHC.Generics.Generic Amazonka.KMS.GetKeyPolicy.GetKeyPolicyResponse
+ Amazonka.KMS.GetKeyPolicy: instance GHC.Read.Read Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance GHC.Read.Read Amazonka.KMS.GetKeyPolicy.GetKeyPolicyResponse
+ Amazonka.KMS.GetKeyPolicy: instance GHC.Show.Show Amazonka.KMS.GetKeyPolicy.GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: instance GHC.Show.Show Amazonka.KMS.GetKeyPolicy.GetKeyPolicyResponse
+ Amazonka.KMS.GetKeyPolicy: newGetKeyPolicy :: Text -> Text -> GetKeyPolicy
+ Amazonka.KMS.GetKeyPolicy: newGetKeyPolicyResponse :: Int -> GetKeyPolicyResponse
+ Amazonka.KMS.GetKeyRotationStatus: GetKeyRotationStatus' :: Text -> GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: GetKeyRotationStatusResponse' :: Maybe Bool -> Int -> GetKeyRotationStatusResponse
+ Amazonka.KMS.GetKeyRotationStatus: [$sel:httpStatus:GetKeyRotationStatusResponse'] :: GetKeyRotationStatusResponse -> Int
+ Amazonka.KMS.GetKeyRotationStatus: [$sel:keyId:GetKeyRotationStatus'] :: GetKeyRotationStatus -> Text
+ Amazonka.KMS.GetKeyRotationStatus: [$sel:keyRotationEnabled:GetKeyRotationStatusResponse'] :: GetKeyRotationStatusResponse -> Maybe Bool
+ Amazonka.KMS.GetKeyRotationStatus: data GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: data GetKeyRotationStatusResponse
+ Amazonka.KMS.GetKeyRotationStatus: getKeyRotationStatusResponse_httpStatus :: Lens' GetKeyRotationStatusResponse Int
+ Amazonka.KMS.GetKeyRotationStatus: getKeyRotationStatusResponse_keyRotationEnabled :: Lens' GetKeyRotationStatusResponse (Maybe Bool)
+ Amazonka.KMS.GetKeyRotationStatus: getKeyRotationStatus_keyId :: Lens' GetKeyRotationStatus Text
+ Amazonka.KMS.GetKeyRotationStatus: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance Amazonka.Types.AWSRequest Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance Control.DeepSeq.NFData Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance Control.DeepSeq.NFData Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
+ Amazonka.KMS.GetKeyRotationStatus: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance Data.Hashable.Class.Hashable Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance GHC.Classes.Eq Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance GHC.Classes.Eq Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
+ Amazonka.KMS.GetKeyRotationStatus: instance GHC.Generics.Generic Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance GHC.Generics.Generic Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
+ Amazonka.KMS.GetKeyRotationStatus: instance GHC.Read.Read Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance GHC.Read.Read Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
+ Amazonka.KMS.GetKeyRotationStatus: instance GHC.Show.Show Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: instance GHC.Show.Show Amazonka.KMS.GetKeyRotationStatus.GetKeyRotationStatusResponse
+ Amazonka.KMS.GetKeyRotationStatus: newGetKeyRotationStatus :: Text -> GetKeyRotationStatus
+ Amazonka.KMS.GetKeyRotationStatus: newGetKeyRotationStatusResponse :: Int -> GetKeyRotationStatusResponse
+ Amazonka.KMS.GetParametersForImport: GetParametersForImport' :: Text -> AlgorithmSpec -> WrappingKeySpec -> GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: GetParametersForImportResponse' :: Maybe Base64 -> Maybe Text -> Maybe POSIX -> Maybe (Sensitive Base64) -> Int -> GetParametersForImportResponse
+ Amazonka.KMS.GetParametersForImport: [$sel:httpStatus:GetParametersForImportResponse'] :: GetParametersForImportResponse -> Int
+ Amazonka.KMS.GetParametersForImport: [$sel:importToken:GetParametersForImportResponse'] :: GetParametersForImportResponse -> Maybe Base64
+ Amazonka.KMS.GetParametersForImport: [$sel:keyId:GetParametersForImport'] :: GetParametersForImport -> Text
+ Amazonka.KMS.GetParametersForImport: [$sel:keyId:GetParametersForImportResponse'] :: GetParametersForImportResponse -> Maybe Text
+ Amazonka.KMS.GetParametersForImport: [$sel:parametersValidTo:GetParametersForImportResponse'] :: GetParametersForImportResponse -> Maybe POSIX
+ Amazonka.KMS.GetParametersForImport: [$sel:publicKey:GetParametersForImportResponse'] :: GetParametersForImportResponse -> Maybe (Sensitive Base64)
+ Amazonka.KMS.GetParametersForImport: [$sel:wrappingAlgorithm:GetParametersForImport'] :: GetParametersForImport -> AlgorithmSpec
+ Amazonka.KMS.GetParametersForImport: [$sel:wrappingKeySpec:GetParametersForImport'] :: GetParametersForImport -> WrappingKeySpec
+ Amazonka.KMS.GetParametersForImport: data GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: data GetParametersForImportResponse
+ Amazonka.KMS.GetParametersForImport: getParametersForImportResponse_httpStatus :: Lens' GetParametersForImportResponse Int
+ Amazonka.KMS.GetParametersForImport: getParametersForImportResponse_importToken :: Lens' GetParametersForImportResponse (Maybe ByteString)
+ Amazonka.KMS.GetParametersForImport: getParametersForImportResponse_keyId :: Lens' GetParametersForImportResponse (Maybe Text)
+ Amazonka.KMS.GetParametersForImport: getParametersForImportResponse_parametersValidTo :: Lens' GetParametersForImportResponse (Maybe UTCTime)
+ Amazonka.KMS.GetParametersForImport: getParametersForImportResponse_publicKey :: Lens' GetParametersForImportResponse (Maybe ByteString)
+ Amazonka.KMS.GetParametersForImport: getParametersForImport_keyId :: Lens' GetParametersForImport Text
+ Amazonka.KMS.GetParametersForImport: getParametersForImport_wrappingAlgorithm :: Lens' GetParametersForImport AlgorithmSpec
+ Amazonka.KMS.GetParametersForImport: getParametersForImport_wrappingKeySpec :: Lens' GetParametersForImport WrappingKeySpec
+ Amazonka.KMS.GetParametersForImport: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance Amazonka.Types.AWSRequest Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance Control.DeepSeq.NFData Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance Control.DeepSeq.NFData Amazonka.KMS.GetParametersForImport.GetParametersForImportResponse
+ Amazonka.KMS.GetParametersForImport: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance Data.Hashable.Class.Hashable Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance GHC.Classes.Eq Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance GHC.Classes.Eq Amazonka.KMS.GetParametersForImport.GetParametersForImportResponse
+ Amazonka.KMS.GetParametersForImport: instance GHC.Generics.Generic Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance GHC.Generics.Generic Amazonka.KMS.GetParametersForImport.GetParametersForImportResponse
+ Amazonka.KMS.GetParametersForImport: instance GHC.Read.Read Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance GHC.Show.Show Amazonka.KMS.GetParametersForImport.GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: instance GHC.Show.Show Amazonka.KMS.GetParametersForImport.GetParametersForImportResponse
+ Amazonka.KMS.GetParametersForImport: newGetParametersForImport :: Text -> AlgorithmSpec -> WrappingKeySpec -> GetParametersForImport
+ Amazonka.KMS.GetParametersForImport: newGetParametersForImportResponse :: Int -> GetParametersForImportResponse
+ Amazonka.KMS.GetPublicKey: GetPublicKey' :: Maybe [Text] -> Text -> GetPublicKey
+ Amazonka.KMS.GetPublicKey: GetPublicKeyResponse' :: Maybe CustomerMasterKeySpec -> Maybe [EncryptionAlgorithmSpec] -> Maybe Text -> Maybe KeySpec -> Maybe KeyUsageType -> Maybe Base64 -> Maybe [SigningAlgorithmSpec] -> Int -> GetPublicKeyResponse
+ Amazonka.KMS.GetPublicKey: [$sel:customerMasterKeySpec:GetPublicKeyResponse'] :: GetPublicKeyResponse -> Maybe CustomerMasterKeySpec
+ Amazonka.KMS.GetPublicKey: [$sel:encryptionAlgorithms:GetPublicKeyResponse'] :: GetPublicKeyResponse -> Maybe [EncryptionAlgorithmSpec]
+ Amazonka.KMS.GetPublicKey: [$sel:grantTokens:GetPublicKey'] :: GetPublicKey -> Maybe [Text]
+ Amazonka.KMS.GetPublicKey: [$sel:httpStatus:GetPublicKeyResponse'] :: GetPublicKeyResponse -> Int
+ Amazonka.KMS.GetPublicKey: [$sel:keyId:GetPublicKey'] :: GetPublicKey -> Text
+ Amazonka.KMS.GetPublicKey: [$sel:keyId:GetPublicKeyResponse'] :: GetPublicKeyResponse -> Maybe Text
+ Amazonka.KMS.GetPublicKey: [$sel:keySpec:GetPublicKeyResponse'] :: GetPublicKeyResponse -> Maybe KeySpec
+ Amazonka.KMS.GetPublicKey: [$sel:keyUsage:GetPublicKeyResponse'] :: GetPublicKeyResponse -> Maybe KeyUsageType
+ Amazonka.KMS.GetPublicKey: [$sel:publicKey:GetPublicKeyResponse'] :: GetPublicKeyResponse -> Maybe Base64
+ Amazonka.KMS.GetPublicKey: [$sel:signingAlgorithms:GetPublicKeyResponse'] :: GetPublicKeyResponse -> Maybe [SigningAlgorithmSpec]
+ Amazonka.KMS.GetPublicKey: data GetPublicKey
+ Amazonka.KMS.GetPublicKey: data GetPublicKeyResponse
+ Amazonka.KMS.GetPublicKey: getPublicKeyResponse_customerMasterKeySpec :: Lens' GetPublicKeyResponse (Maybe CustomerMasterKeySpec)
+ Amazonka.KMS.GetPublicKey: getPublicKeyResponse_encryptionAlgorithms :: Lens' GetPublicKeyResponse (Maybe [EncryptionAlgorithmSpec])
+ Amazonka.KMS.GetPublicKey: getPublicKeyResponse_httpStatus :: Lens' GetPublicKeyResponse Int
+ Amazonka.KMS.GetPublicKey: getPublicKeyResponse_keyId :: Lens' GetPublicKeyResponse (Maybe Text)
+ Amazonka.KMS.GetPublicKey: getPublicKeyResponse_keySpec :: Lens' GetPublicKeyResponse (Maybe KeySpec)
+ Amazonka.KMS.GetPublicKey: getPublicKeyResponse_keyUsage :: Lens' GetPublicKeyResponse (Maybe KeyUsageType)
+ Amazonka.KMS.GetPublicKey: getPublicKeyResponse_publicKey :: Lens' GetPublicKeyResponse (Maybe ByteString)
+ Amazonka.KMS.GetPublicKey: getPublicKeyResponse_signingAlgorithms :: Lens' GetPublicKeyResponse (Maybe [SigningAlgorithmSpec])
+ Amazonka.KMS.GetPublicKey: getPublicKey_grantTokens :: Lens' GetPublicKey (Maybe [Text])
+ Amazonka.KMS.GetPublicKey: getPublicKey_keyId :: Lens' GetPublicKey Text
+ Amazonka.KMS.GetPublicKey: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance Amazonka.Data.Path.ToPath Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance Amazonka.Types.AWSRequest Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance Control.DeepSeq.NFData Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance Control.DeepSeq.NFData Amazonka.KMS.GetPublicKey.GetPublicKeyResponse
+ Amazonka.KMS.GetPublicKey: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance Data.Hashable.Class.Hashable Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance GHC.Classes.Eq Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance GHC.Classes.Eq Amazonka.KMS.GetPublicKey.GetPublicKeyResponse
+ Amazonka.KMS.GetPublicKey: instance GHC.Generics.Generic Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance GHC.Generics.Generic Amazonka.KMS.GetPublicKey.GetPublicKeyResponse
+ Amazonka.KMS.GetPublicKey: instance GHC.Read.Read Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance GHC.Read.Read Amazonka.KMS.GetPublicKey.GetPublicKeyResponse
+ Amazonka.KMS.GetPublicKey: instance GHC.Show.Show Amazonka.KMS.GetPublicKey.GetPublicKey
+ Amazonka.KMS.GetPublicKey: instance GHC.Show.Show Amazonka.KMS.GetPublicKey.GetPublicKeyResponse
+ Amazonka.KMS.GetPublicKey: newGetPublicKey :: Text -> GetPublicKey
+ Amazonka.KMS.GetPublicKey: newGetPublicKeyResponse :: Int -> GetPublicKeyResponse
+ Amazonka.KMS.ImportKeyMaterial: ImportKeyMaterial' :: Maybe ExpirationModelType -> Maybe POSIX -> Text -> Base64 -> Base64 -> ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: ImportKeyMaterialResponse' :: Int -> ImportKeyMaterialResponse
+ Amazonka.KMS.ImportKeyMaterial: [$sel:encryptedKeyMaterial:ImportKeyMaterial'] :: ImportKeyMaterial -> Base64
+ Amazonka.KMS.ImportKeyMaterial: [$sel:expirationModel:ImportKeyMaterial'] :: ImportKeyMaterial -> Maybe ExpirationModelType
+ Amazonka.KMS.ImportKeyMaterial: [$sel:httpStatus:ImportKeyMaterialResponse'] :: ImportKeyMaterialResponse -> Int
+ Amazonka.KMS.ImportKeyMaterial: [$sel:importToken:ImportKeyMaterial'] :: ImportKeyMaterial -> Base64
+ Amazonka.KMS.ImportKeyMaterial: [$sel:keyId:ImportKeyMaterial'] :: ImportKeyMaterial -> Text
+ Amazonka.KMS.ImportKeyMaterial: [$sel:validTo:ImportKeyMaterial'] :: ImportKeyMaterial -> Maybe POSIX
+ Amazonka.KMS.ImportKeyMaterial: data ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: data ImportKeyMaterialResponse
+ Amazonka.KMS.ImportKeyMaterial: importKeyMaterialResponse_httpStatus :: Lens' ImportKeyMaterialResponse Int
+ Amazonka.KMS.ImportKeyMaterial: importKeyMaterial_encryptedKeyMaterial :: Lens' ImportKeyMaterial ByteString
+ Amazonka.KMS.ImportKeyMaterial: importKeyMaterial_expirationModel :: Lens' ImportKeyMaterial (Maybe ExpirationModelType)
+ Amazonka.KMS.ImportKeyMaterial: importKeyMaterial_importToken :: Lens' ImportKeyMaterial ByteString
+ Amazonka.KMS.ImportKeyMaterial: importKeyMaterial_keyId :: Lens' ImportKeyMaterial Text
+ Amazonka.KMS.ImportKeyMaterial: importKeyMaterial_validTo :: Lens' ImportKeyMaterial (Maybe UTCTime)
+ Amazonka.KMS.ImportKeyMaterial: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance Amazonka.Types.AWSRequest Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance Control.DeepSeq.NFData Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance Control.DeepSeq.NFData Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
+ Amazonka.KMS.ImportKeyMaterial: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance Data.Hashable.Class.Hashable Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance GHC.Classes.Eq Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance GHC.Classes.Eq Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
+ Amazonka.KMS.ImportKeyMaterial: instance GHC.Generics.Generic Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance GHC.Generics.Generic Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
+ Amazonka.KMS.ImportKeyMaterial: instance GHC.Read.Read Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance GHC.Read.Read Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
+ Amazonka.KMS.ImportKeyMaterial: instance GHC.Show.Show Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: instance GHC.Show.Show Amazonka.KMS.ImportKeyMaterial.ImportKeyMaterialResponse
+ Amazonka.KMS.ImportKeyMaterial: newImportKeyMaterial :: Text -> ByteString -> ByteString -> ImportKeyMaterial
+ Amazonka.KMS.ImportKeyMaterial: newImportKeyMaterialResponse :: Int -> ImportKeyMaterialResponse
+ Amazonka.KMS.Lens: aliasListEntry_aliasArn :: Lens' AliasListEntry (Maybe Text)
+ Amazonka.KMS.Lens: aliasListEntry_aliasName :: Lens' AliasListEntry (Maybe Text)
+ Amazonka.KMS.Lens: aliasListEntry_creationDate :: Lens' AliasListEntry (Maybe UTCTime)
+ Amazonka.KMS.Lens: aliasListEntry_lastUpdatedDate :: Lens' AliasListEntry (Maybe UTCTime)
+ Amazonka.KMS.Lens: aliasListEntry_targetKeyId :: Lens' AliasListEntry (Maybe Text)
+ Amazonka.KMS.Lens: cancelKeyDeletionResponse_httpStatus :: Lens' CancelKeyDeletionResponse Int
+ Amazonka.KMS.Lens: cancelKeyDeletionResponse_keyId :: Lens' CancelKeyDeletionResponse (Maybe Text)
+ Amazonka.KMS.Lens: cancelKeyDeletion_keyId :: Lens' CancelKeyDeletion Text
+ Amazonka.KMS.Lens: connectCustomKeyStoreResponse_httpStatus :: Lens' ConnectCustomKeyStoreResponse Int
+ Amazonka.KMS.Lens: connectCustomKeyStore_customKeyStoreId :: Lens' ConnectCustomKeyStore Text
+ Amazonka.KMS.Lens: createAlias_aliasName :: Lens' CreateAlias Text
+ Amazonka.KMS.Lens: createAlias_targetKeyId :: Lens' CreateAlias Text
+ Amazonka.KMS.Lens: createCustomKeyStoreResponse_customKeyStoreId :: Lens' CreateCustomKeyStoreResponse (Maybe Text)
+ Amazonka.KMS.Lens: createCustomKeyStoreResponse_httpStatus :: Lens' CreateCustomKeyStoreResponse Int
+ Amazonka.KMS.Lens: createCustomKeyStore_cloudHsmClusterId :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: createCustomKeyStore_customKeyStoreName :: Lens' CreateCustomKeyStore Text
+ Amazonka.KMS.Lens: createCustomKeyStore_customKeyStoreType :: Lens' CreateCustomKeyStore (Maybe CustomKeyStoreType)
+ Amazonka.KMS.Lens: createCustomKeyStore_keyStorePassword :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: createCustomKeyStore_trustAnchorCertificate :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: createCustomKeyStore_xksProxyAuthenticationCredential :: Lens' CreateCustomKeyStore (Maybe XksProxyAuthenticationCredentialType)
+ Amazonka.KMS.Lens: createCustomKeyStore_xksProxyConnectivity :: Lens' CreateCustomKeyStore (Maybe XksProxyConnectivityType)
+ Amazonka.KMS.Lens: createCustomKeyStore_xksProxyUriEndpoint :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: createCustomKeyStore_xksProxyUriPath :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: createCustomKeyStore_xksProxyVpcEndpointServiceName :: Lens' CreateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: createGrantResponse_grantId :: Lens' CreateGrantResponse (Maybe Text)
+ Amazonka.KMS.Lens: createGrantResponse_grantToken :: Lens' CreateGrantResponse (Maybe Text)
+ Amazonka.KMS.Lens: createGrantResponse_httpStatus :: Lens' CreateGrantResponse Int
+ Amazonka.KMS.Lens: createGrant_constraints :: Lens' CreateGrant (Maybe GrantConstraints)
+ Amazonka.KMS.Lens: createGrant_grantTokens :: Lens' CreateGrant (Maybe [Text])
+ Amazonka.KMS.Lens: createGrant_granteePrincipal :: Lens' CreateGrant Text
+ Amazonka.KMS.Lens: createGrant_keyId :: Lens' CreateGrant Text
+ Amazonka.KMS.Lens: createGrant_name :: Lens' CreateGrant (Maybe Text)
+ Amazonka.KMS.Lens: createGrant_operations :: Lens' CreateGrant [GrantOperation]
+ Amazonka.KMS.Lens: createGrant_retiringPrincipal :: Lens' CreateGrant (Maybe Text)
+ Amazonka.KMS.Lens: createKeyResponse_httpStatus :: Lens' CreateKeyResponse Int
+ Amazonka.KMS.Lens: createKeyResponse_keyMetadata :: Lens' CreateKeyResponse (Maybe KeyMetadata)
+ Amazonka.KMS.Lens: createKey_bypassPolicyLockoutSafetyCheck :: Lens' CreateKey (Maybe Bool)
+ Amazonka.KMS.Lens: createKey_customKeyStoreId :: Lens' CreateKey (Maybe Text)
+ Amazonka.KMS.Lens: createKey_customerMasterKeySpec :: Lens' CreateKey (Maybe CustomerMasterKeySpec)
+ Amazonka.KMS.Lens: createKey_description :: Lens' CreateKey (Maybe Text)
+ Amazonka.KMS.Lens: createKey_keySpec :: Lens' CreateKey (Maybe KeySpec)
+ Amazonka.KMS.Lens: createKey_keyUsage :: Lens' CreateKey (Maybe KeyUsageType)
+ Amazonka.KMS.Lens: createKey_multiRegion :: Lens' CreateKey (Maybe Bool)
+ Amazonka.KMS.Lens: createKey_origin :: Lens' CreateKey (Maybe OriginType)
+ Amazonka.KMS.Lens: createKey_policy :: Lens' CreateKey (Maybe Text)
+ Amazonka.KMS.Lens: createKey_tags :: Lens' CreateKey (Maybe [Tag])
+ Amazonka.KMS.Lens: createKey_xksKeyId :: Lens' CreateKey (Maybe Text)
+ Amazonka.KMS.Lens: customKeyStoresListEntry_cloudHsmClusterId :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Lens: customKeyStoresListEntry_connectionErrorCode :: Lens' CustomKeyStoresListEntry (Maybe ConnectionErrorCodeType)
+ Amazonka.KMS.Lens: customKeyStoresListEntry_connectionState :: Lens' CustomKeyStoresListEntry (Maybe ConnectionStateType)
+ Amazonka.KMS.Lens: customKeyStoresListEntry_creationDate :: Lens' CustomKeyStoresListEntry (Maybe UTCTime)
+ Amazonka.KMS.Lens: customKeyStoresListEntry_customKeyStoreId :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Lens: customKeyStoresListEntry_customKeyStoreName :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Lens: customKeyStoresListEntry_customKeyStoreType :: Lens' CustomKeyStoresListEntry (Maybe CustomKeyStoreType)
+ Amazonka.KMS.Lens: customKeyStoresListEntry_trustAnchorCertificate :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Lens: customKeyStoresListEntry_xksProxyConfiguration :: Lens' CustomKeyStoresListEntry (Maybe XksProxyConfigurationType)
+ Amazonka.KMS.Lens: decryptResponse_encryptionAlgorithm :: Lens' DecryptResponse (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Lens: decryptResponse_httpStatus :: Lens' DecryptResponse Int
+ Amazonka.KMS.Lens: decryptResponse_keyId :: Lens' DecryptResponse (Maybe Text)
+ Amazonka.KMS.Lens: decryptResponse_plaintext :: Lens' DecryptResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: decrypt_ciphertextBlob :: Lens' Decrypt ByteString
+ Amazonka.KMS.Lens: decrypt_encryptionAlgorithm :: Lens' Decrypt (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Lens: decrypt_encryptionContext :: Lens' Decrypt (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: decrypt_grantTokens :: Lens' Decrypt (Maybe [Text])
+ Amazonka.KMS.Lens: decrypt_keyId :: Lens' Decrypt (Maybe Text)
+ Amazonka.KMS.Lens: deleteAlias_aliasName :: Lens' DeleteAlias Text
+ Amazonka.KMS.Lens: deleteCustomKeyStoreResponse_httpStatus :: Lens' DeleteCustomKeyStoreResponse Int
+ Amazonka.KMS.Lens: deleteCustomKeyStore_customKeyStoreId :: Lens' DeleteCustomKeyStore Text
+ Amazonka.KMS.Lens: deleteImportedKeyMaterial_keyId :: Lens' DeleteImportedKeyMaterial Text
+ Amazonka.KMS.Lens: describeCustomKeyStoresResponse_customKeyStores :: Lens' DescribeCustomKeyStoresResponse (Maybe [CustomKeyStoresListEntry])
+ Amazonka.KMS.Lens: describeCustomKeyStoresResponse_httpStatus :: Lens' DescribeCustomKeyStoresResponse Int
+ Amazonka.KMS.Lens: describeCustomKeyStoresResponse_nextMarker :: Lens' DescribeCustomKeyStoresResponse (Maybe Text)
+ Amazonka.KMS.Lens: describeCustomKeyStoresResponse_truncated :: Lens' DescribeCustomKeyStoresResponse (Maybe Bool)
+ Amazonka.KMS.Lens: describeCustomKeyStores_customKeyStoreId :: Lens' DescribeCustomKeyStores (Maybe Text)
+ Amazonka.KMS.Lens: describeCustomKeyStores_customKeyStoreName :: Lens' DescribeCustomKeyStores (Maybe Text)
+ Amazonka.KMS.Lens: describeCustomKeyStores_limit :: Lens' DescribeCustomKeyStores (Maybe Natural)
+ Amazonka.KMS.Lens: describeCustomKeyStores_marker :: Lens' DescribeCustomKeyStores (Maybe Text)
+ Amazonka.KMS.Lens: describeKeyResponse_httpStatus :: Lens' DescribeKeyResponse Int
+ Amazonka.KMS.Lens: describeKeyResponse_keyMetadata :: Lens' DescribeKeyResponse (Maybe KeyMetadata)
+ Amazonka.KMS.Lens: describeKey_grantTokens :: Lens' DescribeKey (Maybe [Text])
+ Amazonka.KMS.Lens: describeKey_keyId :: Lens' DescribeKey Text
+ Amazonka.KMS.Lens: disableKeyRotation_keyId :: Lens' DisableKeyRotation Text
+ Amazonka.KMS.Lens: disableKey_keyId :: Lens' DisableKey Text
+ Amazonka.KMS.Lens: disconnectCustomKeyStoreResponse_httpStatus :: Lens' DisconnectCustomKeyStoreResponse Int
+ Amazonka.KMS.Lens: disconnectCustomKeyStore_customKeyStoreId :: Lens' DisconnectCustomKeyStore Text
+ Amazonka.KMS.Lens: enableKeyRotation_keyId :: Lens' EnableKeyRotation Text
+ Amazonka.KMS.Lens: enableKey_keyId :: Lens' EnableKey Text
+ Amazonka.KMS.Lens: encryptResponse_ciphertextBlob :: Lens' EncryptResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: encryptResponse_encryptionAlgorithm :: Lens' EncryptResponse (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Lens: encryptResponse_httpStatus :: Lens' EncryptResponse Int
+ Amazonka.KMS.Lens: encryptResponse_keyId :: Lens' EncryptResponse (Maybe Text)
+ Amazonka.KMS.Lens: encrypt_encryptionAlgorithm :: Lens' Encrypt (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Lens: encrypt_encryptionContext :: Lens' Encrypt (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: encrypt_grantTokens :: Lens' Encrypt (Maybe [Text])
+ Amazonka.KMS.Lens: encrypt_keyId :: Lens' Encrypt Text
+ Amazonka.KMS.Lens: encrypt_plaintext :: Lens' Encrypt ByteString
+ Amazonka.KMS.Lens: generateDataKeyPairResponse_httpStatus :: Lens' GenerateDataKeyPairResponse Int
+ Amazonka.KMS.Lens: generateDataKeyPairResponse_keyId :: Lens' GenerateDataKeyPairResponse (Maybe Text)
+ Amazonka.KMS.Lens: generateDataKeyPairResponse_keyPairSpec :: Lens' GenerateDataKeyPairResponse (Maybe DataKeyPairSpec)
+ Amazonka.KMS.Lens: generateDataKeyPairResponse_privateKeyCiphertextBlob :: Lens' GenerateDataKeyPairResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: generateDataKeyPairResponse_privateKeyPlaintext :: Lens' GenerateDataKeyPairResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: generateDataKeyPairResponse_publicKey :: Lens' GenerateDataKeyPairResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: generateDataKeyPairWithoutPlaintextResponse_httpStatus :: Lens' GenerateDataKeyPairWithoutPlaintextResponse Int
+ Amazonka.KMS.Lens: generateDataKeyPairWithoutPlaintextResponse_keyId :: Lens' GenerateDataKeyPairWithoutPlaintextResponse (Maybe Text)
+ Amazonka.KMS.Lens: generateDataKeyPairWithoutPlaintextResponse_keyPairSpec :: Lens' GenerateDataKeyPairWithoutPlaintextResponse (Maybe DataKeyPairSpec)
+ Amazonka.KMS.Lens: generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob :: Lens' GenerateDataKeyPairWithoutPlaintextResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: generateDataKeyPairWithoutPlaintextResponse_publicKey :: Lens' GenerateDataKeyPairWithoutPlaintextResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: generateDataKeyPairWithoutPlaintext_encryptionContext :: Lens' GenerateDataKeyPairWithoutPlaintext (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: generateDataKeyPairWithoutPlaintext_grantTokens :: Lens' GenerateDataKeyPairWithoutPlaintext (Maybe [Text])
+ Amazonka.KMS.Lens: generateDataKeyPairWithoutPlaintext_keyId :: Lens' GenerateDataKeyPairWithoutPlaintext Text
+ Amazonka.KMS.Lens: generateDataKeyPairWithoutPlaintext_keyPairSpec :: Lens' GenerateDataKeyPairWithoutPlaintext DataKeyPairSpec
+ Amazonka.KMS.Lens: generateDataKeyPair_encryptionContext :: Lens' GenerateDataKeyPair (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: generateDataKeyPair_grantTokens :: Lens' GenerateDataKeyPair (Maybe [Text])
+ Amazonka.KMS.Lens: generateDataKeyPair_keyId :: Lens' GenerateDataKeyPair Text
+ Amazonka.KMS.Lens: generateDataKeyPair_keyPairSpec :: Lens' GenerateDataKeyPair DataKeyPairSpec
+ Amazonka.KMS.Lens: generateDataKeyResponse_ciphertextBlob :: Lens' GenerateDataKeyResponse ByteString
+ Amazonka.KMS.Lens: generateDataKeyResponse_httpStatus :: Lens' GenerateDataKeyResponse Int
+ Amazonka.KMS.Lens: generateDataKeyResponse_keyId :: Lens' GenerateDataKeyResponse Text
+ Amazonka.KMS.Lens: generateDataKeyResponse_plaintext :: Lens' GenerateDataKeyResponse ByteString
+ Amazonka.KMS.Lens: generateDataKeyWithoutPlaintextResponse_ciphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: generateDataKeyWithoutPlaintextResponse_httpStatus :: Lens' GenerateDataKeyWithoutPlaintextResponse Int
+ Amazonka.KMS.Lens: generateDataKeyWithoutPlaintextResponse_keyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text)
+ Amazonka.KMS.Lens: generateDataKeyWithoutPlaintext_encryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: generateDataKeyWithoutPlaintext_grantTokens :: Lens' GenerateDataKeyWithoutPlaintext (Maybe [Text])
+ Amazonka.KMS.Lens: generateDataKeyWithoutPlaintext_keyId :: Lens' GenerateDataKeyWithoutPlaintext Text
+ Amazonka.KMS.Lens: generateDataKeyWithoutPlaintext_keySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec)
+ Amazonka.KMS.Lens: generateDataKeyWithoutPlaintext_numberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural)
+ Amazonka.KMS.Lens: generateDataKey_encryptionContext :: Lens' GenerateDataKey (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: generateDataKey_grantTokens :: Lens' GenerateDataKey (Maybe [Text])
+ Amazonka.KMS.Lens: generateDataKey_keyId :: Lens' GenerateDataKey Text
+ Amazonka.KMS.Lens: generateDataKey_keySpec :: Lens' GenerateDataKey (Maybe DataKeySpec)
+ Amazonka.KMS.Lens: generateDataKey_numberOfBytes :: Lens' GenerateDataKey (Maybe Natural)
+ Amazonka.KMS.Lens: generateMacResponse_httpStatus :: Lens' GenerateMacResponse Int
+ Amazonka.KMS.Lens: generateMacResponse_keyId :: Lens' GenerateMacResponse (Maybe Text)
+ Amazonka.KMS.Lens: generateMacResponse_mac :: Lens' GenerateMacResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: generateMacResponse_macAlgorithm :: Lens' GenerateMacResponse (Maybe MacAlgorithmSpec)
+ Amazonka.KMS.Lens: generateMac_grantTokens :: Lens' GenerateMac (Maybe [Text])
+ Amazonka.KMS.Lens: generateMac_keyId :: Lens' GenerateMac Text
+ Amazonka.KMS.Lens: generateMac_macAlgorithm :: Lens' GenerateMac MacAlgorithmSpec
+ Amazonka.KMS.Lens: generateMac_message :: Lens' GenerateMac ByteString
+ Amazonka.KMS.Lens: generateRandomResponse_httpStatus :: Lens' GenerateRandomResponse Int
+ Amazonka.KMS.Lens: generateRandomResponse_plaintext :: Lens' GenerateRandomResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: generateRandom_customKeyStoreId :: Lens' GenerateRandom (Maybe Text)
+ Amazonka.KMS.Lens: generateRandom_numberOfBytes :: Lens' GenerateRandom (Maybe Natural)
+ Amazonka.KMS.Lens: getKeyPolicyResponse_httpStatus :: Lens' GetKeyPolicyResponse Int
+ Amazonka.KMS.Lens: getKeyPolicyResponse_policy :: Lens' GetKeyPolicyResponse (Maybe Text)
+ Amazonka.KMS.Lens: getKeyPolicy_keyId :: Lens' GetKeyPolicy Text
+ Amazonka.KMS.Lens: getKeyPolicy_policyName :: Lens' GetKeyPolicy Text
+ Amazonka.KMS.Lens: getKeyRotationStatusResponse_httpStatus :: Lens' GetKeyRotationStatusResponse Int
+ Amazonka.KMS.Lens: getKeyRotationStatusResponse_keyRotationEnabled :: Lens' GetKeyRotationStatusResponse (Maybe Bool)
+ Amazonka.KMS.Lens: getKeyRotationStatus_keyId :: Lens' GetKeyRotationStatus Text
+ Amazonka.KMS.Lens: getParametersForImportResponse_httpStatus :: Lens' GetParametersForImportResponse Int
+ Amazonka.KMS.Lens: getParametersForImportResponse_importToken :: Lens' GetParametersForImportResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: getParametersForImportResponse_keyId :: Lens' GetParametersForImportResponse (Maybe Text)
+ Amazonka.KMS.Lens: getParametersForImportResponse_parametersValidTo :: Lens' GetParametersForImportResponse (Maybe UTCTime)
+ Amazonka.KMS.Lens: getParametersForImportResponse_publicKey :: Lens' GetParametersForImportResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: getParametersForImport_keyId :: Lens' GetParametersForImport Text
+ Amazonka.KMS.Lens: getParametersForImport_wrappingAlgorithm :: Lens' GetParametersForImport AlgorithmSpec
+ Amazonka.KMS.Lens: getParametersForImport_wrappingKeySpec :: Lens' GetParametersForImport WrappingKeySpec
+ Amazonka.KMS.Lens: getPublicKeyResponse_customerMasterKeySpec :: Lens' GetPublicKeyResponse (Maybe CustomerMasterKeySpec)
+ Amazonka.KMS.Lens: getPublicKeyResponse_encryptionAlgorithms :: Lens' GetPublicKeyResponse (Maybe [EncryptionAlgorithmSpec])
+ Amazonka.KMS.Lens: getPublicKeyResponse_httpStatus :: Lens' GetPublicKeyResponse Int
+ Amazonka.KMS.Lens: getPublicKeyResponse_keyId :: Lens' GetPublicKeyResponse (Maybe Text)
+ Amazonka.KMS.Lens: getPublicKeyResponse_keySpec :: Lens' GetPublicKeyResponse (Maybe KeySpec)
+ Amazonka.KMS.Lens: getPublicKeyResponse_keyUsage :: Lens' GetPublicKeyResponse (Maybe KeyUsageType)
+ Amazonka.KMS.Lens: getPublicKeyResponse_publicKey :: Lens' GetPublicKeyResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: getPublicKeyResponse_signingAlgorithms :: Lens' GetPublicKeyResponse (Maybe [SigningAlgorithmSpec])
+ Amazonka.KMS.Lens: getPublicKey_grantTokens :: Lens' GetPublicKey (Maybe [Text])
+ Amazonka.KMS.Lens: getPublicKey_keyId :: Lens' GetPublicKey Text
+ Amazonka.KMS.Lens: grantConstraints_encryptionContextEquals :: Lens' GrantConstraints (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: grantConstraints_encryptionContextSubset :: Lens' GrantConstraints (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: grantListEntry_constraints :: Lens' GrantListEntry (Maybe GrantConstraints)
+ Amazonka.KMS.Lens: grantListEntry_creationDate :: Lens' GrantListEntry (Maybe UTCTime)
+ Amazonka.KMS.Lens: grantListEntry_grantId :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Lens: grantListEntry_granteePrincipal :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Lens: grantListEntry_issuingAccount :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Lens: grantListEntry_keyId :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Lens: grantListEntry_name :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Lens: grantListEntry_operations :: Lens' GrantListEntry (Maybe [GrantOperation])
+ Amazonka.KMS.Lens: grantListEntry_retiringPrincipal :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Lens: importKeyMaterialResponse_httpStatus :: Lens' ImportKeyMaterialResponse Int
+ Amazonka.KMS.Lens: importKeyMaterial_encryptedKeyMaterial :: Lens' ImportKeyMaterial ByteString
+ Amazonka.KMS.Lens: importKeyMaterial_expirationModel :: Lens' ImportKeyMaterial (Maybe ExpirationModelType)
+ Amazonka.KMS.Lens: importKeyMaterial_importToken :: Lens' ImportKeyMaterial ByteString
+ Amazonka.KMS.Lens: importKeyMaterial_keyId :: Lens' ImportKeyMaterial Text
+ Amazonka.KMS.Lens: importKeyMaterial_validTo :: Lens' ImportKeyMaterial (Maybe UTCTime)
+ Amazonka.KMS.Lens: keyListEntry_keyArn :: Lens' KeyListEntry (Maybe Text)
+ Amazonka.KMS.Lens: keyListEntry_keyId :: Lens' KeyListEntry (Maybe Text)
+ Amazonka.KMS.Lens: keyMetadata_aWSAccountId :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Lens: keyMetadata_arn :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Lens: keyMetadata_cloudHsmClusterId :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Lens: keyMetadata_creationDate :: Lens' KeyMetadata (Maybe UTCTime)
+ Amazonka.KMS.Lens: keyMetadata_customKeyStoreId :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Lens: keyMetadata_customerMasterKeySpec :: Lens' KeyMetadata (Maybe CustomerMasterKeySpec)
+ Amazonka.KMS.Lens: keyMetadata_deletionDate :: Lens' KeyMetadata (Maybe UTCTime)
+ Amazonka.KMS.Lens: keyMetadata_description :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Lens: keyMetadata_enabled :: Lens' KeyMetadata (Maybe Bool)
+ Amazonka.KMS.Lens: keyMetadata_encryptionAlgorithms :: Lens' KeyMetadata (Maybe [EncryptionAlgorithmSpec])
+ Amazonka.KMS.Lens: keyMetadata_expirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType)
+ Amazonka.KMS.Lens: keyMetadata_keyId :: Lens' KeyMetadata Text
+ Amazonka.KMS.Lens: keyMetadata_keyManager :: Lens' KeyMetadata (Maybe KeyManagerType)
+ Amazonka.KMS.Lens: keyMetadata_keySpec :: Lens' KeyMetadata (Maybe KeySpec)
+ Amazonka.KMS.Lens: keyMetadata_keyState :: Lens' KeyMetadata (Maybe KeyState)
+ Amazonka.KMS.Lens: keyMetadata_keyUsage :: Lens' KeyMetadata (Maybe KeyUsageType)
+ Amazonka.KMS.Lens: keyMetadata_macAlgorithms :: Lens' KeyMetadata (Maybe [MacAlgorithmSpec])
+ Amazonka.KMS.Lens: keyMetadata_multiRegion :: Lens' KeyMetadata (Maybe Bool)
+ Amazonka.KMS.Lens: keyMetadata_multiRegionConfiguration :: Lens' KeyMetadata (Maybe MultiRegionConfiguration)
+ Amazonka.KMS.Lens: keyMetadata_origin :: Lens' KeyMetadata (Maybe OriginType)
+ Amazonka.KMS.Lens: keyMetadata_pendingDeletionWindowInDays :: Lens' KeyMetadata (Maybe Natural)
+ Amazonka.KMS.Lens: keyMetadata_signingAlgorithms :: Lens' KeyMetadata (Maybe [SigningAlgorithmSpec])
+ Amazonka.KMS.Lens: keyMetadata_validTo :: Lens' KeyMetadata (Maybe UTCTime)
+ Amazonka.KMS.Lens: keyMetadata_xksKeyConfiguration :: Lens' KeyMetadata (Maybe XksKeyConfigurationType)
+ Amazonka.KMS.Lens: listAliasesResponse_aliases :: Lens' ListAliasesResponse (Maybe [AliasListEntry])
+ Amazonka.KMS.Lens: listAliasesResponse_httpStatus :: Lens' ListAliasesResponse Int
+ Amazonka.KMS.Lens: listAliasesResponse_nextMarker :: Lens' ListAliasesResponse (Maybe Text)
+ Amazonka.KMS.Lens: listAliasesResponse_truncated :: Lens' ListAliasesResponse (Maybe Bool)
+ Amazonka.KMS.Lens: listAliases_keyId :: Lens' ListAliases (Maybe Text)
+ Amazonka.KMS.Lens: listAliases_limit :: Lens' ListAliases (Maybe Natural)
+ Amazonka.KMS.Lens: listAliases_marker :: Lens' ListAliases (Maybe Text)
+ Amazonka.KMS.Lens: listGrantsResponse_grants :: Lens' ListGrantsResponse (Maybe [GrantListEntry])
+ Amazonka.KMS.Lens: listGrantsResponse_nextMarker :: Lens' ListGrantsResponse (Maybe Text)
+ Amazonka.KMS.Lens: listGrantsResponse_truncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Amazonka.KMS.Lens: listGrants_grantId :: Lens' ListGrants (Maybe Text)
+ Amazonka.KMS.Lens: listGrants_granteePrincipal :: Lens' ListGrants (Maybe Text)
+ Amazonka.KMS.Lens: listGrants_keyId :: Lens' ListGrants Text
+ Amazonka.KMS.Lens: listGrants_limit :: Lens' ListGrants (Maybe Natural)
+ Amazonka.KMS.Lens: listGrants_marker :: Lens' ListGrants (Maybe Text)
+ Amazonka.KMS.Lens: listKeyPoliciesResponse_httpStatus :: Lens' ListKeyPoliciesResponse Int
+ Amazonka.KMS.Lens: listKeyPoliciesResponse_nextMarker :: Lens' ListKeyPoliciesResponse (Maybe Text)
+ Amazonka.KMS.Lens: listKeyPoliciesResponse_policyNames :: Lens' ListKeyPoliciesResponse (Maybe [Text])
+ Amazonka.KMS.Lens: listKeyPoliciesResponse_truncated :: Lens' ListKeyPoliciesResponse (Maybe Bool)
+ Amazonka.KMS.Lens: listKeyPolicies_keyId :: Lens' ListKeyPolicies Text
+ Amazonka.KMS.Lens: listKeyPolicies_limit :: Lens' ListKeyPolicies (Maybe Natural)
+ Amazonka.KMS.Lens: listKeyPolicies_marker :: Lens' ListKeyPolicies (Maybe Text)
+ Amazonka.KMS.Lens: listKeysResponse_httpStatus :: Lens' ListKeysResponse Int
+ Amazonka.KMS.Lens: listKeysResponse_keys :: Lens' ListKeysResponse (Maybe [KeyListEntry])
+ Amazonka.KMS.Lens: listKeysResponse_nextMarker :: Lens' ListKeysResponse (Maybe Text)
+ Amazonka.KMS.Lens: listKeysResponse_truncated :: Lens' ListKeysResponse (Maybe Bool)
+ Amazonka.KMS.Lens: listKeys_limit :: Lens' ListKeys (Maybe Natural)
+ Amazonka.KMS.Lens: listKeys_marker :: Lens' ListKeys (Maybe Text)
+ Amazonka.KMS.Lens: listResourceTagsResponse_httpStatus :: Lens' ListResourceTagsResponse Int
+ Amazonka.KMS.Lens: listResourceTagsResponse_nextMarker :: Lens' ListResourceTagsResponse (Maybe Text)
+ Amazonka.KMS.Lens: listResourceTagsResponse_tags :: Lens' ListResourceTagsResponse (Maybe [Tag])
+ Amazonka.KMS.Lens: listResourceTagsResponse_truncated :: Lens' ListResourceTagsResponse (Maybe Bool)
+ Amazonka.KMS.Lens: listResourceTags_keyId :: Lens' ListResourceTags Text
+ Amazonka.KMS.Lens: listResourceTags_limit :: Lens' ListResourceTags (Maybe Natural)
+ Amazonka.KMS.Lens: listResourceTags_marker :: Lens' ListResourceTags (Maybe Text)
+ Amazonka.KMS.Lens: listRetirableGrants_limit :: Lens' ListRetirableGrants (Maybe Natural)
+ Amazonka.KMS.Lens: listRetirableGrants_marker :: Lens' ListRetirableGrants (Maybe Text)
+ Amazonka.KMS.Lens: listRetirableGrants_retiringPrincipal :: Lens' ListRetirableGrants Text
+ Amazonka.KMS.Lens: multiRegionConfiguration_multiRegionKeyType :: Lens' MultiRegionConfiguration (Maybe MultiRegionKeyType)
+ Amazonka.KMS.Lens: multiRegionConfiguration_primaryKey :: Lens' MultiRegionConfiguration (Maybe MultiRegionKey)
+ Amazonka.KMS.Lens: multiRegionConfiguration_replicaKeys :: Lens' MultiRegionConfiguration (Maybe [MultiRegionKey])
+ Amazonka.KMS.Lens: multiRegionKey_arn :: Lens' MultiRegionKey (Maybe Text)
+ Amazonka.KMS.Lens: multiRegionKey_region :: Lens' MultiRegionKey (Maybe Text)
+ Amazonka.KMS.Lens: putKeyPolicy_bypassPolicyLockoutSafetyCheck :: Lens' PutKeyPolicy (Maybe Bool)
+ Amazonka.KMS.Lens: putKeyPolicy_keyId :: Lens' PutKeyPolicy Text
+ Amazonka.KMS.Lens: putKeyPolicy_policy :: Lens' PutKeyPolicy Text
+ Amazonka.KMS.Lens: putKeyPolicy_policyName :: Lens' PutKeyPolicy Text
+ Amazonka.KMS.Lens: reEncryptResponse_ciphertextBlob :: Lens' ReEncryptResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: reEncryptResponse_destinationEncryptionAlgorithm :: Lens' ReEncryptResponse (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Lens: reEncryptResponse_httpStatus :: Lens' ReEncryptResponse Int
+ Amazonka.KMS.Lens: reEncryptResponse_keyId :: Lens' ReEncryptResponse (Maybe Text)
+ Amazonka.KMS.Lens: reEncryptResponse_sourceEncryptionAlgorithm :: Lens' ReEncryptResponse (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Lens: reEncryptResponse_sourceKeyId :: Lens' ReEncryptResponse (Maybe Text)
+ Amazonka.KMS.Lens: reEncrypt_ciphertextBlob :: Lens' ReEncrypt ByteString
+ Amazonka.KMS.Lens: reEncrypt_destinationEncryptionAlgorithm :: Lens' ReEncrypt (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Lens: reEncrypt_destinationEncryptionContext :: Lens' ReEncrypt (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: reEncrypt_destinationKeyId :: Lens' ReEncrypt Text
+ Amazonka.KMS.Lens: reEncrypt_grantTokens :: Lens' ReEncrypt (Maybe [Text])
+ Amazonka.KMS.Lens: reEncrypt_sourceEncryptionAlgorithm :: Lens' ReEncrypt (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.Lens: reEncrypt_sourceEncryptionContext :: Lens' ReEncrypt (Maybe (HashMap Text Text))
+ Amazonka.KMS.Lens: reEncrypt_sourceKeyId :: Lens' ReEncrypt (Maybe Text)
+ Amazonka.KMS.Lens: replicateKeyResponse_httpStatus :: Lens' ReplicateKeyResponse Int
+ Amazonka.KMS.Lens: replicateKeyResponse_replicaKeyMetadata :: Lens' ReplicateKeyResponse (Maybe KeyMetadata)
+ Amazonka.KMS.Lens: replicateKeyResponse_replicaPolicy :: Lens' ReplicateKeyResponse (Maybe Text)
+ Amazonka.KMS.Lens: replicateKeyResponse_replicaTags :: Lens' ReplicateKeyResponse (Maybe [Tag])
+ Amazonka.KMS.Lens: replicateKey_bypassPolicyLockoutSafetyCheck :: Lens' ReplicateKey (Maybe Bool)
+ Amazonka.KMS.Lens: replicateKey_description :: Lens' ReplicateKey (Maybe Text)
+ Amazonka.KMS.Lens: replicateKey_keyId :: Lens' ReplicateKey Text
+ Amazonka.KMS.Lens: replicateKey_policy :: Lens' ReplicateKey (Maybe Text)
+ Amazonka.KMS.Lens: replicateKey_replicaRegion :: Lens' ReplicateKey Text
+ Amazonka.KMS.Lens: replicateKey_tags :: Lens' ReplicateKey (Maybe [Tag])
+ Amazonka.KMS.Lens: retireGrant_grantId :: Lens' RetireGrant (Maybe Text)
+ Amazonka.KMS.Lens: retireGrant_grantToken :: Lens' RetireGrant (Maybe Text)
+ Amazonka.KMS.Lens: retireGrant_keyId :: Lens' RetireGrant (Maybe Text)
+ Amazonka.KMS.Lens: revokeGrant_grantId :: Lens' RevokeGrant Text
+ Amazonka.KMS.Lens: revokeGrant_keyId :: Lens' RevokeGrant Text
+ Amazonka.KMS.Lens: scheduleKeyDeletionResponse_deletionDate :: Lens' ScheduleKeyDeletionResponse (Maybe UTCTime)
+ Amazonka.KMS.Lens: scheduleKeyDeletionResponse_httpStatus :: Lens' ScheduleKeyDeletionResponse Int
+ Amazonka.KMS.Lens: scheduleKeyDeletionResponse_keyId :: Lens' ScheduleKeyDeletionResponse (Maybe Text)
+ Amazonka.KMS.Lens: scheduleKeyDeletionResponse_keyState :: Lens' ScheduleKeyDeletionResponse (Maybe KeyState)
+ Amazonka.KMS.Lens: scheduleKeyDeletionResponse_pendingWindowInDays :: Lens' ScheduleKeyDeletionResponse (Maybe Natural)
+ Amazonka.KMS.Lens: scheduleKeyDeletion_keyId :: Lens' ScheduleKeyDeletion Text
+ Amazonka.KMS.Lens: scheduleKeyDeletion_pendingWindowInDays :: Lens' ScheduleKeyDeletion (Maybe Natural)
+ Amazonka.KMS.Lens: signResponse_httpStatus :: Lens' SignResponse Int
+ Amazonka.KMS.Lens: signResponse_keyId :: Lens' SignResponse (Maybe Text)
+ Amazonka.KMS.Lens: signResponse_signature :: Lens' SignResponse (Maybe ByteString)
+ Amazonka.KMS.Lens: signResponse_signingAlgorithm :: Lens' SignResponse (Maybe SigningAlgorithmSpec)
+ Amazonka.KMS.Lens: sign_grantTokens :: Lens' Sign (Maybe [Text])
+ Amazonka.KMS.Lens: sign_keyId :: Lens' Sign Text
+ Amazonka.KMS.Lens: sign_message :: Lens' Sign ByteString
+ Amazonka.KMS.Lens: sign_messageType :: Lens' Sign (Maybe MessageType)
+ Amazonka.KMS.Lens: sign_signingAlgorithm :: Lens' Sign SigningAlgorithmSpec
+ Amazonka.KMS.Lens: tagResource_keyId :: Lens' TagResource Text
+ Amazonka.KMS.Lens: tagResource_tags :: Lens' TagResource [Tag]
+ Amazonka.KMS.Lens: tag_tagKey :: Lens' Tag Text
+ Amazonka.KMS.Lens: tag_tagValue :: Lens' Tag Text
+ Amazonka.KMS.Lens: untagResource_keyId :: Lens' UntagResource Text
+ Amazonka.KMS.Lens: untagResource_tagKeys :: Lens' UntagResource [Text]
+ Amazonka.KMS.Lens: updateAlias_aliasName :: Lens' UpdateAlias Text
+ Amazonka.KMS.Lens: updateAlias_targetKeyId :: Lens' UpdateAlias Text
+ Amazonka.KMS.Lens: updateCustomKeyStoreResponse_httpStatus :: Lens' UpdateCustomKeyStoreResponse Int
+ Amazonka.KMS.Lens: updateCustomKeyStore_cloudHsmClusterId :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: updateCustomKeyStore_customKeyStoreId :: Lens' UpdateCustomKeyStore Text
+ Amazonka.KMS.Lens: updateCustomKeyStore_keyStorePassword :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: updateCustomKeyStore_newCustomKeyStoreName :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: updateCustomKeyStore_xksProxyAuthenticationCredential :: Lens' UpdateCustomKeyStore (Maybe XksProxyAuthenticationCredentialType)
+ Amazonka.KMS.Lens: updateCustomKeyStore_xksProxyConnectivity :: Lens' UpdateCustomKeyStore (Maybe XksProxyConnectivityType)
+ Amazonka.KMS.Lens: updateCustomKeyStore_xksProxyUriEndpoint :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: updateCustomKeyStore_xksProxyUriPath :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: updateCustomKeyStore_xksProxyVpcEndpointServiceName :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.Lens: updateKeyDescription_description :: Lens' UpdateKeyDescription Text
+ Amazonka.KMS.Lens: updateKeyDescription_keyId :: Lens' UpdateKeyDescription Text
+ Amazonka.KMS.Lens: updatePrimaryRegion_keyId :: Lens' UpdatePrimaryRegion Text
+ Amazonka.KMS.Lens: updatePrimaryRegion_primaryRegion :: Lens' UpdatePrimaryRegion Text
+ Amazonka.KMS.Lens: verifyMacResponse_httpStatus :: Lens' VerifyMacResponse Int
+ Amazonka.KMS.Lens: verifyMacResponse_keyId :: Lens' VerifyMacResponse (Maybe Text)
+ Amazonka.KMS.Lens: verifyMacResponse_macAlgorithm :: Lens' VerifyMacResponse (Maybe MacAlgorithmSpec)
+ Amazonka.KMS.Lens: verifyMacResponse_macValid :: Lens' VerifyMacResponse (Maybe Bool)
+ Amazonka.KMS.Lens: verifyMac_grantTokens :: Lens' VerifyMac (Maybe [Text])
+ Amazonka.KMS.Lens: verifyMac_keyId :: Lens' VerifyMac Text
+ Amazonka.KMS.Lens: verifyMac_mac :: Lens' VerifyMac ByteString
+ Amazonka.KMS.Lens: verifyMac_macAlgorithm :: Lens' VerifyMac MacAlgorithmSpec
+ Amazonka.KMS.Lens: verifyMac_message :: Lens' VerifyMac ByteString
+ Amazonka.KMS.Lens: verifyResponse_httpStatus :: Lens' VerifyResponse Int
+ Amazonka.KMS.Lens: verifyResponse_keyId :: Lens' VerifyResponse (Maybe Text)
+ Amazonka.KMS.Lens: verifyResponse_signatureValid :: Lens' VerifyResponse (Maybe Bool)
+ Amazonka.KMS.Lens: verifyResponse_signingAlgorithm :: Lens' VerifyResponse (Maybe SigningAlgorithmSpec)
+ Amazonka.KMS.Lens: verify_grantTokens :: Lens' Verify (Maybe [Text])
+ Amazonka.KMS.Lens: verify_keyId :: Lens' Verify Text
+ Amazonka.KMS.Lens: verify_message :: Lens' Verify ByteString
+ Amazonka.KMS.Lens: verify_messageType :: Lens' Verify (Maybe MessageType)
+ Amazonka.KMS.Lens: verify_signature :: Lens' Verify ByteString
+ Amazonka.KMS.Lens: verify_signingAlgorithm :: Lens' Verify SigningAlgorithmSpec
+ Amazonka.KMS.Lens: xksKeyConfigurationType_id :: Lens' XksKeyConfigurationType (Maybe Text)
+ Amazonka.KMS.Lens: xksProxyAuthenticationCredentialType_accessKeyId :: Lens' XksProxyAuthenticationCredentialType Text
+ Amazonka.KMS.Lens: xksProxyAuthenticationCredentialType_rawSecretAccessKey :: Lens' XksProxyAuthenticationCredentialType Text
+ Amazonka.KMS.Lens: xksProxyConfigurationType_accessKeyId :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Lens: xksProxyConfigurationType_connectivity :: Lens' XksProxyConfigurationType (Maybe XksProxyConnectivityType)
+ Amazonka.KMS.Lens: xksProxyConfigurationType_uriEndpoint :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Lens: xksProxyConfigurationType_uriPath :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Lens: xksProxyConfigurationType_vpcEndpointServiceName :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.ListAliases: ListAliases' :: Maybe Text -> Maybe Natural -> Maybe Text -> ListAliases
+ Amazonka.KMS.ListAliases: ListAliasesResponse' :: Maybe [AliasListEntry] -> Maybe Text -> Maybe Bool -> Int -> ListAliasesResponse
+ Amazonka.KMS.ListAliases: [$sel:aliases:ListAliasesResponse'] :: ListAliasesResponse -> Maybe [AliasListEntry]
+ Amazonka.KMS.ListAliases: [$sel:httpStatus:ListAliasesResponse'] :: ListAliasesResponse -> Int
+ Amazonka.KMS.ListAliases: [$sel:keyId:ListAliases'] :: ListAliases -> Maybe Text
+ Amazonka.KMS.ListAliases: [$sel:limit:ListAliases'] :: ListAliases -> Maybe Natural
+ Amazonka.KMS.ListAliases: [$sel:marker:ListAliases'] :: ListAliases -> Maybe Text
+ Amazonka.KMS.ListAliases: [$sel:nextMarker:ListAliasesResponse'] :: ListAliasesResponse -> Maybe Text
+ Amazonka.KMS.ListAliases: [$sel:truncated:ListAliasesResponse'] :: ListAliasesResponse -> Maybe Bool
+ Amazonka.KMS.ListAliases: data ListAliases
+ Amazonka.KMS.ListAliases: data ListAliasesResponse
+ Amazonka.KMS.ListAliases: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance Amazonka.Pager.AWSPager Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance Amazonka.Types.AWSRequest Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance Control.DeepSeq.NFData Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance Control.DeepSeq.NFData Amazonka.KMS.ListAliases.ListAliasesResponse
+ Amazonka.KMS.ListAliases: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance Data.Hashable.Class.Hashable Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance GHC.Classes.Eq Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance GHC.Classes.Eq Amazonka.KMS.ListAliases.ListAliasesResponse
+ Amazonka.KMS.ListAliases: instance GHC.Generics.Generic Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance GHC.Generics.Generic Amazonka.KMS.ListAliases.ListAliasesResponse
+ Amazonka.KMS.ListAliases: instance GHC.Read.Read Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance GHC.Read.Read Amazonka.KMS.ListAliases.ListAliasesResponse
+ Amazonka.KMS.ListAliases: instance GHC.Show.Show Amazonka.KMS.ListAliases.ListAliases
+ Amazonka.KMS.ListAliases: instance GHC.Show.Show Amazonka.KMS.ListAliases.ListAliasesResponse
+ Amazonka.KMS.ListAliases: listAliasesResponse_aliases :: Lens' ListAliasesResponse (Maybe [AliasListEntry])
+ Amazonka.KMS.ListAliases: listAliasesResponse_httpStatus :: Lens' ListAliasesResponse Int
+ Amazonka.KMS.ListAliases: listAliasesResponse_nextMarker :: Lens' ListAliasesResponse (Maybe Text)
+ Amazonka.KMS.ListAliases: listAliasesResponse_truncated :: Lens' ListAliasesResponse (Maybe Bool)
+ Amazonka.KMS.ListAliases: listAliases_keyId :: Lens' ListAliases (Maybe Text)
+ Amazonka.KMS.ListAliases: listAliases_limit :: Lens' ListAliases (Maybe Natural)
+ Amazonka.KMS.ListAliases: listAliases_marker :: Lens' ListAliases (Maybe Text)
+ Amazonka.KMS.ListAliases: newListAliases :: ListAliases
+ Amazonka.KMS.ListAliases: newListAliasesResponse :: Int -> ListAliasesResponse
+ Amazonka.KMS.ListGrants: ListGrants' :: Maybe Text -> Maybe Text -> Maybe Natural -> Maybe Text -> Text -> ListGrants
+ Amazonka.KMS.ListGrants: ListGrantsResponse' :: Maybe [GrantListEntry] -> Maybe Text -> Maybe Bool -> ListGrantsResponse
+ Amazonka.KMS.ListGrants: [$sel:grantId:ListGrants'] :: ListGrants -> Maybe Text
+ Amazonka.KMS.ListGrants: [$sel:granteePrincipal:ListGrants'] :: ListGrants -> Maybe Text
+ Amazonka.KMS.ListGrants: [$sel:grants:ListGrantsResponse'] :: ListGrantsResponse -> Maybe [GrantListEntry]
+ Amazonka.KMS.ListGrants: [$sel:keyId:ListGrants'] :: ListGrants -> Text
+ Amazonka.KMS.ListGrants: [$sel:limit:ListGrants'] :: ListGrants -> Maybe Natural
+ Amazonka.KMS.ListGrants: [$sel:marker:ListGrants'] :: ListGrants -> Maybe Text
+ Amazonka.KMS.ListGrants: [$sel:nextMarker:ListGrantsResponse'] :: ListGrantsResponse -> Maybe Text
+ Amazonka.KMS.ListGrants: [$sel:truncated:ListGrantsResponse'] :: ListGrantsResponse -> Maybe Bool
+ Amazonka.KMS.ListGrants: data ListGrants
+ Amazonka.KMS.ListGrants: data ListGrantsResponse
+ Amazonka.KMS.ListGrants: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance Amazonka.Pager.AWSPager Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance Amazonka.Types.AWSRequest Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance Control.DeepSeq.NFData Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance Data.Hashable.Class.Hashable Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance GHC.Classes.Eq Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance GHC.Generics.Generic Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance GHC.Read.Read Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: instance GHC.Show.Show Amazonka.KMS.ListGrants.ListGrants
+ Amazonka.KMS.ListGrants: listGrantsResponse_grants :: Lens' ListGrantsResponse (Maybe [GrantListEntry])
+ Amazonka.KMS.ListGrants: listGrantsResponse_nextMarker :: Lens' ListGrantsResponse (Maybe Text)
+ Amazonka.KMS.ListGrants: listGrantsResponse_truncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Amazonka.KMS.ListGrants: listGrants_grantId :: Lens' ListGrants (Maybe Text)
+ Amazonka.KMS.ListGrants: listGrants_granteePrincipal :: Lens' ListGrants (Maybe Text)
+ Amazonka.KMS.ListGrants: listGrants_keyId :: Lens' ListGrants Text
+ Amazonka.KMS.ListGrants: listGrants_limit :: Lens' ListGrants (Maybe Natural)
+ Amazonka.KMS.ListGrants: listGrants_marker :: Lens' ListGrants (Maybe Text)
+ Amazonka.KMS.ListGrants: newListGrants :: Text -> ListGrants
+ Amazonka.KMS.ListGrants: newListGrantsResponse :: ListGrantsResponse
+ Amazonka.KMS.ListKeyPolicies: ListKeyPolicies' :: Maybe Natural -> Maybe Text -> Text -> ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: ListKeyPoliciesResponse' :: Maybe Text -> Maybe [Text] -> Maybe Bool -> Int -> ListKeyPoliciesResponse
+ Amazonka.KMS.ListKeyPolicies: [$sel:httpStatus:ListKeyPoliciesResponse'] :: ListKeyPoliciesResponse -> Int
+ Amazonka.KMS.ListKeyPolicies: [$sel:keyId:ListKeyPolicies'] :: ListKeyPolicies -> Text
+ Amazonka.KMS.ListKeyPolicies: [$sel:limit:ListKeyPolicies'] :: ListKeyPolicies -> Maybe Natural
+ Amazonka.KMS.ListKeyPolicies: [$sel:marker:ListKeyPolicies'] :: ListKeyPolicies -> Maybe Text
+ Amazonka.KMS.ListKeyPolicies: [$sel:nextMarker:ListKeyPoliciesResponse'] :: ListKeyPoliciesResponse -> Maybe Text
+ Amazonka.KMS.ListKeyPolicies: [$sel:policyNames:ListKeyPoliciesResponse'] :: ListKeyPoliciesResponse -> Maybe [Text]
+ Amazonka.KMS.ListKeyPolicies: [$sel:truncated:ListKeyPoliciesResponse'] :: ListKeyPoliciesResponse -> Maybe Bool
+ Amazonka.KMS.ListKeyPolicies: data ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: data ListKeyPoliciesResponse
+ Amazonka.KMS.ListKeyPolicies: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance Amazonka.Pager.AWSPager Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance Amazonka.Types.AWSRequest Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance Control.DeepSeq.NFData Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance Control.DeepSeq.NFData Amazonka.KMS.ListKeyPolicies.ListKeyPoliciesResponse
+ Amazonka.KMS.ListKeyPolicies: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance Data.Hashable.Class.Hashable Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance GHC.Classes.Eq Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance GHC.Classes.Eq Amazonka.KMS.ListKeyPolicies.ListKeyPoliciesResponse
+ Amazonka.KMS.ListKeyPolicies: instance GHC.Generics.Generic Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance GHC.Generics.Generic Amazonka.KMS.ListKeyPolicies.ListKeyPoliciesResponse
+ Amazonka.KMS.ListKeyPolicies: instance GHC.Read.Read Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance GHC.Read.Read Amazonka.KMS.ListKeyPolicies.ListKeyPoliciesResponse
+ Amazonka.KMS.ListKeyPolicies: instance GHC.Show.Show Amazonka.KMS.ListKeyPolicies.ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: instance GHC.Show.Show Amazonka.KMS.ListKeyPolicies.ListKeyPoliciesResponse
+ Amazonka.KMS.ListKeyPolicies: listKeyPoliciesResponse_httpStatus :: Lens' ListKeyPoliciesResponse Int
+ Amazonka.KMS.ListKeyPolicies: listKeyPoliciesResponse_nextMarker :: Lens' ListKeyPoliciesResponse (Maybe Text)
+ Amazonka.KMS.ListKeyPolicies: listKeyPoliciesResponse_policyNames :: Lens' ListKeyPoliciesResponse (Maybe [Text])
+ Amazonka.KMS.ListKeyPolicies: listKeyPoliciesResponse_truncated :: Lens' ListKeyPoliciesResponse (Maybe Bool)
+ Amazonka.KMS.ListKeyPolicies: listKeyPolicies_keyId :: Lens' ListKeyPolicies Text
+ Amazonka.KMS.ListKeyPolicies: listKeyPolicies_limit :: Lens' ListKeyPolicies (Maybe Natural)
+ Amazonka.KMS.ListKeyPolicies: listKeyPolicies_marker :: Lens' ListKeyPolicies (Maybe Text)
+ Amazonka.KMS.ListKeyPolicies: newListKeyPolicies :: Text -> ListKeyPolicies
+ Amazonka.KMS.ListKeyPolicies: newListKeyPoliciesResponse :: Int -> ListKeyPoliciesResponse
+ Amazonka.KMS.ListKeys: ListKeys' :: Maybe Natural -> Maybe Text -> ListKeys
+ Amazonka.KMS.ListKeys: ListKeysResponse' :: Maybe [KeyListEntry] -> Maybe Text -> Maybe Bool -> Int -> ListKeysResponse
+ Amazonka.KMS.ListKeys: [$sel:httpStatus:ListKeysResponse'] :: ListKeysResponse -> Int
+ Amazonka.KMS.ListKeys: [$sel:keys:ListKeysResponse'] :: ListKeysResponse -> Maybe [KeyListEntry]
+ Amazonka.KMS.ListKeys: [$sel:limit:ListKeys'] :: ListKeys -> Maybe Natural
+ Amazonka.KMS.ListKeys: [$sel:marker:ListKeys'] :: ListKeys -> Maybe Text
+ Amazonka.KMS.ListKeys: [$sel:nextMarker:ListKeysResponse'] :: ListKeysResponse -> Maybe Text
+ Amazonka.KMS.ListKeys: [$sel:truncated:ListKeysResponse'] :: ListKeysResponse -> Maybe Bool
+ Amazonka.KMS.ListKeys: data ListKeys
+ Amazonka.KMS.ListKeys: data ListKeysResponse
+ Amazonka.KMS.ListKeys: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance Amazonka.Pager.AWSPager Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance Amazonka.Types.AWSRequest Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance Control.DeepSeq.NFData Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance Control.DeepSeq.NFData Amazonka.KMS.ListKeys.ListKeysResponse
+ Amazonka.KMS.ListKeys: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance Data.Hashable.Class.Hashable Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance GHC.Classes.Eq Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance GHC.Classes.Eq Amazonka.KMS.ListKeys.ListKeysResponse
+ Amazonka.KMS.ListKeys: instance GHC.Generics.Generic Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance GHC.Generics.Generic Amazonka.KMS.ListKeys.ListKeysResponse
+ Amazonka.KMS.ListKeys: instance GHC.Read.Read Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance GHC.Read.Read Amazonka.KMS.ListKeys.ListKeysResponse
+ Amazonka.KMS.ListKeys: instance GHC.Show.Show Amazonka.KMS.ListKeys.ListKeys
+ Amazonka.KMS.ListKeys: instance GHC.Show.Show Amazonka.KMS.ListKeys.ListKeysResponse
+ Amazonka.KMS.ListKeys: listKeysResponse_httpStatus :: Lens' ListKeysResponse Int
+ Amazonka.KMS.ListKeys: listKeysResponse_keys :: Lens' ListKeysResponse (Maybe [KeyListEntry])
+ Amazonka.KMS.ListKeys: listKeysResponse_nextMarker :: Lens' ListKeysResponse (Maybe Text)
+ Amazonka.KMS.ListKeys: listKeysResponse_truncated :: Lens' ListKeysResponse (Maybe Bool)
+ Amazonka.KMS.ListKeys: listKeys_limit :: Lens' ListKeys (Maybe Natural)
+ Amazonka.KMS.ListKeys: listKeys_marker :: Lens' ListKeys (Maybe Text)
+ Amazonka.KMS.ListKeys: newListKeys :: ListKeys
+ Amazonka.KMS.ListKeys: newListKeysResponse :: Int -> ListKeysResponse
+ Amazonka.KMS.ListResourceTags: ListResourceTags' :: Maybe Natural -> Maybe Text -> Text -> ListResourceTags
+ Amazonka.KMS.ListResourceTags: ListResourceTagsResponse' :: Maybe Text -> Maybe [Tag] -> Maybe Bool -> Int -> ListResourceTagsResponse
+ Amazonka.KMS.ListResourceTags: [$sel:httpStatus:ListResourceTagsResponse'] :: ListResourceTagsResponse -> Int
+ Amazonka.KMS.ListResourceTags: [$sel:keyId:ListResourceTags'] :: ListResourceTags -> Text
+ Amazonka.KMS.ListResourceTags: [$sel:limit:ListResourceTags'] :: ListResourceTags -> Maybe Natural
+ Amazonka.KMS.ListResourceTags: [$sel:marker:ListResourceTags'] :: ListResourceTags -> Maybe Text
+ Amazonka.KMS.ListResourceTags: [$sel:nextMarker:ListResourceTagsResponse'] :: ListResourceTagsResponse -> Maybe Text
+ Amazonka.KMS.ListResourceTags: [$sel:tags:ListResourceTagsResponse'] :: ListResourceTagsResponse -> Maybe [Tag]
+ Amazonka.KMS.ListResourceTags: [$sel:truncated:ListResourceTagsResponse'] :: ListResourceTagsResponse -> Maybe Bool
+ Amazonka.KMS.ListResourceTags: data ListResourceTags
+ Amazonka.KMS.ListResourceTags: data ListResourceTagsResponse
+ Amazonka.KMS.ListResourceTags: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance Amazonka.Pager.AWSPager Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance Amazonka.Types.AWSRequest Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance Control.DeepSeq.NFData Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance Control.DeepSeq.NFData Amazonka.KMS.ListResourceTags.ListResourceTagsResponse
+ Amazonka.KMS.ListResourceTags: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance Data.Hashable.Class.Hashable Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance GHC.Classes.Eq Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance GHC.Classes.Eq Amazonka.KMS.ListResourceTags.ListResourceTagsResponse
+ Amazonka.KMS.ListResourceTags: instance GHC.Generics.Generic Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance GHC.Generics.Generic Amazonka.KMS.ListResourceTags.ListResourceTagsResponse
+ Amazonka.KMS.ListResourceTags: instance GHC.Read.Read Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance GHC.Read.Read Amazonka.KMS.ListResourceTags.ListResourceTagsResponse
+ Amazonka.KMS.ListResourceTags: instance GHC.Show.Show Amazonka.KMS.ListResourceTags.ListResourceTags
+ Amazonka.KMS.ListResourceTags: instance GHC.Show.Show Amazonka.KMS.ListResourceTags.ListResourceTagsResponse
+ Amazonka.KMS.ListResourceTags: listResourceTagsResponse_httpStatus :: Lens' ListResourceTagsResponse Int
+ Amazonka.KMS.ListResourceTags: listResourceTagsResponse_nextMarker :: Lens' ListResourceTagsResponse (Maybe Text)
+ Amazonka.KMS.ListResourceTags: listResourceTagsResponse_tags :: Lens' ListResourceTagsResponse (Maybe [Tag])
+ Amazonka.KMS.ListResourceTags: listResourceTagsResponse_truncated :: Lens' ListResourceTagsResponse (Maybe Bool)
+ Amazonka.KMS.ListResourceTags: listResourceTags_keyId :: Lens' ListResourceTags Text
+ Amazonka.KMS.ListResourceTags: listResourceTags_limit :: Lens' ListResourceTags (Maybe Natural)
+ Amazonka.KMS.ListResourceTags: listResourceTags_marker :: Lens' ListResourceTags (Maybe Text)
+ Amazonka.KMS.ListResourceTags: newListResourceTags :: Text -> ListResourceTags
+ Amazonka.KMS.ListResourceTags: newListResourceTagsResponse :: Int -> ListResourceTagsResponse
+ Amazonka.KMS.ListRetirableGrants: ListGrantsResponse' :: Maybe [GrantListEntry] -> Maybe Text -> Maybe Bool -> ListGrantsResponse
+ Amazonka.KMS.ListRetirableGrants: ListRetirableGrants' :: Maybe Natural -> Maybe Text -> Text -> ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: [$sel:grants:ListGrantsResponse'] :: ListGrantsResponse -> Maybe [GrantListEntry]
+ Amazonka.KMS.ListRetirableGrants: [$sel:limit:ListRetirableGrants'] :: ListRetirableGrants -> Maybe Natural
+ Amazonka.KMS.ListRetirableGrants: [$sel:marker:ListRetirableGrants'] :: ListRetirableGrants -> Maybe Text
+ Amazonka.KMS.ListRetirableGrants: [$sel:nextMarker:ListGrantsResponse'] :: ListGrantsResponse -> Maybe Text
+ Amazonka.KMS.ListRetirableGrants: [$sel:retiringPrincipal:ListRetirableGrants'] :: ListRetirableGrants -> Text
+ Amazonka.KMS.ListRetirableGrants: [$sel:truncated:ListGrantsResponse'] :: ListGrantsResponse -> Maybe Bool
+ Amazonka.KMS.ListRetirableGrants: data ListGrantsResponse
+ Amazonka.KMS.ListRetirableGrants: data ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance Amazonka.Pager.AWSPager Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance Amazonka.Types.AWSRequest Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance Control.DeepSeq.NFData Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance Data.Hashable.Class.Hashable Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance GHC.Classes.Eq Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance GHC.Generics.Generic Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance GHC.Read.Read Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: instance GHC.Show.Show Amazonka.KMS.ListRetirableGrants.ListRetirableGrants
+ Amazonka.KMS.ListRetirableGrants: listGrantsResponse_grants :: Lens' ListGrantsResponse (Maybe [GrantListEntry])
+ Amazonka.KMS.ListRetirableGrants: listGrantsResponse_nextMarker :: Lens' ListGrantsResponse (Maybe Text)
+ Amazonka.KMS.ListRetirableGrants: listGrantsResponse_truncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Amazonka.KMS.ListRetirableGrants: listRetirableGrants_limit :: Lens' ListRetirableGrants (Maybe Natural)
+ Amazonka.KMS.ListRetirableGrants: listRetirableGrants_marker :: Lens' ListRetirableGrants (Maybe Text)
+ Amazonka.KMS.ListRetirableGrants: listRetirableGrants_retiringPrincipal :: Lens' ListRetirableGrants Text
+ Amazonka.KMS.ListRetirableGrants: newListGrantsResponse :: ListGrantsResponse
+ Amazonka.KMS.ListRetirableGrants: newListRetirableGrants :: Text -> ListRetirableGrants
+ Amazonka.KMS.PutKeyPolicy: PutKeyPolicy' :: Maybe Bool -> Text -> Text -> Text -> PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: PutKeyPolicyResponse' :: PutKeyPolicyResponse
+ Amazonka.KMS.PutKeyPolicy: [$sel:bypassPolicyLockoutSafetyCheck:PutKeyPolicy'] :: PutKeyPolicy -> Maybe Bool
+ Amazonka.KMS.PutKeyPolicy: [$sel:keyId:PutKeyPolicy'] :: PutKeyPolicy -> Text
+ Amazonka.KMS.PutKeyPolicy: [$sel:policy:PutKeyPolicy'] :: PutKeyPolicy -> Text
+ Amazonka.KMS.PutKeyPolicy: [$sel:policyName:PutKeyPolicy'] :: PutKeyPolicy -> Text
+ Amazonka.KMS.PutKeyPolicy: data PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: data PutKeyPolicyResponse
+ Amazonka.KMS.PutKeyPolicy: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance Amazonka.Data.Path.ToPath Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance Amazonka.Types.AWSRequest Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance Control.DeepSeq.NFData Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance Control.DeepSeq.NFData Amazonka.KMS.PutKeyPolicy.PutKeyPolicyResponse
+ Amazonka.KMS.PutKeyPolicy: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance Data.Hashable.Class.Hashable Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance GHC.Classes.Eq Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance GHC.Classes.Eq Amazonka.KMS.PutKeyPolicy.PutKeyPolicyResponse
+ Amazonka.KMS.PutKeyPolicy: instance GHC.Generics.Generic Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance GHC.Generics.Generic Amazonka.KMS.PutKeyPolicy.PutKeyPolicyResponse
+ Amazonka.KMS.PutKeyPolicy: instance GHC.Read.Read Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance GHC.Read.Read Amazonka.KMS.PutKeyPolicy.PutKeyPolicyResponse
+ Amazonka.KMS.PutKeyPolicy: instance GHC.Show.Show Amazonka.KMS.PutKeyPolicy.PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: instance GHC.Show.Show Amazonka.KMS.PutKeyPolicy.PutKeyPolicyResponse
+ Amazonka.KMS.PutKeyPolicy: newPutKeyPolicy :: Text -> Text -> Text -> PutKeyPolicy
+ Amazonka.KMS.PutKeyPolicy: newPutKeyPolicyResponse :: PutKeyPolicyResponse
+ Amazonka.KMS.PutKeyPolicy: putKeyPolicy_bypassPolicyLockoutSafetyCheck :: Lens' PutKeyPolicy (Maybe Bool)
+ Amazonka.KMS.PutKeyPolicy: putKeyPolicy_keyId :: Lens' PutKeyPolicy Text
+ Amazonka.KMS.PutKeyPolicy: putKeyPolicy_policy :: Lens' PutKeyPolicy Text
+ Amazonka.KMS.PutKeyPolicy: putKeyPolicy_policyName :: Lens' PutKeyPolicy Text
+ Amazonka.KMS.ReEncrypt: ReEncrypt' :: Maybe EncryptionAlgorithmSpec -> Maybe (HashMap Text Text) -> Maybe [Text] -> Maybe EncryptionAlgorithmSpec -> Maybe (HashMap Text Text) -> Maybe Text -> Base64 -> Text -> ReEncrypt
+ Amazonka.KMS.ReEncrypt: ReEncryptResponse' :: Maybe Base64 -> Maybe EncryptionAlgorithmSpec -> Maybe Text -> Maybe EncryptionAlgorithmSpec -> Maybe Text -> Int -> ReEncryptResponse
+ Amazonka.KMS.ReEncrypt: [$sel:ciphertextBlob:ReEncrypt'] :: ReEncrypt -> Base64
+ Amazonka.KMS.ReEncrypt: [$sel:ciphertextBlob:ReEncryptResponse'] :: ReEncryptResponse -> Maybe Base64
+ Amazonka.KMS.ReEncrypt: [$sel:destinationEncryptionAlgorithm:ReEncrypt'] :: ReEncrypt -> Maybe EncryptionAlgorithmSpec
+ Amazonka.KMS.ReEncrypt: [$sel:destinationEncryptionAlgorithm:ReEncryptResponse'] :: ReEncryptResponse -> Maybe EncryptionAlgorithmSpec
+ Amazonka.KMS.ReEncrypt: [$sel:destinationEncryptionContext:ReEncrypt'] :: ReEncrypt -> Maybe (HashMap Text Text)
+ Amazonka.KMS.ReEncrypt: [$sel:destinationKeyId:ReEncrypt'] :: ReEncrypt -> Text
+ Amazonka.KMS.ReEncrypt: [$sel:grantTokens:ReEncrypt'] :: ReEncrypt -> Maybe [Text]
+ Amazonka.KMS.ReEncrypt: [$sel:httpStatus:ReEncryptResponse'] :: ReEncryptResponse -> Int
+ Amazonka.KMS.ReEncrypt: [$sel:keyId:ReEncryptResponse'] :: ReEncryptResponse -> Maybe Text
+ Amazonka.KMS.ReEncrypt: [$sel:sourceEncryptionAlgorithm:ReEncrypt'] :: ReEncrypt -> Maybe EncryptionAlgorithmSpec
+ Amazonka.KMS.ReEncrypt: [$sel:sourceEncryptionAlgorithm:ReEncryptResponse'] :: ReEncryptResponse -> Maybe EncryptionAlgorithmSpec
+ Amazonka.KMS.ReEncrypt: [$sel:sourceEncryptionContext:ReEncrypt'] :: ReEncrypt -> Maybe (HashMap Text Text)
+ Amazonka.KMS.ReEncrypt: [$sel:sourceKeyId:ReEncrypt'] :: ReEncrypt -> Maybe Text
+ Amazonka.KMS.ReEncrypt: [$sel:sourceKeyId:ReEncryptResponse'] :: ReEncryptResponse -> Maybe Text
+ Amazonka.KMS.ReEncrypt: data ReEncrypt
+ Amazonka.KMS.ReEncrypt: data ReEncryptResponse
+ Amazonka.KMS.ReEncrypt: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance Amazonka.Types.AWSRequest Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance Control.DeepSeq.NFData Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance Control.DeepSeq.NFData Amazonka.KMS.ReEncrypt.ReEncryptResponse
+ Amazonka.KMS.ReEncrypt: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance Data.Hashable.Class.Hashable Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance GHC.Classes.Eq Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance GHC.Classes.Eq Amazonka.KMS.ReEncrypt.ReEncryptResponse
+ Amazonka.KMS.ReEncrypt: instance GHC.Generics.Generic Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance GHC.Generics.Generic Amazonka.KMS.ReEncrypt.ReEncryptResponse
+ Amazonka.KMS.ReEncrypt: instance GHC.Read.Read Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance GHC.Read.Read Amazonka.KMS.ReEncrypt.ReEncryptResponse
+ Amazonka.KMS.ReEncrypt: instance GHC.Show.Show Amazonka.KMS.ReEncrypt.ReEncrypt
+ Amazonka.KMS.ReEncrypt: instance GHC.Show.Show Amazonka.KMS.ReEncrypt.ReEncryptResponse
+ Amazonka.KMS.ReEncrypt: newReEncrypt :: ByteString -> Text -> ReEncrypt
+ Amazonka.KMS.ReEncrypt: newReEncryptResponse :: Int -> ReEncryptResponse
+ Amazonka.KMS.ReEncrypt: reEncryptResponse_ciphertextBlob :: Lens' ReEncryptResponse (Maybe ByteString)
+ Amazonka.KMS.ReEncrypt: reEncryptResponse_destinationEncryptionAlgorithm :: Lens' ReEncryptResponse (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.ReEncrypt: reEncryptResponse_httpStatus :: Lens' ReEncryptResponse Int
+ Amazonka.KMS.ReEncrypt: reEncryptResponse_keyId :: Lens' ReEncryptResponse (Maybe Text)
+ Amazonka.KMS.ReEncrypt: reEncryptResponse_sourceEncryptionAlgorithm :: Lens' ReEncryptResponse (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.ReEncrypt: reEncryptResponse_sourceKeyId :: Lens' ReEncryptResponse (Maybe Text)
+ Amazonka.KMS.ReEncrypt: reEncrypt_ciphertextBlob :: Lens' ReEncrypt ByteString
+ Amazonka.KMS.ReEncrypt: reEncrypt_destinationEncryptionAlgorithm :: Lens' ReEncrypt (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.ReEncrypt: reEncrypt_destinationEncryptionContext :: Lens' ReEncrypt (Maybe (HashMap Text Text))
+ Amazonka.KMS.ReEncrypt: reEncrypt_destinationKeyId :: Lens' ReEncrypt Text
+ Amazonka.KMS.ReEncrypt: reEncrypt_grantTokens :: Lens' ReEncrypt (Maybe [Text])
+ Amazonka.KMS.ReEncrypt: reEncrypt_sourceEncryptionAlgorithm :: Lens' ReEncrypt (Maybe EncryptionAlgorithmSpec)
+ Amazonka.KMS.ReEncrypt: reEncrypt_sourceEncryptionContext :: Lens' ReEncrypt (Maybe (HashMap Text Text))
+ Amazonka.KMS.ReEncrypt: reEncrypt_sourceKeyId :: Lens' ReEncrypt (Maybe Text)
+ Amazonka.KMS.ReplicateKey: ReplicateKey' :: Maybe Bool -> Maybe Text -> Maybe Text -> Maybe [Tag] -> Text -> Text -> ReplicateKey
+ Amazonka.KMS.ReplicateKey: ReplicateKeyResponse' :: Maybe KeyMetadata -> Maybe Text -> Maybe [Tag] -> Int -> ReplicateKeyResponse
+ Amazonka.KMS.ReplicateKey: [$sel:bypassPolicyLockoutSafetyCheck:ReplicateKey'] :: ReplicateKey -> Maybe Bool
+ Amazonka.KMS.ReplicateKey: [$sel:description:ReplicateKey'] :: ReplicateKey -> Maybe Text
+ Amazonka.KMS.ReplicateKey: [$sel:httpStatus:ReplicateKeyResponse'] :: ReplicateKeyResponse -> Int
+ Amazonka.KMS.ReplicateKey: [$sel:keyId:ReplicateKey'] :: ReplicateKey -> Text
+ Amazonka.KMS.ReplicateKey: [$sel:policy:ReplicateKey'] :: ReplicateKey -> Maybe Text
+ Amazonka.KMS.ReplicateKey: [$sel:replicaKeyMetadata:ReplicateKeyResponse'] :: ReplicateKeyResponse -> Maybe KeyMetadata
+ Amazonka.KMS.ReplicateKey: [$sel:replicaPolicy:ReplicateKeyResponse'] :: ReplicateKeyResponse -> Maybe Text
+ Amazonka.KMS.ReplicateKey: [$sel:replicaRegion:ReplicateKey'] :: ReplicateKey -> Text
+ Amazonka.KMS.ReplicateKey: [$sel:replicaTags:ReplicateKeyResponse'] :: ReplicateKeyResponse -> Maybe [Tag]
+ Amazonka.KMS.ReplicateKey: [$sel:tags:ReplicateKey'] :: ReplicateKey -> Maybe [Tag]
+ Amazonka.KMS.ReplicateKey: data ReplicateKey
+ Amazonka.KMS.ReplicateKey: data ReplicateKeyResponse
+ Amazonka.KMS.ReplicateKey: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance Amazonka.Types.AWSRequest Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance Control.DeepSeq.NFData Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance Control.DeepSeq.NFData Amazonka.KMS.ReplicateKey.ReplicateKeyResponse
+ Amazonka.KMS.ReplicateKey: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance Data.Hashable.Class.Hashable Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance GHC.Classes.Eq Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance GHC.Classes.Eq Amazonka.KMS.ReplicateKey.ReplicateKeyResponse
+ Amazonka.KMS.ReplicateKey: instance GHC.Generics.Generic Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance GHC.Generics.Generic Amazonka.KMS.ReplicateKey.ReplicateKeyResponse
+ Amazonka.KMS.ReplicateKey: instance GHC.Read.Read Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance GHC.Read.Read Amazonka.KMS.ReplicateKey.ReplicateKeyResponse
+ Amazonka.KMS.ReplicateKey: instance GHC.Show.Show Amazonka.KMS.ReplicateKey.ReplicateKey
+ Amazonka.KMS.ReplicateKey: instance GHC.Show.Show Amazonka.KMS.ReplicateKey.ReplicateKeyResponse
+ Amazonka.KMS.ReplicateKey: newReplicateKey :: Text -> Text -> ReplicateKey
+ Amazonka.KMS.ReplicateKey: newReplicateKeyResponse :: Int -> ReplicateKeyResponse
+ Amazonka.KMS.ReplicateKey: replicateKeyResponse_httpStatus :: Lens' ReplicateKeyResponse Int
+ Amazonka.KMS.ReplicateKey: replicateKeyResponse_replicaKeyMetadata :: Lens' ReplicateKeyResponse (Maybe KeyMetadata)
+ Amazonka.KMS.ReplicateKey: replicateKeyResponse_replicaPolicy :: Lens' ReplicateKeyResponse (Maybe Text)
+ Amazonka.KMS.ReplicateKey: replicateKeyResponse_replicaTags :: Lens' ReplicateKeyResponse (Maybe [Tag])
+ Amazonka.KMS.ReplicateKey: replicateKey_bypassPolicyLockoutSafetyCheck :: Lens' ReplicateKey (Maybe Bool)
+ Amazonka.KMS.ReplicateKey: replicateKey_description :: Lens' ReplicateKey (Maybe Text)
+ Amazonka.KMS.ReplicateKey: replicateKey_keyId :: Lens' ReplicateKey Text
+ Amazonka.KMS.ReplicateKey: replicateKey_policy :: Lens' ReplicateKey (Maybe Text)
+ Amazonka.KMS.ReplicateKey: replicateKey_replicaRegion :: Lens' ReplicateKey Text
+ Amazonka.KMS.ReplicateKey: replicateKey_tags :: Lens' ReplicateKey (Maybe [Tag])
+ Amazonka.KMS.RetireGrant: RetireGrant' :: Maybe Text -> Maybe Text -> Maybe Text -> RetireGrant
+ Amazonka.KMS.RetireGrant: RetireGrantResponse' :: RetireGrantResponse
+ Amazonka.KMS.RetireGrant: [$sel:grantId:RetireGrant'] :: RetireGrant -> Maybe Text
+ Amazonka.KMS.RetireGrant: [$sel:grantToken:RetireGrant'] :: RetireGrant -> Maybe Text
+ Amazonka.KMS.RetireGrant: [$sel:keyId:RetireGrant'] :: RetireGrant -> Maybe Text
+ Amazonka.KMS.RetireGrant: data RetireGrant
+ Amazonka.KMS.RetireGrant: data RetireGrantResponse
+ Amazonka.KMS.RetireGrant: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance Amazonka.Data.Path.ToPath Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance Amazonka.Types.AWSRequest Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance Control.DeepSeq.NFData Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance Control.DeepSeq.NFData Amazonka.KMS.RetireGrant.RetireGrantResponse
+ Amazonka.KMS.RetireGrant: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance Data.Hashable.Class.Hashable Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance GHC.Classes.Eq Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance GHC.Classes.Eq Amazonka.KMS.RetireGrant.RetireGrantResponse
+ Amazonka.KMS.RetireGrant: instance GHC.Generics.Generic Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance GHC.Generics.Generic Amazonka.KMS.RetireGrant.RetireGrantResponse
+ Amazonka.KMS.RetireGrant: instance GHC.Read.Read Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance GHC.Read.Read Amazonka.KMS.RetireGrant.RetireGrantResponse
+ Amazonka.KMS.RetireGrant: instance GHC.Show.Show Amazonka.KMS.RetireGrant.RetireGrant
+ Amazonka.KMS.RetireGrant: instance GHC.Show.Show Amazonka.KMS.RetireGrant.RetireGrantResponse
+ Amazonka.KMS.RetireGrant: newRetireGrant :: RetireGrant
+ Amazonka.KMS.RetireGrant: newRetireGrantResponse :: RetireGrantResponse
+ Amazonka.KMS.RetireGrant: retireGrant_grantId :: Lens' RetireGrant (Maybe Text)
+ Amazonka.KMS.RetireGrant: retireGrant_grantToken :: Lens' RetireGrant (Maybe Text)
+ Amazonka.KMS.RetireGrant: retireGrant_keyId :: Lens' RetireGrant (Maybe Text)
+ Amazonka.KMS.RevokeGrant: RevokeGrant' :: Text -> Text -> RevokeGrant
+ Amazonka.KMS.RevokeGrant: RevokeGrantResponse' :: RevokeGrantResponse
+ Amazonka.KMS.RevokeGrant: [$sel:grantId:RevokeGrant'] :: RevokeGrant -> Text
+ Amazonka.KMS.RevokeGrant: [$sel:keyId:RevokeGrant'] :: RevokeGrant -> Text
+ Amazonka.KMS.RevokeGrant: data RevokeGrant
+ Amazonka.KMS.RevokeGrant: data RevokeGrantResponse
+ Amazonka.KMS.RevokeGrant: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance Amazonka.Data.Path.ToPath Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance Amazonka.Types.AWSRequest Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance Control.DeepSeq.NFData Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance Control.DeepSeq.NFData Amazonka.KMS.RevokeGrant.RevokeGrantResponse
+ Amazonka.KMS.RevokeGrant: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance Data.Hashable.Class.Hashable Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance GHC.Classes.Eq Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance GHC.Classes.Eq Amazonka.KMS.RevokeGrant.RevokeGrantResponse
+ Amazonka.KMS.RevokeGrant: instance GHC.Generics.Generic Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance GHC.Generics.Generic Amazonka.KMS.RevokeGrant.RevokeGrantResponse
+ Amazonka.KMS.RevokeGrant: instance GHC.Read.Read Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance GHC.Read.Read Amazonka.KMS.RevokeGrant.RevokeGrantResponse
+ Amazonka.KMS.RevokeGrant: instance GHC.Show.Show Amazonka.KMS.RevokeGrant.RevokeGrant
+ Amazonka.KMS.RevokeGrant: instance GHC.Show.Show Amazonka.KMS.RevokeGrant.RevokeGrantResponse
+ Amazonka.KMS.RevokeGrant: newRevokeGrant :: Text -> Text -> RevokeGrant
+ Amazonka.KMS.RevokeGrant: newRevokeGrantResponse :: RevokeGrantResponse
+ Amazonka.KMS.RevokeGrant: revokeGrant_grantId :: Lens' RevokeGrant Text
+ Amazonka.KMS.RevokeGrant: revokeGrant_keyId :: Lens' RevokeGrant Text
+ Amazonka.KMS.ScheduleKeyDeletion: ScheduleKeyDeletion' :: Maybe Natural -> Text -> ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: ScheduleKeyDeletionResponse' :: Maybe POSIX -> Maybe Text -> Maybe KeyState -> Maybe Natural -> Int -> ScheduleKeyDeletionResponse
+ Amazonka.KMS.ScheduleKeyDeletion: [$sel:deletionDate:ScheduleKeyDeletionResponse'] :: ScheduleKeyDeletionResponse -> Maybe POSIX
+ Amazonka.KMS.ScheduleKeyDeletion: [$sel:httpStatus:ScheduleKeyDeletionResponse'] :: ScheduleKeyDeletionResponse -> Int
+ Amazonka.KMS.ScheduleKeyDeletion: [$sel:keyId:ScheduleKeyDeletion'] :: ScheduleKeyDeletion -> Text
+ Amazonka.KMS.ScheduleKeyDeletion: [$sel:keyId:ScheduleKeyDeletionResponse'] :: ScheduleKeyDeletionResponse -> Maybe Text
+ Amazonka.KMS.ScheduleKeyDeletion: [$sel:keyState:ScheduleKeyDeletionResponse'] :: ScheduleKeyDeletionResponse -> Maybe KeyState
+ Amazonka.KMS.ScheduleKeyDeletion: [$sel:pendingWindowInDays:ScheduleKeyDeletion'] :: ScheduleKeyDeletion -> Maybe Natural
+ Amazonka.KMS.ScheduleKeyDeletion: [$sel:pendingWindowInDays:ScheduleKeyDeletionResponse'] :: ScheduleKeyDeletionResponse -> Maybe Natural
+ Amazonka.KMS.ScheduleKeyDeletion: data ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: data ScheduleKeyDeletionResponse
+ Amazonka.KMS.ScheduleKeyDeletion: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance Amazonka.Data.Path.ToPath Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance Amazonka.Types.AWSRequest Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance Control.DeepSeq.NFData Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance Control.DeepSeq.NFData Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Amazonka.KMS.ScheduleKeyDeletion: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance Data.Hashable.Class.Hashable Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance GHC.Classes.Eq Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance GHC.Classes.Eq Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Amazonka.KMS.ScheduleKeyDeletion: instance GHC.Generics.Generic Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance GHC.Generics.Generic Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Amazonka.KMS.ScheduleKeyDeletion: instance GHC.Read.Read Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance GHC.Read.Read Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Amazonka.KMS.ScheduleKeyDeletion: instance GHC.Show.Show Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: instance GHC.Show.Show Amazonka.KMS.ScheduleKeyDeletion.ScheduleKeyDeletionResponse
+ Amazonka.KMS.ScheduleKeyDeletion: newScheduleKeyDeletion :: Text -> ScheduleKeyDeletion
+ Amazonka.KMS.ScheduleKeyDeletion: newScheduleKeyDeletionResponse :: Int -> ScheduleKeyDeletionResponse
+ Amazonka.KMS.ScheduleKeyDeletion: scheduleKeyDeletionResponse_deletionDate :: Lens' ScheduleKeyDeletionResponse (Maybe UTCTime)
+ Amazonka.KMS.ScheduleKeyDeletion: scheduleKeyDeletionResponse_httpStatus :: Lens' ScheduleKeyDeletionResponse Int
+ Amazonka.KMS.ScheduleKeyDeletion: scheduleKeyDeletionResponse_keyId :: Lens' ScheduleKeyDeletionResponse (Maybe Text)
+ Amazonka.KMS.ScheduleKeyDeletion: scheduleKeyDeletionResponse_keyState :: Lens' ScheduleKeyDeletionResponse (Maybe KeyState)
+ Amazonka.KMS.ScheduleKeyDeletion: scheduleKeyDeletionResponse_pendingWindowInDays :: Lens' ScheduleKeyDeletionResponse (Maybe Natural)
+ Amazonka.KMS.ScheduleKeyDeletion: scheduleKeyDeletion_keyId :: Lens' ScheduleKeyDeletion Text
+ Amazonka.KMS.ScheduleKeyDeletion: scheduleKeyDeletion_pendingWindowInDays :: Lens' ScheduleKeyDeletion (Maybe Natural)
+ Amazonka.KMS.Sign: Sign' :: Maybe [Text] -> Maybe MessageType -> Text -> Sensitive Base64 -> SigningAlgorithmSpec -> Sign
+ Amazonka.KMS.Sign: SignResponse' :: Maybe Text -> Maybe Base64 -> Maybe SigningAlgorithmSpec -> Int -> SignResponse
+ Amazonka.KMS.Sign: [$sel:grantTokens:Sign'] :: Sign -> Maybe [Text]
+ Amazonka.KMS.Sign: [$sel:httpStatus:SignResponse'] :: SignResponse -> Int
+ Amazonka.KMS.Sign: [$sel:keyId:Sign'] :: Sign -> Text
+ Amazonka.KMS.Sign: [$sel:keyId:SignResponse'] :: SignResponse -> Maybe Text
+ Amazonka.KMS.Sign: [$sel:message:Sign'] :: Sign -> Sensitive Base64
+ Amazonka.KMS.Sign: [$sel:messageType:Sign'] :: Sign -> Maybe MessageType
+ Amazonka.KMS.Sign: [$sel:signature:SignResponse'] :: SignResponse -> Maybe Base64
+ Amazonka.KMS.Sign: [$sel:signingAlgorithm:Sign'] :: Sign -> SigningAlgorithmSpec
+ Amazonka.KMS.Sign: [$sel:signingAlgorithm:SignResponse'] :: SignResponse -> Maybe SigningAlgorithmSpec
+ Amazonka.KMS.Sign: data Sign
+ Amazonka.KMS.Sign: data SignResponse
+ Amazonka.KMS.Sign: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance Amazonka.Data.Path.ToPath Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance Amazonka.Types.AWSRequest Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance Control.DeepSeq.NFData Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance Control.DeepSeq.NFData Amazonka.KMS.Sign.SignResponse
+ Amazonka.KMS.Sign: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance Data.Hashable.Class.Hashable Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance GHC.Classes.Eq Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance GHC.Classes.Eq Amazonka.KMS.Sign.SignResponse
+ Amazonka.KMS.Sign: instance GHC.Generics.Generic Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance GHC.Generics.Generic Amazonka.KMS.Sign.SignResponse
+ Amazonka.KMS.Sign: instance GHC.Read.Read Amazonka.KMS.Sign.SignResponse
+ Amazonka.KMS.Sign: instance GHC.Show.Show Amazonka.KMS.Sign.Sign
+ Amazonka.KMS.Sign: instance GHC.Show.Show Amazonka.KMS.Sign.SignResponse
+ Amazonka.KMS.Sign: newSign :: Text -> ByteString -> SigningAlgorithmSpec -> Sign
+ Amazonka.KMS.Sign: newSignResponse :: Int -> SignResponse
+ Amazonka.KMS.Sign: signResponse_httpStatus :: Lens' SignResponse Int
+ Amazonka.KMS.Sign: signResponse_keyId :: Lens' SignResponse (Maybe Text)
+ Amazonka.KMS.Sign: signResponse_signature :: Lens' SignResponse (Maybe ByteString)
+ Amazonka.KMS.Sign: signResponse_signingAlgorithm :: Lens' SignResponse (Maybe SigningAlgorithmSpec)
+ Amazonka.KMS.Sign: sign_grantTokens :: Lens' Sign (Maybe [Text])
+ Amazonka.KMS.Sign: sign_keyId :: Lens' Sign Text
+ Amazonka.KMS.Sign: sign_message :: Lens' Sign ByteString
+ Amazonka.KMS.Sign: sign_messageType :: Lens' Sign (Maybe MessageType)
+ Amazonka.KMS.Sign: sign_signingAlgorithm :: Lens' Sign SigningAlgorithmSpec
+ Amazonka.KMS.TagResource: TagResource' :: Text -> [Tag] -> TagResource
+ Amazonka.KMS.TagResource: TagResourceResponse' :: TagResourceResponse
+ Amazonka.KMS.TagResource: [$sel:keyId:TagResource'] :: TagResource -> Text
+ Amazonka.KMS.TagResource: [$sel:tags:TagResource'] :: TagResource -> [Tag]
+ Amazonka.KMS.TagResource: data TagResource
+ Amazonka.KMS.TagResource: data TagResourceResponse
+ Amazonka.KMS.TagResource: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance Amazonka.Data.Path.ToPath Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance Amazonka.Types.AWSRequest Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance Control.DeepSeq.NFData Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance Control.DeepSeq.NFData Amazonka.KMS.TagResource.TagResourceResponse
+ Amazonka.KMS.TagResource: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance Data.Hashable.Class.Hashable Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance GHC.Classes.Eq Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance GHC.Classes.Eq Amazonka.KMS.TagResource.TagResourceResponse
+ Amazonka.KMS.TagResource: instance GHC.Generics.Generic Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance GHC.Generics.Generic Amazonka.KMS.TagResource.TagResourceResponse
+ Amazonka.KMS.TagResource: instance GHC.Read.Read Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance GHC.Read.Read Amazonka.KMS.TagResource.TagResourceResponse
+ Amazonka.KMS.TagResource: instance GHC.Show.Show Amazonka.KMS.TagResource.TagResource
+ Amazonka.KMS.TagResource: instance GHC.Show.Show Amazonka.KMS.TagResource.TagResourceResponse
+ Amazonka.KMS.TagResource: newTagResource :: Text -> TagResource
+ Amazonka.KMS.TagResource: newTagResourceResponse :: TagResourceResponse
+ Amazonka.KMS.TagResource: tagResource_keyId :: Lens' TagResource Text
+ Amazonka.KMS.TagResource: tagResource_tags :: Lens' TagResource [Tag]
+ Amazonka.KMS.Types: AlgorithmSpec' :: Text -> AlgorithmSpec
+ Amazonka.KMS.Types: AliasListEntry' :: Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> AliasListEntry
+ Amazonka.KMS.Types: ConnectionErrorCodeType' :: Text -> ConnectionErrorCodeType
+ Amazonka.KMS.Types: ConnectionStateType' :: Text -> ConnectionStateType
+ Amazonka.KMS.Types: CustomKeyStoreType' :: Text -> CustomKeyStoreType
+ Amazonka.KMS.Types: CustomKeyStoresListEntry' :: Maybe Text -> Maybe ConnectionErrorCodeType -> Maybe ConnectionStateType -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe CustomKeyStoreType -> Maybe Text -> Maybe XksProxyConfigurationType -> CustomKeyStoresListEntry
+ Amazonka.KMS.Types: CustomerMasterKeySpec' :: Text -> CustomerMasterKeySpec
+ Amazonka.KMS.Types: DataKeyPairSpec' :: Text -> DataKeyPairSpec
+ Amazonka.KMS.Types: DataKeySpec' :: Text -> DataKeySpec
+ Amazonka.KMS.Types: EncryptionAlgorithmSpec' :: Text -> EncryptionAlgorithmSpec
+ Amazonka.KMS.Types: ExpirationModelType' :: Text -> ExpirationModelType
+ Amazonka.KMS.Types: GrantConstraints' :: Maybe (HashMap Text Text) -> Maybe (HashMap Text Text) -> GrantConstraints
+ Amazonka.KMS.Types: GrantListEntry' :: Maybe GrantConstraints -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe [GrantOperation] -> Maybe Text -> GrantListEntry
+ Amazonka.KMS.Types: GrantOperation' :: Text -> GrantOperation
+ Amazonka.KMS.Types: KeyListEntry' :: Maybe Text -> Maybe Text -> KeyListEntry
+ Amazonka.KMS.Types: KeyManagerType' :: Text -> KeyManagerType
+ Amazonka.KMS.Types: KeyMetadata' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe CustomerMasterKeySpec -> Maybe POSIX -> Maybe Text -> Maybe Bool -> Maybe [EncryptionAlgorithmSpec] -> Maybe ExpirationModelType -> Maybe KeyManagerType -> Maybe KeySpec -> Maybe KeyState -> Maybe KeyUsageType -> Maybe [MacAlgorithmSpec] -> Maybe Bool -> Maybe MultiRegionConfiguration -> Maybe OriginType -> Maybe Natural -> Maybe [SigningAlgorithmSpec] -> Maybe POSIX -> Maybe XksKeyConfigurationType -> Text -> KeyMetadata
+ Amazonka.KMS.Types: KeySpec' :: Text -> KeySpec
+ Amazonka.KMS.Types: KeyState' :: Text -> KeyState
+ Amazonka.KMS.Types: KeyUsageType' :: Text -> KeyUsageType
+ Amazonka.KMS.Types: ListGrantsResponse' :: Maybe [GrantListEntry] -> Maybe Text -> Maybe Bool -> ListGrantsResponse
+ Amazonka.KMS.Types: MacAlgorithmSpec' :: Text -> MacAlgorithmSpec
+ Amazonka.KMS.Types: MessageType' :: Text -> MessageType
+ Amazonka.KMS.Types: MultiRegionConfiguration' :: Maybe MultiRegionKeyType -> Maybe MultiRegionKey -> Maybe [MultiRegionKey] -> MultiRegionConfiguration
+ Amazonka.KMS.Types: MultiRegionKey' :: Maybe Text -> Maybe Text -> MultiRegionKey
+ Amazonka.KMS.Types: MultiRegionKeyType' :: Text -> MultiRegionKeyType
+ Amazonka.KMS.Types: OriginType' :: Text -> OriginType
+ Amazonka.KMS.Types: SigningAlgorithmSpec' :: Text -> SigningAlgorithmSpec
+ Amazonka.KMS.Types: Tag' :: Text -> Text -> Tag
+ Amazonka.KMS.Types: WrappingKeySpec' :: Text -> WrappingKeySpec
+ Amazonka.KMS.Types: XksKeyConfigurationType' :: Maybe Text -> XksKeyConfigurationType
+ Amazonka.KMS.Types: XksProxyAuthenticationCredentialType' :: Sensitive Text -> Sensitive Text -> XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types: XksProxyConfigurationType' :: Maybe (Sensitive Text) -> Maybe XksProxyConnectivityType -> Maybe Text -> Maybe Text -> Maybe Text -> XksProxyConfigurationType
+ Amazonka.KMS.Types: XksProxyConnectivityType' :: Text -> XksProxyConnectivityType
+ Amazonka.KMS.Types: [$sel:aWSAccountId:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types: [$sel:accessKeyId:XksProxyAuthenticationCredentialType'] :: XksProxyAuthenticationCredentialType -> Sensitive Text
+ Amazonka.KMS.Types: [$sel:accessKeyId:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe (Sensitive Text)
+ Amazonka.KMS.Types: [$sel:aliasArn:AliasListEntry'] :: AliasListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:aliasName:AliasListEntry'] :: AliasListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:arn:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types: [$sel:arn:MultiRegionKey'] :: MultiRegionKey -> Maybe Text
+ Amazonka.KMS.Types: [$sel:cloudHsmClusterId:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:cloudHsmClusterId:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types: [$sel:connectionErrorCode:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe ConnectionErrorCodeType
+ Amazonka.KMS.Types: [$sel:connectionState:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe ConnectionStateType
+ Amazonka.KMS.Types: [$sel:connectivity:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe XksProxyConnectivityType
+ Amazonka.KMS.Types: [$sel:constraints:GrantListEntry'] :: GrantListEntry -> Maybe GrantConstraints
+ Amazonka.KMS.Types: [$sel:creationDate:AliasListEntry'] :: AliasListEntry -> Maybe POSIX
+ Amazonka.KMS.Types: [$sel:creationDate:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe POSIX
+ Amazonka.KMS.Types: [$sel:creationDate:GrantListEntry'] :: GrantListEntry -> Maybe POSIX
+ Amazonka.KMS.Types: [$sel:creationDate:KeyMetadata'] :: KeyMetadata -> Maybe POSIX
+ Amazonka.KMS.Types: [$sel:customKeyStoreId:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:customKeyStoreId:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types: [$sel:customKeyStoreName:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:customKeyStoreType:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe CustomKeyStoreType
+ Amazonka.KMS.Types: [$sel:customerMasterKeySpec:KeyMetadata'] :: KeyMetadata -> Maybe CustomerMasterKeySpec
+ Amazonka.KMS.Types: [$sel:deletionDate:KeyMetadata'] :: KeyMetadata -> Maybe POSIX
+ Amazonka.KMS.Types: [$sel:description:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types: [$sel:enabled:KeyMetadata'] :: KeyMetadata -> Maybe Bool
+ Amazonka.KMS.Types: [$sel:encryptionAlgorithms:KeyMetadata'] :: KeyMetadata -> Maybe [EncryptionAlgorithmSpec]
+ Amazonka.KMS.Types: [$sel:encryptionContextEquals:GrantConstraints'] :: GrantConstraints -> Maybe (HashMap Text Text)
+ Amazonka.KMS.Types: [$sel:encryptionContextSubset:GrantConstraints'] :: GrantConstraints -> Maybe (HashMap Text Text)
+ Amazonka.KMS.Types: [$sel:expirationModel:KeyMetadata'] :: KeyMetadata -> Maybe ExpirationModelType
+ Amazonka.KMS.Types: [$sel:grantId:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:granteePrincipal:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:grants:ListGrantsResponse'] :: ListGrantsResponse -> Maybe [GrantListEntry]
+ Amazonka.KMS.Types: [$sel:id:XksKeyConfigurationType'] :: XksKeyConfigurationType -> Maybe Text
+ Amazonka.KMS.Types: [$sel:issuingAccount:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:keyArn:KeyListEntry'] :: KeyListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:keyId:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:keyId:KeyListEntry'] :: KeyListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:keyId:KeyMetadata'] :: KeyMetadata -> Text
+ Amazonka.KMS.Types: [$sel:keyManager:KeyMetadata'] :: KeyMetadata -> Maybe KeyManagerType
+ Amazonka.KMS.Types: [$sel:keySpec:KeyMetadata'] :: KeyMetadata -> Maybe KeySpec
+ Amazonka.KMS.Types: [$sel:keyState:KeyMetadata'] :: KeyMetadata -> Maybe KeyState
+ Amazonka.KMS.Types: [$sel:keyUsage:KeyMetadata'] :: KeyMetadata -> Maybe KeyUsageType
+ Amazonka.KMS.Types: [$sel:lastUpdatedDate:AliasListEntry'] :: AliasListEntry -> Maybe POSIX
+ Amazonka.KMS.Types: [$sel:macAlgorithms:KeyMetadata'] :: KeyMetadata -> Maybe [MacAlgorithmSpec]
+ Amazonka.KMS.Types: [$sel:multiRegion:KeyMetadata'] :: KeyMetadata -> Maybe Bool
+ Amazonka.KMS.Types: [$sel:multiRegionConfiguration:KeyMetadata'] :: KeyMetadata -> Maybe MultiRegionConfiguration
+ Amazonka.KMS.Types: [$sel:multiRegionKeyType:MultiRegionConfiguration'] :: MultiRegionConfiguration -> Maybe MultiRegionKeyType
+ Amazonka.KMS.Types: [$sel:name:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:nextMarker:ListGrantsResponse'] :: ListGrantsResponse -> Maybe Text
+ Amazonka.KMS.Types: [$sel:operations:GrantListEntry'] :: GrantListEntry -> Maybe [GrantOperation]
+ Amazonka.KMS.Types: [$sel:origin:KeyMetadata'] :: KeyMetadata -> Maybe OriginType
+ Amazonka.KMS.Types: [$sel:pendingDeletionWindowInDays:KeyMetadata'] :: KeyMetadata -> Maybe Natural
+ Amazonka.KMS.Types: [$sel:primaryKey:MultiRegionConfiguration'] :: MultiRegionConfiguration -> Maybe MultiRegionKey
+ Amazonka.KMS.Types: [$sel:rawSecretAccessKey:XksProxyAuthenticationCredentialType'] :: XksProxyAuthenticationCredentialType -> Sensitive Text
+ Amazonka.KMS.Types: [$sel:region:MultiRegionKey'] :: MultiRegionKey -> Maybe Text
+ Amazonka.KMS.Types: [$sel:replicaKeys:MultiRegionConfiguration'] :: MultiRegionConfiguration -> Maybe [MultiRegionKey]
+ Amazonka.KMS.Types: [$sel:retiringPrincipal:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:signingAlgorithms:KeyMetadata'] :: KeyMetadata -> Maybe [SigningAlgorithmSpec]
+ Amazonka.KMS.Types: [$sel:tagKey:Tag'] :: Tag -> Text
+ Amazonka.KMS.Types: [$sel:tagValue:Tag'] :: Tag -> Text
+ Amazonka.KMS.Types: [$sel:targetKeyId:AliasListEntry'] :: AliasListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:truncated:ListGrantsResponse'] :: ListGrantsResponse -> Maybe Bool
+ Amazonka.KMS.Types: [$sel:trustAnchorCertificate:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe Text
+ Amazonka.KMS.Types: [$sel:uriEndpoint:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe Text
+ Amazonka.KMS.Types: [$sel:uriPath:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe Text
+ Amazonka.KMS.Types: [$sel:validTo:KeyMetadata'] :: KeyMetadata -> Maybe POSIX
+ Amazonka.KMS.Types: [$sel:vpcEndpointServiceName:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe Text
+ Amazonka.KMS.Types: [$sel:xksKeyConfiguration:KeyMetadata'] :: KeyMetadata -> Maybe XksKeyConfigurationType
+ Amazonka.KMS.Types: [$sel:xksProxyConfiguration:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe XksProxyConfigurationType
+ Amazonka.KMS.Types: [fromAlgorithmSpec] :: AlgorithmSpec -> Text
+ Amazonka.KMS.Types: [fromConnectionErrorCodeType] :: ConnectionErrorCodeType -> Text
+ Amazonka.KMS.Types: [fromConnectionStateType] :: ConnectionStateType -> Text
+ Amazonka.KMS.Types: [fromCustomKeyStoreType] :: CustomKeyStoreType -> Text
+ Amazonka.KMS.Types: [fromCustomerMasterKeySpec] :: CustomerMasterKeySpec -> Text
+ Amazonka.KMS.Types: [fromDataKeyPairSpec] :: DataKeyPairSpec -> Text
+ Amazonka.KMS.Types: [fromDataKeySpec] :: DataKeySpec -> Text
+ Amazonka.KMS.Types: [fromEncryptionAlgorithmSpec] :: EncryptionAlgorithmSpec -> Text
+ Amazonka.KMS.Types: [fromExpirationModelType] :: ExpirationModelType -> Text
+ Amazonka.KMS.Types: [fromGrantOperation] :: GrantOperation -> Text
+ Amazonka.KMS.Types: [fromKeyManagerType] :: KeyManagerType -> Text
+ Amazonka.KMS.Types: [fromKeySpec] :: KeySpec -> Text
+ Amazonka.KMS.Types: [fromKeyState] :: KeyState -> Text
+ Amazonka.KMS.Types: [fromKeyUsageType] :: KeyUsageType -> Text
+ Amazonka.KMS.Types: [fromMacAlgorithmSpec] :: MacAlgorithmSpec -> Text
+ Amazonka.KMS.Types: [fromMessageType] :: MessageType -> Text
+ Amazonka.KMS.Types: [fromMultiRegionKeyType] :: MultiRegionKeyType -> Text
+ Amazonka.KMS.Types: [fromOriginType] :: OriginType -> Text
+ Amazonka.KMS.Types: [fromSigningAlgorithmSpec] :: SigningAlgorithmSpec -> Text
+ Amazonka.KMS.Types: [fromWrappingKeySpec] :: WrappingKeySpec -> Text
+ Amazonka.KMS.Types: [fromXksProxyConnectivityType] :: XksProxyConnectivityType -> Text
+ Amazonka.KMS.Types: _AlreadyExistsException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _CloudHsmClusterInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _CloudHsmClusterInvalidConfigurationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _CloudHsmClusterNotActiveException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _CloudHsmClusterNotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _CloudHsmClusterNotRelatedException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _CustomKeyStoreHasCMKsException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _CustomKeyStoreInvalidStateException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _CustomKeyStoreNameInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _CustomKeyStoreNotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _DependencyTimeoutException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _DisabledException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _ExpiredImportTokenException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _IncorrectKeyException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _IncorrectKeyMaterialException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _IncorrectTrustAnchorException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _InvalidAliasNameException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _InvalidArnException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _InvalidCiphertextException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _InvalidGrantIdException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _InvalidGrantTokenException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _InvalidImportTokenException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _InvalidKeyUsageException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _InvalidMarkerException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _KMSInternalException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _KMSInvalidMacException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _KMSInvalidSignatureException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _KMSInvalidStateException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _KeyUnavailableException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _LimitExceededException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _MalformedPolicyDocumentException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _NotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _TagException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _UnsupportedOperationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksKeyAlreadyInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksKeyInvalidConfigurationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksKeyNotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksProxyIncorrectAuthenticationCredentialException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksProxyInvalidConfigurationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksProxyInvalidResponseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksProxyUriEndpointInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksProxyUriInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksProxyUriUnreachableException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksProxyVpcEndpointServiceInUseException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksProxyVpcEndpointServiceInvalidConfigurationException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: _XksProxyVpcEndpointServiceNotFoundException :: AsError a => Fold a ServiceError
+ Amazonka.KMS.Types: aliasListEntry_aliasArn :: Lens' AliasListEntry (Maybe Text)
+ Amazonka.KMS.Types: aliasListEntry_aliasName :: Lens' AliasListEntry (Maybe Text)
+ Amazonka.KMS.Types: aliasListEntry_creationDate :: Lens' AliasListEntry (Maybe UTCTime)
+ Amazonka.KMS.Types: aliasListEntry_lastUpdatedDate :: Lens' AliasListEntry (Maybe UTCTime)
+ Amazonka.KMS.Types: aliasListEntry_targetKeyId :: Lens' AliasListEntry (Maybe Text)
+ Amazonka.KMS.Types: customKeyStoresListEntry_cloudHsmClusterId :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Types: customKeyStoresListEntry_connectionErrorCode :: Lens' CustomKeyStoresListEntry (Maybe ConnectionErrorCodeType)
+ Amazonka.KMS.Types: customKeyStoresListEntry_connectionState :: Lens' CustomKeyStoresListEntry (Maybe ConnectionStateType)
+ Amazonka.KMS.Types: customKeyStoresListEntry_creationDate :: Lens' CustomKeyStoresListEntry (Maybe UTCTime)
+ Amazonka.KMS.Types: customKeyStoresListEntry_customKeyStoreId :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Types: customKeyStoresListEntry_customKeyStoreName :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Types: customKeyStoresListEntry_customKeyStoreType :: Lens' CustomKeyStoresListEntry (Maybe CustomKeyStoreType)
+ Amazonka.KMS.Types: customKeyStoresListEntry_trustAnchorCertificate :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Types: customKeyStoresListEntry_xksProxyConfiguration :: Lens' CustomKeyStoresListEntry (Maybe XksProxyConfigurationType)
+ Amazonka.KMS.Types: data AliasListEntry
+ Amazonka.KMS.Types: data CustomKeyStoresListEntry
+ Amazonka.KMS.Types: data GrantConstraints
+ Amazonka.KMS.Types: data GrantListEntry
+ Amazonka.KMS.Types: data KeyListEntry
+ Amazonka.KMS.Types: data KeyMetadata
+ Amazonka.KMS.Types: data ListGrantsResponse
+ Amazonka.KMS.Types: data MultiRegionConfiguration
+ Amazonka.KMS.Types: data MultiRegionKey
+ Amazonka.KMS.Types: data Tag
+ Amazonka.KMS.Types: data XksKeyConfigurationType
+ Amazonka.KMS.Types: data XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types: data XksProxyConfigurationType
+ Amazonka.KMS.Types: defaultService :: Service
+ Amazonka.KMS.Types: grantConstraints_encryptionContextEquals :: Lens' GrantConstraints (Maybe (HashMap Text Text))
+ Amazonka.KMS.Types: grantConstraints_encryptionContextSubset :: Lens' GrantConstraints (Maybe (HashMap Text Text))
+ Amazonka.KMS.Types: grantListEntry_constraints :: Lens' GrantListEntry (Maybe GrantConstraints)
+ Amazonka.KMS.Types: grantListEntry_creationDate :: Lens' GrantListEntry (Maybe UTCTime)
+ Amazonka.KMS.Types: grantListEntry_grantId :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types: grantListEntry_granteePrincipal :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types: grantListEntry_issuingAccount :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types: grantListEntry_keyId :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types: grantListEntry_name :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types: grantListEntry_operations :: Lens' GrantListEntry (Maybe [GrantOperation])
+ Amazonka.KMS.Types: grantListEntry_retiringPrincipal :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types: keyListEntry_keyArn :: Lens' KeyListEntry (Maybe Text)
+ Amazonka.KMS.Types: keyListEntry_keyId :: Lens' KeyListEntry (Maybe Text)
+ Amazonka.KMS.Types: keyMetadata_aWSAccountId :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types: keyMetadata_arn :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types: keyMetadata_cloudHsmClusterId :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types: keyMetadata_creationDate :: Lens' KeyMetadata (Maybe UTCTime)
+ Amazonka.KMS.Types: keyMetadata_customKeyStoreId :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types: keyMetadata_customerMasterKeySpec :: Lens' KeyMetadata (Maybe CustomerMasterKeySpec)
+ Amazonka.KMS.Types: keyMetadata_deletionDate :: Lens' KeyMetadata (Maybe UTCTime)
+ Amazonka.KMS.Types: keyMetadata_description :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types: keyMetadata_enabled :: Lens' KeyMetadata (Maybe Bool)
+ Amazonka.KMS.Types: keyMetadata_encryptionAlgorithms :: Lens' KeyMetadata (Maybe [EncryptionAlgorithmSpec])
+ Amazonka.KMS.Types: keyMetadata_expirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType)
+ Amazonka.KMS.Types: keyMetadata_keyId :: Lens' KeyMetadata Text
+ Amazonka.KMS.Types: keyMetadata_keyManager :: Lens' KeyMetadata (Maybe KeyManagerType)
+ Amazonka.KMS.Types: keyMetadata_keySpec :: Lens' KeyMetadata (Maybe KeySpec)
+ Amazonka.KMS.Types: keyMetadata_keyState :: Lens' KeyMetadata (Maybe KeyState)
+ Amazonka.KMS.Types: keyMetadata_keyUsage :: Lens' KeyMetadata (Maybe KeyUsageType)
+ Amazonka.KMS.Types: keyMetadata_macAlgorithms :: Lens' KeyMetadata (Maybe [MacAlgorithmSpec])
+ Amazonka.KMS.Types: keyMetadata_multiRegion :: Lens' KeyMetadata (Maybe Bool)
+ Amazonka.KMS.Types: keyMetadata_multiRegionConfiguration :: Lens' KeyMetadata (Maybe MultiRegionConfiguration)
+ Amazonka.KMS.Types: keyMetadata_origin :: Lens' KeyMetadata (Maybe OriginType)
+ Amazonka.KMS.Types: keyMetadata_pendingDeletionWindowInDays :: Lens' KeyMetadata (Maybe Natural)
+ Amazonka.KMS.Types: keyMetadata_signingAlgorithms :: Lens' KeyMetadata (Maybe [SigningAlgorithmSpec])
+ Amazonka.KMS.Types: keyMetadata_validTo :: Lens' KeyMetadata (Maybe UTCTime)
+ Amazonka.KMS.Types: keyMetadata_xksKeyConfiguration :: Lens' KeyMetadata (Maybe XksKeyConfigurationType)
+ Amazonka.KMS.Types: listGrantsResponse_grants :: Lens' ListGrantsResponse (Maybe [GrantListEntry])
+ Amazonka.KMS.Types: listGrantsResponse_nextMarker :: Lens' ListGrantsResponse (Maybe Text)
+ Amazonka.KMS.Types: listGrantsResponse_truncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Amazonka.KMS.Types: multiRegionConfiguration_multiRegionKeyType :: Lens' MultiRegionConfiguration (Maybe MultiRegionKeyType)
+ Amazonka.KMS.Types: multiRegionConfiguration_primaryKey :: Lens' MultiRegionConfiguration (Maybe MultiRegionKey)
+ Amazonka.KMS.Types: multiRegionConfiguration_replicaKeys :: Lens' MultiRegionConfiguration (Maybe [MultiRegionKey])
+ Amazonka.KMS.Types: multiRegionKey_arn :: Lens' MultiRegionKey (Maybe Text)
+ Amazonka.KMS.Types: multiRegionKey_region :: Lens' MultiRegionKey (Maybe Text)
+ Amazonka.KMS.Types: newAliasListEntry :: AliasListEntry
+ Amazonka.KMS.Types: newCustomKeyStoresListEntry :: CustomKeyStoresListEntry
+ Amazonka.KMS.Types: newGrantConstraints :: GrantConstraints
+ Amazonka.KMS.Types: newGrantListEntry :: GrantListEntry
+ Amazonka.KMS.Types: newKeyListEntry :: KeyListEntry
+ Amazonka.KMS.Types: newKeyMetadata :: Text -> KeyMetadata
+ Amazonka.KMS.Types: newListGrantsResponse :: ListGrantsResponse
+ Amazonka.KMS.Types: newMultiRegionConfiguration :: MultiRegionConfiguration
+ Amazonka.KMS.Types: newMultiRegionKey :: MultiRegionKey
+ Amazonka.KMS.Types: newTag :: Text -> Text -> Tag
+ Amazonka.KMS.Types: newXksKeyConfigurationType :: XksKeyConfigurationType
+ Amazonka.KMS.Types: newXksProxyAuthenticationCredentialType :: Text -> Text -> XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types: newXksProxyConfigurationType :: XksProxyConfigurationType
+ Amazonka.KMS.Types: newtype AlgorithmSpec
+ Amazonka.KMS.Types: newtype ConnectionErrorCodeType
+ Amazonka.KMS.Types: newtype ConnectionStateType
+ Amazonka.KMS.Types: newtype CustomKeyStoreType
+ Amazonka.KMS.Types: newtype CustomerMasterKeySpec
+ Amazonka.KMS.Types: newtype DataKeyPairSpec
+ Amazonka.KMS.Types: newtype DataKeySpec
+ Amazonka.KMS.Types: newtype EncryptionAlgorithmSpec
+ Amazonka.KMS.Types: newtype ExpirationModelType
+ Amazonka.KMS.Types: newtype GrantOperation
+ Amazonka.KMS.Types: newtype KeyManagerType
+ Amazonka.KMS.Types: newtype KeySpec
+ Amazonka.KMS.Types: newtype KeyState
+ Amazonka.KMS.Types: newtype KeyUsageType
+ Amazonka.KMS.Types: newtype MacAlgorithmSpec
+ Amazonka.KMS.Types: newtype MessageType
+ Amazonka.KMS.Types: newtype MultiRegionKeyType
+ Amazonka.KMS.Types: newtype OriginType
+ Amazonka.KMS.Types: newtype SigningAlgorithmSpec
+ Amazonka.KMS.Types: newtype WrappingKeySpec
+ Amazonka.KMS.Types: newtype XksProxyConnectivityType
+ Amazonka.KMS.Types: pattern AlgorithmSpec_RSAES_OAEP_SHA_1 :: AlgorithmSpec
+ Amazonka.KMS.Types: pattern AlgorithmSpec_RSAES_OAEP_SHA_256 :: AlgorithmSpec
+ Amazonka.KMS.Types: pattern AlgorithmSpec_RSAES_PKCS1_V1_5 :: AlgorithmSpec
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_CLUSTER_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_INTERNAL_ERROR :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_INVALID_CREDENTIALS :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_NETWORK_ERRORS :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_SUBNET_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_USER_LOCKED_OUT :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_USER_LOGGED_IN :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_USER_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_XKS_PROXY_ACCESS_DENIED :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_CONFIGURATION :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_RESPONSE :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_TLS_CONFIGURATION :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_XKS_PROXY_NOT_REACHABLE :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_XKS_PROXY_TIMED_OUT :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS.Types: pattern ConnectionStateType_CONNECTED :: ConnectionStateType
+ Amazonka.KMS.Types: pattern ConnectionStateType_CONNECTING :: ConnectionStateType
+ Amazonka.KMS.Types: pattern ConnectionStateType_DISCONNECTED :: ConnectionStateType
+ Amazonka.KMS.Types: pattern ConnectionStateType_DISCONNECTING :: ConnectionStateType
+ Amazonka.KMS.Types: pattern ConnectionStateType_FAILED :: ConnectionStateType
+ Amazonka.KMS.Types: pattern CustomKeyStoreType_AWS_CLOUDHSM :: CustomKeyStoreType
+ Amazonka.KMS.Types: pattern CustomKeyStoreType_EXTERNAL_KEY_STORE :: CustomKeyStoreType
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_ECC_NIST_P256 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_ECC_NIST_P384 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_ECC_NIST_P521 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_ECC_SECG_P256K1 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_HMAC_224 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_HMAC_256 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_HMAC_384 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_HMAC_512 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_RSA_2048 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_RSA_3072 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_RSA_4096 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_SM2 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern CustomerMasterKeySpec_SYMMETRIC_DEFAULT :: CustomerMasterKeySpec
+ Amazonka.KMS.Types: pattern DataKeyPairSpec_ECC_NIST_P256 :: DataKeyPairSpec
+ Amazonka.KMS.Types: pattern DataKeyPairSpec_ECC_NIST_P384 :: DataKeyPairSpec
+ Amazonka.KMS.Types: pattern DataKeyPairSpec_ECC_NIST_P521 :: DataKeyPairSpec
+ Amazonka.KMS.Types: pattern DataKeyPairSpec_ECC_SECG_P256K1 :: DataKeyPairSpec
+ Amazonka.KMS.Types: pattern DataKeyPairSpec_RSA_2048 :: DataKeyPairSpec
+ Amazonka.KMS.Types: pattern DataKeyPairSpec_RSA_3072 :: DataKeyPairSpec
+ Amazonka.KMS.Types: pattern DataKeyPairSpec_RSA_4096 :: DataKeyPairSpec
+ Amazonka.KMS.Types: pattern DataKeyPairSpec_SM2 :: DataKeyPairSpec
+ Amazonka.KMS.Types: pattern DataKeySpec_AES_128 :: DataKeySpec
+ Amazonka.KMS.Types: pattern DataKeySpec_AES_256 :: DataKeySpec
+ Amazonka.KMS.Types: pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1 :: EncryptionAlgorithmSpec
+ Amazonka.KMS.Types: pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256 :: EncryptionAlgorithmSpec
+ Amazonka.KMS.Types: pattern EncryptionAlgorithmSpec_SM2PKE :: EncryptionAlgorithmSpec
+ Amazonka.KMS.Types: pattern EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT :: EncryptionAlgorithmSpec
+ Amazonka.KMS.Types: pattern ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE :: ExpirationModelType
+ Amazonka.KMS.Types: pattern ExpirationModelType_KEY_MATERIAL_EXPIRES :: ExpirationModelType
+ Amazonka.KMS.Types: pattern GrantOperation_CreateGrant :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_Decrypt :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_DescribeKey :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_Encrypt :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_GenerateDataKey :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_GenerateDataKeyPair :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_GenerateDataKeyPairWithoutPlaintext :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_GenerateDataKeyWithoutPlaintext :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_GenerateMac :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_GetPublicKey :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_ReEncryptFrom :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_ReEncryptTo :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_RetireGrant :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_Sign :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_Verify :: GrantOperation
+ Amazonka.KMS.Types: pattern GrantOperation_VerifyMac :: GrantOperation
+ Amazonka.KMS.Types: pattern KeyManagerType_AWS :: KeyManagerType
+ Amazonka.KMS.Types: pattern KeyManagerType_CUSTOMER :: KeyManagerType
+ Amazonka.KMS.Types: pattern KeySpec_ECC_NIST_P256 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_ECC_NIST_P384 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_ECC_NIST_P521 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_ECC_SECG_P256K1 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_HMAC_224 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_HMAC_256 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_HMAC_384 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_HMAC_512 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_RSA_2048 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_RSA_3072 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_RSA_4096 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_SM2 :: KeySpec
+ Amazonka.KMS.Types: pattern KeySpec_SYMMETRIC_DEFAULT :: KeySpec
+ Amazonka.KMS.Types: pattern KeyState_Creating :: KeyState
+ Amazonka.KMS.Types: pattern KeyState_Disabled :: KeyState
+ Amazonka.KMS.Types: pattern KeyState_Enabled :: KeyState
+ Amazonka.KMS.Types: pattern KeyState_PendingDeletion :: KeyState
+ Amazonka.KMS.Types: pattern KeyState_PendingImport :: KeyState
+ Amazonka.KMS.Types: pattern KeyState_PendingReplicaDeletion :: KeyState
+ Amazonka.KMS.Types: pattern KeyState_Unavailable :: KeyState
+ Amazonka.KMS.Types: pattern KeyState_Updating :: KeyState
+ Amazonka.KMS.Types: pattern KeyUsageType_ENCRYPT_DECRYPT :: KeyUsageType
+ Amazonka.KMS.Types: pattern KeyUsageType_GENERATE_VERIFY_MAC :: KeyUsageType
+ Amazonka.KMS.Types: pattern KeyUsageType_SIGN_VERIFY :: KeyUsageType
+ Amazonka.KMS.Types: pattern MacAlgorithmSpec_HMAC_SHA_224 :: MacAlgorithmSpec
+ Amazonka.KMS.Types: pattern MacAlgorithmSpec_HMAC_SHA_256 :: MacAlgorithmSpec
+ Amazonka.KMS.Types: pattern MacAlgorithmSpec_HMAC_SHA_384 :: MacAlgorithmSpec
+ Amazonka.KMS.Types: pattern MacAlgorithmSpec_HMAC_SHA_512 :: MacAlgorithmSpec
+ Amazonka.KMS.Types: pattern MessageType_DIGEST :: MessageType
+ Amazonka.KMS.Types: pattern MessageType_RAW :: MessageType
+ Amazonka.KMS.Types: pattern MultiRegionKeyType_PRIMARY :: MultiRegionKeyType
+ Amazonka.KMS.Types: pattern MultiRegionKeyType_REPLICA :: MultiRegionKeyType
+ Amazonka.KMS.Types: pattern OriginType_AWS_CLOUDHSM :: OriginType
+ Amazonka.KMS.Types: pattern OriginType_AWS_KMS :: OriginType
+ Amazonka.KMS.Types: pattern OriginType_EXTERNAL :: OriginType
+ Amazonka.KMS.Types: pattern OriginType_EXTERNAL_KEY_STORE :: OriginType
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_ECDSA_SHA_256 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_ECDSA_SHA_384 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_ECDSA_SHA_512 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_256 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_384 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_512 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern SigningAlgorithmSpec_SM2DSA :: SigningAlgorithmSpec
+ Amazonka.KMS.Types: pattern WrappingKeySpec_RSA_2048 :: WrappingKeySpec
+ Amazonka.KMS.Types: pattern XksProxyConnectivityType_PUBLIC_ENDPOINT :: XksProxyConnectivityType
+ Amazonka.KMS.Types: pattern XksProxyConnectivityType_VPC_ENDPOINT_SERVICE :: XksProxyConnectivityType
+ Amazonka.KMS.Types: tag_tagKey :: Lens' Tag Text
+ Amazonka.KMS.Types: tag_tagValue :: Lens' Tag Text
+ Amazonka.KMS.Types: xksKeyConfigurationType_id :: Lens' XksKeyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types: xksProxyAuthenticationCredentialType_accessKeyId :: Lens' XksProxyAuthenticationCredentialType Text
+ Amazonka.KMS.Types: xksProxyAuthenticationCredentialType_rawSecretAccessKey :: Lens' XksProxyAuthenticationCredentialType Text
+ Amazonka.KMS.Types: xksProxyConfigurationType_accessKeyId :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types: xksProxyConfigurationType_connectivity :: Lens' XksProxyConfigurationType (Maybe XksProxyConnectivityType)
+ Amazonka.KMS.Types: xksProxyConfigurationType_uriEndpoint :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types: xksProxyConfigurationType_uriPath :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types: xksProxyConfigurationType_vpcEndpointServiceName :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types.AlgorithmSpec: AlgorithmSpec' :: Text -> AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: [fromAlgorithmSpec] :: AlgorithmSpec -> Text
+ Amazonka.KMS.Types.AlgorithmSpec: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Control.DeepSeq.NFData Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance GHC.Classes.Eq Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance GHC.Classes.Ord Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance GHC.Generics.Generic Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance GHC.Read.Read Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: instance GHC.Show.Show Amazonka.KMS.Types.AlgorithmSpec.AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: newtype AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: pattern AlgorithmSpec_RSAES_OAEP_SHA_1 :: AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: pattern AlgorithmSpec_RSAES_OAEP_SHA_256 :: AlgorithmSpec
+ Amazonka.KMS.Types.AlgorithmSpec: pattern AlgorithmSpec_RSAES_PKCS1_V1_5 :: AlgorithmSpec
+ Amazonka.KMS.Types.AliasListEntry: AliasListEntry' :: Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe POSIX -> Maybe Text -> AliasListEntry
+ Amazonka.KMS.Types.AliasListEntry: [$sel:aliasArn:AliasListEntry'] :: AliasListEntry -> Maybe Text
+ Amazonka.KMS.Types.AliasListEntry: [$sel:aliasName:AliasListEntry'] :: AliasListEntry -> Maybe Text
+ Amazonka.KMS.Types.AliasListEntry: [$sel:creationDate:AliasListEntry'] :: AliasListEntry -> Maybe POSIX
+ Amazonka.KMS.Types.AliasListEntry: [$sel:lastUpdatedDate:AliasListEntry'] :: AliasListEntry -> Maybe POSIX
+ Amazonka.KMS.Types.AliasListEntry: [$sel:targetKeyId:AliasListEntry'] :: AliasListEntry -> Maybe Text
+ Amazonka.KMS.Types.AliasListEntry: aliasListEntry_aliasArn :: Lens' AliasListEntry (Maybe Text)
+ Amazonka.KMS.Types.AliasListEntry: aliasListEntry_aliasName :: Lens' AliasListEntry (Maybe Text)
+ Amazonka.KMS.Types.AliasListEntry: aliasListEntry_creationDate :: Lens' AliasListEntry (Maybe UTCTime)
+ Amazonka.KMS.Types.AliasListEntry: aliasListEntry_lastUpdatedDate :: Lens' AliasListEntry (Maybe UTCTime)
+ Amazonka.KMS.Types.AliasListEntry: aliasListEntry_targetKeyId :: Lens' AliasListEntry (Maybe Text)
+ Amazonka.KMS.Types.AliasListEntry: data AliasListEntry
+ Amazonka.KMS.Types.AliasListEntry: instance Control.DeepSeq.NFData Amazonka.KMS.Types.AliasListEntry.AliasListEntry
+ Amazonka.KMS.Types.AliasListEntry: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.AliasListEntry.AliasListEntry
+ Amazonka.KMS.Types.AliasListEntry: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.AliasListEntry.AliasListEntry
+ Amazonka.KMS.Types.AliasListEntry: instance GHC.Classes.Eq Amazonka.KMS.Types.AliasListEntry.AliasListEntry
+ Amazonka.KMS.Types.AliasListEntry: instance GHC.Generics.Generic Amazonka.KMS.Types.AliasListEntry.AliasListEntry
+ Amazonka.KMS.Types.AliasListEntry: instance GHC.Read.Read Amazonka.KMS.Types.AliasListEntry.AliasListEntry
+ Amazonka.KMS.Types.AliasListEntry: instance GHC.Show.Show Amazonka.KMS.Types.AliasListEntry.AliasListEntry
+ Amazonka.KMS.Types.AliasListEntry: newAliasListEntry :: AliasListEntry
+ Amazonka.KMS.Types.ConnectionErrorCodeType: ConnectionErrorCodeType' :: Text -> ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: [fromConnectionErrorCodeType] :: ConnectionErrorCodeType -> Text
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance GHC.Classes.Eq Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance GHC.Classes.Ord Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance GHC.Generics.Generic Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance GHC.Read.Read Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: instance GHC.Show.Show Amazonka.KMS.Types.ConnectionErrorCodeType.ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: newtype ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_CLUSTER_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_INTERNAL_ERROR :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_INVALID_CREDENTIALS :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_NETWORK_ERRORS :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_SUBNET_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_USER_LOCKED_OUT :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_USER_LOGGED_IN :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_USER_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_XKS_PROXY_ACCESS_DENIED :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_CONFIGURATION :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_RESPONSE :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_TLS_CONFIGURATION :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_XKS_PROXY_NOT_REACHABLE :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_XKS_PROXY_TIMED_OUT :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionErrorCodeType: pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND :: ConnectionErrorCodeType
+ Amazonka.KMS.Types.ConnectionStateType: ConnectionStateType' :: Text -> ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: [fromConnectionStateType] :: ConnectionStateType -> Text
+ Amazonka.KMS.Types.ConnectionStateType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance GHC.Classes.Eq Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance GHC.Classes.Ord Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance GHC.Generics.Generic Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance GHC.Read.Read Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: instance GHC.Show.Show Amazonka.KMS.Types.ConnectionStateType.ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: newtype ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: pattern ConnectionStateType_CONNECTED :: ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: pattern ConnectionStateType_CONNECTING :: ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: pattern ConnectionStateType_DISCONNECTED :: ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: pattern ConnectionStateType_DISCONNECTING :: ConnectionStateType
+ Amazonka.KMS.Types.ConnectionStateType: pattern ConnectionStateType_FAILED :: ConnectionStateType
+ Amazonka.KMS.Types.CustomKeyStoreType: CustomKeyStoreType' :: Text -> CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: [fromCustomKeyStoreType] :: CustomKeyStoreType -> Text
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance GHC.Classes.Eq Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance GHC.Classes.Ord Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance GHC.Generics.Generic Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance GHC.Read.Read Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: instance GHC.Show.Show Amazonka.KMS.Types.CustomKeyStoreType.CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: newtype CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: pattern CustomKeyStoreType_AWS_CLOUDHSM :: CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoreType: pattern CustomKeyStoreType_EXTERNAL_KEY_STORE :: CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: CustomKeyStoresListEntry' :: Maybe Text -> Maybe ConnectionErrorCodeType -> Maybe ConnectionStateType -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe CustomKeyStoreType -> Maybe Text -> Maybe XksProxyConfigurationType -> CustomKeyStoresListEntry
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: [$sel:cloudHsmClusterId:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe Text
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: [$sel:connectionErrorCode:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe ConnectionErrorCodeType
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: [$sel:connectionState:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe ConnectionStateType
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: [$sel:creationDate:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe POSIX
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: [$sel:customKeyStoreId:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe Text
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: [$sel:customKeyStoreName:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe Text
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: [$sel:customKeyStoreType:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe CustomKeyStoreType
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: [$sel:trustAnchorCertificate:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe Text
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: [$sel:xksProxyConfiguration:CustomKeyStoresListEntry'] :: CustomKeyStoresListEntry -> Maybe XksProxyConfigurationType
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: customKeyStoresListEntry_cloudHsmClusterId :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: customKeyStoresListEntry_connectionErrorCode :: Lens' CustomKeyStoresListEntry (Maybe ConnectionErrorCodeType)
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: customKeyStoresListEntry_connectionState :: Lens' CustomKeyStoresListEntry (Maybe ConnectionStateType)
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: customKeyStoresListEntry_creationDate :: Lens' CustomKeyStoresListEntry (Maybe UTCTime)
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: customKeyStoresListEntry_customKeyStoreId :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: customKeyStoresListEntry_customKeyStoreName :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: customKeyStoresListEntry_customKeyStoreType :: Lens' CustomKeyStoresListEntry (Maybe CustomKeyStoreType)
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: customKeyStoresListEntry_trustAnchorCertificate :: Lens' CustomKeyStoresListEntry (Maybe Text)
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: customKeyStoresListEntry_xksProxyConfiguration :: Lens' CustomKeyStoresListEntry (Maybe XksProxyConfigurationType)
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: data CustomKeyStoresListEntry
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: instance Control.DeepSeq.NFData Amazonka.KMS.Types.CustomKeyStoresListEntry.CustomKeyStoresListEntry
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.CustomKeyStoresListEntry.CustomKeyStoresListEntry
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.CustomKeyStoresListEntry.CustomKeyStoresListEntry
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: instance GHC.Classes.Eq Amazonka.KMS.Types.CustomKeyStoresListEntry.CustomKeyStoresListEntry
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: instance GHC.Generics.Generic Amazonka.KMS.Types.CustomKeyStoresListEntry.CustomKeyStoresListEntry
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: instance GHC.Show.Show Amazonka.KMS.Types.CustomKeyStoresListEntry.CustomKeyStoresListEntry
+ Amazonka.KMS.Types.CustomKeyStoresListEntry: newCustomKeyStoresListEntry :: CustomKeyStoresListEntry
+ Amazonka.KMS.Types.CustomerMasterKeySpec: CustomerMasterKeySpec' :: Text -> CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: [fromCustomerMasterKeySpec] :: CustomerMasterKeySpec -> Text
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Control.DeepSeq.NFData Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance GHC.Classes.Eq Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance GHC.Classes.Ord Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance GHC.Generics.Generic Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance GHC.Read.Read Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: instance GHC.Show.Show Amazonka.KMS.Types.CustomerMasterKeySpec.CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: newtype CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_ECC_NIST_P256 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_ECC_NIST_P384 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_ECC_NIST_P521 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_ECC_SECG_P256K1 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_HMAC_224 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_HMAC_256 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_HMAC_384 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_HMAC_512 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_RSA_2048 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_RSA_3072 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_RSA_4096 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_SM2 :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.CustomerMasterKeySpec: pattern CustomerMasterKeySpec_SYMMETRIC_DEFAULT :: CustomerMasterKeySpec
+ Amazonka.KMS.Types.DataKeyPairSpec: DataKeyPairSpec' :: Text -> DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: [fromDataKeyPairSpec] :: DataKeyPairSpec -> Text
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Control.DeepSeq.NFData Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance GHC.Classes.Eq Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance GHC.Classes.Ord Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance GHC.Generics.Generic Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance GHC.Read.Read Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: instance GHC.Show.Show Amazonka.KMS.Types.DataKeyPairSpec.DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: newtype DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: pattern DataKeyPairSpec_ECC_NIST_P256 :: DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: pattern DataKeyPairSpec_ECC_NIST_P384 :: DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: pattern DataKeyPairSpec_ECC_NIST_P521 :: DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: pattern DataKeyPairSpec_ECC_SECG_P256K1 :: DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: pattern DataKeyPairSpec_RSA_2048 :: DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: pattern DataKeyPairSpec_RSA_3072 :: DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: pattern DataKeyPairSpec_RSA_4096 :: DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeyPairSpec: pattern DataKeyPairSpec_SM2 :: DataKeyPairSpec
+ Amazonka.KMS.Types.DataKeySpec: DataKeySpec' :: Text -> DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: [fromDataKeySpec] :: DataKeySpec -> Text
+ Amazonka.KMS.Types.DataKeySpec: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Control.DeepSeq.NFData Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance GHC.Classes.Eq Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance GHC.Classes.Ord Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance GHC.Generics.Generic Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance GHC.Read.Read Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: instance GHC.Show.Show Amazonka.KMS.Types.DataKeySpec.DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: newtype DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: pattern DataKeySpec_AES_128 :: DataKeySpec
+ Amazonka.KMS.Types.DataKeySpec: pattern DataKeySpec_AES_256 :: DataKeySpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: EncryptionAlgorithmSpec' :: Text -> EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: [fromEncryptionAlgorithmSpec] :: EncryptionAlgorithmSpec -> Text
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Control.DeepSeq.NFData Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance GHC.Classes.Eq Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance GHC.Classes.Ord Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance GHC.Generics.Generic Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance GHC.Read.Read Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: instance GHC.Show.Show Amazonka.KMS.Types.EncryptionAlgorithmSpec.EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: newtype EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1 :: EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256 :: EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: pattern EncryptionAlgorithmSpec_SM2PKE :: EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.EncryptionAlgorithmSpec: pattern EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT :: EncryptionAlgorithmSpec
+ Amazonka.KMS.Types.ExpirationModelType: ExpirationModelType' :: Text -> ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: [fromExpirationModelType] :: ExpirationModelType -> Text
+ Amazonka.KMS.Types.ExpirationModelType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance GHC.Classes.Eq Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance GHC.Classes.Ord Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance GHC.Generics.Generic Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance GHC.Read.Read Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: instance GHC.Show.Show Amazonka.KMS.Types.ExpirationModelType.ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: newtype ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: pattern ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE :: ExpirationModelType
+ Amazonka.KMS.Types.ExpirationModelType: pattern ExpirationModelType_KEY_MATERIAL_EXPIRES :: ExpirationModelType
+ Amazonka.KMS.Types.GrantConstraints: GrantConstraints' :: Maybe (HashMap Text Text) -> Maybe (HashMap Text Text) -> GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: [$sel:encryptionContextEquals:GrantConstraints'] :: GrantConstraints -> Maybe (HashMap Text Text)
+ Amazonka.KMS.Types.GrantConstraints: [$sel:encryptionContextSubset:GrantConstraints'] :: GrantConstraints -> Maybe (HashMap Text Text)
+ Amazonka.KMS.Types.GrantConstraints: data GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: grantConstraints_encryptionContextEquals :: Lens' GrantConstraints (Maybe (HashMap Text Text))
+ Amazonka.KMS.Types.GrantConstraints: grantConstraints_encryptionContextSubset :: Lens' GrantConstraints (Maybe (HashMap Text Text))
+ Amazonka.KMS.Types.GrantConstraints: instance Control.DeepSeq.NFData Amazonka.KMS.Types.GrantConstraints.GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.GrantConstraints.GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.GrantConstraints.GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.GrantConstraints.GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: instance GHC.Classes.Eq Amazonka.KMS.Types.GrantConstraints.GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: instance GHC.Generics.Generic Amazonka.KMS.Types.GrantConstraints.GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: instance GHC.Read.Read Amazonka.KMS.Types.GrantConstraints.GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: instance GHC.Show.Show Amazonka.KMS.Types.GrantConstraints.GrantConstraints
+ Amazonka.KMS.Types.GrantConstraints: newGrantConstraints :: GrantConstraints
+ Amazonka.KMS.Types.GrantListEntry: GrantListEntry' :: Maybe GrantConstraints -> Maybe POSIX -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe Text -> Maybe [GrantOperation] -> Maybe Text -> GrantListEntry
+ Amazonka.KMS.Types.GrantListEntry: [$sel:constraints:GrantListEntry'] :: GrantListEntry -> Maybe GrantConstraints
+ Amazonka.KMS.Types.GrantListEntry: [$sel:creationDate:GrantListEntry'] :: GrantListEntry -> Maybe POSIX
+ Amazonka.KMS.Types.GrantListEntry: [$sel:grantId:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types.GrantListEntry: [$sel:granteePrincipal:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types.GrantListEntry: [$sel:issuingAccount:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types.GrantListEntry: [$sel:keyId:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types.GrantListEntry: [$sel:name:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types.GrantListEntry: [$sel:operations:GrantListEntry'] :: GrantListEntry -> Maybe [GrantOperation]
+ Amazonka.KMS.Types.GrantListEntry: [$sel:retiringPrincipal:GrantListEntry'] :: GrantListEntry -> Maybe Text
+ Amazonka.KMS.Types.GrantListEntry: data GrantListEntry
+ Amazonka.KMS.Types.GrantListEntry: grantListEntry_constraints :: Lens' GrantListEntry (Maybe GrantConstraints)
+ Amazonka.KMS.Types.GrantListEntry: grantListEntry_creationDate :: Lens' GrantListEntry (Maybe UTCTime)
+ Amazonka.KMS.Types.GrantListEntry: grantListEntry_grantId :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types.GrantListEntry: grantListEntry_granteePrincipal :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types.GrantListEntry: grantListEntry_issuingAccount :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types.GrantListEntry: grantListEntry_keyId :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types.GrantListEntry: grantListEntry_name :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types.GrantListEntry: grantListEntry_operations :: Lens' GrantListEntry (Maybe [GrantOperation])
+ Amazonka.KMS.Types.GrantListEntry: grantListEntry_retiringPrincipal :: Lens' GrantListEntry (Maybe Text)
+ Amazonka.KMS.Types.GrantListEntry: instance Control.DeepSeq.NFData Amazonka.KMS.Types.GrantListEntry.GrantListEntry
+ Amazonka.KMS.Types.GrantListEntry: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.GrantListEntry.GrantListEntry
+ Amazonka.KMS.Types.GrantListEntry: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.GrantListEntry.GrantListEntry
+ Amazonka.KMS.Types.GrantListEntry: instance GHC.Classes.Eq Amazonka.KMS.Types.GrantListEntry.GrantListEntry
+ Amazonka.KMS.Types.GrantListEntry: instance GHC.Generics.Generic Amazonka.KMS.Types.GrantListEntry.GrantListEntry
+ Amazonka.KMS.Types.GrantListEntry: instance GHC.Read.Read Amazonka.KMS.Types.GrantListEntry.GrantListEntry
+ Amazonka.KMS.Types.GrantListEntry: instance GHC.Show.Show Amazonka.KMS.Types.GrantListEntry.GrantListEntry
+ Amazonka.KMS.Types.GrantListEntry: newGrantListEntry :: GrantListEntry
+ Amazonka.KMS.Types.GrantOperation: GrantOperation' :: Text -> GrantOperation
+ Amazonka.KMS.Types.GrantOperation: [fromGrantOperation] :: GrantOperation -> Text
+ Amazonka.KMS.Types.GrantOperation: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Control.DeepSeq.NFData Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance GHC.Classes.Eq Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance GHC.Classes.Ord Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance GHC.Generics.Generic Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance GHC.Read.Read Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: instance GHC.Show.Show Amazonka.KMS.Types.GrantOperation.GrantOperation
+ Amazonka.KMS.Types.GrantOperation: newtype GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_CreateGrant :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_Decrypt :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_DescribeKey :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_Encrypt :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_GenerateDataKey :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_GenerateDataKeyPair :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_GenerateDataKeyPairWithoutPlaintext :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_GenerateDataKeyWithoutPlaintext :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_GenerateMac :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_GetPublicKey :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_ReEncryptFrom :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_ReEncryptTo :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_RetireGrant :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_Sign :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_Verify :: GrantOperation
+ Amazonka.KMS.Types.GrantOperation: pattern GrantOperation_VerifyMac :: GrantOperation
+ Amazonka.KMS.Types.KeyListEntry: KeyListEntry' :: Maybe Text -> Maybe Text -> KeyListEntry
+ Amazonka.KMS.Types.KeyListEntry: [$sel:keyArn:KeyListEntry'] :: KeyListEntry -> Maybe Text
+ Amazonka.KMS.Types.KeyListEntry: [$sel:keyId:KeyListEntry'] :: KeyListEntry -> Maybe Text
+ Amazonka.KMS.Types.KeyListEntry: data KeyListEntry
+ Amazonka.KMS.Types.KeyListEntry: instance Control.DeepSeq.NFData Amazonka.KMS.Types.KeyListEntry.KeyListEntry
+ Amazonka.KMS.Types.KeyListEntry: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.KeyListEntry.KeyListEntry
+ Amazonka.KMS.Types.KeyListEntry: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.KeyListEntry.KeyListEntry
+ Amazonka.KMS.Types.KeyListEntry: instance GHC.Classes.Eq Amazonka.KMS.Types.KeyListEntry.KeyListEntry
+ Amazonka.KMS.Types.KeyListEntry: instance GHC.Generics.Generic Amazonka.KMS.Types.KeyListEntry.KeyListEntry
+ Amazonka.KMS.Types.KeyListEntry: instance GHC.Read.Read Amazonka.KMS.Types.KeyListEntry.KeyListEntry
+ Amazonka.KMS.Types.KeyListEntry: instance GHC.Show.Show Amazonka.KMS.Types.KeyListEntry.KeyListEntry
+ Amazonka.KMS.Types.KeyListEntry: keyListEntry_keyArn :: Lens' KeyListEntry (Maybe Text)
+ Amazonka.KMS.Types.KeyListEntry: keyListEntry_keyId :: Lens' KeyListEntry (Maybe Text)
+ Amazonka.KMS.Types.KeyListEntry: newKeyListEntry :: KeyListEntry
+ Amazonka.KMS.Types.KeyManagerType: KeyManagerType' :: Text -> KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: [fromKeyManagerType] :: KeyManagerType -> Text
+ Amazonka.KMS.Types.KeyManagerType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance GHC.Classes.Eq Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance GHC.Classes.Ord Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance GHC.Generics.Generic Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance GHC.Read.Read Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: instance GHC.Show.Show Amazonka.KMS.Types.KeyManagerType.KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: newtype KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: pattern KeyManagerType_AWS :: KeyManagerType
+ Amazonka.KMS.Types.KeyManagerType: pattern KeyManagerType_CUSTOMER :: KeyManagerType
+ Amazonka.KMS.Types.KeyMetadata: KeyMetadata' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe POSIX -> Maybe Text -> Maybe CustomerMasterKeySpec -> Maybe POSIX -> Maybe Text -> Maybe Bool -> Maybe [EncryptionAlgorithmSpec] -> Maybe ExpirationModelType -> Maybe KeyManagerType -> Maybe KeySpec -> Maybe KeyState -> Maybe KeyUsageType -> Maybe [MacAlgorithmSpec] -> Maybe Bool -> Maybe MultiRegionConfiguration -> Maybe OriginType -> Maybe Natural -> Maybe [SigningAlgorithmSpec] -> Maybe POSIX -> Maybe XksKeyConfigurationType -> Text -> KeyMetadata
+ Amazonka.KMS.Types.KeyMetadata: [$sel:aWSAccountId:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types.KeyMetadata: [$sel:arn:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types.KeyMetadata: [$sel:cloudHsmClusterId:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types.KeyMetadata: [$sel:creationDate:KeyMetadata'] :: KeyMetadata -> Maybe POSIX
+ Amazonka.KMS.Types.KeyMetadata: [$sel:customKeyStoreId:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types.KeyMetadata: [$sel:customerMasterKeySpec:KeyMetadata'] :: KeyMetadata -> Maybe CustomerMasterKeySpec
+ Amazonka.KMS.Types.KeyMetadata: [$sel:deletionDate:KeyMetadata'] :: KeyMetadata -> Maybe POSIX
+ Amazonka.KMS.Types.KeyMetadata: [$sel:description:KeyMetadata'] :: KeyMetadata -> Maybe Text
+ Amazonka.KMS.Types.KeyMetadata: [$sel:enabled:KeyMetadata'] :: KeyMetadata -> Maybe Bool
+ Amazonka.KMS.Types.KeyMetadata: [$sel:encryptionAlgorithms:KeyMetadata'] :: KeyMetadata -> Maybe [EncryptionAlgorithmSpec]
+ Amazonka.KMS.Types.KeyMetadata: [$sel:expirationModel:KeyMetadata'] :: KeyMetadata -> Maybe ExpirationModelType
+ Amazonka.KMS.Types.KeyMetadata: [$sel:keyId:KeyMetadata'] :: KeyMetadata -> Text
+ Amazonka.KMS.Types.KeyMetadata: [$sel:keyManager:KeyMetadata'] :: KeyMetadata -> Maybe KeyManagerType
+ Amazonka.KMS.Types.KeyMetadata: [$sel:keySpec:KeyMetadata'] :: KeyMetadata -> Maybe KeySpec
+ Amazonka.KMS.Types.KeyMetadata: [$sel:keyState:KeyMetadata'] :: KeyMetadata -> Maybe KeyState
+ Amazonka.KMS.Types.KeyMetadata: [$sel:keyUsage:KeyMetadata'] :: KeyMetadata -> Maybe KeyUsageType
+ Amazonka.KMS.Types.KeyMetadata: [$sel:macAlgorithms:KeyMetadata'] :: KeyMetadata -> Maybe [MacAlgorithmSpec]
+ Amazonka.KMS.Types.KeyMetadata: [$sel:multiRegion:KeyMetadata'] :: KeyMetadata -> Maybe Bool
+ Amazonka.KMS.Types.KeyMetadata: [$sel:multiRegionConfiguration:KeyMetadata'] :: KeyMetadata -> Maybe MultiRegionConfiguration
+ Amazonka.KMS.Types.KeyMetadata: [$sel:origin:KeyMetadata'] :: KeyMetadata -> Maybe OriginType
+ Amazonka.KMS.Types.KeyMetadata: [$sel:pendingDeletionWindowInDays:KeyMetadata'] :: KeyMetadata -> Maybe Natural
+ Amazonka.KMS.Types.KeyMetadata: [$sel:signingAlgorithms:KeyMetadata'] :: KeyMetadata -> Maybe [SigningAlgorithmSpec]
+ Amazonka.KMS.Types.KeyMetadata: [$sel:validTo:KeyMetadata'] :: KeyMetadata -> Maybe POSIX
+ Amazonka.KMS.Types.KeyMetadata: [$sel:xksKeyConfiguration:KeyMetadata'] :: KeyMetadata -> Maybe XksKeyConfigurationType
+ Amazonka.KMS.Types.KeyMetadata: data KeyMetadata
+ Amazonka.KMS.Types.KeyMetadata: instance Control.DeepSeq.NFData Amazonka.KMS.Types.KeyMetadata.KeyMetadata
+ Amazonka.KMS.Types.KeyMetadata: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.KeyMetadata.KeyMetadata
+ Amazonka.KMS.Types.KeyMetadata: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.KeyMetadata.KeyMetadata
+ Amazonka.KMS.Types.KeyMetadata: instance GHC.Classes.Eq Amazonka.KMS.Types.KeyMetadata.KeyMetadata
+ Amazonka.KMS.Types.KeyMetadata: instance GHC.Generics.Generic Amazonka.KMS.Types.KeyMetadata.KeyMetadata
+ Amazonka.KMS.Types.KeyMetadata: instance GHC.Read.Read Amazonka.KMS.Types.KeyMetadata.KeyMetadata
+ Amazonka.KMS.Types.KeyMetadata: instance GHC.Show.Show Amazonka.KMS.Types.KeyMetadata.KeyMetadata
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_aWSAccountId :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_arn :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_cloudHsmClusterId :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_creationDate :: Lens' KeyMetadata (Maybe UTCTime)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_customKeyStoreId :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_customerMasterKeySpec :: Lens' KeyMetadata (Maybe CustomerMasterKeySpec)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_deletionDate :: Lens' KeyMetadata (Maybe UTCTime)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_description :: Lens' KeyMetadata (Maybe Text)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_enabled :: Lens' KeyMetadata (Maybe Bool)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_encryptionAlgorithms :: Lens' KeyMetadata (Maybe [EncryptionAlgorithmSpec])
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_expirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_keyId :: Lens' KeyMetadata Text
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_keyManager :: Lens' KeyMetadata (Maybe KeyManagerType)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_keySpec :: Lens' KeyMetadata (Maybe KeySpec)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_keyState :: Lens' KeyMetadata (Maybe KeyState)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_keyUsage :: Lens' KeyMetadata (Maybe KeyUsageType)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_macAlgorithms :: Lens' KeyMetadata (Maybe [MacAlgorithmSpec])
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_multiRegion :: Lens' KeyMetadata (Maybe Bool)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_multiRegionConfiguration :: Lens' KeyMetadata (Maybe MultiRegionConfiguration)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_origin :: Lens' KeyMetadata (Maybe OriginType)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_pendingDeletionWindowInDays :: Lens' KeyMetadata (Maybe Natural)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_signingAlgorithms :: Lens' KeyMetadata (Maybe [SigningAlgorithmSpec])
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_validTo :: Lens' KeyMetadata (Maybe UTCTime)
+ Amazonka.KMS.Types.KeyMetadata: keyMetadata_xksKeyConfiguration :: Lens' KeyMetadata (Maybe XksKeyConfigurationType)
+ Amazonka.KMS.Types.KeyMetadata: newKeyMetadata :: Text -> KeyMetadata
+ Amazonka.KMS.Types.KeySpec: KeySpec' :: Text -> KeySpec
+ Amazonka.KMS.Types.KeySpec: [fromKeySpec] :: KeySpec -> Text
+ Amazonka.KMS.Types.KeySpec: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Control.DeepSeq.NFData Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance GHC.Classes.Eq Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance GHC.Classes.Ord Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance GHC.Generics.Generic Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance GHC.Read.Read Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: instance GHC.Show.Show Amazonka.KMS.Types.KeySpec.KeySpec
+ Amazonka.KMS.Types.KeySpec: newtype KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_ECC_NIST_P256 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_ECC_NIST_P384 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_ECC_NIST_P521 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_ECC_SECG_P256K1 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_HMAC_224 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_HMAC_256 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_HMAC_384 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_HMAC_512 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_RSA_2048 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_RSA_3072 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_RSA_4096 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_SM2 :: KeySpec
+ Amazonka.KMS.Types.KeySpec: pattern KeySpec_SYMMETRIC_DEFAULT :: KeySpec
+ Amazonka.KMS.Types.KeyState: KeyState' :: Text -> KeyState
+ Amazonka.KMS.Types.KeyState: [fromKeyState] :: KeyState -> Text
+ Amazonka.KMS.Types.KeyState: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Control.DeepSeq.NFData Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance GHC.Classes.Eq Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance GHC.Classes.Ord Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance GHC.Generics.Generic Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance GHC.Read.Read Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: instance GHC.Show.Show Amazonka.KMS.Types.KeyState.KeyState
+ Amazonka.KMS.Types.KeyState: newtype KeyState
+ Amazonka.KMS.Types.KeyState: pattern KeyState_Creating :: KeyState
+ Amazonka.KMS.Types.KeyState: pattern KeyState_Disabled :: KeyState
+ Amazonka.KMS.Types.KeyState: pattern KeyState_Enabled :: KeyState
+ Amazonka.KMS.Types.KeyState: pattern KeyState_PendingDeletion :: KeyState
+ Amazonka.KMS.Types.KeyState: pattern KeyState_PendingImport :: KeyState
+ Amazonka.KMS.Types.KeyState: pattern KeyState_PendingReplicaDeletion :: KeyState
+ Amazonka.KMS.Types.KeyState: pattern KeyState_Unavailable :: KeyState
+ Amazonka.KMS.Types.KeyState: pattern KeyState_Updating :: KeyState
+ Amazonka.KMS.Types.KeyUsageType: KeyUsageType' :: Text -> KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: [fromKeyUsageType] :: KeyUsageType -> Text
+ Amazonka.KMS.Types.KeyUsageType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance GHC.Classes.Eq Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance GHC.Classes.Ord Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance GHC.Generics.Generic Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance GHC.Read.Read Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: instance GHC.Show.Show Amazonka.KMS.Types.KeyUsageType.KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: newtype KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: pattern KeyUsageType_ENCRYPT_DECRYPT :: KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: pattern KeyUsageType_GENERATE_VERIFY_MAC :: KeyUsageType
+ Amazonka.KMS.Types.KeyUsageType: pattern KeyUsageType_SIGN_VERIFY :: KeyUsageType
+ Amazonka.KMS.Types.ListGrantsResponse: ListGrantsResponse' :: Maybe [GrantListEntry] -> Maybe Text -> Maybe Bool -> ListGrantsResponse
+ Amazonka.KMS.Types.ListGrantsResponse: [$sel:grants:ListGrantsResponse'] :: ListGrantsResponse -> Maybe [GrantListEntry]
+ Amazonka.KMS.Types.ListGrantsResponse: [$sel:nextMarker:ListGrantsResponse'] :: ListGrantsResponse -> Maybe Text
+ Amazonka.KMS.Types.ListGrantsResponse: [$sel:truncated:ListGrantsResponse'] :: ListGrantsResponse -> Maybe Bool
+ Amazonka.KMS.Types.ListGrantsResponse: data ListGrantsResponse
+ Amazonka.KMS.Types.ListGrantsResponse: instance Control.DeepSeq.NFData Amazonka.KMS.Types.ListGrantsResponse.ListGrantsResponse
+ Amazonka.KMS.Types.ListGrantsResponse: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.ListGrantsResponse.ListGrantsResponse
+ Amazonka.KMS.Types.ListGrantsResponse: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.ListGrantsResponse.ListGrantsResponse
+ Amazonka.KMS.Types.ListGrantsResponse: instance GHC.Classes.Eq Amazonka.KMS.Types.ListGrantsResponse.ListGrantsResponse
+ Amazonka.KMS.Types.ListGrantsResponse: instance GHC.Generics.Generic Amazonka.KMS.Types.ListGrantsResponse.ListGrantsResponse
+ Amazonka.KMS.Types.ListGrantsResponse: instance GHC.Read.Read Amazonka.KMS.Types.ListGrantsResponse.ListGrantsResponse
+ Amazonka.KMS.Types.ListGrantsResponse: instance GHC.Show.Show Amazonka.KMS.Types.ListGrantsResponse.ListGrantsResponse
+ Amazonka.KMS.Types.ListGrantsResponse: listGrantsResponse_grants :: Lens' ListGrantsResponse (Maybe [GrantListEntry])
+ Amazonka.KMS.Types.ListGrantsResponse: listGrantsResponse_nextMarker :: Lens' ListGrantsResponse (Maybe Text)
+ Amazonka.KMS.Types.ListGrantsResponse: listGrantsResponse_truncated :: Lens' ListGrantsResponse (Maybe Bool)
+ Amazonka.KMS.Types.ListGrantsResponse: newListGrantsResponse :: ListGrantsResponse
+ Amazonka.KMS.Types.MacAlgorithmSpec: MacAlgorithmSpec' :: Text -> MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: [fromMacAlgorithmSpec] :: MacAlgorithmSpec -> Text
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Control.DeepSeq.NFData Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance GHC.Classes.Eq Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance GHC.Classes.Ord Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance GHC.Generics.Generic Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance GHC.Read.Read Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: instance GHC.Show.Show Amazonka.KMS.Types.MacAlgorithmSpec.MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: newtype MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: pattern MacAlgorithmSpec_HMAC_SHA_224 :: MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: pattern MacAlgorithmSpec_HMAC_SHA_256 :: MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: pattern MacAlgorithmSpec_HMAC_SHA_384 :: MacAlgorithmSpec
+ Amazonka.KMS.Types.MacAlgorithmSpec: pattern MacAlgorithmSpec_HMAC_SHA_512 :: MacAlgorithmSpec
+ Amazonka.KMS.Types.MessageType: MessageType' :: Text -> MessageType
+ Amazonka.KMS.Types.MessageType: [fromMessageType] :: MessageType -> Text
+ Amazonka.KMS.Types.MessageType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance GHC.Classes.Eq Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance GHC.Classes.Ord Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance GHC.Generics.Generic Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance GHC.Read.Read Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: instance GHC.Show.Show Amazonka.KMS.Types.MessageType.MessageType
+ Amazonka.KMS.Types.MessageType: newtype MessageType
+ Amazonka.KMS.Types.MessageType: pattern MessageType_DIGEST :: MessageType
+ Amazonka.KMS.Types.MessageType: pattern MessageType_RAW :: MessageType
+ Amazonka.KMS.Types.MultiRegionConfiguration: MultiRegionConfiguration' :: Maybe MultiRegionKeyType -> Maybe MultiRegionKey -> Maybe [MultiRegionKey] -> MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionConfiguration: [$sel:multiRegionKeyType:MultiRegionConfiguration'] :: MultiRegionConfiguration -> Maybe MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionConfiguration: [$sel:primaryKey:MultiRegionConfiguration'] :: MultiRegionConfiguration -> Maybe MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionConfiguration: [$sel:replicaKeys:MultiRegionConfiguration'] :: MultiRegionConfiguration -> Maybe [MultiRegionKey]
+ Amazonka.KMS.Types.MultiRegionConfiguration: data MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionConfiguration: instance Control.DeepSeq.NFData Amazonka.KMS.Types.MultiRegionConfiguration.MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionConfiguration: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.MultiRegionConfiguration.MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionConfiguration: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.MultiRegionConfiguration.MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionConfiguration: instance GHC.Classes.Eq Amazonka.KMS.Types.MultiRegionConfiguration.MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionConfiguration: instance GHC.Generics.Generic Amazonka.KMS.Types.MultiRegionConfiguration.MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionConfiguration: instance GHC.Read.Read Amazonka.KMS.Types.MultiRegionConfiguration.MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionConfiguration: instance GHC.Show.Show Amazonka.KMS.Types.MultiRegionConfiguration.MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionConfiguration: multiRegionConfiguration_multiRegionKeyType :: Lens' MultiRegionConfiguration (Maybe MultiRegionKeyType)
+ Amazonka.KMS.Types.MultiRegionConfiguration: multiRegionConfiguration_primaryKey :: Lens' MultiRegionConfiguration (Maybe MultiRegionKey)
+ Amazonka.KMS.Types.MultiRegionConfiguration: multiRegionConfiguration_replicaKeys :: Lens' MultiRegionConfiguration (Maybe [MultiRegionKey])
+ Amazonka.KMS.Types.MultiRegionConfiguration: newMultiRegionConfiguration :: MultiRegionConfiguration
+ Amazonka.KMS.Types.MultiRegionKey: MultiRegionKey' :: Maybe Text -> Maybe Text -> MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKey: [$sel:arn:MultiRegionKey'] :: MultiRegionKey -> Maybe Text
+ Amazonka.KMS.Types.MultiRegionKey: [$sel:region:MultiRegionKey'] :: MultiRegionKey -> Maybe Text
+ Amazonka.KMS.Types.MultiRegionKey: data MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKey: instance Control.DeepSeq.NFData Amazonka.KMS.Types.MultiRegionKey.MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKey: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.MultiRegionKey.MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKey: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.MultiRegionKey.MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKey: instance GHC.Classes.Eq Amazonka.KMS.Types.MultiRegionKey.MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKey: instance GHC.Generics.Generic Amazonka.KMS.Types.MultiRegionKey.MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKey: instance GHC.Read.Read Amazonka.KMS.Types.MultiRegionKey.MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKey: instance GHC.Show.Show Amazonka.KMS.Types.MultiRegionKey.MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKey: multiRegionKey_arn :: Lens' MultiRegionKey (Maybe Text)
+ Amazonka.KMS.Types.MultiRegionKey: multiRegionKey_region :: Lens' MultiRegionKey (Maybe Text)
+ Amazonka.KMS.Types.MultiRegionKey: newMultiRegionKey :: MultiRegionKey
+ Amazonka.KMS.Types.MultiRegionKeyType: MultiRegionKeyType' :: Text -> MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: [fromMultiRegionKeyType] :: MultiRegionKeyType -> Text
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance GHC.Classes.Eq Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance GHC.Classes.Ord Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance GHC.Generics.Generic Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance GHC.Read.Read Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: instance GHC.Show.Show Amazonka.KMS.Types.MultiRegionKeyType.MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: newtype MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: pattern MultiRegionKeyType_PRIMARY :: MultiRegionKeyType
+ Amazonka.KMS.Types.MultiRegionKeyType: pattern MultiRegionKeyType_REPLICA :: MultiRegionKeyType
+ Amazonka.KMS.Types.OriginType: OriginType' :: Text -> OriginType
+ Amazonka.KMS.Types.OriginType: [fromOriginType] :: OriginType -> Text
+ Amazonka.KMS.Types.OriginType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance GHC.Classes.Eq Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance GHC.Classes.Ord Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance GHC.Generics.Generic Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance GHC.Read.Read Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: instance GHC.Show.Show Amazonka.KMS.Types.OriginType.OriginType
+ Amazonka.KMS.Types.OriginType: newtype OriginType
+ Amazonka.KMS.Types.OriginType: pattern OriginType_AWS_CLOUDHSM :: OriginType
+ Amazonka.KMS.Types.OriginType: pattern OriginType_AWS_KMS :: OriginType
+ Amazonka.KMS.Types.OriginType: pattern OriginType_EXTERNAL :: OriginType
+ Amazonka.KMS.Types.OriginType: pattern OriginType_EXTERNAL_KEY_STORE :: OriginType
+ Amazonka.KMS.Types.SigningAlgorithmSpec: SigningAlgorithmSpec' :: Text -> SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: [fromSigningAlgorithmSpec] :: SigningAlgorithmSpec -> Text
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Control.DeepSeq.NFData Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance GHC.Classes.Eq Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance GHC.Classes.Ord Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance GHC.Generics.Generic Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance GHC.Read.Read Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: instance GHC.Show.Show Amazonka.KMS.Types.SigningAlgorithmSpec.SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: newtype SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_ECDSA_SHA_256 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_ECDSA_SHA_384 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_ECDSA_SHA_512 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_256 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_384 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_512 :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.SigningAlgorithmSpec: pattern SigningAlgorithmSpec_SM2DSA :: SigningAlgorithmSpec
+ Amazonka.KMS.Types.Tag: Tag' :: Text -> Text -> Tag
+ Amazonka.KMS.Types.Tag: [$sel:tagKey:Tag'] :: Tag -> Text
+ Amazonka.KMS.Types.Tag: [$sel:tagValue:Tag'] :: Tag -> Text
+ Amazonka.KMS.Types.Tag: data Tag
+ Amazonka.KMS.Types.Tag: instance Control.DeepSeq.NFData Amazonka.KMS.Types.Tag.Tag
+ Amazonka.KMS.Types.Tag: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.Tag.Tag
+ Amazonka.KMS.Types.Tag: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.Tag.Tag
+ Amazonka.KMS.Types.Tag: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.Tag.Tag
+ Amazonka.KMS.Types.Tag: instance GHC.Classes.Eq Amazonka.KMS.Types.Tag.Tag
+ Amazonka.KMS.Types.Tag: instance GHC.Generics.Generic Amazonka.KMS.Types.Tag.Tag
+ Amazonka.KMS.Types.Tag: instance GHC.Read.Read Amazonka.KMS.Types.Tag.Tag
+ Amazonka.KMS.Types.Tag: instance GHC.Show.Show Amazonka.KMS.Types.Tag.Tag
+ Amazonka.KMS.Types.Tag: newTag :: Text -> Text -> Tag
+ Amazonka.KMS.Types.Tag: tag_tagKey :: Lens' Tag Text
+ Amazonka.KMS.Types.Tag: tag_tagValue :: Lens' Tag Text
+ Amazonka.KMS.Types.WrappingKeySpec: WrappingKeySpec' :: Text -> WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: [fromWrappingKeySpec] :: WrappingKeySpec -> Text
+ Amazonka.KMS.Types.WrappingKeySpec: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Control.DeepSeq.NFData Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance GHC.Classes.Eq Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance GHC.Classes.Ord Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance GHC.Generics.Generic Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance GHC.Read.Read Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: instance GHC.Show.Show Amazonka.KMS.Types.WrappingKeySpec.WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: newtype WrappingKeySpec
+ Amazonka.KMS.Types.WrappingKeySpec: pattern WrappingKeySpec_RSA_2048 :: WrappingKeySpec
+ Amazonka.KMS.Types.XksKeyConfigurationType: XksKeyConfigurationType' :: Maybe Text -> XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: [$sel:id:XksKeyConfigurationType'] :: XksKeyConfigurationType -> Maybe Text
+ Amazonka.KMS.Types.XksKeyConfigurationType: data XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.XksKeyConfigurationType.XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.XksKeyConfigurationType.XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.XksKeyConfigurationType.XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: instance GHC.Classes.Eq Amazonka.KMS.Types.XksKeyConfigurationType.XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: instance GHC.Generics.Generic Amazonka.KMS.Types.XksKeyConfigurationType.XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: instance GHC.Read.Read Amazonka.KMS.Types.XksKeyConfigurationType.XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: instance GHC.Show.Show Amazonka.KMS.Types.XksKeyConfigurationType.XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: newXksKeyConfigurationType :: XksKeyConfigurationType
+ Amazonka.KMS.Types.XksKeyConfigurationType: xksKeyConfigurationType_id :: Lens' XksKeyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: XksProxyAuthenticationCredentialType' :: Sensitive Text -> Sensitive Text -> XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: [$sel:accessKeyId:XksProxyAuthenticationCredentialType'] :: XksProxyAuthenticationCredentialType -> Sensitive Text
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: [$sel:rawSecretAccessKey:XksProxyAuthenticationCredentialType'] :: XksProxyAuthenticationCredentialType -> Sensitive Text
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: data XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.XksProxyAuthenticationCredentialType.XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.XksProxyAuthenticationCredentialType.XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.XksProxyAuthenticationCredentialType.XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: instance GHC.Classes.Eq Amazonka.KMS.Types.XksProxyAuthenticationCredentialType.XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: instance GHC.Generics.Generic Amazonka.KMS.Types.XksProxyAuthenticationCredentialType.XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: instance GHC.Show.Show Amazonka.KMS.Types.XksProxyAuthenticationCredentialType.XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: newXksProxyAuthenticationCredentialType :: Text -> Text -> XksProxyAuthenticationCredentialType
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: xksProxyAuthenticationCredentialType_accessKeyId :: Lens' XksProxyAuthenticationCredentialType Text
+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType: xksProxyAuthenticationCredentialType_rawSecretAccessKey :: Lens' XksProxyAuthenticationCredentialType Text
+ Amazonka.KMS.Types.XksProxyConfigurationType: XksProxyConfigurationType' :: Maybe (Sensitive Text) -> Maybe XksProxyConnectivityType -> Maybe Text -> Maybe Text -> Maybe Text -> XksProxyConfigurationType
+ Amazonka.KMS.Types.XksProxyConfigurationType: [$sel:accessKeyId:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe (Sensitive Text)
+ Amazonka.KMS.Types.XksProxyConfigurationType: [$sel:connectivity:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConfigurationType: [$sel:uriEndpoint:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe Text
+ Amazonka.KMS.Types.XksProxyConfigurationType: [$sel:uriPath:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe Text
+ Amazonka.KMS.Types.XksProxyConfigurationType: [$sel:vpcEndpointServiceName:XksProxyConfigurationType'] :: XksProxyConfigurationType -> Maybe Text
+ Amazonka.KMS.Types.XksProxyConfigurationType: data XksProxyConfigurationType
+ Amazonka.KMS.Types.XksProxyConfigurationType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.XksProxyConfigurationType.XksProxyConfigurationType
+ Amazonka.KMS.Types.XksProxyConfigurationType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.XksProxyConfigurationType.XksProxyConfigurationType
+ Amazonka.KMS.Types.XksProxyConfigurationType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.XksProxyConfigurationType.XksProxyConfigurationType
+ Amazonka.KMS.Types.XksProxyConfigurationType: instance GHC.Classes.Eq Amazonka.KMS.Types.XksProxyConfigurationType.XksProxyConfigurationType
+ Amazonka.KMS.Types.XksProxyConfigurationType: instance GHC.Generics.Generic Amazonka.KMS.Types.XksProxyConfigurationType.XksProxyConfigurationType
+ Amazonka.KMS.Types.XksProxyConfigurationType: instance GHC.Show.Show Amazonka.KMS.Types.XksProxyConfigurationType.XksProxyConfigurationType
+ Amazonka.KMS.Types.XksProxyConfigurationType: newXksProxyConfigurationType :: XksProxyConfigurationType
+ Amazonka.KMS.Types.XksProxyConfigurationType: xksProxyConfigurationType_accessKeyId :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types.XksProxyConfigurationType: xksProxyConfigurationType_connectivity :: Lens' XksProxyConfigurationType (Maybe XksProxyConnectivityType)
+ Amazonka.KMS.Types.XksProxyConfigurationType: xksProxyConfigurationType_uriEndpoint :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types.XksProxyConfigurationType: xksProxyConfigurationType_uriPath :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types.XksProxyConfigurationType: xksProxyConfigurationType_vpcEndpointServiceName :: Lens' XksProxyConfigurationType (Maybe Text)
+ Amazonka.KMS.Types.XksProxyConnectivityType: XksProxyConnectivityType' :: Text -> XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: [fromXksProxyConnectivityType] :: XksProxyConnectivityType -> Text
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Amazonka.Data.ByteString.ToByteString Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Amazonka.Data.Headers.ToHeader Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Amazonka.Data.Log.ToLog Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Amazonka.Data.Text.FromText Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Amazonka.Data.Text.ToText Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Amazonka.Data.XML.FromXML Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Amazonka.Data.XML.ToXML Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Control.DeepSeq.NFData Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Data.Aeson.Types.FromJSON.FromJSON Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Data.Aeson.Types.FromJSON.FromJSONKey Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Data.Aeson.Types.ToJSON.ToJSONKey Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance Data.Hashable.Class.Hashable Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance GHC.Classes.Eq Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance GHC.Classes.Ord Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance GHC.Generics.Generic Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance GHC.Read.Read Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: instance GHC.Show.Show Amazonka.KMS.Types.XksProxyConnectivityType.XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: newtype XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: pattern XksProxyConnectivityType_PUBLIC_ENDPOINT :: XksProxyConnectivityType
+ Amazonka.KMS.Types.XksProxyConnectivityType: pattern XksProxyConnectivityType_VPC_ENDPOINT_SERVICE :: XksProxyConnectivityType
+ Amazonka.KMS.UntagResource: UntagResource' :: Text -> [Text] -> UntagResource
+ Amazonka.KMS.UntagResource: UntagResourceResponse' :: UntagResourceResponse
+ Amazonka.KMS.UntagResource: [$sel:keyId:UntagResource'] :: UntagResource -> Text
+ Amazonka.KMS.UntagResource: [$sel:tagKeys:UntagResource'] :: UntagResource -> [Text]
+ Amazonka.KMS.UntagResource: data UntagResource
+ Amazonka.KMS.UntagResource: data UntagResourceResponse
+ Amazonka.KMS.UntagResource: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance Amazonka.Data.Path.ToPath Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance Amazonka.Types.AWSRequest Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance Control.DeepSeq.NFData Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance Control.DeepSeq.NFData Amazonka.KMS.UntagResource.UntagResourceResponse
+ Amazonka.KMS.UntagResource: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance Data.Hashable.Class.Hashable Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance GHC.Classes.Eq Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance GHC.Classes.Eq Amazonka.KMS.UntagResource.UntagResourceResponse
+ Amazonka.KMS.UntagResource: instance GHC.Generics.Generic Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance GHC.Generics.Generic Amazonka.KMS.UntagResource.UntagResourceResponse
+ Amazonka.KMS.UntagResource: instance GHC.Read.Read Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance GHC.Read.Read Amazonka.KMS.UntagResource.UntagResourceResponse
+ Amazonka.KMS.UntagResource: instance GHC.Show.Show Amazonka.KMS.UntagResource.UntagResource
+ Amazonka.KMS.UntagResource: instance GHC.Show.Show Amazonka.KMS.UntagResource.UntagResourceResponse
+ Amazonka.KMS.UntagResource: newUntagResource :: Text -> UntagResource
+ Amazonka.KMS.UntagResource: newUntagResourceResponse :: UntagResourceResponse
+ Amazonka.KMS.UntagResource: untagResource_keyId :: Lens' UntagResource Text
+ Amazonka.KMS.UntagResource: untagResource_tagKeys :: Lens' UntagResource [Text]
+ Amazonka.KMS.UpdateAlias: UpdateAlias' :: Text -> Text -> UpdateAlias
+ Amazonka.KMS.UpdateAlias: UpdateAliasResponse' :: UpdateAliasResponse
+ Amazonka.KMS.UpdateAlias: [$sel:aliasName:UpdateAlias'] :: UpdateAlias -> Text
+ Amazonka.KMS.UpdateAlias: [$sel:targetKeyId:UpdateAlias'] :: UpdateAlias -> Text
+ Amazonka.KMS.UpdateAlias: data UpdateAlias
+ Amazonka.KMS.UpdateAlias: data UpdateAliasResponse
+ Amazonka.KMS.UpdateAlias: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance Amazonka.Data.Path.ToPath Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance Amazonka.Types.AWSRequest Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance Control.DeepSeq.NFData Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance Control.DeepSeq.NFData Amazonka.KMS.UpdateAlias.UpdateAliasResponse
+ Amazonka.KMS.UpdateAlias: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance Data.Hashable.Class.Hashable Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance GHC.Classes.Eq Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance GHC.Classes.Eq Amazonka.KMS.UpdateAlias.UpdateAliasResponse
+ Amazonka.KMS.UpdateAlias: instance GHC.Generics.Generic Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance GHC.Generics.Generic Amazonka.KMS.UpdateAlias.UpdateAliasResponse
+ Amazonka.KMS.UpdateAlias: instance GHC.Read.Read Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance GHC.Read.Read Amazonka.KMS.UpdateAlias.UpdateAliasResponse
+ Amazonka.KMS.UpdateAlias: instance GHC.Show.Show Amazonka.KMS.UpdateAlias.UpdateAlias
+ Amazonka.KMS.UpdateAlias: instance GHC.Show.Show Amazonka.KMS.UpdateAlias.UpdateAliasResponse
+ Amazonka.KMS.UpdateAlias: newUpdateAlias :: Text -> Text -> UpdateAlias
+ Amazonka.KMS.UpdateAlias: newUpdateAliasResponse :: UpdateAliasResponse
+ Amazonka.KMS.UpdateAlias: updateAlias_aliasName :: Lens' UpdateAlias Text
+ Amazonka.KMS.UpdateAlias: updateAlias_targetKeyId :: Lens' UpdateAlias Text
+ Amazonka.KMS.UpdateCustomKeyStore: UpdateCustomKeyStore' :: Maybe Text -> Maybe (Sensitive Text) -> Maybe Text -> Maybe XksProxyAuthenticationCredentialType -> Maybe XksProxyConnectivityType -> Maybe Text -> Maybe Text -> Maybe Text -> Text -> UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: UpdateCustomKeyStoreResponse' :: Int -> UpdateCustomKeyStoreResponse
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:cloudHsmClusterId:UpdateCustomKeyStore'] :: UpdateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:customKeyStoreId:UpdateCustomKeyStore'] :: UpdateCustomKeyStore -> Text
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:httpStatus:UpdateCustomKeyStoreResponse'] :: UpdateCustomKeyStoreResponse -> Int
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:keyStorePassword:UpdateCustomKeyStore'] :: UpdateCustomKeyStore -> Maybe (Sensitive Text)
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:newCustomKeyStoreName':UpdateCustomKeyStore'] :: UpdateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:xksProxyAuthenticationCredential:UpdateCustomKeyStore'] :: UpdateCustomKeyStore -> Maybe XksProxyAuthenticationCredentialType
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:xksProxyConnectivity:UpdateCustomKeyStore'] :: UpdateCustomKeyStore -> Maybe XksProxyConnectivityType
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:xksProxyUriEndpoint:UpdateCustomKeyStore'] :: UpdateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:xksProxyUriPath:UpdateCustomKeyStore'] :: UpdateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.UpdateCustomKeyStore: [$sel:xksProxyVpcEndpointServiceName:UpdateCustomKeyStore'] :: UpdateCustomKeyStore -> Maybe Text
+ Amazonka.KMS.UpdateCustomKeyStore: data UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: data UpdateCustomKeyStoreResponse
+ Amazonka.KMS.UpdateCustomKeyStore: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance Amazonka.Data.Path.ToPath Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance Amazonka.Types.AWSRequest Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance Control.DeepSeq.NFData Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStoreResponse
+ Amazonka.KMS.UpdateCustomKeyStore: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance Data.Hashable.Class.Hashable Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance GHC.Classes.Eq Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStoreResponse
+ Amazonka.KMS.UpdateCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance GHC.Generics.Generic Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStoreResponse
+ Amazonka.KMS.UpdateCustomKeyStore: instance GHC.Read.Read Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStoreResponse
+ Amazonka.KMS.UpdateCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: instance GHC.Show.Show Amazonka.KMS.UpdateCustomKeyStore.UpdateCustomKeyStoreResponse
+ Amazonka.KMS.UpdateCustomKeyStore: newUpdateCustomKeyStore :: Text -> UpdateCustomKeyStore
+ Amazonka.KMS.UpdateCustomKeyStore: newUpdateCustomKeyStoreResponse :: Int -> UpdateCustomKeyStoreResponse
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStoreResponse_httpStatus :: Lens' UpdateCustomKeyStoreResponse Int
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStore_cloudHsmClusterId :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStore_customKeyStoreId :: Lens' UpdateCustomKeyStore Text
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStore_keyStorePassword :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStore_newCustomKeyStoreName :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStore_xksProxyAuthenticationCredential :: Lens' UpdateCustomKeyStore (Maybe XksProxyAuthenticationCredentialType)
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStore_xksProxyConnectivity :: Lens' UpdateCustomKeyStore (Maybe XksProxyConnectivityType)
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStore_xksProxyUriEndpoint :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStore_xksProxyUriPath :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.UpdateCustomKeyStore: updateCustomKeyStore_xksProxyVpcEndpointServiceName :: Lens' UpdateCustomKeyStore (Maybe Text)
+ Amazonka.KMS.UpdateKeyDescription: UpdateKeyDescription' :: Text -> Text -> UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: UpdateKeyDescriptionResponse' :: UpdateKeyDescriptionResponse
+ Amazonka.KMS.UpdateKeyDescription: [$sel:description:UpdateKeyDescription'] :: UpdateKeyDescription -> Text
+ Amazonka.KMS.UpdateKeyDescription: [$sel:keyId:UpdateKeyDescription'] :: UpdateKeyDescription -> Text
+ Amazonka.KMS.UpdateKeyDescription: data UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: data UpdateKeyDescriptionResponse
+ Amazonka.KMS.UpdateKeyDescription: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance Amazonka.Data.Path.ToPath Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance Amazonka.Types.AWSRequest Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance Control.DeepSeq.NFData Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance Control.DeepSeq.NFData Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
+ Amazonka.KMS.UpdateKeyDescription: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance Data.Hashable.Class.Hashable Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance GHC.Classes.Eq Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance GHC.Classes.Eq Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
+ Amazonka.KMS.UpdateKeyDescription: instance GHC.Generics.Generic Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance GHC.Generics.Generic Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
+ Amazonka.KMS.UpdateKeyDescription: instance GHC.Read.Read Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance GHC.Read.Read Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
+ Amazonka.KMS.UpdateKeyDescription: instance GHC.Show.Show Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: instance GHC.Show.Show Amazonka.KMS.UpdateKeyDescription.UpdateKeyDescriptionResponse
+ Amazonka.KMS.UpdateKeyDescription: newUpdateKeyDescription :: Text -> Text -> UpdateKeyDescription
+ Amazonka.KMS.UpdateKeyDescription: newUpdateKeyDescriptionResponse :: UpdateKeyDescriptionResponse
+ Amazonka.KMS.UpdateKeyDescription: updateKeyDescription_description :: Lens' UpdateKeyDescription Text
+ Amazonka.KMS.UpdateKeyDescription: updateKeyDescription_keyId :: Lens' UpdateKeyDescription Text
+ Amazonka.KMS.UpdatePrimaryRegion: UpdatePrimaryRegion' :: Text -> Text -> UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: UpdatePrimaryRegionResponse' :: UpdatePrimaryRegionResponse
+ Amazonka.KMS.UpdatePrimaryRegion: [$sel:keyId:UpdatePrimaryRegion'] :: UpdatePrimaryRegion -> Text
+ Amazonka.KMS.UpdatePrimaryRegion: [$sel:primaryRegion:UpdatePrimaryRegion'] :: UpdatePrimaryRegion -> Text
+ Amazonka.KMS.UpdatePrimaryRegion: data UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: data UpdatePrimaryRegionResponse
+ Amazonka.KMS.UpdatePrimaryRegion: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance Amazonka.Data.Path.ToPath Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance Amazonka.Types.AWSRequest Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance Control.DeepSeq.NFData Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance Control.DeepSeq.NFData Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegionResponse
+ Amazonka.KMS.UpdatePrimaryRegion: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance Data.Hashable.Class.Hashable Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance GHC.Classes.Eq Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance GHC.Classes.Eq Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegionResponse
+ Amazonka.KMS.UpdatePrimaryRegion: instance GHC.Generics.Generic Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance GHC.Generics.Generic Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegionResponse
+ Amazonka.KMS.UpdatePrimaryRegion: instance GHC.Read.Read Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance GHC.Read.Read Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegionResponse
+ Amazonka.KMS.UpdatePrimaryRegion: instance GHC.Show.Show Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: instance GHC.Show.Show Amazonka.KMS.UpdatePrimaryRegion.UpdatePrimaryRegionResponse
+ Amazonka.KMS.UpdatePrimaryRegion: newUpdatePrimaryRegion :: Text -> Text -> UpdatePrimaryRegion
+ Amazonka.KMS.UpdatePrimaryRegion: newUpdatePrimaryRegionResponse :: UpdatePrimaryRegionResponse
+ Amazonka.KMS.UpdatePrimaryRegion: updatePrimaryRegion_keyId :: Lens' UpdatePrimaryRegion Text
+ Amazonka.KMS.UpdatePrimaryRegion: updatePrimaryRegion_primaryRegion :: Lens' UpdatePrimaryRegion Text
+ Amazonka.KMS.Verify: Verify' :: Maybe [Text] -> Maybe MessageType -> Text -> Sensitive Base64 -> Base64 -> SigningAlgorithmSpec -> Verify
+ Amazonka.KMS.Verify: VerifyResponse' :: Maybe Text -> Maybe Bool -> Maybe SigningAlgorithmSpec -> Int -> VerifyResponse
+ Amazonka.KMS.Verify: [$sel:grantTokens:Verify'] :: Verify -> Maybe [Text]
+ Amazonka.KMS.Verify: [$sel:httpStatus:VerifyResponse'] :: VerifyResponse -> Int
+ Amazonka.KMS.Verify: [$sel:keyId:Verify'] :: Verify -> Text
+ Amazonka.KMS.Verify: [$sel:keyId:VerifyResponse'] :: VerifyResponse -> Maybe Text
+ Amazonka.KMS.Verify: [$sel:message:Verify'] :: Verify -> Sensitive Base64
+ Amazonka.KMS.Verify: [$sel:messageType:Verify'] :: Verify -> Maybe MessageType
+ Amazonka.KMS.Verify: [$sel:signature:Verify'] :: Verify -> Base64
+ Amazonka.KMS.Verify: [$sel:signatureValid:VerifyResponse'] :: VerifyResponse -> Maybe Bool
+ Amazonka.KMS.Verify: [$sel:signingAlgorithm:Verify'] :: Verify -> SigningAlgorithmSpec
+ Amazonka.KMS.Verify: [$sel:signingAlgorithm:VerifyResponse'] :: VerifyResponse -> Maybe SigningAlgorithmSpec
+ Amazonka.KMS.Verify: data Verify
+ Amazonka.KMS.Verify: data VerifyResponse
+ Amazonka.KMS.Verify: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance Amazonka.Data.Path.ToPath Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance Amazonka.Types.AWSRequest Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance Control.DeepSeq.NFData Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance Control.DeepSeq.NFData Amazonka.KMS.Verify.VerifyResponse
+ Amazonka.KMS.Verify: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance Data.Hashable.Class.Hashable Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance GHC.Classes.Eq Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance GHC.Classes.Eq Amazonka.KMS.Verify.VerifyResponse
+ Amazonka.KMS.Verify: instance GHC.Generics.Generic Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance GHC.Generics.Generic Amazonka.KMS.Verify.VerifyResponse
+ Amazonka.KMS.Verify: instance GHC.Read.Read Amazonka.KMS.Verify.VerifyResponse
+ Amazonka.KMS.Verify: instance GHC.Show.Show Amazonka.KMS.Verify.Verify
+ Amazonka.KMS.Verify: instance GHC.Show.Show Amazonka.KMS.Verify.VerifyResponse
+ Amazonka.KMS.Verify: newVerify :: Text -> ByteString -> ByteString -> SigningAlgorithmSpec -> Verify
+ Amazonka.KMS.Verify: newVerifyResponse :: Int -> VerifyResponse
+ Amazonka.KMS.Verify: verifyResponse_httpStatus :: Lens' VerifyResponse Int
+ Amazonka.KMS.Verify: verifyResponse_keyId :: Lens' VerifyResponse (Maybe Text)
+ Amazonka.KMS.Verify: verifyResponse_signatureValid :: Lens' VerifyResponse (Maybe Bool)
+ Amazonka.KMS.Verify: verifyResponse_signingAlgorithm :: Lens' VerifyResponse (Maybe SigningAlgorithmSpec)
+ Amazonka.KMS.Verify: verify_grantTokens :: Lens' Verify (Maybe [Text])
+ Amazonka.KMS.Verify: verify_keyId :: Lens' Verify Text
+ Amazonka.KMS.Verify: verify_message :: Lens' Verify ByteString
+ Amazonka.KMS.Verify: verify_messageType :: Lens' Verify (Maybe MessageType)
+ Amazonka.KMS.Verify: verify_signature :: Lens' Verify ByteString
+ Amazonka.KMS.Verify: verify_signingAlgorithm :: Lens' Verify SigningAlgorithmSpec
+ Amazonka.KMS.VerifyMac: VerifyMac' :: Maybe [Text] -> Sensitive Base64 -> Text -> MacAlgorithmSpec -> Base64 -> VerifyMac
+ Amazonka.KMS.VerifyMac: VerifyMacResponse' :: Maybe Text -> Maybe MacAlgorithmSpec -> Maybe Bool -> Int -> VerifyMacResponse
+ Amazonka.KMS.VerifyMac: [$sel:grantTokens:VerifyMac'] :: VerifyMac -> Maybe [Text]
+ Amazonka.KMS.VerifyMac: [$sel:httpStatus:VerifyMacResponse'] :: VerifyMacResponse -> Int
+ Amazonka.KMS.VerifyMac: [$sel:keyId:VerifyMac'] :: VerifyMac -> Text
+ Amazonka.KMS.VerifyMac: [$sel:keyId:VerifyMacResponse'] :: VerifyMacResponse -> Maybe Text
+ Amazonka.KMS.VerifyMac: [$sel:mac:VerifyMac'] :: VerifyMac -> Base64
+ Amazonka.KMS.VerifyMac: [$sel:macAlgorithm:VerifyMac'] :: VerifyMac -> MacAlgorithmSpec
+ Amazonka.KMS.VerifyMac: [$sel:macAlgorithm:VerifyMacResponse'] :: VerifyMacResponse -> Maybe MacAlgorithmSpec
+ Amazonka.KMS.VerifyMac: [$sel:macValid:VerifyMacResponse'] :: VerifyMacResponse -> Maybe Bool
+ Amazonka.KMS.VerifyMac: [$sel:message:VerifyMac'] :: VerifyMac -> Sensitive Base64
+ Amazonka.KMS.VerifyMac: data VerifyMac
+ Amazonka.KMS.VerifyMac: data VerifyMacResponse
+ Amazonka.KMS.VerifyMac: instance Amazonka.Data.Headers.ToHeaders Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance Amazonka.Data.Path.ToPath Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance Amazonka.Data.Query.ToQuery Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance Amazonka.Types.AWSRequest Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance Control.DeepSeq.NFData Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance Control.DeepSeq.NFData Amazonka.KMS.VerifyMac.VerifyMacResponse
+ Amazonka.KMS.VerifyMac: instance Data.Aeson.Types.ToJSON.ToJSON Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance Data.Hashable.Class.Hashable Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance GHC.Classes.Eq Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance GHC.Classes.Eq Amazonka.KMS.VerifyMac.VerifyMacResponse
+ Amazonka.KMS.VerifyMac: instance GHC.Generics.Generic Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance GHC.Generics.Generic Amazonka.KMS.VerifyMac.VerifyMacResponse
+ Amazonka.KMS.VerifyMac: instance GHC.Read.Read Amazonka.KMS.VerifyMac.VerifyMacResponse
+ Amazonka.KMS.VerifyMac: instance GHC.Show.Show Amazonka.KMS.VerifyMac.VerifyMac
+ Amazonka.KMS.VerifyMac: instance GHC.Show.Show Amazonka.KMS.VerifyMac.VerifyMacResponse
+ Amazonka.KMS.VerifyMac: newVerifyMac :: ByteString -> Text -> MacAlgorithmSpec -> ByteString -> VerifyMac
+ Amazonka.KMS.VerifyMac: newVerifyMacResponse :: Int -> VerifyMacResponse
+ Amazonka.KMS.VerifyMac: verifyMacResponse_httpStatus :: Lens' VerifyMacResponse Int
+ Amazonka.KMS.VerifyMac: verifyMacResponse_keyId :: Lens' VerifyMacResponse (Maybe Text)
+ Amazonka.KMS.VerifyMac: verifyMacResponse_macAlgorithm :: Lens' VerifyMacResponse (Maybe MacAlgorithmSpec)
+ Amazonka.KMS.VerifyMac: verifyMacResponse_macValid :: Lens' VerifyMacResponse (Maybe Bool)
+ Amazonka.KMS.VerifyMac: verifyMac_grantTokens :: Lens' VerifyMac (Maybe [Text])
+ Amazonka.KMS.VerifyMac: verifyMac_keyId :: Lens' VerifyMac Text
+ Amazonka.KMS.VerifyMac: verifyMac_mac :: Lens' VerifyMac ByteString
+ Amazonka.KMS.VerifyMac: verifyMac_macAlgorithm :: Lens' VerifyMac MacAlgorithmSpec
+ Amazonka.KMS.VerifyMac: verifyMac_message :: Lens' VerifyMac ByteString
Files
- README.md +3/−4
- Setup.hs +0/−2
- amazonka-kms.cabal +156/−109
- fixture/CancelKeyDeletion.yaml +10/−0
- fixture/ConnectCustomKeyStore.yaml +10/−0
- fixture/ConnectCustomKeyStoreResponse.proto +0/−0
- fixture/CreateAlias.yaml +10/−0
- fixture/CreateCustomKeyStore.yaml +10/−0
- fixture/CreateCustomKeyStoreResponse.proto +0/−0
- fixture/CreateGrant.yaml +10/−0
- fixture/CreateKey.yaml +10/−0
- fixture/Decrypt.yaml +10/−0
- fixture/DeleteAlias.yaml +10/−0
- fixture/DeleteCustomKeyStore.yaml +10/−0
- fixture/DeleteCustomKeyStoreResponse.proto +0/−0
- fixture/DeleteImportedKeyMaterial.yaml +10/−0
- fixture/DescribeCustomKeyStores.yaml +10/−0
- fixture/DescribeCustomKeyStoresResponse.proto +0/−0
- fixture/DescribeKey.yaml +10/−0
- fixture/DisableKey.yaml +10/−0
- fixture/DisableKeyRotation.yaml +10/−0
- fixture/DisconnectCustomKeyStore.yaml +10/−0
- fixture/DisconnectCustomKeyStoreResponse.proto +0/−0
- fixture/EnableKey.yaml +10/−0
- fixture/EnableKeyRotation.yaml +10/−0
- fixture/Encrypt.yaml +10/−0
- fixture/GenerateDataKey.yaml +10/−0
- fixture/GenerateDataKeyPair.yaml +10/−0
- fixture/GenerateDataKeyPairResponse.proto +0/−0
- fixture/GenerateDataKeyPairWithoutPlaintext.yaml +10/−0
- fixture/GenerateDataKeyPairWithoutPlaintextResponse.proto +0/−0
- fixture/GenerateDataKeyWithoutPlaintext.yaml +10/−0
- fixture/GenerateMac.yaml +10/−0
- fixture/GenerateMacResponse.proto +0/−0
- fixture/GenerateRandom.yaml +10/−0
- fixture/GetKeyPolicy.yaml +10/−0
- fixture/GetKeyRotationStatus.yaml +10/−0
- fixture/GetParametersForImport.yaml +10/−0
- fixture/GetPublicKey.yaml +10/−0
- fixture/GetPublicKeyResponse.proto +0/−0
- fixture/ImportKeyMaterial.yaml +10/−0
- fixture/ListAliases.yaml +10/−0
- fixture/ListGrants.yaml +10/−0
- fixture/ListKeyPolicies.yaml +10/−0
- fixture/ListKeys.yaml +10/−0
- fixture/ListRetirableGrants.yaml +10/−0
- fixture/PutKeyPolicy.yaml +10/−0
- fixture/ReEncrypt.yaml +10/−0
- fixture/ReplicateKey.yaml +10/−0
- fixture/ReplicateKeyResponse.proto +0/−0
- fixture/RetireGrant.yaml +10/−0
- fixture/RevokeGrant.yaml +10/−0
- fixture/ScheduleKeyDeletion.yaml +10/−0
- fixture/Sign.yaml +10/−0
- fixture/SignResponse.proto +0/−0
- fixture/UpdateAlias.yaml +10/−0
- fixture/UpdateCustomKeyStore.yaml +10/−0
- fixture/UpdateCustomKeyStoreResponse.proto +0/−0
- fixture/UpdateKeyDescription.yaml +10/−0
- fixture/UpdatePrimaryRegion.yaml +10/−0
- fixture/UpdatePrimaryRegionResponse.proto +0/−0
- fixture/Verify.yaml +10/−0
- fixture/VerifyMac.yaml +10/−0
- fixture/VerifyMacResponse.proto +0/−0
- fixture/VerifyResponse.proto +0/−0
- gen/Amazonka/KMS.hs +758/−0
- gen/Amazonka/KMS/CancelKeyDeletion.hs +230/−0
- gen/Amazonka/KMS/ConnectCustomKeyStore.hs +267/−0
- gen/Amazonka/KMS/CreateAlias.hs +286/−0
- gen/Amazonka/KMS/CreateCustomKeyStore.hs +800/−0
- gen/Amazonka/KMS/CreateGrant.hs +650/−0
- gen/Amazonka/KMS/CreateKey.hs +1273/−0
- gen/Amazonka/KMS/Decrypt.hs +545/−0
- gen/Amazonka/KMS/DeleteAlias.hs +168/−0
- gen/Amazonka/KMS/DeleteCustomKeyStore.hs +224/−0
- gen/Amazonka/KMS/DeleteImportedKeyMaterial.hs +206/−0
- gen/Amazonka/KMS/DescribeCustomKeyStores.hs +383/−0
- gen/Amazonka/KMS/DescribeKey.hs +344/−0
- gen/Amazonka/KMS/DisableKey.hs +183/−0
- gen/Amazonka/KMS/DisableKeyRotation.hs +236/−0
- gen/Amazonka/KMS/DisconnectCustomKeyStore.hs +215/−0
- gen/Amazonka/KMS/EnableKey.hs +178/−0
- gen/Amazonka/KMS/EnableKeyRotation.hs +257/−0
- gen/Amazonka/KMS/Encrypt.hs +524/−0
- gen/Amazonka/KMS/GenerateDataKey.hs +558/−0
- gen/Amazonka/KMS/GenerateDataKeyPair.hs +534/−0
- gen/Amazonka/KMS/GenerateDataKeyPairWithoutPlaintext.hs +526/−0
- gen/Amazonka/KMS/GenerateDataKeyWithoutPlaintext.hs +492/−0
- gen/Amazonka/KMS/GenerateMac.hs +368/−0
- gen/Amazonka/KMS/GenerateRandom.hs +241/−0
- gen/Amazonka/KMS/GetKeyPolicy.hs +231/−0
- gen/Amazonka/KMS/GetKeyRotationStatus.hs +274/−0
- gen/Amazonka/KMS/GetParametersForImport.hs +375/−0
- gen/Amazonka/KMS/GetPublicKey.hs +488/−0
- gen/Amazonka/KMS/ImportKeyMaterial.hs +449/−0
- gen/Amazonka/KMS/Lens.hs +568/−0
- gen/Amazonka/KMS/ListAliases.hs +359/−0
- gen/Amazonka/KMS/ListGrants.hs +302/−0
- gen/Amazonka/KMS/ListKeyPolicies.hs +338/−0
- gen/Amazonka/KMS/ListKeys.hs +277/−0
- gen/Amazonka/KMS/ListResourceTags.hs +369/−0
- gen/Amazonka/KMS/ListRetirableGrants.hs +264/−0
- gen/Amazonka/KMS/PutKeyPolicy.hs +391/−0
- gen/Amazonka/KMS/ReEncrypt.hs +760/−0
- gen/Amazonka/KMS/ReplicateKey.hs +784/−0
- gen/Amazonka/KMS/RetireGrant.hs +237/−0
- gen/Amazonka/KMS/RevokeGrant.hs +222/−0
- gen/Amazonka/KMS/ScheduleKeyDeletion.hs +388/−0
- gen/Amazonka/KMS/Sign.hs +492/−0
- gen/Amazonka/KMS/TagResource.hs +254/−0
- gen/Amazonka/KMS/Types.hs +907/−0
- gen/Amazonka/KMS/Types/AlgorithmSpec.hs +76/−0
- gen/Amazonka/KMS/Types/AliasListEntry.hs +129/−0
- gen/Amazonka/KMS/Types/ConnectionErrorCodeType.hs +151/−0
- gen/Amazonka/KMS/Types/ConnectionStateType.hs +86/−0
- gen/Amazonka/KMS/Types/CustomKeyStoreType.hs +71/−0
- gen/Amazonka/KMS/Types/CustomKeyStoresListEntry.hs +756/−0
- gen/Amazonka/KMS/Types/CustomerMasterKeySpec.hs +126/−0
- gen/Amazonka/KMS/Types/DataKeyPairSpec.hs +101/−0
- gen/Amazonka/KMS/Types/DataKeySpec.hs +71/−0
- gen/Amazonka/KMS/Types/EncryptionAlgorithmSpec.hs +81/−0
- gen/Amazonka/KMS/Types/ExpirationModelType.hs +71/−0
- gen/Amazonka/KMS/Types/GrantConstraints.hs +156/−0
- gen/Amazonka/KMS/Types/GrantListEntry.hs +200/−0
- gen/Amazonka/KMS/Types/GrantOperation.hs +141/−0
- gen/Amazonka/KMS/Types/KeyListEntry.hs +83/−0
- gen/Amazonka/KMS/Types/KeyManagerType.hs +71/−0
- gen/Amazonka/KMS/Types/KeyMetadata.hs +663/−0
- gen/Amazonka/KMS/Types/KeySpec.hs +123/−0
- gen/Amazonka/KMS/Types/KeyState.hs +101/−0
- gen/Amazonka/KMS/Types/KeyUsageType.hs +76/−0
- gen/Amazonka/KMS/Types/ListGrantsResponse.hs +107/−0
- gen/Amazonka/KMS/Types/MacAlgorithmSpec.hs +81/−0
- gen/Amazonka/KMS/Types/MessageType.hs +71/−0
- gen/Amazonka/KMS/Types/MultiRegionConfiguration.hs +109/−0
- gen/Amazonka/KMS/Types/MultiRegionKey.hs +86/−0
- gen/Amazonka/KMS/Types/MultiRegionKeyType.hs +71/−0
- gen/Amazonka/KMS/Types/OriginType.hs +81/−0
- gen/Amazonka/KMS/Types/SigningAlgorithmSpec.hs +111/−0
- gen/Amazonka/KMS/Types/Tag.hs +101/−0
- gen/Amazonka/KMS/Types/WrappingKeySpec.hs +66/−0
- gen/Amazonka/KMS/Types/XksKeyConfigurationType.hs +84/−0
- gen/Amazonka/KMS/Types/XksProxyAuthenticationCredentialType.hs +113/−0
- gen/Amazonka/KMS/Types/XksProxyConfigurationType.hs +162/−0
- gen/Amazonka/KMS/Types/XksProxyConnectivityType.hs +71/−0
- gen/Amazonka/KMS/UntagResource.hs +223/−0
- gen/Amazonka/KMS/UpdateAlias.hs +283/−0
- gen/Amazonka/KMS/UpdateCustomKeyStore.hs +641/−0
- gen/Amazonka/KMS/UpdateKeyDescription.hs +208/−0
- gen/Amazonka/KMS/UpdatePrimaryRegion.hs +285/−0
- gen/Amazonka/KMS/Verify.hs +482/−0
- gen/Amazonka/KMS/VerifyMac.hs +378/−0
- gen/Amazonka/KMS/Waiters.hs +24/−0
- gen/Network/AWS/KMS.hs +0/−398
- gen/Network/AWS/KMS/CancelKeyDeletion.hs +0/−132
- gen/Network/AWS/KMS/CreateAlias.hs +0/−129
- gen/Network/AWS/KMS/CreateGrant.hs +0/−209
- gen/Network/AWS/KMS/CreateKey.hs +0/−195
- gen/Network/AWS/KMS/Decrypt.hs +0/−177
- gen/Network/AWS/KMS/DeleteAlias.hs +0/−111
- gen/Network/AWS/KMS/DeleteImportedKeyMaterial.hs +0/−115
- gen/Network/AWS/KMS/DescribeKey.hs +0/−143
- gen/Network/AWS/KMS/DisableKey.hs +0/−108
- gen/Network/AWS/KMS/DisableKeyRotation.hs +0/−107
- gen/Network/AWS/KMS/EnableKey.hs +0/−106
- gen/Network/AWS/KMS/EnableKeyRotation.hs +0/−106
- gen/Network/AWS/KMS/Encrypt.hs +0/−190
- gen/Network/AWS/KMS/GenerateDataKey.hs +0/−226
- gen/Network/AWS/KMS/GenerateDataKeyWithoutPlaintext.hs +0/−199
- gen/Network/AWS/KMS/GenerateRandom.hs +0/−133
- gen/Network/AWS/KMS/GetKeyPolicy.hs +0/−143
- gen/Network/AWS/KMS/GetKeyRotationStatus.hs +0/−135
- gen/Network/AWS/KMS/GetParametersForImport.hs +0/−195
- gen/Network/AWS/KMS/ImportKeyMaterial.hs +0/−187
- gen/Network/AWS/KMS/ListAliases.hs +0/−174
- gen/Network/AWS/KMS/ListGrants.hs +0/−128
- gen/Network/AWS/KMS/ListKeyPolicies.hs +0/−185
- gen/Network/AWS/KMS/ListKeys.hs +0/−172
- gen/Network/AWS/KMS/ListResourceTags.hs +0/−176
- gen/Network/AWS/KMS/ListRetirableGrants.hs +0/−122
- gen/Network/AWS/KMS/PutKeyPolicy.hs +0/−146
- gen/Network/AWS/KMS/ReEncrypt.hs +0/−204
- gen/Network/AWS/KMS/RetireGrant.hs +0/−137
- gen/Network/AWS/KMS/RevokeGrant.hs +0/−121
- gen/Network/AWS/KMS/ScheduleKeyDeletion.hs +0/−162
- gen/Network/AWS/KMS/TagResource.hs +0/−123
- gen/Network/AWS/KMS/Types.hs +0/−331
- gen/Network/AWS/KMS/Types/Product.hs +0/−530
- gen/Network/AWS/KMS/Types/Sum.hs +0/−299
- gen/Network/AWS/KMS/UntagResource.hs +0/−119
- gen/Network/AWS/KMS/UpdateAlias.hs +0/−125
- gen/Network/AWS/KMS/UpdateKeyDescription.hs +0/−122
- gen/Network/AWS/KMS/Waiters.hs +0/−21
- test/Main.hs +11/−9
- test/Test/AWS/Gen/KMS.hs +0/−669
- test/Test/AWS/KMS.hs +0/−26
- test/Test/AWS/KMS/Internal.hs +0/−16
- test/Test/Amazonka/Gen/KMS.hs +1038/−0
- test/Test/Amazonka/KMS.hs +20/−0
- test/Test/Amazonka/KMS/Internal.hs +8/−0
README.md view
@@ -7,9 +7,8 @@ ## Version--`1.6.1`-+ +`2.0` - Derived from API version @2014-11-01@ of the AWS service descriptions, licensed under Apache 2.0. ## Description @@ -26,7 +25,7 @@ The provided lenses should be compatible with any of the major lens libraries [lens](http://hackage.haskell.org/package/lens) or [lens-family-core](http://hackage.haskell.org/package/lens-family-core). -See [Network.AWS.KMS](http://hackage.haskell.org/package/amazonka-kms/docs/Network-AWS-KMS.html)+See [Amazonka.KMS](http://hackage.haskell.org/package/amazonka-kms/docs/Amazonka-KMS.html) or [the AWS documentation](https://aws.amazon.com/documentation/) to get started.
− Setup.hs
@@ -1,2 +0,0 @@-import Distribution.Simple-main = defaultMain
amazonka-kms.cabal view
@@ -1,120 +1,167 @@-name: amazonka-kms-version: 1.6.1-synopsis: Amazon Key Management Service SDK.-homepage: https://github.com/brendanhay/amazonka-bug-reports: https://github.com/brendanhay/amazonka/issues-license: MPL-2.0-license-file: LICENSE-author: Brendan Hay-maintainer: Brendan Hay <brendan.g.hay+amazonka@gmail.com>-copyright: Copyright (c) 2013-2018 Brendan Hay-category: Network, AWS, Cloud, Distributed Computing-build-type: Simple-cabal-version: >= 1.10-extra-source-files: README.md fixture/*.yaml fixture/*.proto src/.gitkeep+cabal-version: 2.2+name: amazonka-kms+version: 2.0+synopsis: Amazon Key Management Service SDK.+homepage: https://github.com/brendanhay/amazonka+bug-reports: https://github.com/brendanhay/amazonka/issues+license: MPL-2.0+license-file: LICENSE+author: Brendan Hay+maintainer:+ Brendan Hay <brendan.g.hay+amazonka@gmail.com>, Jack Kelly <jack@jackkelly.name>++copyright: Copyright (c) 2013-2023 Brendan Hay+category: AWS+build-type: Simple+extra-source-files:+ fixture/*.proto+ fixture/*.yaml+ README.md+ src/.gitkeep+ description:- The types from this library are intended to be used with- <http://hackage.haskell.org/package/amazonka amazonka>, which provides- mechanisms for specifying AuthN/AuthZ information, sending requests,- and receiving responses.- .- Lenses are used for constructing and manipulating types,- due to the depth of nesting of AWS types and transparency regarding- de/serialisation into more palatable Haskell values.- The provided lenses should be compatible with any of the major lens libraries- such as <http://hackage.haskell.org/package/lens lens> or- <http://hackage.haskell.org/package/lens-family-core lens-family-core>.- .- See "Network.AWS.KMS" or <https://aws.amazon.com/documentation/ the AWS documentation>- to get started.+ Derived from API version @2014-11-01@ of the AWS service descriptions, licensed under Apache 2.0.+ .+ The types from this library are intended to be used with <http://hackage.haskell.org/package/amazonka amazonka>,+ which provides mechanisms for specifying AuthN/AuthZ information, sending requests, and receiving responses.+ .+ It is recommended to use generic lenses or optics from packages such as <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify optional fields and deconstruct responses.+ .+ Generated lenses can be found in "Amazonka.KMS.Lens" and are+ suitable for use with a lens package such as <http://hackage.haskell.org/package/lens lens> or <http://hackage.haskell.org/package/lens-family-core lens-family-core>.+ .+ See "Amazonka.KMS" and the <https://aws.amazon.com/documentation/ AWS documentation> to get started. source-repository head- type: git- location: git://github.com/brendanhay/amazonka.git- subdir: amazonka-kms+ type: git+ location: git://github.com/brendanhay/amazonka.git+ subdir: amazonka-kms library- default-language: Haskell2010- hs-source-dirs: src gen-- ghc-options:- -Wall- -fwarn-incomplete-uni-patterns- -fwarn-incomplete-record-updates- -funbox-strict-fields-- exposed-modules:- Network.AWS.KMS- , Network.AWS.KMS.CancelKeyDeletion- , Network.AWS.KMS.CreateAlias- , Network.AWS.KMS.CreateGrant- , Network.AWS.KMS.CreateKey- , Network.AWS.KMS.Decrypt- , Network.AWS.KMS.DeleteAlias- , Network.AWS.KMS.DeleteImportedKeyMaterial- , Network.AWS.KMS.DescribeKey- , Network.AWS.KMS.DisableKey- , Network.AWS.KMS.DisableKeyRotation- , Network.AWS.KMS.EnableKey- , Network.AWS.KMS.EnableKeyRotation- , Network.AWS.KMS.Encrypt- , Network.AWS.KMS.GenerateDataKey- , Network.AWS.KMS.GenerateDataKeyWithoutPlaintext- , Network.AWS.KMS.GenerateRandom- , Network.AWS.KMS.GetKeyPolicy- , Network.AWS.KMS.GetKeyRotationStatus- , Network.AWS.KMS.GetParametersForImport- , Network.AWS.KMS.ImportKeyMaterial- , Network.AWS.KMS.ListAliases- , Network.AWS.KMS.ListGrants- , Network.AWS.KMS.ListKeyPolicies- , Network.AWS.KMS.ListKeys- , Network.AWS.KMS.ListResourceTags- , Network.AWS.KMS.ListRetirableGrants- , Network.AWS.KMS.PutKeyPolicy- , Network.AWS.KMS.ReEncrypt- , Network.AWS.KMS.RetireGrant- , Network.AWS.KMS.RevokeGrant- , Network.AWS.KMS.ScheduleKeyDeletion- , Network.AWS.KMS.TagResource- , Network.AWS.KMS.Types- , Network.AWS.KMS.UntagResource- , Network.AWS.KMS.UpdateAlias- , Network.AWS.KMS.UpdateKeyDescription- , Network.AWS.KMS.Waiters+ default-language: Haskell2010+ hs-source-dirs: src gen+ ghc-options:+ -Wall -fwarn-incomplete-uni-patterns+ -fwarn-incomplete-record-updates -funbox-strict-fields - other-modules:- Network.AWS.KMS.Types.Product- , Network.AWS.KMS.Types.Sum+ exposed-modules:+ Amazonka.KMS+ Amazonka.KMS.CancelKeyDeletion+ Amazonka.KMS.ConnectCustomKeyStore+ Amazonka.KMS.CreateAlias+ Amazonka.KMS.CreateCustomKeyStore+ Amazonka.KMS.CreateGrant+ Amazonka.KMS.CreateKey+ Amazonka.KMS.Decrypt+ Amazonka.KMS.DeleteAlias+ Amazonka.KMS.DeleteCustomKeyStore+ Amazonka.KMS.DeleteImportedKeyMaterial+ Amazonka.KMS.DescribeCustomKeyStores+ Amazonka.KMS.DescribeKey+ Amazonka.KMS.DisableKey+ Amazonka.KMS.DisableKeyRotation+ Amazonka.KMS.DisconnectCustomKeyStore+ Amazonka.KMS.EnableKey+ Amazonka.KMS.EnableKeyRotation+ Amazonka.KMS.Encrypt+ Amazonka.KMS.GenerateDataKey+ Amazonka.KMS.GenerateDataKeyPair+ Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext+ Amazonka.KMS.GenerateDataKeyWithoutPlaintext+ Amazonka.KMS.GenerateMac+ Amazonka.KMS.GenerateRandom+ Amazonka.KMS.GetKeyPolicy+ Amazonka.KMS.GetKeyRotationStatus+ Amazonka.KMS.GetParametersForImport+ Amazonka.KMS.GetPublicKey+ Amazonka.KMS.ImportKeyMaterial+ Amazonka.KMS.Lens+ Amazonka.KMS.ListAliases+ Amazonka.KMS.ListGrants+ Amazonka.KMS.ListKeyPolicies+ Amazonka.KMS.ListKeys+ Amazonka.KMS.ListResourceTags+ Amazonka.KMS.ListRetirableGrants+ Amazonka.KMS.PutKeyPolicy+ Amazonka.KMS.ReEncrypt+ Amazonka.KMS.ReplicateKey+ Amazonka.KMS.RetireGrant+ Amazonka.KMS.RevokeGrant+ Amazonka.KMS.ScheduleKeyDeletion+ Amazonka.KMS.Sign+ Amazonka.KMS.TagResource+ Amazonka.KMS.Types+ Amazonka.KMS.Types.AlgorithmSpec+ Amazonka.KMS.Types.AliasListEntry+ Amazonka.KMS.Types.ConnectionErrorCodeType+ Amazonka.KMS.Types.ConnectionStateType+ Amazonka.KMS.Types.CustomerMasterKeySpec+ Amazonka.KMS.Types.CustomKeyStoresListEntry+ Amazonka.KMS.Types.CustomKeyStoreType+ Amazonka.KMS.Types.DataKeyPairSpec+ Amazonka.KMS.Types.DataKeySpec+ Amazonka.KMS.Types.EncryptionAlgorithmSpec+ Amazonka.KMS.Types.ExpirationModelType+ Amazonka.KMS.Types.GrantConstraints+ Amazonka.KMS.Types.GrantListEntry+ Amazonka.KMS.Types.GrantOperation+ Amazonka.KMS.Types.KeyListEntry+ Amazonka.KMS.Types.KeyManagerType+ Amazonka.KMS.Types.KeyMetadata+ Amazonka.KMS.Types.KeySpec+ Amazonka.KMS.Types.KeyState+ Amazonka.KMS.Types.KeyUsageType+ Amazonka.KMS.Types.ListGrantsResponse+ Amazonka.KMS.Types.MacAlgorithmSpec+ Amazonka.KMS.Types.MessageType+ Amazonka.KMS.Types.MultiRegionConfiguration+ Amazonka.KMS.Types.MultiRegionKey+ Amazonka.KMS.Types.MultiRegionKeyType+ Amazonka.KMS.Types.OriginType+ Amazonka.KMS.Types.SigningAlgorithmSpec+ Amazonka.KMS.Types.Tag+ Amazonka.KMS.Types.WrappingKeySpec+ Amazonka.KMS.Types.XksKeyConfigurationType+ Amazonka.KMS.Types.XksProxyAuthenticationCredentialType+ Amazonka.KMS.Types.XksProxyConfigurationType+ Amazonka.KMS.Types.XksProxyConnectivityType+ Amazonka.KMS.UntagResource+ Amazonka.KMS.UpdateAlias+ Amazonka.KMS.UpdateCustomKeyStore+ Amazonka.KMS.UpdateKeyDescription+ Amazonka.KMS.UpdatePrimaryRegion+ Amazonka.KMS.Verify+ Amazonka.KMS.VerifyMac+ Amazonka.KMS.Waiters - build-depends:- amazonka-core == 1.6.1.*- , base >= 4.7 && < 5+ build-depends:+ , amazonka-core >=2.0 && <2.1+ , base >=4.12 && <5 test-suite amazonka-kms-test- type: exitcode-stdio-1.0- default-language: Haskell2010- hs-source-dirs: test- main-is: Main.hs-- ghc-options: -Wall -threaded+ type: exitcode-stdio-1.0+ default-language: Haskell2010+ hs-source-dirs: test+ main-is: Main.hs+ ghc-options: -Wall -threaded - -- This section is encoded by the template and any modules added by- -- hand outside these namespaces will not correctly be added to the- -- distribution package.- other-modules:- Test.AWS.KMS- , Test.AWS.Gen.KMS- , Test.AWS.KMS.Internal+ -- This section is encoded by the template and any modules added by+ -- hand outside these namespaces will not correctly be added to the+ -- distribution package.+ other-modules:+ Test.Amazonka.Gen.KMS+ Test.Amazonka.KMS+ Test.Amazonka.KMS.Internal - build-depends:- amazonka-core == 1.6.1.*- , amazonka-test == 1.6.1.*- , amazonka-kms- , base- , bytestring- , tasty- , tasty-hunit- , text- , time- , unordered-containers+ build-depends:+ , amazonka-core >=2.0 && <2.1+ , amazonka-kms+ , amazonka-test >=2.0 && <2.1+ , base+ , bytestring+ , case-insensitive+ , tasty+ , tasty-hunit+ , text+ , time+ , unordered-containers
fixture/CancelKeyDeletion.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/ConnectCustomKeyStore.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/ConnectCustomKeyStoreResponse.proto view
fixture/CreateAlias.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/CreateCustomKeyStore.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/CreateCustomKeyStoreResponse.proto view
fixture/CreateGrant.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/CreateKey.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/Decrypt.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/DeleteAlias.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/DeleteCustomKeyStore.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/DeleteCustomKeyStoreResponse.proto view
fixture/DeleteImportedKeyMaterial.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/DescribeCustomKeyStores.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/DescribeCustomKeyStoresResponse.proto view
fixture/DescribeKey.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/DisableKey.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/DisableKeyRotation.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/DisconnectCustomKeyStore.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/DisconnectCustomKeyStoreResponse.proto view
fixture/EnableKey.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/EnableKeyRotation.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/Encrypt.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/GenerateDataKey.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/GenerateDataKeyPair.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/GenerateDataKeyPairResponse.proto view
+ fixture/GenerateDataKeyPairWithoutPlaintext.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/GenerateDataKeyPairWithoutPlaintextResponse.proto view
fixture/GenerateDataKeyWithoutPlaintext.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/GenerateMac.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/GenerateMacResponse.proto view
fixture/GenerateRandom.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/GetKeyPolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/GetKeyRotationStatus.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/GetParametersForImport.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/GetPublicKey.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/GetPublicKeyResponse.proto view
fixture/ImportKeyMaterial.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/ListAliases.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/ListGrants.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/ListKeyPolicies.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/ListKeys.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/ListRetirableGrants.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/PutKeyPolicy.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/ReEncrypt.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/ReplicateKey.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/ReplicateKeyResponse.proto view
fixture/RetireGrant.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/RevokeGrant.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
fixture/ScheduleKeyDeletion.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/Sign.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/SignResponse.proto view
fixture/UpdateAlias.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/UpdateCustomKeyStore.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/UpdateCustomKeyStoreResponse.proto view
fixture/UpdateKeyDescription.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/UpdatePrimaryRegion.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/UpdatePrimaryRegionResponse.proto view
+ fixture/Verify.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/VerifyMac.yaml view
@@ -0,0 +1,10 @@+---+method: POST+headers:+ Authorization: AWS4-HMAC-SHA256 Credential=access/20091028/us-east-1/kms/aws4_request, SignedHeaders=content-type;host;x-amz-content-sha256;x-amz-date, Signature=?+ Host: kms.us-east-1.amazonaws.com+ Content-Type: application/x-www-form-urlencoded; charset=utf-8+ X-Amz-Content-SHA256: abcdef+ X-Amz-Date: 20091028T223200Z+body:+ ''
+ fixture/VerifyMacResponse.proto view
+ fixture/VerifyResponse.proto view
+ gen/Amazonka/KMS.hs view
@@ -0,0 +1,758 @@+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- |+-- Module : Amazonka.KMS+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Derived from API version @2014-11-01@ of the AWS service descriptions, licensed under Apache 2.0.+--+-- Key Management Service+--+-- Key Management Service (KMS) is an encryption and key management web+-- service. This guide describes the KMS operations that you can call+-- programmatically. For general information about KMS, see the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/ Key Management Service Developer Guide>+-- .+--+-- KMS has replaced the term /customer master key (CMK)/ with /KMS key/ and+-- /KMS key/. The concept has not changed. To prevent breaking changes, KMS+-- is keeping some variations of this term.+--+-- Amazon Web Services provides SDKs that consist of libraries and sample+-- code for various programming languages and platforms (Java, Ruby, .Net,+-- macOS, Android, etc.). The SDKs provide a convenient way to create+-- programmatic access to KMS and other Amazon Web Services services. For+-- example, the SDKs take care of tasks such as signing requests (see+-- below), managing errors, and retrying requests automatically. For more+-- information about the Amazon Web Services SDKs, including how to+-- download and install them, see+-- <http://aws.amazon.com/tools/ Tools for Amazon Web Services>.+--+-- We recommend that you use the Amazon Web Services SDKs to make+-- programmatic API calls to KMS.+--+-- If you need to use FIPS 140-2 validated cryptographic modules when+-- communicating with Amazon Web Services, use the FIPS endpoint in your+-- preferred Amazon Web Services Region. For more information about the+-- available FIPS endpoints, see+-- <https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region Service endpoints>+-- in the Key Management Service topic of the /Amazon Web Services General+-- Reference/.+--+-- All KMS API calls must be signed and be transmitted using Transport+-- Layer Security (TLS). KMS recommends you always use the latest supported+-- TLS version. Clients must also support cipher suites with Perfect+-- Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic+-- Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java+-- 7 and later support these modes.+--+-- __Signing Requests__+--+-- Requests must be signed by using an access key ID and a secret access+-- key. We strongly recommend that you /do not/ use your Amazon Web+-- Services account (root) access key ID and secret access key for everyday+-- work with KMS. Instead, use the access key ID and secret access key for+-- an IAM user. You can also use the Amazon Web Services Security Token+-- Service to generate temporary security credentials that you can use to+-- sign requests.+--+-- All KMS operations require+-- <https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Signature Version 4>.+--+-- __Logging API Requests__+--+-- KMS supports CloudTrail, a service that logs Amazon Web Services API+-- calls and related events for your Amazon Web Services account and+-- delivers them to an Amazon S3 bucket that you specify. By using the+-- information collected by CloudTrail, you can determine what requests+-- were made to KMS, who made the request, when it was made, and so on. To+-- learn more about CloudTrail, including how to turn it on and find your+-- log files, see the+-- <https://docs.aws.amazon.com/awscloudtrail/latest/userguide/ CloudTrail User Guide>.+--+-- __Additional Resources__+--+-- For more information about credentials and request signing, see the+-- following:+--+-- - <https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html Amazon Web Services Security Credentials>+-- - This topic provides general information about the types of+-- credentials used to access Amazon Web Services.+--+-- - <https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html Temporary Security Credentials>+-- - This section of the /IAM User Guide/ describes how to create and+-- use temporary security credentials.+--+-- - <https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Signature Version 4 Signing Process>+-- - This set of topics walks you through the process of signing a+-- request using an access key ID and a secret access key.+--+-- __Commonly Used API Operations__+--+-- Of the API operations discussed in this guide, the following will prove+-- the most useful for most applications. You will likely perform+-- operations other than these, such as creating keys and assigning+-- policies, by using the console.+--+-- - Encrypt+--+-- - Decrypt+--+-- - GenerateDataKey+--+-- - GenerateDataKeyWithoutPlaintext+module Amazonka.KMS+ ( -- * Service Configuration+ defaultService,++ -- * Errors+ -- $errors++ -- ** AlreadyExistsException+ _AlreadyExistsException,++ -- ** CloudHsmClusterInUseException+ _CloudHsmClusterInUseException,++ -- ** CloudHsmClusterInvalidConfigurationException+ _CloudHsmClusterInvalidConfigurationException,++ -- ** CloudHsmClusterNotActiveException+ _CloudHsmClusterNotActiveException,++ -- ** CloudHsmClusterNotFoundException+ _CloudHsmClusterNotFoundException,++ -- ** CloudHsmClusterNotRelatedException+ _CloudHsmClusterNotRelatedException,++ -- ** CustomKeyStoreHasCMKsException+ _CustomKeyStoreHasCMKsException,++ -- ** CustomKeyStoreInvalidStateException+ _CustomKeyStoreInvalidStateException,++ -- ** CustomKeyStoreNameInUseException+ _CustomKeyStoreNameInUseException,++ -- ** CustomKeyStoreNotFoundException+ _CustomKeyStoreNotFoundException,++ -- ** DependencyTimeoutException+ _DependencyTimeoutException,++ -- ** DisabledException+ _DisabledException,++ -- ** ExpiredImportTokenException+ _ExpiredImportTokenException,++ -- ** IncorrectKeyException+ _IncorrectKeyException,++ -- ** IncorrectKeyMaterialException+ _IncorrectKeyMaterialException,++ -- ** IncorrectTrustAnchorException+ _IncorrectTrustAnchorException,++ -- ** InvalidAliasNameException+ _InvalidAliasNameException,++ -- ** InvalidArnException+ _InvalidArnException,++ -- ** InvalidCiphertextException+ _InvalidCiphertextException,++ -- ** InvalidGrantIdException+ _InvalidGrantIdException,++ -- ** InvalidGrantTokenException+ _InvalidGrantTokenException,++ -- ** InvalidImportTokenException+ _InvalidImportTokenException,++ -- ** InvalidKeyUsageException+ _InvalidKeyUsageException,++ -- ** InvalidMarkerException+ _InvalidMarkerException,++ -- ** KMSInternalException+ _KMSInternalException,++ -- ** KMSInvalidMacException+ _KMSInvalidMacException,++ -- ** KMSInvalidSignatureException+ _KMSInvalidSignatureException,++ -- ** KMSInvalidStateException+ _KMSInvalidStateException,++ -- ** KeyUnavailableException+ _KeyUnavailableException,++ -- ** LimitExceededException+ _LimitExceededException,++ -- ** MalformedPolicyDocumentException+ _MalformedPolicyDocumentException,++ -- ** NotFoundException+ _NotFoundException,++ -- ** TagException+ _TagException,++ -- ** UnsupportedOperationException+ _UnsupportedOperationException,++ -- ** XksKeyAlreadyInUseException+ _XksKeyAlreadyInUseException,++ -- ** XksKeyInvalidConfigurationException+ _XksKeyInvalidConfigurationException,++ -- ** XksKeyNotFoundException+ _XksKeyNotFoundException,++ -- ** XksProxyIncorrectAuthenticationCredentialException+ _XksProxyIncorrectAuthenticationCredentialException,++ -- ** XksProxyInvalidConfigurationException+ _XksProxyInvalidConfigurationException,++ -- ** XksProxyInvalidResponseException+ _XksProxyInvalidResponseException,++ -- ** XksProxyUriEndpointInUseException+ _XksProxyUriEndpointInUseException,++ -- ** XksProxyUriInUseException+ _XksProxyUriInUseException,++ -- ** XksProxyUriUnreachableException+ _XksProxyUriUnreachableException,++ -- ** XksProxyVpcEndpointServiceInUseException+ _XksProxyVpcEndpointServiceInUseException,++ -- ** XksProxyVpcEndpointServiceInvalidConfigurationException+ _XksProxyVpcEndpointServiceInvalidConfigurationException,++ -- ** XksProxyVpcEndpointServiceNotFoundException+ _XksProxyVpcEndpointServiceNotFoundException,++ -- * Waiters+ -- $waiters++ -- * Operations+ -- $operations++ -- ** CancelKeyDeletion+ CancelKeyDeletion (CancelKeyDeletion'),+ newCancelKeyDeletion,+ CancelKeyDeletionResponse (CancelKeyDeletionResponse'),+ newCancelKeyDeletionResponse,++ -- ** ConnectCustomKeyStore+ ConnectCustomKeyStore (ConnectCustomKeyStore'),+ newConnectCustomKeyStore,+ ConnectCustomKeyStoreResponse (ConnectCustomKeyStoreResponse'),+ newConnectCustomKeyStoreResponse,++ -- ** CreateAlias+ CreateAlias (CreateAlias'),+ newCreateAlias,+ CreateAliasResponse (CreateAliasResponse'),+ newCreateAliasResponse,++ -- ** CreateCustomKeyStore+ CreateCustomKeyStore (CreateCustomKeyStore'),+ newCreateCustomKeyStore,+ CreateCustomKeyStoreResponse (CreateCustomKeyStoreResponse'),+ newCreateCustomKeyStoreResponse,++ -- ** CreateGrant+ CreateGrant (CreateGrant'),+ newCreateGrant,+ CreateGrantResponse (CreateGrantResponse'),+ newCreateGrantResponse,++ -- ** CreateKey+ CreateKey (CreateKey'),+ newCreateKey,+ CreateKeyResponse (CreateKeyResponse'),+ newCreateKeyResponse,++ -- ** Decrypt+ Decrypt (Decrypt'),+ newDecrypt,+ DecryptResponse (DecryptResponse'),+ newDecryptResponse,++ -- ** DeleteAlias+ DeleteAlias (DeleteAlias'),+ newDeleteAlias,+ DeleteAliasResponse (DeleteAliasResponse'),+ newDeleteAliasResponse,++ -- ** DeleteCustomKeyStore+ DeleteCustomKeyStore (DeleteCustomKeyStore'),+ newDeleteCustomKeyStore,+ DeleteCustomKeyStoreResponse (DeleteCustomKeyStoreResponse'),+ newDeleteCustomKeyStoreResponse,++ -- ** DeleteImportedKeyMaterial+ DeleteImportedKeyMaterial (DeleteImportedKeyMaterial'),+ newDeleteImportedKeyMaterial,+ DeleteImportedKeyMaterialResponse (DeleteImportedKeyMaterialResponse'),+ newDeleteImportedKeyMaterialResponse,++ -- ** DescribeCustomKeyStores (Paginated)+ DescribeCustomKeyStores (DescribeCustomKeyStores'),+ newDescribeCustomKeyStores,+ DescribeCustomKeyStoresResponse (DescribeCustomKeyStoresResponse'),+ newDescribeCustomKeyStoresResponse,++ -- ** DescribeKey+ DescribeKey (DescribeKey'),+ newDescribeKey,+ DescribeKeyResponse (DescribeKeyResponse'),+ newDescribeKeyResponse,++ -- ** DisableKey+ DisableKey (DisableKey'),+ newDisableKey,+ DisableKeyResponse (DisableKeyResponse'),+ newDisableKeyResponse,++ -- ** DisableKeyRotation+ DisableKeyRotation (DisableKeyRotation'),+ newDisableKeyRotation,+ DisableKeyRotationResponse (DisableKeyRotationResponse'),+ newDisableKeyRotationResponse,++ -- ** DisconnectCustomKeyStore+ DisconnectCustomKeyStore (DisconnectCustomKeyStore'),+ newDisconnectCustomKeyStore,+ DisconnectCustomKeyStoreResponse (DisconnectCustomKeyStoreResponse'),+ newDisconnectCustomKeyStoreResponse,++ -- ** EnableKey+ EnableKey (EnableKey'),+ newEnableKey,+ EnableKeyResponse (EnableKeyResponse'),+ newEnableKeyResponse,++ -- ** EnableKeyRotation+ EnableKeyRotation (EnableKeyRotation'),+ newEnableKeyRotation,+ EnableKeyRotationResponse (EnableKeyRotationResponse'),+ newEnableKeyRotationResponse,++ -- ** Encrypt+ Encrypt (Encrypt'),+ newEncrypt,+ EncryptResponse (EncryptResponse'),+ newEncryptResponse,++ -- ** GenerateDataKey+ GenerateDataKey (GenerateDataKey'),+ newGenerateDataKey,+ GenerateDataKeyResponse (GenerateDataKeyResponse'),+ newGenerateDataKeyResponse,++ -- ** GenerateDataKeyPair+ GenerateDataKeyPair (GenerateDataKeyPair'),+ newGenerateDataKeyPair,+ GenerateDataKeyPairResponse (GenerateDataKeyPairResponse'),+ newGenerateDataKeyPairResponse,++ -- ** GenerateDataKeyPairWithoutPlaintext+ GenerateDataKeyPairWithoutPlaintext (GenerateDataKeyPairWithoutPlaintext'),+ newGenerateDataKeyPairWithoutPlaintext,+ GenerateDataKeyPairWithoutPlaintextResponse (GenerateDataKeyPairWithoutPlaintextResponse'),+ newGenerateDataKeyPairWithoutPlaintextResponse,++ -- ** GenerateDataKeyWithoutPlaintext+ GenerateDataKeyWithoutPlaintext (GenerateDataKeyWithoutPlaintext'),+ newGenerateDataKeyWithoutPlaintext,+ GenerateDataKeyWithoutPlaintextResponse (GenerateDataKeyWithoutPlaintextResponse'),+ newGenerateDataKeyWithoutPlaintextResponse,++ -- ** GenerateMac+ GenerateMac (GenerateMac'),+ newGenerateMac,+ GenerateMacResponse (GenerateMacResponse'),+ newGenerateMacResponse,++ -- ** GenerateRandom+ GenerateRandom (GenerateRandom'),+ newGenerateRandom,+ GenerateRandomResponse (GenerateRandomResponse'),+ newGenerateRandomResponse,++ -- ** GetKeyPolicy+ GetKeyPolicy (GetKeyPolicy'),+ newGetKeyPolicy,+ GetKeyPolicyResponse (GetKeyPolicyResponse'),+ newGetKeyPolicyResponse,++ -- ** GetKeyRotationStatus+ GetKeyRotationStatus (GetKeyRotationStatus'),+ newGetKeyRotationStatus,+ GetKeyRotationStatusResponse (GetKeyRotationStatusResponse'),+ newGetKeyRotationStatusResponse,++ -- ** GetParametersForImport+ GetParametersForImport (GetParametersForImport'),+ newGetParametersForImport,+ GetParametersForImportResponse (GetParametersForImportResponse'),+ newGetParametersForImportResponse,++ -- ** GetPublicKey+ GetPublicKey (GetPublicKey'),+ newGetPublicKey,+ GetPublicKeyResponse (GetPublicKeyResponse'),+ newGetPublicKeyResponse,++ -- ** ImportKeyMaterial+ ImportKeyMaterial (ImportKeyMaterial'),+ newImportKeyMaterial,+ ImportKeyMaterialResponse (ImportKeyMaterialResponse'),+ newImportKeyMaterialResponse,++ -- ** ListAliases (Paginated)+ ListAliases (ListAliases'),+ newListAliases,+ ListAliasesResponse (ListAliasesResponse'),+ newListAliasesResponse,++ -- ** ListGrants (Paginated)+ ListGrants (ListGrants'),+ newListGrants,+ ListGrantsResponse (ListGrantsResponse'),+ newListGrantsResponse,++ -- ** ListKeyPolicies (Paginated)+ ListKeyPolicies (ListKeyPolicies'),+ newListKeyPolicies,+ ListKeyPoliciesResponse (ListKeyPoliciesResponse'),+ newListKeyPoliciesResponse,++ -- ** ListKeys (Paginated)+ ListKeys (ListKeys'),+ newListKeys,+ ListKeysResponse (ListKeysResponse'),+ newListKeysResponse,++ -- ** ListResourceTags (Paginated)+ ListResourceTags (ListResourceTags'),+ newListResourceTags,+ ListResourceTagsResponse (ListResourceTagsResponse'),+ newListResourceTagsResponse,++ -- ** ListRetirableGrants (Paginated)+ ListRetirableGrants (ListRetirableGrants'),+ newListRetirableGrants,+ ListGrantsResponse (ListGrantsResponse'),+ newListGrantsResponse,++ -- ** PutKeyPolicy+ PutKeyPolicy (PutKeyPolicy'),+ newPutKeyPolicy,+ PutKeyPolicyResponse (PutKeyPolicyResponse'),+ newPutKeyPolicyResponse,++ -- ** ReEncrypt+ ReEncrypt (ReEncrypt'),+ newReEncrypt,+ ReEncryptResponse (ReEncryptResponse'),+ newReEncryptResponse,++ -- ** ReplicateKey+ ReplicateKey (ReplicateKey'),+ newReplicateKey,+ ReplicateKeyResponse (ReplicateKeyResponse'),+ newReplicateKeyResponse,++ -- ** RetireGrant+ RetireGrant (RetireGrant'),+ newRetireGrant,+ RetireGrantResponse (RetireGrantResponse'),+ newRetireGrantResponse,++ -- ** RevokeGrant+ RevokeGrant (RevokeGrant'),+ newRevokeGrant,+ RevokeGrantResponse (RevokeGrantResponse'),+ newRevokeGrantResponse,++ -- ** ScheduleKeyDeletion+ ScheduleKeyDeletion (ScheduleKeyDeletion'),+ newScheduleKeyDeletion,+ ScheduleKeyDeletionResponse (ScheduleKeyDeletionResponse'),+ newScheduleKeyDeletionResponse,++ -- ** Sign+ Sign (Sign'),+ newSign,+ SignResponse (SignResponse'),+ newSignResponse,++ -- ** TagResource+ TagResource (TagResource'),+ newTagResource,+ TagResourceResponse (TagResourceResponse'),+ newTagResourceResponse,++ -- ** UntagResource+ UntagResource (UntagResource'),+ newUntagResource,+ UntagResourceResponse (UntagResourceResponse'),+ newUntagResourceResponse,++ -- ** UpdateAlias+ UpdateAlias (UpdateAlias'),+ newUpdateAlias,+ UpdateAliasResponse (UpdateAliasResponse'),+ newUpdateAliasResponse,++ -- ** UpdateCustomKeyStore+ UpdateCustomKeyStore (UpdateCustomKeyStore'),+ newUpdateCustomKeyStore,+ UpdateCustomKeyStoreResponse (UpdateCustomKeyStoreResponse'),+ newUpdateCustomKeyStoreResponse,++ -- ** UpdateKeyDescription+ UpdateKeyDescription (UpdateKeyDescription'),+ newUpdateKeyDescription,+ UpdateKeyDescriptionResponse (UpdateKeyDescriptionResponse'),+ newUpdateKeyDescriptionResponse,++ -- ** UpdatePrimaryRegion+ UpdatePrimaryRegion (UpdatePrimaryRegion'),+ newUpdatePrimaryRegion,+ UpdatePrimaryRegionResponse (UpdatePrimaryRegionResponse'),+ newUpdatePrimaryRegionResponse,++ -- ** Verify+ Verify (Verify'),+ newVerify,+ VerifyResponse (VerifyResponse'),+ newVerifyResponse,++ -- ** VerifyMac+ VerifyMac (VerifyMac'),+ newVerifyMac,+ VerifyMacResponse (VerifyMacResponse'),+ newVerifyMacResponse,++ -- * Types++ -- ** AlgorithmSpec+ AlgorithmSpec (..),++ -- ** ConnectionErrorCodeType+ ConnectionErrorCodeType (..),++ -- ** ConnectionStateType+ ConnectionStateType (..),++ -- ** CustomKeyStoreType+ CustomKeyStoreType (..),++ -- ** CustomerMasterKeySpec+ CustomerMasterKeySpec (..),++ -- ** DataKeyPairSpec+ DataKeyPairSpec (..),++ -- ** DataKeySpec+ DataKeySpec (..),++ -- ** EncryptionAlgorithmSpec+ EncryptionAlgorithmSpec (..),++ -- ** ExpirationModelType+ ExpirationModelType (..),++ -- ** GrantOperation+ GrantOperation (..),++ -- ** KeyManagerType+ KeyManagerType (..),++ -- ** KeySpec+ KeySpec (..),++ -- ** KeyState+ KeyState (..),++ -- ** KeyUsageType+ KeyUsageType (..),++ -- ** MacAlgorithmSpec+ MacAlgorithmSpec (..),++ -- ** MessageType+ MessageType (..),++ -- ** MultiRegionKeyType+ MultiRegionKeyType (..),++ -- ** OriginType+ OriginType (..),++ -- ** SigningAlgorithmSpec+ SigningAlgorithmSpec (..),++ -- ** WrappingKeySpec+ WrappingKeySpec (..),++ -- ** XksProxyConnectivityType+ XksProxyConnectivityType (..),++ -- ** AliasListEntry+ AliasListEntry (AliasListEntry'),+ newAliasListEntry,++ -- ** CustomKeyStoresListEntry+ CustomKeyStoresListEntry (CustomKeyStoresListEntry'),+ newCustomKeyStoresListEntry,++ -- ** GrantConstraints+ GrantConstraints (GrantConstraints'),+ newGrantConstraints,++ -- ** GrantListEntry+ GrantListEntry (GrantListEntry'),+ newGrantListEntry,++ -- ** KeyListEntry+ KeyListEntry (KeyListEntry'),+ newKeyListEntry,++ -- ** KeyMetadata+ KeyMetadata (KeyMetadata'),+ newKeyMetadata,++ -- ** ListGrantsResponse+ ListGrantsResponse (ListGrantsResponse'),+ newListGrantsResponse,++ -- ** MultiRegionConfiguration+ MultiRegionConfiguration (MultiRegionConfiguration'),+ newMultiRegionConfiguration,++ -- ** MultiRegionKey+ MultiRegionKey (MultiRegionKey'),+ newMultiRegionKey,++ -- ** Tag+ Tag (Tag'),+ newTag,++ -- ** XksKeyConfigurationType+ XksKeyConfigurationType (XksKeyConfigurationType'),+ newXksKeyConfigurationType,++ -- ** XksProxyAuthenticationCredentialType+ XksProxyAuthenticationCredentialType (XksProxyAuthenticationCredentialType'),+ newXksProxyAuthenticationCredentialType,++ -- ** XksProxyConfigurationType+ XksProxyConfigurationType (XksProxyConfigurationType'),+ newXksProxyConfigurationType,+ )+where++import Amazonka.KMS.CancelKeyDeletion+import Amazonka.KMS.ConnectCustomKeyStore+import Amazonka.KMS.CreateAlias+import Amazonka.KMS.CreateCustomKeyStore+import Amazonka.KMS.CreateGrant+import Amazonka.KMS.CreateKey+import Amazonka.KMS.Decrypt+import Amazonka.KMS.DeleteAlias+import Amazonka.KMS.DeleteCustomKeyStore+import Amazonka.KMS.DeleteImportedKeyMaterial+import Amazonka.KMS.DescribeCustomKeyStores+import Amazonka.KMS.DescribeKey+import Amazonka.KMS.DisableKey+import Amazonka.KMS.DisableKeyRotation+import Amazonka.KMS.DisconnectCustomKeyStore+import Amazonka.KMS.EnableKey+import Amazonka.KMS.EnableKeyRotation+import Amazonka.KMS.Encrypt+import Amazonka.KMS.GenerateDataKey+import Amazonka.KMS.GenerateDataKeyPair+import Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext+import Amazonka.KMS.GenerateDataKeyWithoutPlaintext+import Amazonka.KMS.GenerateMac+import Amazonka.KMS.GenerateRandom+import Amazonka.KMS.GetKeyPolicy+import Amazonka.KMS.GetKeyRotationStatus+import Amazonka.KMS.GetParametersForImport+import Amazonka.KMS.GetPublicKey+import Amazonka.KMS.ImportKeyMaterial+import Amazonka.KMS.Lens+import Amazonka.KMS.ListAliases+import Amazonka.KMS.ListGrants+import Amazonka.KMS.ListKeyPolicies+import Amazonka.KMS.ListKeys+import Amazonka.KMS.ListResourceTags+import Amazonka.KMS.ListRetirableGrants+import Amazonka.KMS.PutKeyPolicy+import Amazonka.KMS.ReEncrypt+import Amazonka.KMS.ReplicateKey+import Amazonka.KMS.RetireGrant+import Amazonka.KMS.RevokeGrant+import Amazonka.KMS.ScheduleKeyDeletion+import Amazonka.KMS.Sign+import Amazonka.KMS.TagResource+import Amazonka.KMS.Types+import Amazonka.KMS.UntagResource+import Amazonka.KMS.UpdateAlias+import Amazonka.KMS.UpdateCustomKeyStore+import Amazonka.KMS.UpdateKeyDescription+import Amazonka.KMS.UpdatePrimaryRegion+import Amazonka.KMS.Verify+import Amazonka.KMS.VerifyMac+import Amazonka.KMS.Waiters++-- $errors+-- Error matchers are designed for use with the functions provided by+-- <http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.+-- This allows catching (and rethrowing) service specific errors returned+-- by 'KMS'.++-- $operations+-- Some AWS operations return results that are incomplete and require subsequent+-- requests in order to obtain the entire result set. The process of sending+-- subsequent requests to continue where a previous request left off is called+-- pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to+-- 1000 objects at a time, and you must send subsequent requests with the+-- appropriate Marker in order to retrieve the next page of results.+--+-- Operations that have an 'AWSPager' instance can transparently perform subsequent+-- requests, correctly setting Markers and other request facets to iterate through+-- the entire result set of a truncated API operation. Operations which support+-- this have an additional note in the documentation.+--+-- Many operations have the ability to filter results on the server side. See the+-- individual operation parameters for details.++-- $waiters+-- Waiters poll by repeatedly sending a request until some remote success condition+-- configured by the 'Wait' specification is fulfilled. The 'Wait' specification+-- determines how many attempts should be made, in addition to delay and retry strategies.
+ gen/Amazonka/KMS/CancelKeyDeletion.hs view
@@ -0,0 +1,230 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.CancelKeyDeletion+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Cancels the deletion of a KMS key. When this operation succeeds, the key+-- state of the KMS key is @Disabled@. To enable the KMS key, use+-- EnableKey.+--+-- For more information about scheduling and canceling deletion of a KMS+-- key, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html Deleting KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:CancelKeyDeletion>+-- (key policy)+--+-- __Related operations__: ScheduleKeyDeletion+module Amazonka.KMS.CancelKeyDeletion+ ( -- * Creating a Request+ CancelKeyDeletion (..),+ newCancelKeyDeletion,++ -- * Request Lenses+ cancelKeyDeletion_keyId,++ -- * Destructuring the Response+ CancelKeyDeletionResponse (..),+ newCancelKeyDeletionResponse,++ -- * Response Lenses+ cancelKeyDeletionResponse_keyId,+ cancelKeyDeletionResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newCancelKeyDeletion' smart constructor.+data CancelKeyDeletion = CancelKeyDeletion'+ { -- | Identifies the KMS key whose deletion is being canceled.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CancelKeyDeletion' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'cancelKeyDeletion_keyId' - Identifies the KMS key whose deletion is being canceled.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newCancelKeyDeletion ::+ -- | 'keyId'+ Prelude.Text ->+ CancelKeyDeletion+newCancelKeyDeletion pKeyId_ =+ CancelKeyDeletion' {keyId = pKeyId_}++-- | Identifies the KMS key whose deletion is being canceled.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+cancelKeyDeletion_keyId :: Lens.Lens' CancelKeyDeletion Prelude.Text+cancelKeyDeletion_keyId = Lens.lens (\CancelKeyDeletion' {keyId} -> keyId) (\s@CancelKeyDeletion' {} a -> s {keyId = a} :: CancelKeyDeletion)++instance Core.AWSRequest CancelKeyDeletion where+ type+ AWSResponse CancelKeyDeletion =+ CancelKeyDeletionResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ CancelKeyDeletionResponse'+ Prelude.<$> (x Data..?> "KeyId")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable CancelKeyDeletion where+ hashWithSalt _salt CancelKeyDeletion' {..} =+ _salt `Prelude.hashWithSalt` keyId++instance Prelude.NFData CancelKeyDeletion where+ rnf CancelKeyDeletion' {..} = Prelude.rnf keyId++instance Data.ToHeaders CancelKeyDeletion where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.CancelKeyDeletion" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON CancelKeyDeletion where+ toJSON CancelKeyDeletion' {..} =+ Data.object+ ( Prelude.catMaybes+ [Prelude.Just ("KeyId" Data..= keyId)]+ )++instance Data.ToPath CancelKeyDeletion where+ toPath = Prelude.const "/"++instance Data.ToQuery CancelKeyDeletion where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCancelKeyDeletionResponse' smart constructor.+data CancelKeyDeletionResponse = CancelKeyDeletionResponse'+ { -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key whose deletion is canceled.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CancelKeyDeletionResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'cancelKeyDeletionResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key whose deletion is canceled.+--+-- 'httpStatus', 'cancelKeyDeletionResponse_httpStatus' - The response's http status code.+newCancelKeyDeletionResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ CancelKeyDeletionResponse+newCancelKeyDeletionResponse pHttpStatus_ =+ CancelKeyDeletionResponse'+ { keyId = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key whose deletion is canceled.+cancelKeyDeletionResponse_keyId :: Lens.Lens' CancelKeyDeletionResponse (Prelude.Maybe Prelude.Text)+cancelKeyDeletionResponse_keyId = Lens.lens (\CancelKeyDeletionResponse' {keyId} -> keyId) (\s@CancelKeyDeletionResponse' {} a -> s {keyId = a} :: CancelKeyDeletionResponse)++-- | The response's http status code.+cancelKeyDeletionResponse_httpStatus :: Lens.Lens' CancelKeyDeletionResponse Prelude.Int+cancelKeyDeletionResponse_httpStatus = Lens.lens (\CancelKeyDeletionResponse' {httpStatus} -> httpStatus) (\s@CancelKeyDeletionResponse' {} a -> s {httpStatus = a} :: CancelKeyDeletionResponse)++instance Prelude.NFData CancelKeyDeletionResponse where+ rnf CancelKeyDeletionResponse' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/ConnectCustomKeyStore.hs view
@@ -0,0 +1,267 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ConnectCustomKeyStore+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Connects or reconnects a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>+-- to its backing key store. For an CloudHSM key store,+-- @ConnectCustomKeyStore@ connects the key store to its associated+-- CloudHSM cluster. For an external key store, @ConnectCustomKeyStore@+-- connects the key store to the external key store proxy that communicates+-- with your external key manager.+--+-- The custom key store must be connected before you can create KMS keys in+-- the key store or use the KMS keys it contains. You can disconnect and+-- reconnect a custom key store at any time.+--+-- The connection process for a custom key store can take an extended+-- amount of time to complete. This operation starts the connection+-- process, but it does not wait for it to complete. When it succeeds, this+-- operation quickly returns an HTTP 200 response and a JSON object with no+-- properties. However, this response does not indicate that the custom key+-- store is connected. To get the connection state of the custom key store,+-- use the DescribeCustomKeyStores operation.+--+-- This operation is part of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key stores>+-- feature in KMS, which combines the convenience and extensive integration+-- of KMS with the isolation and control of a key store that you own and+-- manage.+--+-- The @ConnectCustomKeyStore@ operation might fail for various reasons. To+-- find the reason, use the DescribeCustomKeyStores operation and see the+-- @ConnectionErrorCode@ in the response. For help interpreting the+-- @ConnectionErrorCode@, see CustomKeyStoresListEntry.+--+-- To fix the failure, use the DisconnectCustomKeyStore operation to+-- disconnect the custom key store, correct the error, use the+-- UpdateCustomKeyStore operation if necessary, and then use+-- @ConnectCustomKeyStore@ again.+--+-- __CloudHSM key store__+--+-- During the connection process for an CloudHSM key store, KMS finds the+-- CloudHSM cluster that is associated with the custom key store, creates+-- the connection infrastructure, connects to the cluster, logs into the+-- CloudHSM client as the @kmsuser@ CU, and rotates its password.+--+-- To connect an CloudHSM key store, its associated CloudHSM cluster must+-- have at least one active HSM. To get the number of active HSMs in a+-- cluster, use the+-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>+-- operation. To add HSMs to the cluster, use the+-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html CreateHsm>+-- operation. Also, the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser kmsuser crypto user>+-- (CU) must not be logged into the cluster. This prevents KMS from using+-- this account to log in.+--+-- If you are having trouble connecting or disconnecting a CloudHSM key+-- store, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html Troubleshooting an CloudHSM key store>+-- in the /Key Management Service Developer Guide/.+--+-- __External key store__+--+-- When you connect an external key store that uses public endpoint+-- connectivity, KMS tests its ability to communicate with your external+-- key manager by sending a request via the external key store proxy.+--+-- When you connect to an external key store that uses VPC endpoint service+-- connectivity, KMS establishes the networking elements that it needs to+-- communicate with your external key manager via the external key store+-- proxy. This includes creating an interface endpoint to the VPC endpoint+-- service and a private hosted zone for traffic between KMS and the VPC+-- endpoint service.+--+-- To connect an external key store, KMS must be able to connect to the+-- external key store proxy, the external key store proxy must be able to+-- communicate with your external key manager, and the external key manager+-- must be available for cryptographic operations.+--+-- If you are having trouble connecting or disconnecting an external key+-- store, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html Troubleshooting an external key store>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a custom+-- key store in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ConnectCustomKeyStore>+-- (IAM policy)+--+-- __Related operations__+--+-- - CreateCustomKeyStore+--+-- - DeleteCustomKeyStore+--+-- - DescribeCustomKeyStores+--+-- - DisconnectCustomKeyStore+--+-- - UpdateCustomKeyStore+module Amazonka.KMS.ConnectCustomKeyStore+ ( -- * Creating a Request+ ConnectCustomKeyStore (..),+ newConnectCustomKeyStore,++ -- * Request Lenses+ connectCustomKeyStore_customKeyStoreId,++ -- * Destructuring the Response+ ConnectCustomKeyStoreResponse (..),+ newConnectCustomKeyStoreResponse,++ -- * Response Lenses+ connectCustomKeyStoreResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newConnectCustomKeyStore' smart constructor.+data ConnectCustomKeyStore = ConnectCustomKeyStore'+ { -- | Enter the key store ID of the custom key store that you want to connect.+ -- To find the ID of a custom key store, use the DescribeCustomKeyStores+ -- operation.+ customKeyStoreId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ConnectCustomKeyStore' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'customKeyStoreId', 'connectCustomKeyStore_customKeyStoreId' - Enter the key store ID of the custom key store that you want to connect.+-- To find the ID of a custom key store, use the DescribeCustomKeyStores+-- operation.+newConnectCustomKeyStore ::+ -- | 'customKeyStoreId'+ Prelude.Text ->+ ConnectCustomKeyStore+newConnectCustomKeyStore pCustomKeyStoreId_ =+ ConnectCustomKeyStore'+ { customKeyStoreId =+ pCustomKeyStoreId_+ }++-- | Enter the key store ID of the custom key store that you want to connect.+-- To find the ID of a custom key store, use the DescribeCustomKeyStores+-- operation.+connectCustomKeyStore_customKeyStoreId :: Lens.Lens' ConnectCustomKeyStore Prelude.Text+connectCustomKeyStore_customKeyStoreId = Lens.lens (\ConnectCustomKeyStore' {customKeyStoreId} -> customKeyStoreId) (\s@ConnectCustomKeyStore' {} a -> s {customKeyStoreId = a} :: ConnectCustomKeyStore)++instance Core.AWSRequest ConnectCustomKeyStore where+ type+ AWSResponse ConnectCustomKeyStore =+ ConnectCustomKeyStoreResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveEmpty+ ( \s h x ->+ ConnectCustomKeyStoreResponse'+ Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable ConnectCustomKeyStore where+ hashWithSalt _salt ConnectCustomKeyStore' {..} =+ _salt `Prelude.hashWithSalt` customKeyStoreId++instance Prelude.NFData ConnectCustomKeyStore where+ rnf ConnectCustomKeyStore' {..} =+ Prelude.rnf customKeyStoreId++instance Data.ToHeaders ConnectCustomKeyStore where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.ConnectCustomKeyStore" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ConnectCustomKeyStore where+ toJSON ConnectCustomKeyStore' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just+ ("CustomKeyStoreId" Data..= customKeyStoreId)+ ]+ )++instance Data.ToPath ConnectCustomKeyStore where+ toPath = Prelude.const "/"++instance Data.ToQuery ConnectCustomKeyStore where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newConnectCustomKeyStoreResponse' smart constructor.+data ConnectCustomKeyStoreResponse = ConnectCustomKeyStoreResponse'+ { -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ConnectCustomKeyStoreResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'connectCustomKeyStoreResponse_httpStatus' - The response's http status code.+newConnectCustomKeyStoreResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ ConnectCustomKeyStoreResponse+newConnectCustomKeyStoreResponse pHttpStatus_ =+ ConnectCustomKeyStoreResponse'+ { httpStatus =+ pHttpStatus_+ }++-- | The response's http status code.+connectCustomKeyStoreResponse_httpStatus :: Lens.Lens' ConnectCustomKeyStoreResponse Prelude.Int+connectCustomKeyStoreResponse_httpStatus = Lens.lens (\ConnectCustomKeyStoreResponse' {httpStatus} -> httpStatus) (\s@ConnectCustomKeyStoreResponse' {} a -> s {httpStatus = a} :: ConnectCustomKeyStoreResponse)++instance Prelude.NFData ConnectCustomKeyStoreResponse where+ rnf ConnectCustomKeyStoreResponse' {..} =+ Prelude.rnf httpStatus
+ gen/Amazonka/KMS/CreateAlias.hs view
@@ -0,0 +1,286 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.CreateAlias+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates a friendly name for a KMS key.+--+-- Adding, deleting, or updating an alias can allow or deny permission to+-- the KMS key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- You can use an alias to identify a KMS key in the KMS console, in the+-- DescribeKey operation and in+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>,+-- such as Encrypt and GenerateDataKey. You can also change the KMS key+-- that\'s associated with the alias (UpdateAlias) or delete the alias+-- (DeleteAlias) at any time. These operations don\'t affect the underlying+-- KMS key.+--+-- You can associate the alias with any customer managed key in the same+-- Amazon Web Services Region. Each alias is associated with only one KMS+-- key at a time, but a KMS key can have multiple aliases. A valid KMS key+-- is required. You can\'t create an alias without a KMS key.+--+-- The alias must be unique in the account and Region, but you can have+-- aliases with the same name in different Regions. For detailed+-- information about aliases, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html Using aliases>+-- in the /Key Management Service Developer Guide/.+--+-- This operation does not return a response. To get the alias that you+-- created, use the ListAliases operation.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on an alias+-- in a different Amazon Web Services account.+--+-- __Required permissions__+--+-- - <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:CreateAlias>+-- on the alias (IAM policy).+--+-- - <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:CreateAlias>+-- on the KMS key (key policy).+--+-- For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access Controlling access to aliases>+-- in the /Key Management Service Developer Guide/.+--+-- __Related operations:__+--+-- - DeleteAlias+--+-- - ListAliases+--+-- - UpdateAlias+module Amazonka.KMS.CreateAlias+ ( -- * Creating a Request+ CreateAlias (..),+ newCreateAlias,++ -- * Request Lenses+ createAlias_aliasName,+ createAlias_targetKeyId,++ -- * Destructuring the Response+ CreateAliasResponse (..),+ newCreateAliasResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newCreateAlias' smart constructor.+data CreateAlias = CreateAlias'+ { -- | Specifies the alias name. This value must begin with @alias\/@ followed+ -- by a name, such as @alias\/ExampleAlias@.+ --+ -- The @AliasName@ value must be string of 1-256 characters. It can contain+ -- only alphanumeric characters, forward slashes (\/), underscores (_), and+ -- dashes (-). The alias name cannot begin with @alias\/aws\/@. The+ -- @alias\/aws\/@ prefix is reserved for+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed keys>.+ aliasName :: Prelude.Text,+ -- | Associates the alias with the specified+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>.+ -- The KMS key must be in the same Amazon Web Services Region.+ --+ -- A valid key ID is required. If you supply a null or empty string value,+ -- this operation returns an error.+ --+ -- For help finding the key ID and ARN, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn Finding the Key ID and ARN>+ -- in the //Key Management Service Developer Guide// .+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ targetKeyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateAlias' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'aliasName', 'createAlias_aliasName' - Specifies the alias name. This value must begin with @alias\/@ followed+-- by a name, such as @alias\/ExampleAlias@.+--+-- The @AliasName@ value must be string of 1-256 characters. It can contain+-- only alphanumeric characters, forward slashes (\/), underscores (_), and+-- dashes (-). The alias name cannot begin with @alias\/aws\/@. The+-- @alias\/aws\/@ prefix is reserved for+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed keys>.+--+-- 'targetKeyId', 'createAlias_targetKeyId' - Associates the alias with the specified+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>.+-- The KMS key must be in the same Amazon Web Services Region.+--+-- A valid key ID is required. If you supply a null or empty string value,+-- this operation returns an error.+--+-- For help finding the key ID and ARN, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn Finding the Key ID and ARN>+-- in the //Key Management Service Developer Guide// .+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newCreateAlias ::+ -- | 'aliasName'+ Prelude.Text ->+ -- | 'targetKeyId'+ Prelude.Text ->+ CreateAlias+newCreateAlias pAliasName_ pTargetKeyId_ =+ CreateAlias'+ { aliasName = pAliasName_,+ targetKeyId = pTargetKeyId_+ }++-- | Specifies the alias name. This value must begin with @alias\/@ followed+-- by a name, such as @alias\/ExampleAlias@.+--+-- The @AliasName@ value must be string of 1-256 characters. It can contain+-- only alphanumeric characters, forward slashes (\/), underscores (_), and+-- dashes (-). The alias name cannot begin with @alias\/aws\/@. The+-- @alias\/aws\/@ prefix is reserved for+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed keys>.+createAlias_aliasName :: Lens.Lens' CreateAlias Prelude.Text+createAlias_aliasName = Lens.lens (\CreateAlias' {aliasName} -> aliasName) (\s@CreateAlias' {} a -> s {aliasName = a} :: CreateAlias)++-- | Associates the alias with the specified+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>.+-- The KMS key must be in the same Amazon Web Services Region.+--+-- A valid key ID is required. If you supply a null or empty string value,+-- this operation returns an error.+--+-- For help finding the key ID and ARN, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn Finding the Key ID and ARN>+-- in the //Key Management Service Developer Guide// .+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+createAlias_targetKeyId :: Lens.Lens' CreateAlias Prelude.Text+createAlias_targetKeyId = Lens.lens (\CreateAlias' {targetKeyId} -> targetKeyId) (\s@CreateAlias' {} a -> s {targetKeyId = a} :: CreateAlias)++instance Core.AWSRequest CreateAlias where+ type AWSResponse CreateAlias = CreateAliasResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response = Response.receiveNull CreateAliasResponse'++instance Prelude.Hashable CreateAlias where+ hashWithSalt _salt CreateAlias' {..} =+ _salt+ `Prelude.hashWithSalt` aliasName+ `Prelude.hashWithSalt` targetKeyId++instance Prelude.NFData CreateAlias where+ rnf CreateAlias' {..} =+ Prelude.rnf aliasName+ `Prelude.seq` Prelude.rnf targetKeyId++instance Data.ToHeaders CreateAlias where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.CreateAlias" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON CreateAlias where+ toJSON CreateAlias' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("AliasName" Data..= aliasName),+ Prelude.Just ("TargetKeyId" Data..= targetKeyId)+ ]+ )++instance Data.ToPath CreateAlias where+ toPath = Prelude.const "/"++instance Data.ToQuery CreateAlias where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCreateAliasResponse' smart constructor.+data CreateAliasResponse = CreateAliasResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateAliasResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newCreateAliasResponse ::+ CreateAliasResponse+newCreateAliasResponse = CreateAliasResponse'++instance Prelude.NFData CreateAliasResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/CreateCustomKeyStore.hs view
@@ -0,0 +1,800 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.CreateCustomKeyStore+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>+-- backed by a key store that you own and manage. When you use a KMS key in+-- a custom key store for a cryptographic operation, the cryptographic+-- operation is actually performed in your key store using your keys. KMS+-- supports+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html CloudHSM key stores>+-- backed by an+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/clusters.html CloudHSM cluster>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html external key stores>+-- backed by an external key store proxy and external key manager outside+-- of Amazon Web Services.+--+-- This operation is part of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key stores>+-- feature in KMS, which combines the convenience and extensive integration+-- of KMS with the isolation and control of a key store that you own and+-- manage.+--+-- Before you create the custom key store, the required elements must be in+-- place and operational. We recommend that you use the test tools that KMS+-- provides to verify the configuration your external key store proxy. For+-- details about the required elements and verification tests, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore Assemble the prerequisites (for CloudHSM key stores)>+-- or+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements Assemble the prerequisites (for external key stores)>+-- in the /Key Management Service Developer Guide/.+--+-- To create a custom key store, use the following parameters.+--+-- - To create an CloudHSM key store, specify the @CustomKeyStoreName@,+-- @CloudHsmClusterId@, @KeyStorePassword@, and+-- @TrustAnchorCertificate@. The @CustomKeyStoreType@ parameter is+-- optional for CloudHSM key stores. If you include it, set it to the+-- default value, @AWS_CLOUDHSM@. For help with failures, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html Troubleshooting an CloudHSM key store>+-- in the /Key Management Service Developer Guide/.+--+-- - To create an external key store, specify the @CustomKeyStoreName@+-- and a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@. Also, specify+-- values for @XksProxyConnectivity@,+-- @XksProxyAuthenticationCredential@, @XksProxyUriEndpoint@, and+-- @XksProxyUriPath@. If your @XksProxyConnectivity@ value is+-- @VPC_ENDPOINT_SERVICE@, specify the @XksProxyVpcEndpointServiceName@+-- parameter. For help with failures, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html Troubleshooting an external key store>+-- in the /Key Management Service Developer Guide/.+--+-- For external key stores:+--+-- Some external key managers provide a simpler method for creating an+-- external key store. For details, see your external key manager+-- documentation.+--+-- When creating an external key store in the KMS console, you can upload a+-- JSON-based proxy configuration file with the desired values. You cannot+-- use a proxy configuration with the @CreateCustomKeyStore@ operation.+-- However, you can use the values in the file to help you determine the+-- correct values for the @CreateCustomKeyStore@ parameters.+--+-- When the operation completes successfully, it returns the ID of the new+-- custom key store. Before you can use your new custom key store, you need+-- to use the ConnectCustomKeyStore operation to connect a new CloudHSM key+-- store to its CloudHSM cluster, or to connect a new external key store to+-- the external key store proxy for your external key manager. Even if you+-- are not going to use your custom key store immediately, you might want+-- to connect it to verify that all settings are correct and then+-- disconnect it until you are ready to use it.+--+-- For help with failures, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html Troubleshooting a custom key store>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a custom+-- key store in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:CreateCustomKeyStore>+-- (IAM policy).+--+-- __Related operations:__+--+-- - ConnectCustomKeyStore+--+-- - DeleteCustomKeyStore+--+-- - DescribeCustomKeyStores+--+-- - DisconnectCustomKeyStore+--+-- - UpdateCustomKeyStore+module Amazonka.KMS.CreateCustomKeyStore+ ( -- * Creating a Request+ CreateCustomKeyStore (..),+ newCreateCustomKeyStore,++ -- * Request Lenses+ createCustomKeyStore_cloudHsmClusterId,+ createCustomKeyStore_customKeyStoreType,+ createCustomKeyStore_keyStorePassword,+ createCustomKeyStore_trustAnchorCertificate,+ createCustomKeyStore_xksProxyAuthenticationCredential,+ createCustomKeyStore_xksProxyConnectivity,+ createCustomKeyStore_xksProxyUriEndpoint,+ createCustomKeyStore_xksProxyUriPath,+ createCustomKeyStore_xksProxyVpcEndpointServiceName,+ createCustomKeyStore_customKeyStoreName,++ -- * Destructuring the Response+ CreateCustomKeyStoreResponse (..),+ newCreateCustomKeyStoreResponse,++ -- * Response Lenses+ createCustomKeyStoreResponse_customKeyStoreId,+ createCustomKeyStoreResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newCreateCustomKeyStore' smart constructor.+data CreateCustomKeyStore = CreateCustomKeyStore'+ { -- | Identifies the CloudHSM cluster for an CloudHSM key store. This+ -- parameter is required for custom key stores with @CustomKeyStoreType@ of+ -- @AWS_CLOUDHSM@.+ --+ -- Enter the cluster ID of any active CloudHSM cluster that is not already+ -- associated with a custom key store. To find the cluster ID, use the+ -- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>+ -- operation.+ cloudHsmClusterId :: Prelude.Maybe Prelude.Text,+ -- | Specifies the type of custom key store. The default value is+ -- @AWS_CLOUDHSM@.+ --+ -- For a custom key store backed by an CloudHSM cluster, omit the parameter+ -- or enter @AWS_CLOUDHSM@. For a custom key store backed by an external+ -- key manager outside of Amazon Web Services, enter @EXTERNAL_KEY_STORE@.+ -- You cannot change this property after the key store is created.+ customKeyStoreType :: Prelude.Maybe CustomKeyStoreType,+ -- | Specifies the @kmsuser@ password for an CloudHSM key store. This+ -- parameter is required for custom key stores with a @CustomKeyStoreType@+ -- of @AWS_CLOUDHSM@.+ --+ -- Enter the password of the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser kmsuser crypto user (CU) account>+ -- in the specified CloudHSM cluster. KMS logs into the cluster as this+ -- user to manage key material on your behalf.+ --+ -- The password must be a string of 7 to 32 characters. Its value is case+ -- sensitive.+ --+ -- This parameter tells KMS the @kmsuser@ account password; it does not+ -- change the password in the CloudHSM cluster.+ keyStorePassword :: Prelude.Maybe (Data.Sensitive Prelude.Text),+ -- | Specifies the certificate for an CloudHSM key store. This parameter is+ -- required for custom key stores with a @CustomKeyStoreType@ of+ -- @AWS_CLOUDHSM@.+ --+ -- Enter the content of the trust anchor certificate for the CloudHSM+ -- cluster. This is the content of the @customerCA.crt@ file that you+ -- created when you+ -- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html initialized the cluster>.+ trustAnchorCertificate :: Prelude.Maybe Prelude.Text,+ -- | Specifies an authentication credential for the external key store proxy+ -- (XKS proxy). This parameter is required for all custom key stores with a+ -- @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+ --+ -- The @XksProxyAuthenticationCredential@ has two required elements:+ -- @RawSecretAccessKey@, a secret key, and @AccessKeyId@, a unique+ -- identifier for the @RawSecretAccessKey@. For character requirements, see+ -- <kms/latest/APIReference/API_XksProxyAuthenticationCredentialType.html XksProxyAuthenticationCredentialType>.+ --+ -- KMS uses this authentication credential to sign requests to the external+ -- key store proxy on your behalf. This credential is unrelated to Identity+ -- and Access Management (IAM) and Amazon Web Services credentials.+ --+ -- This parameter doesn\'t set or change the authentication credentials on+ -- the XKS proxy. It just tells KMS the credential that you established on+ -- your external key store proxy. If you rotate your proxy authentication+ -- credential, use the UpdateCustomKeyStore operation to provide the new+ -- credential to KMS.+ xksProxyAuthenticationCredential :: Prelude.Maybe XksProxyAuthenticationCredentialType,+ -- | Indicates how KMS communicates with the external key store proxy. This+ -- parameter is required for custom key stores with a @CustomKeyStoreType@+ -- of @EXTERNAL_KEY_STORE@.+ --+ -- If the external key store proxy uses a public endpoint, specify+ -- @PUBLIC_ENDPOINT@. If the external key store proxy uses a Amazon VPC+ -- endpoint service for communication with KMS, specify+ -- @VPC_ENDPOINT_SERVICE@. For help making this choice, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/plan-xks-keystore.html#choose-xks-connectivity Choosing a connectivity option>+ -- in the /Key Management Service Developer Guide/.+ --+ -- An Amazon VPC endpoint service keeps your communication with KMS in a+ -- private address space entirely within Amazon Web Services, but it+ -- requires more configuration, including establishing a Amazon VPC with+ -- multiple subnets, a VPC endpoint service, a network load balancer, and a+ -- verified private DNS name. A public endpoint is simpler to set up, but+ -- it might be slower and might not fulfill your security requirements. You+ -- might consider testing with a public endpoint, and then establishing a+ -- VPC endpoint service for production tasks. Note that this choice does+ -- not determine the location of the external key store proxy. Even if you+ -- choose a VPC endpoint service, the proxy can be hosted within the VPC or+ -- outside of Amazon Web Services such as in your corporate data center.+ xksProxyConnectivity :: Prelude.Maybe XksProxyConnectivityType,+ -- | Specifies the endpoint that KMS uses to send requests to the external+ -- key store proxy (XKS proxy). This parameter is required for custom key+ -- stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+ --+ -- The protocol must be HTTPS. KMS communicates on port 443. Do not specify+ -- the port in the @XksProxyUriEndpoint@ value.+ --+ -- For external key stores with @XksProxyConnectivity@ value of+ -- @VPC_ENDPOINT_SERVICE@, specify @https:\/\/@ followed by the private DNS+ -- name of the VPC endpoint service.+ --+ -- For external key stores with @PUBLIC_ENDPOINT@ connectivity, this+ -- endpoint must be reachable before you create the custom key store. KMS+ -- connects to the external key store proxy while creating the custom key+ -- store. For external key stores with @VPC_ENDPOINT_SERVICE@ connectivity,+ -- KMS connects when you call the ConnectCustomKeyStore operation.+ --+ -- The value of this parameter must begin with @https:\/\/@. The remainder+ -- can contain upper and lower case letters (A-Z and a-z), numbers (0-9),+ -- dots (@.@), and hyphens (@-@). Additional slashes (@\/@ and @\\@) are+ -- not permitted.+ --+ -- __Uniqueness requirements:__+ --+ -- - The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must+ -- be unique in the Amazon Web Services account and Region.+ --+ -- - An external key store with @PUBLIC_ENDPOINT@ connectivity cannot use+ -- the same @XksProxyUriEndpoint@ value as an external key store with+ -- @VPC_ENDPOINT_SERVICE@ connectivity in the same Amazon Web Services+ -- Region.+ --+ -- - Each external key store with @VPC_ENDPOINT_SERVICE@ connectivity+ -- must have its own private DNS name. The @XksProxyUriEndpoint@ value+ -- for external key stores with @VPC_ENDPOINT_SERVICE@ connectivity+ -- (private DNS name) must be unique in the Amazon Web Services account+ -- and Region.+ xksProxyUriEndpoint :: Prelude.Maybe Prelude.Text,+ -- | Specifies the base path to the proxy APIs for this external key store.+ -- To find this value, see the documentation for your external key store+ -- proxy. This parameter is required for all custom key stores with a+ -- @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+ --+ -- The value must start with @\/@ and must end with @\/kms\/xks\/v1@ where+ -- @v1@ represents the version of the KMS external key store proxy API.+ -- This path can include an optional prefix between the required elements+ -- such as @\/@/@prefix@/@\/kms\/xks\/v1@.+ --+ -- __Uniqueness requirements:__+ --+ -- - The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must+ -- be unique in the Amazon Web Services account and Region.+ xksProxyUriPath :: Prelude.Maybe Prelude.Text,+ -- | Specifies the name of the Amazon VPC endpoint service for interface+ -- endpoints that is used to communicate with your external key store proxy+ -- (XKS proxy). This parameter is required when the value of+ -- @CustomKeyStoreType@ is @EXTERNAL_KEY_STORE@ and the value of+ -- @XksProxyConnectivity@ is @VPC_ENDPOINT_SERVICE@.+ --+ -- The Amazon VPC endpoint service must+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements fulfill all requirements>+ -- for use with an external key store.+ --+ -- __Uniqueness requirements:__+ --+ -- - External key stores with @VPC_ENDPOINT_SERVICE@ connectivity can+ -- share an Amazon VPC, but each external key store must have its own+ -- VPC endpoint service and private DNS name.+ xksProxyVpcEndpointServiceName :: Prelude.Maybe Prelude.Text,+ -- | Specifies a friendly name for the custom key store. The name must be+ -- unique in your Amazon Web Services account and Region. This parameter is+ -- required for all custom key stores.+ customKeyStoreName :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateCustomKeyStore' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'cloudHsmClusterId', 'createCustomKeyStore_cloudHsmClusterId' - Identifies the CloudHSM cluster for an CloudHSM key store. This+-- parameter is required for custom key stores with @CustomKeyStoreType@ of+-- @AWS_CLOUDHSM@.+--+-- Enter the cluster ID of any active CloudHSM cluster that is not already+-- associated with a custom key store. To find the cluster ID, use the+-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>+-- operation.+--+-- 'customKeyStoreType', 'createCustomKeyStore_customKeyStoreType' - Specifies the type of custom key store. The default value is+-- @AWS_CLOUDHSM@.+--+-- For a custom key store backed by an CloudHSM cluster, omit the parameter+-- or enter @AWS_CLOUDHSM@. For a custom key store backed by an external+-- key manager outside of Amazon Web Services, enter @EXTERNAL_KEY_STORE@.+-- You cannot change this property after the key store is created.+--+-- 'keyStorePassword', 'createCustomKeyStore_keyStorePassword' - Specifies the @kmsuser@ password for an CloudHSM key store. This+-- parameter is required for custom key stores with a @CustomKeyStoreType@+-- of @AWS_CLOUDHSM@.+--+-- Enter the password of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser kmsuser crypto user (CU) account>+-- in the specified CloudHSM cluster. KMS logs into the cluster as this+-- user to manage key material on your behalf.+--+-- The password must be a string of 7 to 32 characters. Its value is case+-- sensitive.+--+-- This parameter tells KMS the @kmsuser@ account password; it does not+-- change the password in the CloudHSM cluster.+--+-- 'trustAnchorCertificate', 'createCustomKeyStore_trustAnchorCertificate' - Specifies the certificate for an CloudHSM key store. This parameter is+-- required for custom key stores with a @CustomKeyStoreType@ of+-- @AWS_CLOUDHSM@.+--+-- Enter the content of the trust anchor certificate for the CloudHSM+-- cluster. This is the content of the @customerCA.crt@ file that you+-- created when you+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html initialized the cluster>.+--+-- 'xksProxyAuthenticationCredential', 'createCustomKeyStore_xksProxyAuthenticationCredential' - Specifies an authentication credential for the external key store proxy+-- (XKS proxy). This parameter is required for all custom key stores with a+-- @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- The @XksProxyAuthenticationCredential@ has two required elements:+-- @RawSecretAccessKey@, a secret key, and @AccessKeyId@, a unique+-- identifier for the @RawSecretAccessKey@. For character requirements, see+-- <kms/latest/APIReference/API_XksProxyAuthenticationCredentialType.html XksProxyAuthenticationCredentialType>.+--+-- KMS uses this authentication credential to sign requests to the external+-- key store proxy on your behalf. This credential is unrelated to Identity+-- and Access Management (IAM) and Amazon Web Services credentials.+--+-- This parameter doesn\'t set or change the authentication credentials on+-- the XKS proxy. It just tells KMS the credential that you established on+-- your external key store proxy. If you rotate your proxy authentication+-- credential, use the UpdateCustomKeyStore operation to provide the new+-- credential to KMS.+--+-- 'xksProxyConnectivity', 'createCustomKeyStore_xksProxyConnectivity' - Indicates how KMS communicates with the external key store proxy. This+-- parameter is required for custom key stores with a @CustomKeyStoreType@+-- of @EXTERNAL_KEY_STORE@.+--+-- If the external key store proxy uses a public endpoint, specify+-- @PUBLIC_ENDPOINT@. If the external key store proxy uses a Amazon VPC+-- endpoint service for communication with KMS, specify+-- @VPC_ENDPOINT_SERVICE@. For help making this choice, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/plan-xks-keystore.html#choose-xks-connectivity Choosing a connectivity option>+-- in the /Key Management Service Developer Guide/.+--+-- An Amazon VPC endpoint service keeps your communication with KMS in a+-- private address space entirely within Amazon Web Services, but it+-- requires more configuration, including establishing a Amazon VPC with+-- multiple subnets, a VPC endpoint service, a network load balancer, and a+-- verified private DNS name. A public endpoint is simpler to set up, but+-- it might be slower and might not fulfill your security requirements. You+-- might consider testing with a public endpoint, and then establishing a+-- VPC endpoint service for production tasks. Note that this choice does+-- not determine the location of the external key store proxy. Even if you+-- choose a VPC endpoint service, the proxy can be hosted within the VPC or+-- outside of Amazon Web Services such as in your corporate data center.+--+-- 'xksProxyUriEndpoint', 'createCustomKeyStore_xksProxyUriEndpoint' - Specifies the endpoint that KMS uses to send requests to the external+-- key store proxy (XKS proxy). This parameter is required for custom key+-- stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- The protocol must be HTTPS. KMS communicates on port 443. Do not specify+-- the port in the @XksProxyUriEndpoint@ value.+--+-- For external key stores with @XksProxyConnectivity@ value of+-- @VPC_ENDPOINT_SERVICE@, specify @https:\/\/@ followed by the private DNS+-- name of the VPC endpoint service.+--+-- For external key stores with @PUBLIC_ENDPOINT@ connectivity, this+-- endpoint must be reachable before you create the custom key store. KMS+-- connects to the external key store proxy while creating the custom key+-- store. For external key stores with @VPC_ENDPOINT_SERVICE@ connectivity,+-- KMS connects when you call the ConnectCustomKeyStore operation.+--+-- The value of this parameter must begin with @https:\/\/@. The remainder+-- can contain upper and lower case letters (A-Z and a-z), numbers (0-9),+-- dots (@.@), and hyphens (@-@). Additional slashes (@\/@ and @\\@) are+-- not permitted.+--+-- __Uniqueness requirements:__+--+-- - The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must+-- be unique in the Amazon Web Services account and Region.+--+-- - An external key store with @PUBLIC_ENDPOINT@ connectivity cannot use+-- the same @XksProxyUriEndpoint@ value as an external key store with+-- @VPC_ENDPOINT_SERVICE@ connectivity in the same Amazon Web Services+-- Region.+--+-- - Each external key store with @VPC_ENDPOINT_SERVICE@ connectivity+-- must have its own private DNS name. The @XksProxyUriEndpoint@ value+-- for external key stores with @VPC_ENDPOINT_SERVICE@ connectivity+-- (private DNS name) must be unique in the Amazon Web Services account+-- and Region.+--+-- 'xksProxyUriPath', 'createCustomKeyStore_xksProxyUriPath' - Specifies the base path to the proxy APIs for this external key store.+-- To find this value, see the documentation for your external key store+-- proxy. This parameter is required for all custom key stores with a+-- @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- The value must start with @\/@ and must end with @\/kms\/xks\/v1@ where+-- @v1@ represents the version of the KMS external key store proxy API.+-- This path can include an optional prefix between the required elements+-- such as @\/@/@prefix@/@\/kms\/xks\/v1@.+--+-- __Uniqueness requirements:__+--+-- - The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must+-- be unique in the Amazon Web Services account and Region.+--+-- 'xksProxyVpcEndpointServiceName', 'createCustomKeyStore_xksProxyVpcEndpointServiceName' - Specifies the name of the Amazon VPC endpoint service for interface+-- endpoints that is used to communicate with your external key store proxy+-- (XKS proxy). This parameter is required when the value of+-- @CustomKeyStoreType@ is @EXTERNAL_KEY_STORE@ and the value of+-- @XksProxyConnectivity@ is @VPC_ENDPOINT_SERVICE@.+--+-- The Amazon VPC endpoint service must+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements fulfill all requirements>+-- for use with an external key store.+--+-- __Uniqueness requirements:__+--+-- - External key stores with @VPC_ENDPOINT_SERVICE@ connectivity can+-- share an Amazon VPC, but each external key store must have its own+-- VPC endpoint service and private DNS name.+--+-- 'customKeyStoreName', 'createCustomKeyStore_customKeyStoreName' - Specifies a friendly name for the custom key store. The name must be+-- unique in your Amazon Web Services account and Region. This parameter is+-- required for all custom key stores.+newCreateCustomKeyStore ::+ -- | 'customKeyStoreName'+ Prelude.Text ->+ CreateCustomKeyStore+newCreateCustomKeyStore pCustomKeyStoreName_ =+ CreateCustomKeyStore'+ { cloudHsmClusterId =+ Prelude.Nothing,+ customKeyStoreType = Prelude.Nothing,+ keyStorePassword = Prelude.Nothing,+ trustAnchorCertificate = Prelude.Nothing,+ xksProxyAuthenticationCredential = Prelude.Nothing,+ xksProxyConnectivity = Prelude.Nothing,+ xksProxyUriEndpoint = Prelude.Nothing,+ xksProxyUriPath = Prelude.Nothing,+ xksProxyVpcEndpointServiceName = Prelude.Nothing,+ customKeyStoreName = pCustomKeyStoreName_+ }++-- | Identifies the CloudHSM cluster for an CloudHSM key store. This+-- parameter is required for custom key stores with @CustomKeyStoreType@ of+-- @AWS_CLOUDHSM@.+--+-- Enter the cluster ID of any active CloudHSM cluster that is not already+-- associated with a custom key store. To find the cluster ID, use the+-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>+-- operation.+createCustomKeyStore_cloudHsmClusterId :: Lens.Lens' CreateCustomKeyStore (Prelude.Maybe Prelude.Text)+createCustomKeyStore_cloudHsmClusterId = Lens.lens (\CreateCustomKeyStore' {cloudHsmClusterId} -> cloudHsmClusterId) (\s@CreateCustomKeyStore' {} a -> s {cloudHsmClusterId = a} :: CreateCustomKeyStore)++-- | Specifies the type of custom key store. The default value is+-- @AWS_CLOUDHSM@.+--+-- For a custom key store backed by an CloudHSM cluster, omit the parameter+-- or enter @AWS_CLOUDHSM@. For a custom key store backed by an external+-- key manager outside of Amazon Web Services, enter @EXTERNAL_KEY_STORE@.+-- You cannot change this property after the key store is created.+createCustomKeyStore_customKeyStoreType :: Lens.Lens' CreateCustomKeyStore (Prelude.Maybe CustomKeyStoreType)+createCustomKeyStore_customKeyStoreType = Lens.lens (\CreateCustomKeyStore' {customKeyStoreType} -> customKeyStoreType) (\s@CreateCustomKeyStore' {} a -> s {customKeyStoreType = a} :: CreateCustomKeyStore)++-- | Specifies the @kmsuser@ password for an CloudHSM key store. This+-- parameter is required for custom key stores with a @CustomKeyStoreType@+-- of @AWS_CLOUDHSM@.+--+-- Enter the password of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-store-concepts.html#concept-kmsuser kmsuser crypto user (CU) account>+-- in the specified CloudHSM cluster. KMS logs into the cluster as this+-- user to manage key material on your behalf.+--+-- The password must be a string of 7 to 32 characters. Its value is case+-- sensitive.+--+-- This parameter tells KMS the @kmsuser@ account password; it does not+-- change the password in the CloudHSM cluster.+createCustomKeyStore_keyStorePassword :: Lens.Lens' CreateCustomKeyStore (Prelude.Maybe Prelude.Text)+createCustomKeyStore_keyStorePassword = Lens.lens (\CreateCustomKeyStore' {keyStorePassword} -> keyStorePassword) (\s@CreateCustomKeyStore' {} a -> s {keyStorePassword = a} :: CreateCustomKeyStore) Prelude.. Lens.mapping Data._Sensitive++-- | Specifies the certificate for an CloudHSM key store. This parameter is+-- required for custom key stores with a @CustomKeyStoreType@ of+-- @AWS_CLOUDHSM@.+--+-- Enter the content of the trust anchor certificate for the CloudHSM+-- cluster. This is the content of the @customerCA.crt@ file that you+-- created when you+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html initialized the cluster>.+createCustomKeyStore_trustAnchorCertificate :: Lens.Lens' CreateCustomKeyStore (Prelude.Maybe Prelude.Text)+createCustomKeyStore_trustAnchorCertificate = Lens.lens (\CreateCustomKeyStore' {trustAnchorCertificate} -> trustAnchorCertificate) (\s@CreateCustomKeyStore' {} a -> s {trustAnchorCertificate = a} :: CreateCustomKeyStore)++-- | Specifies an authentication credential for the external key store proxy+-- (XKS proxy). This parameter is required for all custom key stores with a+-- @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- The @XksProxyAuthenticationCredential@ has two required elements:+-- @RawSecretAccessKey@, a secret key, and @AccessKeyId@, a unique+-- identifier for the @RawSecretAccessKey@. For character requirements, see+-- <kms/latest/APIReference/API_XksProxyAuthenticationCredentialType.html XksProxyAuthenticationCredentialType>.+--+-- KMS uses this authentication credential to sign requests to the external+-- key store proxy on your behalf. This credential is unrelated to Identity+-- and Access Management (IAM) and Amazon Web Services credentials.+--+-- This parameter doesn\'t set or change the authentication credentials on+-- the XKS proxy. It just tells KMS the credential that you established on+-- your external key store proxy. If you rotate your proxy authentication+-- credential, use the UpdateCustomKeyStore operation to provide the new+-- credential to KMS.+createCustomKeyStore_xksProxyAuthenticationCredential :: Lens.Lens' CreateCustomKeyStore (Prelude.Maybe XksProxyAuthenticationCredentialType)+createCustomKeyStore_xksProxyAuthenticationCredential = Lens.lens (\CreateCustomKeyStore' {xksProxyAuthenticationCredential} -> xksProxyAuthenticationCredential) (\s@CreateCustomKeyStore' {} a -> s {xksProxyAuthenticationCredential = a} :: CreateCustomKeyStore)++-- | Indicates how KMS communicates with the external key store proxy. This+-- parameter is required for custom key stores with a @CustomKeyStoreType@+-- of @EXTERNAL_KEY_STORE@.+--+-- If the external key store proxy uses a public endpoint, specify+-- @PUBLIC_ENDPOINT@. If the external key store proxy uses a Amazon VPC+-- endpoint service for communication with KMS, specify+-- @VPC_ENDPOINT_SERVICE@. For help making this choice, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/plan-xks-keystore.html#choose-xks-connectivity Choosing a connectivity option>+-- in the /Key Management Service Developer Guide/.+--+-- An Amazon VPC endpoint service keeps your communication with KMS in a+-- private address space entirely within Amazon Web Services, but it+-- requires more configuration, including establishing a Amazon VPC with+-- multiple subnets, a VPC endpoint service, a network load balancer, and a+-- verified private DNS name. A public endpoint is simpler to set up, but+-- it might be slower and might not fulfill your security requirements. You+-- might consider testing with a public endpoint, and then establishing a+-- VPC endpoint service for production tasks. Note that this choice does+-- not determine the location of the external key store proxy. Even if you+-- choose a VPC endpoint service, the proxy can be hosted within the VPC or+-- outside of Amazon Web Services such as in your corporate data center.+createCustomKeyStore_xksProxyConnectivity :: Lens.Lens' CreateCustomKeyStore (Prelude.Maybe XksProxyConnectivityType)+createCustomKeyStore_xksProxyConnectivity = Lens.lens (\CreateCustomKeyStore' {xksProxyConnectivity} -> xksProxyConnectivity) (\s@CreateCustomKeyStore' {} a -> s {xksProxyConnectivity = a} :: CreateCustomKeyStore)++-- | Specifies the endpoint that KMS uses to send requests to the external+-- key store proxy (XKS proxy). This parameter is required for custom key+-- stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- The protocol must be HTTPS. KMS communicates on port 443. Do not specify+-- the port in the @XksProxyUriEndpoint@ value.+--+-- For external key stores with @XksProxyConnectivity@ value of+-- @VPC_ENDPOINT_SERVICE@, specify @https:\/\/@ followed by the private DNS+-- name of the VPC endpoint service.+--+-- For external key stores with @PUBLIC_ENDPOINT@ connectivity, this+-- endpoint must be reachable before you create the custom key store. KMS+-- connects to the external key store proxy while creating the custom key+-- store. For external key stores with @VPC_ENDPOINT_SERVICE@ connectivity,+-- KMS connects when you call the ConnectCustomKeyStore operation.+--+-- The value of this parameter must begin with @https:\/\/@. The remainder+-- can contain upper and lower case letters (A-Z and a-z), numbers (0-9),+-- dots (@.@), and hyphens (@-@). Additional slashes (@\/@ and @\\@) are+-- not permitted.+--+-- __Uniqueness requirements:__+--+-- - The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must+-- be unique in the Amazon Web Services account and Region.+--+-- - An external key store with @PUBLIC_ENDPOINT@ connectivity cannot use+-- the same @XksProxyUriEndpoint@ value as an external key store with+-- @VPC_ENDPOINT_SERVICE@ connectivity in the same Amazon Web Services+-- Region.+--+-- - Each external key store with @VPC_ENDPOINT_SERVICE@ connectivity+-- must have its own private DNS name. The @XksProxyUriEndpoint@ value+-- for external key stores with @VPC_ENDPOINT_SERVICE@ connectivity+-- (private DNS name) must be unique in the Amazon Web Services account+-- and Region.+createCustomKeyStore_xksProxyUriEndpoint :: Lens.Lens' CreateCustomKeyStore (Prelude.Maybe Prelude.Text)+createCustomKeyStore_xksProxyUriEndpoint = Lens.lens (\CreateCustomKeyStore' {xksProxyUriEndpoint} -> xksProxyUriEndpoint) (\s@CreateCustomKeyStore' {} a -> s {xksProxyUriEndpoint = a} :: CreateCustomKeyStore)++-- | Specifies the base path to the proxy APIs for this external key store.+-- To find this value, see the documentation for your external key store+-- proxy. This parameter is required for all custom key stores with a+-- @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- The value must start with @\/@ and must end with @\/kms\/xks\/v1@ where+-- @v1@ represents the version of the KMS external key store proxy API.+-- This path can include an optional prefix between the required elements+-- such as @\/@/@prefix@/@\/kms\/xks\/v1@.+--+-- __Uniqueness requirements:__+--+-- - The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must+-- be unique in the Amazon Web Services account and Region.+createCustomKeyStore_xksProxyUriPath :: Lens.Lens' CreateCustomKeyStore (Prelude.Maybe Prelude.Text)+createCustomKeyStore_xksProxyUriPath = Lens.lens (\CreateCustomKeyStore' {xksProxyUriPath} -> xksProxyUriPath) (\s@CreateCustomKeyStore' {} a -> s {xksProxyUriPath = a} :: CreateCustomKeyStore)++-- | Specifies the name of the Amazon VPC endpoint service for interface+-- endpoints that is used to communicate with your external key store proxy+-- (XKS proxy). This parameter is required when the value of+-- @CustomKeyStoreType@ is @EXTERNAL_KEY_STORE@ and the value of+-- @XksProxyConnectivity@ is @VPC_ENDPOINT_SERVICE@.+--+-- The Amazon VPC endpoint service must+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements fulfill all requirements>+-- for use with an external key store.+--+-- __Uniqueness requirements:__+--+-- - External key stores with @VPC_ENDPOINT_SERVICE@ connectivity can+-- share an Amazon VPC, but each external key store must have its own+-- VPC endpoint service and private DNS name.+createCustomKeyStore_xksProxyVpcEndpointServiceName :: Lens.Lens' CreateCustomKeyStore (Prelude.Maybe Prelude.Text)+createCustomKeyStore_xksProxyVpcEndpointServiceName = Lens.lens (\CreateCustomKeyStore' {xksProxyVpcEndpointServiceName} -> xksProxyVpcEndpointServiceName) (\s@CreateCustomKeyStore' {} a -> s {xksProxyVpcEndpointServiceName = a} :: CreateCustomKeyStore)++-- | Specifies a friendly name for the custom key store. The name must be+-- unique in your Amazon Web Services account and Region. This parameter is+-- required for all custom key stores.+createCustomKeyStore_customKeyStoreName :: Lens.Lens' CreateCustomKeyStore Prelude.Text+createCustomKeyStore_customKeyStoreName = Lens.lens (\CreateCustomKeyStore' {customKeyStoreName} -> customKeyStoreName) (\s@CreateCustomKeyStore' {} a -> s {customKeyStoreName = a} :: CreateCustomKeyStore)++instance Core.AWSRequest CreateCustomKeyStore where+ type+ AWSResponse CreateCustomKeyStore =+ CreateCustomKeyStoreResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ CreateCustomKeyStoreResponse'+ Prelude.<$> (x Data..?> "CustomKeyStoreId")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable CreateCustomKeyStore where+ hashWithSalt _salt CreateCustomKeyStore' {..} =+ _salt+ `Prelude.hashWithSalt` cloudHsmClusterId+ `Prelude.hashWithSalt` customKeyStoreType+ `Prelude.hashWithSalt` keyStorePassword+ `Prelude.hashWithSalt` trustAnchorCertificate+ `Prelude.hashWithSalt` xksProxyAuthenticationCredential+ `Prelude.hashWithSalt` xksProxyConnectivity+ `Prelude.hashWithSalt` xksProxyUriEndpoint+ `Prelude.hashWithSalt` xksProxyUriPath+ `Prelude.hashWithSalt` xksProxyVpcEndpointServiceName+ `Prelude.hashWithSalt` customKeyStoreName++instance Prelude.NFData CreateCustomKeyStore where+ rnf CreateCustomKeyStore' {..} =+ Prelude.rnf cloudHsmClusterId+ `Prelude.seq` Prelude.rnf customKeyStoreType+ `Prelude.seq` Prelude.rnf keyStorePassword+ `Prelude.seq` Prelude.rnf trustAnchorCertificate+ `Prelude.seq` Prelude.rnf xksProxyAuthenticationCredential+ `Prelude.seq` Prelude.rnf xksProxyConnectivity+ `Prelude.seq` Prelude.rnf xksProxyUriEndpoint+ `Prelude.seq` Prelude.rnf xksProxyUriPath+ `Prelude.seq` Prelude.rnf xksProxyVpcEndpointServiceName+ `Prelude.seq` Prelude.rnf customKeyStoreName++instance Data.ToHeaders CreateCustomKeyStore where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.CreateCustomKeyStore" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON CreateCustomKeyStore where+ toJSON CreateCustomKeyStore' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("CloudHsmClusterId" Data..=)+ Prelude.<$> cloudHsmClusterId,+ ("CustomKeyStoreType" Data..=)+ Prelude.<$> customKeyStoreType,+ ("KeyStorePassword" Data..=)+ Prelude.<$> keyStorePassword,+ ("TrustAnchorCertificate" Data..=)+ Prelude.<$> trustAnchorCertificate,+ ("XksProxyAuthenticationCredential" Data..=)+ Prelude.<$> xksProxyAuthenticationCredential,+ ("XksProxyConnectivity" Data..=)+ Prelude.<$> xksProxyConnectivity,+ ("XksProxyUriEndpoint" Data..=)+ Prelude.<$> xksProxyUriEndpoint,+ ("XksProxyUriPath" Data..=)+ Prelude.<$> xksProxyUriPath,+ ("XksProxyVpcEndpointServiceName" Data..=)+ Prelude.<$> xksProxyVpcEndpointServiceName,+ Prelude.Just+ ("CustomKeyStoreName" Data..= customKeyStoreName)+ ]+ )++instance Data.ToPath CreateCustomKeyStore where+ toPath = Prelude.const "/"++instance Data.ToQuery CreateCustomKeyStore where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCreateCustomKeyStoreResponse' smart constructor.+data CreateCustomKeyStoreResponse = CreateCustomKeyStoreResponse'+ { -- | A unique identifier for the new custom key store.+ customKeyStoreId :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateCustomKeyStoreResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'customKeyStoreId', 'createCustomKeyStoreResponse_customKeyStoreId' - A unique identifier for the new custom key store.+--+-- 'httpStatus', 'createCustomKeyStoreResponse_httpStatus' - The response's http status code.+newCreateCustomKeyStoreResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ CreateCustomKeyStoreResponse+newCreateCustomKeyStoreResponse pHttpStatus_ =+ CreateCustomKeyStoreResponse'+ { customKeyStoreId =+ Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | A unique identifier for the new custom key store.+createCustomKeyStoreResponse_customKeyStoreId :: Lens.Lens' CreateCustomKeyStoreResponse (Prelude.Maybe Prelude.Text)+createCustomKeyStoreResponse_customKeyStoreId = Lens.lens (\CreateCustomKeyStoreResponse' {customKeyStoreId} -> customKeyStoreId) (\s@CreateCustomKeyStoreResponse' {} a -> s {customKeyStoreId = a} :: CreateCustomKeyStoreResponse)++-- | The response's http status code.+createCustomKeyStoreResponse_httpStatus :: Lens.Lens' CreateCustomKeyStoreResponse Prelude.Int+createCustomKeyStoreResponse_httpStatus = Lens.lens (\CreateCustomKeyStoreResponse' {httpStatus} -> httpStatus) (\s@CreateCustomKeyStoreResponse' {} a -> s {httpStatus = a} :: CreateCustomKeyStoreResponse)++instance Prelude.NFData CreateCustomKeyStoreResponse where+ rnf CreateCustomKeyStoreResponse' {..} =+ Prelude.rnf customKeyStoreId+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/CreateGrant.hs view
@@ -0,0 +1,650 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.CreateGrant+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Adds a grant to a KMS key.+--+-- A /grant/ is a policy instrument that allows Amazon Web Services+-- principals to use KMS keys in cryptographic operations. It also can+-- allow them to view a KMS key (DescribeKey) and create and manage grants.+-- When authorizing access to a KMS key, grants are considered along with+-- key policies and IAM policies. Grants are often used for temporary+-- permissions because you can create one, use its permissions, and delete+-- it without changing your key policies or IAM policies.+--+-- For detailed information about grants, including grant terminology, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants in KMS>+-- in the //Key Management Service Developer Guide// . For examples of+-- working with grants in several programming languages, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.+--+-- The @CreateGrant@ operation returns a @GrantToken@ and a @GrantId@.+--+-- - When you create, retire, or revoke a grant, there might be a brief+-- delay, usually less than five minutes, until the grant is available+-- throughout KMS. This state is known as /eventual consistency/. Once+-- the grant has achieved eventual consistency, the grantee principal+-- can use the permissions in the grant without identifying the grant.+--+-- However, to use the permissions in the grant immediately, use the+-- @GrantToken@ that @CreateGrant@ returns. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the //Key Management Service Developer Guide// .+--+-- - The @CreateGrant@ operation also returns a @GrantId@. You can use+-- the @GrantId@ and a key identifier to identify the grant in the+-- RetireGrant and RevokeGrant operations. To find the grant ID, use+-- the ListGrants or ListRetirableGrants operations.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation on a KMS key in a+-- different Amazon Web Services account, specify the key ARN in the value+-- of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:CreateGrant>+-- (key policy)+--+-- __Related operations:__+--+-- - ListGrants+--+-- - ListRetirableGrants+--+-- - RetireGrant+--+-- - RevokeGrant+module Amazonka.KMS.CreateGrant+ ( -- * Creating a Request+ CreateGrant (..),+ newCreateGrant,++ -- * Request Lenses+ createGrant_constraints,+ createGrant_grantTokens,+ createGrant_name,+ createGrant_retiringPrincipal,+ createGrant_keyId,+ createGrant_granteePrincipal,+ createGrant_operations,++ -- * Destructuring the Response+ CreateGrantResponse (..),+ newCreateGrantResponse,++ -- * Response Lenses+ createGrantResponse_grantId,+ createGrantResponse_grantToken,+ createGrantResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newCreateGrant' smart constructor.+data CreateGrant = CreateGrant'+ { -- | Specifies a grant constraint.+ --+ -- KMS supports the @EncryptionContextEquals@ and @EncryptionContextSubset@+ -- grant constraints. Each constraint value can include up to 8 encryption+ -- context pairs. The encryption context value in each constraint cannot+ -- exceed 384 characters. For information about grant constraints, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints Using grant constraints>+ -- in the /Key Management Service Developer Guide/. For more information+ -- about encryption context, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+ -- in the //Key Management Service Developer Guide// .+ --+ -- The encryption context grant constraints allow the permissions in the+ -- grant only when the encryption context in the request matches+ -- (@EncryptionContextEquals@) or includes (@EncryptionContextSubset@) the+ -- encryption context specified in this structure.+ --+ -- The encryption context grant constraints are supported only on+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations grant operations>+ -- that include an @EncryptionContext@ parameter, such as cryptographic+ -- operations on symmetric encryption KMS keys. Grants with grant+ -- constraints can include the DescribeKey and RetireGrant operations, but+ -- the constraint doesn\'t apply to these operations. If a grant with a+ -- grant constraint includes the @CreateGrant@ operation, the constraint+ -- requires that any grants created with the @CreateGrant@ permission have+ -- an equally strict or stricter encryption context constraint.+ --+ -- You cannot use an encryption context grant constraint for cryptographic+ -- operations with asymmetric KMS keys or HMAC KMS keys. These keys don\'t+ -- support an encryption context.+ constraints :: Prelude.Maybe GrantConstraints,+ -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | A friendly name for the grant. Use this value to prevent the unintended+ -- creation of duplicate grants when retrying this request.+ --+ -- When this value is absent, all @CreateGrant@ requests result in a new+ -- grant with a unique @GrantId@ even if all the supplied parameters are+ -- identical. This can result in unintended duplicates when you retry the+ -- @CreateGrant@ request.+ --+ -- When this value is present, you can retry a @CreateGrant@ request with+ -- identical parameters; if the grant already exists, the original+ -- @GrantId@ is returned without creating a new grant. Note that the+ -- returned grant token is unique with every @CreateGrant@ request, even+ -- when a duplicate @GrantId@ is returned. All grant tokens for the same+ -- grant ID can be used interchangeably.+ name :: Prelude.Maybe Prelude.Text,+ -- | The principal that has permission to use the RetireGrant operation to+ -- retire the grant.+ --+ -- To specify the principal, use the+ -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+ -- of an Amazon Web Services principal. Valid Amazon Web Services+ -- principals include Amazon Web Services accounts (root), IAM users,+ -- federated users, and assumed role users. For examples of the ARN syntax+ -- to use for specifying a principal, see+ -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>+ -- in the Example ARNs section of the /Amazon Web Services General+ -- Reference/.+ --+ -- The grant determines the retiring principal. Other principals might have+ -- permission to retire the grant or revoke the grant. For details, see+ -- RevokeGrant and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete Retiring and revoking grants>+ -- in the /Key Management Service Developer Guide/.+ retiringPrincipal :: Prelude.Maybe Prelude.Text,+ -- | Identifies the KMS key for the grant. The grant gives principals+ -- permission to use this KMS key.+ --+ -- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+ -- different Amazon Web Services account, you must use the key ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | The identity that gets the permissions specified in the grant.+ --+ -- To specify the principal, use the+ -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+ -- of an Amazon Web Services principal. Valid Amazon Web Services+ -- principals include Amazon Web Services accounts (root), IAM users, IAM+ -- roles, federated users, and assumed role users. For examples of the ARN+ -- syntax to use for specifying a principal, see+ -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>+ -- in the Example ARNs section of the /Amazon Web Services General+ -- Reference/.+ granteePrincipal :: Prelude.Text,+ -- | A list of operations that the grant permits.+ --+ -- This list must include only operations that are permitted in a grant.+ -- Also, the operation must be supported on the KMS key. For example, you+ -- cannot create a grant for a symmetric encryption KMS key that allows the+ -- Sign operation, or a grant for an asymmetric KMS key that allows the+ -- GenerateDataKey operation. If you try, KMS returns a @ValidationError@+ -- exception. For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations Grant operations>+ -- in the /Key Management Service Developer Guide/.+ operations :: [GrantOperation]+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateGrant' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'constraints', 'createGrant_constraints' - Specifies a grant constraint.+--+-- KMS supports the @EncryptionContextEquals@ and @EncryptionContextSubset@+-- grant constraints. Each constraint value can include up to 8 encryption+-- context pairs. The encryption context value in each constraint cannot+-- exceed 384 characters. For information about grant constraints, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints Using grant constraints>+-- in the /Key Management Service Developer Guide/. For more information+-- about encryption context, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the //Key Management Service Developer Guide// .+--+-- The encryption context grant constraints allow the permissions in the+-- grant only when the encryption context in the request matches+-- (@EncryptionContextEquals@) or includes (@EncryptionContextSubset@) the+-- encryption context specified in this structure.+--+-- The encryption context grant constraints are supported only on+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations grant operations>+-- that include an @EncryptionContext@ parameter, such as cryptographic+-- operations on symmetric encryption KMS keys. Grants with grant+-- constraints can include the DescribeKey and RetireGrant operations, but+-- the constraint doesn\'t apply to these operations. If a grant with a+-- grant constraint includes the @CreateGrant@ operation, the constraint+-- requires that any grants created with the @CreateGrant@ permission have+-- an equally strict or stricter encryption context constraint.+--+-- You cannot use an encryption context grant constraint for cryptographic+-- operations with asymmetric KMS keys or HMAC KMS keys. These keys don\'t+-- support an encryption context.+--+-- 'grantTokens', 'createGrant_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'name', 'createGrant_name' - A friendly name for the grant. Use this value to prevent the unintended+-- creation of duplicate grants when retrying this request.+--+-- When this value is absent, all @CreateGrant@ requests result in a new+-- grant with a unique @GrantId@ even if all the supplied parameters are+-- identical. This can result in unintended duplicates when you retry the+-- @CreateGrant@ request.+--+-- When this value is present, you can retry a @CreateGrant@ request with+-- identical parameters; if the grant already exists, the original+-- @GrantId@ is returned without creating a new grant. Note that the+-- returned grant token is unique with every @CreateGrant@ request, even+-- when a duplicate @GrantId@ is returned. All grant tokens for the same+-- grant ID can be used interchangeably.+--+-- 'retiringPrincipal', 'createGrant_retiringPrincipal' - The principal that has permission to use the RetireGrant operation to+-- retire the grant.+--+-- To specify the principal, use the+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+-- of an Amazon Web Services principal. Valid Amazon Web Services+-- principals include Amazon Web Services accounts (root), IAM users,+-- federated users, and assumed role users. For examples of the ARN syntax+-- to use for specifying a principal, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>+-- in the Example ARNs section of the /Amazon Web Services General+-- Reference/.+--+-- The grant determines the retiring principal. Other principals might have+-- permission to retire the grant or revoke the grant. For details, see+-- RevokeGrant and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete Retiring and revoking grants>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyId', 'createGrant_keyId' - Identifies the KMS key for the grant. The grant gives principals+-- permission to use this KMS key.+--+-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+-- different Amazon Web Services account, you must use the key ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'granteePrincipal', 'createGrant_granteePrincipal' - The identity that gets the permissions specified in the grant.+--+-- To specify the principal, use the+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+-- of an Amazon Web Services principal. Valid Amazon Web Services+-- principals include Amazon Web Services accounts (root), IAM users, IAM+-- roles, federated users, and assumed role users. For examples of the ARN+-- syntax to use for specifying a principal, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>+-- in the Example ARNs section of the /Amazon Web Services General+-- Reference/.+--+-- 'operations', 'createGrant_operations' - A list of operations that the grant permits.+--+-- This list must include only operations that are permitted in a grant.+-- Also, the operation must be supported on the KMS key. For example, you+-- cannot create a grant for a symmetric encryption KMS key that allows the+-- Sign operation, or a grant for an asymmetric KMS key that allows the+-- GenerateDataKey operation. If you try, KMS returns a @ValidationError@+-- exception. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations Grant operations>+-- in the /Key Management Service Developer Guide/.+newCreateGrant ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'granteePrincipal'+ Prelude.Text ->+ CreateGrant+newCreateGrant pKeyId_ pGranteePrincipal_ =+ CreateGrant'+ { constraints = Prelude.Nothing,+ grantTokens = Prelude.Nothing,+ name = Prelude.Nothing,+ retiringPrincipal = Prelude.Nothing,+ keyId = pKeyId_,+ granteePrincipal = pGranteePrincipal_,+ operations = Prelude.mempty+ }++-- | Specifies a grant constraint.+--+-- KMS supports the @EncryptionContextEquals@ and @EncryptionContextSubset@+-- grant constraints. Each constraint value can include up to 8 encryption+-- context pairs. The encryption context value in each constraint cannot+-- exceed 384 characters. For information about grant constraints, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-grant-overview.html#grant-constraints Using grant constraints>+-- in the /Key Management Service Developer Guide/. For more information+-- about encryption context, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the //Key Management Service Developer Guide// .+--+-- The encryption context grant constraints allow the permissions in the+-- grant only when the encryption context in the request matches+-- (@EncryptionContextEquals@) or includes (@EncryptionContextSubset@) the+-- encryption context specified in this structure.+--+-- The encryption context grant constraints are supported only on+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations grant operations>+-- that include an @EncryptionContext@ parameter, such as cryptographic+-- operations on symmetric encryption KMS keys. Grants with grant+-- constraints can include the DescribeKey and RetireGrant operations, but+-- the constraint doesn\'t apply to these operations. If a grant with a+-- grant constraint includes the @CreateGrant@ operation, the constraint+-- requires that any grants created with the @CreateGrant@ permission have+-- an equally strict or stricter encryption context constraint.+--+-- You cannot use an encryption context grant constraint for cryptographic+-- operations with asymmetric KMS keys or HMAC KMS keys. These keys don\'t+-- support an encryption context.+createGrant_constraints :: Lens.Lens' CreateGrant (Prelude.Maybe GrantConstraints)+createGrant_constraints = Lens.lens (\CreateGrant' {constraints} -> constraints) (\s@CreateGrant' {} a -> s {constraints = a} :: CreateGrant)++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+createGrant_grantTokens :: Lens.Lens' CreateGrant (Prelude.Maybe [Prelude.Text])+createGrant_grantTokens = Lens.lens (\CreateGrant' {grantTokens} -> grantTokens) (\s@CreateGrant' {} a -> s {grantTokens = a} :: CreateGrant) Prelude.. Lens.mapping Lens.coerced++-- | A friendly name for the grant. Use this value to prevent the unintended+-- creation of duplicate grants when retrying this request.+--+-- When this value is absent, all @CreateGrant@ requests result in a new+-- grant with a unique @GrantId@ even if all the supplied parameters are+-- identical. This can result in unintended duplicates when you retry the+-- @CreateGrant@ request.+--+-- When this value is present, you can retry a @CreateGrant@ request with+-- identical parameters; if the grant already exists, the original+-- @GrantId@ is returned without creating a new grant. Note that the+-- returned grant token is unique with every @CreateGrant@ request, even+-- when a duplicate @GrantId@ is returned. All grant tokens for the same+-- grant ID can be used interchangeably.+createGrant_name :: Lens.Lens' CreateGrant (Prelude.Maybe Prelude.Text)+createGrant_name = Lens.lens (\CreateGrant' {name} -> name) (\s@CreateGrant' {} a -> s {name = a} :: CreateGrant)++-- | The principal that has permission to use the RetireGrant operation to+-- retire the grant.+--+-- To specify the principal, use the+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+-- of an Amazon Web Services principal. Valid Amazon Web Services+-- principals include Amazon Web Services accounts (root), IAM users,+-- federated users, and assumed role users. For examples of the ARN syntax+-- to use for specifying a principal, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>+-- in the Example ARNs section of the /Amazon Web Services General+-- Reference/.+--+-- The grant determines the retiring principal. Other principals might have+-- permission to retire the grant or revoke the grant. For details, see+-- RevokeGrant and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete Retiring and revoking grants>+-- in the /Key Management Service Developer Guide/.+createGrant_retiringPrincipal :: Lens.Lens' CreateGrant (Prelude.Maybe Prelude.Text)+createGrant_retiringPrincipal = Lens.lens (\CreateGrant' {retiringPrincipal} -> retiringPrincipal) (\s@CreateGrant' {} a -> s {retiringPrincipal = a} :: CreateGrant)++-- | Identifies the KMS key for the grant. The grant gives principals+-- permission to use this KMS key.+--+-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+-- different Amazon Web Services account, you must use the key ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+createGrant_keyId :: Lens.Lens' CreateGrant Prelude.Text+createGrant_keyId = Lens.lens (\CreateGrant' {keyId} -> keyId) (\s@CreateGrant' {} a -> s {keyId = a} :: CreateGrant)++-- | The identity that gets the permissions specified in the grant.+--+-- To specify the principal, use the+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+-- of an Amazon Web Services principal. Valid Amazon Web Services+-- principals include Amazon Web Services accounts (root), IAM users, IAM+-- roles, federated users, and assumed role users. For examples of the ARN+-- syntax to use for specifying a principal, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>+-- in the Example ARNs section of the /Amazon Web Services General+-- Reference/.+createGrant_granteePrincipal :: Lens.Lens' CreateGrant Prelude.Text+createGrant_granteePrincipal = Lens.lens (\CreateGrant' {granteePrincipal} -> granteePrincipal) (\s@CreateGrant' {} a -> s {granteePrincipal = a} :: CreateGrant)++-- | A list of operations that the grant permits.+--+-- This list must include only operations that are permitted in a grant.+-- Also, the operation must be supported on the KMS key. For example, you+-- cannot create a grant for a symmetric encryption KMS key that allows the+-- Sign operation, or a grant for an asymmetric KMS key that allows the+-- GenerateDataKey operation. If you try, KMS returns a @ValidationError@+-- exception. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-grant-operations Grant operations>+-- in the /Key Management Service Developer Guide/.+createGrant_operations :: Lens.Lens' CreateGrant [GrantOperation]+createGrant_operations = Lens.lens (\CreateGrant' {operations} -> operations) (\s@CreateGrant' {} a -> s {operations = a} :: CreateGrant) Prelude.. Lens.coerced++instance Core.AWSRequest CreateGrant where+ type AWSResponse CreateGrant = CreateGrantResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ CreateGrantResponse'+ Prelude.<$> (x Data..?> "GrantId")+ Prelude.<*> (x Data..?> "GrantToken")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable CreateGrant where+ hashWithSalt _salt CreateGrant' {..} =+ _salt+ `Prelude.hashWithSalt` constraints+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` name+ `Prelude.hashWithSalt` retiringPrincipal+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` granteePrincipal+ `Prelude.hashWithSalt` operations++instance Prelude.NFData CreateGrant where+ rnf CreateGrant' {..} =+ Prelude.rnf constraints+ `Prelude.seq` Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf name+ `Prelude.seq` Prelude.rnf retiringPrincipal+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf granteePrincipal+ `Prelude.seq` Prelude.rnf operations++instance Data.ToHeaders CreateGrant where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.CreateGrant" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON CreateGrant where+ toJSON CreateGrant' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("Constraints" Data..=) Prelude.<$> constraints,+ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ ("Name" Data..=) Prelude.<$> name,+ ("RetiringPrincipal" Data..=)+ Prelude.<$> retiringPrincipal,+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just+ ("GranteePrincipal" Data..= granteePrincipal),+ Prelude.Just ("Operations" Data..= operations)+ ]+ )++instance Data.ToPath CreateGrant where+ toPath = Prelude.const "/"++instance Data.ToQuery CreateGrant where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCreateGrantResponse' smart constructor.+data CreateGrantResponse = CreateGrantResponse'+ { -- | The unique identifier for the grant.+ --+ -- You can use the @GrantId@ in a ListGrants, RetireGrant, or RevokeGrant+ -- operation.+ grantId :: Prelude.Maybe Prelude.Text,+ -- | The grant token.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantToken :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateGrantResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grantId', 'createGrantResponse_grantId' - The unique identifier for the grant.+--+-- You can use the @GrantId@ in a ListGrants, RetireGrant, or RevokeGrant+-- operation.+--+-- 'grantToken', 'createGrantResponse_grantToken' - The grant token.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'httpStatus', 'createGrantResponse_httpStatus' - The response's http status code.+newCreateGrantResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ CreateGrantResponse+newCreateGrantResponse pHttpStatus_ =+ CreateGrantResponse'+ { grantId = Prelude.Nothing,+ grantToken = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The unique identifier for the grant.+--+-- You can use the @GrantId@ in a ListGrants, RetireGrant, or RevokeGrant+-- operation.+createGrantResponse_grantId :: Lens.Lens' CreateGrantResponse (Prelude.Maybe Prelude.Text)+createGrantResponse_grantId = Lens.lens (\CreateGrantResponse' {grantId} -> grantId) (\s@CreateGrantResponse' {} a -> s {grantId = a} :: CreateGrantResponse)++-- | The grant token.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+createGrantResponse_grantToken :: Lens.Lens' CreateGrantResponse (Prelude.Maybe Prelude.Text)+createGrantResponse_grantToken = Lens.lens (\CreateGrantResponse' {grantToken} -> grantToken) (\s@CreateGrantResponse' {} a -> s {grantToken = a} :: CreateGrantResponse)++-- | The response's http status code.+createGrantResponse_httpStatus :: Lens.Lens' CreateGrantResponse Prelude.Int+createGrantResponse_httpStatus = Lens.lens (\CreateGrantResponse' {httpStatus} -> httpStatus) (\s@CreateGrantResponse' {} a -> s {httpStatus = a} :: CreateGrantResponse)++instance Prelude.NFData CreateGrantResponse where+ rnf CreateGrantResponse' {..} =+ Prelude.rnf grantId+ `Prelude.seq` Prelude.rnf grantToken+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/CreateKey.hs view
@@ -0,0 +1,1273 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.CreateKey+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates a unique customer managed+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms-keys KMS key>+-- in your Amazon Web Services account and Region. You can use a KMS key in+-- cryptographic operations, such as encryption and signing. Some Amazon+-- Web Services services let you use KMS keys that you create and manage to+-- protect your service resources.+--+-- A KMS key is a logical representation of a cryptographic key. In+-- addition to the key material used in cryptographic operations, a KMS key+-- includes metadata, such as the key ID, key policy, creation date,+-- description, and key state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/getting-started.html Managing keys>+-- in the /Key Management Service Developer Guide/+--+-- Use the parameters of @CreateKey@ to specify the type of KMS key, the+-- source of its key material, its key policy, description, tags, and other+-- properties.+--+-- KMS has replaced the term /customer master key (CMK)/ with /KMS key/ and+-- /KMS key/. The concept has not changed. To prevent breaking changes, KMS+-- is keeping some variations of this term.+--+-- To create different types of KMS keys, use the following guidance:+--+-- [Symmetric encryption KMS key]+-- By default, @CreateKey@ creates a symmetric encryption KMS key with+-- key material that KMS generates. This is the basic and most widely+-- used type of KMS key, and provides the best performance.+--+-- To create a symmetric encryption KMS key, you don\'t need to specify+-- any parameters. The default value for @KeySpec@,+-- @SYMMETRIC_DEFAULT@, the default value for @KeyUsage@,+-- @ENCRYPT_DECRYPT@, and the default value for @Origin@, @AWS_KMS@,+-- create a symmetric encryption KMS key with KMS key material.+--+-- If you need a key for basic encryption and decryption or you are+-- creating a KMS key to protect your resources in an Amazon Web+-- Services service, create a symmetric encryption KMS key. The key+-- material in a symmetric encryption key never leaves KMS unencrypted.+-- You can use a symmetric encryption KMS key to encrypt and decrypt+-- data up to 4,096 bytes, but they are typically used to generate data+-- keys and data keys pairs. For details, see GenerateDataKey and+-- GenerateDataKeyPair.+--+-- [Asymmetric KMS keys]+-- To create an asymmetric KMS key, use the @KeySpec@ parameter to+-- specify the type of key material in the KMS key. Then, use the+-- @KeyUsage@ parameter to determine whether the KMS key will be used+-- to encrypt and decrypt or sign and verify. You can\'t change these+-- properties after the KMS key is created.+--+-- Asymmetric KMS keys contain an RSA key pair, Elliptic Curve (ECC)+-- key pair, or an SM2 key pair (China Regions only). The private key+-- in an asymmetric KMS key never leaves KMS unencrypted. However, you+-- can use the GetPublicKey operation to download the public key so it+-- can be used outside of KMS. KMS keys with RSA or SM2 key pairs can+-- be used to encrypt or decrypt data or sign and verify messages (but+-- not both). KMS keys with ECC key pairs can be used only to sign and+-- verify messages. For information about asymmetric KMS keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Asymmetric KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- [HMAC KMS key]+-- To create an HMAC KMS key, set the @KeySpec@ parameter to a key spec+-- value for HMAC KMS keys. Then set the @KeyUsage@ parameter to+-- @GENERATE_VERIFY_MAC@. You must set the key usage even though+-- @GENERATE_VERIFY_MAC@ is the only valid key usage value for HMAC KMS+-- keys. You can\'t change these properties after the KMS key is+-- created.+--+-- HMAC KMS keys are symmetric keys that never leave KMS unencrypted.+-- You can use HMAC keys to generate (GenerateMac) and verify+-- (VerifyMac) HMAC codes for messages up to 4096 bytes.+--+-- HMAC KMS keys are not supported in all Amazon Web Services Regions.+-- If you try to create an HMAC KMS key in an Amazon Web Services+-- Region in which HMAC keys are not supported, the @CreateKey@+-- operation returns an @UnsupportedOperationException@. For a list of+-- Regions in which HMAC KMS keys are supported, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- [Multi-Region primary keys+-- Imported key material]+-- To create a multi-Region /primary key/ in the local Amazon Web+-- Services Region, use the @MultiRegion@ parameter with a value of+-- @True@. To create a multi-Region /replica key/, that is, a KMS key+-- with the same key ID and key material as a primary key, but in a+-- different Amazon Web Services Region, use the ReplicateKey+-- operation. To change a replica key to a primary key, and its primary+-- key to a replica key, use the UpdatePrimaryRegion operation.+--+-- You can create multi-Region KMS keys for all supported KMS key+-- types: symmetric encryption KMS keys, HMAC KMS keys, asymmetric+-- encryption KMS keys, and asymmetric signing KMS keys. You can also+-- create multi-Region keys with imported key material. However, you+-- can\'t create multi-Region keys in a custom key store.+--+-- This operation supports /multi-Region keys/, an KMS feature that+-- lets you create multiple interoperable KMS keys in different Amazon+-- Web Services Regions. Because these KMS keys have the same key ID,+-- key material, and other metadata, you can use them interchangeably+-- to encrypt data in one Amazon Web Services Region and decrypt it in+-- a different Amazon Web Services Region without re-encrypting the+-- data or making a cross-Region call. For more information about+-- multi-Region keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- To import your own key material into a KMS key, begin by creating a+-- symmetric encryption KMS key with no key material. To do this, use+-- the @Origin@ parameter of @CreateKey@ with a value of @EXTERNAL@.+-- Next, use GetParametersForImport operation to get a public key and+-- import token, and use the public key to encrypt your key material.+-- Then, use ImportKeyMaterial with your import token to import the key+-- material. For step-by-step instructions, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material>+-- in the //Key Management Service Developer Guide// .+--+-- This feature supports only symmetric encryption KMS keys, including+-- multi-Region symmetric encryption KMS keys. You cannot import key+-- material into any other type of KMS key.+--+-- To create a multi-Region primary key with imported key material, use+-- the @Origin@ parameter of @CreateKey@ with a value of @EXTERNAL@ and+-- the @MultiRegion@ parameter with a value of @True@. To create+-- replicas of the multi-Region primary key, use the ReplicateKey+-- operation. For instructions, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-import.html%20 Importing key material into multi-Region keys>.+-- For more information about multi-Region keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- [Custom key store]+-- A+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>+-- lets you protect your Amazon Web Services resources using keys in a+-- backing key store that you own and manage. When you request a+-- cryptographic operation with a KMS key in a custom key store, the+-- operation is performed in the backing key store using its+-- cryptographic keys.+--+-- KMS supports+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html CloudHSM key stores>+-- backed by an CloudHSM cluster and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html external key stores>+-- backed by an external key manager outside of Amazon Web Services.+-- When you create a KMS key in an CloudHSM key store, KMS generates an+-- encryption key in the CloudHSM cluster and associates it with the+-- KMS key. When you create a KMS key in an external key store, you+-- specify an existing encryption key in the external key manager.+--+-- Some external key managers provide a simpler method for creating a+-- KMS key in an external key store. For details, see your external key+-- manager documentation.+--+-- Before you create a KMS key in a custom key store, the+-- @ConnectionState@ of the key store must be @CONNECTED@. To connect+-- the custom key store, use the ConnectCustomKeyStore operation. To+-- find the @ConnectionState@, use the DescribeCustomKeyStores+-- operation.+--+-- To create a KMS key in a custom key store, use the+-- @CustomKeyStoreId@. Use the default @KeySpec@ value,+-- @SYMMETRIC_DEFAULT@, and the default @KeyUsage@ value,+-- @ENCRYPT_DECRYPT@ to create a symmetric encryption key. No other key+-- type is supported in a custom key store.+--+-- To create a KMS key in an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-cloudhsm.html CloudHSM key store>,+-- use the @Origin@ parameter with a value of @AWS_CLOUDHSM@. The+-- CloudHSM cluster that is associated with the custom key store must+-- have at least two active HSMs in different Availability Zones in the+-- Amazon Web Services Region.+--+-- To create a KMS key in an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html external key store>,+-- use the @Origin@ parameter with a value of @EXTERNAL_KEY_STORE@ and+-- an @XksKeyId@ parameter that identifies an existing external key.+--+-- Some external key managers provide a simpler method for creating a+-- KMS key in an external key store. For details, see your external key+-- manager documentation.+--+-- __Cross-account use__: No. You cannot use this operation to create a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:CreateKey>+-- (IAM policy). To use the @Tags@ parameter,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource>+-- (IAM policy). For examples and information about related permissions,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policy-example-create-key Allow a user to create KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Related operations:__+--+-- - DescribeKey+--+-- - ListKeys+--+-- - ScheduleKeyDeletion+module Amazonka.KMS.CreateKey+ ( -- * Creating a Request+ CreateKey (..),+ newCreateKey,++ -- * Request Lenses+ createKey_bypassPolicyLockoutSafetyCheck,+ createKey_customKeyStoreId,+ createKey_customerMasterKeySpec,+ createKey_description,+ createKey_keySpec,+ createKey_keyUsage,+ createKey_multiRegion,+ createKey_origin,+ createKey_policy,+ createKey_tags,+ createKey_xksKeyId,++ -- * Destructuring the Response+ CreateKeyResponse (..),+ newCreateKeyResponse,++ -- * Response Lenses+ createKeyResponse_keyMetadata,+ createKeyResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newCreateKey' smart constructor.+data CreateKey = CreateKey'+ { -- | A flag to indicate whether to bypass the key policy lockout safety+ -- check.+ --+ -- Setting this value to true increases the risk that the KMS key becomes+ -- unmanageable. Do not set this value to true indiscriminately.+ --+ -- For more information, refer to the scenario in the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+ -- section in the //Key Management Service Developer Guide// .+ --+ -- Use this parameter only when you include a policy in the request and you+ -- intend to prevent the principal that is making the request from making a+ -- subsequent PutKeyPolicy request on the KMS key.+ --+ -- The default value is false.+ bypassPolicyLockoutSafetyCheck :: Prelude.Maybe Prelude.Bool,+ -- | Creates the KMS key in the specified+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+ -- The @ConnectionState@ of the custom key store must be @CONNECTED@. To+ -- find the CustomKeyStoreID and ConnectionState use the+ -- DescribeCustomKeyStores operation.+ --+ -- This parameter is valid only for symmetric encryption KMS keys in a+ -- single Region. You cannot create any other type of KMS key in a custom+ -- key store.+ --+ -- When you create a KMS key in an CloudHSM key store, KMS generates a+ -- non-exportable 256-bit symmetric key in its associated CloudHSM cluster+ -- and associates it with the KMS key. When you create a KMS key in an+ -- external key store, you must use the @XksKeyId@ parameter to specify an+ -- external key that serves as key material for the KMS key.+ customKeyStoreId :: Prelude.Maybe Prelude.Text,+ -- | Instead, use the @KeySpec@ parameter.+ --+ -- The @KeySpec@ and @CustomerMasterKeySpec@ parameters work the same way.+ -- Only the names differ. We recommend that you use @KeySpec@ parameter in+ -- your code. However, to avoid breaking changes, KMS supports both+ -- parameters.+ customerMasterKeySpec :: Prelude.Maybe CustomerMasterKeySpec,+ -- | A description of the KMS key.+ --+ -- Use a description that helps you decide whether the KMS key is+ -- appropriate for a task. The default value is an empty string (no+ -- description).+ --+ -- To set or change the description after the key is created, use+ -- UpdateKeyDescription.+ description :: Prelude.Maybe Prelude.Text,+ -- | Specifies the type of KMS key to create. The default value,+ -- @SYMMETRIC_DEFAULT@, creates a KMS key with a 256-bit AES-GCM key that+ -- is used for encryption and decryption, except in China Regions, where it+ -- creates a 128-bit symmetric key that uses SM4 encryption. For help+ -- choosing a key spec for your KMS key, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose Choosing a KMS key type>+ -- in the //Key Management Service Developer Guide// .+ --+ -- The @KeySpec@ determines whether the KMS key contains a symmetric key or+ -- an asymmetric key pair. It also determines the algorithms that the KMS+ -- key supports. You can\'t change the @KeySpec@ after the KMS key is+ -- created. To further restrict the algorithms that can be used with the+ -- KMS key, use a condition key in its key policy or IAM policy. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm kms:EncryptionAlgorithm>,+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm kms:MacAlgorithm>+ -- or+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm kms:Signing Algorithm>+ -- in the //Key Management Service Developer Guide// .+ --+ -- <http://aws.amazon.com/kms/features/#AWS_Service_Integration Amazon Web Services services that are integrated with KMS>+ -- use symmetric encryption KMS keys to protect your data. These services+ -- do not support asymmetric KMS keys or HMAC KMS keys.+ --+ -- KMS supports the following key specs for KMS keys:+ --+ -- - Symmetric encryption key (default)+ --+ -- - @SYMMETRIC_DEFAULT@+ --+ -- - HMAC keys (symmetric)+ --+ -- - @HMAC_224@+ --+ -- - @HMAC_256@+ --+ -- - @HMAC_384@+ --+ -- - @HMAC_512@+ --+ -- - Asymmetric RSA key pairs+ --+ -- - @RSA_2048@+ --+ -- - @RSA_3072@+ --+ -- - @RSA_4096@+ --+ -- - Asymmetric NIST-recommended elliptic curve key pairs+ --+ -- - @ECC_NIST_P256@ (secp256r1)+ --+ -- - @ECC_NIST_P384@ (secp384r1)+ --+ -- - @ECC_NIST_P521@ (secp521r1)+ --+ -- - Other asymmetric elliptic curve key pairs+ --+ -- - @ECC_SECG_P256K1@ (secp256k1), commonly used for+ -- cryptocurrencies.+ --+ -- - SM2 key pairs (China Regions only)+ --+ -- - @SM2@+ keySpec :: Prelude.Maybe KeySpec,+ -- | Determines the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+ -- for which you can use the KMS key. The default value is+ -- @ENCRYPT_DECRYPT@. This parameter is optional when you are creating a+ -- symmetric encryption KMS key; otherwise, it is required. You can\'t+ -- change the @KeyUsage@ value after the KMS key is created.+ --+ -- Select only one valid value.+ --+ -- - For symmetric encryption KMS keys, omit the parameter or specify+ -- @ENCRYPT_DECRYPT@.+ --+ -- - For HMAC KMS keys (symmetric), specify @GENERATE_VERIFY_MAC@.+ --+ -- - For asymmetric KMS keys with RSA key material, specify+ -- @ENCRYPT_DECRYPT@ or @SIGN_VERIFY@.+ --+ -- - For asymmetric KMS keys with ECC key material, specify+ -- @SIGN_VERIFY@.+ --+ -- - For asymmetric KMS keys with SM2 key material (China Regions only),+ -- specify @ENCRYPT_DECRYPT@ or @SIGN_VERIFY@.+ keyUsage :: Prelude.Maybe KeyUsageType,+ -- | Creates a multi-Region primary key that you can replicate into other+ -- Amazon Web Services Regions. You cannot change this value after you+ -- create the KMS key.+ --+ -- For a multi-Region key, set this parameter to @True@. For a+ -- single-Region KMS key, omit this parameter or set it to @False@. The+ -- default value is @False@.+ --+ -- This operation supports /multi-Region keys/, an KMS feature that lets+ -- you create multiple interoperable KMS keys in different Amazon Web+ -- Services Regions. Because these KMS keys have the same key ID, key+ -- material, and other metadata, you can use them interchangeably to+ -- encrypt data in one Amazon Web Services Region and decrypt it in a+ -- different Amazon Web Services Region without re-encrypting the data or+ -- making a cross-Region call. For more information about multi-Region+ -- keys, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+ -- in the /Key Management Service Developer Guide/.+ --+ -- This value creates a /primary key/, not a replica. To create a /replica+ -- key/, use the ReplicateKey operation.+ --+ -- You can create a symmetric or asymmetric multi-Region key, and you can+ -- create a multi-Region key with imported key material. However, you+ -- cannot create a multi-Region key in a custom key store.+ multiRegion :: Prelude.Maybe Prelude.Bool,+ -- | The source of the key material for the KMS key. You cannot change the+ -- origin after you create the KMS key. The default is @AWS_KMS@, which+ -- means that KMS creates the key material.+ --+ -- To+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html create a KMS key with no key material>+ -- (for imported key material), set this value to @EXTERNAL@. For more+ -- information about importing key material into KMS, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material>+ -- in the /Key Management Service Developer Guide/. The @EXTERNAL@ origin+ -- value is valid only for symmetric KMS keys.+ --+ -- To+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html create a KMS key in an CloudHSM key store>+ -- and create its key material in the associated CloudHSM cluster, set this+ -- value to @AWS_CLOUDHSM@. You must also use the @CustomKeyStoreId@+ -- parameter to identify the CloudHSM key store. The @KeySpec@ value must+ -- be @SYMMETRIC_DEFAULT@.+ --+ -- To+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html create a KMS key in an external key store>,+ -- set this value to @EXTERNAL_KEY_STORE@. You must also use the+ -- @CustomKeyStoreId@ parameter to identify the external key store and the+ -- @XksKeyId@ parameter to identify the associated external key. The+ -- @KeySpec@ value must be @SYMMETRIC_DEFAULT@.+ origin :: Prelude.Maybe OriginType,+ -- | The key policy to attach to the KMS key.+ --+ -- If you provide a key policy, it must meet the following criteria:+ --+ -- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key+ -- policy must allow the principal that is making the @CreateKey@+ -- request to make a subsequent PutKeyPolicy request on the KMS key.+ -- This reduces the risk that the KMS key becomes unmanageable. For+ -- more information, refer to the scenario in the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+ -- section of the //Key Management Service Developer Guide// .+ --+ -- - Each statement in the key policy must contain one or more+ -- principals. The principals in the key policy must exist and be+ -- visible to KMS. When you create a new Amazon Web Services principal+ -- (for example, an IAM user or role), you might need to enforce a+ -- delay before including the new principal in a key policy because the+ -- new principal might not be immediately visible to KMS. For more+ -- information, see+ -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible>+ -- in the /Amazon Web Services Identity and Access Management User+ -- Guide/.+ --+ -- If you do not provide a key policy, KMS attaches a default key policy to+ -- the KMS key. For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default Default Key Policy>+ -- in the /Key Management Service Developer Guide/.+ --+ -- The key policy size quota is 32 kilobytes (32768 bytes).+ --+ -- For help writing and formatting a JSON policy document, see the+ -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+ -- in the //Identity and Access Management User Guide// .+ policy :: Prelude.Maybe Prelude.Text,+ -- | Assigns one or more tags to the KMS key. Use this parameter to tag the+ -- KMS key when it is created. To tag an existing KMS key, use the+ -- TagResource operation.+ --+ -- Tagging or untagging a KMS key can allow or deny permission to the KMS+ -- key. For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+ -- in the /Key Management Service Developer Guide/.+ --+ -- To use this parameter, you must have+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource>+ -- permission in an IAM policy.+ --+ -- Each tag consists of a tag key and a tag value. Both the tag key and the+ -- tag value are required, but the tag value can be an empty (null) string.+ -- You cannot have more than one tag on a KMS key with the same tag key. If+ -- you specify an existing tag key with a different tag value, KMS replaces+ -- the current tag value with the specified one.+ --+ -- When you add tags to an Amazon Web Services resource, Amazon Web+ -- Services generates a cost allocation report with usage and costs+ -- aggregated by tags. Tags can also be used to control access to a KMS+ -- key. For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging Keys>.+ tags :: Prelude.Maybe [Tag],+ -- | Identifies the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key external key>+ -- that serves as key material for the KMS key in an+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html external key store>.+ -- Specify the ID that the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-xks-proxy external key store proxy>+ -- uses to refer to the external key. For help, see the documentation for+ -- your external key store proxy.+ --+ -- This parameter is required for a KMS key with an @Origin@ value of+ -- @EXTERNAL_KEY_STORE@. It is not valid for KMS keys with any other+ -- @Origin@ value.+ --+ -- The external key must be an existing 256-bit AES symmetric encryption+ -- key hosted outside of Amazon Web Services in an external key manager+ -- associated with the external key store specified by the+ -- @CustomKeyStoreId@ parameter. This key must be enabled and configured to+ -- perform encryption and decryption. Each KMS key in an external key store+ -- must use a different external key. For details, see+ -- <https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements Requirements for a KMS key in an external key store>+ -- in the /Key Management Service Developer Guide/.+ --+ -- Each KMS key in an external key store is associated two backing keys.+ -- One is key material that KMS generates. The other is the external key+ -- specified by this parameter. When you use the KMS key in an external key+ -- store to encrypt data, the encryption operation is performed first by+ -- KMS using the KMS key material, and then by the external key manager+ -- using the specified external key, a process known as /double+ -- encryption/. For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-double-encryption Double encryption>+ -- in the /Key Management Service Developer Guide/.+ xksKeyId :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateKey' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'bypassPolicyLockoutSafetyCheck', 'createKey_bypassPolicyLockoutSafetyCheck' - A flag to indicate whether to bypass the key policy lockout safety+-- check.+--+-- Setting this value to true increases the risk that the KMS key becomes+-- unmanageable. Do not set this value to true indiscriminately.+--+-- For more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section in the //Key Management Service Developer Guide// .+--+-- Use this parameter only when you include a policy in the request and you+-- intend to prevent the principal that is making the request from making a+-- subsequent PutKeyPolicy request on the KMS key.+--+-- The default value is false.+--+-- 'customKeyStoreId', 'createKey_customKeyStoreId' - Creates the KMS key in the specified+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+-- The @ConnectionState@ of the custom key store must be @CONNECTED@. To+-- find the CustomKeyStoreID and ConnectionState use the+-- DescribeCustomKeyStores operation.+--+-- This parameter is valid only for symmetric encryption KMS keys in a+-- single Region. You cannot create any other type of KMS key in a custom+-- key store.+--+-- When you create a KMS key in an CloudHSM key store, KMS generates a+-- non-exportable 256-bit symmetric key in its associated CloudHSM cluster+-- and associates it with the KMS key. When you create a KMS key in an+-- external key store, you must use the @XksKeyId@ parameter to specify an+-- external key that serves as key material for the KMS key.+--+-- 'customerMasterKeySpec', 'createKey_customerMasterKeySpec' - Instead, use the @KeySpec@ parameter.+--+-- The @KeySpec@ and @CustomerMasterKeySpec@ parameters work the same way.+-- Only the names differ. We recommend that you use @KeySpec@ parameter in+-- your code. However, to avoid breaking changes, KMS supports both+-- parameters.+--+-- 'description', 'createKey_description' - A description of the KMS key.+--+-- Use a description that helps you decide whether the KMS key is+-- appropriate for a task. The default value is an empty string (no+-- description).+--+-- To set or change the description after the key is created, use+-- UpdateKeyDescription.+--+-- 'keySpec', 'createKey_keySpec' - Specifies the type of KMS key to create. The default value,+-- @SYMMETRIC_DEFAULT@, creates a KMS key with a 256-bit AES-GCM key that+-- is used for encryption and decryption, except in China Regions, where it+-- creates a 128-bit symmetric key that uses SM4 encryption. For help+-- choosing a key spec for your KMS key, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose Choosing a KMS key type>+-- in the //Key Management Service Developer Guide// .+--+-- The @KeySpec@ determines whether the KMS key contains a symmetric key or+-- an asymmetric key pair. It also determines the algorithms that the KMS+-- key supports. You can\'t change the @KeySpec@ after the KMS key is+-- created. To further restrict the algorithms that can be used with the+-- KMS key, use a condition key in its key policy or IAM policy. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm kms:EncryptionAlgorithm>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm kms:MacAlgorithm>+-- or+-- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm kms:Signing Algorithm>+-- in the //Key Management Service Developer Guide// .+--+-- <http://aws.amazon.com/kms/features/#AWS_Service_Integration Amazon Web Services services that are integrated with KMS>+-- use symmetric encryption KMS keys to protect your data. These services+-- do not support asymmetric KMS keys or HMAC KMS keys.+--+-- KMS supports the following key specs for KMS keys:+--+-- - Symmetric encryption key (default)+--+-- - @SYMMETRIC_DEFAULT@+--+-- - HMAC keys (symmetric)+--+-- - @HMAC_224@+--+-- - @HMAC_256@+--+-- - @HMAC_384@+--+-- - @HMAC_512@+--+-- - Asymmetric RSA key pairs+--+-- - @RSA_2048@+--+-- - @RSA_3072@+--+-- - @RSA_4096@+--+-- - Asymmetric NIST-recommended elliptic curve key pairs+--+-- - @ECC_NIST_P256@ (secp256r1)+--+-- - @ECC_NIST_P384@ (secp384r1)+--+-- - @ECC_NIST_P521@ (secp521r1)+--+-- - Other asymmetric elliptic curve key pairs+--+-- - @ECC_SECG_P256K1@ (secp256k1), commonly used for+-- cryptocurrencies.+--+-- - SM2 key pairs (China Regions only)+--+-- - @SM2@+--+-- 'keyUsage', 'createKey_keyUsage' - Determines the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- for which you can use the KMS key. The default value is+-- @ENCRYPT_DECRYPT@. This parameter is optional when you are creating a+-- symmetric encryption KMS key; otherwise, it is required. You can\'t+-- change the @KeyUsage@ value after the KMS key is created.+--+-- Select only one valid value.+--+-- - For symmetric encryption KMS keys, omit the parameter or specify+-- @ENCRYPT_DECRYPT@.+--+-- - For HMAC KMS keys (symmetric), specify @GENERATE_VERIFY_MAC@.+--+-- - For asymmetric KMS keys with RSA key material, specify+-- @ENCRYPT_DECRYPT@ or @SIGN_VERIFY@.+--+-- - For asymmetric KMS keys with ECC key material, specify+-- @SIGN_VERIFY@.+--+-- - For asymmetric KMS keys with SM2 key material (China Regions only),+-- specify @ENCRYPT_DECRYPT@ or @SIGN_VERIFY@.+--+-- 'multiRegion', 'createKey_multiRegion' - Creates a multi-Region primary key that you can replicate into other+-- Amazon Web Services Regions. You cannot change this value after you+-- create the KMS key.+--+-- For a multi-Region key, set this parameter to @True@. For a+-- single-Region KMS key, omit this parameter or set it to @False@. The+-- default value is @False@.+--+-- This operation supports /multi-Region keys/, an KMS feature that lets+-- you create multiple interoperable KMS keys in different Amazon Web+-- Services Regions. Because these KMS keys have the same key ID, key+-- material, and other metadata, you can use them interchangeably to+-- encrypt data in one Amazon Web Services Region and decrypt it in a+-- different Amazon Web Services Region without re-encrypting the data or+-- making a cross-Region call. For more information about multi-Region+-- keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- This value creates a /primary key/, not a replica. To create a /replica+-- key/, use the ReplicateKey operation.+--+-- You can create a symmetric or asymmetric multi-Region key, and you can+-- create a multi-Region key with imported key material. However, you+-- cannot create a multi-Region key in a custom key store.+--+-- 'origin', 'createKey_origin' - The source of the key material for the KMS key. You cannot change the+-- origin after you create the KMS key. The default is @AWS_KMS@, which+-- means that KMS creates the key material.+--+-- To+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html create a KMS key with no key material>+-- (for imported key material), set this value to @EXTERNAL@. For more+-- information about importing key material into KMS, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material>+-- in the /Key Management Service Developer Guide/. The @EXTERNAL@ origin+-- value is valid only for symmetric KMS keys.+--+-- To+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html create a KMS key in an CloudHSM key store>+-- and create its key material in the associated CloudHSM cluster, set this+-- value to @AWS_CLOUDHSM@. You must also use the @CustomKeyStoreId@+-- parameter to identify the CloudHSM key store. The @KeySpec@ value must+-- be @SYMMETRIC_DEFAULT@.+--+-- To+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html create a KMS key in an external key store>,+-- set this value to @EXTERNAL_KEY_STORE@. You must also use the+-- @CustomKeyStoreId@ parameter to identify the external key store and the+-- @XksKeyId@ parameter to identify the associated external key. The+-- @KeySpec@ value must be @SYMMETRIC_DEFAULT@.+--+-- 'policy', 'createKey_policy' - The key policy to attach to the KMS key.+--+-- If you provide a key policy, it must meet the following criteria:+--+-- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key+-- policy must allow the principal that is making the @CreateKey@+-- request to make a subsequent PutKeyPolicy request on the KMS key.+-- This reduces the risk that the KMS key becomes unmanageable. For+-- more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section of the //Key Management Service Developer Guide// .+--+-- - Each statement in the key policy must contain one or more+-- principals. The principals in the key policy must exist and be+-- visible to KMS. When you create a new Amazon Web Services principal+-- (for example, an IAM user or role), you might need to enforce a+-- delay before including the new principal in a key policy because the+-- new principal might not be immediately visible to KMS. For more+-- information, see+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible>+-- in the /Amazon Web Services Identity and Access Management User+-- Guide/.+--+-- If you do not provide a key policy, KMS attaches a default key policy to+-- the KMS key. For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default Default Key Policy>+-- in the /Key Management Service Developer Guide/.+--+-- The key policy size quota is 32 kilobytes (32768 bytes).+--+-- For help writing and formatting a JSON policy document, see the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+-- in the //Identity and Access Management User Guide// .+--+-- 'tags', 'createKey_tags' - Assigns one or more tags to the KMS key. Use this parameter to tag the+-- KMS key when it is created. To tag an existing KMS key, use the+-- TagResource operation.+--+-- Tagging or untagging a KMS key can allow or deny permission to the KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- To use this parameter, you must have+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource>+-- permission in an IAM policy.+--+-- Each tag consists of a tag key and a tag value. Both the tag key and the+-- tag value are required, but the tag value can be an empty (null) string.+-- You cannot have more than one tag on a KMS key with the same tag key. If+-- you specify an existing tag key with a different tag value, KMS replaces+-- the current tag value with the specified one.+--+-- When you add tags to an Amazon Web Services resource, Amazon Web+-- Services generates a cost allocation report with usage and costs+-- aggregated by tags. Tags can also be used to control access to a KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging Keys>.+--+-- 'xksKeyId', 'createKey_xksKeyId' - Identifies the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key external key>+-- that serves as key material for the KMS key in an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html external key store>.+-- Specify the ID that the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-xks-proxy external key store proxy>+-- uses to refer to the external key. For help, see the documentation for+-- your external key store proxy.+--+-- This parameter is required for a KMS key with an @Origin@ value of+-- @EXTERNAL_KEY_STORE@. It is not valid for KMS keys with any other+-- @Origin@ value.+--+-- The external key must be an existing 256-bit AES symmetric encryption+-- key hosted outside of Amazon Web Services in an external key manager+-- associated with the external key store specified by the+-- @CustomKeyStoreId@ parameter. This key must be enabled and configured to+-- perform encryption and decryption. Each KMS key in an external key store+-- must use a different external key. For details, see+-- <https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements Requirements for a KMS key in an external key store>+-- in the /Key Management Service Developer Guide/.+--+-- Each KMS key in an external key store is associated two backing keys.+-- One is key material that KMS generates. The other is the external key+-- specified by this parameter. When you use the KMS key in an external key+-- store to encrypt data, the encryption operation is performed first by+-- KMS using the KMS key material, and then by the external key manager+-- using the specified external key, a process known as /double+-- encryption/. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-double-encryption Double encryption>+-- in the /Key Management Service Developer Guide/.+newCreateKey ::+ CreateKey+newCreateKey =+ CreateKey'+ { bypassPolicyLockoutSafetyCheck =+ Prelude.Nothing,+ customKeyStoreId = Prelude.Nothing,+ customerMasterKeySpec = Prelude.Nothing,+ description = Prelude.Nothing,+ keySpec = Prelude.Nothing,+ keyUsage = Prelude.Nothing,+ multiRegion = Prelude.Nothing,+ origin = Prelude.Nothing,+ policy = Prelude.Nothing,+ tags = Prelude.Nothing,+ xksKeyId = Prelude.Nothing+ }++-- | A flag to indicate whether to bypass the key policy lockout safety+-- check.+--+-- Setting this value to true increases the risk that the KMS key becomes+-- unmanageable. Do not set this value to true indiscriminately.+--+-- For more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section in the //Key Management Service Developer Guide// .+--+-- Use this parameter only when you include a policy in the request and you+-- intend to prevent the principal that is making the request from making a+-- subsequent PutKeyPolicy request on the KMS key.+--+-- The default value is false.+createKey_bypassPolicyLockoutSafetyCheck :: Lens.Lens' CreateKey (Prelude.Maybe Prelude.Bool)+createKey_bypassPolicyLockoutSafetyCheck = Lens.lens (\CreateKey' {bypassPolicyLockoutSafetyCheck} -> bypassPolicyLockoutSafetyCheck) (\s@CreateKey' {} a -> s {bypassPolicyLockoutSafetyCheck = a} :: CreateKey)++-- | Creates the KMS key in the specified+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+-- The @ConnectionState@ of the custom key store must be @CONNECTED@. To+-- find the CustomKeyStoreID and ConnectionState use the+-- DescribeCustomKeyStores operation.+--+-- This parameter is valid only for symmetric encryption KMS keys in a+-- single Region. You cannot create any other type of KMS key in a custom+-- key store.+--+-- When you create a KMS key in an CloudHSM key store, KMS generates a+-- non-exportable 256-bit symmetric key in its associated CloudHSM cluster+-- and associates it with the KMS key. When you create a KMS key in an+-- external key store, you must use the @XksKeyId@ parameter to specify an+-- external key that serves as key material for the KMS key.+createKey_customKeyStoreId :: Lens.Lens' CreateKey (Prelude.Maybe Prelude.Text)+createKey_customKeyStoreId = Lens.lens (\CreateKey' {customKeyStoreId} -> customKeyStoreId) (\s@CreateKey' {} a -> s {customKeyStoreId = a} :: CreateKey)++-- | Instead, use the @KeySpec@ parameter.+--+-- The @KeySpec@ and @CustomerMasterKeySpec@ parameters work the same way.+-- Only the names differ. We recommend that you use @KeySpec@ parameter in+-- your code. However, to avoid breaking changes, KMS supports both+-- parameters.+createKey_customerMasterKeySpec :: Lens.Lens' CreateKey (Prelude.Maybe CustomerMasterKeySpec)+createKey_customerMasterKeySpec = Lens.lens (\CreateKey' {customerMasterKeySpec} -> customerMasterKeySpec) (\s@CreateKey' {} a -> s {customerMasterKeySpec = a} :: CreateKey)++-- | A description of the KMS key.+--+-- Use a description that helps you decide whether the KMS key is+-- appropriate for a task. The default value is an empty string (no+-- description).+--+-- To set or change the description after the key is created, use+-- UpdateKeyDescription.+createKey_description :: Lens.Lens' CreateKey (Prelude.Maybe Prelude.Text)+createKey_description = Lens.lens (\CreateKey' {description} -> description) (\s@CreateKey' {} a -> s {description = a} :: CreateKey)++-- | Specifies the type of KMS key to create. The default value,+-- @SYMMETRIC_DEFAULT@, creates a KMS key with a 256-bit AES-GCM key that+-- is used for encryption and decryption, except in China Regions, where it+-- creates a 128-bit symmetric key that uses SM4 encryption. For help+-- choosing a key spec for your KMS key, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose Choosing a KMS key type>+-- in the //Key Management Service Developer Guide// .+--+-- The @KeySpec@ determines whether the KMS key contains a symmetric key or+-- an asymmetric key pair. It also determines the algorithms that the KMS+-- key supports. You can\'t change the @KeySpec@ after the KMS key is+-- created. To further restrict the algorithms that can be used with the+-- KMS key, use a condition key in its key policy or IAM policy. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm kms:EncryptionAlgorithm>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm kms:MacAlgorithm>+-- or+-- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm kms:Signing Algorithm>+-- in the //Key Management Service Developer Guide// .+--+-- <http://aws.amazon.com/kms/features/#AWS_Service_Integration Amazon Web Services services that are integrated with KMS>+-- use symmetric encryption KMS keys to protect your data. These services+-- do not support asymmetric KMS keys or HMAC KMS keys.+--+-- KMS supports the following key specs for KMS keys:+--+-- - Symmetric encryption key (default)+--+-- - @SYMMETRIC_DEFAULT@+--+-- - HMAC keys (symmetric)+--+-- - @HMAC_224@+--+-- - @HMAC_256@+--+-- - @HMAC_384@+--+-- - @HMAC_512@+--+-- - Asymmetric RSA key pairs+--+-- - @RSA_2048@+--+-- - @RSA_3072@+--+-- - @RSA_4096@+--+-- - Asymmetric NIST-recommended elliptic curve key pairs+--+-- - @ECC_NIST_P256@ (secp256r1)+--+-- - @ECC_NIST_P384@ (secp384r1)+--+-- - @ECC_NIST_P521@ (secp521r1)+--+-- - Other asymmetric elliptic curve key pairs+--+-- - @ECC_SECG_P256K1@ (secp256k1), commonly used for+-- cryptocurrencies.+--+-- - SM2 key pairs (China Regions only)+--+-- - @SM2@+createKey_keySpec :: Lens.Lens' CreateKey (Prelude.Maybe KeySpec)+createKey_keySpec = Lens.lens (\CreateKey' {keySpec} -> keySpec) (\s@CreateKey' {} a -> s {keySpec = a} :: CreateKey)++-- | Determines the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- for which you can use the KMS key. The default value is+-- @ENCRYPT_DECRYPT@. This parameter is optional when you are creating a+-- symmetric encryption KMS key; otherwise, it is required. You can\'t+-- change the @KeyUsage@ value after the KMS key is created.+--+-- Select only one valid value.+--+-- - For symmetric encryption KMS keys, omit the parameter or specify+-- @ENCRYPT_DECRYPT@.+--+-- - For HMAC KMS keys (symmetric), specify @GENERATE_VERIFY_MAC@.+--+-- - For asymmetric KMS keys with RSA key material, specify+-- @ENCRYPT_DECRYPT@ or @SIGN_VERIFY@.+--+-- - For asymmetric KMS keys with ECC key material, specify+-- @SIGN_VERIFY@.+--+-- - For asymmetric KMS keys with SM2 key material (China Regions only),+-- specify @ENCRYPT_DECRYPT@ or @SIGN_VERIFY@.+createKey_keyUsage :: Lens.Lens' CreateKey (Prelude.Maybe KeyUsageType)+createKey_keyUsage = Lens.lens (\CreateKey' {keyUsage} -> keyUsage) (\s@CreateKey' {} a -> s {keyUsage = a} :: CreateKey)++-- | Creates a multi-Region primary key that you can replicate into other+-- Amazon Web Services Regions. You cannot change this value after you+-- create the KMS key.+--+-- For a multi-Region key, set this parameter to @True@. For a+-- single-Region KMS key, omit this parameter or set it to @False@. The+-- default value is @False@.+--+-- This operation supports /multi-Region keys/, an KMS feature that lets+-- you create multiple interoperable KMS keys in different Amazon Web+-- Services Regions. Because these KMS keys have the same key ID, key+-- material, and other metadata, you can use them interchangeably to+-- encrypt data in one Amazon Web Services Region and decrypt it in a+-- different Amazon Web Services Region without re-encrypting the data or+-- making a cross-Region call. For more information about multi-Region+-- keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- This value creates a /primary key/, not a replica. To create a /replica+-- key/, use the ReplicateKey operation.+--+-- You can create a symmetric or asymmetric multi-Region key, and you can+-- create a multi-Region key with imported key material. However, you+-- cannot create a multi-Region key in a custom key store.+createKey_multiRegion :: Lens.Lens' CreateKey (Prelude.Maybe Prelude.Bool)+createKey_multiRegion = Lens.lens (\CreateKey' {multiRegion} -> multiRegion) (\s@CreateKey' {} a -> s {multiRegion = a} :: CreateKey)++-- | The source of the key material for the KMS key. You cannot change the+-- origin after you create the KMS key. The default is @AWS_KMS@, which+-- means that KMS creates the key material.+--+-- To+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-create-cmk.html create a KMS key with no key material>+-- (for imported key material), set this value to @EXTERNAL@. For more+-- information about importing key material into KMS, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material>+-- in the /Key Management Service Developer Guide/. The @EXTERNAL@ origin+-- value is valid only for symmetric KMS keys.+--+-- To+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-cmk-keystore.html create a KMS key in an CloudHSM key store>+-- and create its key material in the associated CloudHSM cluster, set this+-- value to @AWS_CLOUDHSM@. You must also use the @CustomKeyStoreId@+-- parameter to identify the CloudHSM key store. The @KeySpec@ value must+-- be @SYMMETRIC_DEFAULT@.+--+-- To+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html create a KMS key in an external key store>,+-- set this value to @EXTERNAL_KEY_STORE@. You must also use the+-- @CustomKeyStoreId@ parameter to identify the external key store and the+-- @XksKeyId@ parameter to identify the associated external key. The+-- @KeySpec@ value must be @SYMMETRIC_DEFAULT@.+createKey_origin :: Lens.Lens' CreateKey (Prelude.Maybe OriginType)+createKey_origin = Lens.lens (\CreateKey' {origin} -> origin) (\s@CreateKey' {} a -> s {origin = a} :: CreateKey)++-- | The key policy to attach to the KMS key.+--+-- If you provide a key policy, it must meet the following criteria:+--+-- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key+-- policy must allow the principal that is making the @CreateKey@+-- request to make a subsequent PutKeyPolicy request on the KMS key.+-- This reduces the risk that the KMS key becomes unmanageable. For+-- more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section of the //Key Management Service Developer Guide// .+--+-- - Each statement in the key policy must contain one or more+-- principals. The principals in the key policy must exist and be+-- visible to KMS. When you create a new Amazon Web Services principal+-- (for example, an IAM user or role), you might need to enforce a+-- delay before including the new principal in a key policy because the+-- new principal might not be immediately visible to KMS. For more+-- information, see+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible>+-- in the /Amazon Web Services Identity and Access Management User+-- Guide/.+--+-- If you do not provide a key policy, KMS attaches a default key policy to+-- the KMS key. For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default Default Key Policy>+-- in the /Key Management Service Developer Guide/.+--+-- The key policy size quota is 32 kilobytes (32768 bytes).+--+-- For help writing and formatting a JSON policy document, see the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+-- in the //Identity and Access Management User Guide// .+createKey_policy :: Lens.Lens' CreateKey (Prelude.Maybe Prelude.Text)+createKey_policy = Lens.lens (\CreateKey' {policy} -> policy) (\s@CreateKey' {} a -> s {policy = a} :: CreateKey)++-- | Assigns one or more tags to the KMS key. Use this parameter to tag the+-- KMS key when it is created. To tag an existing KMS key, use the+-- TagResource operation.+--+-- Tagging or untagging a KMS key can allow or deny permission to the KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- To use this parameter, you must have+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource>+-- permission in an IAM policy.+--+-- Each tag consists of a tag key and a tag value. Both the tag key and the+-- tag value are required, but the tag value can be an empty (null) string.+-- You cannot have more than one tag on a KMS key with the same tag key. If+-- you specify an existing tag key with a different tag value, KMS replaces+-- the current tag value with the specified one.+--+-- When you add tags to an Amazon Web Services resource, Amazon Web+-- Services generates a cost allocation report with usage and costs+-- aggregated by tags. Tags can also be used to control access to a KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging Keys>.+createKey_tags :: Lens.Lens' CreateKey (Prelude.Maybe [Tag])+createKey_tags = Lens.lens (\CreateKey' {tags} -> tags) (\s@CreateKey' {} a -> s {tags = a} :: CreateKey) Prelude.. Lens.mapping Lens.coerced++-- | Identifies the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key external key>+-- that serves as key material for the KMS key in an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html external key store>.+-- Specify the ID that the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-xks-proxy external key store proxy>+-- uses to refer to the external key. For help, see the documentation for+-- your external key store proxy.+--+-- This parameter is required for a KMS key with an @Origin@ value of+-- @EXTERNAL_KEY_STORE@. It is not valid for KMS keys with any other+-- @Origin@ value.+--+-- The external key must be an existing 256-bit AES symmetric encryption+-- key hosted outside of Amazon Web Services in an external key manager+-- associated with the external key store specified by the+-- @CustomKeyStoreId@ parameter. This key must be enabled and configured to+-- perform encryption and decryption. Each KMS key in an external key store+-- must use a different external key. For details, see+-- <https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements Requirements for a KMS key in an external key store>+-- in the /Key Management Service Developer Guide/.+--+-- Each KMS key in an external key store is associated two backing keys.+-- One is key material that KMS generates. The other is the external key+-- specified by this parameter. When you use the KMS key in an external key+-- store to encrypt data, the encryption operation is performed first by+-- KMS using the KMS key material, and then by the external key manager+-- using the specified external key, a process known as /double+-- encryption/. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-double-encryption Double encryption>+-- in the /Key Management Service Developer Guide/.+createKey_xksKeyId :: Lens.Lens' CreateKey (Prelude.Maybe Prelude.Text)+createKey_xksKeyId = Lens.lens (\CreateKey' {xksKeyId} -> xksKeyId) (\s@CreateKey' {} a -> s {xksKeyId = a} :: CreateKey)++instance Core.AWSRequest CreateKey where+ type AWSResponse CreateKey = CreateKeyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ CreateKeyResponse'+ Prelude.<$> (x Data..?> "KeyMetadata")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable CreateKey where+ hashWithSalt _salt CreateKey' {..} =+ _salt+ `Prelude.hashWithSalt` bypassPolicyLockoutSafetyCheck+ `Prelude.hashWithSalt` customKeyStoreId+ `Prelude.hashWithSalt` customerMasterKeySpec+ `Prelude.hashWithSalt` description+ `Prelude.hashWithSalt` keySpec+ `Prelude.hashWithSalt` keyUsage+ `Prelude.hashWithSalt` multiRegion+ `Prelude.hashWithSalt` origin+ `Prelude.hashWithSalt` policy+ `Prelude.hashWithSalt` tags+ `Prelude.hashWithSalt` xksKeyId++instance Prelude.NFData CreateKey where+ rnf CreateKey' {..} =+ Prelude.rnf bypassPolicyLockoutSafetyCheck+ `Prelude.seq` Prelude.rnf customKeyStoreId+ `Prelude.seq` Prelude.rnf customerMasterKeySpec+ `Prelude.seq` Prelude.rnf description+ `Prelude.seq` Prelude.rnf keySpec+ `Prelude.seq` Prelude.rnf keyUsage+ `Prelude.seq` Prelude.rnf multiRegion+ `Prelude.seq` Prelude.rnf origin+ `Prelude.seq` Prelude.rnf policy+ `Prelude.seq` Prelude.rnf tags+ `Prelude.seq` Prelude.rnf xksKeyId++instance Data.ToHeaders CreateKey where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.CreateKey" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON CreateKey where+ toJSON CreateKey' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("BypassPolicyLockoutSafetyCheck" Data..=)+ Prelude.<$> bypassPolicyLockoutSafetyCheck,+ ("CustomKeyStoreId" Data..=)+ Prelude.<$> customKeyStoreId,+ ("CustomerMasterKeySpec" Data..=)+ Prelude.<$> customerMasterKeySpec,+ ("Description" Data..=) Prelude.<$> description,+ ("KeySpec" Data..=) Prelude.<$> keySpec,+ ("KeyUsage" Data..=) Prelude.<$> keyUsage,+ ("MultiRegion" Data..=) Prelude.<$> multiRegion,+ ("Origin" Data..=) Prelude.<$> origin,+ ("Policy" Data..=) Prelude.<$> policy,+ ("Tags" Data..=) Prelude.<$> tags,+ ("XksKeyId" Data..=) Prelude.<$> xksKeyId+ ]+ )++instance Data.ToPath CreateKey where+ toPath = Prelude.const "/"++instance Data.ToQuery CreateKey where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newCreateKeyResponse' smart constructor.+data CreateKeyResponse = CreateKeyResponse'+ { -- | Metadata associated with the KMS key.+ keyMetadata :: Prelude.Maybe KeyMetadata,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CreateKeyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyMetadata', 'createKeyResponse_keyMetadata' - Metadata associated with the KMS key.+--+-- 'httpStatus', 'createKeyResponse_httpStatus' - The response's http status code.+newCreateKeyResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ CreateKeyResponse+newCreateKeyResponse pHttpStatus_ =+ CreateKeyResponse'+ { keyMetadata = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | Metadata associated with the KMS key.+createKeyResponse_keyMetadata :: Lens.Lens' CreateKeyResponse (Prelude.Maybe KeyMetadata)+createKeyResponse_keyMetadata = Lens.lens (\CreateKeyResponse' {keyMetadata} -> keyMetadata) (\s@CreateKeyResponse' {} a -> s {keyMetadata = a} :: CreateKeyResponse)++-- | The response's http status code.+createKeyResponse_httpStatus :: Lens.Lens' CreateKeyResponse Prelude.Int+createKeyResponse_httpStatus = Lens.lens (\CreateKeyResponse' {httpStatus} -> httpStatus) (\s@CreateKeyResponse' {} a -> s {httpStatus = a} :: CreateKeyResponse)++instance Prelude.NFData CreateKeyResponse where+ rnf CreateKeyResponse' {..} =+ Prelude.rnf keyMetadata+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/Decrypt.hs view
@@ -0,0 +1,545 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Decrypt+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Decrypts ciphertext that was encrypted by a KMS key using any of the+-- following operations:+--+-- - Encrypt+--+-- - GenerateDataKey+--+-- - GenerateDataKeyPair+--+-- - GenerateDataKeyWithoutPlaintext+--+-- - GenerateDataKeyPairWithoutPlaintext+--+-- You can use this operation to decrypt ciphertext that was encrypted+-- under a symmetric encryption KMS key or an asymmetric encryption KMS+-- key. When the KMS key is asymmetric, you must specify the KMS key and+-- the encryption algorithm that was used to encrypt the ciphertext. For+-- information about asymmetric KMS keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Asymmetric KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- The @Decrypt@ operation also decrypts ciphertext that was encrypted+-- outside of KMS by the public key in an KMS asymmetric KMS key. However,+-- it cannot decrypt symmetric ciphertext produced by other libraries, such+-- as the+-- <https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/ Amazon Web Services Encryption SDK>+-- or+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html Amazon S3 client-side encryption>.+-- These libraries return a ciphertext format that is incompatible with+-- KMS.+--+-- If the ciphertext was encrypted under a symmetric encryption KMS key,+-- the @KeyId@ parameter is optional. KMS can get this information from+-- metadata that it adds to the symmetric ciphertext blob. This feature+-- adds durability to your implementation by ensuring that authorized users+-- can decrypt ciphertext decades after it was encrypted, even if they\'ve+-- lost track of the key ID. However, specifying the KMS key is always+-- recommended as a best practice. When you use the @KeyId@ parameter to+-- specify a KMS key, KMS only uses the KMS key you specify. If the+-- ciphertext was encrypted under a different KMS key, the @Decrypt@+-- operation fails. This practice ensures that you use the KMS key that you+-- intend.+--+-- Whenever possible, use key policies to give users permission to call the+-- @Decrypt@ operation on a particular KMS key, instead of using IAM+-- policies. Otherwise, you might create an IAM user policy that gives the+-- user @Decrypt@ permission on all KMS keys. This user could decrypt+-- ciphertext that was encrypted by KMS keys in other accounts if the key+-- policy for the cross-account KMS key permits it. If you must use an IAM+-- policy for @Decrypt@ permissions, limit the user to particular KMS keys+-- or particular trusted accounts. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices Best practices for IAM policies>+-- in the /Key Management Service Developer Guide/.+--+-- Applications in Amazon Web Services Nitro Enclaves can call this+-- operation by using the+-- <https://github.com/aws/aws-nitro-enclaves-sdk-c Amazon Web Services Nitro Enclaves Development Kit>.+-- For information about the supporting parameters, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html How Amazon Web Services Nitro Enclaves use KMS>+-- in the /Key Management Service Developer Guide/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:Decrypt>+-- (key policy)+--+-- __Related operations:__+--+-- - Encrypt+--+-- - GenerateDataKey+--+-- - GenerateDataKeyPair+--+-- - ReEncrypt+module Amazonka.KMS.Decrypt+ ( -- * Creating a Request+ Decrypt (..),+ newDecrypt,++ -- * Request Lenses+ decrypt_encryptionAlgorithm,+ decrypt_encryptionContext,+ decrypt_grantTokens,+ decrypt_keyId,+ decrypt_ciphertextBlob,++ -- * Destructuring the Response+ DecryptResponse (..),+ newDecryptResponse,++ -- * Response Lenses+ decryptResponse_encryptionAlgorithm,+ decryptResponse_keyId,+ decryptResponse_plaintext,+ decryptResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDecrypt' smart constructor.+data Decrypt = Decrypt'+ { -- | Specifies the encryption algorithm that will be used to decrypt the+ -- ciphertext. Specify the same algorithm that was used to encrypt the+ -- data. If you specify a different algorithm, the @Decrypt@ operation+ -- fails.+ --+ -- This parameter is required only when the ciphertext was encrypted under+ -- an asymmetric KMS key. The default value, @SYMMETRIC_DEFAULT@,+ -- represents the only supported algorithm that is valid for symmetric+ -- encryption KMS keys.+ encryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,+ -- | Specifies the encryption context to use when decrypting the data. An+ -- encryption context is valid only for+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+ -- with a symmetric encryption KMS key. The standard asymmetric encryption+ -- algorithms and HMAC algorithms that KMS uses do not support an+ -- encryption context.+ --+ -- An /encryption context/ is a collection of non-secret key-value pairs+ -- that represent additional authenticated data. When you use an encryption+ -- context to encrypt data, you must specify the same (an exact+ -- case-sensitive match) encryption context to decrypt the data. An+ -- encryption context is supported only on operations with symmetric+ -- encryption KMS keys. On operations with symmetric encryption KMS keys,+ -- an encryption context is optional, but it is strongly recommended.+ --+ -- For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+ -- in the /Key Management Service Developer Guide/.+ encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),+ -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Specifies the KMS key that KMS uses to decrypt the ciphertext.+ --+ -- Enter a key ID of the KMS key that was used to encrypt the ciphertext.+ -- If you identify a different KMS key, the @Decrypt@ operation throws an+ -- @IncorrectKeyException@.+ --+ -- This parameter is required only when the ciphertext was encrypted under+ -- an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS+ -- can get the KMS key from metadata that it adds to the symmetric+ -- ciphertext blob. However, it is always recommended as a best practice.+ -- This practice ensures that you use the KMS key that you intend.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | Ciphertext to be decrypted. The blob includes metadata.+ ciphertextBlob :: Data.Base64+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Decrypt' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionAlgorithm', 'decrypt_encryptionAlgorithm' - Specifies the encryption algorithm that will be used to decrypt the+-- ciphertext. Specify the same algorithm that was used to encrypt the+-- data. If you specify a different algorithm, the @Decrypt@ operation+-- fails.+--+-- This parameter is required only when the ciphertext was encrypted under+-- an asymmetric KMS key. The default value, @SYMMETRIC_DEFAULT@,+-- represents the only supported algorithm that is valid for symmetric+-- encryption KMS keys.+--+-- 'encryptionContext', 'decrypt_encryptionContext' - Specifies the encryption context to use when decrypting the data. An+-- encryption context is valid only for+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- with a symmetric encryption KMS key. The standard asymmetric encryption+-- algorithms and HMAC algorithms that KMS uses do not support an+-- encryption context.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+--+-- 'grantTokens', 'decrypt_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyId', 'decrypt_keyId' - Specifies the KMS key that KMS uses to decrypt the ciphertext.+--+-- Enter a key ID of the KMS key that was used to encrypt the ciphertext.+-- If you identify a different KMS key, the @Decrypt@ operation throws an+-- @IncorrectKeyException@.+--+-- This parameter is required only when the ciphertext was encrypted under+-- an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS+-- can get the KMS key from metadata that it adds to the symmetric+-- ciphertext blob. However, it is always recommended as a best practice.+-- This practice ensures that you use the KMS key that you intend.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+--+-- 'ciphertextBlob', 'decrypt_ciphertextBlob' - Ciphertext to be decrypted. The blob includes metadata.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+newDecrypt ::+ -- | 'ciphertextBlob'+ Prelude.ByteString ->+ Decrypt+newDecrypt pCiphertextBlob_ =+ Decrypt'+ { encryptionAlgorithm = Prelude.Nothing,+ encryptionContext = Prelude.Nothing,+ grantTokens = Prelude.Nothing,+ keyId = Prelude.Nothing,+ ciphertextBlob =+ Data._Base64 Lens.# pCiphertextBlob_+ }++-- | Specifies the encryption algorithm that will be used to decrypt the+-- ciphertext. Specify the same algorithm that was used to encrypt the+-- data. If you specify a different algorithm, the @Decrypt@ operation+-- fails.+--+-- This parameter is required only when the ciphertext was encrypted under+-- an asymmetric KMS key. The default value, @SYMMETRIC_DEFAULT@,+-- represents the only supported algorithm that is valid for symmetric+-- encryption KMS keys.+decrypt_encryptionAlgorithm :: Lens.Lens' Decrypt (Prelude.Maybe EncryptionAlgorithmSpec)+decrypt_encryptionAlgorithm = Lens.lens (\Decrypt' {encryptionAlgorithm} -> encryptionAlgorithm) (\s@Decrypt' {} a -> s {encryptionAlgorithm = a} :: Decrypt)++-- | Specifies the encryption context to use when decrypting the data. An+-- encryption context is valid only for+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- with a symmetric encryption KMS key. The standard asymmetric encryption+-- algorithms and HMAC algorithms that KMS uses do not support an+-- encryption context.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+decrypt_encryptionContext :: Lens.Lens' Decrypt (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+decrypt_encryptionContext = Lens.lens (\Decrypt' {encryptionContext} -> encryptionContext) (\s@Decrypt' {} a -> s {encryptionContext = a} :: Decrypt) Prelude.. Lens.mapping Lens.coerced++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+decrypt_grantTokens :: Lens.Lens' Decrypt (Prelude.Maybe [Prelude.Text])+decrypt_grantTokens = Lens.lens (\Decrypt' {grantTokens} -> grantTokens) (\s@Decrypt' {} a -> s {grantTokens = a} :: Decrypt) Prelude.. Lens.mapping Lens.coerced++-- | Specifies the KMS key that KMS uses to decrypt the ciphertext.+--+-- Enter a key ID of the KMS key that was used to encrypt the ciphertext.+-- If you identify a different KMS key, the @Decrypt@ operation throws an+-- @IncorrectKeyException@.+--+-- This parameter is required only when the ciphertext was encrypted under+-- an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS+-- can get the KMS key from metadata that it adds to the symmetric+-- ciphertext blob. However, it is always recommended as a best practice.+-- This practice ensures that you use the KMS key that you intend.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+decrypt_keyId :: Lens.Lens' Decrypt (Prelude.Maybe Prelude.Text)+decrypt_keyId = Lens.lens (\Decrypt' {keyId} -> keyId) (\s@Decrypt' {} a -> s {keyId = a} :: Decrypt)++-- | Ciphertext to be decrypted. The blob includes metadata.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+decrypt_ciphertextBlob :: Lens.Lens' Decrypt Prelude.ByteString+decrypt_ciphertextBlob = Lens.lens (\Decrypt' {ciphertextBlob} -> ciphertextBlob) (\s@Decrypt' {} a -> s {ciphertextBlob = a} :: Decrypt) Prelude.. Data._Base64++instance Core.AWSRequest Decrypt where+ type AWSResponse Decrypt = DecryptResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ DecryptResponse'+ Prelude.<$> (x Data..?> "EncryptionAlgorithm")+ Prelude.<*> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "Plaintext")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable Decrypt where+ hashWithSalt _salt Decrypt' {..} =+ _salt+ `Prelude.hashWithSalt` encryptionAlgorithm+ `Prelude.hashWithSalt` encryptionContext+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` ciphertextBlob++instance Prelude.NFData Decrypt where+ rnf Decrypt' {..} =+ Prelude.rnf encryptionAlgorithm+ `Prelude.seq` Prelude.rnf encryptionContext+ `Prelude.seq` Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf ciphertextBlob++instance Data.ToHeaders Decrypt where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.Decrypt" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON Decrypt where+ toJSON Decrypt' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("EncryptionAlgorithm" Data..=)+ Prelude.<$> encryptionAlgorithm,+ ("EncryptionContext" Data..=)+ Prelude.<$> encryptionContext,+ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ ("KeyId" Data..=) Prelude.<$> keyId,+ Prelude.Just+ ("CiphertextBlob" Data..= ciphertextBlob)+ ]+ )++instance Data.ToPath Decrypt where+ toPath = Prelude.const "/"++instance Data.ToQuery Decrypt where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDecryptResponse' smart constructor.+data DecryptResponse = DecryptResponse'+ { -- | The encryption algorithm that was used to decrypt the ciphertext.+ encryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,+ -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key that was used to decrypt the ciphertext.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | Decrypted plaintext data. When you use the HTTP API or the Amazon Web+ -- Services CLI, the value is Base64-encoded. Otherwise, it is not+ -- Base64-encoded.+ plaintext :: Prelude.Maybe (Data.Sensitive Data.Base64),+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DecryptResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionAlgorithm', 'decryptResponse_encryptionAlgorithm' - The encryption algorithm that was used to decrypt the ciphertext.+--+-- 'keyId', 'decryptResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that was used to decrypt the ciphertext.+--+-- 'plaintext', 'decryptResponse_plaintext' - Decrypted plaintext data. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'httpStatus', 'decryptResponse_httpStatus' - The response's http status code.+newDecryptResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ DecryptResponse+newDecryptResponse pHttpStatus_ =+ DecryptResponse'+ { encryptionAlgorithm =+ Prelude.Nothing,+ keyId = Prelude.Nothing,+ plaintext = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The encryption algorithm that was used to decrypt the ciphertext.+decryptResponse_encryptionAlgorithm :: Lens.Lens' DecryptResponse (Prelude.Maybe EncryptionAlgorithmSpec)+decryptResponse_encryptionAlgorithm = Lens.lens (\DecryptResponse' {encryptionAlgorithm} -> encryptionAlgorithm) (\s@DecryptResponse' {} a -> s {encryptionAlgorithm = a} :: DecryptResponse)++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that was used to decrypt the ciphertext.+decryptResponse_keyId :: Lens.Lens' DecryptResponse (Prelude.Maybe Prelude.Text)+decryptResponse_keyId = Lens.lens (\DecryptResponse' {keyId} -> keyId) (\s@DecryptResponse' {} a -> s {keyId = a} :: DecryptResponse)++-- | Decrypted plaintext data. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+decryptResponse_plaintext :: Lens.Lens' DecryptResponse (Prelude.Maybe Prelude.ByteString)+decryptResponse_plaintext = Lens.lens (\DecryptResponse' {plaintext} -> plaintext) (\s@DecryptResponse' {} a -> s {plaintext = a} :: DecryptResponse) Prelude.. Lens.mapping (Data._Sensitive Prelude.. Data._Base64)++-- | The response's http status code.+decryptResponse_httpStatus :: Lens.Lens' DecryptResponse Prelude.Int+decryptResponse_httpStatus = Lens.lens (\DecryptResponse' {httpStatus} -> httpStatus) (\s@DecryptResponse' {} a -> s {httpStatus = a} :: DecryptResponse)++instance Prelude.NFData DecryptResponse where+ rnf DecryptResponse' {..} =+ Prelude.rnf encryptionAlgorithm+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf plaintext+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/DeleteAlias.hs view
@@ -0,0 +1,168 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.DeleteAlias+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes the specified alias.+--+-- Adding, deleting, or updating an alias can allow or deny permission to+-- the KMS key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- Because an alias is not a property of a KMS key, you can delete and+-- change the aliases of a KMS key without affecting the KMS key. Also,+-- aliases do not appear in the response from the DescribeKey operation. To+-- get the aliases of all KMS keys, use the ListAliases operation.+--+-- Each KMS key can have multiple aliases. To change the alias of a KMS+-- key, use DeleteAlias to delete the current alias and CreateAlias to+-- create a new alias. To associate an existing alias with a different KMS+-- key, call UpdateAlias.+--+-- __Cross-account use__: No. You cannot perform this operation on an alias+-- in a different Amazon Web Services account.+--+-- __Required permissions__+--+-- - <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:DeleteAlias>+-- on the alias (IAM policy).+--+-- - <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:DeleteAlias>+-- on the KMS key (key policy).+--+-- For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access Controlling access to aliases>+-- in the /Key Management Service Developer Guide/.+--+-- __Related operations:__+--+-- - CreateAlias+--+-- - ListAliases+--+-- - UpdateAlias+module Amazonka.KMS.DeleteAlias+ ( -- * Creating a Request+ DeleteAlias (..),+ newDeleteAlias,++ -- * Request Lenses+ deleteAlias_aliasName,++ -- * Destructuring the Response+ DeleteAliasResponse (..),+ newDeleteAliasResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDeleteAlias' smart constructor.+data DeleteAlias = DeleteAlias'+ { -- | The alias to be deleted. The alias name must begin with @alias\/@+ -- followed by the alias name, such as @alias\/ExampleAlias@.+ aliasName :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteAlias' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'aliasName', 'deleteAlias_aliasName' - The alias to be deleted. The alias name must begin with @alias\/@+-- followed by the alias name, such as @alias\/ExampleAlias@.+newDeleteAlias ::+ -- | 'aliasName'+ Prelude.Text ->+ DeleteAlias+newDeleteAlias pAliasName_ =+ DeleteAlias' {aliasName = pAliasName_}++-- | The alias to be deleted. The alias name must begin with @alias\/@+-- followed by the alias name, such as @alias\/ExampleAlias@.+deleteAlias_aliasName :: Lens.Lens' DeleteAlias Prelude.Text+deleteAlias_aliasName = Lens.lens (\DeleteAlias' {aliasName} -> aliasName) (\s@DeleteAlias' {} a -> s {aliasName = a} :: DeleteAlias)++instance Core.AWSRequest DeleteAlias where+ type AWSResponse DeleteAlias = DeleteAliasResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response = Response.receiveNull DeleteAliasResponse'++instance Prelude.Hashable DeleteAlias where+ hashWithSalt _salt DeleteAlias' {..} =+ _salt `Prelude.hashWithSalt` aliasName++instance Prelude.NFData DeleteAlias where+ rnf DeleteAlias' {..} = Prelude.rnf aliasName++instance Data.ToHeaders DeleteAlias where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.DeleteAlias" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON DeleteAlias where+ toJSON DeleteAlias' {..} =+ Data.object+ ( Prelude.catMaybes+ [Prelude.Just ("AliasName" Data..= aliasName)]+ )++instance Data.ToPath DeleteAlias where+ toPath = Prelude.const "/"++instance Data.ToQuery DeleteAlias where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDeleteAliasResponse' smart constructor.+data DeleteAliasResponse = DeleteAliasResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteAliasResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newDeleteAliasResponse ::+ DeleteAliasResponse+newDeleteAliasResponse = DeleteAliasResponse'++instance Prelude.NFData DeleteAliasResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/DeleteCustomKeyStore.hs view
@@ -0,0 +1,224 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.DeleteCustomKeyStore+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+-- This operation does not affect any backing elements of the custom key+-- store. It does not delete the CloudHSM cluster that is associated with+-- an CloudHSM key store, or affect any users or keys in the cluster. For+-- an external key store, it does not affect the external key store proxy,+-- external key manager, or any external keys.+--+-- This operation is part of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key stores>+-- feature in KMS, which combines the convenience and extensive integration+-- of KMS with the isolation and control of a key store that you own and+-- manage.+--+-- The custom key store that you delete cannot contain any+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys KMS keys>.+-- Before deleting the key store, verify that you will never need to use+-- any of the KMS keys in the key store for any+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>.+-- Then, use ScheduleKeyDeletion to delete the KMS keys from the key store.+-- After the required waiting period expires and all KMS keys are deleted+-- from the custom key store, use DisconnectCustomKeyStore to disconnect+-- the key store from KMS. Then, you can delete the custom key store.+--+-- For keys in an CloudHSM key store, the @ScheduleKeyDeletion@ operation+-- makes a best effort to delete the key material from the associated+-- cluster. However, you might need to manually+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key delete the orphaned key material>+-- from the cluster and its backups. KMS never creates, manages, or deletes+-- cryptographic keys in the external key manager associated with an+-- external key store. You must manage them using your external key manager+-- tools.+--+-- Instead of deleting the custom key store, consider using the+-- DisconnectCustomKeyStore operation to disconnect the custom key store+-- from its backing key store. While the key store is disconnected, you+-- cannot create or use the KMS keys in the key store. But, you do not need+-- to delete KMS keys and you can reconnect a disconnected custom key store+-- at any time.+--+-- If the operation succeeds, it returns a JSON object with no properties.+--+-- __Cross-account use__: No. You cannot perform this operation on a custom+-- key store in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:DeleteCustomKeyStore>+-- (IAM policy)+--+-- __Related operations:__+--+-- - ConnectCustomKeyStore+--+-- - CreateCustomKeyStore+--+-- - DescribeCustomKeyStores+--+-- - DisconnectCustomKeyStore+--+-- - UpdateCustomKeyStore+module Amazonka.KMS.DeleteCustomKeyStore+ ( -- * Creating a Request+ DeleteCustomKeyStore (..),+ newDeleteCustomKeyStore,++ -- * Request Lenses+ deleteCustomKeyStore_customKeyStoreId,++ -- * Destructuring the Response+ DeleteCustomKeyStoreResponse (..),+ newDeleteCustomKeyStoreResponse,++ -- * Response Lenses+ deleteCustomKeyStoreResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDeleteCustomKeyStore' smart constructor.+data DeleteCustomKeyStore = DeleteCustomKeyStore'+ { -- | Enter the ID of the custom key store you want to delete. To find the ID+ -- of a custom key store, use the DescribeCustomKeyStores operation.+ customKeyStoreId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteCustomKeyStore' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'customKeyStoreId', 'deleteCustomKeyStore_customKeyStoreId' - Enter the ID of the custom key store you want to delete. To find the ID+-- of a custom key store, use the DescribeCustomKeyStores operation.+newDeleteCustomKeyStore ::+ -- | 'customKeyStoreId'+ Prelude.Text ->+ DeleteCustomKeyStore+newDeleteCustomKeyStore pCustomKeyStoreId_ =+ DeleteCustomKeyStore'+ { customKeyStoreId =+ pCustomKeyStoreId_+ }++-- | Enter the ID of the custom key store you want to delete. To find the ID+-- of a custom key store, use the DescribeCustomKeyStores operation.+deleteCustomKeyStore_customKeyStoreId :: Lens.Lens' DeleteCustomKeyStore Prelude.Text+deleteCustomKeyStore_customKeyStoreId = Lens.lens (\DeleteCustomKeyStore' {customKeyStoreId} -> customKeyStoreId) (\s@DeleteCustomKeyStore' {} a -> s {customKeyStoreId = a} :: DeleteCustomKeyStore)++instance Core.AWSRequest DeleteCustomKeyStore where+ type+ AWSResponse DeleteCustomKeyStore =+ DeleteCustomKeyStoreResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveEmpty+ ( \s h x ->+ DeleteCustomKeyStoreResponse'+ Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable DeleteCustomKeyStore where+ hashWithSalt _salt DeleteCustomKeyStore' {..} =+ _salt `Prelude.hashWithSalt` customKeyStoreId++instance Prelude.NFData DeleteCustomKeyStore where+ rnf DeleteCustomKeyStore' {..} =+ Prelude.rnf customKeyStoreId++instance Data.ToHeaders DeleteCustomKeyStore where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.DeleteCustomKeyStore" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON DeleteCustomKeyStore where+ toJSON DeleteCustomKeyStore' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just+ ("CustomKeyStoreId" Data..= customKeyStoreId)+ ]+ )++instance Data.ToPath DeleteCustomKeyStore where+ toPath = Prelude.const "/"++instance Data.ToQuery DeleteCustomKeyStore where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDeleteCustomKeyStoreResponse' smart constructor.+data DeleteCustomKeyStoreResponse = DeleteCustomKeyStoreResponse'+ { -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteCustomKeyStoreResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'deleteCustomKeyStoreResponse_httpStatus' - The response's http status code.+newDeleteCustomKeyStoreResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ DeleteCustomKeyStoreResponse+newDeleteCustomKeyStoreResponse pHttpStatus_ =+ DeleteCustomKeyStoreResponse'+ { httpStatus =+ pHttpStatus_+ }++-- | The response's http status code.+deleteCustomKeyStoreResponse_httpStatus :: Lens.Lens' DeleteCustomKeyStoreResponse Prelude.Int+deleteCustomKeyStoreResponse_httpStatus = Lens.lens (\DeleteCustomKeyStoreResponse' {httpStatus} -> httpStatus) (\s@DeleteCustomKeyStoreResponse' {} a -> s {httpStatus = a} :: DeleteCustomKeyStoreResponse)++instance Prelude.NFData DeleteCustomKeyStoreResponse where+ rnf DeleteCustomKeyStoreResponse' {..} =+ Prelude.rnf httpStatus
+ gen/Amazonka/KMS/DeleteImportedKeyMaterial.hs view
@@ -0,0 +1,206 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.DeleteImportedKeyMaterial+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes key material that you previously imported. This operation makes+-- the specified KMS key unusable. For more information about importing key+-- material into KMS, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material>+-- in the /Key Management Service Developer Guide/.+--+-- When the specified KMS key is in the @PendingDeletion@ state, this+-- operation does not change the KMS key\'s state. Otherwise, it changes+-- the KMS key\'s state to @PendingImport@.+--+-- After you delete key material, you can use ImportKeyMaterial to reimport+-- the same key material into the KMS key.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:DeleteImportedKeyMaterial>+-- (key policy)+--+-- __Related operations:__+--+-- - GetParametersForImport+--+-- - ImportKeyMaterial+module Amazonka.KMS.DeleteImportedKeyMaterial+ ( -- * Creating a Request+ DeleteImportedKeyMaterial (..),+ newDeleteImportedKeyMaterial,++ -- * Request Lenses+ deleteImportedKeyMaterial_keyId,++ -- * Destructuring the Response+ DeleteImportedKeyMaterialResponse (..),+ newDeleteImportedKeyMaterialResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDeleteImportedKeyMaterial' smart constructor.+data DeleteImportedKeyMaterial = DeleteImportedKeyMaterial'+ { -- | Identifies the KMS key from which you are deleting imported key+ -- material. The @Origin@ of the KMS key must be @EXTERNAL@.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteImportedKeyMaterial' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'deleteImportedKeyMaterial_keyId' - Identifies the KMS key from which you are deleting imported key+-- material. The @Origin@ of the KMS key must be @EXTERNAL@.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newDeleteImportedKeyMaterial ::+ -- | 'keyId'+ Prelude.Text ->+ DeleteImportedKeyMaterial+newDeleteImportedKeyMaterial pKeyId_ =+ DeleteImportedKeyMaterial' {keyId = pKeyId_}++-- | Identifies the KMS key from which you are deleting imported key+-- material. The @Origin@ of the KMS key must be @EXTERNAL@.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+deleteImportedKeyMaterial_keyId :: Lens.Lens' DeleteImportedKeyMaterial Prelude.Text+deleteImportedKeyMaterial_keyId = Lens.lens (\DeleteImportedKeyMaterial' {keyId} -> keyId) (\s@DeleteImportedKeyMaterial' {} a -> s {keyId = a} :: DeleteImportedKeyMaterial)++instance Core.AWSRequest DeleteImportedKeyMaterial where+ type+ AWSResponse DeleteImportedKeyMaterial =+ DeleteImportedKeyMaterialResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveNull+ DeleteImportedKeyMaterialResponse'++instance Prelude.Hashable DeleteImportedKeyMaterial where+ hashWithSalt _salt DeleteImportedKeyMaterial' {..} =+ _salt `Prelude.hashWithSalt` keyId++instance Prelude.NFData DeleteImportedKeyMaterial where+ rnf DeleteImportedKeyMaterial' {..} =+ Prelude.rnf keyId++instance Data.ToHeaders DeleteImportedKeyMaterial where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.DeleteImportedKeyMaterial" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON DeleteImportedKeyMaterial where+ toJSON DeleteImportedKeyMaterial' {..} =+ Data.object+ ( Prelude.catMaybes+ [Prelude.Just ("KeyId" Data..= keyId)]+ )++instance Data.ToPath DeleteImportedKeyMaterial where+ toPath = Prelude.const "/"++instance Data.ToQuery DeleteImportedKeyMaterial where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDeleteImportedKeyMaterialResponse' smart constructor.+data DeleteImportedKeyMaterialResponse = DeleteImportedKeyMaterialResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DeleteImportedKeyMaterialResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newDeleteImportedKeyMaterialResponse ::+ DeleteImportedKeyMaterialResponse+newDeleteImportedKeyMaterialResponse =+ DeleteImportedKeyMaterialResponse'++instance+ Prelude.NFData+ DeleteImportedKeyMaterialResponse+ where+ rnf _ = ()
+ gen/Amazonka/KMS/DescribeCustomKeyStores.hs view
@@ -0,0 +1,383 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.DescribeCustomKeyStores+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Gets information about+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key stores>+-- in the account and Region.+--+-- This operation is part of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key stores>+-- feature in KMS, which combines the convenience and extensive integration+-- of KMS with the isolation and control of a key store that you own and+-- manage.+--+-- By default, this operation returns information about all custom key+-- stores in the account and Region. To get only information about a+-- particular custom key store, use either the @CustomKeyStoreName@ or+-- @CustomKeyStoreId@ parameter (but not both).+--+-- To determine whether the custom key store is connected to its CloudHSM+-- cluster or external key store proxy, use the @ConnectionState@ element+-- in the response. If an attempt to connect the custom key store failed,+-- the @ConnectionState@ value is @FAILED@ and the @ConnectionErrorCode@+-- element in the response indicates the cause of the failure. For help+-- interpreting the @ConnectionErrorCode@, see CustomKeyStoresListEntry.+--+-- Custom key stores have a @DISCONNECTED@ connection state if the key+-- store has never been connected or you used the DisconnectCustomKeyStore+-- operation to disconnect it. Otherwise, the connection state is+-- CONNECTED. If your custom key store connection state is @CONNECTED@ but+-- you are having trouble using it, verify that the backing store is active+-- and available. For an CloudHSM key store, verify that the associated+-- CloudHSM cluster is active and contains the minimum number of HSMs+-- required for the operation, if any. For an external key store, verify+-- that the external key store proxy and its associated external key+-- manager are reachable and enabled.+--+-- For help repairing your CloudHSM key store, see the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html Troubleshooting CloudHSM key stores>.+-- For help repairing your external key store, see the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/xks-troubleshooting.html Troubleshooting external key stores>.+-- Both topics are in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a custom+-- key store in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:DescribeCustomKeyStores>+-- (IAM policy)+--+-- __Related operations:__+--+-- - ConnectCustomKeyStore+--+-- - CreateCustomKeyStore+--+-- - DeleteCustomKeyStore+--+-- - DisconnectCustomKeyStore+--+-- - UpdateCustomKeyStore+--+-- This operation returns paginated results.+module Amazonka.KMS.DescribeCustomKeyStores+ ( -- * Creating a Request+ DescribeCustomKeyStores (..),+ newDescribeCustomKeyStores,++ -- * Request Lenses+ describeCustomKeyStores_customKeyStoreId,+ describeCustomKeyStores_customKeyStoreName,+ describeCustomKeyStores_limit,+ describeCustomKeyStores_marker,++ -- * Destructuring the Response+ DescribeCustomKeyStoresResponse (..),+ newDescribeCustomKeyStoresResponse,++ -- * Response Lenses+ describeCustomKeyStoresResponse_customKeyStores,+ describeCustomKeyStoresResponse_nextMarker,+ describeCustomKeyStoresResponse_truncated,+ describeCustomKeyStoresResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDescribeCustomKeyStores' smart constructor.+data DescribeCustomKeyStores = DescribeCustomKeyStores'+ { -- | Gets only information about the specified custom key store. Enter the+ -- key store ID.+ --+ -- By default, this operation gets information about all custom key stores+ -- in the account and Region. To limit the output to a particular custom+ -- key store, provide either the @CustomKeyStoreId@ or @CustomKeyStoreName@+ -- parameter, but not both.+ customKeyStoreId :: Prelude.Maybe Prelude.Text,+ -- | Gets only information about the specified custom key store. Enter the+ -- friendly name of the custom key store.+ --+ -- By default, this operation gets information about all custom key stores+ -- in the account and Region. To limit the output to a particular custom+ -- key store, provide either the @CustomKeyStoreId@ or @CustomKeyStoreName@+ -- parameter, but not both.+ customKeyStoreName :: Prelude.Maybe Prelude.Text,+ -- | Use this parameter to specify the maximum number of items to return.+ -- When this value is present, KMS does not return more than the specified+ -- number of items, but it might return fewer.+ limit :: Prelude.Maybe Prelude.Natural,+ -- | Use this parameter in a subsequent request after you receive a response+ -- with truncated results. Set it to the value of @NextMarker@ from the+ -- truncated response you just received.+ marker :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeCustomKeyStores' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'customKeyStoreId', 'describeCustomKeyStores_customKeyStoreId' - Gets only information about the specified custom key store. Enter the+-- key store ID.+--+-- By default, this operation gets information about all custom key stores+-- in the account and Region. To limit the output to a particular custom+-- key store, provide either the @CustomKeyStoreId@ or @CustomKeyStoreName@+-- parameter, but not both.+--+-- 'customKeyStoreName', 'describeCustomKeyStores_customKeyStoreName' - Gets only information about the specified custom key store. Enter the+-- friendly name of the custom key store.+--+-- By default, this operation gets information about all custom key stores+-- in the account and Region. To limit the output to a particular custom+-- key store, provide either the @CustomKeyStoreId@ or @CustomKeyStoreName@+-- parameter, but not both.+--+-- 'limit', 'describeCustomKeyStores_limit' - Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- 'marker', 'describeCustomKeyStores_marker' - Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+newDescribeCustomKeyStores ::+ DescribeCustomKeyStores+newDescribeCustomKeyStores =+ DescribeCustomKeyStores'+ { customKeyStoreId =+ Prelude.Nothing,+ customKeyStoreName = Prelude.Nothing,+ limit = Prelude.Nothing,+ marker = Prelude.Nothing+ }++-- | Gets only information about the specified custom key store. Enter the+-- key store ID.+--+-- By default, this operation gets information about all custom key stores+-- in the account and Region. To limit the output to a particular custom+-- key store, provide either the @CustomKeyStoreId@ or @CustomKeyStoreName@+-- parameter, but not both.+describeCustomKeyStores_customKeyStoreId :: Lens.Lens' DescribeCustomKeyStores (Prelude.Maybe Prelude.Text)+describeCustomKeyStores_customKeyStoreId = Lens.lens (\DescribeCustomKeyStores' {customKeyStoreId} -> customKeyStoreId) (\s@DescribeCustomKeyStores' {} a -> s {customKeyStoreId = a} :: DescribeCustomKeyStores)++-- | Gets only information about the specified custom key store. Enter the+-- friendly name of the custom key store.+--+-- By default, this operation gets information about all custom key stores+-- in the account and Region. To limit the output to a particular custom+-- key store, provide either the @CustomKeyStoreId@ or @CustomKeyStoreName@+-- parameter, but not both.+describeCustomKeyStores_customKeyStoreName :: Lens.Lens' DescribeCustomKeyStores (Prelude.Maybe Prelude.Text)+describeCustomKeyStores_customKeyStoreName = Lens.lens (\DescribeCustomKeyStores' {customKeyStoreName} -> customKeyStoreName) (\s@DescribeCustomKeyStores' {} a -> s {customKeyStoreName = a} :: DescribeCustomKeyStores)++-- | Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+describeCustomKeyStores_limit :: Lens.Lens' DescribeCustomKeyStores (Prelude.Maybe Prelude.Natural)+describeCustomKeyStores_limit = Lens.lens (\DescribeCustomKeyStores' {limit} -> limit) (\s@DescribeCustomKeyStores' {} a -> s {limit = a} :: DescribeCustomKeyStores)++-- | Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+describeCustomKeyStores_marker :: Lens.Lens' DescribeCustomKeyStores (Prelude.Maybe Prelude.Text)+describeCustomKeyStores_marker = Lens.lens (\DescribeCustomKeyStores' {marker} -> marker) (\s@DescribeCustomKeyStores' {} a -> s {marker = a} :: DescribeCustomKeyStores)++instance Core.AWSPager DescribeCustomKeyStores where+ page rq rs+ | Core.stop+ ( rs+ Lens.^? describeCustomKeyStoresResponse_truncated+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.isNothing+ ( rs+ Lens.^? describeCustomKeyStoresResponse_nextMarker+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.otherwise =+ Prelude.Just+ Prelude.$ rq+ Prelude.& describeCustomKeyStores_marker+ Lens..~ rs+ Lens.^? describeCustomKeyStoresResponse_nextMarker+ Prelude.. Lens._Just++instance Core.AWSRequest DescribeCustomKeyStores where+ type+ AWSResponse DescribeCustomKeyStores =+ DescribeCustomKeyStoresResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ DescribeCustomKeyStoresResponse'+ Prelude.<$> ( x+ Data..?> "CustomKeyStores"+ Core..!@ Prelude.mempty+ )+ Prelude.<*> (x Data..?> "NextMarker")+ Prelude.<*> (x Data..?> "Truncated")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable DescribeCustomKeyStores where+ hashWithSalt _salt DescribeCustomKeyStores' {..} =+ _salt+ `Prelude.hashWithSalt` customKeyStoreId+ `Prelude.hashWithSalt` customKeyStoreName+ `Prelude.hashWithSalt` limit+ `Prelude.hashWithSalt` marker++instance Prelude.NFData DescribeCustomKeyStores where+ rnf DescribeCustomKeyStores' {..} =+ Prelude.rnf customKeyStoreId+ `Prelude.seq` Prelude.rnf customKeyStoreName+ `Prelude.seq` Prelude.rnf limit+ `Prelude.seq` Prelude.rnf marker++instance Data.ToHeaders DescribeCustomKeyStores where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.DescribeCustomKeyStores" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON DescribeCustomKeyStores where+ toJSON DescribeCustomKeyStores' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("CustomKeyStoreId" Data..=)+ Prelude.<$> customKeyStoreId,+ ("CustomKeyStoreName" Data..=)+ Prelude.<$> customKeyStoreName,+ ("Limit" Data..=) Prelude.<$> limit,+ ("Marker" Data..=) Prelude.<$> marker+ ]+ )++instance Data.ToPath DescribeCustomKeyStores where+ toPath = Prelude.const "/"++instance Data.ToQuery DescribeCustomKeyStores where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDescribeCustomKeyStoresResponse' smart constructor.+data DescribeCustomKeyStoresResponse = DescribeCustomKeyStoresResponse'+ { -- | Contains metadata about each custom key store.+ customKeyStores :: Prelude.Maybe [CustomKeyStoresListEntry],+ -- | When @Truncated@ is true, this element is present and contains the value+ -- to use for the @Marker@ parameter in a subsequent request.+ nextMarker :: Prelude.Maybe Prelude.Text,+ -- | A flag that indicates whether there are more items in the list. When+ -- this value is true, the list in this response is truncated. To get more+ -- items, pass the value of the @NextMarker@ element in thisresponse to the+ -- @Marker@ parameter in a subsequent request.+ truncated :: Prelude.Maybe Prelude.Bool,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeCustomKeyStoresResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'customKeyStores', 'describeCustomKeyStoresResponse_customKeyStores' - Contains metadata about each custom key store.+--+-- 'nextMarker', 'describeCustomKeyStoresResponse_nextMarker' - When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+--+-- 'truncated', 'describeCustomKeyStoresResponse_truncated' - A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+--+-- 'httpStatus', 'describeCustomKeyStoresResponse_httpStatus' - The response's http status code.+newDescribeCustomKeyStoresResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ DescribeCustomKeyStoresResponse+newDescribeCustomKeyStoresResponse pHttpStatus_ =+ DescribeCustomKeyStoresResponse'+ { customKeyStores =+ Prelude.Nothing,+ nextMarker = Prelude.Nothing,+ truncated = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | Contains metadata about each custom key store.+describeCustomKeyStoresResponse_customKeyStores :: Lens.Lens' DescribeCustomKeyStoresResponse (Prelude.Maybe [CustomKeyStoresListEntry])+describeCustomKeyStoresResponse_customKeyStores = Lens.lens (\DescribeCustomKeyStoresResponse' {customKeyStores} -> customKeyStores) (\s@DescribeCustomKeyStoresResponse' {} a -> s {customKeyStores = a} :: DescribeCustomKeyStoresResponse) Prelude.. Lens.mapping Lens.coerced++-- | When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+describeCustomKeyStoresResponse_nextMarker :: Lens.Lens' DescribeCustomKeyStoresResponse (Prelude.Maybe Prelude.Text)+describeCustomKeyStoresResponse_nextMarker = Lens.lens (\DescribeCustomKeyStoresResponse' {nextMarker} -> nextMarker) (\s@DescribeCustomKeyStoresResponse' {} a -> s {nextMarker = a} :: DescribeCustomKeyStoresResponse)++-- | A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+describeCustomKeyStoresResponse_truncated :: Lens.Lens' DescribeCustomKeyStoresResponse (Prelude.Maybe Prelude.Bool)+describeCustomKeyStoresResponse_truncated = Lens.lens (\DescribeCustomKeyStoresResponse' {truncated} -> truncated) (\s@DescribeCustomKeyStoresResponse' {} a -> s {truncated = a} :: DescribeCustomKeyStoresResponse)++-- | The response's http status code.+describeCustomKeyStoresResponse_httpStatus :: Lens.Lens' DescribeCustomKeyStoresResponse Prelude.Int+describeCustomKeyStoresResponse_httpStatus = Lens.lens (\DescribeCustomKeyStoresResponse' {httpStatus} -> httpStatus) (\s@DescribeCustomKeyStoresResponse' {} a -> s {httpStatus = a} :: DescribeCustomKeyStoresResponse)++instance+ Prelude.NFData+ DescribeCustomKeyStoresResponse+ where+ rnf DescribeCustomKeyStoresResponse' {..} =+ Prelude.rnf customKeyStores+ `Prelude.seq` Prelude.rnf nextMarker+ `Prelude.seq` Prelude.rnf truncated+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/DescribeKey.hs view
@@ -0,0 +1,344 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.DescribeKey+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Provides detailed information about a KMS key. You can run @DescribeKey@+-- on a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>+-- or an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed key>.+--+-- This detailed information includes the key ARN, creation date (and+-- deletion date, if applicable), the key state, and the origin and+-- expiration date (if any) of the key material. It includes fields, like+-- @KeySpec@, that help you distinguish different types of KMS keys. It+-- also displays the key usage (encryption, signing, or generating and+-- verifying MACs) and the algorithms that the KMS key supports.+--+-- For+-- <kms/latest/developerguide/multi-region-keys-overview.html multi-Region keys>,+-- @DescribeKey@ displays the primary key and all related replica keys. For+-- KMS keys in+-- <kms/latest/developerguide/keystore-cloudhsm.html CloudHSM key stores>,+-- it includes information about the key store, such as the key store ID+-- and the CloudHSM cluster ID. For KMS keys in+-- <kms/latest/developerguide/keystore-external.html external key stores>,+-- it includes the custom key store ID and the ID of the external key.+--+-- @DescribeKey@ does not return the following information:+--+-- - Aliases associated with the KMS key. To get this information, use+-- ListAliases.+--+-- - Whether automatic key rotation is enabled on the KMS key. To get+-- this information, use GetKeyRotationStatus. Also, some key states+-- prevent a KMS key from being automatically rotated. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-how-it-works How Automatic Key Rotation Works>+-- in the /Key Management Service Developer Guide/.+--+-- - Tags on the KMS key. To get this information, use ListResourceTags.+--+-- - Key policies and grants on the KMS key. To get this information, use+-- GetKeyPolicy and ListGrants.+--+-- In general, @DescribeKey@ is a non-mutating operation. It returns data+-- about KMS keys, but doesn\'t change them. However, Amazon Web Services+-- services use @DescribeKey@ to create+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed keys>+-- from a /predefined Amazon Web Services alias/ with no key ID.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:DescribeKey>+-- (key policy)+--+-- __Related operations:__+--+-- - GetKeyPolicy+--+-- - GetKeyRotationStatus+--+-- - ListAliases+--+-- - ListGrants+--+-- - ListKeys+--+-- - ListResourceTags+--+-- - ListRetirableGrants+module Amazonka.KMS.DescribeKey+ ( -- * Creating a Request+ DescribeKey (..),+ newDescribeKey,++ -- * Request Lenses+ describeKey_grantTokens,+ describeKey_keyId,++ -- * Destructuring the Response+ DescribeKeyResponse (..),+ newDescribeKeyResponse,++ -- * Response Lenses+ describeKeyResponse_keyMetadata,+ describeKeyResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDescribeKey' smart constructor.+data DescribeKey = DescribeKey'+ { -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Describes the specified KMS key.+ --+ -- If you specify a predefined Amazon Web Services alias (an Amazon Web+ -- Services alias with no key ID), KMS associates the alias with an+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html##aws-managed-cmk Amazon Web Services managed key>+ -- and returns its @KeyId@ and @Arn@ in the response.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeKey' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grantTokens', 'describeKey_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyId', 'describeKey_keyId' - Describes the specified KMS key.+--+-- If you specify a predefined Amazon Web Services alias (an Amazon Web+-- Services alias with no key ID), KMS associates the alias with an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html##aws-managed-cmk Amazon Web Services managed key>+-- and returns its @KeyId@ and @Arn@ in the response.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+newDescribeKey ::+ -- | 'keyId'+ Prelude.Text ->+ DescribeKey+newDescribeKey pKeyId_ =+ DescribeKey'+ { grantTokens = Prelude.Nothing,+ keyId = pKeyId_+ }++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+describeKey_grantTokens :: Lens.Lens' DescribeKey (Prelude.Maybe [Prelude.Text])+describeKey_grantTokens = Lens.lens (\DescribeKey' {grantTokens} -> grantTokens) (\s@DescribeKey' {} a -> s {grantTokens = a} :: DescribeKey) Prelude.. Lens.mapping Lens.coerced++-- | Describes the specified KMS key.+--+-- If you specify a predefined Amazon Web Services alias (an Amazon Web+-- Services alias with no key ID), KMS associates the alias with an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html##aws-managed-cmk Amazon Web Services managed key>+-- and returns its @KeyId@ and @Arn@ in the response.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+describeKey_keyId :: Lens.Lens' DescribeKey Prelude.Text+describeKey_keyId = Lens.lens (\DescribeKey' {keyId} -> keyId) (\s@DescribeKey' {} a -> s {keyId = a} :: DescribeKey)++instance Core.AWSRequest DescribeKey where+ type AWSResponse DescribeKey = DescribeKeyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ DescribeKeyResponse'+ Prelude.<$> (x Data..?> "KeyMetadata")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable DescribeKey where+ hashWithSalt _salt DescribeKey' {..} =+ _salt+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData DescribeKey where+ rnf DescribeKey' {..} =+ Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf keyId++instance Data.ToHeaders DescribeKey where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.DescribeKey" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON DescribeKey where+ toJSON DescribeKey' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ Prelude.Just ("KeyId" Data..= keyId)+ ]+ )++instance Data.ToPath DescribeKey where+ toPath = Prelude.const "/"++instance Data.ToQuery DescribeKey where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDescribeKeyResponse' smart constructor.+data DescribeKeyResponse = DescribeKeyResponse'+ { -- | Metadata associated with the key.+ keyMetadata :: Prelude.Maybe KeyMetadata,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DescribeKeyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyMetadata', 'describeKeyResponse_keyMetadata' - Metadata associated with the key.+--+-- 'httpStatus', 'describeKeyResponse_httpStatus' - The response's http status code.+newDescribeKeyResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ DescribeKeyResponse+newDescribeKeyResponse pHttpStatus_ =+ DescribeKeyResponse'+ { keyMetadata = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | Metadata associated with the key.+describeKeyResponse_keyMetadata :: Lens.Lens' DescribeKeyResponse (Prelude.Maybe KeyMetadata)+describeKeyResponse_keyMetadata = Lens.lens (\DescribeKeyResponse' {keyMetadata} -> keyMetadata) (\s@DescribeKeyResponse' {} a -> s {keyMetadata = a} :: DescribeKeyResponse)++-- | The response's http status code.+describeKeyResponse_httpStatus :: Lens.Lens' DescribeKeyResponse Prelude.Int+describeKeyResponse_httpStatus = Lens.lens (\DescribeKeyResponse' {httpStatus} -> httpStatus) (\s@DescribeKeyResponse' {} a -> s {httpStatus = a} :: DescribeKeyResponse)++instance Prelude.NFData DescribeKeyResponse where+ rnf DescribeKeyResponse' {..} =+ Prelude.rnf keyMetadata+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/DisableKey.hs view
@@ -0,0 +1,183 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.DisableKey+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Sets the state of a KMS key to disabled. This change temporarily+-- prevents use of the KMS key for+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>.+--+-- For more information about how key state affects the use of a KMS key,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the //Key Management Service Developer Guide// .+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:DisableKey>+-- (key policy)+--+-- __Related operations__: EnableKey+module Amazonka.KMS.DisableKey+ ( -- * Creating a Request+ DisableKey (..),+ newDisableKey,++ -- * Request Lenses+ disableKey_keyId,++ -- * Destructuring the Response+ DisableKeyResponse (..),+ newDisableKeyResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDisableKey' smart constructor.+data DisableKey = DisableKey'+ { -- | Identifies the KMS key to disable.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DisableKey' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'disableKey_keyId' - Identifies the KMS key to disable.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newDisableKey ::+ -- | 'keyId'+ Prelude.Text ->+ DisableKey+newDisableKey pKeyId_ = DisableKey' {keyId = pKeyId_}++-- | Identifies the KMS key to disable.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+disableKey_keyId :: Lens.Lens' DisableKey Prelude.Text+disableKey_keyId = Lens.lens (\DisableKey' {keyId} -> keyId) (\s@DisableKey' {} a -> s {keyId = a} :: DisableKey)++instance Core.AWSRequest DisableKey where+ type AWSResponse DisableKey = DisableKeyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response = Response.receiveNull DisableKeyResponse'++instance Prelude.Hashable DisableKey where+ hashWithSalt _salt DisableKey' {..} =+ _salt `Prelude.hashWithSalt` keyId++instance Prelude.NFData DisableKey where+ rnf DisableKey' {..} = Prelude.rnf keyId++instance Data.ToHeaders DisableKey where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.DisableKey" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON DisableKey where+ toJSON DisableKey' {..} =+ Data.object+ ( Prelude.catMaybes+ [Prelude.Just ("KeyId" Data..= keyId)]+ )++instance Data.ToPath DisableKey where+ toPath = Prelude.const "/"++instance Data.ToQuery DisableKey where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDisableKeyResponse' smart constructor.+data DisableKeyResponse = DisableKeyResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DisableKeyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newDisableKeyResponse ::+ DisableKeyResponse+newDisableKeyResponse = DisableKeyResponse'++instance Prelude.NFData DisableKeyResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/DisableKeyRotation.hs view
@@ -0,0 +1,236 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.DisableKeyRotation+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Disables+-- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html automatic rotation of the key material>+-- of the specified symmetric encryption KMS key.+--+-- Automatic key rotation is supported only on symmetric encryption KMS+-- keys. You cannot enable automatic rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html asymmetric KMS keys>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,+-- KMS keys with+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,+-- or KMS keys in a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+-- To enable or disable automatic rotation of a set of related+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate multi-Region keys>,+-- set the property on the primary key.+--+-- You can enable (EnableKeyRotation) and disable automatic rotation of the+-- key material in+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed KMS keys>.+-- Key material rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed KMS keys>+-- is not configurable. KMS always rotates the key material for every year.+-- Rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk Amazon Web Services owned KMS keys>+-- varies.+--+-- In May 2022, KMS changed the rotation schedule for Amazon Web Services+-- managed keys from every three years to every year. For details, see+-- EnableKeyRotation.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:DisableKeyRotation>+-- (key policy)+--+-- __Related operations:__+--+-- - EnableKeyRotation+--+-- - GetKeyRotationStatus+module Amazonka.KMS.DisableKeyRotation+ ( -- * Creating a Request+ DisableKeyRotation (..),+ newDisableKeyRotation,++ -- * Request Lenses+ disableKeyRotation_keyId,++ -- * Destructuring the Response+ DisableKeyRotationResponse (..),+ newDisableKeyRotationResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDisableKeyRotation' smart constructor.+data DisableKeyRotation = DisableKeyRotation'+ { -- | Identifies a symmetric encryption KMS key. You cannot enable or disable+ -- automatic rotation of+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks asymmetric KMS keys>,+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,+ -- KMS keys with+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,+ -- or KMS keys in a+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DisableKeyRotation' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'disableKeyRotation_keyId' - Identifies a symmetric encryption KMS key. You cannot enable or disable+-- automatic rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks asymmetric KMS keys>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,+-- KMS keys with+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,+-- or KMS keys in a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newDisableKeyRotation ::+ -- | 'keyId'+ Prelude.Text ->+ DisableKeyRotation+newDisableKeyRotation pKeyId_ =+ DisableKeyRotation' {keyId = pKeyId_}++-- | Identifies a symmetric encryption KMS key. You cannot enable or disable+-- automatic rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html#asymmetric-cmks asymmetric KMS keys>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,+-- KMS keys with+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,+-- or KMS keys in a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+disableKeyRotation_keyId :: Lens.Lens' DisableKeyRotation Prelude.Text+disableKeyRotation_keyId = Lens.lens (\DisableKeyRotation' {keyId} -> keyId) (\s@DisableKeyRotation' {} a -> s {keyId = a} :: DisableKeyRotation)++instance Core.AWSRequest DisableKeyRotation where+ type+ AWSResponse DisableKeyRotation =+ DisableKeyRotationResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveNull DisableKeyRotationResponse'++instance Prelude.Hashable DisableKeyRotation where+ hashWithSalt _salt DisableKeyRotation' {..} =+ _salt `Prelude.hashWithSalt` keyId++instance Prelude.NFData DisableKeyRotation where+ rnf DisableKeyRotation' {..} = Prelude.rnf keyId++instance Data.ToHeaders DisableKeyRotation where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.DisableKeyRotation" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON DisableKeyRotation where+ toJSON DisableKeyRotation' {..} =+ Data.object+ ( Prelude.catMaybes+ [Prelude.Just ("KeyId" Data..= keyId)]+ )++instance Data.ToPath DisableKeyRotation where+ toPath = Prelude.const "/"++instance Data.ToQuery DisableKeyRotation where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDisableKeyRotationResponse' smart constructor.+data DisableKeyRotationResponse = DisableKeyRotationResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DisableKeyRotationResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newDisableKeyRotationResponse ::+ DisableKeyRotationResponse+newDisableKeyRotationResponse =+ DisableKeyRotationResponse'++instance Prelude.NFData DisableKeyRotationResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/DisconnectCustomKeyStore.hs view
@@ -0,0 +1,215 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.DisconnectCustomKeyStore+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Disconnects the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>+-- from its backing key store. This operation disconnects an CloudHSM key+-- store from its associated CloudHSM cluster or disconnects an external+-- key store from the external key store proxy that communicates with your+-- external key manager.+--+-- This operation is part of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key stores>+-- feature in KMS, which combines the convenience and extensive integration+-- of KMS with the isolation and control of a key store that you own and+-- manage.+--+-- While a custom key store is disconnected, you can manage the custom key+-- store and its KMS keys, but you cannot create or use its KMS keys. You+-- can reconnect the custom key store at any time.+--+-- While a custom key store is disconnected, all attempts to create KMS+-- keys in the custom key store or to use existing KMS keys in+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- will fail. This action can prevent users from storing and accessing+-- sensitive data.+--+-- When you disconnect a custom key store, its @ConnectionState@ changes to+-- @Disconnected@. To find the connection state of a custom key store, use+-- the DescribeCustomKeyStores operation. To reconnect a custom key store,+-- use the ConnectCustomKeyStore operation.+--+-- If the operation succeeds, it returns a JSON object with no properties.+--+-- __Cross-account use__: No. You cannot perform this operation on a custom+-- key store in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:DisconnectCustomKeyStore>+-- (IAM policy)+--+-- __Related operations:__+--+-- - ConnectCustomKeyStore+--+-- - CreateCustomKeyStore+--+-- - DeleteCustomKeyStore+--+-- - DescribeCustomKeyStores+--+-- - UpdateCustomKeyStore+module Amazonka.KMS.DisconnectCustomKeyStore+ ( -- * Creating a Request+ DisconnectCustomKeyStore (..),+ newDisconnectCustomKeyStore,++ -- * Request Lenses+ disconnectCustomKeyStore_customKeyStoreId,++ -- * Destructuring the Response+ DisconnectCustomKeyStoreResponse (..),+ newDisconnectCustomKeyStoreResponse,++ -- * Response Lenses+ disconnectCustomKeyStoreResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newDisconnectCustomKeyStore' smart constructor.+data DisconnectCustomKeyStore = DisconnectCustomKeyStore'+ { -- | Enter the ID of the custom key store you want to disconnect. To find the+ -- ID of a custom key store, use the DescribeCustomKeyStores operation.+ customKeyStoreId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DisconnectCustomKeyStore' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'customKeyStoreId', 'disconnectCustomKeyStore_customKeyStoreId' - Enter the ID of the custom key store you want to disconnect. To find the+-- ID of a custom key store, use the DescribeCustomKeyStores operation.+newDisconnectCustomKeyStore ::+ -- | 'customKeyStoreId'+ Prelude.Text ->+ DisconnectCustomKeyStore+newDisconnectCustomKeyStore pCustomKeyStoreId_ =+ DisconnectCustomKeyStore'+ { customKeyStoreId =+ pCustomKeyStoreId_+ }++-- | Enter the ID of the custom key store you want to disconnect. To find the+-- ID of a custom key store, use the DescribeCustomKeyStores operation.+disconnectCustomKeyStore_customKeyStoreId :: Lens.Lens' DisconnectCustomKeyStore Prelude.Text+disconnectCustomKeyStore_customKeyStoreId = Lens.lens (\DisconnectCustomKeyStore' {customKeyStoreId} -> customKeyStoreId) (\s@DisconnectCustomKeyStore' {} a -> s {customKeyStoreId = a} :: DisconnectCustomKeyStore)++instance Core.AWSRequest DisconnectCustomKeyStore where+ type+ AWSResponse DisconnectCustomKeyStore =+ DisconnectCustomKeyStoreResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveEmpty+ ( \s h x ->+ DisconnectCustomKeyStoreResponse'+ Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable DisconnectCustomKeyStore where+ hashWithSalt _salt DisconnectCustomKeyStore' {..} =+ _salt `Prelude.hashWithSalt` customKeyStoreId++instance Prelude.NFData DisconnectCustomKeyStore where+ rnf DisconnectCustomKeyStore' {..} =+ Prelude.rnf customKeyStoreId++instance Data.ToHeaders DisconnectCustomKeyStore where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.DisconnectCustomKeyStore" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON DisconnectCustomKeyStore where+ toJSON DisconnectCustomKeyStore' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just+ ("CustomKeyStoreId" Data..= customKeyStoreId)+ ]+ )++instance Data.ToPath DisconnectCustomKeyStore where+ toPath = Prelude.const "/"++instance Data.ToQuery DisconnectCustomKeyStore where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newDisconnectCustomKeyStoreResponse' smart constructor.+data DisconnectCustomKeyStoreResponse = DisconnectCustomKeyStoreResponse'+ { -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'DisconnectCustomKeyStoreResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'disconnectCustomKeyStoreResponse_httpStatus' - The response's http status code.+newDisconnectCustomKeyStoreResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ DisconnectCustomKeyStoreResponse+newDisconnectCustomKeyStoreResponse pHttpStatus_ =+ DisconnectCustomKeyStoreResponse'+ { httpStatus =+ pHttpStatus_+ }++-- | The response's http status code.+disconnectCustomKeyStoreResponse_httpStatus :: Lens.Lens' DisconnectCustomKeyStoreResponse Prelude.Int+disconnectCustomKeyStoreResponse_httpStatus = Lens.lens (\DisconnectCustomKeyStoreResponse' {httpStatus} -> httpStatus) (\s@DisconnectCustomKeyStoreResponse' {} a -> s {httpStatus = a} :: DisconnectCustomKeyStoreResponse)++instance+ Prelude.NFData+ DisconnectCustomKeyStoreResponse+ where+ rnf DisconnectCustomKeyStoreResponse' {..} =+ Prelude.rnf httpStatus
+ gen/Amazonka/KMS/EnableKey.hs view
@@ -0,0 +1,178 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.EnableKey+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Sets the key state of a KMS key to enabled. This allows you to use the+-- KMS key for+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:EnableKey>+-- (key policy)+--+-- __Related operations__: DisableKey+module Amazonka.KMS.EnableKey+ ( -- * Creating a Request+ EnableKey (..),+ newEnableKey,++ -- * Request Lenses+ enableKey_keyId,++ -- * Destructuring the Response+ EnableKeyResponse (..),+ newEnableKeyResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newEnableKey' smart constructor.+data EnableKey = EnableKey'+ { -- | Identifies the KMS key to enable.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'EnableKey' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'enableKey_keyId' - Identifies the KMS key to enable.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newEnableKey ::+ -- | 'keyId'+ Prelude.Text ->+ EnableKey+newEnableKey pKeyId_ = EnableKey' {keyId = pKeyId_}++-- | Identifies the KMS key to enable.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+enableKey_keyId :: Lens.Lens' EnableKey Prelude.Text+enableKey_keyId = Lens.lens (\EnableKey' {keyId} -> keyId) (\s@EnableKey' {} a -> s {keyId = a} :: EnableKey)++instance Core.AWSRequest EnableKey where+ type AWSResponse EnableKey = EnableKeyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response = Response.receiveNull EnableKeyResponse'++instance Prelude.Hashable EnableKey where+ hashWithSalt _salt EnableKey' {..} =+ _salt `Prelude.hashWithSalt` keyId++instance Prelude.NFData EnableKey where+ rnf EnableKey' {..} = Prelude.rnf keyId++instance Data.ToHeaders EnableKey where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.EnableKey" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON EnableKey where+ toJSON EnableKey' {..} =+ Data.object+ ( Prelude.catMaybes+ [Prelude.Just ("KeyId" Data..= keyId)]+ )++instance Data.ToPath EnableKey where+ toPath = Prelude.const "/"++instance Data.ToQuery EnableKey where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newEnableKeyResponse' smart constructor.+data EnableKeyResponse = EnableKeyResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'EnableKeyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newEnableKeyResponse ::+ EnableKeyResponse+newEnableKeyResponse = EnableKeyResponse'++instance Prelude.NFData EnableKeyResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/EnableKeyRotation.hs view
@@ -0,0 +1,257 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.EnableKeyRotation+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Enables+-- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html automatic rotation of the key material>+-- of the specified symmetric encryption KMS key.+--+-- When you enable automatic rotation of+-- a<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed KMS key>,+-- KMS rotates the key material of the KMS key one year (approximately 365+-- days) from the enable date and every year thereafter. You can monitor+-- rotation of the key material for your KMS keys in CloudTrail and Amazon+-- CloudWatch. To disable rotation of the key material in a customer+-- managed KMS key, use the DisableKeyRotation operation.+--+-- Automatic key rotation is supported only on+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks symmetric encryption KMS keys>.+-- You cannot enable automatic rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html asymmetric KMS keys>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,+-- KMS keys with+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,+-- or KMS keys in a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+-- To enable or disable automatic rotation of a set of related+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate multi-Region keys>,+-- set the property on the primary key.+--+-- You cannot enable or disable automatic rotation+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed KMS keys>.+-- KMS always rotates the key material of Amazon Web Services managed keys+-- every year. Rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk Amazon Web Services owned KMS keys>+-- varies.+--+-- In May 2022, KMS changed the rotation schedule for Amazon Web Services+-- managed keys from every three years (approximately 1,095 days) to every+-- year (approximately 365 days).+--+-- New Amazon Web Services managed keys are automatically rotated one year+-- after they are created, and approximately every year thereafter.+--+-- Existing Amazon Web Services managed keys are automatically rotated one+-- year after their most recent rotation, and every year thereafter.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:EnableKeyRotation>+-- (key policy)+--+-- __Related operations:__+--+-- - DisableKeyRotation+--+-- - GetKeyRotationStatus+module Amazonka.KMS.EnableKeyRotation+ ( -- * Creating a Request+ EnableKeyRotation (..),+ newEnableKeyRotation,++ -- * Request Lenses+ enableKeyRotation_keyId,++ -- * Destructuring the Response+ EnableKeyRotationResponse (..),+ newEnableKeyRotationResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newEnableKeyRotation' smart constructor.+data EnableKeyRotation = EnableKeyRotation'+ { -- | Identifies a symmetric encryption KMS key. You cannot enable automatic+ -- rotation of+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html asymmetric KMS keys>,+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,+ -- KMS keys with+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,+ -- or KMS keys in a+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+ -- To enable or disable automatic rotation of a set of related+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate multi-Region keys>,+ -- set the property on the primary key.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'EnableKeyRotation' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'enableKeyRotation_keyId' - Identifies a symmetric encryption KMS key. You cannot enable automatic+-- rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html asymmetric KMS keys>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,+-- KMS keys with+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,+-- or KMS keys in a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+-- To enable or disable automatic rotation of a set of related+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate multi-Region keys>,+-- set the property on the primary key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newEnableKeyRotation ::+ -- | 'keyId'+ Prelude.Text ->+ EnableKeyRotation+newEnableKeyRotation pKeyId_ =+ EnableKeyRotation' {keyId = pKeyId_}++-- | Identifies a symmetric encryption KMS key. You cannot enable automatic+-- rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html asymmetric KMS keys>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,+-- KMS keys with+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,+-- or KMS keys in a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+-- To enable or disable automatic rotation of a set of related+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate multi-Region keys>,+-- set the property on the primary key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+enableKeyRotation_keyId :: Lens.Lens' EnableKeyRotation Prelude.Text+enableKeyRotation_keyId = Lens.lens (\EnableKeyRotation' {keyId} -> keyId) (\s@EnableKeyRotation' {} a -> s {keyId = a} :: EnableKeyRotation)++instance Core.AWSRequest EnableKeyRotation where+ type+ AWSResponse EnableKeyRotation =+ EnableKeyRotationResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveNull EnableKeyRotationResponse'++instance Prelude.Hashable EnableKeyRotation where+ hashWithSalt _salt EnableKeyRotation' {..} =+ _salt `Prelude.hashWithSalt` keyId++instance Prelude.NFData EnableKeyRotation where+ rnf EnableKeyRotation' {..} = Prelude.rnf keyId++instance Data.ToHeaders EnableKeyRotation where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.EnableKeyRotation" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON EnableKeyRotation where+ toJSON EnableKeyRotation' {..} =+ Data.object+ ( Prelude.catMaybes+ [Prelude.Just ("KeyId" Data..= keyId)]+ )++instance Data.ToPath EnableKeyRotation where+ toPath = Prelude.const "/"++instance Data.ToQuery EnableKeyRotation where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newEnableKeyRotationResponse' smart constructor.+data EnableKeyRotationResponse = EnableKeyRotationResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'EnableKeyRotationResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newEnableKeyRotationResponse ::+ EnableKeyRotationResponse+newEnableKeyRotationResponse =+ EnableKeyRotationResponse'++instance Prelude.NFData EnableKeyRotationResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/Encrypt.hs view
@@ -0,0 +1,524 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Encrypt+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Encrypts plaintext of up to 4,096 bytes using a KMS key. You can use a+-- symmetric or asymmetric KMS key with a @KeyUsage@ of @ENCRYPT_DECRYPT@.+--+-- You can use this operation to encrypt small amounts of arbitrary data,+-- such as a personal identifier or database password, or other sensitive+-- information. You don\'t need to use the @Encrypt@ operation to encrypt a+-- data key. The GenerateDataKey and GenerateDataKeyPair operations return+-- a plaintext data key and an encrypted copy of that data key.+--+-- If you use a symmetric encryption KMS key, you can use an encryption+-- context to add additional security to your encryption operation. If you+-- specify an @EncryptionContext@ when encrypting data, you must specify+-- the same encryption context (a case-sensitive exact match) when+-- decrypting the data. Otherwise, the request to decrypt fails with an+-- @InvalidCiphertextException@. For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>+-- in the /Key Management Service Developer Guide/.+--+-- If you specify an asymmetric KMS key, you must also specify the+-- encryption algorithm. The algorithm must be compatible with the KMS key+-- spec.+--+-- When you use an asymmetric KMS key to encrypt or reencrypt data, be sure+-- to record the KMS key and encryption algorithm that you choose. You will+-- be required to provide the same KMS key and encryption algorithm when+-- you decrypt the data. If the KMS key and algorithm do not match the+-- values used to encrypt the data, the decrypt operation fails.+--+-- You are not required to supply the key ID and encryption algorithm when+-- you decrypt with symmetric encryption KMS keys because KMS stores this+-- information in the ciphertext blob. KMS cannot store metadata in+-- ciphertext generated with asymmetric keys. The standard format for+-- asymmetric key ciphertext does not include configurable fields.+--+-- The maximum size of the data that you can encrypt varies with the type+-- of KMS key and the encryption algorithm that you choose.+--+-- - Symmetric encryption KMS keys+--+-- - @SYMMETRIC_DEFAULT@: 4096 bytes+--+-- - @RSA_2048@+--+-- - @RSAES_OAEP_SHA_1@: 214 bytes+--+-- - @RSAES_OAEP_SHA_256@: 190 bytes+--+-- - @RSA_3072@+--+-- - @RSAES_OAEP_SHA_1@: 342 bytes+--+-- - @RSAES_OAEP_SHA_256@: 318 bytes+--+-- - @RSA_4096@+--+-- - @RSAES_OAEP_SHA_1@: 470 bytes+--+-- - @RSAES_OAEP_SHA_256@: 446 bytes+--+-- - @SM2PKE@: 1024 bytes (China Regions only)+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:Encrypt>+-- (key policy)+--+-- __Related operations:__+--+-- - Decrypt+--+-- - GenerateDataKey+--+-- - GenerateDataKeyPair+module Amazonka.KMS.Encrypt+ ( -- * Creating a Request+ Encrypt (..),+ newEncrypt,++ -- * Request Lenses+ encrypt_encryptionAlgorithm,+ encrypt_encryptionContext,+ encrypt_grantTokens,+ encrypt_keyId,+ encrypt_plaintext,++ -- * Destructuring the Response+ EncryptResponse (..),+ newEncryptResponse,++ -- * Response Lenses+ encryptResponse_ciphertextBlob,+ encryptResponse_encryptionAlgorithm,+ encryptResponse_keyId,+ encryptResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newEncrypt' smart constructor.+data Encrypt = Encrypt'+ { -- | Specifies the encryption algorithm that KMS will use to encrypt the+ -- plaintext message. The algorithm must be compatible with the KMS key+ -- that you specify.+ --+ -- This parameter is required only for asymmetric KMS keys. The default+ -- value, @SYMMETRIC_DEFAULT@, is the algorithm used for symmetric+ -- encryption KMS keys. If you are using an asymmetric KMS key, we+ -- recommend RSAES_OAEP_SHA_256.+ --+ -- The SM2PKE algorithm is only available in China Regions.+ encryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,+ -- | Specifies the encryption context that will be used to encrypt the data.+ -- An encryption context is valid only for+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+ -- with a symmetric encryption KMS key. The standard asymmetric encryption+ -- algorithms and HMAC algorithms that KMS uses do not support an+ -- encryption context.+ --+ -- An /encryption context/ is a collection of non-secret key-value pairs+ -- that represent additional authenticated data. When you use an encryption+ -- context to encrypt data, you must specify the same (an exact+ -- case-sensitive match) encryption context to decrypt the data. An+ -- encryption context is supported only on operations with symmetric+ -- encryption KMS keys. On operations with symmetric encryption KMS keys,+ -- an encryption context is optional, but it is strongly recommended.+ --+ -- For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+ -- in the /Key Management Service Developer Guide/.+ encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),+ -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Identifies the KMS key to use in the encryption operation. The KMS key+ -- must have a @KeyUsage@ of @ENCRYPT_DECRYPT@. To find the @KeyUsage@ of a+ -- KMS key, use the DescribeKey operation.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Text,+ -- | Data to be encrypted.+ plaintext :: Data.Sensitive Data.Base64+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Encrypt' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionAlgorithm', 'encrypt_encryptionAlgorithm' - Specifies the encryption algorithm that KMS will use to encrypt the+-- plaintext message. The algorithm must be compatible with the KMS key+-- that you specify.+--+-- This parameter is required only for asymmetric KMS keys. The default+-- value, @SYMMETRIC_DEFAULT@, is the algorithm used for symmetric+-- encryption KMS keys. If you are using an asymmetric KMS key, we+-- recommend RSAES_OAEP_SHA_256.+--+-- The SM2PKE algorithm is only available in China Regions.+--+-- 'encryptionContext', 'encrypt_encryptionContext' - Specifies the encryption context that will be used to encrypt the data.+-- An encryption context is valid only for+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- with a symmetric encryption KMS key. The standard asymmetric encryption+-- algorithms and HMAC algorithms that KMS uses do not support an+-- encryption context.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+--+-- 'grantTokens', 'encrypt_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyId', 'encrypt_keyId' - Identifies the KMS key to use in the encryption operation. The KMS key+-- must have a @KeyUsage@ of @ENCRYPT_DECRYPT@. To find the @KeyUsage@ of a+-- KMS key, use the DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+--+-- 'plaintext', 'encrypt_plaintext' - Data to be encrypted.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+newEncrypt ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'plaintext'+ Prelude.ByteString ->+ Encrypt+newEncrypt pKeyId_ pPlaintext_ =+ Encrypt'+ { encryptionAlgorithm = Prelude.Nothing,+ encryptionContext = Prelude.Nothing,+ grantTokens = Prelude.Nothing,+ keyId = pKeyId_,+ plaintext =+ Data._Sensitive+ Prelude.. Data._Base64+ Lens.# pPlaintext_+ }++-- | Specifies the encryption algorithm that KMS will use to encrypt the+-- plaintext message. The algorithm must be compatible with the KMS key+-- that you specify.+--+-- This parameter is required only for asymmetric KMS keys. The default+-- value, @SYMMETRIC_DEFAULT@, is the algorithm used for symmetric+-- encryption KMS keys. If you are using an asymmetric KMS key, we+-- recommend RSAES_OAEP_SHA_256.+--+-- The SM2PKE algorithm is only available in China Regions.+encrypt_encryptionAlgorithm :: Lens.Lens' Encrypt (Prelude.Maybe EncryptionAlgorithmSpec)+encrypt_encryptionAlgorithm = Lens.lens (\Encrypt' {encryptionAlgorithm} -> encryptionAlgorithm) (\s@Encrypt' {} a -> s {encryptionAlgorithm = a} :: Encrypt)++-- | Specifies the encryption context that will be used to encrypt the data.+-- An encryption context is valid only for+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- with a symmetric encryption KMS key. The standard asymmetric encryption+-- algorithms and HMAC algorithms that KMS uses do not support an+-- encryption context.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+encrypt_encryptionContext :: Lens.Lens' Encrypt (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+encrypt_encryptionContext = Lens.lens (\Encrypt' {encryptionContext} -> encryptionContext) (\s@Encrypt' {} a -> s {encryptionContext = a} :: Encrypt) Prelude.. Lens.mapping Lens.coerced++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+encrypt_grantTokens :: Lens.Lens' Encrypt (Prelude.Maybe [Prelude.Text])+encrypt_grantTokens = Lens.lens (\Encrypt' {grantTokens} -> grantTokens) (\s@Encrypt' {} a -> s {grantTokens = a} :: Encrypt) Prelude.. Lens.mapping Lens.coerced++-- | Identifies the KMS key to use in the encryption operation. The KMS key+-- must have a @KeyUsage@ of @ENCRYPT_DECRYPT@. To find the @KeyUsage@ of a+-- KMS key, use the DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+encrypt_keyId :: Lens.Lens' Encrypt Prelude.Text+encrypt_keyId = Lens.lens (\Encrypt' {keyId} -> keyId) (\s@Encrypt' {} a -> s {keyId = a} :: Encrypt)++-- | Data to be encrypted.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+encrypt_plaintext :: Lens.Lens' Encrypt Prelude.ByteString+encrypt_plaintext = Lens.lens (\Encrypt' {plaintext} -> plaintext) (\s@Encrypt' {} a -> s {plaintext = a} :: Encrypt) Prelude.. Data._Sensitive Prelude.. Data._Base64++instance Core.AWSRequest Encrypt where+ type AWSResponse Encrypt = EncryptResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ EncryptResponse'+ Prelude.<$> (x Data..?> "CiphertextBlob")+ Prelude.<*> (x Data..?> "EncryptionAlgorithm")+ Prelude.<*> (x Data..?> "KeyId")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable Encrypt where+ hashWithSalt _salt Encrypt' {..} =+ _salt+ `Prelude.hashWithSalt` encryptionAlgorithm+ `Prelude.hashWithSalt` encryptionContext+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` plaintext++instance Prelude.NFData Encrypt where+ rnf Encrypt' {..} =+ Prelude.rnf encryptionAlgorithm+ `Prelude.seq` Prelude.rnf encryptionContext+ `Prelude.seq` Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf plaintext++instance Data.ToHeaders Encrypt where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.Encrypt" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON Encrypt where+ toJSON Encrypt' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("EncryptionAlgorithm" Data..=)+ Prelude.<$> encryptionAlgorithm,+ ("EncryptionContext" Data..=)+ Prelude.<$> encryptionContext,+ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("Plaintext" Data..= plaintext)+ ]+ )++instance Data.ToPath Encrypt where+ toPath = Prelude.const "/"++instance Data.ToQuery Encrypt where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newEncryptResponse' smart constructor.+data EncryptResponse = EncryptResponse'+ { -- | The encrypted plaintext. When you use the HTTP API or the Amazon Web+ -- Services CLI, the value is Base64-encoded. Otherwise, it is not+ -- Base64-encoded.+ ciphertextBlob :: Prelude.Maybe Data.Base64,+ -- | The encryption algorithm that was used to encrypt the plaintext.+ encryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,+ -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key that was used to encrypt the plaintext.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'EncryptResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ciphertextBlob', 'encryptResponse_ciphertextBlob' - The encrypted plaintext. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'encryptionAlgorithm', 'encryptResponse_encryptionAlgorithm' - The encryption algorithm that was used to encrypt the plaintext.+--+-- 'keyId', 'encryptResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that was used to encrypt the plaintext.+--+-- 'httpStatus', 'encryptResponse_httpStatus' - The response's http status code.+newEncryptResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ EncryptResponse+newEncryptResponse pHttpStatus_ =+ EncryptResponse'+ { ciphertextBlob = Prelude.Nothing,+ encryptionAlgorithm = Prelude.Nothing,+ keyId = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The encrypted plaintext. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+encryptResponse_ciphertextBlob :: Lens.Lens' EncryptResponse (Prelude.Maybe Prelude.ByteString)+encryptResponse_ciphertextBlob = Lens.lens (\EncryptResponse' {ciphertextBlob} -> ciphertextBlob) (\s@EncryptResponse' {} a -> s {ciphertextBlob = a} :: EncryptResponse) Prelude.. Lens.mapping Data._Base64++-- | The encryption algorithm that was used to encrypt the plaintext.+encryptResponse_encryptionAlgorithm :: Lens.Lens' EncryptResponse (Prelude.Maybe EncryptionAlgorithmSpec)+encryptResponse_encryptionAlgorithm = Lens.lens (\EncryptResponse' {encryptionAlgorithm} -> encryptionAlgorithm) (\s@EncryptResponse' {} a -> s {encryptionAlgorithm = a} :: EncryptResponse)++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that was used to encrypt the plaintext.+encryptResponse_keyId :: Lens.Lens' EncryptResponse (Prelude.Maybe Prelude.Text)+encryptResponse_keyId = Lens.lens (\EncryptResponse' {keyId} -> keyId) (\s@EncryptResponse' {} a -> s {keyId = a} :: EncryptResponse)++-- | The response's http status code.+encryptResponse_httpStatus :: Lens.Lens' EncryptResponse Prelude.Int+encryptResponse_httpStatus = Lens.lens (\EncryptResponse' {httpStatus} -> httpStatus) (\s@EncryptResponse' {} a -> s {httpStatus = a} :: EncryptResponse)++instance Prelude.NFData EncryptResponse where+ rnf EncryptResponse' {..} =+ Prelude.rnf ciphertextBlob+ `Prelude.seq` Prelude.rnf encryptionAlgorithm+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/GenerateDataKey.hs view
@@ -0,0 +1,558 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GenerateDataKey+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns a unique symmetric data key for use outside of KMS. This+-- operation returns a plaintext copy of the data key and a copy that is+-- encrypted under a symmetric encryption KMS key that you specify. The+-- bytes in the plaintext key are random; they are not related to the+-- caller or the KMS key. You can use the plaintext key to encrypt your+-- data outside of KMS and store the encrypted data key with the encrypted+-- data.+--+-- To generate a data key, specify the symmetric encryption KMS key that+-- will be used to encrypt the data key. You cannot use an asymmetric KMS+-- key to encrypt data keys. To get the type of your KMS key, use the+-- DescribeKey operation.+--+-- You must also specify the length of the data key. Use either the+-- @KeySpec@ or @NumberOfBytes@ parameters (but not both). For 128-bit and+-- 256-bit data keys, use the @KeySpec@ parameter.+--+-- To generate an SM4 data key (China Regions only), specify a @KeySpec@+-- value of @AES_128@ or @NumberOfBytes@ value of @128@. The symmetric+-- encryption key used in China Regions to encrypt your data key is an SM4+-- encryption key.+--+-- To get only an encrypted copy of the data key, use+-- GenerateDataKeyWithoutPlaintext. To generate an asymmetric data key+-- pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext+-- operation. To get a cryptographically secure random byte string, use+-- GenerateRandom.+--+-- You can use an optional encryption context to add additional security to+-- the encryption operation. If you specify an @EncryptionContext@, you+-- must specify the same encryption context (a case-sensitive exact match)+-- when decrypting the encrypted data key. Otherwise, the request to+-- decrypt fails with an @InvalidCiphertextException@. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>+-- in the /Key Management Service Developer Guide/.+--+-- Applications in Amazon Web Services Nitro Enclaves can call this+-- operation by using the+-- <https://github.com/aws/aws-nitro-enclaves-sdk-c Amazon Web Services Nitro Enclaves Development Kit>.+-- For information about the supporting parameters, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html How Amazon Web Services Nitro Enclaves use KMS>+-- in the /Key Management Service Developer Guide/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __How to use your data key__+--+-- We recommend that you use the following pattern to encrypt data locally+-- in your application. You can write your own code or use a client-side+-- encryption library, such as the+-- <https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/ Amazon Web Services Encryption SDK>,+-- the+-- <https://docs.aws.amazon.com/dynamodb-encryption-client/latest/devguide/ Amazon DynamoDB Encryption Client>,+-- or+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html Amazon S3 client-side encryption>+-- to do these tasks for you.+--+-- To encrypt data outside of KMS:+--+-- 1. Use the @GenerateDataKey@ operation to get a data key.+--+-- 2. Use the plaintext data key (in the @Plaintext@ field of the+-- response) to encrypt your data outside of KMS. Then erase the+-- plaintext data key from memory.+--+-- 3. Store the encrypted data key (in the @CiphertextBlob@ field of the+-- response) with the encrypted data.+--+-- To decrypt data outside of KMS:+--+-- 1. Use the Decrypt operation to decrypt the encrypted data key. The+-- operation returns a plaintext copy of the data key.+--+-- 2. Use the plaintext data key to decrypt data outside of KMS, then+-- erase the plaintext data key from memory.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GenerateDataKey>+-- (key policy)+--+-- __Related operations:__+--+-- - Decrypt+--+-- - Encrypt+--+-- - GenerateDataKeyPair+--+-- - GenerateDataKeyPairWithoutPlaintext+--+-- - GenerateDataKeyWithoutPlaintext+module Amazonka.KMS.GenerateDataKey+ ( -- * Creating a Request+ GenerateDataKey (..),+ newGenerateDataKey,++ -- * Request Lenses+ generateDataKey_encryptionContext,+ generateDataKey_grantTokens,+ generateDataKey_keySpec,+ generateDataKey_numberOfBytes,+ generateDataKey_keyId,++ -- * Destructuring the Response+ GenerateDataKeyResponse (..),+ newGenerateDataKeyResponse,++ -- * Response Lenses+ generateDataKeyResponse_httpStatus,+ generateDataKeyResponse_keyId,+ generateDataKeyResponse_plaintext,+ generateDataKeyResponse_ciphertextBlob,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGenerateDataKey' smart constructor.+data GenerateDataKey = GenerateDataKey'+ { -- | Specifies the encryption context that will be used when encrypting the+ -- data key.+ --+ -- An /encryption context/ is a collection of non-secret key-value pairs+ -- that represent additional authenticated data. When you use an encryption+ -- context to encrypt data, you must specify the same (an exact+ -- case-sensitive match) encryption context to decrypt the data. An+ -- encryption context is supported only on operations with symmetric+ -- encryption KMS keys. On operations with symmetric encryption KMS keys,+ -- an encryption context is optional, but it is strongly recommended.+ --+ -- For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+ -- in the /Key Management Service Developer Guide/.+ encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),+ -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Specifies the length of the data key. Use @AES_128@ to generate a+ -- 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.+ --+ -- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter+ -- (but not both) in every @GenerateDataKey@ request.+ keySpec :: Prelude.Maybe DataKeySpec,+ -- | Specifies the length of the data key in bytes. For example, use the+ -- value 64 to generate a 512-bit data key (64 bytes is 512 bits). For+ -- 128-bit (16-byte) and 256-bit (32-byte) data keys, use the @KeySpec@+ -- parameter.+ --+ -- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter+ -- (but not both) in every @GenerateDataKey@ request.+ numberOfBytes :: Prelude.Maybe Prelude.Natural,+ -- | Specifies the symmetric encryption KMS key that encrypts the data key.+ -- You cannot specify an asymmetric KMS key or a KMS key in a custom key+ -- store. To get the type and origin of your KMS key, use the DescribeKey+ -- operation.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateDataKey' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionContext', 'generateDataKey_encryptionContext' - Specifies the encryption context that will be used when encrypting the+-- data key.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+--+-- 'grantTokens', 'generateDataKey_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'keySpec', 'generateDataKey_keySpec' - Specifies the length of the data key. Use @AES_128@ to generate a+-- 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.+--+-- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter+-- (but not both) in every @GenerateDataKey@ request.+--+-- 'numberOfBytes', 'generateDataKey_numberOfBytes' - Specifies the length of the data key in bytes. For example, use the+-- value 64 to generate a 512-bit data key (64 bytes is 512 bits). For+-- 128-bit (16-byte) and 256-bit (32-byte) data keys, use the @KeySpec@+-- parameter.+--+-- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter+-- (but not both) in every @GenerateDataKey@ request.+--+-- 'keyId', 'generateDataKey_keyId' - Specifies the symmetric encryption KMS key that encrypts the data key.+-- You cannot specify an asymmetric KMS key or a KMS key in a custom key+-- store. To get the type and origin of your KMS key, use the DescribeKey+-- operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+newGenerateDataKey ::+ -- | 'keyId'+ Prelude.Text ->+ GenerateDataKey+newGenerateDataKey pKeyId_ =+ GenerateDataKey'+ { encryptionContext =+ Prelude.Nothing,+ grantTokens = Prelude.Nothing,+ keySpec = Prelude.Nothing,+ numberOfBytes = Prelude.Nothing,+ keyId = pKeyId_+ }++-- | Specifies the encryption context that will be used when encrypting the+-- data key.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+generateDataKey_encryptionContext :: Lens.Lens' GenerateDataKey (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+generateDataKey_encryptionContext = Lens.lens (\GenerateDataKey' {encryptionContext} -> encryptionContext) (\s@GenerateDataKey' {} a -> s {encryptionContext = a} :: GenerateDataKey) Prelude.. Lens.mapping Lens.coerced++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+generateDataKey_grantTokens :: Lens.Lens' GenerateDataKey (Prelude.Maybe [Prelude.Text])+generateDataKey_grantTokens = Lens.lens (\GenerateDataKey' {grantTokens} -> grantTokens) (\s@GenerateDataKey' {} a -> s {grantTokens = a} :: GenerateDataKey) Prelude.. Lens.mapping Lens.coerced++-- | Specifies the length of the data key. Use @AES_128@ to generate a+-- 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.+--+-- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter+-- (but not both) in every @GenerateDataKey@ request.+generateDataKey_keySpec :: Lens.Lens' GenerateDataKey (Prelude.Maybe DataKeySpec)+generateDataKey_keySpec = Lens.lens (\GenerateDataKey' {keySpec} -> keySpec) (\s@GenerateDataKey' {} a -> s {keySpec = a} :: GenerateDataKey)++-- | Specifies the length of the data key in bytes. For example, use the+-- value 64 to generate a 512-bit data key (64 bytes is 512 bits). For+-- 128-bit (16-byte) and 256-bit (32-byte) data keys, use the @KeySpec@+-- parameter.+--+-- You must specify either the @KeySpec@ or the @NumberOfBytes@ parameter+-- (but not both) in every @GenerateDataKey@ request.+generateDataKey_numberOfBytes :: Lens.Lens' GenerateDataKey (Prelude.Maybe Prelude.Natural)+generateDataKey_numberOfBytes = Lens.lens (\GenerateDataKey' {numberOfBytes} -> numberOfBytes) (\s@GenerateDataKey' {} a -> s {numberOfBytes = a} :: GenerateDataKey)++-- | Specifies the symmetric encryption KMS key that encrypts the data key.+-- You cannot specify an asymmetric KMS key or a KMS key in a custom key+-- store. To get the type and origin of your KMS key, use the DescribeKey+-- operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+generateDataKey_keyId :: Lens.Lens' GenerateDataKey Prelude.Text+generateDataKey_keyId = Lens.lens (\GenerateDataKey' {keyId} -> keyId) (\s@GenerateDataKey' {} a -> s {keyId = a} :: GenerateDataKey)++instance Core.AWSRequest GenerateDataKey where+ type+ AWSResponse GenerateDataKey =+ GenerateDataKeyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GenerateDataKeyResponse'+ Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+ Prelude.<*> (x Data..:> "KeyId")+ Prelude.<*> (x Data..:> "Plaintext")+ Prelude.<*> (x Data..:> "CiphertextBlob")+ )++instance Prelude.Hashable GenerateDataKey where+ hashWithSalt _salt GenerateDataKey' {..} =+ _salt+ `Prelude.hashWithSalt` encryptionContext+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` keySpec+ `Prelude.hashWithSalt` numberOfBytes+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData GenerateDataKey where+ rnf GenerateDataKey' {..} =+ Prelude.rnf encryptionContext+ `Prelude.seq` Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf keySpec+ `Prelude.seq` Prelude.rnf numberOfBytes+ `Prelude.seq` Prelude.rnf keyId++instance Data.ToHeaders GenerateDataKey where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.GenerateDataKey" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON GenerateDataKey where+ toJSON GenerateDataKey' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("EncryptionContext" Data..=)+ Prelude.<$> encryptionContext,+ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ ("KeySpec" Data..=) Prelude.<$> keySpec,+ ("NumberOfBytes" Data..=) Prelude.<$> numberOfBytes,+ Prelude.Just ("KeyId" Data..= keyId)+ ]+ )++instance Data.ToPath GenerateDataKey where+ toPath = Prelude.const "/"++instance Data.ToQuery GenerateDataKey where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGenerateDataKeyResponse' smart constructor.+data GenerateDataKeyResponse = GenerateDataKeyResponse'+ { -- | The response's http status code.+ httpStatus :: Prelude.Int,+ -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key that encrypted the data key.+ keyId :: Prelude.Text,+ -- | The plaintext data key. When you use the HTTP API or the Amazon Web+ -- Services CLI, the value is Base64-encoded. Otherwise, it is not+ -- Base64-encoded. Use this data key to encrypt your data outside of KMS.+ -- Then, remove it from memory as soon as possible.+ plaintext :: Data.Sensitive Data.Base64,+ -- | The encrypted copy of the data key. When you use the HTTP API or the+ -- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+ -- not Base64-encoded.+ ciphertextBlob :: Data.Base64+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateDataKeyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'generateDataKeyResponse_httpStatus' - The response's http status code.+--+-- 'keyId', 'generateDataKeyResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that encrypted the data key.+--+-- 'plaintext', 'generateDataKeyResponse_plaintext' - The plaintext data key. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded. Use this data key to encrypt your data outside of KMS.+-- Then, remove it from memory as soon as possible.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'ciphertextBlob', 'generateDataKeyResponse_ciphertextBlob' - The encrypted copy of the data key. When you use the HTTP API or the+-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+-- not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+newGenerateDataKeyResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ -- | 'keyId'+ Prelude.Text ->+ -- | 'plaintext'+ Prelude.ByteString ->+ -- | 'ciphertextBlob'+ Prelude.ByteString ->+ GenerateDataKeyResponse+newGenerateDataKeyResponse+ pHttpStatus_+ pKeyId_+ pPlaintext_+ pCiphertextBlob_ =+ GenerateDataKeyResponse'+ { httpStatus = pHttpStatus_,+ keyId = pKeyId_,+ plaintext =+ Data._Sensitive+ Prelude.. Data._Base64+ Lens.# pPlaintext_,+ ciphertextBlob =+ Data._Base64 Lens.# pCiphertextBlob_+ }++-- | The response's http status code.+generateDataKeyResponse_httpStatus :: Lens.Lens' GenerateDataKeyResponse Prelude.Int+generateDataKeyResponse_httpStatus = Lens.lens (\GenerateDataKeyResponse' {httpStatus} -> httpStatus) (\s@GenerateDataKeyResponse' {} a -> s {httpStatus = a} :: GenerateDataKeyResponse)++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that encrypted the data key.+generateDataKeyResponse_keyId :: Lens.Lens' GenerateDataKeyResponse Prelude.Text+generateDataKeyResponse_keyId = Lens.lens (\GenerateDataKeyResponse' {keyId} -> keyId) (\s@GenerateDataKeyResponse' {} a -> s {keyId = a} :: GenerateDataKeyResponse)++-- | The plaintext data key. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded. Use this data key to encrypt your data outside of KMS.+-- Then, remove it from memory as soon as possible.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateDataKeyResponse_plaintext :: Lens.Lens' GenerateDataKeyResponse Prelude.ByteString+generateDataKeyResponse_plaintext = Lens.lens (\GenerateDataKeyResponse' {plaintext} -> plaintext) (\s@GenerateDataKeyResponse' {} a -> s {plaintext = a} :: GenerateDataKeyResponse) Prelude.. Data._Sensitive Prelude.. Data._Base64++-- | The encrypted copy of the data key. When you use the HTTP API or the+-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+-- not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateDataKeyResponse_ciphertextBlob :: Lens.Lens' GenerateDataKeyResponse Prelude.ByteString+generateDataKeyResponse_ciphertextBlob = Lens.lens (\GenerateDataKeyResponse' {ciphertextBlob} -> ciphertextBlob) (\s@GenerateDataKeyResponse' {} a -> s {ciphertextBlob = a} :: GenerateDataKeyResponse) Prelude.. Data._Base64++instance Prelude.NFData GenerateDataKeyResponse where+ rnf GenerateDataKeyResponse' {..} =+ Prelude.rnf httpStatus+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf plaintext+ `Prelude.seq` Prelude.rnf ciphertextBlob
+ gen/Amazonka/KMS/GenerateDataKeyPair.hs view
@@ -0,0 +1,534 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GenerateDataKeyPair+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns a unique asymmetric data key pair for use outside of KMS. This+-- operation returns a plaintext public key, a plaintext private key, and a+-- copy of the private key that is encrypted under the symmetric encryption+-- KMS key you specify. You can use the data key pair to perform asymmetric+-- cryptography and implement digital signatures outside of KMS. The bytes+-- in the keys are random; they not related to the caller or to the KMS key+-- that is used to encrypt the private key.+--+-- You can use the public key that @GenerateDataKeyPair@ returns to encrypt+-- data or verify a signature outside of KMS. Then, store the encrypted+-- private key with the data. When you are ready to decrypt data or sign a+-- message, you can use the Decrypt operation to decrypt the encrypted+-- private key.+--+-- To generate a data key pair, you must specify a symmetric encryption KMS+-- key to encrypt the private key in a data key pair. You cannot use an+-- asymmetric KMS key or a KMS key in a custom key store. To get the type+-- and origin of your KMS key, use the DescribeKey operation.+--+-- Use the @KeyPairSpec@ parameter to choose an RSA or Elliptic Curve (ECC)+-- data key pair. In China Regions, you can also choose an SM2 data key+-- pair. KMS recommends that you use ECC key pairs for signing, and use RSA+-- and SM2 key pairs for either encryption or signing, but not both.+-- However, KMS cannot enforce any restrictions on the use of data key+-- pairs outside of KMS.+--+-- If you are using the data key pair to encrypt data, or for any operation+-- where you don\'t immediately need a private key, consider using the+-- GenerateDataKeyPairWithoutPlaintext operation.+-- @GenerateDataKeyPairWithoutPlaintext@ returns a plaintext public key and+-- an encrypted private key, but omits the plaintext private key that you+-- need only to decrypt ciphertext or sign a message. Later, when you need+-- to decrypt the data or sign a message, use the Decrypt operation to+-- decrypt the encrypted private key in the data key pair.+--+-- @GenerateDataKeyPair@ returns a unique data key pair for each request.+-- The bytes in the keys are random; they are not related to the caller or+-- the KMS key that is used to encrypt the private key. The public key is a+-- DER-encoded X.509 SubjectPublicKeyInfo, as specified in+-- <https://tools.ietf.org/html/rfc5280 RFC 5280>. The private key is a+-- DER-encoded PKCS8 PrivateKeyInfo, as specified in+-- <https://tools.ietf.org/html/rfc5958 RFC 5958>.+--+-- You can use an optional encryption context to add additional security to+-- the encryption operation. If you specify an @EncryptionContext@, you+-- must specify the same encryption context (a case-sensitive exact match)+-- when decrypting the encrypted data key. Otherwise, the request to+-- decrypt fails with an @InvalidCiphertextException@. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>+-- in the /Key Management Service Developer Guide/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GenerateDataKeyPair>+-- (key policy)+--+-- __Related operations:__+--+-- - Decrypt+--+-- - Encrypt+--+-- - GenerateDataKey+--+-- - GenerateDataKeyPairWithoutPlaintext+--+-- - GenerateDataKeyWithoutPlaintext+module Amazonka.KMS.GenerateDataKeyPair+ ( -- * Creating a Request+ GenerateDataKeyPair (..),+ newGenerateDataKeyPair,++ -- * Request Lenses+ generateDataKeyPair_encryptionContext,+ generateDataKeyPair_grantTokens,+ generateDataKeyPair_keyId,+ generateDataKeyPair_keyPairSpec,++ -- * Destructuring the Response+ GenerateDataKeyPairResponse (..),+ newGenerateDataKeyPairResponse,++ -- * Response Lenses+ generateDataKeyPairResponse_keyId,+ generateDataKeyPairResponse_keyPairSpec,+ generateDataKeyPairResponse_privateKeyCiphertextBlob,+ generateDataKeyPairResponse_privateKeyPlaintext,+ generateDataKeyPairResponse_publicKey,+ generateDataKeyPairResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGenerateDataKeyPair' smart constructor.+data GenerateDataKeyPair = GenerateDataKeyPair'+ { -- | Specifies the encryption context that will be used when encrypting the+ -- private key in the data key pair.+ --+ -- An /encryption context/ is a collection of non-secret key-value pairs+ -- that represent additional authenticated data. When you use an encryption+ -- context to encrypt data, you must specify the same (an exact+ -- case-sensitive match) encryption context to decrypt the data. An+ -- encryption context is supported only on operations with symmetric+ -- encryption KMS keys. On operations with symmetric encryption KMS keys,+ -- an encryption context is optional, but it is strongly recommended.+ --+ -- For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+ -- in the /Key Management Service Developer Guide/.+ encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),+ -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Specifies the symmetric encryption KMS key that encrypts the private key+ -- in the data key pair. You cannot specify an asymmetric KMS key or a KMS+ -- key in a custom key store. To get the type and origin of your KMS key,+ -- use the DescribeKey operation.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Text,+ -- | Determines the type of data key pair that is generated.+ --+ -- The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys+ -- to encrypt and decrypt or to sign and verify (but not both), and the+ -- rule that permits you to use ECC KMS keys only to sign and verify, are+ -- not effective on data key pairs, which are used outside of KMS. The SM2+ -- key spec is only available in China Regions.+ keyPairSpec :: DataKeyPairSpec+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateDataKeyPair' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionContext', 'generateDataKeyPair_encryptionContext' - Specifies the encryption context that will be used when encrypting the+-- private key in the data key pair.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+--+-- 'grantTokens', 'generateDataKeyPair_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyId', 'generateDataKeyPair_keyId' - Specifies the symmetric encryption KMS key that encrypts the private key+-- in the data key pair. You cannot specify an asymmetric KMS key or a KMS+-- key in a custom key store. To get the type and origin of your KMS key,+-- use the DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+--+-- 'keyPairSpec', 'generateDataKeyPair_keyPairSpec' - Determines the type of data key pair that is generated.+--+-- The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys+-- to encrypt and decrypt or to sign and verify (but not both), and the+-- rule that permits you to use ECC KMS keys only to sign and verify, are+-- not effective on data key pairs, which are used outside of KMS. The SM2+-- key spec is only available in China Regions.+newGenerateDataKeyPair ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'keyPairSpec'+ DataKeyPairSpec ->+ GenerateDataKeyPair+newGenerateDataKeyPair pKeyId_ pKeyPairSpec_ =+ GenerateDataKeyPair'+ { encryptionContext =+ Prelude.Nothing,+ grantTokens = Prelude.Nothing,+ keyId = pKeyId_,+ keyPairSpec = pKeyPairSpec_+ }++-- | Specifies the encryption context that will be used when encrypting the+-- private key in the data key pair.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+generateDataKeyPair_encryptionContext :: Lens.Lens' GenerateDataKeyPair (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+generateDataKeyPair_encryptionContext = Lens.lens (\GenerateDataKeyPair' {encryptionContext} -> encryptionContext) (\s@GenerateDataKeyPair' {} a -> s {encryptionContext = a} :: GenerateDataKeyPair) Prelude.. Lens.mapping Lens.coerced++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+generateDataKeyPair_grantTokens :: Lens.Lens' GenerateDataKeyPair (Prelude.Maybe [Prelude.Text])+generateDataKeyPair_grantTokens = Lens.lens (\GenerateDataKeyPair' {grantTokens} -> grantTokens) (\s@GenerateDataKeyPair' {} a -> s {grantTokens = a} :: GenerateDataKeyPair) Prelude.. Lens.mapping Lens.coerced++-- | Specifies the symmetric encryption KMS key that encrypts the private key+-- in the data key pair. You cannot specify an asymmetric KMS key or a KMS+-- key in a custom key store. To get the type and origin of your KMS key,+-- use the DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+generateDataKeyPair_keyId :: Lens.Lens' GenerateDataKeyPair Prelude.Text+generateDataKeyPair_keyId = Lens.lens (\GenerateDataKeyPair' {keyId} -> keyId) (\s@GenerateDataKeyPair' {} a -> s {keyId = a} :: GenerateDataKeyPair)++-- | Determines the type of data key pair that is generated.+--+-- The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys+-- to encrypt and decrypt or to sign and verify (but not both), and the+-- rule that permits you to use ECC KMS keys only to sign and verify, are+-- not effective on data key pairs, which are used outside of KMS. The SM2+-- key spec is only available in China Regions.+generateDataKeyPair_keyPairSpec :: Lens.Lens' GenerateDataKeyPair DataKeyPairSpec+generateDataKeyPair_keyPairSpec = Lens.lens (\GenerateDataKeyPair' {keyPairSpec} -> keyPairSpec) (\s@GenerateDataKeyPair' {} a -> s {keyPairSpec = a} :: GenerateDataKeyPair)++instance Core.AWSRequest GenerateDataKeyPair where+ type+ AWSResponse GenerateDataKeyPair =+ GenerateDataKeyPairResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GenerateDataKeyPairResponse'+ Prelude.<$> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "KeyPairSpec")+ Prelude.<*> (x Data..?> "PrivateKeyCiphertextBlob")+ Prelude.<*> (x Data..?> "PrivateKeyPlaintext")+ Prelude.<*> (x Data..?> "PublicKey")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable GenerateDataKeyPair where+ hashWithSalt _salt GenerateDataKeyPair' {..} =+ _salt+ `Prelude.hashWithSalt` encryptionContext+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` keyPairSpec++instance Prelude.NFData GenerateDataKeyPair where+ rnf GenerateDataKeyPair' {..} =+ Prelude.rnf encryptionContext+ `Prelude.seq` Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf keyPairSpec++instance Data.ToHeaders GenerateDataKeyPair where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.GenerateDataKeyPair" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON GenerateDataKeyPair where+ toJSON GenerateDataKeyPair' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("EncryptionContext" Data..=)+ Prelude.<$> encryptionContext,+ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("KeyPairSpec" Data..= keyPairSpec)+ ]+ )++instance Data.ToPath GenerateDataKeyPair where+ toPath = Prelude.const "/"++instance Data.ToQuery GenerateDataKeyPair where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGenerateDataKeyPairResponse' smart constructor.+data GenerateDataKeyPairResponse = GenerateDataKeyPairResponse'+ { -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key that encrypted the private key.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The type of data key pair that was generated.+ keyPairSpec :: Prelude.Maybe DataKeyPairSpec,+ -- | The encrypted copy of the private key. When you use the HTTP API or the+ -- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+ -- not Base64-encoded.+ privateKeyCiphertextBlob :: Prelude.Maybe Data.Base64,+ -- | The plaintext copy of the private key. When you use the HTTP API or the+ -- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+ -- not Base64-encoded.+ privateKeyPlaintext :: Prelude.Maybe (Data.Sensitive Data.Base64),+ -- | The public key (in plaintext). When you use the HTTP API or the Amazon+ -- Web Services CLI, the value is Base64-encoded. Otherwise, it is not+ -- Base64-encoded.+ publicKey :: Prelude.Maybe Data.Base64,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateDataKeyPairResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'generateDataKeyPairResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that encrypted the private key.+--+-- 'keyPairSpec', 'generateDataKeyPairResponse_keyPairSpec' - The type of data key pair that was generated.+--+-- 'privateKeyCiphertextBlob', 'generateDataKeyPairResponse_privateKeyCiphertextBlob' - The encrypted copy of the private key. When you use the HTTP API or the+-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+-- not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'privateKeyPlaintext', 'generateDataKeyPairResponse_privateKeyPlaintext' - The plaintext copy of the private key. When you use the HTTP API or the+-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+-- not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'publicKey', 'generateDataKeyPairResponse_publicKey' - The public key (in plaintext). When you use the HTTP API or the Amazon+-- Web Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'httpStatus', 'generateDataKeyPairResponse_httpStatus' - The response's http status code.+newGenerateDataKeyPairResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ GenerateDataKeyPairResponse+newGenerateDataKeyPairResponse pHttpStatus_ =+ GenerateDataKeyPairResponse'+ { keyId =+ Prelude.Nothing,+ keyPairSpec = Prelude.Nothing,+ privateKeyCiphertextBlob = Prelude.Nothing,+ privateKeyPlaintext = Prelude.Nothing,+ publicKey = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that encrypted the private key.+generateDataKeyPairResponse_keyId :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe Prelude.Text)+generateDataKeyPairResponse_keyId = Lens.lens (\GenerateDataKeyPairResponse' {keyId} -> keyId) (\s@GenerateDataKeyPairResponse' {} a -> s {keyId = a} :: GenerateDataKeyPairResponse)++-- | The type of data key pair that was generated.+generateDataKeyPairResponse_keyPairSpec :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe DataKeyPairSpec)+generateDataKeyPairResponse_keyPairSpec = Lens.lens (\GenerateDataKeyPairResponse' {keyPairSpec} -> keyPairSpec) (\s@GenerateDataKeyPairResponse' {} a -> s {keyPairSpec = a} :: GenerateDataKeyPairResponse)++-- | The encrypted copy of the private key. When you use the HTTP API or the+-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+-- not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateDataKeyPairResponse_privateKeyCiphertextBlob :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe Prelude.ByteString)+generateDataKeyPairResponse_privateKeyCiphertextBlob = Lens.lens (\GenerateDataKeyPairResponse' {privateKeyCiphertextBlob} -> privateKeyCiphertextBlob) (\s@GenerateDataKeyPairResponse' {} a -> s {privateKeyCiphertextBlob = a} :: GenerateDataKeyPairResponse) Prelude.. Lens.mapping Data._Base64++-- | The plaintext copy of the private key. When you use the HTTP API or the+-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+-- not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateDataKeyPairResponse_privateKeyPlaintext :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe Prelude.ByteString)+generateDataKeyPairResponse_privateKeyPlaintext = Lens.lens (\GenerateDataKeyPairResponse' {privateKeyPlaintext} -> privateKeyPlaintext) (\s@GenerateDataKeyPairResponse' {} a -> s {privateKeyPlaintext = a} :: GenerateDataKeyPairResponse) Prelude.. Lens.mapping (Data._Sensitive Prelude.. Data._Base64)++-- | The public key (in plaintext). When you use the HTTP API or the Amazon+-- Web Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateDataKeyPairResponse_publicKey :: Lens.Lens' GenerateDataKeyPairResponse (Prelude.Maybe Prelude.ByteString)+generateDataKeyPairResponse_publicKey = Lens.lens (\GenerateDataKeyPairResponse' {publicKey} -> publicKey) (\s@GenerateDataKeyPairResponse' {} a -> s {publicKey = a} :: GenerateDataKeyPairResponse) Prelude.. Lens.mapping Data._Base64++-- | The response's http status code.+generateDataKeyPairResponse_httpStatus :: Lens.Lens' GenerateDataKeyPairResponse Prelude.Int+generateDataKeyPairResponse_httpStatus = Lens.lens (\GenerateDataKeyPairResponse' {httpStatus} -> httpStatus) (\s@GenerateDataKeyPairResponse' {} a -> s {httpStatus = a} :: GenerateDataKeyPairResponse)++instance Prelude.NFData GenerateDataKeyPairResponse where+ rnf GenerateDataKeyPairResponse' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf keyPairSpec+ `Prelude.seq` Prelude.rnf privateKeyCiphertextBlob+ `Prelude.seq` Prelude.rnf privateKeyPlaintext+ `Prelude.seq` Prelude.rnf publicKey+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/GenerateDataKeyPairWithoutPlaintext.hs view
@@ -0,0 +1,526 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns a unique asymmetric data key pair for use outside of KMS. This+-- operation returns a plaintext public key and a copy of the private key+-- that is encrypted under the symmetric encryption KMS key you specify.+-- Unlike GenerateDataKeyPair, this operation does not return a plaintext+-- private key. The bytes in the keys are random; they are not related to+-- the caller or to the KMS key that is used to encrypt the private key.+--+-- You can use the public key that @GenerateDataKeyPairWithoutPlaintext@+-- returns to encrypt data or verify a signature outside of KMS. Then,+-- store the encrypted private key with the data. When you are ready to+-- decrypt data or sign a message, you can use the Decrypt operation to+-- decrypt the encrypted private key.+--+-- To generate a data key pair, you must specify a symmetric encryption KMS+-- key to encrypt the private key in a data key pair. You cannot use an+-- asymmetric KMS key or a KMS key in a custom key store. To get the type+-- and origin of your KMS key, use the DescribeKey operation.+--+-- Use the @KeyPairSpec@ parameter to choose an RSA or Elliptic Curve (ECC)+-- data key pair. In China Regions, you can also choose an SM2 data key+-- pair. KMS recommends that you use ECC key pairs for signing, and use RSA+-- and SM2 key pairs for either encryption or signing, but not both.+-- However, KMS cannot enforce any restrictions on the use of data key+-- pairs outside of KMS.+--+-- @GenerateDataKeyPairWithoutPlaintext@ returns a unique data key pair for+-- each request. The bytes in the key are not related to the caller or KMS+-- key that is used to encrypt the private key. The public key is a+-- DER-encoded X.509 SubjectPublicKeyInfo, as specified in+-- <https://tools.ietf.org/html/rfc5280 RFC 5280>.+--+-- You can use an optional encryption context to add additional security to+-- the encryption operation. If you specify an @EncryptionContext@, you+-- must specify the same encryption context (a case-sensitive exact match)+-- when decrypting the encrypted data key. Otherwise, the request to+-- decrypt fails with an @InvalidCiphertextException@. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>+-- in the /Key Management Service Developer Guide/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GenerateDataKeyPairWithoutPlaintext>+-- (key policy)+--+-- __Related operations:__+--+-- - Decrypt+--+-- - Encrypt+--+-- - GenerateDataKey+--+-- - GenerateDataKeyPair+--+-- - GenerateDataKeyWithoutPlaintext+module Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext+ ( -- * Creating a Request+ GenerateDataKeyPairWithoutPlaintext (..),+ newGenerateDataKeyPairWithoutPlaintext,++ -- * Request Lenses+ generateDataKeyPairWithoutPlaintext_encryptionContext,+ generateDataKeyPairWithoutPlaintext_grantTokens,+ generateDataKeyPairWithoutPlaintext_keyId,+ generateDataKeyPairWithoutPlaintext_keyPairSpec,++ -- * Destructuring the Response+ GenerateDataKeyPairWithoutPlaintextResponse (..),+ newGenerateDataKeyPairWithoutPlaintextResponse,++ -- * Response Lenses+ generateDataKeyPairWithoutPlaintextResponse_keyId,+ generateDataKeyPairWithoutPlaintextResponse_keyPairSpec,+ generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob,+ generateDataKeyPairWithoutPlaintextResponse_publicKey,+ generateDataKeyPairWithoutPlaintextResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGenerateDataKeyPairWithoutPlaintext' smart constructor.+data GenerateDataKeyPairWithoutPlaintext = GenerateDataKeyPairWithoutPlaintext'+ { -- | Specifies the encryption context that will be used when encrypting the+ -- private key in the data key pair.+ --+ -- An /encryption context/ is a collection of non-secret key-value pairs+ -- that represent additional authenticated data. When you use an encryption+ -- context to encrypt data, you must specify the same (an exact+ -- case-sensitive match) encryption context to decrypt the data. An+ -- encryption context is supported only on operations with symmetric+ -- encryption KMS keys. On operations with symmetric encryption KMS keys,+ -- an encryption context is optional, but it is strongly recommended.+ --+ -- For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+ -- in the /Key Management Service Developer Guide/.+ encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),+ -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Specifies the symmetric encryption KMS key that encrypts the private key+ -- in the data key pair. You cannot specify an asymmetric KMS key or a KMS+ -- key in a custom key store. To get the type and origin of your KMS key,+ -- use the DescribeKey operation.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Text,+ -- | Determines the type of data key pair that is generated.+ --+ -- The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys+ -- to encrypt and decrypt or to sign and verify (but not both), and the+ -- rule that permits you to use ECC KMS keys only to sign and verify, are+ -- not effective on data key pairs, which are used outside of KMS. The SM2+ -- key spec is only available in China Regions.+ keyPairSpec :: DataKeyPairSpec+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateDataKeyPairWithoutPlaintext' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionContext', 'generateDataKeyPairWithoutPlaintext_encryptionContext' - Specifies the encryption context that will be used when encrypting the+-- private key in the data key pair.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+--+-- 'grantTokens', 'generateDataKeyPairWithoutPlaintext_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyId', 'generateDataKeyPairWithoutPlaintext_keyId' - Specifies the symmetric encryption KMS key that encrypts the private key+-- in the data key pair. You cannot specify an asymmetric KMS key or a KMS+-- key in a custom key store. To get the type and origin of your KMS key,+-- use the DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+--+-- 'keyPairSpec', 'generateDataKeyPairWithoutPlaintext_keyPairSpec' - Determines the type of data key pair that is generated.+--+-- The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys+-- to encrypt and decrypt or to sign and verify (but not both), and the+-- rule that permits you to use ECC KMS keys only to sign and verify, are+-- not effective on data key pairs, which are used outside of KMS. The SM2+-- key spec is only available in China Regions.+newGenerateDataKeyPairWithoutPlaintext ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'keyPairSpec'+ DataKeyPairSpec ->+ GenerateDataKeyPairWithoutPlaintext+newGenerateDataKeyPairWithoutPlaintext+ pKeyId_+ pKeyPairSpec_ =+ GenerateDataKeyPairWithoutPlaintext'+ { encryptionContext =+ Prelude.Nothing,+ grantTokens = Prelude.Nothing,+ keyId = pKeyId_,+ keyPairSpec = pKeyPairSpec_+ }++-- | Specifies the encryption context that will be used when encrypting the+-- private key in the data key pair.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+generateDataKeyPairWithoutPlaintext_encryptionContext :: Lens.Lens' GenerateDataKeyPairWithoutPlaintext (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+generateDataKeyPairWithoutPlaintext_encryptionContext = Lens.lens (\GenerateDataKeyPairWithoutPlaintext' {encryptionContext} -> encryptionContext) (\s@GenerateDataKeyPairWithoutPlaintext' {} a -> s {encryptionContext = a} :: GenerateDataKeyPairWithoutPlaintext) Prelude.. Lens.mapping Lens.coerced++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+generateDataKeyPairWithoutPlaintext_grantTokens :: Lens.Lens' GenerateDataKeyPairWithoutPlaintext (Prelude.Maybe [Prelude.Text])+generateDataKeyPairWithoutPlaintext_grantTokens = Lens.lens (\GenerateDataKeyPairWithoutPlaintext' {grantTokens} -> grantTokens) (\s@GenerateDataKeyPairWithoutPlaintext' {} a -> s {grantTokens = a} :: GenerateDataKeyPairWithoutPlaintext) Prelude.. Lens.mapping Lens.coerced++-- | Specifies the symmetric encryption KMS key that encrypts the private key+-- in the data key pair. You cannot specify an asymmetric KMS key or a KMS+-- key in a custom key store. To get the type and origin of your KMS key,+-- use the DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+generateDataKeyPairWithoutPlaintext_keyId :: Lens.Lens' GenerateDataKeyPairWithoutPlaintext Prelude.Text+generateDataKeyPairWithoutPlaintext_keyId = Lens.lens (\GenerateDataKeyPairWithoutPlaintext' {keyId} -> keyId) (\s@GenerateDataKeyPairWithoutPlaintext' {} a -> s {keyId = a} :: GenerateDataKeyPairWithoutPlaintext)++-- | Determines the type of data key pair that is generated.+--+-- The KMS rule that restricts the use of asymmetric RSA and SM2 KMS keys+-- to encrypt and decrypt or to sign and verify (but not both), and the+-- rule that permits you to use ECC KMS keys only to sign and verify, are+-- not effective on data key pairs, which are used outside of KMS. The SM2+-- key spec is only available in China Regions.+generateDataKeyPairWithoutPlaintext_keyPairSpec :: Lens.Lens' GenerateDataKeyPairWithoutPlaintext DataKeyPairSpec+generateDataKeyPairWithoutPlaintext_keyPairSpec = Lens.lens (\GenerateDataKeyPairWithoutPlaintext' {keyPairSpec} -> keyPairSpec) (\s@GenerateDataKeyPairWithoutPlaintext' {} a -> s {keyPairSpec = a} :: GenerateDataKeyPairWithoutPlaintext)++instance+ Core.AWSRequest+ GenerateDataKeyPairWithoutPlaintext+ where+ type+ AWSResponse GenerateDataKeyPairWithoutPlaintext =+ GenerateDataKeyPairWithoutPlaintextResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GenerateDataKeyPairWithoutPlaintextResponse'+ Prelude.<$> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "KeyPairSpec")+ Prelude.<*> (x Data..?> "PrivateKeyCiphertextBlob")+ Prelude.<*> (x Data..?> "PublicKey")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance+ Prelude.Hashable+ GenerateDataKeyPairWithoutPlaintext+ where+ hashWithSalt+ _salt+ GenerateDataKeyPairWithoutPlaintext' {..} =+ _salt+ `Prelude.hashWithSalt` encryptionContext+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` keyPairSpec++instance+ Prelude.NFData+ GenerateDataKeyPairWithoutPlaintext+ where+ rnf GenerateDataKeyPairWithoutPlaintext' {..} =+ Prelude.rnf encryptionContext+ `Prelude.seq` Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf keyPairSpec++instance+ Data.ToHeaders+ GenerateDataKeyPairWithoutPlaintext+ where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.GenerateDataKeyPairWithoutPlaintext" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance+ Data.ToJSON+ GenerateDataKeyPairWithoutPlaintext+ where+ toJSON GenerateDataKeyPairWithoutPlaintext' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("EncryptionContext" Data..=)+ Prelude.<$> encryptionContext,+ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("KeyPairSpec" Data..= keyPairSpec)+ ]+ )++instance+ Data.ToPath+ GenerateDataKeyPairWithoutPlaintext+ where+ toPath = Prelude.const "/"++instance+ Data.ToQuery+ GenerateDataKeyPairWithoutPlaintext+ where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGenerateDataKeyPairWithoutPlaintextResponse' smart constructor.+data GenerateDataKeyPairWithoutPlaintextResponse = GenerateDataKeyPairWithoutPlaintextResponse'+ { -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key that encrypted the private key.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The type of data key pair that was generated.+ keyPairSpec :: Prelude.Maybe DataKeyPairSpec,+ -- | The encrypted copy of the private key. When you use the HTTP API or the+ -- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+ -- not Base64-encoded.+ privateKeyCiphertextBlob :: Prelude.Maybe Data.Base64,+ -- | The public key (in plaintext). When you use the HTTP API or the Amazon+ -- Web Services CLI, the value is Base64-encoded. Otherwise, it is not+ -- Base64-encoded.+ publicKey :: Prelude.Maybe Data.Base64,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateDataKeyPairWithoutPlaintextResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'generateDataKeyPairWithoutPlaintextResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that encrypted the private key.+--+-- 'keyPairSpec', 'generateDataKeyPairWithoutPlaintextResponse_keyPairSpec' - The type of data key pair that was generated.+--+-- 'privateKeyCiphertextBlob', 'generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob' - The encrypted copy of the private key. When you use the HTTP API or the+-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+-- not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'publicKey', 'generateDataKeyPairWithoutPlaintextResponse_publicKey' - The public key (in plaintext). When you use the HTTP API or the Amazon+-- Web Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'httpStatus', 'generateDataKeyPairWithoutPlaintextResponse_httpStatus' - The response's http status code.+newGenerateDataKeyPairWithoutPlaintextResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ GenerateDataKeyPairWithoutPlaintextResponse+newGenerateDataKeyPairWithoutPlaintextResponse+ pHttpStatus_ =+ GenerateDataKeyPairWithoutPlaintextResponse'+ { keyId =+ Prelude.Nothing,+ keyPairSpec = Prelude.Nothing,+ privateKeyCiphertextBlob =+ Prelude.Nothing,+ publicKey = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that encrypted the private key.+generateDataKeyPairWithoutPlaintextResponse_keyId :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse (Prelude.Maybe Prelude.Text)+generateDataKeyPairWithoutPlaintextResponse_keyId = Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {keyId} -> keyId) (\s@GenerateDataKeyPairWithoutPlaintextResponse' {} a -> s {keyId = a} :: GenerateDataKeyPairWithoutPlaintextResponse)++-- | The type of data key pair that was generated.+generateDataKeyPairWithoutPlaintextResponse_keyPairSpec :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse (Prelude.Maybe DataKeyPairSpec)+generateDataKeyPairWithoutPlaintextResponse_keyPairSpec = Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {keyPairSpec} -> keyPairSpec) (\s@GenerateDataKeyPairWithoutPlaintextResponse' {} a -> s {keyPairSpec = a} :: GenerateDataKeyPairWithoutPlaintextResponse)++-- | The encrypted copy of the private key. When you use the HTTP API or the+-- Amazon Web Services CLI, the value is Base64-encoded. Otherwise, it is+-- not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse (Prelude.Maybe Prelude.ByteString)+generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob = Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {privateKeyCiphertextBlob} -> privateKeyCiphertextBlob) (\s@GenerateDataKeyPairWithoutPlaintextResponse' {} a -> s {privateKeyCiphertextBlob = a} :: GenerateDataKeyPairWithoutPlaintextResponse) Prelude.. Lens.mapping Data._Base64++-- | The public key (in plaintext). When you use the HTTP API or the Amazon+-- Web Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateDataKeyPairWithoutPlaintextResponse_publicKey :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse (Prelude.Maybe Prelude.ByteString)+generateDataKeyPairWithoutPlaintextResponse_publicKey = Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {publicKey} -> publicKey) (\s@GenerateDataKeyPairWithoutPlaintextResponse' {} a -> s {publicKey = a} :: GenerateDataKeyPairWithoutPlaintextResponse) Prelude.. Lens.mapping Data._Base64++-- | The response's http status code.+generateDataKeyPairWithoutPlaintextResponse_httpStatus :: Lens.Lens' GenerateDataKeyPairWithoutPlaintextResponse Prelude.Int+generateDataKeyPairWithoutPlaintextResponse_httpStatus = Lens.lens (\GenerateDataKeyPairWithoutPlaintextResponse' {httpStatus} -> httpStatus) (\s@GenerateDataKeyPairWithoutPlaintextResponse' {} a -> s {httpStatus = a} :: GenerateDataKeyPairWithoutPlaintextResponse)++instance+ Prelude.NFData+ GenerateDataKeyPairWithoutPlaintextResponse+ where+ rnf GenerateDataKeyPairWithoutPlaintextResponse' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf keyPairSpec+ `Prelude.seq` Prelude.rnf privateKeyCiphertextBlob+ `Prelude.seq` Prelude.rnf publicKey+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/GenerateDataKeyWithoutPlaintext.hs view
@@ -0,0 +1,492 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GenerateDataKeyWithoutPlaintext+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns a unique symmetric data key for use outside of KMS. This+-- operation returns a data key that is encrypted under a symmetric+-- encryption KMS key that you specify. The bytes in the key are random;+-- they are not related to the caller or to the KMS key.+--+-- @GenerateDataKeyWithoutPlaintext@ is identical to the GenerateDataKey+-- operation except that it does not return a plaintext copy of the data+-- key.+--+-- This operation is useful for systems that need to encrypt data at some+-- point, but not immediately. When you need to encrypt the data, you call+-- the Decrypt operation on the encrypted copy of the key.+--+-- It\'s also useful in distributed systems with different levels of trust.+-- For example, you might store encrypted data in containers. One component+-- of your system creates new containers and stores an encrypted data key+-- with each container. Then, a different component puts the data into the+-- containers. That component first decrypts the data key, uses the+-- plaintext data key to encrypt data, puts the encrypted data into the+-- container, and then destroys the plaintext data key. In this system, the+-- component that creates the containers never sees the plaintext data key.+--+-- To request an asymmetric data key pair, use the GenerateDataKeyPair or+-- GenerateDataKeyPairWithoutPlaintext operations.+--+-- To generate a data key, you must specify the symmetric encryption KMS+-- key that is used to encrypt the data key. You cannot use an asymmetric+-- KMS key or a key in a custom key store to generate a data key. To get+-- the type of your KMS key, use the DescribeKey operation.+--+-- You must also specify the length of the data key. Use either the+-- @KeySpec@ or @NumberOfBytes@ parameters (but not both). For 128-bit and+-- 256-bit data keys, use the @KeySpec@ parameter.+--+-- To generate an SM4 data key (China Regions only), specify a @KeySpec@+-- value of @AES_128@ or @NumberOfBytes@ value of @128@. The symmetric+-- encryption key used in China Regions to encrypt your data key is an SM4+-- encryption key.+--+-- If the operation succeeds, you will find the encrypted copy of the data+-- key in the @CiphertextBlob@ field.+--+-- You can use an optional encryption context to add additional security to+-- the encryption operation. If you specify an @EncryptionContext@, you+-- must specify the same encryption context (a case-sensitive exact match)+-- when decrypting the encrypted data key. Otherwise, the request to+-- decrypt fails with an @InvalidCiphertextException@. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption Context>+-- in the /Key Management Service Developer Guide/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GenerateDataKeyWithoutPlaintext>+-- (key policy)+--+-- __Related operations:__+--+-- - Decrypt+--+-- - Encrypt+--+-- - GenerateDataKey+--+-- - GenerateDataKeyPair+--+-- - GenerateDataKeyPairWithoutPlaintext+module Amazonka.KMS.GenerateDataKeyWithoutPlaintext+ ( -- * Creating a Request+ GenerateDataKeyWithoutPlaintext (..),+ newGenerateDataKeyWithoutPlaintext,++ -- * Request Lenses+ generateDataKeyWithoutPlaintext_encryptionContext,+ generateDataKeyWithoutPlaintext_grantTokens,+ generateDataKeyWithoutPlaintext_keySpec,+ generateDataKeyWithoutPlaintext_numberOfBytes,+ generateDataKeyWithoutPlaintext_keyId,++ -- * Destructuring the Response+ GenerateDataKeyWithoutPlaintextResponse (..),+ newGenerateDataKeyWithoutPlaintextResponse,++ -- * Response Lenses+ generateDataKeyWithoutPlaintextResponse_ciphertextBlob,+ generateDataKeyWithoutPlaintextResponse_keyId,+ generateDataKeyWithoutPlaintextResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGenerateDataKeyWithoutPlaintext' smart constructor.+data GenerateDataKeyWithoutPlaintext = GenerateDataKeyWithoutPlaintext'+ { -- | Specifies the encryption context that will be used when encrypting the+ -- data key.+ --+ -- An /encryption context/ is a collection of non-secret key-value pairs+ -- that represent additional authenticated data. When you use an encryption+ -- context to encrypt data, you must specify the same (an exact+ -- case-sensitive match) encryption context to decrypt the data. An+ -- encryption context is supported only on operations with symmetric+ -- encryption KMS keys. On operations with symmetric encryption KMS keys,+ -- an encryption context is optional, but it is strongly recommended.+ --+ -- For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+ -- in the /Key Management Service Developer Guide/.+ encryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),+ -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | The length of the data key. Use @AES_128@ to generate a 128-bit+ -- symmetric key, or @AES_256@ to generate a 256-bit symmetric key.+ keySpec :: Prelude.Maybe DataKeySpec,+ -- | The length of the data key in bytes. For example, use the value 64 to+ -- generate a 512-bit data key (64 bytes is 512 bits). For common key+ -- lengths (128-bit and 256-bit symmetric keys), we recommend that you use+ -- the @KeySpec@ field instead of this one.+ numberOfBytes :: Prelude.Maybe Prelude.Natural,+ -- | Specifies the symmetric encryption KMS key that encrypts the data key.+ -- You cannot specify an asymmetric KMS key or a KMS key in a custom key+ -- store. To get the type and origin of your KMS key, use the DescribeKey+ -- operation.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateDataKeyWithoutPlaintext' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionContext', 'generateDataKeyWithoutPlaintext_encryptionContext' - Specifies the encryption context that will be used when encrypting the+-- data key.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+--+-- 'grantTokens', 'generateDataKeyWithoutPlaintext_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'keySpec', 'generateDataKeyWithoutPlaintext_keySpec' - The length of the data key. Use @AES_128@ to generate a 128-bit+-- symmetric key, or @AES_256@ to generate a 256-bit symmetric key.+--+-- 'numberOfBytes', 'generateDataKeyWithoutPlaintext_numberOfBytes' - The length of the data key in bytes. For example, use the value 64 to+-- generate a 512-bit data key (64 bytes is 512 bits). For common key+-- lengths (128-bit and 256-bit symmetric keys), we recommend that you use+-- the @KeySpec@ field instead of this one.+--+-- 'keyId', 'generateDataKeyWithoutPlaintext_keyId' - Specifies the symmetric encryption KMS key that encrypts the data key.+-- You cannot specify an asymmetric KMS key or a KMS key in a custom key+-- store. To get the type and origin of your KMS key, use the DescribeKey+-- operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+newGenerateDataKeyWithoutPlaintext ::+ -- | 'keyId'+ Prelude.Text ->+ GenerateDataKeyWithoutPlaintext+newGenerateDataKeyWithoutPlaintext pKeyId_ =+ GenerateDataKeyWithoutPlaintext'+ { encryptionContext =+ Prelude.Nothing,+ grantTokens = Prelude.Nothing,+ keySpec = Prelude.Nothing,+ numberOfBytes = Prelude.Nothing,+ keyId = pKeyId_+ }++-- | Specifies the encryption context that will be used when encrypting the+-- data key.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+generateDataKeyWithoutPlaintext_encryptionContext :: Lens.Lens' GenerateDataKeyWithoutPlaintext (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+generateDataKeyWithoutPlaintext_encryptionContext = Lens.lens (\GenerateDataKeyWithoutPlaintext' {encryptionContext} -> encryptionContext) (\s@GenerateDataKeyWithoutPlaintext' {} a -> s {encryptionContext = a} :: GenerateDataKeyWithoutPlaintext) Prelude.. Lens.mapping Lens.coerced++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+generateDataKeyWithoutPlaintext_grantTokens :: Lens.Lens' GenerateDataKeyWithoutPlaintext (Prelude.Maybe [Prelude.Text])+generateDataKeyWithoutPlaintext_grantTokens = Lens.lens (\GenerateDataKeyWithoutPlaintext' {grantTokens} -> grantTokens) (\s@GenerateDataKeyWithoutPlaintext' {} a -> s {grantTokens = a} :: GenerateDataKeyWithoutPlaintext) Prelude.. Lens.mapping Lens.coerced++-- | The length of the data key. Use @AES_128@ to generate a 128-bit+-- symmetric key, or @AES_256@ to generate a 256-bit symmetric key.+generateDataKeyWithoutPlaintext_keySpec :: Lens.Lens' GenerateDataKeyWithoutPlaintext (Prelude.Maybe DataKeySpec)+generateDataKeyWithoutPlaintext_keySpec = Lens.lens (\GenerateDataKeyWithoutPlaintext' {keySpec} -> keySpec) (\s@GenerateDataKeyWithoutPlaintext' {} a -> s {keySpec = a} :: GenerateDataKeyWithoutPlaintext)++-- | The length of the data key in bytes. For example, use the value 64 to+-- generate a 512-bit data key (64 bytes is 512 bits). For common key+-- lengths (128-bit and 256-bit symmetric keys), we recommend that you use+-- the @KeySpec@ field instead of this one.+generateDataKeyWithoutPlaintext_numberOfBytes :: Lens.Lens' GenerateDataKeyWithoutPlaintext (Prelude.Maybe Prelude.Natural)+generateDataKeyWithoutPlaintext_numberOfBytes = Lens.lens (\GenerateDataKeyWithoutPlaintext' {numberOfBytes} -> numberOfBytes) (\s@GenerateDataKeyWithoutPlaintext' {} a -> s {numberOfBytes = a} :: GenerateDataKeyWithoutPlaintext)++-- | Specifies the symmetric encryption KMS key that encrypts the data key.+-- You cannot specify an asymmetric KMS key or a KMS key in a custom key+-- store. To get the type and origin of your KMS key, use the DescribeKey+-- operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+generateDataKeyWithoutPlaintext_keyId :: Lens.Lens' GenerateDataKeyWithoutPlaintext Prelude.Text+generateDataKeyWithoutPlaintext_keyId = Lens.lens (\GenerateDataKeyWithoutPlaintext' {keyId} -> keyId) (\s@GenerateDataKeyWithoutPlaintext' {} a -> s {keyId = a} :: GenerateDataKeyWithoutPlaintext)++instance+ Core.AWSRequest+ GenerateDataKeyWithoutPlaintext+ where+ type+ AWSResponse GenerateDataKeyWithoutPlaintext =+ GenerateDataKeyWithoutPlaintextResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GenerateDataKeyWithoutPlaintextResponse'+ Prelude.<$> (x Data..?> "CiphertextBlob")+ Prelude.<*> (x Data..?> "KeyId")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance+ Prelude.Hashable+ GenerateDataKeyWithoutPlaintext+ where+ hashWithSalt+ _salt+ GenerateDataKeyWithoutPlaintext' {..} =+ _salt+ `Prelude.hashWithSalt` encryptionContext+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` keySpec+ `Prelude.hashWithSalt` numberOfBytes+ `Prelude.hashWithSalt` keyId++instance+ Prelude.NFData+ GenerateDataKeyWithoutPlaintext+ where+ rnf GenerateDataKeyWithoutPlaintext' {..} =+ Prelude.rnf encryptionContext+ `Prelude.seq` Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf keySpec+ `Prelude.seq` Prelude.rnf numberOfBytes+ `Prelude.seq` Prelude.rnf keyId++instance+ Data.ToHeaders+ GenerateDataKeyWithoutPlaintext+ where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.GenerateDataKeyWithoutPlaintext" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON GenerateDataKeyWithoutPlaintext where+ toJSON GenerateDataKeyWithoutPlaintext' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("EncryptionContext" Data..=)+ Prelude.<$> encryptionContext,+ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ ("KeySpec" Data..=) Prelude.<$> keySpec,+ ("NumberOfBytes" Data..=) Prelude.<$> numberOfBytes,+ Prelude.Just ("KeyId" Data..= keyId)+ ]+ )++instance Data.ToPath GenerateDataKeyWithoutPlaintext where+ toPath = Prelude.const "/"++instance Data.ToQuery GenerateDataKeyWithoutPlaintext where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGenerateDataKeyWithoutPlaintextResponse' smart constructor.+data GenerateDataKeyWithoutPlaintextResponse = GenerateDataKeyWithoutPlaintextResponse'+ { -- | The encrypted data key. When you use the HTTP API or the Amazon Web+ -- Services CLI, the value is Base64-encoded. Otherwise, it is not+ -- Base64-encoded.+ ciphertextBlob :: Prelude.Maybe Data.Base64,+ -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key that encrypted the data key.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateDataKeyWithoutPlaintextResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ciphertextBlob', 'generateDataKeyWithoutPlaintextResponse_ciphertextBlob' - The encrypted data key. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'keyId', 'generateDataKeyWithoutPlaintextResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that encrypted the data key.+--+-- 'httpStatus', 'generateDataKeyWithoutPlaintextResponse_httpStatus' - The response's http status code.+newGenerateDataKeyWithoutPlaintextResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ GenerateDataKeyWithoutPlaintextResponse+newGenerateDataKeyWithoutPlaintextResponse+ pHttpStatus_ =+ GenerateDataKeyWithoutPlaintextResponse'+ { ciphertextBlob =+ Prelude.Nothing,+ keyId = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The encrypted data key. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateDataKeyWithoutPlaintextResponse_ciphertextBlob :: Lens.Lens' GenerateDataKeyWithoutPlaintextResponse (Prelude.Maybe Prelude.ByteString)+generateDataKeyWithoutPlaintextResponse_ciphertextBlob = Lens.lens (\GenerateDataKeyWithoutPlaintextResponse' {ciphertextBlob} -> ciphertextBlob) (\s@GenerateDataKeyWithoutPlaintextResponse' {} a -> s {ciphertextBlob = a} :: GenerateDataKeyWithoutPlaintextResponse) Prelude.. Lens.mapping Data._Base64++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that encrypted the data key.+generateDataKeyWithoutPlaintextResponse_keyId :: Lens.Lens' GenerateDataKeyWithoutPlaintextResponse (Prelude.Maybe Prelude.Text)+generateDataKeyWithoutPlaintextResponse_keyId = Lens.lens (\GenerateDataKeyWithoutPlaintextResponse' {keyId} -> keyId) (\s@GenerateDataKeyWithoutPlaintextResponse' {} a -> s {keyId = a} :: GenerateDataKeyWithoutPlaintextResponse)++-- | The response's http status code.+generateDataKeyWithoutPlaintextResponse_httpStatus :: Lens.Lens' GenerateDataKeyWithoutPlaintextResponse Prelude.Int+generateDataKeyWithoutPlaintextResponse_httpStatus = Lens.lens (\GenerateDataKeyWithoutPlaintextResponse' {httpStatus} -> httpStatus) (\s@GenerateDataKeyWithoutPlaintextResponse' {} a -> s {httpStatus = a} :: GenerateDataKeyWithoutPlaintextResponse)++instance+ Prelude.NFData+ GenerateDataKeyWithoutPlaintextResponse+ where+ rnf GenerateDataKeyWithoutPlaintextResponse' {..} =+ Prelude.rnf ciphertextBlob+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/GenerateMac.hs view
@@ -0,0 +1,368 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GenerateMac+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Generates a hash-based message authentication code (HMAC) for a message+-- using an HMAC KMS key and a MAC algorithm that the key supports. HMAC+-- KMS keys and the HMAC algorithms that KMS uses conform to industry+-- standards defined in+-- <https://datatracker.ietf.org/doc/html/rfc2104 RFC 2104>.+--+-- You can use value that GenerateMac returns in the VerifyMac operation to+-- demonstrate that the original message has not changed. Also, because a+-- secret key is used to create the hash, you can verify that the party+-- that generated the hash has the required secret key. You can also use+-- the raw result to implement HMAC-based algorithms such as key derivation+-- functions. This operation is part of KMS support for HMAC KMS keys. For+-- details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC keys in KMS>+-- in the //Key Management Service Developer Guide// .+--+-- Best practices recommend that you limit the time during which any+-- signing mechanism, including an HMAC, is effective. This deters an+-- attack where the actor uses a signed message to establish validity+-- repeatedly or long after the message is superseded. HMAC tags do not+-- include a timestamp, but you can include a timestamp in the token or+-- message to help you detect when its time to refresh the HMAC.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GenerateMac>+-- (key policy)+--+-- __Related operations__: VerifyMac+module Amazonka.KMS.GenerateMac+ ( -- * Creating a Request+ GenerateMac (..),+ newGenerateMac,++ -- * Request Lenses+ generateMac_grantTokens,+ generateMac_message,+ generateMac_keyId,+ generateMac_macAlgorithm,++ -- * Destructuring the Response+ GenerateMacResponse (..),+ newGenerateMacResponse,++ -- * Response Lenses+ generateMacResponse_keyId,+ generateMacResponse_mac,+ generateMacResponse_macAlgorithm,+ generateMacResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGenerateMac' smart constructor.+data GenerateMac = GenerateMac'+ { -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | The message to be hashed. Specify a message of up to 4,096 bytes.+ --+ -- @GenerateMac@ and VerifyMac do not provide special handling for message+ -- digests. If you generate an HMAC for a hash digest of a message, you+ -- must verify the HMAC of the same hash digest.+ message :: Data.Sensitive Data.Base64,+ -- | The HMAC KMS key to use in the operation. The MAC algorithm computes the+ -- HMAC for the message and the key as described in+ -- <https://datatracker.ietf.org/doc/html/rfc2104 RFC 2104>.+ --+ -- To identify an HMAC KMS key, use the DescribeKey operation and see the+ -- @KeySpec@ field in the response.+ keyId :: Prelude.Text,+ -- | The MAC algorithm used in the operation.+ --+ -- The algorithm must be compatible with the HMAC KMS key that you specify.+ -- To find the MAC algorithms that your HMAC KMS key supports, use the+ -- DescribeKey operation and see the @MacAlgorithms@ field in the+ -- @DescribeKey@ response.+ macAlgorithm :: MacAlgorithmSpec+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateMac' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grantTokens', 'generateMac_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'message', 'generateMac_message' - The message to be hashed. Specify a message of up to 4,096 bytes.+--+-- @GenerateMac@ and VerifyMac do not provide special handling for message+-- digests. If you generate an HMAC for a hash digest of a message, you+-- must verify the HMAC of the same hash digest.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'keyId', 'generateMac_keyId' - The HMAC KMS key to use in the operation. The MAC algorithm computes the+-- HMAC for the message and the key as described in+-- <https://datatracker.ietf.org/doc/html/rfc2104 RFC 2104>.+--+-- To identify an HMAC KMS key, use the DescribeKey operation and see the+-- @KeySpec@ field in the response.+--+-- 'macAlgorithm', 'generateMac_macAlgorithm' - The MAC algorithm used in the operation.+--+-- The algorithm must be compatible with the HMAC KMS key that you specify.+-- To find the MAC algorithms that your HMAC KMS key supports, use the+-- DescribeKey operation and see the @MacAlgorithms@ field in the+-- @DescribeKey@ response.+newGenerateMac ::+ -- | 'message'+ Prelude.ByteString ->+ -- | 'keyId'+ Prelude.Text ->+ -- | 'macAlgorithm'+ MacAlgorithmSpec ->+ GenerateMac+newGenerateMac pMessage_ pKeyId_ pMacAlgorithm_ =+ GenerateMac'+ { grantTokens = Prelude.Nothing,+ message =+ Data._Sensitive+ Prelude.. Data._Base64+ Lens.# pMessage_,+ keyId = pKeyId_,+ macAlgorithm = pMacAlgorithm_+ }++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+generateMac_grantTokens :: Lens.Lens' GenerateMac (Prelude.Maybe [Prelude.Text])+generateMac_grantTokens = Lens.lens (\GenerateMac' {grantTokens} -> grantTokens) (\s@GenerateMac' {} a -> s {grantTokens = a} :: GenerateMac) Prelude.. Lens.mapping Lens.coerced++-- | The message to be hashed. Specify a message of up to 4,096 bytes.+--+-- @GenerateMac@ and VerifyMac do not provide special handling for message+-- digests. If you generate an HMAC for a hash digest of a message, you+-- must verify the HMAC of the same hash digest.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateMac_message :: Lens.Lens' GenerateMac Prelude.ByteString+generateMac_message = Lens.lens (\GenerateMac' {message} -> message) (\s@GenerateMac' {} a -> s {message = a} :: GenerateMac) Prelude.. Data._Sensitive Prelude.. Data._Base64++-- | The HMAC KMS key to use in the operation. The MAC algorithm computes the+-- HMAC for the message and the key as described in+-- <https://datatracker.ietf.org/doc/html/rfc2104 RFC 2104>.+--+-- To identify an HMAC KMS key, use the DescribeKey operation and see the+-- @KeySpec@ field in the response.+generateMac_keyId :: Lens.Lens' GenerateMac Prelude.Text+generateMac_keyId = Lens.lens (\GenerateMac' {keyId} -> keyId) (\s@GenerateMac' {} a -> s {keyId = a} :: GenerateMac)++-- | The MAC algorithm used in the operation.+--+-- The algorithm must be compatible with the HMAC KMS key that you specify.+-- To find the MAC algorithms that your HMAC KMS key supports, use the+-- DescribeKey operation and see the @MacAlgorithms@ field in the+-- @DescribeKey@ response.+generateMac_macAlgorithm :: Lens.Lens' GenerateMac MacAlgorithmSpec+generateMac_macAlgorithm = Lens.lens (\GenerateMac' {macAlgorithm} -> macAlgorithm) (\s@GenerateMac' {} a -> s {macAlgorithm = a} :: GenerateMac)++instance Core.AWSRequest GenerateMac where+ type AWSResponse GenerateMac = GenerateMacResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GenerateMacResponse'+ Prelude.<$> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "Mac")+ Prelude.<*> (x Data..?> "MacAlgorithm")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable GenerateMac where+ hashWithSalt _salt GenerateMac' {..} =+ _salt+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` message+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` macAlgorithm++instance Prelude.NFData GenerateMac where+ rnf GenerateMac' {..} =+ Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf message+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf macAlgorithm++instance Data.ToHeaders GenerateMac where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.GenerateMac" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON GenerateMac where+ toJSON GenerateMac' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ Prelude.Just ("Message" Data..= message),+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("MacAlgorithm" Data..= macAlgorithm)+ ]+ )++instance Data.ToPath GenerateMac where+ toPath = Prelude.const "/"++instance Data.ToQuery GenerateMac where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGenerateMacResponse' smart constructor.+data GenerateMacResponse = GenerateMacResponse'+ { -- | The HMAC KMS key used in the operation.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The hash-based message authentication code (HMAC) that was generated for+ -- the specified message, HMAC KMS key, and MAC algorithm.+ --+ -- This is the standard, raw HMAC defined in+ -- <https://datatracker.ietf.org/doc/html/rfc2104 RFC 2104>.+ mac :: Prelude.Maybe Data.Base64,+ -- | The MAC algorithm that was used to generate the HMAC.+ macAlgorithm :: Prelude.Maybe MacAlgorithmSpec,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateMacResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'generateMacResponse_keyId' - The HMAC KMS key used in the operation.+--+-- 'mac', 'generateMacResponse_mac' - The hash-based message authentication code (HMAC) that was generated for+-- the specified message, HMAC KMS key, and MAC algorithm.+--+-- This is the standard, raw HMAC defined in+-- <https://datatracker.ietf.org/doc/html/rfc2104 RFC 2104>.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'macAlgorithm', 'generateMacResponse_macAlgorithm' - The MAC algorithm that was used to generate the HMAC.+--+-- 'httpStatus', 'generateMacResponse_httpStatus' - The response's http status code.+newGenerateMacResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ GenerateMacResponse+newGenerateMacResponse pHttpStatus_ =+ GenerateMacResponse'+ { keyId = Prelude.Nothing,+ mac = Prelude.Nothing,+ macAlgorithm = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The HMAC KMS key used in the operation.+generateMacResponse_keyId :: Lens.Lens' GenerateMacResponse (Prelude.Maybe Prelude.Text)+generateMacResponse_keyId = Lens.lens (\GenerateMacResponse' {keyId} -> keyId) (\s@GenerateMacResponse' {} a -> s {keyId = a} :: GenerateMacResponse)++-- | The hash-based message authentication code (HMAC) that was generated for+-- the specified message, HMAC KMS key, and MAC algorithm.+--+-- This is the standard, raw HMAC defined in+-- <https://datatracker.ietf.org/doc/html/rfc2104 RFC 2104>.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateMacResponse_mac :: Lens.Lens' GenerateMacResponse (Prelude.Maybe Prelude.ByteString)+generateMacResponse_mac = Lens.lens (\GenerateMacResponse' {mac} -> mac) (\s@GenerateMacResponse' {} a -> s {mac = a} :: GenerateMacResponse) Prelude.. Lens.mapping Data._Base64++-- | The MAC algorithm that was used to generate the HMAC.+generateMacResponse_macAlgorithm :: Lens.Lens' GenerateMacResponse (Prelude.Maybe MacAlgorithmSpec)+generateMacResponse_macAlgorithm = Lens.lens (\GenerateMacResponse' {macAlgorithm} -> macAlgorithm) (\s@GenerateMacResponse' {} a -> s {macAlgorithm = a} :: GenerateMacResponse)++-- | The response's http status code.+generateMacResponse_httpStatus :: Lens.Lens' GenerateMacResponse Prelude.Int+generateMacResponse_httpStatus = Lens.lens (\GenerateMacResponse' {httpStatus} -> httpStatus) (\s@GenerateMacResponse' {} a -> s {httpStatus = a} :: GenerateMacResponse)++instance Prelude.NFData GenerateMacResponse where+ rnf GenerateMacResponse' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf mac+ `Prelude.seq` Prelude.rnf macAlgorithm+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/GenerateRandom.hs view
@@ -0,0 +1,241 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GenerateRandom+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns a random byte string that is cryptographically secure.+--+-- You must use the @NumberOfBytes@ parameter to specify the length of the+-- random byte string. There is no default value for string length.+--+-- By default, the random byte string is generated in KMS. To generate the+-- byte string in the CloudHSM cluster associated with an CloudHSM key+-- store, use the @CustomKeyStoreId@ parameter.+--+-- Applications in Amazon Web Services Nitro Enclaves can call this+-- operation by using the+-- <https://github.com/aws/aws-nitro-enclaves-sdk-c Amazon Web Services Nitro Enclaves Development Kit>.+-- For information about the supporting parameters, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/services-nitro-enclaves.html How Amazon Web Services Nitro Enclaves use KMS>+-- in the /Key Management Service Developer Guide/.+--+-- For more information about entropy and random number generation, see+-- <https://docs.aws.amazon.com/kms/latest/cryptographic-details/ Key Management Service Cryptographic Details>.+--+-- __Cross-account use__: Not applicable. @GenerateRandom@ does not use any+-- account-specific resources, such as KMS keys.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GenerateRandom>+-- (IAM policy)+module Amazonka.KMS.GenerateRandom+ ( -- * Creating a Request+ GenerateRandom (..),+ newGenerateRandom,++ -- * Request Lenses+ generateRandom_customKeyStoreId,+ generateRandom_numberOfBytes,++ -- * Destructuring the Response+ GenerateRandomResponse (..),+ newGenerateRandomResponse,++ -- * Response Lenses+ generateRandomResponse_plaintext,+ generateRandomResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGenerateRandom' smart constructor.+data GenerateRandom = GenerateRandom'+ { -- | Generates the random byte string in the CloudHSM cluster that is+ -- associated with the specified CloudHSM key store. To find the ID of a+ -- custom key store, use the DescribeCustomKeyStores operation.+ --+ -- External key store IDs are not valid for this parameter. If you specify+ -- the ID of an external key store, @GenerateRandom@ throws an+ -- @UnsupportedOperationException@.+ customKeyStoreId :: Prelude.Maybe Prelude.Text,+ -- | The length of the random byte string. This parameter is required.+ numberOfBytes :: Prelude.Maybe Prelude.Natural+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateRandom' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'customKeyStoreId', 'generateRandom_customKeyStoreId' - Generates the random byte string in the CloudHSM cluster that is+-- associated with the specified CloudHSM key store. To find the ID of a+-- custom key store, use the DescribeCustomKeyStores operation.+--+-- External key store IDs are not valid for this parameter. If you specify+-- the ID of an external key store, @GenerateRandom@ throws an+-- @UnsupportedOperationException@.+--+-- 'numberOfBytes', 'generateRandom_numberOfBytes' - The length of the random byte string. This parameter is required.+newGenerateRandom ::+ GenerateRandom+newGenerateRandom =+ GenerateRandom'+ { customKeyStoreId = Prelude.Nothing,+ numberOfBytes = Prelude.Nothing+ }++-- | Generates the random byte string in the CloudHSM cluster that is+-- associated with the specified CloudHSM key store. To find the ID of a+-- custom key store, use the DescribeCustomKeyStores operation.+--+-- External key store IDs are not valid for this parameter. If you specify+-- the ID of an external key store, @GenerateRandom@ throws an+-- @UnsupportedOperationException@.+generateRandom_customKeyStoreId :: Lens.Lens' GenerateRandom (Prelude.Maybe Prelude.Text)+generateRandom_customKeyStoreId = Lens.lens (\GenerateRandom' {customKeyStoreId} -> customKeyStoreId) (\s@GenerateRandom' {} a -> s {customKeyStoreId = a} :: GenerateRandom)++-- | The length of the random byte string. This parameter is required.+generateRandom_numberOfBytes :: Lens.Lens' GenerateRandom (Prelude.Maybe Prelude.Natural)+generateRandom_numberOfBytes = Lens.lens (\GenerateRandom' {numberOfBytes} -> numberOfBytes) (\s@GenerateRandom' {} a -> s {numberOfBytes = a} :: GenerateRandom)++instance Core.AWSRequest GenerateRandom where+ type+ AWSResponse GenerateRandom =+ GenerateRandomResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GenerateRandomResponse'+ Prelude.<$> (x Data..?> "Plaintext")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable GenerateRandom where+ hashWithSalt _salt GenerateRandom' {..} =+ _salt+ `Prelude.hashWithSalt` customKeyStoreId+ `Prelude.hashWithSalt` numberOfBytes++instance Prelude.NFData GenerateRandom where+ rnf GenerateRandom' {..} =+ Prelude.rnf customKeyStoreId+ `Prelude.seq` Prelude.rnf numberOfBytes++instance Data.ToHeaders GenerateRandom where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.GenerateRandom" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON GenerateRandom where+ toJSON GenerateRandom' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("CustomKeyStoreId" Data..=)+ Prelude.<$> customKeyStoreId,+ ("NumberOfBytes" Data..=) Prelude.<$> numberOfBytes+ ]+ )++instance Data.ToPath GenerateRandom where+ toPath = Prelude.const "/"++instance Data.ToQuery GenerateRandom where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGenerateRandomResponse' smart constructor.+data GenerateRandomResponse = GenerateRandomResponse'+ { -- | The random byte string. When you use the HTTP API or the Amazon Web+ -- Services CLI, the value is Base64-encoded. Otherwise, it is not+ -- Base64-encoded.+ plaintext :: Prelude.Maybe (Data.Sensitive Data.Base64),+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GenerateRandomResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'plaintext', 'generateRandomResponse_plaintext' - The random byte string. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'httpStatus', 'generateRandomResponse_httpStatus' - The response's http status code.+newGenerateRandomResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ GenerateRandomResponse+newGenerateRandomResponse pHttpStatus_ =+ GenerateRandomResponse'+ { plaintext =+ Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The random byte string. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+generateRandomResponse_plaintext :: Lens.Lens' GenerateRandomResponse (Prelude.Maybe Prelude.ByteString)+generateRandomResponse_plaintext = Lens.lens (\GenerateRandomResponse' {plaintext} -> plaintext) (\s@GenerateRandomResponse' {} a -> s {plaintext = a} :: GenerateRandomResponse) Prelude.. Lens.mapping (Data._Sensitive Prelude.. Data._Base64)++-- | The response's http status code.+generateRandomResponse_httpStatus :: Lens.Lens' GenerateRandomResponse Prelude.Int+generateRandomResponse_httpStatus = Lens.lens (\GenerateRandomResponse' {httpStatus} -> httpStatus) (\s@GenerateRandomResponse' {} a -> s {httpStatus = a} :: GenerateRandomResponse)++instance Prelude.NFData GenerateRandomResponse where+ rnf GenerateRandomResponse' {..} =+ Prelude.rnf plaintext+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/GetKeyPolicy.hs view
@@ -0,0 +1,231 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GetKeyPolicy+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Gets a key policy attached to the specified KMS key.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GetKeyPolicy>+-- (key policy)+--+-- __Related operations__: PutKeyPolicy+module Amazonka.KMS.GetKeyPolicy+ ( -- * Creating a Request+ GetKeyPolicy (..),+ newGetKeyPolicy,++ -- * Request Lenses+ getKeyPolicy_keyId,+ getKeyPolicy_policyName,++ -- * Destructuring the Response+ GetKeyPolicyResponse (..),+ newGetKeyPolicyResponse,++ -- * Response Lenses+ getKeyPolicyResponse_policy,+ getKeyPolicyResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGetKeyPolicy' smart constructor.+data GetKeyPolicy = GetKeyPolicy'+ { -- | Gets the key policy for the specified KMS key.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | Specifies the name of the key policy. The only valid name is @default@.+ -- To get the names of key policies, use ListKeyPolicies.+ policyName :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GetKeyPolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'getKeyPolicy_keyId' - Gets the key policy for the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'policyName', 'getKeyPolicy_policyName' - Specifies the name of the key policy. The only valid name is @default@.+-- To get the names of key policies, use ListKeyPolicies.+newGetKeyPolicy ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'policyName'+ Prelude.Text ->+ GetKeyPolicy+newGetKeyPolicy pKeyId_ pPolicyName_ =+ GetKeyPolicy'+ { keyId = pKeyId_,+ policyName = pPolicyName_+ }++-- | Gets the key policy for the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+getKeyPolicy_keyId :: Lens.Lens' GetKeyPolicy Prelude.Text+getKeyPolicy_keyId = Lens.lens (\GetKeyPolicy' {keyId} -> keyId) (\s@GetKeyPolicy' {} a -> s {keyId = a} :: GetKeyPolicy)++-- | Specifies the name of the key policy. The only valid name is @default@.+-- To get the names of key policies, use ListKeyPolicies.+getKeyPolicy_policyName :: Lens.Lens' GetKeyPolicy Prelude.Text+getKeyPolicy_policyName = Lens.lens (\GetKeyPolicy' {policyName} -> policyName) (\s@GetKeyPolicy' {} a -> s {policyName = a} :: GetKeyPolicy)++instance Core.AWSRequest GetKeyPolicy where+ type AWSResponse GetKeyPolicy = GetKeyPolicyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GetKeyPolicyResponse'+ Prelude.<$> (x Data..?> "Policy")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable GetKeyPolicy where+ hashWithSalt _salt GetKeyPolicy' {..} =+ _salt+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` policyName++instance Prelude.NFData GetKeyPolicy where+ rnf GetKeyPolicy' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf policyName++instance Data.ToHeaders GetKeyPolicy where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.GetKeyPolicy" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON GetKeyPolicy where+ toJSON GetKeyPolicy' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("PolicyName" Data..= policyName)+ ]+ )++instance Data.ToPath GetKeyPolicy where+ toPath = Prelude.const "/"++instance Data.ToQuery GetKeyPolicy where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGetKeyPolicyResponse' smart constructor.+data GetKeyPolicyResponse = GetKeyPolicyResponse'+ { -- | A key policy document in JSON format.+ policy :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GetKeyPolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'policy', 'getKeyPolicyResponse_policy' - A key policy document in JSON format.+--+-- 'httpStatus', 'getKeyPolicyResponse_httpStatus' - The response's http status code.+newGetKeyPolicyResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ GetKeyPolicyResponse+newGetKeyPolicyResponse pHttpStatus_ =+ GetKeyPolicyResponse'+ { policy = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | A key policy document in JSON format.+getKeyPolicyResponse_policy :: Lens.Lens' GetKeyPolicyResponse (Prelude.Maybe Prelude.Text)+getKeyPolicyResponse_policy = Lens.lens (\GetKeyPolicyResponse' {policy} -> policy) (\s@GetKeyPolicyResponse' {} a -> s {policy = a} :: GetKeyPolicyResponse)++-- | The response's http status code.+getKeyPolicyResponse_httpStatus :: Lens.Lens' GetKeyPolicyResponse Prelude.Int+getKeyPolicyResponse_httpStatus = Lens.lens (\GetKeyPolicyResponse' {httpStatus} -> httpStatus) (\s@GetKeyPolicyResponse' {} a -> s {httpStatus = a} :: GetKeyPolicyResponse)++instance Prelude.NFData GetKeyPolicyResponse where+ rnf GetKeyPolicyResponse' {..} =+ Prelude.rnf policy+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/GetKeyRotationStatus.hs view
@@ -0,0 +1,274 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GetKeyRotationStatus+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Gets a Boolean value that indicates whether+-- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html automatic rotation of the key material>+-- is enabled for the specified KMS key.+--+-- When you enable automatic rotation for+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed KMS keys>,+-- KMS rotates the key material of the KMS key one year (approximately 365+-- days) from the enable date and every year thereafter. You can monitor+-- rotation of the key material for your KMS keys in CloudTrail and Amazon+-- CloudWatch.+--+-- Automatic key rotation is supported only on+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks symmetric encryption KMS keys>.+-- You cannot enable automatic rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html asymmetric KMS keys>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC KMS keys>,+-- KMS keys with+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html imported key material>,+-- or KMS keys in a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>.+-- To enable or disable automatic rotation of a set of related+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate multi-Region keys>,+-- set the property on the primary key..+--+-- You can enable (EnableKeyRotation) and disable automatic rotation+-- (DisableKeyRotation) of the key material in customer managed KMS keys.+-- Key material rotation of+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed KMS keys>+-- is not configurable. KMS always rotates the key material in Amazon Web+-- Services managed KMS keys every year. The key rotation status for Amazon+-- Web Services managed KMS keys is always @true@.+--+-- In May 2022, KMS changed the rotation schedule for Amazon Web Services+-- managed keys from every three years to every year. For details, see+-- EnableKeyRotation.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- - Disabled: The key rotation status does not change when you disable a+-- KMS key. However, while the KMS key is disabled, KMS does not rotate+-- the key material. When you re-enable the KMS key, rotation resumes.+-- If the key material in the re-enabled KMS key hasn\'t been rotated+-- in one year, KMS rotates it immediately, and every year thereafter.+-- If it\'s been less than a year since the key material in the+-- re-enabled KMS key was rotated, the KMS key resumes its prior+-- rotation schedule.+--+-- - Pending deletion: While a KMS key is pending deletion, its key+-- rotation status is @false@ and KMS does not rotate the key material.+-- If you cancel the deletion, the original key rotation status returns+-- to @true@.+--+-- __Cross-account use__: Yes. To perform this operation on a KMS key in a+-- different Amazon Web Services account, specify the key ARN in the value+-- of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GetKeyRotationStatus>+-- (key policy)+--+-- __Related operations:__+--+-- - DisableKeyRotation+--+-- - EnableKeyRotation+module Amazonka.KMS.GetKeyRotationStatus+ ( -- * Creating a Request+ GetKeyRotationStatus (..),+ newGetKeyRotationStatus,++ -- * Request Lenses+ getKeyRotationStatus_keyId,++ -- * Destructuring the Response+ GetKeyRotationStatusResponse (..),+ newGetKeyRotationStatusResponse,++ -- * Response Lenses+ getKeyRotationStatusResponse_keyRotationEnabled,+ getKeyRotationStatusResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGetKeyRotationStatus' smart constructor.+data GetKeyRotationStatus = GetKeyRotationStatus'+ { -- | Gets the rotation status for the specified KMS key.+ --+ -- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+ -- different Amazon Web Services account, you must use the key ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GetKeyRotationStatus' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'getKeyRotationStatus_keyId' - Gets the rotation status for the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+-- different Amazon Web Services account, you must use the key ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newGetKeyRotationStatus ::+ -- | 'keyId'+ Prelude.Text ->+ GetKeyRotationStatus+newGetKeyRotationStatus pKeyId_ =+ GetKeyRotationStatus' {keyId = pKeyId_}++-- | Gets the rotation status for the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+-- different Amazon Web Services account, you must use the key ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+getKeyRotationStatus_keyId :: Lens.Lens' GetKeyRotationStatus Prelude.Text+getKeyRotationStatus_keyId = Lens.lens (\GetKeyRotationStatus' {keyId} -> keyId) (\s@GetKeyRotationStatus' {} a -> s {keyId = a} :: GetKeyRotationStatus)++instance Core.AWSRequest GetKeyRotationStatus where+ type+ AWSResponse GetKeyRotationStatus =+ GetKeyRotationStatusResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GetKeyRotationStatusResponse'+ Prelude.<$> (x Data..?> "KeyRotationEnabled")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable GetKeyRotationStatus where+ hashWithSalt _salt GetKeyRotationStatus' {..} =+ _salt `Prelude.hashWithSalt` keyId++instance Prelude.NFData GetKeyRotationStatus where+ rnf GetKeyRotationStatus' {..} = Prelude.rnf keyId++instance Data.ToHeaders GetKeyRotationStatus where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.GetKeyRotationStatus" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON GetKeyRotationStatus where+ toJSON GetKeyRotationStatus' {..} =+ Data.object+ ( Prelude.catMaybes+ [Prelude.Just ("KeyId" Data..= keyId)]+ )++instance Data.ToPath GetKeyRotationStatus where+ toPath = Prelude.const "/"++instance Data.ToQuery GetKeyRotationStatus where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGetKeyRotationStatusResponse' smart constructor.+data GetKeyRotationStatusResponse = GetKeyRotationStatusResponse'+ { -- | A Boolean value that specifies whether key rotation is enabled.+ keyRotationEnabled :: Prelude.Maybe Prelude.Bool,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GetKeyRotationStatusResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyRotationEnabled', 'getKeyRotationStatusResponse_keyRotationEnabled' - A Boolean value that specifies whether key rotation is enabled.+--+-- 'httpStatus', 'getKeyRotationStatusResponse_httpStatus' - The response's http status code.+newGetKeyRotationStatusResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ GetKeyRotationStatusResponse+newGetKeyRotationStatusResponse pHttpStatus_ =+ GetKeyRotationStatusResponse'+ { keyRotationEnabled =+ Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | A Boolean value that specifies whether key rotation is enabled.+getKeyRotationStatusResponse_keyRotationEnabled :: Lens.Lens' GetKeyRotationStatusResponse (Prelude.Maybe Prelude.Bool)+getKeyRotationStatusResponse_keyRotationEnabled = Lens.lens (\GetKeyRotationStatusResponse' {keyRotationEnabled} -> keyRotationEnabled) (\s@GetKeyRotationStatusResponse' {} a -> s {keyRotationEnabled = a} :: GetKeyRotationStatusResponse)++-- | The response's http status code.+getKeyRotationStatusResponse_httpStatus :: Lens.Lens' GetKeyRotationStatusResponse Prelude.Int+getKeyRotationStatusResponse_httpStatus = Lens.lens (\GetKeyRotationStatusResponse' {httpStatus} -> httpStatus) (\s@GetKeyRotationStatusResponse' {} a -> s {httpStatus = a} :: GetKeyRotationStatusResponse)++instance Prelude.NFData GetKeyRotationStatusResponse where+ rnf GetKeyRotationStatusResponse' {..} =+ Prelude.rnf keyRotationEnabled+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/GetParametersForImport.hs view
@@ -0,0 +1,375 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GetParametersForImport+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns the items you need to import key material into a symmetric+-- encryption KMS key. For more information about importing key material+-- into KMS, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing key material>+-- in the /Key Management Service Developer Guide/.+--+-- This operation returns a public key and an import token. Use the public+-- key to encrypt the symmetric key material. Store the import token to+-- send with a subsequent ImportKeyMaterial request.+--+-- You must specify the key ID of the symmetric encryption KMS key into+-- which you will import key material. The KMS key @Origin@ must be+-- @EXTERNAL@. You must also specify the wrapping algorithm and type of+-- wrapping key (public key) that you will use to encrypt the key material.+-- You cannot perform this operation on an asymmetric KMS key, an HMAC KMS+-- key, or on any KMS key in a different Amazon Web Services account.+--+-- To import key material, you must use the public key and import token+-- from the same response. These items are valid for 24 hours. The+-- expiration date and time appear in the @GetParametersForImport@+-- response. You cannot use an expired token in an ImportKeyMaterial+-- request. If your key and token expire, send another+-- @GetParametersForImport@ request.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GetParametersForImport>+-- (key policy)+--+-- __Related operations:__+--+-- - ImportKeyMaterial+--+-- - DeleteImportedKeyMaterial+module Amazonka.KMS.GetParametersForImport+ ( -- * Creating a Request+ GetParametersForImport (..),+ newGetParametersForImport,++ -- * Request Lenses+ getParametersForImport_keyId,+ getParametersForImport_wrappingAlgorithm,+ getParametersForImport_wrappingKeySpec,++ -- * Destructuring the Response+ GetParametersForImportResponse (..),+ newGetParametersForImportResponse,++ -- * Response Lenses+ getParametersForImportResponse_importToken,+ getParametersForImportResponse_keyId,+ getParametersForImportResponse_parametersValidTo,+ getParametersForImportResponse_publicKey,+ getParametersForImportResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGetParametersForImport' smart constructor.+data GetParametersForImport = GetParametersForImport'+ { -- | The identifier of the symmetric encryption KMS key into which you will+ -- import key material. The @Origin@ of the KMS key must be @EXTERNAL@.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | The algorithm you will use to encrypt the key material before importing+ -- it with ImportKeyMaterial. For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html Encrypt the Key Material>+ -- in the /Key Management Service Developer Guide/.+ wrappingAlgorithm :: AlgorithmSpec,+ -- | The type of wrapping key (public key) to return in the response. Only+ -- 2048-bit RSA public keys are supported.+ wrappingKeySpec :: WrappingKeySpec+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GetParametersForImport' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'getParametersForImport_keyId' - The identifier of the symmetric encryption KMS key into which you will+-- import key material. The @Origin@ of the KMS key must be @EXTERNAL@.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'wrappingAlgorithm', 'getParametersForImport_wrappingAlgorithm' - The algorithm you will use to encrypt the key material before importing+-- it with ImportKeyMaterial. For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html Encrypt the Key Material>+-- in the /Key Management Service Developer Guide/.+--+-- 'wrappingKeySpec', 'getParametersForImport_wrappingKeySpec' - The type of wrapping key (public key) to return in the response. Only+-- 2048-bit RSA public keys are supported.+newGetParametersForImport ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'wrappingAlgorithm'+ AlgorithmSpec ->+ -- | 'wrappingKeySpec'+ WrappingKeySpec ->+ GetParametersForImport+newGetParametersForImport+ pKeyId_+ pWrappingAlgorithm_+ pWrappingKeySpec_ =+ GetParametersForImport'+ { keyId = pKeyId_,+ wrappingAlgorithm = pWrappingAlgorithm_,+ wrappingKeySpec = pWrappingKeySpec_+ }++-- | The identifier of the symmetric encryption KMS key into which you will+-- import key material. The @Origin@ of the KMS key must be @EXTERNAL@.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+getParametersForImport_keyId :: Lens.Lens' GetParametersForImport Prelude.Text+getParametersForImport_keyId = Lens.lens (\GetParametersForImport' {keyId} -> keyId) (\s@GetParametersForImport' {} a -> s {keyId = a} :: GetParametersForImport)++-- | The algorithm you will use to encrypt the key material before importing+-- it with ImportKeyMaterial. For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html Encrypt the Key Material>+-- in the /Key Management Service Developer Guide/.+getParametersForImport_wrappingAlgorithm :: Lens.Lens' GetParametersForImport AlgorithmSpec+getParametersForImport_wrappingAlgorithm = Lens.lens (\GetParametersForImport' {wrappingAlgorithm} -> wrappingAlgorithm) (\s@GetParametersForImport' {} a -> s {wrappingAlgorithm = a} :: GetParametersForImport)++-- | The type of wrapping key (public key) to return in the response. Only+-- 2048-bit RSA public keys are supported.+getParametersForImport_wrappingKeySpec :: Lens.Lens' GetParametersForImport WrappingKeySpec+getParametersForImport_wrappingKeySpec = Lens.lens (\GetParametersForImport' {wrappingKeySpec} -> wrappingKeySpec) (\s@GetParametersForImport' {} a -> s {wrappingKeySpec = a} :: GetParametersForImport)++instance Core.AWSRequest GetParametersForImport where+ type+ AWSResponse GetParametersForImport =+ GetParametersForImportResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GetParametersForImportResponse'+ Prelude.<$> (x Data..?> "ImportToken")+ Prelude.<*> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "ParametersValidTo")+ Prelude.<*> (x Data..?> "PublicKey")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable GetParametersForImport where+ hashWithSalt _salt GetParametersForImport' {..} =+ _salt+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` wrappingAlgorithm+ `Prelude.hashWithSalt` wrappingKeySpec++instance Prelude.NFData GetParametersForImport where+ rnf GetParametersForImport' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf wrappingAlgorithm+ `Prelude.seq` Prelude.rnf wrappingKeySpec++instance Data.ToHeaders GetParametersForImport where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.GetParametersForImport" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON GetParametersForImport where+ toJSON GetParametersForImport' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just+ ("WrappingAlgorithm" Data..= wrappingAlgorithm),+ Prelude.Just+ ("WrappingKeySpec" Data..= wrappingKeySpec)+ ]+ )++instance Data.ToPath GetParametersForImport where+ toPath = Prelude.const "/"++instance Data.ToQuery GetParametersForImport where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGetParametersForImportResponse' smart constructor.+data GetParametersForImportResponse = GetParametersForImportResponse'+ { -- | The import token to send in a subsequent ImportKeyMaterial request.+ importToken :: Prelude.Maybe Data.Base64,+ -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key to use in a subsequent ImportKeyMaterial request. This is+ -- the same KMS key specified in the @GetParametersForImport@ request.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The time at which the import token and public key are no longer valid.+ -- After this time, you cannot use them to make an ImportKeyMaterial+ -- request and you must send another @GetParametersForImport@ request to+ -- get new ones.+ parametersValidTo :: Prelude.Maybe Data.POSIX,+ -- | The public key to use to encrypt the key material before importing it+ -- with ImportKeyMaterial.+ publicKey :: Prelude.Maybe (Data.Sensitive Data.Base64),+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GetParametersForImportResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'importToken', 'getParametersForImportResponse_importToken' - The import token to send in a subsequent ImportKeyMaterial request.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'keyId', 'getParametersForImportResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key to use in a subsequent ImportKeyMaterial request. This is+-- the same KMS key specified in the @GetParametersForImport@ request.+--+-- 'parametersValidTo', 'getParametersForImportResponse_parametersValidTo' - The time at which the import token and public key are no longer valid.+-- After this time, you cannot use them to make an ImportKeyMaterial+-- request and you must send another @GetParametersForImport@ request to+-- get new ones.+--+-- 'publicKey', 'getParametersForImportResponse_publicKey' - The public key to use to encrypt the key material before importing it+-- with ImportKeyMaterial.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'httpStatus', 'getParametersForImportResponse_httpStatus' - The response's http status code.+newGetParametersForImportResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ GetParametersForImportResponse+newGetParametersForImportResponse pHttpStatus_ =+ GetParametersForImportResponse'+ { importToken =+ Prelude.Nothing,+ keyId = Prelude.Nothing,+ parametersValidTo = Prelude.Nothing,+ publicKey = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The import token to send in a subsequent ImportKeyMaterial request.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+getParametersForImportResponse_importToken :: Lens.Lens' GetParametersForImportResponse (Prelude.Maybe Prelude.ByteString)+getParametersForImportResponse_importToken = Lens.lens (\GetParametersForImportResponse' {importToken} -> importToken) (\s@GetParametersForImportResponse' {} a -> s {importToken = a} :: GetParametersForImportResponse) Prelude.. Lens.mapping Data._Base64++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key to use in a subsequent ImportKeyMaterial request. This is+-- the same KMS key specified in the @GetParametersForImport@ request.+getParametersForImportResponse_keyId :: Lens.Lens' GetParametersForImportResponse (Prelude.Maybe Prelude.Text)+getParametersForImportResponse_keyId = Lens.lens (\GetParametersForImportResponse' {keyId} -> keyId) (\s@GetParametersForImportResponse' {} a -> s {keyId = a} :: GetParametersForImportResponse)++-- | The time at which the import token and public key are no longer valid.+-- After this time, you cannot use them to make an ImportKeyMaterial+-- request and you must send another @GetParametersForImport@ request to+-- get new ones.+getParametersForImportResponse_parametersValidTo :: Lens.Lens' GetParametersForImportResponse (Prelude.Maybe Prelude.UTCTime)+getParametersForImportResponse_parametersValidTo = Lens.lens (\GetParametersForImportResponse' {parametersValidTo} -> parametersValidTo) (\s@GetParametersForImportResponse' {} a -> s {parametersValidTo = a} :: GetParametersForImportResponse) Prelude.. Lens.mapping Data._Time++-- | The public key to use to encrypt the key material before importing it+-- with ImportKeyMaterial.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+getParametersForImportResponse_publicKey :: Lens.Lens' GetParametersForImportResponse (Prelude.Maybe Prelude.ByteString)+getParametersForImportResponse_publicKey = Lens.lens (\GetParametersForImportResponse' {publicKey} -> publicKey) (\s@GetParametersForImportResponse' {} a -> s {publicKey = a} :: GetParametersForImportResponse) Prelude.. Lens.mapping (Data._Sensitive Prelude.. Data._Base64)++-- | The response's http status code.+getParametersForImportResponse_httpStatus :: Lens.Lens' GetParametersForImportResponse Prelude.Int+getParametersForImportResponse_httpStatus = Lens.lens (\GetParametersForImportResponse' {httpStatus} -> httpStatus) (\s@GetParametersForImportResponse' {} a -> s {httpStatus = a} :: GetParametersForImportResponse)++instance+ Prelude.NFData+ GetParametersForImportResponse+ where+ rnf GetParametersForImportResponse' {..} =+ Prelude.rnf importToken+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf parametersValidTo+ `Prelude.seq` Prelude.rnf publicKey+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/GetPublicKey.hs view
@@ -0,0 +1,488 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.GetPublicKey+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns the public key of an asymmetric KMS key. Unlike the private key+-- of a asymmetric KMS key, which never leaves KMS unencrypted, callers+-- with @kms:GetPublicKey@ permission can download the public key of an+-- asymmetric KMS key. You can share the public key to allow others to+-- encrypt messages and verify signatures outside of KMS. For information+-- about asymmetric KMS keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Asymmetric KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- You do not need to download the public key. Instead, you can use the+-- public key within KMS by calling the Encrypt, ReEncrypt, or Verify+-- operations with the identifier of an asymmetric KMS key. When you use+-- the public key within KMS, you benefit from the authentication,+-- authorization, and logging that are part of every KMS operation. You+-- also reduce of risk of encrypting data that cannot be decrypted. These+-- features are not effective outside of KMS.+--+-- To help you use the public key safely outside of KMS, @GetPublicKey@+-- returns important information about the public key in the response,+-- including:+--+-- - <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeySpec KeySpec>:+-- The type of key material in the public key, such as @RSA_4096@ or+-- @ECC_NIST_P521@.+--+-- - <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-KeyUsage KeyUsage>:+-- Whether the key is used for encryption or signing.+--+-- - <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-EncryptionAlgorithms EncryptionAlgorithms>+-- or+-- <https://docs.aws.amazon.com/kms/latest/APIReference/API_GetPublicKey.html#KMS-GetPublicKey-response-SigningAlgorithms SigningAlgorithms>:+-- A list of the encryption algorithms or the signing algorithms for+-- the key.+--+-- Although KMS cannot enforce these restrictions on external operations,+-- it is crucial that you use this information to prevent the public key+-- from being used improperly. For example, you can prevent a public+-- signing key from being used encrypt data, or prevent a public key from+-- being used with an encryption algorithm that is not supported by KMS.+-- You can also avoid errors, such as using the wrong signing algorithm in+-- a verification operation.+--+-- To verify a signature outside of KMS with an SM2 public key (China+-- Regions only), you must specify the distinguishing ID. By default, KMS+-- uses @1234567812345678@ as the distinguishing ID. For more information,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification Offline verification with SM2 key pairs>.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:GetPublicKey>+-- (key policy)+--+-- __Related operations__: CreateKey+module Amazonka.KMS.GetPublicKey+ ( -- * Creating a Request+ GetPublicKey (..),+ newGetPublicKey,++ -- * Request Lenses+ getPublicKey_grantTokens,+ getPublicKey_keyId,++ -- * Destructuring the Response+ GetPublicKeyResponse (..),+ newGetPublicKeyResponse,++ -- * Response Lenses+ getPublicKeyResponse_customerMasterKeySpec,+ getPublicKeyResponse_encryptionAlgorithms,+ getPublicKeyResponse_keyId,+ getPublicKeyResponse_keySpec,+ getPublicKeyResponse_keyUsage,+ getPublicKeyResponse_publicKey,+ getPublicKeyResponse_signingAlgorithms,+ getPublicKeyResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newGetPublicKey' smart constructor.+data GetPublicKey = GetPublicKey'+ { -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Identifies the asymmetric KMS key that includes the public key.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GetPublicKey' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grantTokens', 'getPublicKey_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyId', 'getPublicKey_keyId' - Identifies the asymmetric KMS key that includes the public key.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+newGetPublicKey ::+ -- | 'keyId'+ Prelude.Text ->+ GetPublicKey+newGetPublicKey pKeyId_ =+ GetPublicKey'+ { grantTokens = Prelude.Nothing,+ keyId = pKeyId_+ }++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+getPublicKey_grantTokens :: Lens.Lens' GetPublicKey (Prelude.Maybe [Prelude.Text])+getPublicKey_grantTokens = Lens.lens (\GetPublicKey' {grantTokens} -> grantTokens) (\s@GetPublicKey' {} a -> s {grantTokens = a} :: GetPublicKey) Prelude.. Lens.mapping Lens.coerced++-- | Identifies the asymmetric KMS key that includes the public key.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+getPublicKey_keyId :: Lens.Lens' GetPublicKey Prelude.Text+getPublicKey_keyId = Lens.lens (\GetPublicKey' {keyId} -> keyId) (\s@GetPublicKey' {} a -> s {keyId = a} :: GetPublicKey)++instance Core.AWSRequest GetPublicKey where+ type AWSResponse GetPublicKey = GetPublicKeyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ GetPublicKeyResponse'+ Prelude.<$> (x Data..?> "CustomerMasterKeySpec")+ Prelude.<*> ( x+ Data..?> "EncryptionAlgorithms"+ Core..!@ Prelude.mempty+ )+ Prelude.<*> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "KeySpec")+ Prelude.<*> (x Data..?> "KeyUsage")+ Prelude.<*> (x Data..?> "PublicKey")+ Prelude.<*> ( x+ Data..?> "SigningAlgorithms"+ Core..!@ Prelude.mempty+ )+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable GetPublicKey where+ hashWithSalt _salt GetPublicKey' {..} =+ _salt+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData GetPublicKey where+ rnf GetPublicKey' {..} =+ Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf keyId++instance Data.ToHeaders GetPublicKey where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.GetPublicKey" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON GetPublicKey where+ toJSON GetPublicKey' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ Prelude.Just ("KeyId" Data..= keyId)+ ]+ )++instance Data.ToPath GetPublicKey where+ toPath = Prelude.const "/"++instance Data.ToQuery GetPublicKey where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newGetPublicKeyResponse' smart constructor.+data GetPublicKeyResponse = GetPublicKeyResponse'+ { -- | Instead, use the @KeySpec@ field in the @GetPublicKey@ response.+ --+ -- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We+ -- recommend that you use the @KeySpec@ field in your code. However, to+ -- avoid breaking changes, KMS supports both fields.+ customerMasterKeySpec :: Prelude.Maybe CustomerMasterKeySpec,+ -- | The encryption algorithms that KMS supports for this key.+ --+ -- This information is critical. If a public key encrypts data outside of+ -- KMS by using an unsupported encryption algorithm, the ciphertext cannot+ -- be decrypted.+ --+ -- This field appears in the response only when the @KeyUsage@ of the+ -- public key is @ENCRYPT_DECRYPT@.+ encryptionAlgorithms :: Prelude.Maybe [EncryptionAlgorithmSpec],+ -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the asymmetric KMS key from which the public key was downloaded.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The type of the of the public key that was downloaded.+ keySpec :: Prelude.Maybe KeySpec,+ -- | The permitted use of the public key. Valid values are @ENCRYPT_DECRYPT@+ -- or @SIGN_VERIFY@.+ --+ -- This information is critical. If a public key with @SIGN_VERIFY@ key+ -- usage encrypts data outside of KMS, the ciphertext cannot be decrypted.+ keyUsage :: Prelude.Maybe KeyUsageType,+ -- | The exported public key.+ --+ -- The value is a DER-encoded X.509 public key, also known as+ -- @SubjectPublicKeyInfo@ (SPKI), as defined in+ -- <https://tools.ietf.org/html/rfc5280 RFC 5280>. When you use the HTTP+ -- API or the Amazon Web Services CLI, the value is Base64-encoded.+ -- Otherwise, it is not Base64-encoded.+ publicKey :: Prelude.Maybe Data.Base64,+ -- | The signing algorithms that KMS supports for this key.+ --+ -- This field appears in the response only when the @KeyUsage@ of the+ -- public key is @SIGN_VERIFY@.+ signingAlgorithms :: Prelude.Maybe [SigningAlgorithmSpec],+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GetPublicKeyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'customerMasterKeySpec', 'getPublicKeyResponse_customerMasterKeySpec' - Instead, use the @KeySpec@ field in the @GetPublicKey@ response.+--+-- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We+-- recommend that you use the @KeySpec@ field in your code. However, to+-- avoid breaking changes, KMS supports both fields.+--+-- 'encryptionAlgorithms', 'getPublicKeyResponse_encryptionAlgorithms' - The encryption algorithms that KMS supports for this key.+--+-- This information is critical. If a public key encrypts data outside of+-- KMS by using an unsupported encryption algorithm, the ciphertext cannot+-- be decrypted.+--+-- This field appears in the response only when the @KeyUsage@ of the+-- public key is @ENCRYPT_DECRYPT@.+--+-- 'keyId', 'getPublicKeyResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the asymmetric KMS key from which the public key was downloaded.+--+-- 'keySpec', 'getPublicKeyResponse_keySpec' - The type of the of the public key that was downloaded.+--+-- 'keyUsage', 'getPublicKeyResponse_keyUsage' - The permitted use of the public key. Valid values are @ENCRYPT_DECRYPT@+-- or @SIGN_VERIFY@.+--+-- This information is critical. If a public key with @SIGN_VERIFY@ key+-- usage encrypts data outside of KMS, the ciphertext cannot be decrypted.+--+-- 'publicKey', 'getPublicKeyResponse_publicKey' - The exported public key.+--+-- The value is a DER-encoded X.509 public key, also known as+-- @SubjectPublicKeyInfo@ (SPKI), as defined in+-- <https://tools.ietf.org/html/rfc5280 RFC 5280>. When you use the HTTP+-- API or the Amazon Web Services CLI, the value is Base64-encoded.+-- Otherwise, it is not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'signingAlgorithms', 'getPublicKeyResponse_signingAlgorithms' - The signing algorithms that KMS supports for this key.+--+-- This field appears in the response only when the @KeyUsage@ of the+-- public key is @SIGN_VERIFY@.+--+-- 'httpStatus', 'getPublicKeyResponse_httpStatus' - The response's http status code.+newGetPublicKeyResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ GetPublicKeyResponse+newGetPublicKeyResponse pHttpStatus_ =+ GetPublicKeyResponse'+ { customerMasterKeySpec =+ Prelude.Nothing,+ encryptionAlgorithms = Prelude.Nothing,+ keyId = Prelude.Nothing,+ keySpec = Prelude.Nothing,+ keyUsage = Prelude.Nothing,+ publicKey = Prelude.Nothing,+ signingAlgorithms = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | Instead, use the @KeySpec@ field in the @GetPublicKey@ response.+--+-- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We+-- recommend that you use the @KeySpec@ field in your code. However, to+-- avoid breaking changes, KMS supports both fields.+getPublicKeyResponse_customerMasterKeySpec :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe CustomerMasterKeySpec)+getPublicKeyResponse_customerMasterKeySpec = Lens.lens (\GetPublicKeyResponse' {customerMasterKeySpec} -> customerMasterKeySpec) (\s@GetPublicKeyResponse' {} a -> s {customerMasterKeySpec = a} :: GetPublicKeyResponse)++-- | The encryption algorithms that KMS supports for this key.+--+-- This information is critical. If a public key encrypts data outside of+-- KMS by using an unsupported encryption algorithm, the ciphertext cannot+-- be decrypted.+--+-- This field appears in the response only when the @KeyUsage@ of the+-- public key is @ENCRYPT_DECRYPT@.+getPublicKeyResponse_encryptionAlgorithms :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe [EncryptionAlgorithmSpec])+getPublicKeyResponse_encryptionAlgorithms = Lens.lens (\GetPublicKeyResponse' {encryptionAlgorithms} -> encryptionAlgorithms) (\s@GetPublicKeyResponse' {} a -> s {encryptionAlgorithms = a} :: GetPublicKeyResponse) Prelude.. Lens.mapping Lens.coerced++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the asymmetric KMS key from which the public key was downloaded.+getPublicKeyResponse_keyId :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe Prelude.Text)+getPublicKeyResponse_keyId = Lens.lens (\GetPublicKeyResponse' {keyId} -> keyId) (\s@GetPublicKeyResponse' {} a -> s {keyId = a} :: GetPublicKeyResponse)++-- | The type of the of the public key that was downloaded.+getPublicKeyResponse_keySpec :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe KeySpec)+getPublicKeyResponse_keySpec = Lens.lens (\GetPublicKeyResponse' {keySpec} -> keySpec) (\s@GetPublicKeyResponse' {} a -> s {keySpec = a} :: GetPublicKeyResponse)++-- | The permitted use of the public key. Valid values are @ENCRYPT_DECRYPT@+-- or @SIGN_VERIFY@.+--+-- This information is critical. If a public key with @SIGN_VERIFY@ key+-- usage encrypts data outside of KMS, the ciphertext cannot be decrypted.+getPublicKeyResponse_keyUsage :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe KeyUsageType)+getPublicKeyResponse_keyUsage = Lens.lens (\GetPublicKeyResponse' {keyUsage} -> keyUsage) (\s@GetPublicKeyResponse' {} a -> s {keyUsage = a} :: GetPublicKeyResponse)++-- | The exported public key.+--+-- The value is a DER-encoded X.509 public key, also known as+-- @SubjectPublicKeyInfo@ (SPKI), as defined in+-- <https://tools.ietf.org/html/rfc5280 RFC 5280>. When you use the HTTP+-- API or the Amazon Web Services CLI, the value is Base64-encoded.+-- Otherwise, it is not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+getPublicKeyResponse_publicKey :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe Prelude.ByteString)+getPublicKeyResponse_publicKey = Lens.lens (\GetPublicKeyResponse' {publicKey} -> publicKey) (\s@GetPublicKeyResponse' {} a -> s {publicKey = a} :: GetPublicKeyResponse) Prelude.. Lens.mapping Data._Base64++-- | The signing algorithms that KMS supports for this key.+--+-- This field appears in the response only when the @KeyUsage@ of the+-- public key is @SIGN_VERIFY@.+getPublicKeyResponse_signingAlgorithms :: Lens.Lens' GetPublicKeyResponse (Prelude.Maybe [SigningAlgorithmSpec])+getPublicKeyResponse_signingAlgorithms = Lens.lens (\GetPublicKeyResponse' {signingAlgorithms} -> signingAlgorithms) (\s@GetPublicKeyResponse' {} a -> s {signingAlgorithms = a} :: GetPublicKeyResponse) Prelude.. Lens.mapping Lens.coerced++-- | The response's http status code.+getPublicKeyResponse_httpStatus :: Lens.Lens' GetPublicKeyResponse Prelude.Int+getPublicKeyResponse_httpStatus = Lens.lens (\GetPublicKeyResponse' {httpStatus} -> httpStatus) (\s@GetPublicKeyResponse' {} a -> s {httpStatus = a} :: GetPublicKeyResponse)++instance Prelude.NFData GetPublicKeyResponse where+ rnf GetPublicKeyResponse' {..} =+ Prelude.rnf customerMasterKeySpec+ `Prelude.seq` Prelude.rnf encryptionAlgorithms+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf keySpec+ `Prelude.seq` Prelude.rnf keyUsage+ `Prelude.seq` Prelude.rnf publicKey+ `Prelude.seq` Prelude.rnf signingAlgorithms+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/ImportKeyMaterial.hs view
@@ -0,0 +1,449 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ImportKeyMaterial+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Imports key material into an existing symmetric encryption KMS key that+-- was created without key material. After you successfully import key+-- material into a KMS key, you can+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#reimport-key-material reimport the same key material>+-- into that KMS key, but you cannot import different key material.+--+-- You cannot perform this operation on an asymmetric KMS key, an HMAC KMS+-- key, or on any KMS key in a different Amazon Web Services account. For+-- more information about creating KMS keys with no key material and then+-- importing key material, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material>+-- in the /Key Management Service Developer Guide/.+--+-- Before using this operation, call GetParametersForImport. Its response+-- includes a public key and an import token. Use the public key to encrypt+-- the key material. Then, submit the import token from the same+-- @GetParametersForImport@ response.+--+-- When calling this operation, you must specify the following values:+--+-- - The key ID or key ARN of a KMS key with no key material. Its+-- @Origin@ must be @EXTERNAL@.+--+-- To create a KMS key with no key material, call CreateKey and set the+-- value of its @Origin@ parameter to @EXTERNAL@. To get the @Origin@+-- of a KMS key, call DescribeKey.)+--+-- - The encrypted key material. To get the public key to encrypt the key+-- material, call GetParametersForImport.+--+-- - The import token that GetParametersForImport returned. You must use+-- a public key and token from the same @GetParametersForImport@+-- response.+--+-- - Whether the key material expires (@ExpirationModel@) and, if so,+-- when (@ValidTo@). If you set an expiration date, on the specified+-- date, KMS deletes the key material from the KMS key, making the KMS+-- key unusable. To use the KMS key in cryptographic operations again,+-- you must reimport the same key material. The only way to change the+-- expiration model or expiration date is by reimporting the same key+-- material and specifying a new expiration date.+--+-- When this operation is successful, the key state of the KMS key changes+-- from @PendingImport@ to @Enabled@, and you can use the KMS key.+--+-- If this operation fails, use the exception to help determine the+-- problem. If the error is related to the key material, the import token,+-- or wrapping key, use GetParametersForImport to get a new public key and+-- import token for the KMS key and repeat the import procedure. For help,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html#importing-keys-overview How To Import Key Material>+-- in the /Key Management Service Developer Guide/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ImportKeyMaterial>+-- (key policy)+--+-- __Related operations:__+--+-- - DeleteImportedKeyMaterial+--+-- - GetParametersForImport+module Amazonka.KMS.ImportKeyMaterial+ ( -- * Creating a Request+ ImportKeyMaterial (..),+ newImportKeyMaterial,++ -- * Request Lenses+ importKeyMaterial_expirationModel,+ importKeyMaterial_validTo,+ importKeyMaterial_keyId,+ importKeyMaterial_importToken,+ importKeyMaterial_encryptedKeyMaterial,++ -- * Destructuring the Response+ ImportKeyMaterialResponse (..),+ newImportKeyMaterialResponse,++ -- * Response Lenses+ importKeyMaterialResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newImportKeyMaterial' smart constructor.+data ImportKeyMaterial = ImportKeyMaterial'+ { -- | Specifies whether the key material expires. The default is+ -- @KEY_MATERIAL_EXPIRES@.+ --+ -- When the value of @ExpirationModel@ is @KEY_MATERIAL_EXPIRES@, you must+ -- specify a value for the @ValidTo@ parameter. When value is+ -- @KEY_MATERIAL_DOES_NOT_EXPIRE@, you must omit the @ValidTo@ parameter.+ --+ -- You cannot change the @ExpirationModel@ or @ValidTo@ values for the+ -- current import after the request completes. To change either value, you+ -- must delete (DeleteImportedKeyMaterial) and reimport the key material.+ expirationModel :: Prelude.Maybe ExpirationModelType,+ -- | The date and time when the imported key material expires. This parameter+ -- is required when the value of the @ExpirationModel@ parameter is+ -- @KEY_MATERIAL_EXPIRES@. Otherwise it is not valid.+ --+ -- The value of this parameter must be a future date and time. The maximum+ -- value is 365 days from the request date.+ --+ -- When the key material expires, KMS deletes the key material from the KMS+ -- key. Without its key material, the KMS key is unusable. To use the KMS+ -- key in cryptographic operations, you must reimport the same key+ -- material.+ --+ -- You cannot change the @ExpirationModel@ or @ValidTo@ values for the+ -- current import after the request completes. To change either value, you+ -- must delete (DeleteImportedKeyMaterial) and reimport the key material.+ validTo :: Prelude.Maybe Data.POSIX,+ -- | The identifier of the symmetric encryption KMS key that receives the+ -- imported key material. This must be the same KMS key specified in the+ -- @KeyID@ parameter of the corresponding GetParametersForImport request.+ -- The @Origin@ of the KMS key must be @EXTERNAL@. You cannot perform this+ -- operation on an asymmetric KMS key, an HMAC KMS key, a KMS key in a+ -- custom key store, or on a KMS key in a different Amazon Web Services+ -- account+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | The import token that you received in the response to a previous+ -- GetParametersForImport request. It must be from the same response that+ -- contained the public key that you used to encrypt the key material.+ importToken :: Data.Base64,+ -- | The encrypted key material to import. The key material must be encrypted+ -- with the public wrapping key that GetParametersForImport returned, using+ -- the wrapping algorithm that you specified in the same+ -- @GetParametersForImport@ request.+ encryptedKeyMaterial :: Data.Base64+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ImportKeyMaterial' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'expirationModel', 'importKeyMaterial_expirationModel' - Specifies whether the key material expires. The default is+-- @KEY_MATERIAL_EXPIRES@.+--+-- When the value of @ExpirationModel@ is @KEY_MATERIAL_EXPIRES@, you must+-- specify a value for the @ValidTo@ parameter. When value is+-- @KEY_MATERIAL_DOES_NOT_EXPIRE@, you must omit the @ValidTo@ parameter.+--+-- You cannot change the @ExpirationModel@ or @ValidTo@ values for the+-- current import after the request completes. To change either value, you+-- must delete (DeleteImportedKeyMaterial) and reimport the key material.+--+-- 'validTo', 'importKeyMaterial_validTo' - The date and time when the imported key material expires. This parameter+-- is required when the value of the @ExpirationModel@ parameter is+-- @KEY_MATERIAL_EXPIRES@. Otherwise it is not valid.+--+-- The value of this parameter must be a future date and time. The maximum+-- value is 365 days from the request date.+--+-- When the key material expires, KMS deletes the key material from the KMS+-- key. Without its key material, the KMS key is unusable. To use the KMS+-- key in cryptographic operations, you must reimport the same key+-- material.+--+-- You cannot change the @ExpirationModel@ or @ValidTo@ values for the+-- current import after the request completes. To change either value, you+-- must delete (DeleteImportedKeyMaterial) and reimport the key material.+--+-- 'keyId', 'importKeyMaterial_keyId' - The identifier of the symmetric encryption KMS key that receives the+-- imported key material. This must be the same KMS key specified in the+-- @KeyID@ parameter of the corresponding GetParametersForImport request.+-- The @Origin@ of the KMS key must be @EXTERNAL@. You cannot perform this+-- operation on an asymmetric KMS key, an HMAC KMS key, a KMS key in a+-- custom key store, or on a KMS key in a different Amazon Web Services+-- account+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'importToken', 'importKeyMaterial_importToken' - The import token that you received in the response to a previous+-- GetParametersForImport request. It must be from the same response that+-- contained the public key that you used to encrypt the key material.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'encryptedKeyMaterial', 'importKeyMaterial_encryptedKeyMaterial' - The encrypted key material to import. The key material must be encrypted+-- with the public wrapping key that GetParametersForImport returned, using+-- the wrapping algorithm that you specified in the same+-- @GetParametersForImport@ request.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+newImportKeyMaterial ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'importToken'+ Prelude.ByteString ->+ -- | 'encryptedKeyMaterial'+ Prelude.ByteString ->+ ImportKeyMaterial+newImportKeyMaterial+ pKeyId_+ pImportToken_+ pEncryptedKeyMaterial_ =+ ImportKeyMaterial'+ { expirationModel =+ Prelude.Nothing,+ validTo = Prelude.Nothing,+ keyId = pKeyId_,+ importToken = Data._Base64 Lens.# pImportToken_,+ encryptedKeyMaterial =+ Data._Base64 Lens.# pEncryptedKeyMaterial_+ }++-- | Specifies whether the key material expires. The default is+-- @KEY_MATERIAL_EXPIRES@.+--+-- When the value of @ExpirationModel@ is @KEY_MATERIAL_EXPIRES@, you must+-- specify a value for the @ValidTo@ parameter. When value is+-- @KEY_MATERIAL_DOES_NOT_EXPIRE@, you must omit the @ValidTo@ parameter.+--+-- You cannot change the @ExpirationModel@ or @ValidTo@ values for the+-- current import after the request completes. To change either value, you+-- must delete (DeleteImportedKeyMaterial) and reimport the key material.+importKeyMaterial_expirationModel :: Lens.Lens' ImportKeyMaterial (Prelude.Maybe ExpirationModelType)+importKeyMaterial_expirationModel = Lens.lens (\ImportKeyMaterial' {expirationModel} -> expirationModel) (\s@ImportKeyMaterial' {} a -> s {expirationModel = a} :: ImportKeyMaterial)++-- | The date and time when the imported key material expires. This parameter+-- is required when the value of the @ExpirationModel@ parameter is+-- @KEY_MATERIAL_EXPIRES@. Otherwise it is not valid.+--+-- The value of this parameter must be a future date and time. The maximum+-- value is 365 days from the request date.+--+-- When the key material expires, KMS deletes the key material from the KMS+-- key. Without its key material, the KMS key is unusable. To use the KMS+-- key in cryptographic operations, you must reimport the same key+-- material.+--+-- You cannot change the @ExpirationModel@ or @ValidTo@ values for the+-- current import after the request completes. To change either value, you+-- must delete (DeleteImportedKeyMaterial) and reimport the key material.+importKeyMaterial_validTo :: Lens.Lens' ImportKeyMaterial (Prelude.Maybe Prelude.UTCTime)+importKeyMaterial_validTo = Lens.lens (\ImportKeyMaterial' {validTo} -> validTo) (\s@ImportKeyMaterial' {} a -> s {validTo = a} :: ImportKeyMaterial) Prelude.. Lens.mapping Data._Time++-- | The identifier of the symmetric encryption KMS key that receives the+-- imported key material. This must be the same KMS key specified in the+-- @KeyID@ parameter of the corresponding GetParametersForImport request.+-- The @Origin@ of the KMS key must be @EXTERNAL@. You cannot perform this+-- operation on an asymmetric KMS key, an HMAC KMS key, a KMS key in a+-- custom key store, or on a KMS key in a different Amazon Web Services+-- account+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+importKeyMaterial_keyId :: Lens.Lens' ImportKeyMaterial Prelude.Text+importKeyMaterial_keyId = Lens.lens (\ImportKeyMaterial' {keyId} -> keyId) (\s@ImportKeyMaterial' {} a -> s {keyId = a} :: ImportKeyMaterial)++-- | The import token that you received in the response to a previous+-- GetParametersForImport request. It must be from the same response that+-- contained the public key that you used to encrypt the key material.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+importKeyMaterial_importToken :: Lens.Lens' ImportKeyMaterial Prelude.ByteString+importKeyMaterial_importToken = Lens.lens (\ImportKeyMaterial' {importToken} -> importToken) (\s@ImportKeyMaterial' {} a -> s {importToken = a} :: ImportKeyMaterial) Prelude.. Data._Base64++-- | The encrypted key material to import. The key material must be encrypted+-- with the public wrapping key that GetParametersForImport returned, using+-- the wrapping algorithm that you specified in the same+-- @GetParametersForImport@ request.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+importKeyMaterial_encryptedKeyMaterial :: Lens.Lens' ImportKeyMaterial Prelude.ByteString+importKeyMaterial_encryptedKeyMaterial = Lens.lens (\ImportKeyMaterial' {encryptedKeyMaterial} -> encryptedKeyMaterial) (\s@ImportKeyMaterial' {} a -> s {encryptedKeyMaterial = a} :: ImportKeyMaterial) Prelude.. Data._Base64++instance Core.AWSRequest ImportKeyMaterial where+ type+ AWSResponse ImportKeyMaterial =+ ImportKeyMaterialResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveEmpty+ ( \s h x ->+ ImportKeyMaterialResponse'+ Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable ImportKeyMaterial where+ hashWithSalt _salt ImportKeyMaterial' {..} =+ _salt+ `Prelude.hashWithSalt` expirationModel+ `Prelude.hashWithSalt` validTo+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` importToken+ `Prelude.hashWithSalt` encryptedKeyMaterial++instance Prelude.NFData ImportKeyMaterial where+ rnf ImportKeyMaterial' {..} =+ Prelude.rnf expirationModel+ `Prelude.seq` Prelude.rnf validTo+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf importToken+ `Prelude.seq` Prelude.rnf encryptedKeyMaterial++instance Data.ToHeaders ImportKeyMaterial where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.ImportKeyMaterial" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ImportKeyMaterial where+ toJSON ImportKeyMaterial' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("ExpirationModel" Data..=)+ Prelude.<$> expirationModel,+ ("ValidTo" Data..=) Prelude.<$> validTo,+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("ImportToken" Data..= importToken),+ Prelude.Just+ ( "EncryptedKeyMaterial"+ Data..= encryptedKeyMaterial+ )+ ]+ )++instance Data.ToPath ImportKeyMaterial where+ toPath = Prelude.const "/"++instance Data.ToQuery ImportKeyMaterial where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newImportKeyMaterialResponse' smart constructor.+data ImportKeyMaterialResponse = ImportKeyMaterialResponse'+ { -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ImportKeyMaterialResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'importKeyMaterialResponse_httpStatus' - The response's http status code.+newImportKeyMaterialResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ ImportKeyMaterialResponse+newImportKeyMaterialResponse pHttpStatus_ =+ ImportKeyMaterialResponse'+ { httpStatus =+ pHttpStatus_+ }++-- | The response's http status code.+importKeyMaterialResponse_httpStatus :: Lens.Lens' ImportKeyMaterialResponse Prelude.Int+importKeyMaterialResponse_httpStatus = Lens.lens (\ImportKeyMaterialResponse' {httpStatus} -> httpStatus) (\s@ImportKeyMaterialResponse' {} a -> s {httpStatus = a} :: ImportKeyMaterialResponse)++instance Prelude.NFData ImportKeyMaterialResponse where+ rnf ImportKeyMaterialResponse' {..} =+ Prelude.rnf httpStatus
+ gen/Amazonka/KMS/Lens.hs view
@@ -0,0 +1,568 @@+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Lens+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Lens+ ( -- * Operations++ -- ** CancelKeyDeletion+ cancelKeyDeletion_keyId,+ cancelKeyDeletionResponse_keyId,+ cancelKeyDeletionResponse_httpStatus,++ -- ** ConnectCustomKeyStore+ connectCustomKeyStore_customKeyStoreId,+ connectCustomKeyStoreResponse_httpStatus,++ -- ** CreateAlias+ createAlias_aliasName,+ createAlias_targetKeyId,++ -- ** CreateCustomKeyStore+ createCustomKeyStore_cloudHsmClusterId,+ createCustomKeyStore_customKeyStoreType,+ createCustomKeyStore_keyStorePassword,+ createCustomKeyStore_trustAnchorCertificate,+ createCustomKeyStore_xksProxyAuthenticationCredential,+ createCustomKeyStore_xksProxyConnectivity,+ createCustomKeyStore_xksProxyUriEndpoint,+ createCustomKeyStore_xksProxyUriPath,+ createCustomKeyStore_xksProxyVpcEndpointServiceName,+ createCustomKeyStore_customKeyStoreName,+ createCustomKeyStoreResponse_customKeyStoreId,+ createCustomKeyStoreResponse_httpStatus,++ -- ** CreateGrant+ createGrant_constraints,+ createGrant_grantTokens,+ createGrant_name,+ createGrant_retiringPrincipal,+ createGrant_keyId,+ createGrant_granteePrincipal,+ createGrant_operations,+ createGrantResponse_grantId,+ createGrantResponse_grantToken,+ createGrantResponse_httpStatus,++ -- ** CreateKey+ createKey_bypassPolicyLockoutSafetyCheck,+ createKey_customKeyStoreId,+ createKey_customerMasterKeySpec,+ createKey_description,+ createKey_keySpec,+ createKey_keyUsage,+ createKey_multiRegion,+ createKey_origin,+ createKey_policy,+ createKey_tags,+ createKey_xksKeyId,+ createKeyResponse_keyMetadata,+ createKeyResponse_httpStatus,++ -- ** Decrypt+ decrypt_encryptionAlgorithm,+ decrypt_encryptionContext,+ decrypt_grantTokens,+ decrypt_keyId,+ decrypt_ciphertextBlob,+ decryptResponse_encryptionAlgorithm,+ decryptResponse_keyId,+ decryptResponse_plaintext,+ decryptResponse_httpStatus,++ -- ** DeleteAlias+ deleteAlias_aliasName,++ -- ** DeleteCustomKeyStore+ deleteCustomKeyStore_customKeyStoreId,+ deleteCustomKeyStoreResponse_httpStatus,++ -- ** DeleteImportedKeyMaterial+ deleteImportedKeyMaterial_keyId,++ -- ** DescribeCustomKeyStores+ describeCustomKeyStores_customKeyStoreId,+ describeCustomKeyStores_customKeyStoreName,+ describeCustomKeyStores_limit,+ describeCustomKeyStores_marker,+ describeCustomKeyStoresResponse_customKeyStores,+ describeCustomKeyStoresResponse_nextMarker,+ describeCustomKeyStoresResponse_truncated,+ describeCustomKeyStoresResponse_httpStatus,++ -- ** DescribeKey+ describeKey_grantTokens,+ describeKey_keyId,+ describeKeyResponse_keyMetadata,+ describeKeyResponse_httpStatus,++ -- ** DisableKey+ disableKey_keyId,++ -- ** DisableKeyRotation+ disableKeyRotation_keyId,++ -- ** DisconnectCustomKeyStore+ disconnectCustomKeyStore_customKeyStoreId,+ disconnectCustomKeyStoreResponse_httpStatus,++ -- ** EnableKey+ enableKey_keyId,++ -- ** EnableKeyRotation+ enableKeyRotation_keyId,++ -- ** Encrypt+ encrypt_encryptionAlgorithm,+ encrypt_encryptionContext,+ encrypt_grantTokens,+ encrypt_keyId,+ encrypt_plaintext,+ encryptResponse_ciphertextBlob,+ encryptResponse_encryptionAlgorithm,+ encryptResponse_keyId,+ encryptResponse_httpStatus,++ -- ** GenerateDataKey+ generateDataKey_encryptionContext,+ generateDataKey_grantTokens,+ generateDataKey_keySpec,+ generateDataKey_numberOfBytes,+ generateDataKey_keyId,+ generateDataKeyResponse_httpStatus,+ generateDataKeyResponse_keyId,+ generateDataKeyResponse_plaintext,+ generateDataKeyResponse_ciphertextBlob,++ -- ** GenerateDataKeyPair+ generateDataKeyPair_encryptionContext,+ generateDataKeyPair_grantTokens,+ generateDataKeyPair_keyId,+ generateDataKeyPair_keyPairSpec,+ generateDataKeyPairResponse_keyId,+ generateDataKeyPairResponse_keyPairSpec,+ generateDataKeyPairResponse_privateKeyCiphertextBlob,+ generateDataKeyPairResponse_privateKeyPlaintext,+ generateDataKeyPairResponse_publicKey,+ generateDataKeyPairResponse_httpStatus,++ -- ** GenerateDataKeyPairWithoutPlaintext+ generateDataKeyPairWithoutPlaintext_encryptionContext,+ generateDataKeyPairWithoutPlaintext_grantTokens,+ generateDataKeyPairWithoutPlaintext_keyId,+ generateDataKeyPairWithoutPlaintext_keyPairSpec,+ generateDataKeyPairWithoutPlaintextResponse_keyId,+ generateDataKeyPairWithoutPlaintextResponse_keyPairSpec,+ generateDataKeyPairWithoutPlaintextResponse_privateKeyCiphertextBlob,+ generateDataKeyPairWithoutPlaintextResponse_publicKey,+ generateDataKeyPairWithoutPlaintextResponse_httpStatus,++ -- ** GenerateDataKeyWithoutPlaintext+ generateDataKeyWithoutPlaintext_encryptionContext,+ generateDataKeyWithoutPlaintext_grantTokens,+ generateDataKeyWithoutPlaintext_keySpec,+ generateDataKeyWithoutPlaintext_numberOfBytes,+ generateDataKeyWithoutPlaintext_keyId,+ generateDataKeyWithoutPlaintextResponse_ciphertextBlob,+ generateDataKeyWithoutPlaintextResponse_keyId,+ generateDataKeyWithoutPlaintextResponse_httpStatus,++ -- ** GenerateMac+ generateMac_grantTokens,+ generateMac_message,+ generateMac_keyId,+ generateMac_macAlgorithm,+ generateMacResponse_keyId,+ generateMacResponse_mac,+ generateMacResponse_macAlgorithm,+ generateMacResponse_httpStatus,++ -- ** GenerateRandom+ generateRandom_customKeyStoreId,+ generateRandom_numberOfBytes,+ generateRandomResponse_plaintext,+ generateRandomResponse_httpStatus,++ -- ** GetKeyPolicy+ getKeyPolicy_keyId,+ getKeyPolicy_policyName,+ getKeyPolicyResponse_policy,+ getKeyPolicyResponse_httpStatus,++ -- ** GetKeyRotationStatus+ getKeyRotationStatus_keyId,+ getKeyRotationStatusResponse_keyRotationEnabled,+ getKeyRotationStatusResponse_httpStatus,++ -- ** GetParametersForImport+ getParametersForImport_keyId,+ getParametersForImport_wrappingAlgorithm,+ getParametersForImport_wrappingKeySpec,+ getParametersForImportResponse_importToken,+ getParametersForImportResponse_keyId,+ getParametersForImportResponse_parametersValidTo,+ getParametersForImportResponse_publicKey,+ getParametersForImportResponse_httpStatus,++ -- ** GetPublicKey+ getPublicKey_grantTokens,+ getPublicKey_keyId,+ getPublicKeyResponse_customerMasterKeySpec,+ getPublicKeyResponse_encryptionAlgorithms,+ getPublicKeyResponse_keyId,+ getPublicKeyResponse_keySpec,+ getPublicKeyResponse_keyUsage,+ getPublicKeyResponse_publicKey,+ getPublicKeyResponse_signingAlgorithms,+ getPublicKeyResponse_httpStatus,++ -- ** ImportKeyMaterial+ importKeyMaterial_expirationModel,+ importKeyMaterial_validTo,+ importKeyMaterial_keyId,+ importKeyMaterial_importToken,+ importKeyMaterial_encryptedKeyMaterial,+ importKeyMaterialResponse_httpStatus,++ -- ** ListAliases+ listAliases_keyId,+ listAliases_limit,+ listAliases_marker,+ listAliasesResponse_aliases,+ listAliasesResponse_nextMarker,+ listAliasesResponse_truncated,+ listAliasesResponse_httpStatus,++ -- ** ListGrants+ listGrants_grantId,+ listGrants_granteePrincipal,+ listGrants_limit,+ listGrants_marker,+ listGrants_keyId,+ listGrantsResponse_grants,+ listGrantsResponse_nextMarker,+ listGrantsResponse_truncated,++ -- ** ListKeyPolicies+ listKeyPolicies_limit,+ listKeyPolicies_marker,+ listKeyPolicies_keyId,+ listKeyPoliciesResponse_nextMarker,+ listKeyPoliciesResponse_policyNames,+ listKeyPoliciesResponse_truncated,+ listKeyPoliciesResponse_httpStatus,++ -- ** ListKeys+ listKeys_limit,+ listKeys_marker,+ listKeysResponse_keys,+ listKeysResponse_nextMarker,+ listKeysResponse_truncated,+ listKeysResponse_httpStatus,++ -- ** ListResourceTags+ listResourceTags_limit,+ listResourceTags_marker,+ listResourceTags_keyId,+ listResourceTagsResponse_nextMarker,+ listResourceTagsResponse_tags,+ listResourceTagsResponse_truncated,+ listResourceTagsResponse_httpStatus,++ -- ** ListRetirableGrants+ listRetirableGrants_limit,+ listRetirableGrants_marker,+ listRetirableGrants_retiringPrincipal,+ listGrantsResponse_grants,+ listGrantsResponse_nextMarker,+ listGrantsResponse_truncated,++ -- ** PutKeyPolicy+ putKeyPolicy_bypassPolicyLockoutSafetyCheck,+ putKeyPolicy_keyId,+ putKeyPolicy_policyName,+ putKeyPolicy_policy,++ -- ** ReEncrypt+ reEncrypt_destinationEncryptionAlgorithm,+ reEncrypt_destinationEncryptionContext,+ reEncrypt_grantTokens,+ reEncrypt_sourceEncryptionAlgorithm,+ reEncrypt_sourceEncryptionContext,+ reEncrypt_sourceKeyId,+ reEncrypt_ciphertextBlob,+ reEncrypt_destinationKeyId,+ reEncryptResponse_ciphertextBlob,+ reEncryptResponse_destinationEncryptionAlgorithm,+ reEncryptResponse_keyId,+ reEncryptResponse_sourceEncryptionAlgorithm,+ reEncryptResponse_sourceKeyId,+ reEncryptResponse_httpStatus,++ -- ** ReplicateKey+ replicateKey_bypassPolicyLockoutSafetyCheck,+ replicateKey_description,+ replicateKey_policy,+ replicateKey_tags,+ replicateKey_keyId,+ replicateKey_replicaRegion,+ replicateKeyResponse_replicaKeyMetadata,+ replicateKeyResponse_replicaPolicy,+ replicateKeyResponse_replicaTags,+ replicateKeyResponse_httpStatus,++ -- ** RetireGrant+ retireGrant_grantId,+ retireGrant_grantToken,+ retireGrant_keyId,++ -- ** RevokeGrant+ revokeGrant_keyId,+ revokeGrant_grantId,++ -- ** ScheduleKeyDeletion+ scheduleKeyDeletion_pendingWindowInDays,+ scheduleKeyDeletion_keyId,+ scheduleKeyDeletionResponse_deletionDate,+ scheduleKeyDeletionResponse_keyId,+ scheduleKeyDeletionResponse_keyState,+ scheduleKeyDeletionResponse_pendingWindowInDays,+ scheduleKeyDeletionResponse_httpStatus,++ -- ** Sign+ sign_grantTokens,+ sign_messageType,+ sign_keyId,+ sign_message,+ sign_signingAlgorithm,+ signResponse_keyId,+ signResponse_signature,+ signResponse_signingAlgorithm,+ signResponse_httpStatus,++ -- ** TagResource+ tagResource_keyId,+ tagResource_tags,++ -- ** UntagResource+ untagResource_keyId,+ untagResource_tagKeys,++ -- ** UpdateAlias+ updateAlias_aliasName,+ updateAlias_targetKeyId,++ -- ** UpdateCustomKeyStore+ updateCustomKeyStore_cloudHsmClusterId,+ updateCustomKeyStore_keyStorePassword,+ updateCustomKeyStore_newCustomKeyStoreName,+ updateCustomKeyStore_xksProxyAuthenticationCredential,+ updateCustomKeyStore_xksProxyConnectivity,+ updateCustomKeyStore_xksProxyUriEndpoint,+ updateCustomKeyStore_xksProxyUriPath,+ updateCustomKeyStore_xksProxyVpcEndpointServiceName,+ updateCustomKeyStore_customKeyStoreId,+ updateCustomKeyStoreResponse_httpStatus,++ -- ** UpdateKeyDescription+ updateKeyDescription_keyId,+ updateKeyDescription_description,++ -- ** UpdatePrimaryRegion+ updatePrimaryRegion_keyId,+ updatePrimaryRegion_primaryRegion,++ -- ** Verify+ verify_grantTokens,+ verify_messageType,+ verify_keyId,+ verify_message,+ verify_signature,+ verify_signingAlgorithm,+ verifyResponse_keyId,+ verifyResponse_signatureValid,+ verifyResponse_signingAlgorithm,+ verifyResponse_httpStatus,++ -- ** VerifyMac+ verifyMac_grantTokens,+ verifyMac_message,+ verifyMac_keyId,+ verifyMac_macAlgorithm,+ verifyMac_mac,+ verifyMacResponse_keyId,+ verifyMacResponse_macAlgorithm,+ verifyMacResponse_macValid,+ verifyMacResponse_httpStatus,++ -- * Types++ -- ** AliasListEntry+ aliasListEntry_aliasArn,+ aliasListEntry_aliasName,+ aliasListEntry_creationDate,+ aliasListEntry_lastUpdatedDate,+ aliasListEntry_targetKeyId,++ -- ** CustomKeyStoresListEntry+ customKeyStoresListEntry_cloudHsmClusterId,+ customKeyStoresListEntry_connectionErrorCode,+ customKeyStoresListEntry_connectionState,+ customKeyStoresListEntry_creationDate,+ customKeyStoresListEntry_customKeyStoreId,+ customKeyStoresListEntry_customKeyStoreName,+ customKeyStoresListEntry_customKeyStoreType,+ customKeyStoresListEntry_trustAnchorCertificate,+ customKeyStoresListEntry_xksProxyConfiguration,++ -- ** GrantConstraints+ grantConstraints_encryptionContextEquals,+ grantConstraints_encryptionContextSubset,++ -- ** GrantListEntry+ grantListEntry_constraints,+ grantListEntry_creationDate,+ grantListEntry_grantId,+ grantListEntry_granteePrincipal,+ grantListEntry_issuingAccount,+ grantListEntry_keyId,+ grantListEntry_name,+ grantListEntry_operations,+ grantListEntry_retiringPrincipal,++ -- ** KeyListEntry+ keyListEntry_keyArn,+ keyListEntry_keyId,++ -- ** KeyMetadata+ keyMetadata_aWSAccountId,+ keyMetadata_arn,+ keyMetadata_cloudHsmClusterId,+ keyMetadata_creationDate,+ keyMetadata_customKeyStoreId,+ keyMetadata_customerMasterKeySpec,+ keyMetadata_deletionDate,+ keyMetadata_description,+ keyMetadata_enabled,+ keyMetadata_encryptionAlgorithms,+ keyMetadata_expirationModel,+ keyMetadata_keyManager,+ keyMetadata_keySpec,+ keyMetadata_keyState,+ keyMetadata_keyUsage,+ keyMetadata_macAlgorithms,+ keyMetadata_multiRegion,+ keyMetadata_multiRegionConfiguration,+ keyMetadata_origin,+ keyMetadata_pendingDeletionWindowInDays,+ keyMetadata_signingAlgorithms,+ keyMetadata_validTo,+ keyMetadata_xksKeyConfiguration,+ keyMetadata_keyId,++ -- ** ListGrantsResponse+ listGrantsResponse_grants,+ listGrantsResponse_nextMarker,+ listGrantsResponse_truncated,++ -- ** MultiRegionConfiguration+ multiRegionConfiguration_multiRegionKeyType,+ multiRegionConfiguration_primaryKey,+ multiRegionConfiguration_replicaKeys,++ -- ** MultiRegionKey+ multiRegionKey_arn,+ multiRegionKey_region,++ -- ** Tag+ tag_tagKey,+ tag_tagValue,++ -- ** XksKeyConfigurationType+ xksKeyConfigurationType_id,++ -- ** XksProxyAuthenticationCredentialType+ xksProxyAuthenticationCredentialType_accessKeyId,+ xksProxyAuthenticationCredentialType_rawSecretAccessKey,++ -- ** XksProxyConfigurationType+ xksProxyConfigurationType_accessKeyId,+ xksProxyConfigurationType_connectivity,+ xksProxyConfigurationType_uriEndpoint,+ xksProxyConfigurationType_uriPath,+ xksProxyConfigurationType_vpcEndpointServiceName,+ )+where++import Amazonka.KMS.CancelKeyDeletion+import Amazonka.KMS.ConnectCustomKeyStore+import Amazonka.KMS.CreateAlias+import Amazonka.KMS.CreateCustomKeyStore+import Amazonka.KMS.CreateGrant+import Amazonka.KMS.CreateKey+import Amazonka.KMS.Decrypt+import Amazonka.KMS.DeleteAlias+import Amazonka.KMS.DeleteCustomKeyStore+import Amazonka.KMS.DeleteImportedKeyMaterial+import Amazonka.KMS.DescribeCustomKeyStores+import Amazonka.KMS.DescribeKey+import Amazonka.KMS.DisableKey+import Amazonka.KMS.DisableKeyRotation+import Amazonka.KMS.DisconnectCustomKeyStore+import Amazonka.KMS.EnableKey+import Amazonka.KMS.EnableKeyRotation+import Amazonka.KMS.Encrypt+import Amazonka.KMS.GenerateDataKey+import Amazonka.KMS.GenerateDataKeyPair+import Amazonka.KMS.GenerateDataKeyPairWithoutPlaintext+import Amazonka.KMS.GenerateDataKeyWithoutPlaintext+import Amazonka.KMS.GenerateMac+import Amazonka.KMS.GenerateRandom+import Amazonka.KMS.GetKeyPolicy+import Amazonka.KMS.GetKeyRotationStatus+import Amazonka.KMS.GetParametersForImport+import Amazonka.KMS.GetPublicKey+import Amazonka.KMS.ImportKeyMaterial+import Amazonka.KMS.ListAliases+import Amazonka.KMS.ListGrants+import Amazonka.KMS.ListKeyPolicies+import Amazonka.KMS.ListKeys+import Amazonka.KMS.ListResourceTags+import Amazonka.KMS.ListRetirableGrants+import Amazonka.KMS.PutKeyPolicy+import Amazonka.KMS.ReEncrypt+import Amazonka.KMS.ReplicateKey+import Amazonka.KMS.RetireGrant+import Amazonka.KMS.RevokeGrant+import Amazonka.KMS.ScheduleKeyDeletion+import Amazonka.KMS.Sign+import Amazonka.KMS.TagResource+import Amazonka.KMS.Types.AliasListEntry+import Amazonka.KMS.Types.CustomKeyStoresListEntry+import Amazonka.KMS.Types.GrantConstraints+import Amazonka.KMS.Types.GrantListEntry+import Amazonka.KMS.Types.KeyListEntry+import Amazonka.KMS.Types.KeyMetadata+import Amazonka.KMS.Types.ListGrantsResponse+import Amazonka.KMS.Types.MultiRegionConfiguration+import Amazonka.KMS.Types.MultiRegionKey+import Amazonka.KMS.Types.Tag+import Amazonka.KMS.Types.XksKeyConfigurationType+import Amazonka.KMS.Types.XksProxyAuthenticationCredentialType+import Amazonka.KMS.Types.XksProxyConfigurationType+import Amazonka.KMS.UntagResource+import Amazonka.KMS.UpdateAlias+import Amazonka.KMS.UpdateCustomKeyStore+import Amazonka.KMS.UpdateKeyDescription+import Amazonka.KMS.UpdatePrimaryRegion+import Amazonka.KMS.Verify+import Amazonka.KMS.VerifyMac
+ gen/Amazonka/KMS/ListAliases.hs view
@@ -0,0 +1,359 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ListAliases+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Gets a list of aliases in the caller\'s Amazon Web Services account and+-- region. For more information about aliases, see CreateAlias.+--+-- By default, the @ListAliases@ operation returns all aliases in the+-- account and region. To get only the aliases associated with a particular+-- KMS key, use the @KeyId@ parameter.+--+-- The @ListAliases@ response can include aliases that you created and+-- associated with your customer managed keys, and aliases that Amazon Web+-- Services created and associated with Amazon Web Services managed keys in+-- your account. You can recognize Amazon Web Services aliases because+-- their names have the format @aws\/\<service-name>@, such as+-- @aws\/dynamodb@.+--+-- The response might also include aliases that have no @TargetKeyId@+-- field. These are predefined aliases that Amazon Web Services has created+-- but has not yet associated with a KMS key. Aliases that Amazon Web+-- Services creates in your account, including predefined aliases, do not+-- count against your+-- <https://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit KMS aliases quota>.+--+-- __Cross-account use__: No. @ListAliases@ does not return aliases in+-- other Amazon Web Services accounts.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ListAliases>+-- (IAM policy)+--+-- For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access Controlling access to aliases>+-- in the /Key Management Service Developer Guide/.+--+-- __Related operations:__+--+-- - CreateAlias+--+-- - DeleteAlias+--+-- - UpdateAlias+--+-- This operation returns paginated results.+module Amazonka.KMS.ListAliases+ ( -- * Creating a Request+ ListAliases (..),+ newListAliases,++ -- * Request Lenses+ listAliases_keyId,+ listAliases_limit,+ listAliases_marker,++ -- * Destructuring the Response+ ListAliasesResponse (..),+ newListAliasesResponse,++ -- * Response Lenses+ listAliasesResponse_aliases,+ listAliasesResponse_nextMarker,+ listAliasesResponse_truncated,+ listAliasesResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListAliases' smart constructor.+data ListAliases = ListAliases'+ { -- | Lists only aliases that are associated with the specified KMS key. Enter+ -- a KMS key in your Amazon Web Services account.+ --+ -- This parameter is optional. If you omit it, @ListAliases@ returns all+ -- aliases in the account and Region.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | Use this parameter to specify the maximum number of items to return.+ -- When this value is present, KMS does not return more than the specified+ -- number of items, but it might return fewer.+ --+ -- This value is optional. If you include a value, it must be between 1 and+ -- 100, inclusive. If you do not include a value, it defaults to 50.+ limit :: Prelude.Maybe Prelude.Natural,+ -- | Use this parameter in a subsequent request after you receive a response+ -- with truncated results. Set it to the value of @NextMarker@ from the+ -- truncated response you just received.+ marker :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListAliases' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'listAliases_keyId' - Lists only aliases that are associated with the specified KMS key. Enter+-- a KMS key in your Amazon Web Services account.+--+-- This parameter is optional. If you omit it, @ListAliases@ returns all+-- aliases in the account and Region.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'limit', 'listAliases_limit' - Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 100, inclusive. If you do not include a value, it defaults to 50.+--+-- 'marker', 'listAliases_marker' - Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+newListAliases ::+ ListAliases+newListAliases =+ ListAliases'+ { keyId = Prelude.Nothing,+ limit = Prelude.Nothing,+ marker = Prelude.Nothing+ }++-- | Lists only aliases that are associated with the specified KMS key. Enter+-- a KMS key in your Amazon Web Services account.+--+-- This parameter is optional. If you omit it, @ListAliases@ returns all+-- aliases in the account and Region.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+listAliases_keyId :: Lens.Lens' ListAliases (Prelude.Maybe Prelude.Text)+listAliases_keyId = Lens.lens (\ListAliases' {keyId} -> keyId) (\s@ListAliases' {} a -> s {keyId = a} :: ListAliases)++-- | Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 100, inclusive. If you do not include a value, it defaults to 50.+listAliases_limit :: Lens.Lens' ListAliases (Prelude.Maybe Prelude.Natural)+listAliases_limit = Lens.lens (\ListAliases' {limit} -> limit) (\s@ListAliases' {} a -> s {limit = a} :: ListAliases)++-- | Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+listAliases_marker :: Lens.Lens' ListAliases (Prelude.Maybe Prelude.Text)+listAliases_marker = Lens.lens (\ListAliases' {marker} -> marker) (\s@ListAliases' {} a -> s {marker = a} :: ListAliases)++instance Core.AWSPager ListAliases where+ page rq rs+ | Core.stop+ ( rs+ Lens.^? listAliasesResponse_truncated+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.isNothing+ ( rs+ Lens.^? listAliasesResponse_nextMarker+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.otherwise =+ Prelude.Just+ Prelude.$ rq+ Prelude.& listAliases_marker+ Lens..~ rs+ Lens.^? listAliasesResponse_nextMarker+ Prelude.. Lens._Just++instance Core.AWSRequest ListAliases where+ type AWSResponse ListAliases = ListAliasesResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ ListAliasesResponse'+ Prelude.<$> (x Data..?> "Aliases" Core..!@ Prelude.mempty)+ Prelude.<*> (x Data..?> "NextMarker")+ Prelude.<*> (x Data..?> "Truncated")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable ListAliases where+ hashWithSalt _salt ListAliases' {..} =+ _salt+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` limit+ `Prelude.hashWithSalt` marker++instance Prelude.NFData ListAliases where+ rnf ListAliases' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf limit+ `Prelude.seq` Prelude.rnf marker++instance Data.ToHeaders ListAliases where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.ListAliases" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ListAliases where+ toJSON ListAliases' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("KeyId" Data..=) Prelude.<$> keyId,+ ("Limit" Data..=) Prelude.<$> limit,+ ("Marker" Data..=) Prelude.<$> marker+ ]+ )++instance Data.ToPath ListAliases where+ toPath = Prelude.const "/"++instance Data.ToQuery ListAliases where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newListAliasesResponse' smart constructor.+data ListAliasesResponse = ListAliasesResponse'+ { -- | A list of aliases.+ aliases :: Prelude.Maybe [AliasListEntry],+ -- | When @Truncated@ is true, this element is present and contains the value+ -- to use for the @Marker@ parameter in a subsequent request.+ nextMarker :: Prelude.Maybe Prelude.Text,+ -- | A flag that indicates whether there are more items in the list. When+ -- this value is true, the list in this response is truncated. To get more+ -- items, pass the value of the @NextMarker@ element in thisresponse to the+ -- @Marker@ parameter in a subsequent request.+ truncated :: Prelude.Maybe Prelude.Bool,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListAliasesResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'aliases', 'listAliasesResponse_aliases' - A list of aliases.+--+-- 'nextMarker', 'listAliasesResponse_nextMarker' - When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+--+-- 'truncated', 'listAliasesResponse_truncated' - A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+--+-- 'httpStatus', 'listAliasesResponse_httpStatus' - The response's http status code.+newListAliasesResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ ListAliasesResponse+newListAliasesResponse pHttpStatus_ =+ ListAliasesResponse'+ { aliases = Prelude.Nothing,+ nextMarker = Prelude.Nothing,+ truncated = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | A list of aliases.+listAliasesResponse_aliases :: Lens.Lens' ListAliasesResponse (Prelude.Maybe [AliasListEntry])+listAliasesResponse_aliases = Lens.lens (\ListAliasesResponse' {aliases} -> aliases) (\s@ListAliasesResponse' {} a -> s {aliases = a} :: ListAliasesResponse) Prelude.. Lens.mapping Lens.coerced++-- | When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+listAliasesResponse_nextMarker :: Lens.Lens' ListAliasesResponse (Prelude.Maybe Prelude.Text)+listAliasesResponse_nextMarker = Lens.lens (\ListAliasesResponse' {nextMarker} -> nextMarker) (\s@ListAliasesResponse' {} a -> s {nextMarker = a} :: ListAliasesResponse)++-- | A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+listAliasesResponse_truncated :: Lens.Lens' ListAliasesResponse (Prelude.Maybe Prelude.Bool)+listAliasesResponse_truncated = Lens.lens (\ListAliasesResponse' {truncated} -> truncated) (\s@ListAliasesResponse' {} a -> s {truncated = a} :: ListAliasesResponse)++-- | The response's http status code.+listAliasesResponse_httpStatus :: Lens.Lens' ListAliasesResponse Prelude.Int+listAliasesResponse_httpStatus = Lens.lens (\ListAliasesResponse' {httpStatus} -> httpStatus) (\s@ListAliasesResponse' {} a -> s {httpStatus = a} :: ListAliasesResponse)++instance Prelude.NFData ListAliasesResponse where+ rnf ListAliasesResponse' {..} =+ Prelude.rnf aliases+ `Prelude.seq` Prelude.rnf nextMarker+ `Prelude.seq` Prelude.rnf truncated+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/ListGrants.hs view
@@ -0,0 +1,302 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ListGrants+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Gets a list of all grants for the specified KMS key.+--+-- You must specify the KMS key in all requests. You can filter the grant+-- list by grant ID or grantee principal.+--+-- For detailed information about grants, including grant terminology, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants in KMS>+-- in the //Key Management Service Developer Guide// . For examples of+-- working with grants in several programming languages, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.+--+-- The @GranteePrincipal@ field in the @ListGrants@ response usually+-- contains the user or role designated as the grantee principal in the+-- grant. However, when the grantee principal in the grant is an Amazon Web+-- Services service, the @GranteePrincipal@ field contains the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services service principal>,+-- which might represent several different grantee principals.+--+-- __Cross-account use__: Yes. To perform this operation on a KMS key in a+-- different Amazon Web Services account, specify the key ARN in the value+-- of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ListGrants>+-- (key policy)+--+-- __Related operations:__+--+-- - CreateGrant+--+-- - ListRetirableGrants+--+-- - RetireGrant+--+-- - RevokeGrant+--+-- This operation returns paginated results.+module Amazonka.KMS.ListGrants+ ( -- * Creating a Request+ ListGrants (..),+ newListGrants,++ -- * Request Lenses+ listGrants_grantId,+ listGrants_granteePrincipal,+ listGrants_limit,+ listGrants_marker,+ listGrants_keyId,++ -- * Destructuring the Response+ ListGrantsResponse (..),+ newListGrantsResponse,++ -- * Response Lenses+ listGrantsResponse_grants,+ listGrantsResponse_nextMarker,+ listGrantsResponse_truncated,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListGrants' smart constructor.+data ListGrants = ListGrants'+ { -- | Returns only the grant with the specified grant ID. The grant ID+ -- uniquely identifies the grant.+ grantId :: Prelude.Maybe Prelude.Text,+ -- | Returns only grants where the specified principal is the grantee+ -- principal for the grant.+ granteePrincipal :: Prelude.Maybe Prelude.Text,+ -- | Use this parameter to specify the maximum number of items to return.+ -- When this value is present, KMS does not return more than the specified+ -- number of items, but it might return fewer.+ --+ -- This value is optional. If you include a value, it must be between 1 and+ -- 100, inclusive. If you do not include a value, it defaults to 50.+ limit :: Prelude.Maybe Prelude.Natural,+ -- | Use this parameter in a subsequent request after you receive a response+ -- with truncated results. Set it to the value of @NextMarker@ from the+ -- truncated response you just received.+ marker :: Prelude.Maybe Prelude.Text,+ -- | Returns only grants for the specified KMS key. This parameter is+ -- required.+ --+ -- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+ -- different Amazon Web Services account, you must use the key ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListGrants' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grantId', 'listGrants_grantId' - Returns only the grant with the specified grant ID. The grant ID+-- uniquely identifies the grant.+--+-- 'granteePrincipal', 'listGrants_granteePrincipal' - Returns only grants where the specified principal is the grantee+-- principal for the grant.+--+-- 'limit', 'listGrants_limit' - Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 100, inclusive. If you do not include a value, it defaults to 50.+--+-- 'marker', 'listGrants_marker' - Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+--+-- 'keyId', 'listGrants_keyId' - Returns only grants for the specified KMS key. This parameter is+-- required.+--+-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+-- different Amazon Web Services account, you must use the key ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newListGrants ::+ -- | 'keyId'+ Prelude.Text ->+ ListGrants+newListGrants pKeyId_ =+ ListGrants'+ { grantId = Prelude.Nothing,+ granteePrincipal = Prelude.Nothing,+ limit = Prelude.Nothing,+ marker = Prelude.Nothing,+ keyId = pKeyId_+ }++-- | Returns only the grant with the specified grant ID. The grant ID+-- uniquely identifies the grant.+listGrants_grantId :: Lens.Lens' ListGrants (Prelude.Maybe Prelude.Text)+listGrants_grantId = Lens.lens (\ListGrants' {grantId} -> grantId) (\s@ListGrants' {} a -> s {grantId = a} :: ListGrants)++-- | Returns only grants where the specified principal is the grantee+-- principal for the grant.+listGrants_granteePrincipal :: Lens.Lens' ListGrants (Prelude.Maybe Prelude.Text)+listGrants_granteePrincipal = Lens.lens (\ListGrants' {granteePrincipal} -> granteePrincipal) (\s@ListGrants' {} a -> s {granteePrincipal = a} :: ListGrants)++-- | Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 100, inclusive. If you do not include a value, it defaults to 50.+listGrants_limit :: Lens.Lens' ListGrants (Prelude.Maybe Prelude.Natural)+listGrants_limit = Lens.lens (\ListGrants' {limit} -> limit) (\s@ListGrants' {} a -> s {limit = a} :: ListGrants)++-- | Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+listGrants_marker :: Lens.Lens' ListGrants (Prelude.Maybe Prelude.Text)+listGrants_marker = Lens.lens (\ListGrants' {marker} -> marker) (\s@ListGrants' {} a -> s {marker = a} :: ListGrants)++-- | Returns only grants for the specified KMS key. This parameter is+-- required.+--+-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+-- different Amazon Web Services account, you must use the key ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+listGrants_keyId :: Lens.Lens' ListGrants Prelude.Text+listGrants_keyId = Lens.lens (\ListGrants' {keyId} -> keyId) (\s@ListGrants' {} a -> s {keyId = a} :: ListGrants)++instance Core.AWSPager ListGrants where+ page rq rs+ | Core.stop+ ( rs+ Lens.^? listGrantsResponse_truncated+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.isNothing+ ( rs+ Lens.^? listGrantsResponse_nextMarker+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.otherwise =+ Prelude.Just+ Prelude.$ rq+ Prelude.& listGrants_marker+ Lens..~ rs+ Lens.^? listGrantsResponse_nextMarker+ Prelude.. Lens._Just++instance Core.AWSRequest ListGrants where+ type AWSResponse ListGrants = ListGrantsResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ (\s h x -> Data.eitherParseJSON x)++instance Prelude.Hashable ListGrants where+ hashWithSalt _salt ListGrants' {..} =+ _salt+ `Prelude.hashWithSalt` grantId+ `Prelude.hashWithSalt` granteePrincipal+ `Prelude.hashWithSalt` limit+ `Prelude.hashWithSalt` marker+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData ListGrants where+ rnf ListGrants' {..} =+ Prelude.rnf grantId+ `Prelude.seq` Prelude.rnf granteePrincipal+ `Prelude.seq` Prelude.rnf limit+ `Prelude.seq` Prelude.rnf marker+ `Prelude.seq` Prelude.rnf keyId++instance Data.ToHeaders ListGrants where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.ListGrants" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ListGrants where+ toJSON ListGrants' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("GrantId" Data..=) Prelude.<$> grantId,+ ("GranteePrincipal" Data..=)+ Prelude.<$> granteePrincipal,+ ("Limit" Data..=) Prelude.<$> limit,+ ("Marker" Data..=) Prelude.<$> marker,+ Prelude.Just ("KeyId" Data..= keyId)+ ]+ )++instance Data.ToPath ListGrants where+ toPath = Prelude.const "/"++instance Data.ToQuery ListGrants where+ toQuery = Prelude.const Prelude.mempty
+ gen/Amazonka/KMS/ListKeyPolicies.hs view
@@ -0,0 +1,338 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ListKeyPolicies+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Gets the names of the key policies that are attached to a KMS key. This+-- operation is designed to get policy names that you can use in a+-- GetKeyPolicy operation. However, the only valid policy name is+-- @default@.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ListKeyPolicies>+-- (key policy)+--+-- __Related operations:__+--+-- - GetKeyPolicy+--+-- - PutKeyPolicy+--+-- This operation returns paginated results.+module Amazonka.KMS.ListKeyPolicies+ ( -- * Creating a Request+ ListKeyPolicies (..),+ newListKeyPolicies,++ -- * Request Lenses+ listKeyPolicies_limit,+ listKeyPolicies_marker,+ listKeyPolicies_keyId,++ -- * Destructuring the Response+ ListKeyPoliciesResponse (..),+ newListKeyPoliciesResponse,++ -- * Response Lenses+ listKeyPoliciesResponse_nextMarker,+ listKeyPoliciesResponse_policyNames,+ listKeyPoliciesResponse_truncated,+ listKeyPoliciesResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListKeyPolicies' smart constructor.+data ListKeyPolicies = ListKeyPolicies'+ { -- | Use this parameter to specify the maximum number of items to return.+ -- When this value is present, KMS does not return more than the specified+ -- number of items, but it might return fewer.+ --+ -- This value is optional. If you include a value, it must be between 1 and+ -- 1000, inclusive. If you do not include a value, it defaults to 100.+ --+ -- Only one policy can be attached to a key.+ limit :: Prelude.Maybe Prelude.Natural,+ -- | Use this parameter in a subsequent request after you receive a response+ -- with truncated results. Set it to the value of @NextMarker@ from the+ -- truncated response you just received.+ marker :: Prelude.Maybe Prelude.Text,+ -- | Gets the names of key policies for the specified KMS key.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListKeyPolicies' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'limit', 'listKeyPolicies_limit' - Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 1000, inclusive. If you do not include a value, it defaults to 100.+--+-- Only one policy can be attached to a key.+--+-- 'marker', 'listKeyPolicies_marker' - Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+--+-- 'keyId', 'listKeyPolicies_keyId' - Gets the names of key policies for the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newListKeyPolicies ::+ -- | 'keyId'+ Prelude.Text ->+ ListKeyPolicies+newListKeyPolicies pKeyId_ =+ ListKeyPolicies'+ { limit = Prelude.Nothing,+ marker = Prelude.Nothing,+ keyId = pKeyId_+ }++-- | Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 1000, inclusive. If you do not include a value, it defaults to 100.+--+-- Only one policy can be attached to a key.+listKeyPolicies_limit :: Lens.Lens' ListKeyPolicies (Prelude.Maybe Prelude.Natural)+listKeyPolicies_limit = Lens.lens (\ListKeyPolicies' {limit} -> limit) (\s@ListKeyPolicies' {} a -> s {limit = a} :: ListKeyPolicies)++-- | Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+listKeyPolicies_marker :: Lens.Lens' ListKeyPolicies (Prelude.Maybe Prelude.Text)+listKeyPolicies_marker = Lens.lens (\ListKeyPolicies' {marker} -> marker) (\s@ListKeyPolicies' {} a -> s {marker = a} :: ListKeyPolicies)++-- | Gets the names of key policies for the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+listKeyPolicies_keyId :: Lens.Lens' ListKeyPolicies Prelude.Text+listKeyPolicies_keyId = Lens.lens (\ListKeyPolicies' {keyId} -> keyId) (\s@ListKeyPolicies' {} a -> s {keyId = a} :: ListKeyPolicies)++instance Core.AWSPager ListKeyPolicies where+ page rq rs+ | Core.stop+ ( rs+ Lens.^? listKeyPoliciesResponse_truncated+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.isNothing+ ( rs+ Lens.^? listKeyPoliciesResponse_nextMarker+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.otherwise =+ Prelude.Just+ Prelude.$ rq+ Prelude.& listKeyPolicies_marker+ Lens..~ rs+ Lens.^? listKeyPoliciesResponse_nextMarker+ Prelude.. Lens._Just++instance Core.AWSRequest ListKeyPolicies where+ type+ AWSResponse ListKeyPolicies =+ ListKeyPoliciesResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ ListKeyPoliciesResponse'+ Prelude.<$> (x Data..?> "NextMarker")+ Prelude.<*> (x Data..?> "PolicyNames" Core..!@ Prelude.mempty)+ Prelude.<*> (x Data..?> "Truncated")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable ListKeyPolicies where+ hashWithSalt _salt ListKeyPolicies' {..} =+ _salt+ `Prelude.hashWithSalt` limit+ `Prelude.hashWithSalt` marker+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData ListKeyPolicies where+ rnf ListKeyPolicies' {..} =+ Prelude.rnf limit+ `Prelude.seq` Prelude.rnf marker+ `Prelude.seq` Prelude.rnf keyId++instance Data.ToHeaders ListKeyPolicies where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.ListKeyPolicies" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ListKeyPolicies where+ toJSON ListKeyPolicies' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("Limit" Data..=) Prelude.<$> limit,+ ("Marker" Data..=) Prelude.<$> marker,+ Prelude.Just ("KeyId" Data..= keyId)+ ]+ )++instance Data.ToPath ListKeyPolicies where+ toPath = Prelude.const "/"++instance Data.ToQuery ListKeyPolicies where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newListKeyPoliciesResponse' smart constructor.+data ListKeyPoliciesResponse = ListKeyPoliciesResponse'+ { -- | When @Truncated@ is true, this element is present and contains the value+ -- to use for the @Marker@ parameter in a subsequent request.+ nextMarker :: Prelude.Maybe Prelude.Text,+ -- | A list of key policy names. The only valid value is @default@.+ policyNames :: Prelude.Maybe [Prelude.Text],+ -- | A flag that indicates whether there are more items in the list. When+ -- this value is true, the list in this response is truncated. To get more+ -- items, pass the value of the @NextMarker@ element in thisresponse to the+ -- @Marker@ parameter in a subsequent request.+ truncated :: Prelude.Maybe Prelude.Bool,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListKeyPoliciesResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'nextMarker', 'listKeyPoliciesResponse_nextMarker' - When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+--+-- 'policyNames', 'listKeyPoliciesResponse_policyNames' - A list of key policy names. The only valid value is @default@.+--+-- 'truncated', 'listKeyPoliciesResponse_truncated' - A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+--+-- 'httpStatus', 'listKeyPoliciesResponse_httpStatus' - The response's http status code.+newListKeyPoliciesResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ ListKeyPoliciesResponse+newListKeyPoliciesResponse pHttpStatus_ =+ ListKeyPoliciesResponse'+ { nextMarker =+ Prelude.Nothing,+ policyNames = Prelude.Nothing,+ truncated = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+listKeyPoliciesResponse_nextMarker :: Lens.Lens' ListKeyPoliciesResponse (Prelude.Maybe Prelude.Text)+listKeyPoliciesResponse_nextMarker = Lens.lens (\ListKeyPoliciesResponse' {nextMarker} -> nextMarker) (\s@ListKeyPoliciesResponse' {} a -> s {nextMarker = a} :: ListKeyPoliciesResponse)++-- | A list of key policy names. The only valid value is @default@.+listKeyPoliciesResponse_policyNames :: Lens.Lens' ListKeyPoliciesResponse (Prelude.Maybe [Prelude.Text])+listKeyPoliciesResponse_policyNames = Lens.lens (\ListKeyPoliciesResponse' {policyNames} -> policyNames) (\s@ListKeyPoliciesResponse' {} a -> s {policyNames = a} :: ListKeyPoliciesResponse) Prelude.. Lens.mapping Lens.coerced++-- | A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+listKeyPoliciesResponse_truncated :: Lens.Lens' ListKeyPoliciesResponse (Prelude.Maybe Prelude.Bool)+listKeyPoliciesResponse_truncated = Lens.lens (\ListKeyPoliciesResponse' {truncated} -> truncated) (\s@ListKeyPoliciesResponse' {} a -> s {truncated = a} :: ListKeyPoliciesResponse)++-- | The response's http status code.+listKeyPoliciesResponse_httpStatus :: Lens.Lens' ListKeyPoliciesResponse Prelude.Int+listKeyPoliciesResponse_httpStatus = Lens.lens (\ListKeyPoliciesResponse' {httpStatus} -> httpStatus) (\s@ListKeyPoliciesResponse' {} a -> s {httpStatus = a} :: ListKeyPoliciesResponse)++instance Prelude.NFData ListKeyPoliciesResponse where+ rnf ListKeyPoliciesResponse' {..} =+ Prelude.rnf nextMarker+ `Prelude.seq` Prelude.rnf policyNames+ `Prelude.seq` Prelude.rnf truncated+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/ListKeys.hs view
@@ -0,0 +1,277 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ListKeys+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Gets a list of all KMS keys in the caller\'s Amazon Web Services account+-- and Region.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ListKeys>+-- (IAM policy)+--+-- __Related operations:__+--+-- - CreateKey+--+-- - DescribeKey+--+-- - ListAliases+--+-- - ListResourceTags+--+-- This operation returns paginated results.+module Amazonka.KMS.ListKeys+ ( -- * Creating a Request+ ListKeys (..),+ newListKeys,++ -- * Request Lenses+ listKeys_limit,+ listKeys_marker,++ -- * Destructuring the Response+ ListKeysResponse (..),+ newListKeysResponse,++ -- * Response Lenses+ listKeysResponse_keys,+ listKeysResponse_nextMarker,+ listKeysResponse_truncated,+ listKeysResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListKeys' smart constructor.+data ListKeys = ListKeys'+ { -- | Use this parameter to specify the maximum number of items to return.+ -- When this value is present, KMS does not return more than the specified+ -- number of items, but it might return fewer.+ --+ -- This value is optional. If you include a value, it must be between 1 and+ -- 1000, inclusive. If you do not include a value, it defaults to 100.+ limit :: Prelude.Maybe Prelude.Natural,+ -- | Use this parameter in a subsequent request after you receive a response+ -- with truncated results. Set it to the value of @NextMarker@ from the+ -- truncated response you just received.+ marker :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListKeys' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'limit', 'listKeys_limit' - Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 1000, inclusive. If you do not include a value, it defaults to 100.+--+-- 'marker', 'listKeys_marker' - Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+newListKeys ::+ ListKeys+newListKeys =+ ListKeys'+ { limit = Prelude.Nothing,+ marker = Prelude.Nothing+ }++-- | Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 1000, inclusive. If you do not include a value, it defaults to 100.+listKeys_limit :: Lens.Lens' ListKeys (Prelude.Maybe Prelude.Natural)+listKeys_limit = Lens.lens (\ListKeys' {limit} -> limit) (\s@ListKeys' {} a -> s {limit = a} :: ListKeys)++-- | Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+listKeys_marker :: Lens.Lens' ListKeys (Prelude.Maybe Prelude.Text)+listKeys_marker = Lens.lens (\ListKeys' {marker} -> marker) (\s@ListKeys' {} a -> s {marker = a} :: ListKeys)++instance Core.AWSPager ListKeys where+ page rq rs+ | Core.stop+ ( rs+ Lens.^? listKeysResponse_truncated+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.isNothing+ ( rs+ Lens.^? listKeysResponse_nextMarker+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.otherwise =+ Prelude.Just+ Prelude.$ rq+ Prelude.& listKeys_marker+ Lens..~ rs+ Lens.^? listKeysResponse_nextMarker+ Prelude.. Lens._Just++instance Core.AWSRequest ListKeys where+ type AWSResponse ListKeys = ListKeysResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ ListKeysResponse'+ Prelude.<$> (x Data..?> "Keys" Core..!@ Prelude.mempty)+ Prelude.<*> (x Data..?> "NextMarker")+ Prelude.<*> (x Data..?> "Truncated")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable ListKeys where+ hashWithSalt _salt ListKeys' {..} =+ _salt+ `Prelude.hashWithSalt` limit+ `Prelude.hashWithSalt` marker++instance Prelude.NFData ListKeys where+ rnf ListKeys' {..} =+ Prelude.rnf limit `Prelude.seq` Prelude.rnf marker++instance Data.ToHeaders ListKeys where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.ListKeys" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ListKeys where+ toJSON ListKeys' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("Limit" Data..=) Prelude.<$> limit,+ ("Marker" Data..=) Prelude.<$> marker+ ]+ )++instance Data.ToPath ListKeys where+ toPath = Prelude.const "/"++instance Data.ToQuery ListKeys where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newListKeysResponse' smart constructor.+data ListKeysResponse = ListKeysResponse'+ { -- | A list of KMS keys.+ keys :: Prelude.Maybe [KeyListEntry],+ -- | When @Truncated@ is true, this element is present and contains the value+ -- to use for the @Marker@ parameter in a subsequent request.+ nextMarker :: Prelude.Maybe Prelude.Text,+ -- | A flag that indicates whether there are more items in the list. When+ -- this value is true, the list in this response is truncated. To get more+ -- items, pass the value of the @NextMarker@ element in thisresponse to the+ -- @Marker@ parameter in a subsequent request.+ truncated :: Prelude.Maybe Prelude.Bool,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListKeysResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keys', 'listKeysResponse_keys' - A list of KMS keys.+--+-- 'nextMarker', 'listKeysResponse_nextMarker' - When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+--+-- 'truncated', 'listKeysResponse_truncated' - A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+--+-- 'httpStatus', 'listKeysResponse_httpStatus' - The response's http status code.+newListKeysResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ ListKeysResponse+newListKeysResponse pHttpStatus_ =+ ListKeysResponse'+ { keys = Prelude.Nothing,+ nextMarker = Prelude.Nothing,+ truncated = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | A list of KMS keys.+listKeysResponse_keys :: Lens.Lens' ListKeysResponse (Prelude.Maybe [KeyListEntry])+listKeysResponse_keys = Lens.lens (\ListKeysResponse' {keys} -> keys) (\s@ListKeysResponse' {} a -> s {keys = a} :: ListKeysResponse) Prelude.. Lens.mapping Lens.coerced++-- | When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+listKeysResponse_nextMarker :: Lens.Lens' ListKeysResponse (Prelude.Maybe Prelude.Text)+listKeysResponse_nextMarker = Lens.lens (\ListKeysResponse' {nextMarker} -> nextMarker) (\s@ListKeysResponse' {} a -> s {nextMarker = a} :: ListKeysResponse)++-- | A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+listKeysResponse_truncated :: Lens.Lens' ListKeysResponse (Prelude.Maybe Prelude.Bool)+listKeysResponse_truncated = Lens.lens (\ListKeysResponse' {truncated} -> truncated) (\s@ListKeysResponse' {} a -> s {truncated = a} :: ListKeysResponse)++-- | The response's http status code.+listKeysResponse_httpStatus :: Lens.Lens' ListKeysResponse Prelude.Int+listKeysResponse_httpStatus = Lens.lens (\ListKeysResponse' {httpStatus} -> httpStatus) (\s@ListKeysResponse' {} a -> s {httpStatus = a} :: ListKeysResponse)++instance Prelude.NFData ListKeysResponse where+ rnf ListKeysResponse' {..} =+ Prelude.rnf keys+ `Prelude.seq` Prelude.rnf nextMarker+ `Prelude.seq` Prelude.rnf truncated+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/ListResourceTags.hs view
@@ -0,0 +1,369 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ListResourceTags+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns all tags on the specified KMS key.+--+-- For general information about tags, including the format and syntax, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html Tagging Amazon Web Services resources>+-- in the /Amazon Web Services General Reference/. For information about+-- using tags in KMS, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging keys>.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ListResourceTags>+-- (key policy)+--+-- __Related operations:__+--+-- - CreateKey+--+-- - ReplicateKey+--+-- - TagResource+--+-- - UntagResource+--+-- This operation returns paginated results.+module Amazonka.KMS.ListResourceTags+ ( -- * Creating a Request+ ListResourceTags (..),+ newListResourceTags,++ -- * Request Lenses+ listResourceTags_limit,+ listResourceTags_marker,+ listResourceTags_keyId,++ -- * Destructuring the Response+ ListResourceTagsResponse (..),+ newListResourceTagsResponse,++ -- * Response Lenses+ listResourceTagsResponse_nextMarker,+ listResourceTagsResponse_tags,+ listResourceTagsResponse_truncated,+ listResourceTagsResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListResourceTags' smart constructor.+data ListResourceTags = ListResourceTags'+ { -- | Use this parameter to specify the maximum number of items to return.+ -- When this value is present, KMS does not return more than the specified+ -- number of items, but it might return fewer.+ --+ -- This value is optional. If you include a value, it must be between 1 and+ -- 50, inclusive. If you do not include a value, it defaults to 50.+ limit :: Prelude.Maybe Prelude.Natural,+ -- | Use this parameter in a subsequent request after you receive a response+ -- with truncated results. Set it to the value of @NextMarker@ from the+ -- truncated response you just received.+ --+ -- Do not attempt to construct this value. Use only the value of+ -- @NextMarker@ from the truncated response you just received.+ marker :: Prelude.Maybe Prelude.Text,+ -- | Gets tags on the specified KMS key.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListResourceTags' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'limit', 'listResourceTags_limit' - Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 50, inclusive. If you do not include a value, it defaults to 50.+--+-- 'marker', 'listResourceTags_marker' - Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+--+-- Do not attempt to construct this value. Use only the value of+-- @NextMarker@ from the truncated response you just received.+--+-- 'keyId', 'listResourceTags_keyId' - Gets tags on the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newListResourceTags ::+ -- | 'keyId'+ Prelude.Text ->+ ListResourceTags+newListResourceTags pKeyId_ =+ ListResourceTags'+ { limit = Prelude.Nothing,+ marker = Prelude.Nothing,+ keyId = pKeyId_+ }++-- | Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 50, inclusive. If you do not include a value, it defaults to 50.+listResourceTags_limit :: Lens.Lens' ListResourceTags (Prelude.Maybe Prelude.Natural)+listResourceTags_limit = Lens.lens (\ListResourceTags' {limit} -> limit) (\s@ListResourceTags' {} a -> s {limit = a} :: ListResourceTags)++-- | Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+--+-- Do not attempt to construct this value. Use only the value of+-- @NextMarker@ from the truncated response you just received.+listResourceTags_marker :: Lens.Lens' ListResourceTags (Prelude.Maybe Prelude.Text)+listResourceTags_marker = Lens.lens (\ListResourceTags' {marker} -> marker) (\s@ListResourceTags' {} a -> s {marker = a} :: ListResourceTags)++-- | Gets tags on the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+listResourceTags_keyId :: Lens.Lens' ListResourceTags Prelude.Text+listResourceTags_keyId = Lens.lens (\ListResourceTags' {keyId} -> keyId) (\s@ListResourceTags' {} a -> s {keyId = a} :: ListResourceTags)++instance Core.AWSPager ListResourceTags where+ page rq rs+ | Core.stop+ ( rs+ Lens.^? listResourceTagsResponse_truncated+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.isNothing+ ( rs+ Lens.^? listResourceTagsResponse_nextMarker+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.otherwise =+ Prelude.Just+ Prelude.$ rq+ Prelude.& listResourceTags_marker+ Lens..~ rs+ Lens.^? listResourceTagsResponse_nextMarker+ Prelude.. Lens._Just++instance Core.AWSRequest ListResourceTags where+ type+ AWSResponse ListResourceTags =+ ListResourceTagsResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ ListResourceTagsResponse'+ Prelude.<$> (x Data..?> "NextMarker")+ Prelude.<*> (x Data..?> "Tags" Core..!@ Prelude.mempty)+ Prelude.<*> (x Data..?> "Truncated")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable ListResourceTags where+ hashWithSalt _salt ListResourceTags' {..} =+ _salt+ `Prelude.hashWithSalt` limit+ `Prelude.hashWithSalt` marker+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData ListResourceTags where+ rnf ListResourceTags' {..} =+ Prelude.rnf limit+ `Prelude.seq` Prelude.rnf marker+ `Prelude.seq` Prelude.rnf keyId++instance Data.ToHeaders ListResourceTags where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.ListResourceTags" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ListResourceTags where+ toJSON ListResourceTags' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("Limit" Data..=) Prelude.<$> limit,+ ("Marker" Data..=) Prelude.<$> marker,+ Prelude.Just ("KeyId" Data..= keyId)+ ]+ )++instance Data.ToPath ListResourceTags where+ toPath = Prelude.const "/"++instance Data.ToQuery ListResourceTags where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newListResourceTagsResponse' smart constructor.+data ListResourceTagsResponse = ListResourceTagsResponse'+ { -- | When @Truncated@ is true, this element is present and contains the value+ -- to use for the @Marker@ parameter in a subsequent request.+ --+ -- Do not assume or infer any information from this value.+ nextMarker :: Prelude.Maybe Prelude.Text,+ -- | A list of tags. Each tag consists of a tag key and a tag value.+ --+ -- Tagging or untagging a KMS key can allow or deny permission to the KMS+ -- key. For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+ -- in the /Key Management Service Developer Guide/.+ tags :: Prelude.Maybe [Tag],+ -- | A flag that indicates whether there are more items in the list. When+ -- this value is true, the list in this response is truncated. To get more+ -- items, pass the value of the @NextMarker@ element in thisresponse to the+ -- @Marker@ parameter in a subsequent request.+ truncated :: Prelude.Maybe Prelude.Bool,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListResourceTagsResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'nextMarker', 'listResourceTagsResponse_nextMarker' - When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+--+-- Do not assume or infer any information from this value.+--+-- 'tags', 'listResourceTagsResponse_tags' - A list of tags. Each tag consists of a tag key and a tag value.+--+-- Tagging or untagging a KMS key can allow or deny permission to the KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- 'truncated', 'listResourceTagsResponse_truncated' - A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+--+-- 'httpStatus', 'listResourceTagsResponse_httpStatus' - The response's http status code.+newListResourceTagsResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ ListResourceTagsResponse+newListResourceTagsResponse pHttpStatus_ =+ ListResourceTagsResponse'+ { nextMarker =+ Prelude.Nothing,+ tags = Prelude.Nothing,+ truncated = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+--+-- Do not assume or infer any information from this value.+listResourceTagsResponse_nextMarker :: Lens.Lens' ListResourceTagsResponse (Prelude.Maybe Prelude.Text)+listResourceTagsResponse_nextMarker = Lens.lens (\ListResourceTagsResponse' {nextMarker} -> nextMarker) (\s@ListResourceTagsResponse' {} a -> s {nextMarker = a} :: ListResourceTagsResponse)++-- | A list of tags. Each tag consists of a tag key and a tag value.+--+-- Tagging or untagging a KMS key can allow or deny permission to the KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+listResourceTagsResponse_tags :: Lens.Lens' ListResourceTagsResponse (Prelude.Maybe [Tag])+listResourceTagsResponse_tags = Lens.lens (\ListResourceTagsResponse' {tags} -> tags) (\s@ListResourceTagsResponse' {} a -> s {tags = a} :: ListResourceTagsResponse) Prelude.. Lens.mapping Lens.coerced++-- | A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+listResourceTagsResponse_truncated :: Lens.Lens' ListResourceTagsResponse (Prelude.Maybe Prelude.Bool)+listResourceTagsResponse_truncated = Lens.lens (\ListResourceTagsResponse' {truncated} -> truncated) (\s@ListResourceTagsResponse' {} a -> s {truncated = a} :: ListResourceTagsResponse)++-- | The response's http status code.+listResourceTagsResponse_httpStatus :: Lens.Lens' ListResourceTagsResponse Prelude.Int+listResourceTagsResponse_httpStatus = Lens.lens (\ListResourceTagsResponse' {httpStatus} -> httpStatus) (\s@ListResourceTagsResponse' {} a -> s {httpStatus = a} :: ListResourceTagsResponse)++instance Prelude.NFData ListResourceTagsResponse where+ rnf ListResourceTagsResponse' {..} =+ Prelude.rnf nextMarker+ `Prelude.seq` Prelude.rnf tags+ `Prelude.seq` Prelude.rnf truncated+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/ListRetirableGrants.hs view
@@ -0,0 +1,264 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ListRetirableGrants+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Returns information about all grants in the Amazon Web Services account+-- and Region that have the specified retiring principal.+--+-- You can specify any principal in your Amazon Web Services account. The+-- grants that are returned include grants for KMS keys in your Amazon Web+-- Services account and other Amazon Web Services accounts. You might use+-- this operation to determine which grants you may retire. To retire a+-- grant, use the RetireGrant operation.+--+-- For detailed information about grants, including grant terminology, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants in KMS>+-- in the //Key Management Service Developer Guide// . For examples of+-- working with grants in several programming languages, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.+--+-- __Cross-account use__: You must specify a principal in your Amazon Web+-- Services account. However, this operation can return grants in any+-- Amazon Web Services account. You do not need @kms:ListRetirableGrants@+-- permission (or any other additional permission) in any Amazon Web+-- Services account other than your own.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ListRetirableGrants>+-- (IAM policy) in your Amazon Web Services account.+--+-- __Related operations:__+--+-- - CreateGrant+--+-- - ListGrants+--+-- - RetireGrant+--+-- - RevokeGrant+--+-- This operation returns paginated results.+module Amazonka.KMS.ListRetirableGrants+ ( -- * Creating a Request+ ListRetirableGrants (..),+ newListRetirableGrants,++ -- * Request Lenses+ listRetirableGrants_limit,+ listRetirableGrants_marker,+ listRetirableGrants_retiringPrincipal,++ -- * Destructuring the Response+ ListGrantsResponse (..),+ newListGrantsResponse,++ -- * Response Lenses+ listGrantsResponse_grants,+ listGrantsResponse_nextMarker,+ listGrantsResponse_truncated,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newListRetirableGrants' smart constructor.+data ListRetirableGrants = ListRetirableGrants'+ { -- | Use this parameter to specify the maximum number of items to return.+ -- When this value is present, KMS does not return more than the specified+ -- number of items, but it might return fewer.+ --+ -- This value is optional. If you include a value, it must be between 1 and+ -- 100, inclusive. If you do not include a value, it defaults to 50.+ limit :: Prelude.Maybe Prelude.Natural,+ -- | Use this parameter in a subsequent request after you receive a response+ -- with truncated results. Set it to the value of @NextMarker@ from the+ -- truncated response you just received.+ marker :: Prelude.Maybe Prelude.Text,+ -- | The retiring principal for which to list grants. Enter a principal in+ -- your Amazon Web Services account.+ --+ -- To specify the retiring principal, use the+ -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+ -- of an Amazon Web Services principal. Valid Amazon Web Services+ -- principals include Amazon Web Services accounts (root), IAM users,+ -- federated users, and assumed role users. For examples of the ARN syntax+ -- for specifying a principal, see+ -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>+ -- in the Example ARNs section of the /Amazon Web Services General+ -- Reference/.+ retiringPrincipal :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListRetirableGrants' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'limit', 'listRetirableGrants_limit' - Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 100, inclusive. If you do not include a value, it defaults to 50.+--+-- 'marker', 'listRetirableGrants_marker' - Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+--+-- 'retiringPrincipal', 'listRetirableGrants_retiringPrincipal' - The retiring principal for which to list grants. Enter a principal in+-- your Amazon Web Services account.+--+-- To specify the retiring principal, use the+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+-- of an Amazon Web Services principal. Valid Amazon Web Services+-- principals include Amazon Web Services accounts (root), IAM users,+-- federated users, and assumed role users. For examples of the ARN syntax+-- for specifying a principal, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>+-- in the Example ARNs section of the /Amazon Web Services General+-- Reference/.+newListRetirableGrants ::+ -- | 'retiringPrincipal'+ Prelude.Text ->+ ListRetirableGrants+newListRetirableGrants pRetiringPrincipal_ =+ ListRetirableGrants'+ { limit = Prelude.Nothing,+ marker = Prelude.Nothing,+ retiringPrincipal = pRetiringPrincipal_+ }++-- | Use this parameter to specify the maximum number of items to return.+-- When this value is present, KMS does not return more than the specified+-- number of items, but it might return fewer.+--+-- This value is optional. If you include a value, it must be between 1 and+-- 100, inclusive. If you do not include a value, it defaults to 50.+listRetirableGrants_limit :: Lens.Lens' ListRetirableGrants (Prelude.Maybe Prelude.Natural)+listRetirableGrants_limit = Lens.lens (\ListRetirableGrants' {limit} -> limit) (\s@ListRetirableGrants' {} a -> s {limit = a} :: ListRetirableGrants)++-- | Use this parameter in a subsequent request after you receive a response+-- with truncated results. Set it to the value of @NextMarker@ from the+-- truncated response you just received.+listRetirableGrants_marker :: Lens.Lens' ListRetirableGrants (Prelude.Maybe Prelude.Text)+listRetirableGrants_marker = Lens.lens (\ListRetirableGrants' {marker} -> marker) (\s@ListRetirableGrants' {} a -> s {marker = a} :: ListRetirableGrants)++-- | The retiring principal for which to list grants. Enter a principal in+-- your Amazon Web Services account.+--+-- To specify the retiring principal, use the+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)>+-- of an Amazon Web Services principal. Valid Amazon Web Services+-- principals include Amazon Web Services accounts (root), IAM users,+-- federated users, and assumed role users. For examples of the ARN syntax+-- for specifying a principal, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam Amazon Web Services Identity and Access Management (IAM)>+-- in the Example ARNs section of the /Amazon Web Services General+-- Reference/.+listRetirableGrants_retiringPrincipal :: Lens.Lens' ListRetirableGrants Prelude.Text+listRetirableGrants_retiringPrincipal = Lens.lens (\ListRetirableGrants' {retiringPrincipal} -> retiringPrincipal) (\s@ListRetirableGrants' {} a -> s {retiringPrincipal = a} :: ListRetirableGrants)++instance Core.AWSPager ListRetirableGrants where+ page rq rs+ | Core.stop+ ( rs+ Lens.^? listGrantsResponse_truncated+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.isNothing+ ( rs+ Lens.^? listGrantsResponse_nextMarker+ Prelude.. Lens._Just+ ) =+ Prelude.Nothing+ | Prelude.otherwise =+ Prelude.Just+ Prelude.$ rq+ Prelude.& listRetirableGrants_marker+ Lens..~ rs+ Lens.^? listGrantsResponse_nextMarker+ Prelude.. Lens._Just++instance Core.AWSRequest ListRetirableGrants where+ type+ AWSResponse ListRetirableGrants =+ ListGrantsResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ (\s h x -> Data.eitherParseJSON x)++instance Prelude.Hashable ListRetirableGrants where+ hashWithSalt _salt ListRetirableGrants' {..} =+ _salt+ `Prelude.hashWithSalt` limit+ `Prelude.hashWithSalt` marker+ `Prelude.hashWithSalt` retiringPrincipal++instance Prelude.NFData ListRetirableGrants where+ rnf ListRetirableGrants' {..} =+ Prelude.rnf limit+ `Prelude.seq` Prelude.rnf marker+ `Prelude.seq` Prelude.rnf retiringPrincipal++instance Data.ToHeaders ListRetirableGrants where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.ListRetirableGrants" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ListRetirableGrants where+ toJSON ListRetirableGrants' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("Limit" Data..=) Prelude.<$> limit,+ ("Marker" Data..=) Prelude.<$> marker,+ Prelude.Just+ ("RetiringPrincipal" Data..= retiringPrincipal)+ ]+ )++instance Data.ToPath ListRetirableGrants where+ toPath = Prelude.const "/"++instance Data.ToQuery ListRetirableGrants where+ toQuery = Prelude.const Prelude.mempty
+ gen/Amazonka/KMS/PutKeyPolicy.hs view
@@ -0,0 +1,391 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.PutKeyPolicy+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Attaches a key policy to the specified KMS key.+--+-- For more information about key policies, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html Key Policies>+-- in the /Key Management Service Developer Guide/. For help writing and+-- formatting a JSON policy document, see the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+-- in the //Identity and Access Management User Guide// . For examples of+-- adding a key policy in multiple programming languages, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-key-policies.html#put-policy Setting a key policy>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:PutKeyPolicy>+-- (key policy)+--+-- __Related operations__: GetKeyPolicy+module Amazonka.KMS.PutKeyPolicy+ ( -- * Creating a Request+ PutKeyPolicy (..),+ newPutKeyPolicy,++ -- * Request Lenses+ putKeyPolicy_bypassPolicyLockoutSafetyCheck,+ putKeyPolicy_keyId,+ putKeyPolicy_policyName,+ putKeyPolicy_policy,++ -- * Destructuring the Response+ PutKeyPolicyResponse (..),+ newPutKeyPolicyResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newPutKeyPolicy' smart constructor.+data PutKeyPolicy = PutKeyPolicy'+ { -- | A flag to indicate whether to bypass the key policy lockout safety+ -- check.+ --+ -- Setting this value to true increases the risk that the KMS key becomes+ -- unmanageable. Do not set this value to true indiscriminately.+ --+ -- For more information, refer to the scenario in the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+ -- section in the /Key Management Service Developer Guide/.+ --+ -- Use this parameter only when you intend to prevent the principal that is+ -- making the request from making a subsequent @PutKeyPolicy@ request on+ -- the KMS key.+ --+ -- The default value is false.+ bypassPolicyLockoutSafetyCheck :: Prelude.Maybe Prelude.Bool,+ -- | Sets the key policy on the specified KMS key.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | The name of the key policy. The only valid value is @default@.+ policyName :: Prelude.Text,+ -- | The key policy to attach to the KMS key.+ --+ -- The key policy must meet the following criteria:+ --+ -- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key+ -- policy must allow the principal that is making the @PutKeyPolicy@+ -- request to make a subsequent @PutKeyPolicy@ request on the KMS key.+ -- This reduces the risk that the KMS key becomes unmanageable. For+ -- more information, refer to the scenario in the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+ -- section of the /Key Management Service Developer Guide/.+ --+ -- - Each statement in the key policy must contain one or more+ -- principals. The principals in the key policy must exist and be+ -- visible to KMS. When you create a new Amazon Web Services principal+ -- (for example, an IAM user or role), you might need to enforce a+ -- delay before including the new principal in a key policy because the+ -- new principal might not be immediately visible to KMS. For more+ -- information, see+ -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible>+ -- in the /Amazon Web Services Identity and Access Management User+ -- Guide/.+ --+ -- A key policy document can include only the following characters:+ --+ -- - Printable ASCII characters from the space character (@\\u0020@)+ -- through the end of the ASCII character range.+ --+ -- - Printable characters in the Basic Latin and Latin-1 Supplement+ -- character set (through @\\u00FF@).+ --+ -- - The tab (@\\u0009@), line feed (@\\u000A@), and carriage return+ -- (@\\u000D@) special characters+ --+ -- For information about key policies, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html Key policies in KMS>+ -- in the /Key Management Service Developer Guide/.For help writing and+ -- formatting a JSON policy document, see the+ -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+ -- in the //Identity and Access Management User Guide// .+ policy :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'PutKeyPolicy' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'bypassPolicyLockoutSafetyCheck', 'putKeyPolicy_bypassPolicyLockoutSafetyCheck' - A flag to indicate whether to bypass the key policy lockout safety+-- check.+--+-- Setting this value to true increases the risk that the KMS key becomes+-- unmanageable. Do not set this value to true indiscriminately.+--+-- For more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section in the /Key Management Service Developer Guide/.+--+-- Use this parameter only when you intend to prevent the principal that is+-- making the request from making a subsequent @PutKeyPolicy@ request on+-- the KMS key.+--+-- The default value is false.+--+-- 'keyId', 'putKeyPolicy_keyId' - Sets the key policy on the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'policyName', 'putKeyPolicy_policyName' - The name of the key policy. The only valid value is @default@.+--+-- 'policy', 'putKeyPolicy_policy' - The key policy to attach to the KMS key.+--+-- The key policy must meet the following criteria:+--+-- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key+-- policy must allow the principal that is making the @PutKeyPolicy@+-- request to make a subsequent @PutKeyPolicy@ request on the KMS key.+-- This reduces the risk that the KMS key becomes unmanageable. For+-- more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section of the /Key Management Service Developer Guide/.+--+-- - Each statement in the key policy must contain one or more+-- principals. The principals in the key policy must exist and be+-- visible to KMS. When you create a new Amazon Web Services principal+-- (for example, an IAM user or role), you might need to enforce a+-- delay before including the new principal in a key policy because the+-- new principal might not be immediately visible to KMS. For more+-- information, see+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible>+-- in the /Amazon Web Services Identity and Access Management User+-- Guide/.+--+-- A key policy document can include only the following characters:+--+-- - Printable ASCII characters from the space character (@\\u0020@)+-- through the end of the ASCII character range.+--+-- - Printable characters in the Basic Latin and Latin-1 Supplement+-- character set (through @\\u00FF@).+--+-- - The tab (@\\u0009@), line feed (@\\u000A@), and carriage return+-- (@\\u000D@) special characters+--+-- For information about key policies, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html Key policies in KMS>+-- in the /Key Management Service Developer Guide/.For help writing and+-- formatting a JSON policy document, see the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+-- in the //Identity and Access Management User Guide// .+newPutKeyPolicy ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'policyName'+ Prelude.Text ->+ -- | 'policy'+ Prelude.Text ->+ PutKeyPolicy+newPutKeyPolicy pKeyId_ pPolicyName_ pPolicy_ =+ PutKeyPolicy'+ { bypassPolicyLockoutSafetyCheck =+ Prelude.Nothing,+ keyId = pKeyId_,+ policyName = pPolicyName_,+ policy = pPolicy_+ }++-- | A flag to indicate whether to bypass the key policy lockout safety+-- check.+--+-- Setting this value to true increases the risk that the KMS key becomes+-- unmanageable. Do not set this value to true indiscriminately.+--+-- For more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section in the /Key Management Service Developer Guide/.+--+-- Use this parameter only when you intend to prevent the principal that is+-- making the request from making a subsequent @PutKeyPolicy@ request on+-- the KMS key.+--+-- The default value is false.+putKeyPolicy_bypassPolicyLockoutSafetyCheck :: Lens.Lens' PutKeyPolicy (Prelude.Maybe Prelude.Bool)+putKeyPolicy_bypassPolicyLockoutSafetyCheck = Lens.lens (\PutKeyPolicy' {bypassPolicyLockoutSafetyCheck} -> bypassPolicyLockoutSafetyCheck) (\s@PutKeyPolicy' {} a -> s {bypassPolicyLockoutSafetyCheck = a} :: PutKeyPolicy)++-- | Sets the key policy on the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+putKeyPolicy_keyId :: Lens.Lens' PutKeyPolicy Prelude.Text+putKeyPolicy_keyId = Lens.lens (\PutKeyPolicy' {keyId} -> keyId) (\s@PutKeyPolicy' {} a -> s {keyId = a} :: PutKeyPolicy)++-- | The name of the key policy. The only valid value is @default@.+putKeyPolicy_policyName :: Lens.Lens' PutKeyPolicy Prelude.Text+putKeyPolicy_policyName = Lens.lens (\PutKeyPolicy' {policyName} -> policyName) (\s@PutKeyPolicy' {} a -> s {policyName = a} :: PutKeyPolicy)++-- | The key policy to attach to the KMS key.+--+-- The key policy must meet the following criteria:+--+-- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key+-- policy must allow the principal that is making the @PutKeyPolicy@+-- request to make a subsequent @PutKeyPolicy@ request on the KMS key.+-- This reduces the risk that the KMS key becomes unmanageable. For+-- more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section of the /Key Management Service Developer Guide/.+--+-- - Each statement in the key policy must contain one or more+-- principals. The principals in the key policy must exist and be+-- visible to KMS. When you create a new Amazon Web Services principal+-- (for example, an IAM user or role), you might need to enforce a+-- delay before including the new principal in a key policy because the+-- new principal might not be immediately visible to KMS. For more+-- information, see+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible>+-- in the /Amazon Web Services Identity and Access Management User+-- Guide/.+--+-- A key policy document can include only the following characters:+--+-- - Printable ASCII characters from the space character (@\\u0020@)+-- through the end of the ASCII character range.+--+-- - Printable characters in the Basic Latin and Latin-1 Supplement+-- character set (through @\\u00FF@).+--+-- - The tab (@\\u0009@), line feed (@\\u000A@), and carriage return+-- (@\\u000D@) special characters+--+-- For information about key policies, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html Key policies in KMS>+-- in the /Key Management Service Developer Guide/.For help writing and+-- formatting a JSON policy document, see the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+-- in the //Identity and Access Management User Guide// .+putKeyPolicy_policy :: Lens.Lens' PutKeyPolicy Prelude.Text+putKeyPolicy_policy = Lens.lens (\PutKeyPolicy' {policy} -> policy) (\s@PutKeyPolicy' {} a -> s {policy = a} :: PutKeyPolicy)++instance Core.AWSRequest PutKeyPolicy where+ type AWSResponse PutKeyPolicy = PutKeyPolicyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response = Response.receiveNull PutKeyPolicyResponse'++instance Prelude.Hashable PutKeyPolicy where+ hashWithSalt _salt PutKeyPolicy' {..} =+ _salt+ `Prelude.hashWithSalt` bypassPolicyLockoutSafetyCheck+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` policyName+ `Prelude.hashWithSalt` policy++instance Prelude.NFData PutKeyPolicy where+ rnf PutKeyPolicy' {..} =+ Prelude.rnf bypassPolicyLockoutSafetyCheck+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf policyName+ `Prelude.seq` Prelude.rnf policy++instance Data.ToHeaders PutKeyPolicy where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.PutKeyPolicy" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON PutKeyPolicy where+ toJSON PutKeyPolicy' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("BypassPolicyLockoutSafetyCheck" Data..=)+ Prelude.<$> bypassPolicyLockoutSafetyCheck,+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("PolicyName" Data..= policyName),+ Prelude.Just ("Policy" Data..= policy)+ ]+ )++instance Data.ToPath PutKeyPolicy where+ toPath = Prelude.const "/"++instance Data.ToQuery PutKeyPolicy where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newPutKeyPolicyResponse' smart constructor.+data PutKeyPolicyResponse = PutKeyPolicyResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'PutKeyPolicyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newPutKeyPolicyResponse ::+ PutKeyPolicyResponse+newPutKeyPolicyResponse = PutKeyPolicyResponse'++instance Prelude.NFData PutKeyPolicyResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/ReEncrypt.hs view
@@ -0,0 +1,760 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ReEncrypt+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Decrypts ciphertext and then reencrypts it entirely within KMS. You can+-- use this operation to change the KMS key under which data is encrypted,+-- such as when you+-- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotate-keys-manually manually rotate>+-- a KMS key or change the KMS key that protects a ciphertext. You can also+-- use it to reencrypt ciphertext under the same KMS key, such as to change+-- the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context encryption context>+-- of a ciphertext.+--+-- The @ReEncrypt@ operation can decrypt ciphertext that was encrypted by+-- using a KMS key in an KMS operation, such as Encrypt or GenerateDataKey.+-- It can also decrypt ciphertext that was encrypted by using the public+-- key of an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#asymmetric-cmks asymmetric KMS key>+-- outside of KMS. However, it cannot decrypt ciphertext produced by other+-- libraries, such as the+-- <https://docs.aws.amazon.com/encryption-sdk/latest/developer-guide/ Amazon Web Services Encryption SDK>+-- or+-- <https://docs.aws.amazon.com/AmazonS3/latest/dev/UsingClientSideEncryption.html Amazon S3 client-side encryption>.+-- These libraries return a ciphertext format that is incompatible with+-- KMS.+--+-- When you use the @ReEncrypt@ operation, you need to provide information+-- for the decrypt operation and the subsequent encrypt operation.+--+-- - If your ciphertext was encrypted under an asymmetric KMS key, you+-- must use the @SourceKeyId@ parameter to identify the KMS key that+-- encrypted the ciphertext. You must also supply the encryption+-- algorithm that was used. This information is required to decrypt the+-- data.+--+-- - If your ciphertext was encrypted under a symmetric encryption KMS+-- key, the @SourceKeyId@ parameter is optional. KMS can get this+-- information from metadata that it adds to the symmetric ciphertext+-- blob. This feature adds durability to your implementation by+-- ensuring that authorized users can decrypt ciphertext decades after+-- it was encrypted, even if they\'ve lost track of the key ID.+-- However, specifying the source KMS key is always recommended as a+-- best practice. When you use the @SourceKeyId@ parameter to specify a+-- KMS key, KMS uses only the KMS key you specify. If the ciphertext+-- was encrypted under a different KMS key, the @ReEncrypt@ operation+-- fails. This practice ensures that you use the KMS key that you+-- intend.+--+-- - To reencrypt the data, you must use the @DestinationKeyId@ parameter+-- to specify the KMS key that re-encrypts the data after it is+-- decrypted. If the destination KMS key is an asymmetric KMS key, you+-- must also provide the encryption algorithm. The algorithm that you+-- choose must be compatible with the KMS key.+--+-- When you use an asymmetric KMS key to encrypt or reencrypt data, be+-- sure to record the KMS key and encryption algorithm that you choose.+-- You will be required to provide the same KMS key and encryption+-- algorithm when you decrypt the data. If the KMS key and algorithm do+-- not match the values used to encrypt the data, the decrypt operation+-- fails.+--+-- You are not required to supply the key ID and encryption algorithm+-- when you decrypt with symmetric encryption KMS keys because KMS+-- stores this information in the ciphertext blob. KMS cannot store+-- metadata in ciphertext generated with asymmetric keys. The standard+-- format for asymmetric key ciphertext does not include configurable+-- fields.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. The source KMS key and destination KMS key+-- can be in different Amazon Web Services accounts. Either or both KMS+-- keys can be in a different account than the caller. To specify a KMS key+-- in a different account, you must use its key ARN or alias ARN.+--+-- __Required permissions__:+--+-- - <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ReEncryptFrom>+-- permission on the source KMS key (key policy)+--+-- - <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:ReEncryptTo>+-- permission on the destination KMS key (key policy)+--+-- To permit reencryption from or to a KMS key, include the+-- @\"kms:ReEncrypt*\"@ permission in your+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html key policy>.+-- This permission is automatically included in the key policy when you use+-- the console to create a KMS key. But you must include it manually when+-- you create a KMS key programmatically or when you use the PutKeyPolicy+-- operation to set a key policy.+--+-- __Related operations:__+--+-- - Decrypt+--+-- - Encrypt+--+-- - GenerateDataKey+--+-- - GenerateDataKeyPair+module Amazonka.KMS.ReEncrypt+ ( -- * Creating a Request+ ReEncrypt (..),+ newReEncrypt,++ -- * Request Lenses+ reEncrypt_destinationEncryptionAlgorithm,+ reEncrypt_destinationEncryptionContext,+ reEncrypt_grantTokens,+ reEncrypt_sourceEncryptionAlgorithm,+ reEncrypt_sourceEncryptionContext,+ reEncrypt_sourceKeyId,+ reEncrypt_ciphertextBlob,+ reEncrypt_destinationKeyId,++ -- * Destructuring the Response+ ReEncryptResponse (..),+ newReEncryptResponse,++ -- * Response Lenses+ reEncryptResponse_ciphertextBlob,+ reEncryptResponse_destinationEncryptionAlgorithm,+ reEncryptResponse_keyId,+ reEncryptResponse_sourceEncryptionAlgorithm,+ reEncryptResponse_sourceKeyId,+ reEncryptResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newReEncrypt' smart constructor.+data ReEncrypt = ReEncrypt'+ { -- | Specifies the encryption algorithm that KMS will use to reecrypt the+ -- data after it has decrypted it. The default value, @SYMMETRIC_DEFAULT@,+ -- represents the encryption algorithm used for symmetric encryption KMS+ -- keys.+ --+ -- This parameter is required only when the destination KMS key is an+ -- asymmetric KMS key.+ destinationEncryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,+ -- | Specifies that encryption context to use when the reencrypting the data.+ --+ -- A destination encryption context is valid only when the destination KMS+ -- key is a symmetric encryption KMS key. The standard ciphertext format+ -- for asymmetric KMS keys does not include fields for metadata.+ --+ -- An /encryption context/ is a collection of non-secret key-value pairs+ -- that represent additional authenticated data. When you use an encryption+ -- context to encrypt data, you must specify the same (an exact+ -- case-sensitive match) encryption context to decrypt the data. An+ -- encryption context is supported only on operations with symmetric+ -- encryption KMS keys. On operations with symmetric encryption KMS keys,+ -- an encryption context is optional, but it is strongly recommended.+ --+ -- For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+ -- in the /Key Management Service Developer Guide/.+ destinationEncryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),+ -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Specifies the encryption algorithm that KMS will use to decrypt the+ -- ciphertext before it is reencrypted. The default value,+ -- @SYMMETRIC_DEFAULT@, represents the algorithm used for symmetric+ -- encryption KMS keys.+ --+ -- Specify the same algorithm that was used to encrypt the ciphertext. If+ -- you specify a different algorithm, the decrypt attempt fails.+ --+ -- This parameter is required only when the ciphertext was encrypted under+ -- an asymmetric KMS key.+ sourceEncryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,+ -- | Specifies the encryption context to use to decrypt the ciphertext. Enter+ -- the same encryption context that was used to encrypt the ciphertext.+ --+ -- An /encryption context/ is a collection of non-secret key-value pairs+ -- that represent additional authenticated data. When you use an encryption+ -- context to encrypt data, you must specify the same (an exact+ -- case-sensitive match) encryption context to decrypt the data. An+ -- encryption context is supported only on operations with symmetric+ -- encryption KMS keys. On operations with symmetric encryption KMS keys,+ -- an encryption context is optional, but it is strongly recommended.+ --+ -- For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+ -- in the /Key Management Service Developer Guide/.+ sourceEncryptionContext :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),+ -- | Specifies the KMS key that KMS will use to decrypt the ciphertext before+ -- it is re-encrypted.+ --+ -- Enter a key ID of the KMS key that was used to encrypt the ciphertext.+ -- If you identify a different KMS key, the @ReEncrypt@ operation throws an+ -- @IncorrectKeyException@.+ --+ -- This parameter is required only when the ciphertext was encrypted under+ -- an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS+ -- can get the KMS key from metadata that it adds to the symmetric+ -- ciphertext blob. However, it is always recommended as a best practice.+ -- This practice ensures that you use the KMS key that you intend.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ sourceKeyId :: Prelude.Maybe Prelude.Text,+ -- | Ciphertext of the data to reencrypt.+ ciphertextBlob :: Data.Base64,+ -- | A unique identifier for the KMS key that is used to reencrypt the data.+ -- Specify a symmetric encryption KMS key or an asymmetric KMS key with a+ -- @KeyUsage@ value of @ENCRYPT_DECRYPT@. To find the @KeyUsage@ value of a+ -- KMS key, use the DescribeKey operation.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ destinationKeyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ReEncrypt' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'destinationEncryptionAlgorithm', 'reEncrypt_destinationEncryptionAlgorithm' - Specifies the encryption algorithm that KMS will use to reecrypt the+-- data after it has decrypted it. The default value, @SYMMETRIC_DEFAULT@,+-- represents the encryption algorithm used for symmetric encryption KMS+-- keys.+--+-- This parameter is required only when the destination KMS key is an+-- asymmetric KMS key.+--+-- 'destinationEncryptionContext', 'reEncrypt_destinationEncryptionContext' - Specifies that encryption context to use when the reencrypting the data.+--+-- A destination encryption context is valid only when the destination KMS+-- key is a symmetric encryption KMS key. The standard ciphertext format+-- for asymmetric KMS keys does not include fields for metadata.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+--+-- 'grantTokens', 'reEncrypt_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'sourceEncryptionAlgorithm', 'reEncrypt_sourceEncryptionAlgorithm' - Specifies the encryption algorithm that KMS will use to decrypt the+-- ciphertext before it is reencrypted. The default value,+-- @SYMMETRIC_DEFAULT@, represents the algorithm used for symmetric+-- encryption KMS keys.+--+-- Specify the same algorithm that was used to encrypt the ciphertext. If+-- you specify a different algorithm, the decrypt attempt fails.+--+-- This parameter is required only when the ciphertext was encrypted under+-- an asymmetric KMS key.+--+-- 'sourceEncryptionContext', 'reEncrypt_sourceEncryptionContext' - Specifies the encryption context to use to decrypt the ciphertext. Enter+-- the same encryption context that was used to encrypt the ciphertext.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+--+-- 'sourceKeyId', 'reEncrypt_sourceKeyId' - Specifies the KMS key that KMS will use to decrypt the ciphertext before+-- it is re-encrypted.+--+-- Enter a key ID of the KMS key that was used to encrypt the ciphertext.+-- If you identify a different KMS key, the @ReEncrypt@ operation throws an+-- @IncorrectKeyException@.+--+-- This parameter is required only when the ciphertext was encrypted under+-- an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS+-- can get the KMS key from metadata that it adds to the symmetric+-- ciphertext blob. However, it is always recommended as a best practice.+-- This practice ensures that you use the KMS key that you intend.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+--+-- 'ciphertextBlob', 'reEncrypt_ciphertextBlob' - Ciphertext of the data to reencrypt.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'destinationKeyId', 'reEncrypt_destinationKeyId' - A unique identifier for the KMS key that is used to reencrypt the data.+-- Specify a symmetric encryption KMS key or an asymmetric KMS key with a+-- @KeyUsage@ value of @ENCRYPT_DECRYPT@. To find the @KeyUsage@ value of a+-- KMS key, use the DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+newReEncrypt ::+ -- | 'ciphertextBlob'+ Prelude.ByteString ->+ -- | 'destinationKeyId'+ Prelude.Text ->+ ReEncrypt+newReEncrypt pCiphertextBlob_ pDestinationKeyId_ =+ ReEncrypt'+ { destinationEncryptionAlgorithm =+ Prelude.Nothing,+ destinationEncryptionContext = Prelude.Nothing,+ grantTokens = Prelude.Nothing,+ sourceEncryptionAlgorithm = Prelude.Nothing,+ sourceEncryptionContext = Prelude.Nothing,+ sourceKeyId = Prelude.Nothing,+ ciphertextBlob =+ Data._Base64 Lens.# pCiphertextBlob_,+ destinationKeyId = pDestinationKeyId_+ }++-- | Specifies the encryption algorithm that KMS will use to reecrypt the+-- data after it has decrypted it. The default value, @SYMMETRIC_DEFAULT@,+-- represents the encryption algorithm used for symmetric encryption KMS+-- keys.+--+-- This parameter is required only when the destination KMS key is an+-- asymmetric KMS key.+reEncrypt_destinationEncryptionAlgorithm :: Lens.Lens' ReEncrypt (Prelude.Maybe EncryptionAlgorithmSpec)+reEncrypt_destinationEncryptionAlgorithm = Lens.lens (\ReEncrypt' {destinationEncryptionAlgorithm} -> destinationEncryptionAlgorithm) (\s@ReEncrypt' {} a -> s {destinationEncryptionAlgorithm = a} :: ReEncrypt)++-- | Specifies that encryption context to use when the reencrypting the data.+--+-- A destination encryption context is valid only when the destination KMS+-- key is a symmetric encryption KMS key. The standard ciphertext format+-- for asymmetric KMS keys does not include fields for metadata.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+reEncrypt_destinationEncryptionContext :: Lens.Lens' ReEncrypt (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+reEncrypt_destinationEncryptionContext = Lens.lens (\ReEncrypt' {destinationEncryptionContext} -> destinationEncryptionContext) (\s@ReEncrypt' {} a -> s {destinationEncryptionContext = a} :: ReEncrypt) Prelude.. Lens.mapping Lens.coerced++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+reEncrypt_grantTokens :: Lens.Lens' ReEncrypt (Prelude.Maybe [Prelude.Text])+reEncrypt_grantTokens = Lens.lens (\ReEncrypt' {grantTokens} -> grantTokens) (\s@ReEncrypt' {} a -> s {grantTokens = a} :: ReEncrypt) Prelude.. Lens.mapping Lens.coerced++-- | Specifies the encryption algorithm that KMS will use to decrypt the+-- ciphertext before it is reencrypted. The default value,+-- @SYMMETRIC_DEFAULT@, represents the algorithm used for symmetric+-- encryption KMS keys.+--+-- Specify the same algorithm that was used to encrypt the ciphertext. If+-- you specify a different algorithm, the decrypt attempt fails.+--+-- This parameter is required only when the ciphertext was encrypted under+-- an asymmetric KMS key.+reEncrypt_sourceEncryptionAlgorithm :: Lens.Lens' ReEncrypt (Prelude.Maybe EncryptionAlgorithmSpec)+reEncrypt_sourceEncryptionAlgorithm = Lens.lens (\ReEncrypt' {sourceEncryptionAlgorithm} -> sourceEncryptionAlgorithm) (\s@ReEncrypt' {} a -> s {sourceEncryptionAlgorithm = a} :: ReEncrypt)++-- | Specifies the encryption context to use to decrypt the ciphertext. Enter+-- the same encryption context that was used to encrypt the ciphertext.+--+-- An /encryption context/ is a collection of non-secret key-value pairs+-- that represent additional authenticated data. When you use an encryption+-- context to encrypt data, you must specify the same (an exact+-- case-sensitive match) encryption context to decrypt the data. An+-- encryption context is supported only on operations with symmetric+-- encryption KMS keys. On operations with symmetric encryption KMS keys,+-- an encryption context is optional, but it is strongly recommended.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context Encryption context>+-- in the /Key Management Service Developer Guide/.+reEncrypt_sourceEncryptionContext :: Lens.Lens' ReEncrypt (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+reEncrypt_sourceEncryptionContext = Lens.lens (\ReEncrypt' {sourceEncryptionContext} -> sourceEncryptionContext) (\s@ReEncrypt' {} a -> s {sourceEncryptionContext = a} :: ReEncrypt) Prelude.. Lens.mapping Lens.coerced++-- | Specifies the KMS key that KMS will use to decrypt the ciphertext before+-- it is re-encrypted.+--+-- Enter a key ID of the KMS key that was used to encrypt the ciphertext.+-- If you identify a different KMS key, the @ReEncrypt@ operation throws an+-- @IncorrectKeyException@.+--+-- This parameter is required only when the ciphertext was encrypted under+-- an asymmetric KMS key. If you used a symmetric encryption KMS key, KMS+-- can get the KMS key from metadata that it adds to the symmetric+-- ciphertext blob. However, it is always recommended as a best practice.+-- This practice ensures that you use the KMS key that you intend.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+reEncrypt_sourceKeyId :: Lens.Lens' ReEncrypt (Prelude.Maybe Prelude.Text)+reEncrypt_sourceKeyId = Lens.lens (\ReEncrypt' {sourceKeyId} -> sourceKeyId) (\s@ReEncrypt' {} a -> s {sourceKeyId = a} :: ReEncrypt)++-- | Ciphertext of the data to reencrypt.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+reEncrypt_ciphertextBlob :: Lens.Lens' ReEncrypt Prelude.ByteString+reEncrypt_ciphertextBlob = Lens.lens (\ReEncrypt' {ciphertextBlob} -> ciphertextBlob) (\s@ReEncrypt' {} a -> s {ciphertextBlob = a} :: ReEncrypt) Prelude.. Data._Base64++-- | A unique identifier for the KMS key that is used to reencrypt the data.+-- Specify a symmetric encryption KMS key or an asymmetric KMS key with a+-- @KeyUsage@ value of @ENCRYPT_DECRYPT@. To find the @KeyUsage@ value of a+-- KMS key, use the DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+reEncrypt_destinationKeyId :: Lens.Lens' ReEncrypt Prelude.Text+reEncrypt_destinationKeyId = Lens.lens (\ReEncrypt' {destinationKeyId} -> destinationKeyId) (\s@ReEncrypt' {} a -> s {destinationKeyId = a} :: ReEncrypt)++instance Core.AWSRequest ReEncrypt where+ type AWSResponse ReEncrypt = ReEncryptResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ ReEncryptResponse'+ Prelude.<$> (x Data..?> "CiphertextBlob")+ Prelude.<*> (x Data..?> "DestinationEncryptionAlgorithm")+ Prelude.<*> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "SourceEncryptionAlgorithm")+ Prelude.<*> (x Data..?> "SourceKeyId")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable ReEncrypt where+ hashWithSalt _salt ReEncrypt' {..} =+ _salt+ `Prelude.hashWithSalt` destinationEncryptionAlgorithm+ `Prelude.hashWithSalt` destinationEncryptionContext+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` sourceEncryptionAlgorithm+ `Prelude.hashWithSalt` sourceEncryptionContext+ `Prelude.hashWithSalt` sourceKeyId+ `Prelude.hashWithSalt` ciphertextBlob+ `Prelude.hashWithSalt` destinationKeyId++instance Prelude.NFData ReEncrypt where+ rnf ReEncrypt' {..} =+ Prelude.rnf destinationEncryptionAlgorithm+ `Prelude.seq` Prelude.rnf destinationEncryptionContext+ `Prelude.seq` Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf sourceEncryptionAlgorithm+ `Prelude.seq` Prelude.rnf sourceEncryptionContext+ `Prelude.seq` Prelude.rnf sourceKeyId+ `Prelude.seq` Prelude.rnf ciphertextBlob+ `Prelude.seq` Prelude.rnf destinationKeyId++instance Data.ToHeaders ReEncrypt where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.ReEncrypt" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ReEncrypt where+ toJSON ReEncrypt' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("DestinationEncryptionAlgorithm" Data..=)+ Prelude.<$> destinationEncryptionAlgorithm,+ ("DestinationEncryptionContext" Data..=)+ Prelude.<$> destinationEncryptionContext,+ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ ("SourceEncryptionAlgorithm" Data..=)+ Prelude.<$> sourceEncryptionAlgorithm,+ ("SourceEncryptionContext" Data..=)+ Prelude.<$> sourceEncryptionContext,+ ("SourceKeyId" Data..=) Prelude.<$> sourceKeyId,+ Prelude.Just+ ("CiphertextBlob" Data..= ciphertextBlob),+ Prelude.Just+ ("DestinationKeyId" Data..= destinationKeyId)+ ]+ )++instance Data.ToPath ReEncrypt where+ toPath = Prelude.const "/"++instance Data.ToQuery ReEncrypt where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newReEncryptResponse' smart constructor.+data ReEncryptResponse = ReEncryptResponse'+ { -- | The reencrypted data. When you use the HTTP API or the Amazon Web+ -- Services CLI, the value is Base64-encoded. Otherwise, it is not+ -- Base64-encoded.+ ciphertextBlob :: Prelude.Maybe Data.Base64,+ -- | The encryption algorithm that was used to reencrypt the data.+ destinationEncryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,+ -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key that was used to reencrypt the data.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The encryption algorithm that was used to decrypt the ciphertext before+ -- it was reencrypted.+ sourceEncryptionAlgorithm :: Prelude.Maybe EncryptionAlgorithmSpec,+ -- | Unique identifier of the KMS key used to originally encrypt the data.+ sourceKeyId :: Prelude.Maybe Prelude.Text,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ReEncryptResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'ciphertextBlob', 'reEncryptResponse_ciphertextBlob' - The reencrypted data. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'destinationEncryptionAlgorithm', 'reEncryptResponse_destinationEncryptionAlgorithm' - The encryption algorithm that was used to reencrypt the data.+--+-- 'keyId', 'reEncryptResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that was used to reencrypt the data.+--+-- 'sourceEncryptionAlgorithm', 'reEncryptResponse_sourceEncryptionAlgorithm' - The encryption algorithm that was used to decrypt the ciphertext before+-- it was reencrypted.+--+-- 'sourceKeyId', 'reEncryptResponse_sourceKeyId' - Unique identifier of the KMS key used to originally encrypt the data.+--+-- 'httpStatus', 'reEncryptResponse_httpStatus' - The response's http status code.+newReEncryptResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ ReEncryptResponse+newReEncryptResponse pHttpStatus_ =+ ReEncryptResponse'+ { ciphertextBlob =+ Prelude.Nothing,+ destinationEncryptionAlgorithm = Prelude.Nothing,+ keyId = Prelude.Nothing,+ sourceEncryptionAlgorithm = Prelude.Nothing,+ sourceKeyId = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The reencrypted data. When you use the HTTP API or the Amazon Web+-- Services CLI, the value is Base64-encoded. Otherwise, it is not+-- Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+reEncryptResponse_ciphertextBlob :: Lens.Lens' ReEncryptResponse (Prelude.Maybe Prelude.ByteString)+reEncryptResponse_ciphertextBlob = Lens.lens (\ReEncryptResponse' {ciphertextBlob} -> ciphertextBlob) (\s@ReEncryptResponse' {} a -> s {ciphertextBlob = a} :: ReEncryptResponse) Prelude.. Lens.mapping Data._Base64++-- | The encryption algorithm that was used to reencrypt the data.+reEncryptResponse_destinationEncryptionAlgorithm :: Lens.Lens' ReEncryptResponse (Prelude.Maybe EncryptionAlgorithmSpec)+reEncryptResponse_destinationEncryptionAlgorithm = Lens.lens (\ReEncryptResponse' {destinationEncryptionAlgorithm} -> destinationEncryptionAlgorithm) (\s@ReEncryptResponse' {} a -> s {destinationEncryptionAlgorithm = a} :: ReEncryptResponse)++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key that was used to reencrypt the data.+reEncryptResponse_keyId :: Lens.Lens' ReEncryptResponse (Prelude.Maybe Prelude.Text)+reEncryptResponse_keyId = Lens.lens (\ReEncryptResponse' {keyId} -> keyId) (\s@ReEncryptResponse' {} a -> s {keyId = a} :: ReEncryptResponse)++-- | The encryption algorithm that was used to decrypt the ciphertext before+-- it was reencrypted.+reEncryptResponse_sourceEncryptionAlgorithm :: Lens.Lens' ReEncryptResponse (Prelude.Maybe EncryptionAlgorithmSpec)+reEncryptResponse_sourceEncryptionAlgorithm = Lens.lens (\ReEncryptResponse' {sourceEncryptionAlgorithm} -> sourceEncryptionAlgorithm) (\s@ReEncryptResponse' {} a -> s {sourceEncryptionAlgorithm = a} :: ReEncryptResponse)++-- | Unique identifier of the KMS key used to originally encrypt the data.+reEncryptResponse_sourceKeyId :: Lens.Lens' ReEncryptResponse (Prelude.Maybe Prelude.Text)+reEncryptResponse_sourceKeyId = Lens.lens (\ReEncryptResponse' {sourceKeyId} -> sourceKeyId) (\s@ReEncryptResponse' {} a -> s {sourceKeyId = a} :: ReEncryptResponse)++-- | The response's http status code.+reEncryptResponse_httpStatus :: Lens.Lens' ReEncryptResponse Prelude.Int+reEncryptResponse_httpStatus = Lens.lens (\ReEncryptResponse' {httpStatus} -> httpStatus) (\s@ReEncryptResponse' {} a -> s {httpStatus = a} :: ReEncryptResponse)++instance Prelude.NFData ReEncryptResponse where+ rnf ReEncryptResponse' {..} =+ Prelude.rnf ciphertextBlob+ `Prelude.seq` Prelude.rnf destinationEncryptionAlgorithm+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf sourceEncryptionAlgorithm+ `Prelude.seq` Prelude.rnf sourceKeyId+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/ReplicateKey.hs view
@@ -0,0 +1,784 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ReplicateKey+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Replicates a multi-Region key into the specified Region. This operation+-- creates a multi-Region replica key based on a multi-Region primary key+-- in a different Region of the same Amazon Web Services partition. You can+-- create multiple replicas of a primary key, but each must be in a+-- different Region. To create a multi-Region primary key, use the+-- CreateKey operation.+--+-- This operation supports /multi-Region keys/, an KMS feature that lets+-- you create multiple interoperable KMS keys in different Amazon Web+-- Services Regions. Because these KMS keys have the same key ID, key+-- material, and other metadata, you can use them interchangeably to+-- encrypt data in one Amazon Web Services Region and decrypt it in a+-- different Amazon Web Services Region without re-encrypting the data or+-- making a cross-Region call. For more information about multi-Region+-- keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- A /replica key/ is a fully-functional KMS key that can be used+-- independently of its primary and peer replica keys. A primary key and+-- its replica keys share properties that make them interoperable. They+-- have the same+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id key ID>+-- and key material. They also have the same+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec key spec>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage key usage>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin key material origin>,+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html automatic key rotation status>.+-- KMS automatically synchronizes these shared properties among related+-- multi-Region keys. All other properties of a replica key can differ,+-- including its+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html key policy>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html tags>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html aliases>,+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>.+-- KMS pricing and quotas for KMS keys apply to each primary key and+-- replica key.+--+-- When this operation completes, the new replica key has a transient key+-- state of @Creating@. This key state changes to @Enabled@ (or+-- @PendingImport@) after a few seconds when the process of creating the+-- new replica key is complete. While the key state is @Creating@, you can+-- manage key, but you cannot yet use it in cryptographic operations. If+-- you are creating and using the replica key programmatically, retry on+-- @KMSInvalidStateException@ or call @DescribeKey@ to check its @KeyState@+-- value before using it. For details about the @Creating@ key state, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- You cannot create more than one replica of a primary key in any Region.+-- If the Region already includes a replica of the key you\'re trying to+-- replicate, @ReplicateKey@ returns an @AlreadyExistsException@ error. If+-- the key state of the existing replica is @PendingDeletion@, you can+-- cancel the scheduled key deletion (CancelKeyDeletion) or wait for the+-- key to be deleted. The new replica key you create will have the same+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html#mrk-sync-properties shared properties>+-- as the original replica key.+--+-- The CloudTrail log of a @ReplicateKey@ operation records a+-- @ReplicateKey@ operation in the primary key\'s Region and a CreateKey+-- operation in the replica key\'s Region.+--+-- If you replicate a multi-Region primary key with imported key material,+-- the replica key is created with no key material. You must import the+-- same key material that you imported into the primary key. For details,+-- see+-- <kms/latest/developerguide/multi-region-keys-import.html Importing key material into multi-Region keys>+-- in the /Key Management Service Developer Guide/.+--+-- To convert a replica key to a primary key, use the UpdatePrimaryRegion+-- operation.+--+-- @ReplicateKey@ uses different default values for the @KeyPolicy@ and+-- @Tags@ parameters than those used in the KMS console. For details, see+-- the parameter descriptions.+--+-- __Cross-account use__: No. You cannot use this operation to create a+-- replica key in a different Amazon Web Services account.+--+-- __Required permissions__:+--+-- - @kms:ReplicateKey@ on the primary key (in the primary key\'s+-- Region). Include this permission in the primary key\'s key policy.+--+-- - @kms:CreateKey@ in an IAM policy in the replica Region.+--+-- - To use the @Tags@ parameter, @kms:TagResource@ in an IAM policy in+-- the replica Region.+--+-- __Related operations__+--+-- - CreateKey+--+-- - UpdatePrimaryRegion+module Amazonka.KMS.ReplicateKey+ ( -- * Creating a Request+ ReplicateKey (..),+ newReplicateKey,++ -- * Request Lenses+ replicateKey_bypassPolicyLockoutSafetyCheck,+ replicateKey_description,+ replicateKey_policy,+ replicateKey_tags,+ replicateKey_keyId,+ replicateKey_replicaRegion,++ -- * Destructuring the Response+ ReplicateKeyResponse (..),+ newReplicateKeyResponse,++ -- * Response Lenses+ replicateKeyResponse_replicaKeyMetadata,+ replicateKeyResponse_replicaPolicy,+ replicateKeyResponse_replicaTags,+ replicateKeyResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newReplicateKey' smart constructor.+data ReplicateKey = ReplicateKey'+ { -- | A flag to indicate whether to bypass the key policy lockout safety+ -- check.+ --+ -- Setting this value to true increases the risk that the KMS key becomes+ -- unmanageable. Do not set this value to true indiscriminately.+ --+ -- For more information, refer to the scenario in the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+ -- section in the /Key Management Service Developer Guide/.+ --+ -- Use this parameter only when you intend to prevent the principal that is+ -- making the request from making a subsequent @PutKeyPolicy@ request on+ -- the KMS key.+ --+ -- The default value is false.+ bypassPolicyLockoutSafetyCheck :: Prelude.Maybe Prelude.Bool,+ -- | A description of the KMS key. The default value is an empty string (no+ -- description).+ --+ -- The description is not a shared property of multi-Region keys. You can+ -- specify the same description or a different description for each key in+ -- a set of related multi-Region keys. KMS does not synchronize this+ -- property.+ description :: Prelude.Maybe Prelude.Text,+ -- | The key policy to attach to the KMS key. This parameter is optional. If+ -- you do not provide a key policy, KMS attaches the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default default key policy>+ -- to the KMS key.+ --+ -- The key policy is not a shared property of multi-Region keys. You can+ -- specify the same key policy or a different key policy for each key in a+ -- set of related multi-Region keys. KMS does not synchronize this+ -- property.+ --+ -- If you provide a key policy, it must meet the following criteria:+ --+ -- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key+ -- policy must give the caller @kms:PutKeyPolicy@ permission on the+ -- replica key. This reduces the risk that the KMS key becomes+ -- unmanageable. For more information, refer to the scenario in the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+ -- section of the //Key Management Service Developer Guide// .+ --+ -- - Each statement in the key policy must contain one or more+ -- principals. The principals in the key policy must exist and be+ -- visible to KMS. When you create a new Amazon Web Services principal+ -- (for example, an IAM user or role), you might need to enforce a+ -- delay before including the new principal in a key policy because the+ -- new principal might not be immediately visible to KMS. For more+ -- information, see+ -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible>+ -- in the //Identity and Access Management User Guide// .+ --+ -- A key policy document can include only the following characters:+ --+ -- - Printable ASCII characters from the space character (@\\u0020@)+ -- through the end of the ASCII character range.+ --+ -- - Printable characters in the Basic Latin and Latin-1 Supplement+ -- character set (through @\\u00FF@).+ --+ -- - The tab (@\\u0009@), line feed (@\\u000A@), and carriage return+ -- (@\\u000D@) special characters+ --+ -- For information about key policies, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html Key policies in KMS>+ -- in the /Key Management Service Developer Guide/. For help writing and+ -- formatting a JSON policy document, see the+ -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+ -- in the //Identity and Access Management User Guide// .+ policy :: Prelude.Maybe Prelude.Text,+ -- | Assigns one or more tags to the replica key. Use this parameter to tag+ -- the KMS key when it is created. To tag an existing KMS key, use the+ -- TagResource operation.+ --+ -- Tagging or untagging a KMS key can allow or deny permission to the KMS+ -- key. For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+ -- in the /Key Management Service Developer Guide/.+ --+ -- To use this parameter, you must have+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource>+ -- permission in an IAM policy.+ --+ -- Tags are not a shared property of multi-Region keys. You can specify the+ -- same tags or different tags for each key in a set of related+ -- multi-Region keys. KMS does not synchronize this property.+ --+ -- Each tag consists of a tag key and a tag value. Both the tag key and the+ -- tag value are required, but the tag value can be an empty (null) string.+ -- You cannot have more than one tag on a KMS key with the same tag key. If+ -- you specify an existing tag key with a different tag value, KMS replaces+ -- the current tag value with the specified one.+ --+ -- When you add tags to an Amazon Web Services resource, Amazon Web+ -- Services generates a cost allocation report with usage and costs+ -- aggregated by tags. Tags can also be used to control access to a KMS+ -- key. For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging Keys>.+ tags :: Prelude.Maybe [Tag],+ -- | Identifies the multi-Region primary key that is being replicated. To+ -- determine whether a KMS key is a multi-Region primary key, use the+ -- DescribeKey operation to check the value of the @MultiRegionKeyType@+ -- property.+ --+ -- Specify the key ID or key ARN of a multi-Region primary key.+ --+ -- For example:+ --+ -- - Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | The Region ID of the Amazon Web Services Region for this replica key.+ --+ -- Enter the Region ID, such as @us-east-1@ or @ap-southeast-2@. For a list+ -- of Amazon Web Services Regions in which KMS is supported, see+ -- <https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region KMS service endpoints>+ -- in the /Amazon Web Services General Reference/.+ --+ -- HMAC KMS keys are not supported in all Amazon Web Services Regions. If+ -- you try to replicate an HMAC KMS key in an Amazon Web Services Region in+ -- which HMAC keys are not supported, the @ReplicateKey@ operation returns+ -- an @UnsupportedOperationException@. For a list of Regions in which HMAC+ -- KMS keys are supported, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC keys in KMS>+ -- in the /Key Management Service Developer Guide/.+ --+ -- The replica must be in a different Amazon Web Services Region than its+ -- primary key and other replicas of that primary key, but in the same+ -- Amazon Web Services partition. KMS must be available in the replica+ -- Region. If the Region is not enabled by default, the Amazon Web Services+ -- account must be enabled in the Region. For information about Amazon Web+ -- Services partitions, see+ -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)>+ -- in the /Amazon Web Services General Reference/. For information about+ -- enabling and disabling Regions, see+ -- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable Enabling a Region>+ -- and+ -- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-disable Disabling a Region>+ -- in the /Amazon Web Services General Reference/.+ replicaRegion :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ReplicateKey' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'bypassPolicyLockoutSafetyCheck', 'replicateKey_bypassPolicyLockoutSafetyCheck' - A flag to indicate whether to bypass the key policy lockout safety+-- check.+--+-- Setting this value to true increases the risk that the KMS key becomes+-- unmanageable. Do not set this value to true indiscriminately.+--+-- For more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section in the /Key Management Service Developer Guide/.+--+-- Use this parameter only when you intend to prevent the principal that is+-- making the request from making a subsequent @PutKeyPolicy@ request on+-- the KMS key.+--+-- The default value is false.+--+-- 'description', 'replicateKey_description' - A description of the KMS key. The default value is an empty string (no+-- description).+--+-- The description is not a shared property of multi-Region keys. You can+-- specify the same description or a different description for each key in+-- a set of related multi-Region keys. KMS does not synchronize this+-- property.+--+-- 'policy', 'replicateKey_policy' - The key policy to attach to the KMS key. This parameter is optional. If+-- you do not provide a key policy, KMS attaches the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default default key policy>+-- to the KMS key.+--+-- The key policy is not a shared property of multi-Region keys. You can+-- specify the same key policy or a different key policy for each key in a+-- set of related multi-Region keys. KMS does not synchronize this+-- property.+--+-- If you provide a key policy, it must meet the following criteria:+--+-- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key+-- policy must give the caller @kms:PutKeyPolicy@ permission on the+-- replica key. This reduces the risk that the KMS key becomes+-- unmanageable. For more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section of the //Key Management Service Developer Guide// .+--+-- - Each statement in the key policy must contain one or more+-- principals. The principals in the key policy must exist and be+-- visible to KMS. When you create a new Amazon Web Services principal+-- (for example, an IAM user or role), you might need to enforce a+-- delay before including the new principal in a key policy because the+-- new principal might not be immediately visible to KMS. For more+-- information, see+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible>+-- in the //Identity and Access Management User Guide// .+--+-- A key policy document can include only the following characters:+--+-- - Printable ASCII characters from the space character (@\\u0020@)+-- through the end of the ASCII character range.+--+-- - Printable characters in the Basic Latin and Latin-1 Supplement+-- character set (through @\\u00FF@).+--+-- - The tab (@\\u0009@), line feed (@\\u000A@), and carriage return+-- (@\\u000D@) special characters+--+-- For information about key policies, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html Key policies in KMS>+-- in the /Key Management Service Developer Guide/. For help writing and+-- formatting a JSON policy document, see the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+-- in the //Identity and Access Management User Guide// .+--+-- 'tags', 'replicateKey_tags' - Assigns one or more tags to the replica key. Use this parameter to tag+-- the KMS key when it is created. To tag an existing KMS key, use the+-- TagResource operation.+--+-- Tagging or untagging a KMS key can allow or deny permission to the KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- To use this parameter, you must have+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource>+-- permission in an IAM policy.+--+-- Tags are not a shared property of multi-Region keys. You can specify the+-- same tags or different tags for each key in a set of related+-- multi-Region keys. KMS does not synchronize this property.+--+-- Each tag consists of a tag key and a tag value. Both the tag key and the+-- tag value are required, but the tag value can be an empty (null) string.+-- You cannot have more than one tag on a KMS key with the same tag key. If+-- you specify an existing tag key with a different tag value, KMS replaces+-- the current tag value with the specified one.+--+-- When you add tags to an Amazon Web Services resource, Amazon Web+-- Services generates a cost allocation report with usage and costs+-- aggregated by tags. Tags can also be used to control access to a KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging Keys>.+--+-- 'keyId', 'replicateKey_keyId' - Identifies the multi-Region primary key that is being replicated. To+-- determine whether a KMS key is a multi-Region primary key, use the+-- DescribeKey operation to check the value of the @MultiRegionKeyType@+-- property.+--+-- Specify the key ID or key ARN of a multi-Region primary key.+--+-- For example:+--+-- - Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'replicaRegion', 'replicateKey_replicaRegion' - The Region ID of the Amazon Web Services Region for this replica key.+--+-- Enter the Region ID, such as @us-east-1@ or @ap-southeast-2@. For a list+-- of Amazon Web Services Regions in which KMS is supported, see+-- <https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region KMS service endpoints>+-- in the /Amazon Web Services General Reference/.+--+-- HMAC KMS keys are not supported in all Amazon Web Services Regions. If+-- you try to replicate an HMAC KMS key in an Amazon Web Services Region in+-- which HMAC keys are not supported, the @ReplicateKey@ operation returns+-- an @UnsupportedOperationException@. For a list of Regions in which HMAC+-- KMS keys are supported, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- The replica must be in a different Amazon Web Services Region than its+-- primary key and other replicas of that primary key, but in the same+-- Amazon Web Services partition. KMS must be available in the replica+-- Region. If the Region is not enabled by default, the Amazon Web Services+-- account must be enabled in the Region. For information about Amazon Web+-- Services partitions, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)>+-- in the /Amazon Web Services General Reference/. For information about+-- enabling and disabling Regions, see+-- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable Enabling a Region>+-- and+-- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-disable Disabling a Region>+-- in the /Amazon Web Services General Reference/.+newReplicateKey ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'replicaRegion'+ Prelude.Text ->+ ReplicateKey+newReplicateKey pKeyId_ pReplicaRegion_ =+ ReplicateKey'+ { bypassPolicyLockoutSafetyCheck =+ Prelude.Nothing,+ description = Prelude.Nothing,+ policy = Prelude.Nothing,+ tags = Prelude.Nothing,+ keyId = pKeyId_,+ replicaRegion = pReplicaRegion_+ }++-- | A flag to indicate whether to bypass the key policy lockout safety+-- check.+--+-- Setting this value to true increases the risk that the KMS key becomes+-- unmanageable. Do not set this value to true indiscriminately.+--+-- For more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section in the /Key Management Service Developer Guide/.+--+-- Use this parameter only when you intend to prevent the principal that is+-- making the request from making a subsequent @PutKeyPolicy@ request on+-- the KMS key.+--+-- The default value is false.+replicateKey_bypassPolicyLockoutSafetyCheck :: Lens.Lens' ReplicateKey (Prelude.Maybe Prelude.Bool)+replicateKey_bypassPolicyLockoutSafetyCheck = Lens.lens (\ReplicateKey' {bypassPolicyLockoutSafetyCheck} -> bypassPolicyLockoutSafetyCheck) (\s@ReplicateKey' {} a -> s {bypassPolicyLockoutSafetyCheck = a} :: ReplicateKey)++-- | A description of the KMS key. The default value is an empty string (no+-- description).+--+-- The description is not a shared property of multi-Region keys. You can+-- specify the same description or a different description for each key in+-- a set of related multi-Region keys. KMS does not synchronize this+-- property.+replicateKey_description :: Lens.Lens' ReplicateKey (Prelude.Maybe Prelude.Text)+replicateKey_description = Lens.lens (\ReplicateKey' {description} -> description) (\s@ReplicateKey' {} a -> s {description = a} :: ReplicateKey)++-- | The key policy to attach to the KMS key. This parameter is optional. If+-- you do not provide a key policy, KMS attaches the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default default key policy>+-- to the KMS key.+--+-- The key policy is not a shared property of multi-Region keys. You can+-- specify the same key policy or a different key policy for each key in a+-- set of related multi-Region keys. KMS does not synchronize this+-- property.+--+-- If you provide a key policy, it must meet the following criteria:+--+-- - If you don\'t set @BypassPolicyLockoutSafetyCheck@ to true, the key+-- policy must give the caller @kms:PutKeyPolicy@ permission on the+-- replica key. This reduces the risk that the KMS key becomes+-- unmanageable. For more information, refer to the scenario in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy>+-- section of the //Key Management Service Developer Guide// .+--+-- - Each statement in the key policy must contain one or more+-- principals. The principals in the key policy must exist and be+-- visible to KMS. When you create a new Amazon Web Services principal+-- (for example, an IAM user or role), you might need to enforce a+-- delay before including the new principal in a key policy because the+-- new principal might not be immediately visible to KMS. For more+-- information, see+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible>+-- in the //Identity and Access Management User Guide// .+--+-- A key policy document can include only the following characters:+--+-- - Printable ASCII characters from the space character (@\\u0020@)+-- through the end of the ASCII character range.+--+-- - Printable characters in the Basic Latin and Latin-1 Supplement+-- character set (through @\\u00FF@).+--+-- - The tab (@\\u0009@), line feed (@\\u000A@), and carriage return+-- (@\\u000D@) special characters+--+-- For information about key policies, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html Key policies in KMS>+-- in the /Key Management Service Developer Guide/. For help writing and+-- formatting a JSON policy document, see the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html IAM JSON Policy Reference>+-- in the //Identity and Access Management User Guide// .+replicateKey_policy :: Lens.Lens' ReplicateKey (Prelude.Maybe Prelude.Text)+replicateKey_policy = Lens.lens (\ReplicateKey' {policy} -> policy) (\s@ReplicateKey' {} a -> s {policy = a} :: ReplicateKey)++-- | Assigns one or more tags to the replica key. Use this parameter to tag+-- the KMS key when it is created. To tag an existing KMS key, use the+-- TagResource operation.+--+-- Tagging or untagging a KMS key can allow or deny permission to the KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- To use this parameter, you must have+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource>+-- permission in an IAM policy.+--+-- Tags are not a shared property of multi-Region keys. You can specify the+-- same tags or different tags for each key in a set of related+-- multi-Region keys. KMS does not synchronize this property.+--+-- Each tag consists of a tag key and a tag value. Both the tag key and the+-- tag value are required, but the tag value can be an empty (null) string.+-- You cannot have more than one tag on a KMS key with the same tag key. If+-- you specify an existing tag key with a different tag value, KMS replaces+-- the current tag value with the specified one.+--+-- When you add tags to an Amazon Web Services resource, Amazon Web+-- Services generates a cost allocation report with usage and costs+-- aggregated by tags. Tags can also be used to control access to a KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging Keys>.+replicateKey_tags :: Lens.Lens' ReplicateKey (Prelude.Maybe [Tag])+replicateKey_tags = Lens.lens (\ReplicateKey' {tags} -> tags) (\s@ReplicateKey' {} a -> s {tags = a} :: ReplicateKey) Prelude.. Lens.mapping Lens.coerced++-- | Identifies the multi-Region primary key that is being replicated. To+-- determine whether a KMS key is a multi-Region primary key, use the+-- DescribeKey operation to check the value of the @MultiRegionKeyType@+-- property.+--+-- Specify the key ID or key ARN of a multi-Region primary key.+--+-- For example:+--+-- - Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+replicateKey_keyId :: Lens.Lens' ReplicateKey Prelude.Text+replicateKey_keyId = Lens.lens (\ReplicateKey' {keyId} -> keyId) (\s@ReplicateKey' {} a -> s {keyId = a} :: ReplicateKey)++-- | The Region ID of the Amazon Web Services Region for this replica key.+--+-- Enter the Region ID, such as @us-east-1@ or @ap-southeast-2@. For a list+-- of Amazon Web Services Regions in which KMS is supported, see+-- <https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region KMS service endpoints>+-- in the /Amazon Web Services General Reference/.+--+-- HMAC KMS keys are not supported in all Amazon Web Services Regions. If+-- you try to replicate an HMAC KMS key in an Amazon Web Services Region in+-- which HMAC keys are not supported, the @ReplicateKey@ operation returns+-- an @UnsupportedOperationException@. For a list of Regions in which HMAC+-- KMS keys are supported, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- The replica must be in a different Amazon Web Services Region than its+-- primary key and other replicas of that primary key, but in the same+-- Amazon Web Services partition. KMS must be available in the replica+-- Region. If the Region is not enabled by default, the Amazon Web Services+-- account must be enabled in the Region. For information about Amazon Web+-- Services partitions, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)>+-- in the /Amazon Web Services General Reference/. For information about+-- enabling and disabling Regions, see+-- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-enable Enabling a Region>+-- and+-- <https://docs.aws.amazon.com/general/latest/gr/rande-manage.html#rande-manage-disable Disabling a Region>+-- in the /Amazon Web Services General Reference/.+replicateKey_replicaRegion :: Lens.Lens' ReplicateKey Prelude.Text+replicateKey_replicaRegion = Lens.lens (\ReplicateKey' {replicaRegion} -> replicaRegion) (\s@ReplicateKey' {} a -> s {replicaRegion = a} :: ReplicateKey)++instance Core.AWSRequest ReplicateKey where+ type AWSResponse ReplicateKey = ReplicateKeyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ ReplicateKeyResponse'+ Prelude.<$> (x Data..?> "ReplicaKeyMetadata")+ Prelude.<*> (x Data..?> "ReplicaPolicy")+ Prelude.<*> (x Data..?> "ReplicaTags" Core..!@ Prelude.mempty)+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable ReplicateKey where+ hashWithSalt _salt ReplicateKey' {..} =+ _salt+ `Prelude.hashWithSalt` bypassPolicyLockoutSafetyCheck+ `Prelude.hashWithSalt` description+ `Prelude.hashWithSalt` policy+ `Prelude.hashWithSalt` tags+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` replicaRegion++instance Prelude.NFData ReplicateKey where+ rnf ReplicateKey' {..} =+ Prelude.rnf bypassPolicyLockoutSafetyCheck+ `Prelude.seq` Prelude.rnf description+ `Prelude.seq` Prelude.rnf policy+ `Prelude.seq` Prelude.rnf tags+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf replicaRegion++instance Data.ToHeaders ReplicateKey where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.ReplicateKey" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ReplicateKey where+ toJSON ReplicateKey' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("BypassPolicyLockoutSafetyCheck" Data..=)+ Prelude.<$> bypassPolicyLockoutSafetyCheck,+ ("Description" Data..=) Prelude.<$> description,+ ("Policy" Data..=) Prelude.<$> policy,+ ("Tags" Data..=) Prelude.<$> tags,+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just+ ("ReplicaRegion" Data..= replicaRegion)+ ]+ )++instance Data.ToPath ReplicateKey where+ toPath = Prelude.const "/"++instance Data.ToQuery ReplicateKey where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newReplicateKeyResponse' smart constructor.+data ReplicateKeyResponse = ReplicateKeyResponse'+ { -- | Displays details about the new replica key, including its Amazon+ -- Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>.+ -- It also includes the ARN and Amazon Web Services Region of its primary+ -- key and other replica keys.+ replicaKeyMetadata :: Prelude.Maybe KeyMetadata,+ -- | The key policy of the new replica key. The value is a key policy+ -- document in JSON format.+ replicaPolicy :: Prelude.Maybe Prelude.Text,+ -- | The tags on the new replica key. The value is a list of tag key and tag+ -- value pairs.+ replicaTags :: Prelude.Maybe [Tag],+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ReplicateKeyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'replicaKeyMetadata', 'replicateKeyResponse_replicaKeyMetadata' - Displays details about the new replica key, including its Amazon+-- Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>.+-- It also includes the ARN and Amazon Web Services Region of its primary+-- key and other replica keys.+--+-- 'replicaPolicy', 'replicateKeyResponse_replicaPolicy' - The key policy of the new replica key. The value is a key policy+-- document in JSON format.+--+-- 'replicaTags', 'replicateKeyResponse_replicaTags' - The tags on the new replica key. The value is a list of tag key and tag+-- value pairs.+--+-- 'httpStatus', 'replicateKeyResponse_httpStatus' - The response's http status code.+newReplicateKeyResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ ReplicateKeyResponse+newReplicateKeyResponse pHttpStatus_ =+ ReplicateKeyResponse'+ { replicaKeyMetadata =+ Prelude.Nothing,+ replicaPolicy = Prelude.Nothing,+ replicaTags = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | Displays details about the new replica key, including its Amazon+-- Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>.+-- It also includes the ARN and Amazon Web Services Region of its primary+-- key and other replica keys.+replicateKeyResponse_replicaKeyMetadata :: Lens.Lens' ReplicateKeyResponse (Prelude.Maybe KeyMetadata)+replicateKeyResponse_replicaKeyMetadata = Lens.lens (\ReplicateKeyResponse' {replicaKeyMetadata} -> replicaKeyMetadata) (\s@ReplicateKeyResponse' {} a -> s {replicaKeyMetadata = a} :: ReplicateKeyResponse)++-- | The key policy of the new replica key. The value is a key policy+-- document in JSON format.+replicateKeyResponse_replicaPolicy :: Lens.Lens' ReplicateKeyResponse (Prelude.Maybe Prelude.Text)+replicateKeyResponse_replicaPolicy = Lens.lens (\ReplicateKeyResponse' {replicaPolicy} -> replicaPolicy) (\s@ReplicateKeyResponse' {} a -> s {replicaPolicy = a} :: ReplicateKeyResponse)++-- | The tags on the new replica key. The value is a list of tag key and tag+-- value pairs.+replicateKeyResponse_replicaTags :: Lens.Lens' ReplicateKeyResponse (Prelude.Maybe [Tag])+replicateKeyResponse_replicaTags = Lens.lens (\ReplicateKeyResponse' {replicaTags} -> replicaTags) (\s@ReplicateKeyResponse' {} a -> s {replicaTags = a} :: ReplicateKeyResponse) Prelude.. Lens.mapping Lens.coerced++-- | The response's http status code.+replicateKeyResponse_httpStatus :: Lens.Lens' ReplicateKeyResponse Prelude.Int+replicateKeyResponse_httpStatus = Lens.lens (\ReplicateKeyResponse' {httpStatus} -> httpStatus) (\s@ReplicateKeyResponse' {} a -> s {httpStatus = a} :: ReplicateKeyResponse)++instance Prelude.NFData ReplicateKeyResponse where+ rnf ReplicateKeyResponse' {..} =+ Prelude.rnf replicaKeyMetadata+ `Prelude.seq` Prelude.rnf replicaPolicy+ `Prelude.seq` Prelude.rnf replicaTags+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/RetireGrant.hs view
@@ -0,0 +1,237 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.RetireGrant+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes a grant. Typically, you retire a grant when you no longer need+-- its permissions. To identify the grant to retire, use a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token grant token>,+-- or both the grant ID and a key identifier (key ID or key ARN) of the KMS+-- key. The CreateGrant operation returns both values.+--+-- This operation can be called by the /retiring principal/ for a grant, by+-- the /grantee principal/ if the grant allows the @RetireGrant@ operation,+-- and by the Amazon Web Services account in which the grant is created. It+-- can also be called by principals to whom permission for retiring a grant+-- is delegated. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete Retiring and revoking grants>+-- in the /Key Management Service Developer Guide/.+--+-- For detailed information about grants, including grant terminology, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants in KMS>+-- in the //Key Management Service Developer Guide// . For examples of+-- working with grants in several programming languages, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.+--+-- __Cross-account use__: Yes. You can retire a grant on a KMS key in a+-- different Amazon Web Services account.+--+-- __Required permissions:__:Permission to retire a grant is determined+-- primarily by the grant. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#grant-delete Retiring and revoking grants>+-- in the /Key Management Service Developer Guide/.+--+-- __Related operations:__+--+-- - CreateGrant+--+-- - ListGrants+--+-- - ListRetirableGrants+--+-- - RevokeGrant+module Amazonka.KMS.RetireGrant+ ( -- * Creating a Request+ RetireGrant (..),+ newRetireGrant,++ -- * Request Lenses+ retireGrant_grantId,+ retireGrant_grantToken,+ retireGrant_keyId,++ -- * Destructuring the Response+ RetireGrantResponse (..),+ newRetireGrantResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newRetireGrant' smart constructor.+data RetireGrant = RetireGrant'+ { -- | Identifies the grant to retire. To get the grant ID, use CreateGrant,+ -- ListGrants, or ListRetirableGrants.+ --+ -- - Grant ID Example -+ -- 0123456789012345678901234567890123456789012345678901234567890123+ grantId :: Prelude.Maybe Prelude.Text,+ -- | Identifies the grant to be retired. You can use a grant token to+ -- identify a new grant even before it has achieved eventual consistency.+ --+ -- Only the CreateGrant operation returns a grant token. For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency Eventual consistency>+ -- in the /Key Management Service Developer Guide/.+ grantToken :: Prelude.Maybe Prelude.Text,+ -- | The key ARN KMS key associated with the grant. To find the key ARN, use+ -- the ListKeys operation.+ --+ -- For example:+ -- @arn:aws:kms:us-east-2:444455556666:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ keyId :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RetireGrant' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grantId', 'retireGrant_grantId' - Identifies the grant to retire. To get the grant ID, use CreateGrant,+-- ListGrants, or ListRetirableGrants.+--+-- - Grant ID Example -+-- 0123456789012345678901234567890123456789012345678901234567890123+--+-- 'grantToken', 'retireGrant_grantToken' - Identifies the grant to be retired. You can use a grant token to+-- identify a new grant even before it has achieved eventual consistency.+--+-- Only the CreateGrant operation returns a grant token. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency Eventual consistency>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyId', 'retireGrant_keyId' - The key ARN KMS key associated with the grant. To find the key ARN, use+-- the ListKeys operation.+--+-- For example:+-- @arn:aws:kms:us-east-2:444455556666:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+newRetireGrant ::+ RetireGrant+newRetireGrant =+ RetireGrant'+ { grantId = Prelude.Nothing,+ grantToken = Prelude.Nothing,+ keyId = Prelude.Nothing+ }++-- | Identifies the grant to retire. To get the grant ID, use CreateGrant,+-- ListGrants, or ListRetirableGrants.+--+-- - Grant ID Example -+-- 0123456789012345678901234567890123456789012345678901234567890123+retireGrant_grantId :: Lens.Lens' RetireGrant (Prelude.Maybe Prelude.Text)+retireGrant_grantId = Lens.lens (\RetireGrant' {grantId} -> grantId) (\s@RetireGrant' {} a -> s {grantId = a} :: RetireGrant)++-- | Identifies the grant to be retired. You can use a grant token to+-- identify a new grant even before it has achieved eventual consistency.+--+-- Only the CreateGrant operation returns a grant token. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency Eventual consistency>+-- in the /Key Management Service Developer Guide/.+retireGrant_grantToken :: Lens.Lens' RetireGrant (Prelude.Maybe Prelude.Text)+retireGrant_grantToken = Lens.lens (\RetireGrant' {grantToken} -> grantToken) (\s@RetireGrant' {} a -> s {grantToken = a} :: RetireGrant)++-- | The key ARN KMS key associated with the grant. To find the key ARN, use+-- the ListKeys operation.+--+-- For example:+-- @arn:aws:kms:us-east-2:444455556666:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+retireGrant_keyId :: Lens.Lens' RetireGrant (Prelude.Maybe Prelude.Text)+retireGrant_keyId = Lens.lens (\RetireGrant' {keyId} -> keyId) (\s@RetireGrant' {} a -> s {keyId = a} :: RetireGrant)++instance Core.AWSRequest RetireGrant where+ type AWSResponse RetireGrant = RetireGrantResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response = Response.receiveNull RetireGrantResponse'++instance Prelude.Hashable RetireGrant where+ hashWithSalt _salt RetireGrant' {..} =+ _salt+ `Prelude.hashWithSalt` grantId+ `Prelude.hashWithSalt` grantToken+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData RetireGrant where+ rnf RetireGrant' {..} =+ Prelude.rnf grantId+ `Prelude.seq` Prelude.rnf grantToken+ `Prelude.seq` Prelude.rnf keyId++instance Data.ToHeaders RetireGrant where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.RetireGrant" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON RetireGrant where+ toJSON RetireGrant' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("GrantId" Data..=) Prelude.<$> grantId,+ ("GrantToken" Data..=) Prelude.<$> grantToken,+ ("KeyId" Data..=) Prelude.<$> keyId+ ]+ )++instance Data.ToPath RetireGrant where+ toPath = Prelude.const "/"++instance Data.ToQuery RetireGrant where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newRetireGrantResponse' smart constructor.+data RetireGrantResponse = RetireGrantResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RetireGrantResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newRetireGrantResponse ::+ RetireGrantResponse+newRetireGrantResponse = RetireGrantResponse'++instance Prelude.NFData RetireGrantResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/RevokeGrant.hs view
@@ -0,0 +1,222 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.RevokeGrant+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes the specified grant. You revoke a grant to terminate the+-- permissions that the grant allows. For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/managing-grants.html#grant-delete Retiring and revoking grants>+-- in the //Key Management Service Developer Guide// .+--+-- When you create, retire, or revoke a grant, there might be a brief+-- delay, usually less than five minutes, until the grant is available+-- throughout KMS. This state is known as /eventual consistency/. For+-- details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#terms-eventual-consistency Eventual consistency>+-- in the //Key Management Service Developer Guide// .+--+-- For detailed information about grants, including grant terminology, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants in KMS>+-- in the //Key Management Service Developer Guide// . For examples of+-- working with grants in several programming languages, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/programming-grants.html Programming grants>.+--+-- __Cross-account use__: Yes. To perform this operation on a KMS key in a+-- different Amazon Web Services account, specify the key ARN in the value+-- of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:RevokeGrant>+-- (key policy).+--+-- __Related operations:__+--+-- - CreateGrant+--+-- - ListGrants+--+-- - ListRetirableGrants+--+-- - RetireGrant+module Amazonka.KMS.RevokeGrant+ ( -- * Creating a Request+ RevokeGrant (..),+ newRevokeGrant,++ -- * Request Lenses+ revokeGrant_keyId,+ revokeGrant_grantId,++ -- * Destructuring the Response+ RevokeGrantResponse (..),+ newRevokeGrantResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newRevokeGrant' smart constructor.+data RevokeGrant = RevokeGrant'+ { -- | A unique identifier for the KMS key associated with the grant. To get+ -- the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.+ --+ -- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+ -- different Amazon Web Services account, you must use the key ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | Identifies the grant to revoke. To get the grant ID, use CreateGrant,+ -- ListGrants, or ListRetirableGrants.+ grantId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RevokeGrant' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'revokeGrant_keyId' - A unique identifier for the KMS key associated with the grant. To get+-- the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.+--+-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+-- different Amazon Web Services account, you must use the key ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'grantId', 'revokeGrant_grantId' - Identifies the grant to revoke. To get the grant ID, use CreateGrant,+-- ListGrants, or ListRetirableGrants.+newRevokeGrant ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'grantId'+ Prelude.Text ->+ RevokeGrant+newRevokeGrant pKeyId_ pGrantId_ =+ RevokeGrant' {keyId = pKeyId_, grantId = pGrantId_}++-- | A unique identifier for the KMS key associated with the grant. To get+-- the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.+--+-- Specify the key ID or key ARN of the KMS key. To specify a KMS key in a+-- different Amazon Web Services account, you must use the key ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+revokeGrant_keyId :: Lens.Lens' RevokeGrant Prelude.Text+revokeGrant_keyId = Lens.lens (\RevokeGrant' {keyId} -> keyId) (\s@RevokeGrant' {} a -> s {keyId = a} :: RevokeGrant)++-- | Identifies the grant to revoke. To get the grant ID, use CreateGrant,+-- ListGrants, or ListRetirableGrants.+revokeGrant_grantId :: Lens.Lens' RevokeGrant Prelude.Text+revokeGrant_grantId = Lens.lens (\RevokeGrant' {grantId} -> grantId) (\s@RevokeGrant' {} a -> s {grantId = a} :: RevokeGrant)++instance Core.AWSRequest RevokeGrant where+ type AWSResponse RevokeGrant = RevokeGrantResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response = Response.receiveNull RevokeGrantResponse'++instance Prelude.Hashable RevokeGrant where+ hashWithSalt _salt RevokeGrant' {..} =+ _salt+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` grantId++instance Prelude.NFData RevokeGrant where+ rnf RevokeGrant' {..} =+ Prelude.rnf keyId `Prelude.seq` Prelude.rnf grantId++instance Data.ToHeaders RevokeGrant where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.RevokeGrant" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON RevokeGrant where+ toJSON RevokeGrant' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("GrantId" Data..= grantId)+ ]+ )++instance Data.ToPath RevokeGrant where+ toPath = Prelude.const "/"++instance Data.ToQuery RevokeGrant where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newRevokeGrantResponse' smart constructor.+data RevokeGrantResponse = RevokeGrantResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'RevokeGrantResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newRevokeGrantResponse ::+ RevokeGrantResponse+newRevokeGrantResponse = RevokeGrantResponse'++instance Prelude.NFData RevokeGrantResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/ScheduleKeyDeletion.hs view
@@ -0,0 +1,388 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.ScheduleKeyDeletion+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Schedules the deletion of a KMS key. By default, KMS applies a waiting+-- period of 30 days, but you can specify a waiting period of 7-30 days.+-- When this operation is successful, the key state of the KMS key changes+-- to @PendingDeletion@ and the key can\'t be used in any cryptographic+-- operations. It remains in this state for the duration of the waiting+-- period. Before the waiting period ends, you can use CancelKeyDeletion to+-- cancel the deletion of the KMS key. After the waiting period ends, KMS+-- deletes the KMS key, its key material, and all KMS data associated with+-- it, including all aliases that refer to it.+--+-- Deleting a KMS key is a destructive and potentially dangerous operation.+-- When a KMS key is deleted, all data that was encrypted under the KMS key+-- is unrecoverable. (The only exception is a multi-Region replica key.) To+-- prevent the use of a KMS key without deleting it, use DisableKey.+--+-- You can schedule the deletion of a multi-Region primary key and its+-- replica keys at any time. However, KMS will not delete a multi-Region+-- primary key with existing replica keys. If you schedule the deletion of+-- a primary key with replicas, its key state changes to+-- @PendingReplicaDeletion@ and it cannot be replicated or used in+-- cryptographic operations. This status can continue indefinitely. When+-- the last of its replicas keys is deleted (not just scheduled), the key+-- state of the primary key changes to @PendingDeletion@ and its waiting+-- period (@PendingWindowInDays@) begins. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-delete.html Deleting multi-Region keys>+-- in the /Key Management Service Developer Guide/.+--+-- When KMS+-- <https://docs.aws.amazon.com/kms/latest/developerguide/delete-cmk-keystore.html deletes a KMS key from an CloudHSM key store>,+-- it makes a best effort to delete the associated key material from the+-- associated CloudHSM cluster. However, you might need to manually+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-orphaned-key delete the orphaned key material>+-- from the cluster and its backups.+-- <https://docs.aws.amazon.com/kms/latest/developerguide/delete-xks-key.html Deleting a KMS key from an external key store>+-- has no effect on the associated external key. However, for both types of+-- custom key stores, deleting a KMS key is destructive and irreversible.+-- You cannot decrypt ciphertext encrypted under the KMS key by using only+-- its associated external key or CloudHSM key. Also, you cannot recreate a+-- KMS key in an external key store by creating a new KMS key with the same+-- key material.+--+-- For more information about scheduling a KMS key for deletion, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html Deleting KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__: kms:ScheduleKeyDeletion (key policy)+--+-- __Related operations__+--+-- - CancelKeyDeletion+--+-- - DisableKey+module Amazonka.KMS.ScheduleKeyDeletion+ ( -- * Creating a Request+ ScheduleKeyDeletion (..),+ newScheduleKeyDeletion,++ -- * Request Lenses+ scheduleKeyDeletion_pendingWindowInDays,+ scheduleKeyDeletion_keyId,++ -- * Destructuring the Response+ ScheduleKeyDeletionResponse (..),+ newScheduleKeyDeletionResponse,++ -- * Response Lenses+ scheduleKeyDeletionResponse_deletionDate,+ scheduleKeyDeletionResponse_keyId,+ scheduleKeyDeletionResponse_keyState,+ scheduleKeyDeletionResponse_pendingWindowInDays,+ scheduleKeyDeletionResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newScheduleKeyDeletion' smart constructor.+data ScheduleKeyDeletion = ScheduleKeyDeletion'+ { -- | The waiting period, specified in number of days. After the waiting+ -- period ends, KMS deletes the KMS key.+ --+ -- If the KMS key is a multi-Region primary key with replica keys, the+ -- waiting period begins when the last of its replica keys is deleted.+ -- Otherwise, the waiting period begins immediately.+ --+ -- This value is optional. If you include a value, it must be between 7 and+ -- 30, inclusive. If you do not include a value, it defaults to 30.+ pendingWindowInDays :: Prelude.Maybe Prelude.Natural,+ -- | The unique identifier of the KMS key to delete.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ScheduleKeyDeletion' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'pendingWindowInDays', 'scheduleKeyDeletion_pendingWindowInDays' - The waiting period, specified in number of days. After the waiting+-- period ends, KMS deletes the KMS key.+--+-- If the KMS key is a multi-Region primary key with replica keys, the+-- waiting period begins when the last of its replica keys is deleted.+-- Otherwise, the waiting period begins immediately.+--+-- This value is optional. If you include a value, it must be between 7 and+-- 30, inclusive. If you do not include a value, it defaults to 30.+--+-- 'keyId', 'scheduleKeyDeletion_keyId' - The unique identifier of the KMS key to delete.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+newScheduleKeyDeletion ::+ -- | 'keyId'+ Prelude.Text ->+ ScheduleKeyDeletion+newScheduleKeyDeletion pKeyId_ =+ ScheduleKeyDeletion'+ { pendingWindowInDays =+ Prelude.Nothing,+ keyId = pKeyId_+ }++-- | The waiting period, specified in number of days. After the waiting+-- period ends, KMS deletes the KMS key.+--+-- If the KMS key is a multi-Region primary key with replica keys, the+-- waiting period begins when the last of its replica keys is deleted.+-- Otherwise, the waiting period begins immediately.+--+-- This value is optional. If you include a value, it must be between 7 and+-- 30, inclusive. If you do not include a value, it defaults to 30.+scheduleKeyDeletion_pendingWindowInDays :: Lens.Lens' ScheduleKeyDeletion (Prelude.Maybe Prelude.Natural)+scheduleKeyDeletion_pendingWindowInDays = Lens.lens (\ScheduleKeyDeletion' {pendingWindowInDays} -> pendingWindowInDays) (\s@ScheduleKeyDeletion' {} a -> s {pendingWindowInDays = a} :: ScheduleKeyDeletion)++-- | The unique identifier of the KMS key to delete.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+scheduleKeyDeletion_keyId :: Lens.Lens' ScheduleKeyDeletion Prelude.Text+scheduleKeyDeletion_keyId = Lens.lens (\ScheduleKeyDeletion' {keyId} -> keyId) (\s@ScheduleKeyDeletion' {} a -> s {keyId = a} :: ScheduleKeyDeletion)++instance Core.AWSRequest ScheduleKeyDeletion where+ type+ AWSResponse ScheduleKeyDeletion =+ ScheduleKeyDeletionResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ ScheduleKeyDeletionResponse'+ Prelude.<$> (x Data..?> "DeletionDate")+ Prelude.<*> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "KeyState")+ Prelude.<*> (x Data..?> "PendingWindowInDays")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable ScheduleKeyDeletion where+ hashWithSalt _salt ScheduleKeyDeletion' {..} =+ _salt+ `Prelude.hashWithSalt` pendingWindowInDays+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData ScheduleKeyDeletion where+ rnf ScheduleKeyDeletion' {..} =+ Prelude.rnf pendingWindowInDays+ `Prelude.seq` Prelude.rnf keyId++instance Data.ToHeaders ScheduleKeyDeletion where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.ScheduleKeyDeletion" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON ScheduleKeyDeletion where+ toJSON ScheduleKeyDeletion' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("PendingWindowInDays" Data..=)+ Prelude.<$> pendingWindowInDays,+ Prelude.Just ("KeyId" Data..= keyId)+ ]+ )++instance Data.ToPath ScheduleKeyDeletion where+ toPath = Prelude.const "/"++instance Data.ToQuery ScheduleKeyDeletion where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newScheduleKeyDeletionResponse' smart constructor.+data ScheduleKeyDeletionResponse = ScheduleKeyDeletionResponse'+ { -- | The date and time after which KMS deletes the KMS key.+ --+ -- If the KMS key is a multi-Region primary key with replica keys, this+ -- field does not appear. The deletion date for the primary key isn\'t+ -- known until its last replica key is deleted.+ deletionDate :: Prelude.Maybe Data.POSIX,+ -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the KMS key whose deletion is scheduled.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The current status of the KMS key.+ --+ -- For more information about how key state affects the use of a KMS key,+ -- see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+ -- in the /Key Management Service Developer Guide/.+ keyState :: Prelude.Maybe KeyState,+ -- | The waiting period before the KMS key is deleted.+ --+ -- If the KMS key is a multi-Region primary key with replicas, the waiting+ -- period begins when the last of its replica keys is deleted. Otherwise,+ -- the waiting period begins immediately.+ pendingWindowInDays :: Prelude.Maybe Prelude.Natural,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ScheduleKeyDeletionResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'deletionDate', 'scheduleKeyDeletionResponse_deletionDate' - The date and time after which KMS deletes the KMS key.+--+-- If the KMS key is a multi-Region primary key with replica keys, this+-- field does not appear. The deletion date for the primary key isn\'t+-- known until its last replica key is deleted.+--+-- 'keyId', 'scheduleKeyDeletionResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key whose deletion is scheduled.+--+-- 'keyState', 'scheduleKeyDeletionResponse_keyState' - The current status of the KMS key.+--+-- For more information about how key state affects the use of a KMS key,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- 'pendingWindowInDays', 'scheduleKeyDeletionResponse_pendingWindowInDays' - The waiting period before the KMS key is deleted.+--+-- If the KMS key is a multi-Region primary key with replicas, the waiting+-- period begins when the last of its replica keys is deleted. Otherwise,+-- the waiting period begins immediately.+--+-- 'httpStatus', 'scheduleKeyDeletionResponse_httpStatus' - The response's http status code.+newScheduleKeyDeletionResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ ScheduleKeyDeletionResponse+newScheduleKeyDeletionResponse pHttpStatus_ =+ ScheduleKeyDeletionResponse'+ { deletionDate =+ Prelude.Nothing,+ keyId = Prelude.Nothing,+ keyState = Prelude.Nothing,+ pendingWindowInDays = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The date and time after which KMS deletes the KMS key.+--+-- If the KMS key is a multi-Region primary key with replica keys, this+-- field does not appear. The deletion date for the primary key isn\'t+-- known until its last replica key is deleted.+scheduleKeyDeletionResponse_deletionDate :: Lens.Lens' ScheduleKeyDeletionResponse (Prelude.Maybe Prelude.UTCTime)+scheduleKeyDeletionResponse_deletionDate = Lens.lens (\ScheduleKeyDeletionResponse' {deletionDate} -> deletionDate) (\s@ScheduleKeyDeletionResponse' {} a -> s {deletionDate = a} :: ScheduleKeyDeletionResponse) Prelude.. Lens.mapping Data._Time++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the KMS key whose deletion is scheduled.+scheduleKeyDeletionResponse_keyId :: Lens.Lens' ScheduleKeyDeletionResponse (Prelude.Maybe Prelude.Text)+scheduleKeyDeletionResponse_keyId = Lens.lens (\ScheduleKeyDeletionResponse' {keyId} -> keyId) (\s@ScheduleKeyDeletionResponse' {} a -> s {keyId = a} :: ScheduleKeyDeletionResponse)++-- | The current status of the KMS key.+--+-- For more information about how key state affects the use of a KMS key,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+scheduleKeyDeletionResponse_keyState :: Lens.Lens' ScheduleKeyDeletionResponse (Prelude.Maybe KeyState)+scheduleKeyDeletionResponse_keyState = Lens.lens (\ScheduleKeyDeletionResponse' {keyState} -> keyState) (\s@ScheduleKeyDeletionResponse' {} a -> s {keyState = a} :: ScheduleKeyDeletionResponse)++-- | The waiting period before the KMS key is deleted.+--+-- If the KMS key is a multi-Region primary key with replicas, the waiting+-- period begins when the last of its replica keys is deleted. Otherwise,+-- the waiting period begins immediately.+scheduleKeyDeletionResponse_pendingWindowInDays :: Lens.Lens' ScheduleKeyDeletionResponse (Prelude.Maybe Prelude.Natural)+scheduleKeyDeletionResponse_pendingWindowInDays = Lens.lens (\ScheduleKeyDeletionResponse' {pendingWindowInDays} -> pendingWindowInDays) (\s@ScheduleKeyDeletionResponse' {} a -> s {pendingWindowInDays = a} :: ScheduleKeyDeletionResponse)++-- | The response's http status code.+scheduleKeyDeletionResponse_httpStatus :: Lens.Lens' ScheduleKeyDeletionResponse Prelude.Int+scheduleKeyDeletionResponse_httpStatus = Lens.lens (\ScheduleKeyDeletionResponse' {httpStatus} -> httpStatus) (\s@ScheduleKeyDeletionResponse' {} a -> s {httpStatus = a} :: ScheduleKeyDeletionResponse)++instance Prelude.NFData ScheduleKeyDeletionResponse where+ rnf ScheduleKeyDeletionResponse' {..} =+ Prelude.rnf deletionDate+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf keyState+ `Prelude.seq` Prelude.rnf pendingWindowInDays+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/Sign.hs view
@@ -0,0 +1,492 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Sign+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Creates a+-- <https://en.wikipedia.org/wiki/Digital_signature digital signature> for+-- a message or message digest by using the private key in an asymmetric+-- signing KMS key. To verify the signature, use the Verify operation, or+-- use the public key in the same asymmetric KMS key outside of KMS. For+-- information about asymmetric KMS keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Asymmetric KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- Digital signatures are generated and verified by using asymmetric key+-- pair, such as an RSA or ECC pair that is represented by an asymmetric+-- KMS key. The key owner (or an authorized user) uses their private key to+-- sign a message. Anyone with the public key can verify that the message+-- was signed with that particular private key and that the message hasn\'t+-- changed since it was signed.+--+-- To use the @Sign@ operation, provide the following information:+--+-- - Use the @KeyId@ parameter to identify an asymmetric KMS key with a+-- @KeyUsage@ value of @SIGN_VERIFY@. To get the @KeyUsage@ value of a+-- KMS key, use the DescribeKey operation. The caller must have+-- @kms:Sign@ permission on the KMS key.+--+-- - Use the @Message@ parameter to specify the message or message digest+-- to sign. You can submit messages of up to 4096 bytes. To sign a+-- larger message, generate a hash digest of the message, and then+-- provide the hash digest in the @Message@ parameter. To indicate+-- whether the message is a full message or a digest, use the+-- @MessageType@ parameter.+--+-- - Choose a signing algorithm that is compatible with the KMS key.+--+-- When signing a message, be sure to record the KMS key and the signing+-- algorithm. This information is required to verify the signature.+--+-- Best practices recommend that you limit the time during which any+-- signature is effective. This deters an attack where the actor uses a+-- signed message to establish validity repeatedly or long after the+-- message is superseded. Signatures do not include a timestamp, but you+-- can include a timestamp in the signed message to help you detect when+-- its time to refresh the signature.+--+-- To verify the signature that this operation generates, use the Verify+-- operation. Or use the GetPublicKey operation to download the public key+-- and then use the public key to verify the signature outside of KMS.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:Sign>+-- (key policy)+--+-- __Related operations__: Verify+module Amazonka.KMS.Sign+ ( -- * Creating a Request+ Sign (..),+ newSign,++ -- * Request Lenses+ sign_grantTokens,+ sign_messageType,+ sign_keyId,+ sign_message,+ sign_signingAlgorithm,++ -- * Destructuring the Response+ SignResponse (..),+ newSignResponse,++ -- * Response Lenses+ signResponse_keyId,+ signResponse_signature,+ signResponse_signingAlgorithm,+ signResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newSign' smart constructor.+data Sign = Sign'+ { -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Tells KMS whether the value of the @Message@ parameter is a message or+ -- message digest. The default value, RAW, indicates a message. To indicate+ -- a message digest, enter @DIGEST@.+ messageType :: Prelude.Maybe MessageType,+ -- | Identifies an asymmetric KMS key. KMS uses the private key in the+ -- asymmetric KMS key to sign the message. The @KeyUsage@ type of the KMS+ -- key must be @SIGN_VERIFY@. To find the @KeyUsage@ of a KMS key, use the+ -- DescribeKey operation.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Text,+ -- | Specifies the message or message digest to sign. Messages can be 0-4096+ -- bytes. To sign a larger message, provide the message digest.+ --+ -- If you provide a message, KMS generates a hash digest of the message and+ -- then signs it.+ message :: Data.Sensitive Data.Base64,+ -- | Specifies the signing algorithm to use when signing the message.+ --+ -- Choose an algorithm that is compatible with the type and size of the+ -- specified asymmetric KMS key.+ signingAlgorithm :: SigningAlgorithmSpec+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Sign' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grantTokens', 'sign_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'messageType', 'sign_messageType' - Tells KMS whether the value of the @Message@ parameter is a message or+-- message digest. The default value, RAW, indicates a message. To indicate+-- a message digest, enter @DIGEST@.+--+-- 'keyId', 'sign_keyId' - Identifies an asymmetric KMS key. KMS uses the private key in the+-- asymmetric KMS key to sign the message. The @KeyUsage@ type of the KMS+-- key must be @SIGN_VERIFY@. To find the @KeyUsage@ of a KMS key, use the+-- DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+--+-- 'message', 'sign_message' - Specifies the message or message digest to sign. Messages can be 0-4096+-- bytes. To sign a larger message, provide the message digest.+--+-- If you provide a message, KMS generates a hash digest of the message and+-- then signs it.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'signingAlgorithm', 'sign_signingAlgorithm' - Specifies the signing algorithm to use when signing the message.+--+-- Choose an algorithm that is compatible with the type and size of the+-- specified asymmetric KMS key.+newSign ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'message'+ Prelude.ByteString ->+ -- | 'signingAlgorithm'+ SigningAlgorithmSpec ->+ Sign+newSign pKeyId_ pMessage_ pSigningAlgorithm_ =+ Sign'+ { grantTokens = Prelude.Nothing,+ messageType = Prelude.Nothing,+ keyId = pKeyId_,+ message =+ Data._Sensitive+ Prelude.. Data._Base64+ Lens.# pMessage_,+ signingAlgorithm = pSigningAlgorithm_+ }++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+sign_grantTokens :: Lens.Lens' Sign (Prelude.Maybe [Prelude.Text])+sign_grantTokens = Lens.lens (\Sign' {grantTokens} -> grantTokens) (\s@Sign' {} a -> s {grantTokens = a} :: Sign) Prelude.. Lens.mapping Lens.coerced++-- | Tells KMS whether the value of the @Message@ parameter is a message or+-- message digest. The default value, RAW, indicates a message. To indicate+-- a message digest, enter @DIGEST@.+sign_messageType :: Lens.Lens' Sign (Prelude.Maybe MessageType)+sign_messageType = Lens.lens (\Sign' {messageType} -> messageType) (\s@Sign' {} a -> s {messageType = a} :: Sign)++-- | Identifies an asymmetric KMS key. KMS uses the private key in the+-- asymmetric KMS key to sign the message. The @KeyUsage@ type of the KMS+-- key must be @SIGN_VERIFY@. To find the @KeyUsage@ of a KMS key, use the+-- DescribeKey operation.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+sign_keyId :: Lens.Lens' Sign Prelude.Text+sign_keyId = Lens.lens (\Sign' {keyId} -> keyId) (\s@Sign' {} a -> s {keyId = a} :: Sign)++-- | Specifies the message or message digest to sign. Messages can be 0-4096+-- bytes. To sign a larger message, provide the message digest.+--+-- If you provide a message, KMS generates a hash digest of the message and+-- then signs it.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+sign_message :: Lens.Lens' Sign Prelude.ByteString+sign_message = Lens.lens (\Sign' {message} -> message) (\s@Sign' {} a -> s {message = a} :: Sign) Prelude.. Data._Sensitive Prelude.. Data._Base64++-- | Specifies the signing algorithm to use when signing the message.+--+-- Choose an algorithm that is compatible with the type and size of the+-- specified asymmetric KMS key.+sign_signingAlgorithm :: Lens.Lens' Sign SigningAlgorithmSpec+sign_signingAlgorithm = Lens.lens (\Sign' {signingAlgorithm} -> signingAlgorithm) (\s@Sign' {} a -> s {signingAlgorithm = a} :: Sign)++instance Core.AWSRequest Sign where+ type AWSResponse Sign = SignResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ SignResponse'+ Prelude.<$> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "Signature")+ Prelude.<*> (x Data..?> "SigningAlgorithm")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable Sign where+ hashWithSalt _salt Sign' {..} =+ _salt+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` messageType+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` message+ `Prelude.hashWithSalt` signingAlgorithm++instance Prelude.NFData Sign where+ rnf Sign' {..} =+ Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf messageType+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf message+ `Prelude.seq` Prelude.rnf signingAlgorithm++instance Data.ToHeaders Sign where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.Sign" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON Sign where+ toJSON Sign' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ ("MessageType" Data..=) Prelude.<$> messageType,+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("Message" Data..= message),+ Prelude.Just+ ("SigningAlgorithm" Data..= signingAlgorithm)+ ]+ )++instance Data.ToPath Sign where+ toPath = Prelude.const "/"++instance Data.ToQuery Sign where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newSignResponse' smart constructor.+data SignResponse = SignResponse'+ { -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the asymmetric KMS key that was used to sign the message.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The cryptographic signature that was generated for the message.+ --+ -- - When used with the supported RSA signing algorithms, the encoding of+ -- this value is defined by+ -- <https://tools.ietf.org/html/rfc8017 PKCS #1 in RFC 8017>.+ --+ -- - When used with the @ECDSA_SHA_256@, @ECDSA_SHA_384@, or+ -- @ECDSA_SHA_512@ signing algorithms, this value is a DER-encoded+ -- object as defined by ANS X9.62–2005 and+ -- <https://tools.ietf.org/html/rfc3279#section-2.2.3 RFC 3279 Section 2.2.3>.+ -- This is the most commonly used signature format and is appropriate+ -- for most uses.+ --+ -- When you use the HTTP API or the Amazon Web Services CLI, the value is+ -- Base64-encoded. Otherwise, it is not Base64-encoded.+ signature :: Prelude.Maybe Data.Base64,+ -- | The signing algorithm that was used to sign the message.+ signingAlgorithm :: Prelude.Maybe SigningAlgorithmSpec,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'SignResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'signResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the asymmetric KMS key that was used to sign the message.+--+-- 'signature', 'signResponse_signature' - The cryptographic signature that was generated for the message.+--+-- - When used with the supported RSA signing algorithms, the encoding of+-- this value is defined by+-- <https://tools.ietf.org/html/rfc8017 PKCS #1 in RFC 8017>.+--+-- - When used with the @ECDSA_SHA_256@, @ECDSA_SHA_384@, or+-- @ECDSA_SHA_512@ signing algorithms, this value is a DER-encoded+-- object as defined by ANS X9.62–2005 and+-- <https://tools.ietf.org/html/rfc3279#section-2.2.3 RFC 3279 Section 2.2.3>.+-- This is the most commonly used signature format and is appropriate+-- for most uses.+--+-- When you use the HTTP API or the Amazon Web Services CLI, the value is+-- Base64-encoded. Otherwise, it is not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'signingAlgorithm', 'signResponse_signingAlgorithm' - The signing algorithm that was used to sign the message.+--+-- 'httpStatus', 'signResponse_httpStatus' - The response's http status code.+newSignResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ SignResponse+newSignResponse pHttpStatus_ =+ SignResponse'+ { keyId = Prelude.Nothing,+ signature = Prelude.Nothing,+ signingAlgorithm = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the asymmetric KMS key that was used to sign the message.+signResponse_keyId :: Lens.Lens' SignResponse (Prelude.Maybe Prelude.Text)+signResponse_keyId = Lens.lens (\SignResponse' {keyId} -> keyId) (\s@SignResponse' {} a -> s {keyId = a} :: SignResponse)++-- | The cryptographic signature that was generated for the message.+--+-- - When used with the supported RSA signing algorithms, the encoding of+-- this value is defined by+-- <https://tools.ietf.org/html/rfc8017 PKCS #1 in RFC 8017>.+--+-- - When used with the @ECDSA_SHA_256@, @ECDSA_SHA_384@, or+-- @ECDSA_SHA_512@ signing algorithms, this value is a DER-encoded+-- object as defined by ANS X9.62–2005 and+-- <https://tools.ietf.org/html/rfc3279#section-2.2.3 RFC 3279 Section 2.2.3>.+-- This is the most commonly used signature format and is appropriate+-- for most uses.+--+-- When you use the HTTP API or the Amazon Web Services CLI, the value is+-- Base64-encoded. Otherwise, it is not Base64-encoded.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+signResponse_signature :: Lens.Lens' SignResponse (Prelude.Maybe Prelude.ByteString)+signResponse_signature = Lens.lens (\SignResponse' {signature} -> signature) (\s@SignResponse' {} a -> s {signature = a} :: SignResponse) Prelude.. Lens.mapping Data._Base64++-- | The signing algorithm that was used to sign the message.+signResponse_signingAlgorithm :: Lens.Lens' SignResponse (Prelude.Maybe SigningAlgorithmSpec)+signResponse_signingAlgorithm = Lens.lens (\SignResponse' {signingAlgorithm} -> signingAlgorithm) (\s@SignResponse' {} a -> s {signingAlgorithm = a} :: SignResponse)++-- | The response's http status code.+signResponse_httpStatus :: Lens.Lens' SignResponse Prelude.Int+signResponse_httpStatus = Lens.lens (\SignResponse' {httpStatus} -> httpStatus) (\s@SignResponse' {} a -> s {httpStatus = a} :: SignResponse)++instance Prelude.NFData SignResponse where+ rnf SignResponse' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf signature+ `Prelude.seq` Prelude.rnf signingAlgorithm+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/TagResource.hs view
@@ -0,0 +1,254 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.TagResource+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Adds or edits tags on a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>.+--+-- Tagging or untagging a KMS key can allow or deny permission to the KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- Each tag consists of a tag key and a tag value, both of which are+-- case-sensitive strings. The tag value can be an empty (null) string. To+-- add a tag, specify a new tag key and a tag value. To edit a tag, specify+-- an existing tag key and a new tag value.+--+-- You can use this operation to tag a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>,+-- but you cannot tag an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed key>,+-- an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk Amazon Web Services owned key>,+-- a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#keystore-concept custom key store>,+-- or an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#alias-concept alias>.+--+-- You can also add tags to a KMS key while creating it (CreateKey) or+-- replicating it (ReplicateKey).+--+-- For information about using tags in KMS, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging keys>.+-- For general information about tags, including the format and syntax, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html Tagging Amazon Web Services resources>+-- in the /Amazon Web Services General Reference/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:TagResource>+-- (key policy)+--+-- __Related operations__+--+-- - CreateKey+--+-- - ListResourceTags+--+-- - ReplicateKey+--+-- - UntagResource+module Amazonka.KMS.TagResource+ ( -- * Creating a Request+ TagResource (..),+ newTagResource,++ -- * Request Lenses+ tagResource_keyId,+ tagResource_tags,++ -- * Destructuring the Response+ TagResourceResponse (..),+ newTagResourceResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newTagResource' smart constructor.+data TagResource = TagResource'+ { -- | Identifies a customer managed key in the account and Region.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | One or more tags.+ --+ -- Each tag consists of a tag key and a tag value. The tag value can be an+ -- empty (null) string.+ --+ -- You cannot have more than one tag on a KMS key with the same tag key. If+ -- you specify an existing tag key with a different tag value, KMS replaces+ -- the current tag value with the specified one.+ tags :: [Tag]+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'TagResource' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'tagResource_keyId' - Identifies a customer managed key in the account and Region.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'tags', 'tagResource_tags' - One or more tags.+--+-- Each tag consists of a tag key and a tag value. The tag value can be an+-- empty (null) string.+--+-- You cannot have more than one tag on a KMS key with the same tag key. If+-- you specify an existing tag key with a different tag value, KMS replaces+-- the current tag value with the specified one.+newTagResource ::+ -- | 'keyId'+ Prelude.Text ->+ TagResource+newTagResource pKeyId_ =+ TagResource'+ { keyId = pKeyId_,+ tags = Prelude.mempty+ }++-- | Identifies a customer managed key in the account and Region.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+tagResource_keyId :: Lens.Lens' TagResource Prelude.Text+tagResource_keyId = Lens.lens (\TagResource' {keyId} -> keyId) (\s@TagResource' {} a -> s {keyId = a} :: TagResource)++-- | One or more tags.+--+-- Each tag consists of a tag key and a tag value. The tag value can be an+-- empty (null) string.+--+-- You cannot have more than one tag on a KMS key with the same tag key. If+-- you specify an existing tag key with a different tag value, KMS replaces+-- the current tag value with the specified one.+tagResource_tags :: Lens.Lens' TagResource [Tag]+tagResource_tags = Lens.lens (\TagResource' {tags} -> tags) (\s@TagResource' {} a -> s {tags = a} :: TagResource) Prelude.. Lens.coerced++instance Core.AWSRequest TagResource where+ type AWSResponse TagResource = TagResourceResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response = Response.receiveNull TagResourceResponse'++instance Prelude.Hashable TagResource where+ hashWithSalt _salt TagResource' {..} =+ _salt+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` tags++instance Prelude.NFData TagResource where+ rnf TagResource' {..} =+ Prelude.rnf keyId `Prelude.seq` Prelude.rnf tags++instance Data.ToHeaders TagResource where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.TagResource" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON TagResource where+ toJSON TagResource' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("Tags" Data..= tags)+ ]+ )++instance Data.ToPath TagResource where+ toPath = Prelude.const "/"++instance Data.ToQuery TagResource where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newTagResourceResponse' smart constructor.+data TagResourceResponse = TagResourceResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'TagResourceResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newTagResourceResponse ::+ TagResourceResponse+newTagResourceResponse = TagResourceResponse'++instance Prelude.NFData TagResourceResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/Types.hs view
@@ -0,0 +1,907 @@+{-# LANGUAGE DisambiguateRecordFields #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types+ ( -- * Service Configuration+ defaultService,++ -- * Errors+ _AlreadyExistsException,+ _CloudHsmClusterInUseException,+ _CloudHsmClusterInvalidConfigurationException,+ _CloudHsmClusterNotActiveException,+ _CloudHsmClusterNotFoundException,+ _CloudHsmClusterNotRelatedException,+ _CustomKeyStoreHasCMKsException,+ _CustomKeyStoreInvalidStateException,+ _CustomKeyStoreNameInUseException,+ _CustomKeyStoreNotFoundException,+ _DependencyTimeoutException,+ _DisabledException,+ _ExpiredImportTokenException,+ _IncorrectKeyException,+ _IncorrectKeyMaterialException,+ _IncorrectTrustAnchorException,+ _InvalidAliasNameException,+ _InvalidArnException,+ _InvalidCiphertextException,+ _InvalidGrantIdException,+ _InvalidGrantTokenException,+ _InvalidImportTokenException,+ _InvalidKeyUsageException,+ _InvalidMarkerException,+ _KMSInternalException,+ _KMSInvalidMacException,+ _KMSInvalidSignatureException,+ _KMSInvalidStateException,+ _KeyUnavailableException,+ _LimitExceededException,+ _MalformedPolicyDocumentException,+ _NotFoundException,+ _TagException,+ _UnsupportedOperationException,+ _XksKeyAlreadyInUseException,+ _XksKeyInvalidConfigurationException,+ _XksKeyNotFoundException,+ _XksProxyIncorrectAuthenticationCredentialException,+ _XksProxyInvalidConfigurationException,+ _XksProxyInvalidResponseException,+ _XksProxyUriEndpointInUseException,+ _XksProxyUriInUseException,+ _XksProxyUriUnreachableException,+ _XksProxyVpcEndpointServiceInUseException,+ _XksProxyVpcEndpointServiceInvalidConfigurationException,+ _XksProxyVpcEndpointServiceNotFoundException,++ -- * AlgorithmSpec+ AlgorithmSpec (..),++ -- * ConnectionErrorCodeType+ ConnectionErrorCodeType (..),++ -- * ConnectionStateType+ ConnectionStateType (..),++ -- * CustomKeyStoreType+ CustomKeyStoreType (..),++ -- * CustomerMasterKeySpec+ CustomerMasterKeySpec (..),++ -- * DataKeyPairSpec+ DataKeyPairSpec (..),++ -- * DataKeySpec+ DataKeySpec (..),++ -- * EncryptionAlgorithmSpec+ EncryptionAlgorithmSpec (..),++ -- * ExpirationModelType+ ExpirationModelType (..),++ -- * GrantOperation+ GrantOperation (..),++ -- * KeyManagerType+ KeyManagerType (..),++ -- * KeySpec+ KeySpec (..),++ -- * KeyState+ KeyState (..),++ -- * KeyUsageType+ KeyUsageType (..),++ -- * MacAlgorithmSpec+ MacAlgorithmSpec (..),++ -- * MessageType+ MessageType (..),++ -- * MultiRegionKeyType+ MultiRegionKeyType (..),++ -- * OriginType+ OriginType (..),++ -- * SigningAlgorithmSpec+ SigningAlgorithmSpec (..),++ -- * WrappingKeySpec+ WrappingKeySpec (..),++ -- * XksProxyConnectivityType+ XksProxyConnectivityType (..),++ -- * AliasListEntry+ AliasListEntry (..),+ newAliasListEntry,+ aliasListEntry_aliasArn,+ aliasListEntry_aliasName,+ aliasListEntry_creationDate,+ aliasListEntry_lastUpdatedDate,+ aliasListEntry_targetKeyId,++ -- * CustomKeyStoresListEntry+ CustomKeyStoresListEntry (..),+ newCustomKeyStoresListEntry,+ customKeyStoresListEntry_cloudHsmClusterId,+ customKeyStoresListEntry_connectionErrorCode,+ customKeyStoresListEntry_connectionState,+ customKeyStoresListEntry_creationDate,+ customKeyStoresListEntry_customKeyStoreId,+ customKeyStoresListEntry_customKeyStoreName,+ customKeyStoresListEntry_customKeyStoreType,+ customKeyStoresListEntry_trustAnchorCertificate,+ customKeyStoresListEntry_xksProxyConfiguration,++ -- * GrantConstraints+ GrantConstraints (..),+ newGrantConstraints,+ grantConstraints_encryptionContextEquals,+ grantConstraints_encryptionContextSubset,++ -- * GrantListEntry+ GrantListEntry (..),+ newGrantListEntry,+ grantListEntry_constraints,+ grantListEntry_creationDate,+ grantListEntry_grantId,+ grantListEntry_granteePrincipal,+ grantListEntry_issuingAccount,+ grantListEntry_keyId,+ grantListEntry_name,+ grantListEntry_operations,+ grantListEntry_retiringPrincipal,++ -- * KeyListEntry+ KeyListEntry (..),+ newKeyListEntry,+ keyListEntry_keyArn,+ keyListEntry_keyId,++ -- * KeyMetadata+ KeyMetadata (..),+ newKeyMetadata,+ keyMetadata_aWSAccountId,+ keyMetadata_arn,+ keyMetadata_cloudHsmClusterId,+ keyMetadata_creationDate,+ keyMetadata_customKeyStoreId,+ keyMetadata_customerMasterKeySpec,+ keyMetadata_deletionDate,+ keyMetadata_description,+ keyMetadata_enabled,+ keyMetadata_encryptionAlgorithms,+ keyMetadata_expirationModel,+ keyMetadata_keyManager,+ keyMetadata_keySpec,+ keyMetadata_keyState,+ keyMetadata_keyUsage,+ keyMetadata_macAlgorithms,+ keyMetadata_multiRegion,+ keyMetadata_multiRegionConfiguration,+ keyMetadata_origin,+ keyMetadata_pendingDeletionWindowInDays,+ keyMetadata_signingAlgorithms,+ keyMetadata_validTo,+ keyMetadata_xksKeyConfiguration,+ keyMetadata_keyId,++ -- * ListGrantsResponse+ ListGrantsResponse (..),+ newListGrantsResponse,+ listGrantsResponse_grants,+ listGrantsResponse_nextMarker,+ listGrantsResponse_truncated,++ -- * MultiRegionConfiguration+ MultiRegionConfiguration (..),+ newMultiRegionConfiguration,+ multiRegionConfiguration_multiRegionKeyType,+ multiRegionConfiguration_primaryKey,+ multiRegionConfiguration_replicaKeys,++ -- * MultiRegionKey+ MultiRegionKey (..),+ newMultiRegionKey,+ multiRegionKey_arn,+ multiRegionKey_region,++ -- * Tag+ Tag (..),+ newTag,+ tag_tagKey,+ tag_tagValue,++ -- * XksKeyConfigurationType+ XksKeyConfigurationType (..),+ newXksKeyConfigurationType,+ xksKeyConfigurationType_id,++ -- * XksProxyAuthenticationCredentialType+ XksProxyAuthenticationCredentialType (..),+ newXksProxyAuthenticationCredentialType,+ xksProxyAuthenticationCredentialType_accessKeyId,+ xksProxyAuthenticationCredentialType_rawSecretAccessKey,++ -- * XksProxyConfigurationType+ XksProxyConfigurationType (..),+ newXksProxyConfigurationType,+ xksProxyConfigurationType_accessKeyId,+ xksProxyConfigurationType_connectivity,+ xksProxyConfigurationType_uriEndpoint,+ xksProxyConfigurationType_uriPath,+ xksProxyConfigurationType_vpcEndpointServiceName,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import Amazonka.KMS.Types.AlgorithmSpec+import Amazonka.KMS.Types.AliasListEntry+import Amazonka.KMS.Types.ConnectionErrorCodeType+import Amazonka.KMS.Types.ConnectionStateType+import Amazonka.KMS.Types.CustomKeyStoreType+import Amazonka.KMS.Types.CustomKeyStoresListEntry+import Amazonka.KMS.Types.CustomerMasterKeySpec+import Amazonka.KMS.Types.DataKeyPairSpec+import Amazonka.KMS.Types.DataKeySpec+import Amazonka.KMS.Types.EncryptionAlgorithmSpec+import Amazonka.KMS.Types.ExpirationModelType+import Amazonka.KMS.Types.GrantConstraints+import Amazonka.KMS.Types.GrantListEntry+import Amazonka.KMS.Types.GrantOperation+import Amazonka.KMS.Types.KeyListEntry+import Amazonka.KMS.Types.KeyManagerType+import Amazonka.KMS.Types.KeyMetadata+import Amazonka.KMS.Types.KeySpec+import Amazonka.KMS.Types.KeyState+import Amazonka.KMS.Types.KeyUsageType+import Amazonka.KMS.Types.ListGrantsResponse+import Amazonka.KMS.Types.MacAlgorithmSpec+import Amazonka.KMS.Types.MessageType+import Amazonka.KMS.Types.MultiRegionConfiguration+import Amazonka.KMS.Types.MultiRegionKey+import Amazonka.KMS.Types.MultiRegionKeyType+import Amazonka.KMS.Types.OriginType+import Amazonka.KMS.Types.SigningAlgorithmSpec+import Amazonka.KMS.Types.Tag+import Amazonka.KMS.Types.WrappingKeySpec+import Amazonka.KMS.Types.XksKeyConfigurationType+import Amazonka.KMS.Types.XksProxyAuthenticationCredentialType+import Amazonka.KMS.Types.XksProxyConfigurationType+import Amazonka.KMS.Types.XksProxyConnectivityType+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Sign.V4 as Sign++-- | API version @2014-11-01@ of the Amazon Key Management Service SDK configuration.+defaultService :: Core.Service+defaultService =+ Core.Service+ { Core.abbrev = "KMS",+ Core.signer = Sign.v4,+ Core.endpointPrefix = "kms",+ Core.signingName = "kms",+ Core.version = "2014-11-01",+ Core.s3AddressingStyle = Core.S3AddressingStyleAuto,+ Core.endpoint = Core.defaultEndpoint defaultService,+ Core.timeout = Prelude.Just 70,+ Core.check = Core.statusSuccess,+ Core.error = Core.parseJSONError "KMS",+ Core.retry = retry+ }+ where+ retry =+ Core.Exponential+ { Core.base = 5.0e-2,+ Core.growth = 2,+ Core.attempts = 5,+ Core.check = check+ }+ check e+ | Lens.has (Core.hasStatus 502) e =+ Prelude.Just "bad_gateway"+ | Lens.has (Core.hasStatus 504) e =+ Prelude.Just "gateway_timeout"+ | Lens.has (Core.hasStatus 500) e =+ Prelude.Just "general_server_error"+ | Lens.has (Core.hasStatus 509) e =+ Prelude.Just "limit_exceeded"+ | Lens.has+ ( Core.hasCode "RequestThrottledException"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "request_throttled_exception"+ | Lens.has (Core.hasStatus 503) e =+ Prelude.Just "service_unavailable"+ | Lens.has+ ( Core.hasCode "ThrottledException"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "throttled_exception"+ | Lens.has+ ( Core.hasCode "Throttling"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "throttling"+ | Lens.has+ ( Core.hasCode "ThrottlingException"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "throttling_exception"+ | Lens.has+ ( Core.hasCode+ "ProvisionedThroughputExceededException"+ Prelude.. Core.hasStatus 400+ )+ e =+ Prelude.Just "throughput_exceeded"+ | Lens.has (Core.hasStatus 429) e =+ Prelude.Just "too_many_requests"+ | Prelude.otherwise = Prelude.Nothing++-- | The request was rejected because it attempted to create a resource that+-- already exists.+_AlreadyExistsException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_AlreadyExistsException =+ Core._MatchServiceError+ defaultService+ "AlreadyExistsException"++-- | The request was rejected because the specified CloudHSM cluster is+-- already associated with an CloudHSM key store in the account, or it+-- shares a backup history with an CloudHSM key store in the account. Each+-- CloudHSM key store in the account must be associated with a different+-- CloudHSM cluster.+--+-- CloudHSM clusters that share a backup history have the same cluster+-- certificate. To view the cluster certificate of an CloudHSM cluster, use+-- the+-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>+-- operation.+_CloudHsmClusterInUseException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_CloudHsmClusterInUseException =+ Core._MatchServiceError+ defaultService+ "CloudHsmClusterInUseException"++-- | The request was rejected because the associated CloudHSM cluster did not+-- meet the configuration requirements for an CloudHSM key store.+--+-- - The CloudHSM cluster must be configured with private subnets in at+-- least two different Availability Zones in the Region.+--+-- - The+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html security group for the cluster>+-- (cloudhsm-cluster-/\<cluster-id>/-sg) must include inbound rules and+-- outbound rules that allow TCP traffic on ports 2223-2225. The+-- __Source__ in the inbound rules and the __Destination__ in the+-- outbound rules must match the security group ID. These rules are set+-- by default when you create the CloudHSM cluster. Do not delete or+-- change them. To get information about a particular security group,+-- use the+-- <https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeSecurityGroups.html DescribeSecurityGroups>+-- operation.+--+-- - The CloudHSM cluster must contain at least as many HSMs as the+-- operation requires. To add HSMs, use the CloudHSM+-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_CreateHsm.html CreateHsm>+-- operation.+--+-- For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey+-- operations, the CloudHSM cluster must have at least two active HSMs,+-- each in a different Availability Zone. For the ConnectCustomKeyStore+-- operation, the CloudHSM must contain at least one active HSM.+--+-- For information about the requirements for an CloudHSM cluster that is+-- associated with an CloudHSM key store, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore Assemble the Prerequisites>+-- in the /Key Management Service Developer Guide/. For information about+-- creating a private subnet for an CloudHSM cluster, see+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/create-subnets.html Create a Private Subnet>+-- in the /CloudHSM User Guide/. For information about cluster security+-- groups, see+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/configure-sg.html Configure a Default Security Group>+-- in the //CloudHSM User Guide// .+_CloudHsmClusterInvalidConfigurationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_CloudHsmClusterInvalidConfigurationException =+ Core._MatchServiceError+ defaultService+ "CloudHsmClusterInvalidConfigurationException"++-- | The request was rejected because the CloudHSM cluster associated with+-- the CloudHSM key store is not active. Initialize and activate the+-- cluster and try the command again. For detailed instructions, see+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/getting-started.html Getting Started>+-- in the /CloudHSM User Guide/.+_CloudHsmClusterNotActiveException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_CloudHsmClusterNotActiveException =+ Core._MatchServiceError+ defaultService+ "CloudHsmClusterNotActiveException"++-- | The request was rejected because KMS cannot find the CloudHSM cluster+-- with the specified cluster ID. Retry the request with a different+-- cluster ID.+_CloudHsmClusterNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_CloudHsmClusterNotFoundException =+ Core._MatchServiceError+ defaultService+ "CloudHsmClusterNotFoundException"++-- | The request was rejected because the specified CloudHSM cluster has a+-- different cluster certificate than the original cluster. You cannot use+-- the operation to specify an unrelated cluster for an CloudHSM key store.+--+-- Specify an CloudHSM cluster that shares a backup history with the+-- original cluster. This includes clusters that were created from a backup+-- of the current cluster, and clusters that were created from the same+-- backup that produced the current cluster.+--+-- CloudHSM clusters that share a backup history have the same cluster+-- certificate. To view the cluster certificate of an CloudHSM cluster, use+-- the+-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>+-- operation.+_CloudHsmClusterNotRelatedException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_CloudHsmClusterNotRelatedException =+ Core._MatchServiceError+ defaultService+ "CloudHsmClusterNotRelatedException"++-- | The request was rejected because the custom key store contains KMS keys.+-- After verifying that you do not need to use the KMS keys, use the+-- ScheduleKeyDeletion operation to delete the KMS keys. After they are+-- deleted, you can delete the custom key store.+_CustomKeyStoreHasCMKsException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_CustomKeyStoreHasCMKsException =+ Core._MatchServiceError+ defaultService+ "CustomKeyStoreHasCMKsException"++-- | The request was rejected because of the @ConnectionState@ of the custom+-- key store. To get the @ConnectionState@ of a custom key store, use the+-- DescribeCustomKeyStores operation.+--+-- This exception is thrown under the following conditions:+--+-- - You requested the ConnectCustomKeyStore operation on a custom key+-- store with a @ConnectionState@ of @DISCONNECTING@ or @FAILED@. This+-- operation is valid for all other @ConnectionState@ values. To+-- reconnect a custom key store in a @FAILED@ state, disconnect it+-- (DisconnectCustomKeyStore), then connect it+-- (@ConnectCustomKeyStore@).+--+-- - You requested the CreateKey operation in a custom key store that is+-- not connected. This operations is valid only when the custom key+-- store @ConnectionState@ is @CONNECTED@.+--+-- - You requested the DisconnectCustomKeyStore operation on a custom key+-- store with a @ConnectionState@ of @DISCONNECTING@ or @DISCONNECTED@.+-- This operation is valid for all other @ConnectionState@ values.+--+-- - You requested the UpdateCustomKeyStore or DeleteCustomKeyStore+-- operation on a custom key store that is not disconnected. This+-- operation is valid only when the custom key store @ConnectionState@+-- is @DISCONNECTED@.+--+-- - You requested the GenerateRandom operation in an CloudHSM key store+-- that is not connected. This operation is valid only when the+-- CloudHSM key store @ConnectionState@ is @CONNECTED@.+_CustomKeyStoreInvalidStateException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_CustomKeyStoreInvalidStateException =+ Core._MatchServiceError+ defaultService+ "CustomKeyStoreInvalidStateException"++-- | The request was rejected because the specified custom key store name is+-- already assigned to another custom key store in the account. Try again+-- with a custom key store name that is unique in the account.+_CustomKeyStoreNameInUseException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_CustomKeyStoreNameInUseException =+ Core._MatchServiceError+ defaultService+ "CustomKeyStoreNameInUseException"++-- | The request was rejected because KMS cannot find a custom key store with+-- the specified key store name or ID.+_CustomKeyStoreNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_CustomKeyStoreNotFoundException =+ Core._MatchServiceError+ defaultService+ "CustomKeyStoreNotFoundException"++-- | The system timed out while trying to fulfill the request. You can retry+-- the request.+_DependencyTimeoutException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_DependencyTimeoutException =+ Core._MatchServiceError+ defaultService+ "DependencyTimeoutException"++-- | The request was rejected because the specified KMS key is not enabled.+_DisabledException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_DisabledException =+ Core._MatchServiceError+ defaultService+ "DisabledException"++-- | The request was rejected because the specified import token is expired.+-- Use GetParametersForImport to get a new import token and public key, use+-- the new public key to encrypt the key material, and then try the request+-- again.+_ExpiredImportTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_ExpiredImportTokenException =+ Core._MatchServiceError+ defaultService+ "ExpiredImportTokenException"++-- | The request was rejected because the specified KMS key cannot decrypt+-- the data. The @KeyId@ in a Decrypt request and the @SourceKeyId@ in a+-- ReEncrypt request must identify the same KMS key that was used to+-- encrypt the ciphertext.+_IncorrectKeyException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_IncorrectKeyException =+ Core._MatchServiceError+ defaultService+ "IncorrectKeyException"++-- | The request was rejected because the key material in the request is,+-- expired, invalid, or is not the same key material that was previously+-- imported into this KMS key.+_IncorrectKeyMaterialException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_IncorrectKeyMaterialException =+ Core._MatchServiceError+ defaultService+ "IncorrectKeyMaterialException"++-- | The request was rejected because the trust anchor certificate in the+-- request to create an CloudHSM key store is not the trust anchor+-- certificate for the specified CloudHSM cluster.+--+-- When you+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr initialize the CloudHSM cluster>,+-- you create the trust anchor certificate and save it in the+-- @customerCA.crt@ file.+_IncorrectTrustAnchorException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_IncorrectTrustAnchorException =+ Core._MatchServiceError+ defaultService+ "IncorrectTrustAnchorException"++-- | The request was rejected because the specified alias name is not valid.+_InvalidAliasNameException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidAliasNameException =+ Core._MatchServiceError+ defaultService+ "InvalidAliasNameException"++-- | The request was rejected because a specified ARN, or an ARN in a key+-- policy, is not valid.+_InvalidArnException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidArnException =+ Core._MatchServiceError+ defaultService+ "InvalidArnException"++-- | From the Decrypt or ReEncrypt operation, the request was rejected+-- because the specified ciphertext, or additional authenticated data+-- incorporated into the ciphertext, such as the encryption context, is+-- corrupted, missing, or otherwise invalid.+--+-- From the ImportKeyMaterial operation, the request was rejected because+-- KMS could not decrypt the encrypted (wrapped) key material.+_InvalidCiphertextException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidCiphertextException =+ Core._MatchServiceError+ defaultService+ "InvalidCiphertextException"++-- | The request was rejected because the specified @GrantId@ is not valid.+_InvalidGrantIdException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidGrantIdException =+ Core._MatchServiceError+ defaultService+ "InvalidGrantIdException"++-- | The request was rejected because the specified grant token is not valid.+_InvalidGrantTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidGrantTokenException =+ Core._MatchServiceError+ defaultService+ "InvalidGrantTokenException"++-- | The request was rejected because the provided import token is invalid or+-- is associated with a different KMS key.+_InvalidImportTokenException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidImportTokenException =+ Core._MatchServiceError+ defaultService+ "InvalidImportTokenException"++-- | The request was rejected for one of the following reasons:+--+-- - The @KeyUsage@ value of the KMS key is incompatible with the API+-- operation.+--+-- - The encryption algorithm or signing algorithm specified for the+-- operation is incompatible with the type of key material in the KMS+-- key @(KeySpec@).+--+-- For encrypting, decrypting, re-encrypting, and generating data keys, the+-- @KeyUsage@ must be @ENCRYPT_DECRYPT@. For signing and verifying+-- messages, the @KeyUsage@ must be @SIGN_VERIFY@. For generating and+-- verifying message authentication codes (MACs), the @KeyUsage@ must be+-- @GENERATE_VERIFY_MAC@. To find the @KeyUsage@ of a KMS key, use the+-- DescribeKey operation.+--+-- To find the encryption or signing algorithms supported for a particular+-- KMS key, use the DescribeKey operation.+_InvalidKeyUsageException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidKeyUsageException =+ Core._MatchServiceError+ defaultService+ "InvalidKeyUsageException"++-- | The request was rejected because the marker that specifies where+-- pagination should next begin is not valid.+_InvalidMarkerException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_InvalidMarkerException =+ Core._MatchServiceError+ defaultService+ "InvalidMarkerException"++-- | The request was rejected because an internal exception occurred. The+-- request can be retried.+_KMSInternalException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_KMSInternalException =+ Core._MatchServiceError+ defaultService+ "KMSInternalException"++-- | The request was rejected because the HMAC verification failed. HMAC+-- verification fails when the HMAC computed by using the specified+-- message, HMAC KMS key, and MAC algorithm does not match the HMAC+-- specified in the request.+_KMSInvalidMacException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_KMSInvalidMacException =+ Core._MatchServiceError+ defaultService+ "KMSInvalidMacException"++-- | The request was rejected because the signature verification failed.+-- Signature verification fails when it cannot confirm that signature was+-- produced by signing the specified message with the specified KMS key and+-- signing algorithm.+_KMSInvalidSignatureException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_KMSInvalidSignatureException =+ Core._MatchServiceError+ defaultService+ "KMSInvalidSignatureException"++-- | The request was rejected because the state of the specified resource is+-- not valid for this request.+--+-- This exceptions means one of the following:+--+-- - The key state of the KMS key is not compatible with the operation.+--+-- To find the key state, use the DescribeKey operation. For more+-- information about which key states are compatible with each KMS+-- operation, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the //Key Management Service Developer Guide// .+--+-- - For cryptographic operations on KMS keys in custom key stores, this+-- exception represents a general failure with many possible causes. To+-- identify the cause, see the error message that accompanies the+-- exception.+_KMSInvalidStateException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_KMSInvalidStateException =+ Core._MatchServiceError+ defaultService+ "KMSInvalidStateException"++-- | The request was rejected because the specified KMS key was not+-- available. You can retry the request.+_KeyUnavailableException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_KeyUnavailableException =+ Core._MatchServiceError+ defaultService+ "KeyUnavailableException"++-- | The request was rejected because a quota was exceeded. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/limits.html Quotas>+-- in the /Key Management Service Developer Guide/.+_LimitExceededException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_LimitExceededException =+ Core._MatchServiceError+ defaultService+ "LimitExceededException"++-- | The request was rejected because the specified policy is not+-- syntactically or semantically correct.+_MalformedPolicyDocumentException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_MalformedPolicyDocumentException =+ Core._MatchServiceError+ defaultService+ "MalformedPolicyDocumentException"++-- | The request was rejected because the specified entity or resource could+-- not be found.+_NotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_NotFoundException =+ Core._MatchServiceError+ defaultService+ "NotFoundException"++-- | The request was rejected because one or more tags are not valid.+_TagException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_TagException =+ Core._MatchServiceError+ defaultService+ "TagException"++-- | The request was rejected because a specified parameter is not supported+-- or a specified resource is not valid for this operation.+_UnsupportedOperationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_UnsupportedOperationException =+ Core._MatchServiceError+ defaultService+ "UnsupportedOperationException"++-- | The request was rejected because the (@XksKeyId@) is already associated+-- with a KMS key in this external key store. Each KMS key in an external+-- key store must be associated with a different external key.+_XksKeyAlreadyInUseException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksKeyAlreadyInUseException =+ Core._MatchServiceError+ defaultService+ "XksKeyAlreadyInUseException"++-- | The request was rejected because the external key specified by the+-- @XksKeyId@ parameter did not meet the configuration requirements for an+-- external key store.+--+-- The external key must be an AES-256 symmetric key that is enabled and+-- performs encryption and decryption.+_XksKeyInvalidConfigurationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksKeyInvalidConfigurationException =+ Core._MatchServiceError+ defaultService+ "XksKeyInvalidConfigurationException"++-- | The request was rejected because the external key store proxy could not+-- find the external key. This exception is thrown when the value of the+-- @XksKeyId@ parameter doesn\'t identify a key in the external key manager+-- associated with the external key proxy.+--+-- Verify that the @XksKeyId@ represents an existing key in the external+-- key manager. Use the key identifier that the external key store proxy+-- uses to identify the key. For details, see the documentation provided+-- with your external key store proxy or key manager.+_XksKeyNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksKeyNotFoundException =+ Core._MatchServiceError+ defaultService+ "XksKeyNotFoundException"++-- | The request was rejected because the proxy credentials failed to+-- authenticate to the specified external key store proxy. The specified+-- external key store proxy rejected a status request from KMS due to+-- invalid credentials. This can indicate an error in the credentials or in+-- the identification of the external key store proxy.+_XksProxyIncorrectAuthenticationCredentialException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksProxyIncorrectAuthenticationCredentialException =+ Core._MatchServiceError+ defaultService+ "XksProxyIncorrectAuthenticationCredentialException"++-- | The request was rejected because the Amazon VPC endpoint service+-- configuration does not fulfill the requirements for an external key+-- store proxy. For details, see the exception message.+_XksProxyInvalidConfigurationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksProxyInvalidConfigurationException =+ Core._MatchServiceError+ defaultService+ "XksProxyInvalidConfigurationException"++-- | KMS cannot interpret the response it received from the external key+-- store proxy. The problem might be a poorly constructed response, but it+-- could also be a transient network issue. If you see this error+-- repeatedly, report it to the proxy vendor.+_XksProxyInvalidResponseException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksProxyInvalidResponseException =+ Core._MatchServiceError+ defaultService+ "XksProxyInvalidResponseException"++-- | The request was rejected because the concatenation of the+-- @XksProxyUriEndpoint@ is already associated with an external key store+-- in the Amazon Web Services account and Region. Each external key store+-- in an account and Region must use a unique external key store proxy+-- address.+_XksProxyUriEndpointInUseException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksProxyUriEndpointInUseException =+ Core._MatchServiceError+ defaultService+ "XksProxyUriEndpointInUseException"++-- | The request was rejected because the concatenation of the+-- @XksProxyUriEndpoint@ and @XksProxyUriPath@ is already associated with+-- an external key store in the Amazon Web Services account and Region.+-- Each external key store in an account and Region must use a unique+-- external key store proxy API address.+_XksProxyUriInUseException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksProxyUriInUseException =+ Core._MatchServiceError+ defaultService+ "XksProxyUriInUseException"++-- | KMS was unable to reach the specified @XksProxyUriPath@. The path must+-- be reachable before you create the external key store or update its+-- settings.+--+-- This exception is also thrown when the external key store proxy response+-- to a @GetHealthStatus@ request indicates that all external key manager+-- instances are unavailable.+_XksProxyUriUnreachableException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksProxyUriUnreachableException =+ Core._MatchServiceError+ defaultService+ "XksProxyUriUnreachableException"++-- | The request was rejected because the specified Amazon VPC endpoint+-- service is already associated with an external key store in the Amazon+-- Web Services account and Region. Each external key store in an Amazon+-- Web Services account and Region must use a different Amazon VPC endpoint+-- service.+_XksProxyVpcEndpointServiceInUseException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksProxyVpcEndpointServiceInUseException =+ Core._MatchServiceError+ defaultService+ "XksProxyVpcEndpointServiceInUseException"++-- | The request was rejected because the Amazon VPC endpoint service+-- configuration does not fulfill the requirements for an external key+-- store proxy. For details, see the exception message and+-- <kms/latest/developerguide/vpc-connectivity.html#xks-vpc-requirements review the requirements>+-- for Amazon VPC endpoint service connectivity for an external key store.+_XksProxyVpcEndpointServiceInvalidConfigurationException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksProxyVpcEndpointServiceInvalidConfigurationException =+ Core._MatchServiceError+ defaultService+ "XksProxyVpcEndpointServiceInvalidConfigurationException"++-- | The request was rejected because KMS could not find the specified VPC+-- endpoint service. Use DescribeCustomKeyStores to verify the VPC endpoint+-- service name for the external key store. Also, confirm that the+-- @Allow principals@ list for the VPC endpoint service includes the KMS+-- service principal for the Region, such as+-- @cks.kms.us-east-1.amazonaws.com@.+_XksProxyVpcEndpointServiceNotFoundException :: (Core.AsError a) => Lens.Fold a Core.ServiceError+_XksProxyVpcEndpointServiceNotFoundException =+ Core._MatchServiceError+ defaultService+ "XksProxyVpcEndpointServiceNotFoundException"
+ gen/Amazonka/KMS/Types/AlgorithmSpec.hs view
@@ -0,0 +1,76 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.AlgorithmSpec+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.AlgorithmSpec+ ( AlgorithmSpec+ ( ..,+ AlgorithmSpec_RSAES_OAEP_SHA_1,+ AlgorithmSpec_RSAES_OAEP_SHA_256,+ AlgorithmSpec_RSAES_PKCS1_V1_5+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype AlgorithmSpec = AlgorithmSpec'+ { fromAlgorithmSpec ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern AlgorithmSpec_RSAES_OAEP_SHA_1 :: AlgorithmSpec+pattern AlgorithmSpec_RSAES_OAEP_SHA_1 = AlgorithmSpec' "RSAES_OAEP_SHA_1"++pattern AlgorithmSpec_RSAES_OAEP_SHA_256 :: AlgorithmSpec+pattern AlgorithmSpec_RSAES_OAEP_SHA_256 = AlgorithmSpec' "RSAES_OAEP_SHA_256"++pattern AlgorithmSpec_RSAES_PKCS1_V1_5 :: AlgorithmSpec+pattern AlgorithmSpec_RSAES_PKCS1_V1_5 = AlgorithmSpec' "RSAES_PKCS1_V1_5"++{-# COMPLETE+ AlgorithmSpec_RSAES_OAEP_SHA_1,+ AlgorithmSpec_RSAES_OAEP_SHA_256,+ AlgorithmSpec_RSAES_PKCS1_V1_5,+ AlgorithmSpec'+ #-}
+ gen/Amazonka/KMS/Types/AliasListEntry.hs view
@@ -0,0 +1,129 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.AliasListEntry+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.AliasListEntry where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | Contains information about an alias.+--+-- /See:/ 'newAliasListEntry' smart constructor.+data AliasListEntry = AliasListEntry'+ { -- | String that contains the key ARN.+ aliasArn :: Prelude.Maybe Prelude.Text,+ -- | String that contains the alias. This value begins with @alias\/@.+ aliasName :: Prelude.Maybe Prelude.Text,+ -- | Date and time that the alias was most recently created in the account+ -- and Region. Formatted as Unix time.+ creationDate :: Prelude.Maybe Data.POSIX,+ -- | Date and time that the alias was most recently associated with a KMS key+ -- in the account and Region. Formatted as Unix time.+ lastUpdatedDate :: Prelude.Maybe Data.POSIX,+ -- | String that contains the key identifier of the KMS key associated with+ -- the alias.+ targetKeyId :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'AliasListEntry' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'aliasArn', 'aliasListEntry_aliasArn' - String that contains the key ARN.+--+-- 'aliasName', 'aliasListEntry_aliasName' - String that contains the alias. This value begins with @alias\/@.+--+-- 'creationDate', 'aliasListEntry_creationDate' - Date and time that the alias was most recently created in the account+-- and Region. Formatted as Unix time.+--+-- 'lastUpdatedDate', 'aliasListEntry_lastUpdatedDate' - Date and time that the alias was most recently associated with a KMS key+-- in the account and Region. Formatted as Unix time.+--+-- 'targetKeyId', 'aliasListEntry_targetKeyId' - String that contains the key identifier of the KMS key associated with+-- the alias.+newAliasListEntry ::+ AliasListEntry+newAliasListEntry =+ AliasListEntry'+ { aliasArn = Prelude.Nothing,+ aliasName = Prelude.Nothing,+ creationDate = Prelude.Nothing,+ lastUpdatedDate = Prelude.Nothing,+ targetKeyId = Prelude.Nothing+ }++-- | String that contains the key ARN.+aliasListEntry_aliasArn :: Lens.Lens' AliasListEntry (Prelude.Maybe Prelude.Text)+aliasListEntry_aliasArn = Lens.lens (\AliasListEntry' {aliasArn} -> aliasArn) (\s@AliasListEntry' {} a -> s {aliasArn = a} :: AliasListEntry)++-- | String that contains the alias. This value begins with @alias\/@.+aliasListEntry_aliasName :: Lens.Lens' AliasListEntry (Prelude.Maybe Prelude.Text)+aliasListEntry_aliasName = Lens.lens (\AliasListEntry' {aliasName} -> aliasName) (\s@AliasListEntry' {} a -> s {aliasName = a} :: AliasListEntry)++-- | Date and time that the alias was most recently created in the account+-- and Region. Formatted as Unix time.+aliasListEntry_creationDate :: Lens.Lens' AliasListEntry (Prelude.Maybe Prelude.UTCTime)+aliasListEntry_creationDate = Lens.lens (\AliasListEntry' {creationDate} -> creationDate) (\s@AliasListEntry' {} a -> s {creationDate = a} :: AliasListEntry) Prelude.. Lens.mapping Data._Time++-- | Date and time that the alias was most recently associated with a KMS key+-- in the account and Region. Formatted as Unix time.+aliasListEntry_lastUpdatedDate :: Lens.Lens' AliasListEntry (Prelude.Maybe Prelude.UTCTime)+aliasListEntry_lastUpdatedDate = Lens.lens (\AliasListEntry' {lastUpdatedDate} -> lastUpdatedDate) (\s@AliasListEntry' {} a -> s {lastUpdatedDate = a} :: AliasListEntry) Prelude.. Lens.mapping Data._Time++-- | String that contains the key identifier of the KMS key associated with+-- the alias.+aliasListEntry_targetKeyId :: Lens.Lens' AliasListEntry (Prelude.Maybe Prelude.Text)+aliasListEntry_targetKeyId = Lens.lens (\AliasListEntry' {targetKeyId} -> targetKeyId) (\s@AliasListEntry' {} a -> s {targetKeyId = a} :: AliasListEntry)++instance Data.FromJSON AliasListEntry where+ parseJSON =+ Data.withObject+ "AliasListEntry"+ ( \x ->+ AliasListEntry'+ Prelude.<$> (x Data..:? "AliasArn")+ Prelude.<*> (x Data..:? "AliasName")+ Prelude.<*> (x Data..:? "CreationDate")+ Prelude.<*> (x Data..:? "LastUpdatedDate")+ Prelude.<*> (x Data..:? "TargetKeyId")+ )++instance Prelude.Hashable AliasListEntry where+ hashWithSalt _salt AliasListEntry' {..} =+ _salt+ `Prelude.hashWithSalt` aliasArn+ `Prelude.hashWithSalt` aliasName+ `Prelude.hashWithSalt` creationDate+ `Prelude.hashWithSalt` lastUpdatedDate+ `Prelude.hashWithSalt` targetKeyId++instance Prelude.NFData AliasListEntry where+ rnf AliasListEntry' {..} =+ Prelude.rnf aliasArn+ `Prelude.seq` Prelude.rnf aliasName+ `Prelude.seq` Prelude.rnf creationDate+ `Prelude.seq` Prelude.rnf lastUpdatedDate+ `Prelude.seq` Prelude.rnf targetKeyId
+ gen/Amazonka/KMS/Types/ConnectionErrorCodeType.hs view
@@ -0,0 +1,151 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.ConnectionErrorCodeType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.ConnectionErrorCodeType+ ( ConnectionErrorCodeType+ ( ..,+ ConnectionErrorCodeType_CLUSTER_NOT_FOUND,+ ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS,+ ConnectionErrorCodeType_INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET,+ ConnectionErrorCodeType_INTERNAL_ERROR,+ ConnectionErrorCodeType_INVALID_CREDENTIALS,+ ConnectionErrorCodeType_NETWORK_ERRORS,+ ConnectionErrorCodeType_SUBNET_NOT_FOUND,+ ConnectionErrorCodeType_USER_LOCKED_OUT,+ ConnectionErrorCodeType_USER_LOGGED_IN,+ ConnectionErrorCodeType_USER_NOT_FOUND,+ ConnectionErrorCodeType_XKS_PROXY_ACCESS_DENIED,+ ConnectionErrorCodeType_XKS_PROXY_INVALID_CONFIGURATION,+ ConnectionErrorCodeType_XKS_PROXY_INVALID_RESPONSE,+ ConnectionErrorCodeType_XKS_PROXY_INVALID_TLS_CONFIGURATION,+ ConnectionErrorCodeType_XKS_PROXY_NOT_REACHABLE,+ ConnectionErrorCodeType_XKS_PROXY_TIMED_OUT,+ ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION,+ ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype ConnectionErrorCodeType = ConnectionErrorCodeType'+ { fromConnectionErrorCodeType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern ConnectionErrorCodeType_CLUSTER_NOT_FOUND :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_CLUSTER_NOT_FOUND = ConnectionErrorCodeType' "CLUSTER_NOT_FOUND"++pattern ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS = ConnectionErrorCodeType' "INSUFFICIENT_CLOUDHSM_HSMS"++pattern ConnectionErrorCodeType_INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET = ConnectionErrorCodeType' "INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET"++pattern ConnectionErrorCodeType_INTERNAL_ERROR :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_INTERNAL_ERROR = ConnectionErrorCodeType' "INTERNAL_ERROR"++pattern ConnectionErrorCodeType_INVALID_CREDENTIALS :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_INVALID_CREDENTIALS = ConnectionErrorCodeType' "INVALID_CREDENTIALS"++pattern ConnectionErrorCodeType_NETWORK_ERRORS :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_NETWORK_ERRORS = ConnectionErrorCodeType' "NETWORK_ERRORS"++pattern ConnectionErrorCodeType_SUBNET_NOT_FOUND :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_SUBNET_NOT_FOUND = ConnectionErrorCodeType' "SUBNET_NOT_FOUND"++pattern ConnectionErrorCodeType_USER_LOCKED_OUT :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_USER_LOCKED_OUT = ConnectionErrorCodeType' "USER_LOCKED_OUT"++pattern ConnectionErrorCodeType_USER_LOGGED_IN :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_USER_LOGGED_IN = ConnectionErrorCodeType' "USER_LOGGED_IN"++pattern ConnectionErrorCodeType_USER_NOT_FOUND :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_USER_NOT_FOUND = ConnectionErrorCodeType' "USER_NOT_FOUND"++pattern ConnectionErrorCodeType_XKS_PROXY_ACCESS_DENIED :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_XKS_PROXY_ACCESS_DENIED = ConnectionErrorCodeType' "XKS_PROXY_ACCESS_DENIED"++pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_CONFIGURATION :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_CONFIGURATION = ConnectionErrorCodeType' "XKS_PROXY_INVALID_CONFIGURATION"++pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_RESPONSE :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_RESPONSE = ConnectionErrorCodeType' "XKS_PROXY_INVALID_RESPONSE"++pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_TLS_CONFIGURATION :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_XKS_PROXY_INVALID_TLS_CONFIGURATION = ConnectionErrorCodeType' "XKS_PROXY_INVALID_TLS_CONFIGURATION"++pattern ConnectionErrorCodeType_XKS_PROXY_NOT_REACHABLE :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_XKS_PROXY_NOT_REACHABLE = ConnectionErrorCodeType' "XKS_PROXY_NOT_REACHABLE"++pattern ConnectionErrorCodeType_XKS_PROXY_TIMED_OUT :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_XKS_PROXY_TIMED_OUT = ConnectionErrorCodeType' "XKS_PROXY_TIMED_OUT"++pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION = ConnectionErrorCodeType' "XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION"++pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND :: ConnectionErrorCodeType+pattern ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND = ConnectionErrorCodeType' "XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND"++{-# COMPLETE+ ConnectionErrorCodeType_CLUSTER_NOT_FOUND,+ ConnectionErrorCodeType_INSUFFICIENT_CLOUDHSM_HSMS,+ ConnectionErrorCodeType_INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET,+ ConnectionErrorCodeType_INTERNAL_ERROR,+ ConnectionErrorCodeType_INVALID_CREDENTIALS,+ ConnectionErrorCodeType_NETWORK_ERRORS,+ ConnectionErrorCodeType_SUBNET_NOT_FOUND,+ ConnectionErrorCodeType_USER_LOCKED_OUT,+ ConnectionErrorCodeType_USER_LOGGED_IN,+ ConnectionErrorCodeType_USER_NOT_FOUND,+ ConnectionErrorCodeType_XKS_PROXY_ACCESS_DENIED,+ ConnectionErrorCodeType_XKS_PROXY_INVALID_CONFIGURATION,+ ConnectionErrorCodeType_XKS_PROXY_INVALID_RESPONSE,+ ConnectionErrorCodeType_XKS_PROXY_INVALID_TLS_CONFIGURATION,+ ConnectionErrorCodeType_XKS_PROXY_NOT_REACHABLE,+ ConnectionErrorCodeType_XKS_PROXY_TIMED_OUT,+ ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION,+ ConnectionErrorCodeType_XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND,+ ConnectionErrorCodeType'+ #-}
+ gen/Amazonka/KMS/Types/ConnectionStateType.hs view
@@ -0,0 +1,86 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.ConnectionStateType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.ConnectionStateType+ ( ConnectionStateType+ ( ..,+ ConnectionStateType_CONNECTED,+ ConnectionStateType_CONNECTING,+ ConnectionStateType_DISCONNECTED,+ ConnectionStateType_DISCONNECTING,+ ConnectionStateType_FAILED+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype ConnectionStateType = ConnectionStateType'+ { fromConnectionStateType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern ConnectionStateType_CONNECTED :: ConnectionStateType+pattern ConnectionStateType_CONNECTED = ConnectionStateType' "CONNECTED"++pattern ConnectionStateType_CONNECTING :: ConnectionStateType+pattern ConnectionStateType_CONNECTING = ConnectionStateType' "CONNECTING"++pattern ConnectionStateType_DISCONNECTED :: ConnectionStateType+pattern ConnectionStateType_DISCONNECTED = ConnectionStateType' "DISCONNECTED"++pattern ConnectionStateType_DISCONNECTING :: ConnectionStateType+pattern ConnectionStateType_DISCONNECTING = ConnectionStateType' "DISCONNECTING"++pattern ConnectionStateType_FAILED :: ConnectionStateType+pattern ConnectionStateType_FAILED = ConnectionStateType' "FAILED"++{-# COMPLETE+ ConnectionStateType_CONNECTED,+ ConnectionStateType_CONNECTING,+ ConnectionStateType_DISCONNECTED,+ ConnectionStateType_DISCONNECTING,+ ConnectionStateType_FAILED,+ ConnectionStateType'+ #-}
+ gen/Amazonka/KMS/Types/CustomKeyStoreType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.CustomKeyStoreType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.CustomKeyStoreType+ ( CustomKeyStoreType+ ( ..,+ CustomKeyStoreType_AWS_CLOUDHSM,+ CustomKeyStoreType_EXTERNAL_KEY_STORE+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype CustomKeyStoreType = CustomKeyStoreType'+ { fromCustomKeyStoreType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern CustomKeyStoreType_AWS_CLOUDHSM :: CustomKeyStoreType+pattern CustomKeyStoreType_AWS_CLOUDHSM = CustomKeyStoreType' "AWS_CLOUDHSM"++pattern CustomKeyStoreType_EXTERNAL_KEY_STORE :: CustomKeyStoreType+pattern CustomKeyStoreType_EXTERNAL_KEY_STORE = CustomKeyStoreType' "EXTERNAL_KEY_STORE"++{-# COMPLETE+ CustomKeyStoreType_AWS_CLOUDHSM,+ CustomKeyStoreType_EXTERNAL_KEY_STORE,+ CustomKeyStoreType'+ #-}
+ gen/Amazonka/KMS/Types/CustomKeyStoresListEntry.hs view
@@ -0,0 +1,756 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.CustomKeyStoresListEntry+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.CustomKeyStoresListEntry where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types.ConnectionErrorCodeType+import Amazonka.KMS.Types.ConnectionStateType+import Amazonka.KMS.Types.CustomKeyStoreType+import Amazonka.KMS.Types.XksProxyConfigurationType+import qualified Amazonka.Prelude as Prelude++-- | Contains information about each custom key store in the custom key store+-- list.+--+-- /See:/ 'newCustomKeyStoresListEntry' smart constructor.+data CustomKeyStoresListEntry = CustomKeyStoresListEntry'+ { -- | A unique identifier for the CloudHSM cluster that is associated with an+ -- CloudHSM key store. This field appears only when the+ -- @CustomKeyStoreType@ is @AWS_CLOUDHSM@.+ cloudHsmClusterId :: Prelude.Maybe Prelude.Text,+ -- | Describes the connection error. This field appears in the response only+ -- when the @ConnectionState@ is @FAILED@.+ --+ -- Many failures can be resolved by updating the properties of the custom+ -- key store. To update a custom key store, disconnect it+ -- (DisconnectCustomKeyStore), correct the errors (UpdateCustomKeyStore),+ -- and try to connect again (ConnectCustomKeyStore). For additional help+ -- resolving these errors, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed How to Fix a Connection Failure>+ -- in /Key Management Service Developer Guide/.+ --+ -- __All custom key stores:__+ --+ -- - @INTERNAL_ERROR@ — KMS could not complete the request due to an+ -- internal error. Retry the request. For @ConnectCustomKeyStore@+ -- requests, disconnect the custom key store before trying to connect+ -- again.+ --+ -- - @NETWORK_ERRORS@ — Network errors are preventing KMS from connecting+ -- the custom key store to its backing key store.+ --+ -- __CloudHSM key stores:__+ --+ -- - @CLUSTER_NOT_FOUND@ — KMS cannot find the CloudHSM cluster with the+ -- specified cluster ID.+ --+ -- - @INSUFFICIENT_CLOUDHSM_HSMS@ — The associated CloudHSM cluster does+ -- not contain any active HSMs. To connect a custom key store to its+ -- CloudHSM cluster, the cluster must contain at least one active HSM.+ --+ -- - @INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET@ — At least one private+ -- subnet associated with the CloudHSM cluster doesn\'t have any+ -- available IP addresses. A CloudHSM key store connection requires one+ -- free IP address in each of the associated private subnets, although+ -- two are preferable. For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed How to Fix a Connection Failure>+ -- in the /Key Management Service Developer Guide/.+ --+ -- - @INVALID_CREDENTIALS@ — The @KeyStorePassword@ for the custom key+ -- store doesn\'t match the current password of the @kmsuser@ crypto+ -- user in the CloudHSM cluster. Before you can connect your custom key+ -- store to its CloudHSM cluster, you must change the @kmsuser@ account+ -- password and update the @KeyStorePassword@ value for the custom key+ -- store.+ --+ -- - @SUBNET_NOT_FOUND@ — A subnet in the CloudHSM cluster configuration+ -- was deleted. If KMS cannot find all of the subnets in the cluster+ -- configuration, attempts to connect the custom key store to the+ -- CloudHSM cluster fail. To fix this error, create a cluster from a+ -- recent backup and associate it with your custom key store. (This+ -- process creates a new cluster configuration with a VPC and private+ -- subnets.) For details, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed How to Fix a Connection Failure>+ -- in the /Key Management Service Developer Guide/.+ --+ -- - @USER_LOCKED_OUT@ — The @kmsuser@ CU account is locked out of the+ -- associated CloudHSM cluster due to too many failed password+ -- attempts. Before you can connect your custom key store to its+ -- CloudHSM cluster, you must change the @kmsuser@ account password and+ -- update the key store password value for the custom key store.+ --+ -- - @USER_LOGGED_IN@ — The @kmsuser@ CU account is logged into the+ -- associated CloudHSM cluster. This prevents KMS from rotating the+ -- @kmsuser@ account password and logging into the cluster. Before you+ -- can connect your custom key store to its CloudHSM cluster, you must+ -- log the @kmsuser@ CU out of the cluster. If you changed the+ -- @kmsuser@ password to log into the cluster, you must also and update+ -- the key store password value for the custom key store. For help, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2 How to Log Out and Reconnect>+ -- in the /Key Management Service Developer Guide/.+ --+ -- - @USER_NOT_FOUND@ — KMS cannot find a @kmsuser@ CU account in the+ -- associated CloudHSM cluster. Before you can connect your custom key+ -- store to its CloudHSM cluster, you must create a @kmsuser@ CU+ -- account in the cluster, and then update the key store password value+ -- for the custom key store.+ --+ -- __External key stores:__+ --+ -- - @INVALID_CREDENTIALS@ — One or both of the+ -- @XksProxyAuthenticationCredential@ values is not valid on the+ -- specified external key store proxy.+ --+ -- - @XKS_PROXY_ACCESS_DENIED@ — KMS requests are denied access to the+ -- external key store proxy. If the external key store proxy has+ -- authorization rules, verify that they permit KMS to communicate with+ -- the proxy on your behalf.+ --+ -- - @XKS_PROXY_INVALID_CONFIGURATION@ — A configuration error is+ -- preventing the external key store from connecting to its proxy.+ -- Verify the value of the @XksProxyUriPath@.+ --+ -- - @XKS_PROXY_INVALID_RESPONSE@ — KMS cannot interpret the response+ -- from the external key store proxy. If you see this connection error+ -- code repeatedly, notify your external key store proxy vendor.+ --+ -- - @XKS_PROXY_INVALID_TLS_CONFIGURATION@ — KMS cannot connect to the+ -- external key store proxy because the TLS configuration is invalid.+ -- Verify that the XKS proxy supports TLS 1.2 or 1.3. Also, verify that+ -- the TLS certificate is not expired, and that it matches the hostname+ -- in the @XksProxyUriEndpoint@ value, and that it is signed by a+ -- certificate authority included in the+ -- <https://github.com/aws/aws-kms-xksproxy-api-spec/blob/main/TrustedCertificateAuthorities Trusted Certificate Authorities>+ -- list.+ --+ -- - @XKS_PROXY_NOT_REACHABLE@ — KMS can\'t communicate with your+ -- external key store proxy. Verify that the @XksProxyUriEndpoint@ and+ -- @XksProxyUriPath@ are correct. Use the tools for your external key+ -- store proxy to verify that the proxy is active and available on its+ -- network. Also, verify that your external key manager instances are+ -- operating properly. Connection attempts fail with this connection+ -- error code if the proxy reports that all external key manager+ -- instances are unavailable.+ --+ -- - @XKS_PROXY_TIMED_OUT@ — KMS can connect to the external key store+ -- proxy, but the proxy does not respond to KMS in the time allotted.+ -- If you see this connection error code repeatedly, notify your+ -- external key store proxy vendor.+ --+ -- - @XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION@ — The Amazon VPC+ -- endpoint service configuration doesn\'t conform to the requirements+ -- for an KMS external key store.+ --+ -- - The VPC endpoint service must be an endpoint service for+ -- interface endpoints in the caller\'s Amazon Web Services+ -- account.+ --+ -- - It must have a network load balancer (NLB) connected to at least+ -- two subnets, each in a different Availability Zone.+ --+ -- - The @Allow principals@ list must include the KMS service+ -- principal for the Region, @cks.kms.\<region>.amazonaws.com@,+ -- such as @cks.kms.us-east-1.amazonaws.com@.+ --+ -- - It must /not/ require+ -- <https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html acceptance>+ -- of connection requests.+ --+ -- - It must have a private DNS name. The private DNS name for an+ -- external key store with @VPC_ENDPOINT_SERVICE@ connectivity must+ -- be unique in its Amazon Web Services Region.+ --+ -- - The domain of the private DNS name must have a+ -- <https://docs.aws.amazon.com/vpc/latest/privatelink/verify-domains.html verification status>+ -- of @verified@.+ --+ -- - The+ -- <https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html TLS certificate>+ -- specifies the private DNS hostname at which the endpoint is+ -- reachable.+ --+ -- - @XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND@ — KMS can\'t find the VPC+ -- endpoint service that it uses to communicate with the external key+ -- store proxy. Verify that the @XksProxyVpcEndpointServiceName@ is+ -- correct and the KMS service principal has service consumer+ -- permissions on the Amazon VPC endpoint service.+ connectionErrorCode :: Prelude.Maybe ConnectionErrorCodeType,+ -- | Indicates whether the custom key store is connected to its backing key+ -- store. For an CloudHSM key store, the @ConnectionState@ indicates+ -- whether it is connected to its CloudHSM cluster. For an external key+ -- store, the @ConnectionState@ indicates whether it is connected to the+ -- external key store proxy that communicates with your external key+ -- manager.+ --+ -- You can create and use KMS keys in your custom key stores only when its+ -- @ConnectionState@ is @CONNECTED@.+ --+ -- The @ConnectionState@ value is @DISCONNECTED@ only if the key store has+ -- never been connected or you use the DisconnectCustomKeyStore operation+ -- to disconnect it. If the value is @CONNECTED@ but you are having trouble+ -- using the custom key store, make sure that the backing key store is+ -- reachable and active. For an CloudHSM key store, verify that its+ -- associated CloudHSM cluster is active and contains at least one active+ -- HSM. For an external key store, verify that the external key store proxy+ -- and external key manager are connected and enabled.+ --+ -- A value of @FAILED@ indicates that an attempt to connect was+ -- unsuccessful. The @ConnectionErrorCode@ field in the response indicates+ -- the cause of the failure. For help resolving a connection failure, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html Troubleshooting a custom key store>+ -- in the /Key Management Service Developer Guide/.+ connectionState :: Prelude.Maybe ConnectionStateType,+ -- | The date and time when the custom key store was created.+ creationDate :: Prelude.Maybe Data.POSIX,+ -- | A unique identifier for the custom key store.+ customKeyStoreId :: Prelude.Maybe Prelude.Text,+ -- | The user-specified friendly name for the custom key store.+ customKeyStoreName :: Prelude.Maybe Prelude.Text,+ -- | Indicates the type of the custom key store. @AWS_CLOUDHSM@ indicates a+ -- custom key store backed by an CloudHSM cluster. @EXTERNAL_KEY_STORE@+ -- indicates a custom key store backed by an external key store proxy and+ -- external key manager outside of Amazon Web Services.+ customKeyStoreType :: Prelude.Maybe CustomKeyStoreType,+ -- | The trust anchor certificate of the CloudHSM cluster associated with an+ -- CloudHSM key store. When you+ -- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr initialize the cluster>,+ -- you create this certificate and save it in the @customerCA.crt@ file.+ --+ -- This field appears only when the @CustomKeyStoreType@ is @AWS_CLOUDHSM@.+ trustAnchorCertificate :: Prelude.Maybe Prelude.Text,+ -- | Configuration settings for the external key store proxy (XKS proxy). The+ -- external key store proxy translates KMS requests into a format that your+ -- external key manager can understand. The proxy configuration includes+ -- connection information that KMS requires.+ --+ -- This field appears only when the @CustomKeyStoreType@ is+ -- @EXTERNAL_KEY_STORE@.+ xksProxyConfiguration :: Prelude.Maybe XksProxyConfigurationType+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'CustomKeyStoresListEntry' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'cloudHsmClusterId', 'customKeyStoresListEntry_cloudHsmClusterId' - A unique identifier for the CloudHSM cluster that is associated with an+-- CloudHSM key store. This field appears only when the+-- @CustomKeyStoreType@ is @AWS_CLOUDHSM@.+--+-- 'connectionErrorCode', 'customKeyStoresListEntry_connectionErrorCode' - Describes the connection error. This field appears in the response only+-- when the @ConnectionState@ is @FAILED@.+--+-- Many failures can be resolved by updating the properties of the custom+-- key store. To update a custom key store, disconnect it+-- (DisconnectCustomKeyStore), correct the errors (UpdateCustomKeyStore),+-- and try to connect again (ConnectCustomKeyStore). For additional help+-- resolving these errors, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed How to Fix a Connection Failure>+-- in /Key Management Service Developer Guide/.+--+-- __All custom key stores:__+--+-- - @INTERNAL_ERROR@ — KMS could not complete the request due to an+-- internal error. Retry the request. For @ConnectCustomKeyStore@+-- requests, disconnect the custom key store before trying to connect+-- again.+--+-- - @NETWORK_ERRORS@ — Network errors are preventing KMS from connecting+-- the custom key store to its backing key store.+--+-- __CloudHSM key stores:__+--+-- - @CLUSTER_NOT_FOUND@ — KMS cannot find the CloudHSM cluster with the+-- specified cluster ID.+--+-- - @INSUFFICIENT_CLOUDHSM_HSMS@ — The associated CloudHSM cluster does+-- not contain any active HSMs. To connect a custom key store to its+-- CloudHSM cluster, the cluster must contain at least one active HSM.+--+-- - @INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET@ — At least one private+-- subnet associated with the CloudHSM cluster doesn\'t have any+-- available IP addresses. A CloudHSM key store connection requires one+-- free IP address in each of the associated private subnets, although+-- two are preferable. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed How to Fix a Connection Failure>+-- in the /Key Management Service Developer Guide/.+--+-- - @INVALID_CREDENTIALS@ — The @KeyStorePassword@ for the custom key+-- store doesn\'t match the current password of the @kmsuser@ crypto+-- user in the CloudHSM cluster. Before you can connect your custom key+-- store to its CloudHSM cluster, you must change the @kmsuser@ account+-- password and update the @KeyStorePassword@ value for the custom key+-- store.+--+-- - @SUBNET_NOT_FOUND@ — A subnet in the CloudHSM cluster configuration+-- was deleted. If KMS cannot find all of the subnets in the cluster+-- configuration, attempts to connect the custom key store to the+-- CloudHSM cluster fail. To fix this error, create a cluster from a+-- recent backup and associate it with your custom key store. (This+-- process creates a new cluster configuration with a VPC and private+-- subnets.) For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed How to Fix a Connection Failure>+-- in the /Key Management Service Developer Guide/.+--+-- - @USER_LOCKED_OUT@ — The @kmsuser@ CU account is locked out of the+-- associated CloudHSM cluster due to too many failed password+-- attempts. Before you can connect your custom key store to its+-- CloudHSM cluster, you must change the @kmsuser@ account password and+-- update the key store password value for the custom key store.+--+-- - @USER_LOGGED_IN@ — The @kmsuser@ CU account is logged into the+-- associated CloudHSM cluster. This prevents KMS from rotating the+-- @kmsuser@ account password and logging into the cluster. Before you+-- can connect your custom key store to its CloudHSM cluster, you must+-- log the @kmsuser@ CU out of the cluster. If you changed the+-- @kmsuser@ password to log into the cluster, you must also and update+-- the key store password value for the custom key store. For help, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2 How to Log Out and Reconnect>+-- in the /Key Management Service Developer Guide/.+--+-- - @USER_NOT_FOUND@ — KMS cannot find a @kmsuser@ CU account in the+-- associated CloudHSM cluster. Before you can connect your custom key+-- store to its CloudHSM cluster, you must create a @kmsuser@ CU+-- account in the cluster, and then update the key store password value+-- for the custom key store.+--+-- __External key stores:__+--+-- - @INVALID_CREDENTIALS@ — One or both of the+-- @XksProxyAuthenticationCredential@ values is not valid on the+-- specified external key store proxy.+--+-- - @XKS_PROXY_ACCESS_DENIED@ — KMS requests are denied access to the+-- external key store proxy. If the external key store proxy has+-- authorization rules, verify that they permit KMS to communicate with+-- the proxy on your behalf.+--+-- - @XKS_PROXY_INVALID_CONFIGURATION@ — A configuration error is+-- preventing the external key store from connecting to its proxy.+-- Verify the value of the @XksProxyUriPath@.+--+-- - @XKS_PROXY_INVALID_RESPONSE@ — KMS cannot interpret the response+-- from the external key store proxy. If you see this connection error+-- code repeatedly, notify your external key store proxy vendor.+--+-- - @XKS_PROXY_INVALID_TLS_CONFIGURATION@ — KMS cannot connect to the+-- external key store proxy because the TLS configuration is invalid.+-- Verify that the XKS proxy supports TLS 1.2 or 1.3. Also, verify that+-- the TLS certificate is not expired, and that it matches the hostname+-- in the @XksProxyUriEndpoint@ value, and that it is signed by a+-- certificate authority included in the+-- <https://github.com/aws/aws-kms-xksproxy-api-spec/blob/main/TrustedCertificateAuthorities Trusted Certificate Authorities>+-- list.+--+-- - @XKS_PROXY_NOT_REACHABLE@ — KMS can\'t communicate with your+-- external key store proxy. Verify that the @XksProxyUriEndpoint@ and+-- @XksProxyUriPath@ are correct. Use the tools for your external key+-- store proxy to verify that the proxy is active and available on its+-- network. Also, verify that your external key manager instances are+-- operating properly. Connection attempts fail with this connection+-- error code if the proxy reports that all external key manager+-- instances are unavailable.+--+-- - @XKS_PROXY_TIMED_OUT@ — KMS can connect to the external key store+-- proxy, but the proxy does not respond to KMS in the time allotted.+-- If you see this connection error code repeatedly, notify your+-- external key store proxy vendor.+--+-- - @XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION@ — The Amazon VPC+-- endpoint service configuration doesn\'t conform to the requirements+-- for an KMS external key store.+--+-- - The VPC endpoint service must be an endpoint service for+-- interface endpoints in the caller\'s Amazon Web Services+-- account.+--+-- - It must have a network load balancer (NLB) connected to at least+-- two subnets, each in a different Availability Zone.+--+-- - The @Allow principals@ list must include the KMS service+-- principal for the Region, @cks.kms.\<region>.amazonaws.com@,+-- such as @cks.kms.us-east-1.amazonaws.com@.+--+-- - It must /not/ require+-- <https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html acceptance>+-- of connection requests.+--+-- - It must have a private DNS name. The private DNS name for an+-- external key store with @VPC_ENDPOINT_SERVICE@ connectivity must+-- be unique in its Amazon Web Services Region.+--+-- - The domain of the private DNS name must have a+-- <https://docs.aws.amazon.com/vpc/latest/privatelink/verify-domains.html verification status>+-- of @verified@.+--+-- - The+-- <https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html TLS certificate>+-- specifies the private DNS hostname at which the endpoint is+-- reachable.+--+-- - @XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND@ — KMS can\'t find the VPC+-- endpoint service that it uses to communicate with the external key+-- store proxy. Verify that the @XksProxyVpcEndpointServiceName@ is+-- correct and the KMS service principal has service consumer+-- permissions on the Amazon VPC endpoint service.+--+-- 'connectionState', 'customKeyStoresListEntry_connectionState' - Indicates whether the custom key store is connected to its backing key+-- store. For an CloudHSM key store, the @ConnectionState@ indicates+-- whether it is connected to its CloudHSM cluster. For an external key+-- store, the @ConnectionState@ indicates whether it is connected to the+-- external key store proxy that communicates with your external key+-- manager.+--+-- You can create and use KMS keys in your custom key stores only when its+-- @ConnectionState@ is @CONNECTED@.+--+-- The @ConnectionState@ value is @DISCONNECTED@ only if the key store has+-- never been connected or you use the DisconnectCustomKeyStore operation+-- to disconnect it. If the value is @CONNECTED@ but you are having trouble+-- using the custom key store, make sure that the backing key store is+-- reachable and active. For an CloudHSM key store, verify that its+-- associated CloudHSM cluster is active and contains at least one active+-- HSM. For an external key store, verify that the external key store proxy+-- and external key manager are connected and enabled.+--+-- A value of @FAILED@ indicates that an attempt to connect was+-- unsuccessful. The @ConnectionErrorCode@ field in the response indicates+-- the cause of the failure. For help resolving a connection failure, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html Troubleshooting a custom key store>+-- in the /Key Management Service Developer Guide/.+--+-- 'creationDate', 'customKeyStoresListEntry_creationDate' - The date and time when the custom key store was created.+--+-- 'customKeyStoreId', 'customKeyStoresListEntry_customKeyStoreId' - A unique identifier for the custom key store.+--+-- 'customKeyStoreName', 'customKeyStoresListEntry_customKeyStoreName' - The user-specified friendly name for the custom key store.+--+-- 'customKeyStoreType', 'customKeyStoresListEntry_customKeyStoreType' - Indicates the type of the custom key store. @AWS_CLOUDHSM@ indicates a+-- custom key store backed by an CloudHSM cluster. @EXTERNAL_KEY_STORE@+-- indicates a custom key store backed by an external key store proxy and+-- external key manager outside of Amazon Web Services.+--+-- 'trustAnchorCertificate', 'customKeyStoresListEntry_trustAnchorCertificate' - The trust anchor certificate of the CloudHSM cluster associated with an+-- CloudHSM key store. When you+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr initialize the cluster>,+-- you create this certificate and save it in the @customerCA.crt@ file.+--+-- This field appears only when the @CustomKeyStoreType@ is @AWS_CLOUDHSM@.+--+-- 'xksProxyConfiguration', 'customKeyStoresListEntry_xksProxyConfiguration' - Configuration settings for the external key store proxy (XKS proxy). The+-- external key store proxy translates KMS requests into a format that your+-- external key manager can understand. The proxy configuration includes+-- connection information that KMS requires.+--+-- This field appears only when the @CustomKeyStoreType@ is+-- @EXTERNAL_KEY_STORE@.+newCustomKeyStoresListEntry ::+ CustomKeyStoresListEntry+newCustomKeyStoresListEntry =+ CustomKeyStoresListEntry'+ { cloudHsmClusterId =+ Prelude.Nothing,+ connectionErrorCode = Prelude.Nothing,+ connectionState = Prelude.Nothing,+ creationDate = Prelude.Nothing,+ customKeyStoreId = Prelude.Nothing,+ customKeyStoreName = Prelude.Nothing,+ customKeyStoreType = Prelude.Nothing,+ trustAnchorCertificate = Prelude.Nothing,+ xksProxyConfiguration = Prelude.Nothing+ }++-- | A unique identifier for the CloudHSM cluster that is associated with an+-- CloudHSM key store. This field appears only when the+-- @CustomKeyStoreType@ is @AWS_CLOUDHSM@.+customKeyStoresListEntry_cloudHsmClusterId :: Lens.Lens' CustomKeyStoresListEntry (Prelude.Maybe Prelude.Text)+customKeyStoresListEntry_cloudHsmClusterId = Lens.lens (\CustomKeyStoresListEntry' {cloudHsmClusterId} -> cloudHsmClusterId) (\s@CustomKeyStoresListEntry' {} a -> s {cloudHsmClusterId = a} :: CustomKeyStoresListEntry)++-- | Describes the connection error. This field appears in the response only+-- when the @ConnectionState@ is @FAILED@.+--+-- Many failures can be resolved by updating the properties of the custom+-- key store. To update a custom key store, disconnect it+-- (DisconnectCustomKeyStore), correct the errors (UpdateCustomKeyStore),+-- and try to connect again (ConnectCustomKeyStore). For additional help+-- resolving these errors, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed How to Fix a Connection Failure>+-- in /Key Management Service Developer Guide/.+--+-- __All custom key stores:__+--+-- - @INTERNAL_ERROR@ — KMS could not complete the request due to an+-- internal error. Retry the request. For @ConnectCustomKeyStore@+-- requests, disconnect the custom key store before trying to connect+-- again.+--+-- - @NETWORK_ERRORS@ — Network errors are preventing KMS from connecting+-- the custom key store to its backing key store.+--+-- __CloudHSM key stores:__+--+-- - @CLUSTER_NOT_FOUND@ — KMS cannot find the CloudHSM cluster with the+-- specified cluster ID.+--+-- - @INSUFFICIENT_CLOUDHSM_HSMS@ — The associated CloudHSM cluster does+-- not contain any active HSMs. To connect a custom key store to its+-- CloudHSM cluster, the cluster must contain at least one active HSM.+--+-- - @INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET@ — At least one private+-- subnet associated with the CloudHSM cluster doesn\'t have any+-- available IP addresses. A CloudHSM key store connection requires one+-- free IP address in each of the associated private subnets, although+-- two are preferable. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed How to Fix a Connection Failure>+-- in the /Key Management Service Developer Guide/.+--+-- - @INVALID_CREDENTIALS@ — The @KeyStorePassword@ for the custom key+-- store doesn\'t match the current password of the @kmsuser@ crypto+-- user in the CloudHSM cluster. Before you can connect your custom key+-- store to its CloudHSM cluster, you must change the @kmsuser@ account+-- password and update the @KeyStorePassword@ value for the custom key+-- store.+--+-- - @SUBNET_NOT_FOUND@ — A subnet in the CloudHSM cluster configuration+-- was deleted. If KMS cannot find all of the subnets in the cluster+-- configuration, attempts to connect the custom key store to the+-- CloudHSM cluster fail. To fix this error, create a cluster from a+-- recent backup and associate it with your custom key store. (This+-- process creates a new cluster configuration with a VPC and private+-- subnets.) For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed How to Fix a Connection Failure>+-- in the /Key Management Service Developer Guide/.+--+-- - @USER_LOCKED_OUT@ — The @kmsuser@ CU account is locked out of the+-- associated CloudHSM cluster due to too many failed password+-- attempts. Before you can connect your custom key store to its+-- CloudHSM cluster, you must change the @kmsuser@ account password and+-- update the key store password value for the custom key store.+--+-- - @USER_LOGGED_IN@ — The @kmsuser@ CU account is logged into the+-- associated CloudHSM cluster. This prevents KMS from rotating the+-- @kmsuser@ account password and logging into the cluster. Before you+-- can connect your custom key store to its CloudHSM cluster, you must+-- log the @kmsuser@ CU out of the cluster. If you changed the+-- @kmsuser@ password to log into the cluster, you must also and update+-- the key store password value for the custom key store. For help, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2 How to Log Out and Reconnect>+-- in the /Key Management Service Developer Guide/.+--+-- - @USER_NOT_FOUND@ — KMS cannot find a @kmsuser@ CU account in the+-- associated CloudHSM cluster. Before you can connect your custom key+-- store to its CloudHSM cluster, you must create a @kmsuser@ CU+-- account in the cluster, and then update the key store password value+-- for the custom key store.+--+-- __External key stores:__+--+-- - @INVALID_CREDENTIALS@ — One or both of the+-- @XksProxyAuthenticationCredential@ values is not valid on the+-- specified external key store proxy.+--+-- - @XKS_PROXY_ACCESS_DENIED@ — KMS requests are denied access to the+-- external key store proxy. If the external key store proxy has+-- authorization rules, verify that they permit KMS to communicate with+-- the proxy on your behalf.+--+-- - @XKS_PROXY_INVALID_CONFIGURATION@ — A configuration error is+-- preventing the external key store from connecting to its proxy.+-- Verify the value of the @XksProxyUriPath@.+--+-- - @XKS_PROXY_INVALID_RESPONSE@ — KMS cannot interpret the response+-- from the external key store proxy. If you see this connection error+-- code repeatedly, notify your external key store proxy vendor.+--+-- - @XKS_PROXY_INVALID_TLS_CONFIGURATION@ — KMS cannot connect to the+-- external key store proxy because the TLS configuration is invalid.+-- Verify that the XKS proxy supports TLS 1.2 or 1.3. Also, verify that+-- the TLS certificate is not expired, and that it matches the hostname+-- in the @XksProxyUriEndpoint@ value, and that it is signed by a+-- certificate authority included in the+-- <https://github.com/aws/aws-kms-xksproxy-api-spec/blob/main/TrustedCertificateAuthorities Trusted Certificate Authorities>+-- list.+--+-- - @XKS_PROXY_NOT_REACHABLE@ — KMS can\'t communicate with your+-- external key store proxy. Verify that the @XksProxyUriEndpoint@ and+-- @XksProxyUriPath@ are correct. Use the tools for your external key+-- store proxy to verify that the proxy is active and available on its+-- network. Also, verify that your external key manager instances are+-- operating properly. Connection attempts fail with this connection+-- error code if the proxy reports that all external key manager+-- instances are unavailable.+--+-- - @XKS_PROXY_TIMED_OUT@ — KMS can connect to the external key store+-- proxy, but the proxy does not respond to KMS in the time allotted.+-- If you see this connection error code repeatedly, notify your+-- external key store proxy vendor.+--+-- - @XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION@ — The Amazon VPC+-- endpoint service configuration doesn\'t conform to the requirements+-- for an KMS external key store.+--+-- - The VPC endpoint service must be an endpoint service for+-- interface endpoints in the caller\'s Amazon Web Services+-- account.+--+-- - It must have a network load balancer (NLB) connected to at least+-- two subnets, each in a different Availability Zone.+--+-- - The @Allow principals@ list must include the KMS service+-- principal for the Region, @cks.kms.\<region>.amazonaws.com@,+-- such as @cks.kms.us-east-1.amazonaws.com@.+--+-- - It must /not/ require+-- <https://docs.aws.amazon.com/vpc/latest/privatelink/create-endpoint-service.html acceptance>+-- of connection requests.+--+-- - It must have a private DNS name. The private DNS name for an+-- external key store with @VPC_ENDPOINT_SERVICE@ connectivity must+-- be unique in its Amazon Web Services Region.+--+-- - The domain of the private DNS name must have a+-- <https://docs.aws.amazon.com/vpc/latest/privatelink/verify-domains.html verification status>+-- of @verified@.+--+-- - The+-- <https://docs.aws.amazon.com/elasticloadbalancing/latest/network/create-tls-listener.html TLS certificate>+-- specifies the private DNS hostname at which the endpoint is+-- reachable.+--+-- - @XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND@ — KMS can\'t find the VPC+-- endpoint service that it uses to communicate with the external key+-- store proxy. Verify that the @XksProxyVpcEndpointServiceName@ is+-- correct and the KMS service principal has service consumer+-- permissions on the Amazon VPC endpoint service.+customKeyStoresListEntry_connectionErrorCode :: Lens.Lens' CustomKeyStoresListEntry (Prelude.Maybe ConnectionErrorCodeType)+customKeyStoresListEntry_connectionErrorCode = Lens.lens (\CustomKeyStoresListEntry' {connectionErrorCode} -> connectionErrorCode) (\s@CustomKeyStoresListEntry' {} a -> s {connectionErrorCode = a} :: CustomKeyStoresListEntry)++-- | Indicates whether the custom key store is connected to its backing key+-- store. For an CloudHSM key store, the @ConnectionState@ indicates+-- whether it is connected to its CloudHSM cluster. For an external key+-- store, the @ConnectionState@ indicates whether it is connected to the+-- external key store proxy that communicates with your external key+-- manager.+--+-- You can create and use KMS keys in your custom key stores only when its+-- @ConnectionState@ is @CONNECTED@.+--+-- The @ConnectionState@ value is @DISCONNECTED@ only if the key store has+-- never been connected or you use the DisconnectCustomKeyStore operation+-- to disconnect it. If the value is @CONNECTED@ but you are having trouble+-- using the custom key store, make sure that the backing key store is+-- reachable and active. For an CloudHSM key store, verify that its+-- associated CloudHSM cluster is active and contains at least one active+-- HSM. For an external key store, verify that the external key store proxy+-- and external key manager are connected and enabled.+--+-- A value of @FAILED@ indicates that an attempt to connect was+-- unsuccessful. The @ConnectionErrorCode@ field in the response indicates+-- the cause of the failure. For help resolving a connection failure, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html Troubleshooting a custom key store>+-- in the /Key Management Service Developer Guide/.+customKeyStoresListEntry_connectionState :: Lens.Lens' CustomKeyStoresListEntry (Prelude.Maybe ConnectionStateType)+customKeyStoresListEntry_connectionState = Lens.lens (\CustomKeyStoresListEntry' {connectionState} -> connectionState) (\s@CustomKeyStoresListEntry' {} a -> s {connectionState = a} :: CustomKeyStoresListEntry)++-- | The date and time when the custom key store was created.+customKeyStoresListEntry_creationDate :: Lens.Lens' CustomKeyStoresListEntry (Prelude.Maybe Prelude.UTCTime)+customKeyStoresListEntry_creationDate = Lens.lens (\CustomKeyStoresListEntry' {creationDate} -> creationDate) (\s@CustomKeyStoresListEntry' {} a -> s {creationDate = a} :: CustomKeyStoresListEntry) Prelude.. Lens.mapping Data._Time++-- | A unique identifier for the custom key store.+customKeyStoresListEntry_customKeyStoreId :: Lens.Lens' CustomKeyStoresListEntry (Prelude.Maybe Prelude.Text)+customKeyStoresListEntry_customKeyStoreId = Lens.lens (\CustomKeyStoresListEntry' {customKeyStoreId} -> customKeyStoreId) (\s@CustomKeyStoresListEntry' {} a -> s {customKeyStoreId = a} :: CustomKeyStoresListEntry)++-- | The user-specified friendly name for the custom key store.+customKeyStoresListEntry_customKeyStoreName :: Lens.Lens' CustomKeyStoresListEntry (Prelude.Maybe Prelude.Text)+customKeyStoresListEntry_customKeyStoreName = Lens.lens (\CustomKeyStoresListEntry' {customKeyStoreName} -> customKeyStoreName) (\s@CustomKeyStoresListEntry' {} a -> s {customKeyStoreName = a} :: CustomKeyStoresListEntry)++-- | Indicates the type of the custom key store. @AWS_CLOUDHSM@ indicates a+-- custom key store backed by an CloudHSM cluster. @EXTERNAL_KEY_STORE@+-- indicates a custom key store backed by an external key store proxy and+-- external key manager outside of Amazon Web Services.+customKeyStoresListEntry_customKeyStoreType :: Lens.Lens' CustomKeyStoresListEntry (Prelude.Maybe CustomKeyStoreType)+customKeyStoresListEntry_customKeyStoreType = Lens.lens (\CustomKeyStoresListEntry' {customKeyStoreType} -> customKeyStoreType) (\s@CustomKeyStoresListEntry' {} a -> s {customKeyStoreType = a} :: CustomKeyStoresListEntry)++-- | The trust anchor certificate of the CloudHSM cluster associated with an+-- CloudHSM key store. When you+-- <https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr initialize the cluster>,+-- you create this certificate and save it in the @customerCA.crt@ file.+--+-- This field appears only when the @CustomKeyStoreType@ is @AWS_CLOUDHSM@.+customKeyStoresListEntry_trustAnchorCertificate :: Lens.Lens' CustomKeyStoresListEntry (Prelude.Maybe Prelude.Text)+customKeyStoresListEntry_trustAnchorCertificate = Lens.lens (\CustomKeyStoresListEntry' {trustAnchorCertificate} -> trustAnchorCertificate) (\s@CustomKeyStoresListEntry' {} a -> s {trustAnchorCertificate = a} :: CustomKeyStoresListEntry)++-- | Configuration settings for the external key store proxy (XKS proxy). The+-- external key store proxy translates KMS requests into a format that your+-- external key manager can understand. The proxy configuration includes+-- connection information that KMS requires.+--+-- This field appears only when the @CustomKeyStoreType@ is+-- @EXTERNAL_KEY_STORE@.+customKeyStoresListEntry_xksProxyConfiguration :: Lens.Lens' CustomKeyStoresListEntry (Prelude.Maybe XksProxyConfigurationType)+customKeyStoresListEntry_xksProxyConfiguration = Lens.lens (\CustomKeyStoresListEntry' {xksProxyConfiguration} -> xksProxyConfiguration) (\s@CustomKeyStoresListEntry' {} a -> s {xksProxyConfiguration = a} :: CustomKeyStoresListEntry)++instance Data.FromJSON CustomKeyStoresListEntry where+ parseJSON =+ Data.withObject+ "CustomKeyStoresListEntry"+ ( \x ->+ CustomKeyStoresListEntry'+ Prelude.<$> (x Data..:? "CloudHsmClusterId")+ Prelude.<*> (x Data..:? "ConnectionErrorCode")+ Prelude.<*> (x Data..:? "ConnectionState")+ Prelude.<*> (x Data..:? "CreationDate")+ Prelude.<*> (x Data..:? "CustomKeyStoreId")+ Prelude.<*> (x Data..:? "CustomKeyStoreName")+ Prelude.<*> (x Data..:? "CustomKeyStoreType")+ Prelude.<*> (x Data..:? "TrustAnchorCertificate")+ Prelude.<*> (x Data..:? "XksProxyConfiguration")+ )++instance Prelude.Hashable CustomKeyStoresListEntry where+ hashWithSalt _salt CustomKeyStoresListEntry' {..} =+ _salt+ `Prelude.hashWithSalt` cloudHsmClusterId+ `Prelude.hashWithSalt` connectionErrorCode+ `Prelude.hashWithSalt` connectionState+ `Prelude.hashWithSalt` creationDate+ `Prelude.hashWithSalt` customKeyStoreId+ `Prelude.hashWithSalt` customKeyStoreName+ `Prelude.hashWithSalt` customKeyStoreType+ `Prelude.hashWithSalt` trustAnchorCertificate+ `Prelude.hashWithSalt` xksProxyConfiguration++instance Prelude.NFData CustomKeyStoresListEntry where+ rnf CustomKeyStoresListEntry' {..} =+ Prelude.rnf cloudHsmClusterId+ `Prelude.seq` Prelude.rnf connectionErrorCode+ `Prelude.seq` Prelude.rnf connectionState+ `Prelude.seq` Prelude.rnf creationDate+ `Prelude.seq` Prelude.rnf customKeyStoreId+ `Prelude.seq` Prelude.rnf customKeyStoreName+ `Prelude.seq` Prelude.rnf customKeyStoreType+ `Prelude.seq` Prelude.rnf trustAnchorCertificate+ `Prelude.seq` Prelude.rnf xksProxyConfiguration
+ gen/Amazonka/KMS/Types/CustomerMasterKeySpec.hs view
@@ -0,0 +1,126 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.CustomerMasterKeySpec+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.CustomerMasterKeySpec+ ( CustomerMasterKeySpec+ ( ..,+ CustomerMasterKeySpec_ECC_NIST_P256,+ CustomerMasterKeySpec_ECC_NIST_P384,+ CustomerMasterKeySpec_ECC_NIST_P521,+ CustomerMasterKeySpec_ECC_SECG_P256K1,+ CustomerMasterKeySpec_HMAC_224,+ CustomerMasterKeySpec_HMAC_256,+ CustomerMasterKeySpec_HMAC_384,+ CustomerMasterKeySpec_HMAC_512,+ CustomerMasterKeySpec_RSA_2048,+ CustomerMasterKeySpec_RSA_3072,+ CustomerMasterKeySpec_RSA_4096,+ CustomerMasterKeySpec_SM2,+ CustomerMasterKeySpec_SYMMETRIC_DEFAULT+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype CustomerMasterKeySpec = CustomerMasterKeySpec'+ { fromCustomerMasterKeySpec ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern CustomerMasterKeySpec_ECC_NIST_P256 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_ECC_NIST_P256 = CustomerMasterKeySpec' "ECC_NIST_P256"++pattern CustomerMasterKeySpec_ECC_NIST_P384 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_ECC_NIST_P384 = CustomerMasterKeySpec' "ECC_NIST_P384"++pattern CustomerMasterKeySpec_ECC_NIST_P521 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_ECC_NIST_P521 = CustomerMasterKeySpec' "ECC_NIST_P521"++pattern CustomerMasterKeySpec_ECC_SECG_P256K1 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_ECC_SECG_P256K1 = CustomerMasterKeySpec' "ECC_SECG_P256K1"++pattern CustomerMasterKeySpec_HMAC_224 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_HMAC_224 = CustomerMasterKeySpec' "HMAC_224"++pattern CustomerMasterKeySpec_HMAC_256 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_HMAC_256 = CustomerMasterKeySpec' "HMAC_256"++pattern CustomerMasterKeySpec_HMAC_384 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_HMAC_384 = CustomerMasterKeySpec' "HMAC_384"++pattern CustomerMasterKeySpec_HMAC_512 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_HMAC_512 = CustomerMasterKeySpec' "HMAC_512"++pattern CustomerMasterKeySpec_RSA_2048 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_RSA_2048 = CustomerMasterKeySpec' "RSA_2048"++pattern CustomerMasterKeySpec_RSA_3072 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_RSA_3072 = CustomerMasterKeySpec' "RSA_3072"++pattern CustomerMasterKeySpec_RSA_4096 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_RSA_4096 = CustomerMasterKeySpec' "RSA_4096"++pattern CustomerMasterKeySpec_SM2 :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_SM2 = CustomerMasterKeySpec' "SM2"++pattern CustomerMasterKeySpec_SYMMETRIC_DEFAULT :: CustomerMasterKeySpec+pattern CustomerMasterKeySpec_SYMMETRIC_DEFAULT = CustomerMasterKeySpec' "SYMMETRIC_DEFAULT"++{-# COMPLETE+ CustomerMasterKeySpec_ECC_NIST_P256,+ CustomerMasterKeySpec_ECC_NIST_P384,+ CustomerMasterKeySpec_ECC_NIST_P521,+ CustomerMasterKeySpec_ECC_SECG_P256K1,+ CustomerMasterKeySpec_HMAC_224,+ CustomerMasterKeySpec_HMAC_256,+ CustomerMasterKeySpec_HMAC_384,+ CustomerMasterKeySpec_HMAC_512,+ CustomerMasterKeySpec_RSA_2048,+ CustomerMasterKeySpec_RSA_3072,+ CustomerMasterKeySpec_RSA_4096,+ CustomerMasterKeySpec_SM2,+ CustomerMasterKeySpec_SYMMETRIC_DEFAULT,+ CustomerMasterKeySpec'+ #-}
+ gen/Amazonka/KMS/Types/DataKeyPairSpec.hs view
@@ -0,0 +1,101 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.DataKeyPairSpec+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.DataKeyPairSpec+ ( DataKeyPairSpec+ ( ..,+ DataKeyPairSpec_ECC_NIST_P256,+ DataKeyPairSpec_ECC_NIST_P384,+ DataKeyPairSpec_ECC_NIST_P521,+ DataKeyPairSpec_ECC_SECG_P256K1,+ DataKeyPairSpec_RSA_2048,+ DataKeyPairSpec_RSA_3072,+ DataKeyPairSpec_RSA_4096,+ DataKeyPairSpec_SM2+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype DataKeyPairSpec = DataKeyPairSpec'+ { fromDataKeyPairSpec ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern DataKeyPairSpec_ECC_NIST_P256 :: DataKeyPairSpec+pattern DataKeyPairSpec_ECC_NIST_P256 = DataKeyPairSpec' "ECC_NIST_P256"++pattern DataKeyPairSpec_ECC_NIST_P384 :: DataKeyPairSpec+pattern DataKeyPairSpec_ECC_NIST_P384 = DataKeyPairSpec' "ECC_NIST_P384"++pattern DataKeyPairSpec_ECC_NIST_P521 :: DataKeyPairSpec+pattern DataKeyPairSpec_ECC_NIST_P521 = DataKeyPairSpec' "ECC_NIST_P521"++pattern DataKeyPairSpec_ECC_SECG_P256K1 :: DataKeyPairSpec+pattern DataKeyPairSpec_ECC_SECG_P256K1 = DataKeyPairSpec' "ECC_SECG_P256K1"++pattern DataKeyPairSpec_RSA_2048 :: DataKeyPairSpec+pattern DataKeyPairSpec_RSA_2048 = DataKeyPairSpec' "RSA_2048"++pattern DataKeyPairSpec_RSA_3072 :: DataKeyPairSpec+pattern DataKeyPairSpec_RSA_3072 = DataKeyPairSpec' "RSA_3072"++pattern DataKeyPairSpec_RSA_4096 :: DataKeyPairSpec+pattern DataKeyPairSpec_RSA_4096 = DataKeyPairSpec' "RSA_4096"++pattern DataKeyPairSpec_SM2 :: DataKeyPairSpec+pattern DataKeyPairSpec_SM2 = DataKeyPairSpec' "SM2"++{-# COMPLETE+ DataKeyPairSpec_ECC_NIST_P256,+ DataKeyPairSpec_ECC_NIST_P384,+ DataKeyPairSpec_ECC_NIST_P521,+ DataKeyPairSpec_ECC_SECG_P256K1,+ DataKeyPairSpec_RSA_2048,+ DataKeyPairSpec_RSA_3072,+ DataKeyPairSpec_RSA_4096,+ DataKeyPairSpec_SM2,+ DataKeyPairSpec'+ #-}
+ gen/Amazonka/KMS/Types/DataKeySpec.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.DataKeySpec+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.DataKeySpec+ ( DataKeySpec+ ( ..,+ DataKeySpec_AES_128,+ DataKeySpec_AES_256+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype DataKeySpec = DataKeySpec'+ { fromDataKeySpec ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern DataKeySpec_AES_128 :: DataKeySpec+pattern DataKeySpec_AES_128 = DataKeySpec' "AES_128"++pattern DataKeySpec_AES_256 :: DataKeySpec+pattern DataKeySpec_AES_256 = DataKeySpec' "AES_256"++{-# COMPLETE+ DataKeySpec_AES_128,+ DataKeySpec_AES_256,+ DataKeySpec'+ #-}
+ gen/Amazonka/KMS/Types/EncryptionAlgorithmSpec.hs view
@@ -0,0 +1,81 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.EncryptionAlgorithmSpec+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.EncryptionAlgorithmSpec+ ( EncryptionAlgorithmSpec+ ( ..,+ EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1,+ EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256,+ EncryptionAlgorithmSpec_SM2PKE,+ EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype EncryptionAlgorithmSpec = EncryptionAlgorithmSpec'+ { fromEncryptionAlgorithmSpec ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1 :: EncryptionAlgorithmSpec+pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1 = EncryptionAlgorithmSpec' "RSAES_OAEP_SHA_1"++pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256 :: EncryptionAlgorithmSpec+pattern EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256 = EncryptionAlgorithmSpec' "RSAES_OAEP_SHA_256"++pattern EncryptionAlgorithmSpec_SM2PKE :: EncryptionAlgorithmSpec+pattern EncryptionAlgorithmSpec_SM2PKE = EncryptionAlgorithmSpec' "SM2PKE"++pattern EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT :: EncryptionAlgorithmSpec+pattern EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT = EncryptionAlgorithmSpec' "SYMMETRIC_DEFAULT"++{-# COMPLETE+ EncryptionAlgorithmSpec_RSAES_OAEP_SHA_1,+ EncryptionAlgorithmSpec_RSAES_OAEP_SHA_256,+ EncryptionAlgorithmSpec_SM2PKE,+ EncryptionAlgorithmSpec_SYMMETRIC_DEFAULT,+ EncryptionAlgorithmSpec'+ #-}
+ gen/Amazonka/KMS/Types/ExpirationModelType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.ExpirationModelType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.ExpirationModelType+ ( ExpirationModelType+ ( ..,+ ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE,+ ExpirationModelType_KEY_MATERIAL_EXPIRES+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype ExpirationModelType = ExpirationModelType'+ { fromExpirationModelType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE :: ExpirationModelType+pattern ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE = ExpirationModelType' "KEY_MATERIAL_DOES_NOT_EXPIRE"++pattern ExpirationModelType_KEY_MATERIAL_EXPIRES :: ExpirationModelType+pattern ExpirationModelType_KEY_MATERIAL_EXPIRES = ExpirationModelType' "KEY_MATERIAL_EXPIRES"++{-# COMPLETE+ ExpirationModelType_KEY_MATERIAL_DOES_NOT_EXPIRE,+ ExpirationModelType_KEY_MATERIAL_EXPIRES,+ ExpirationModelType'+ #-}
+ gen/Amazonka/KMS/Types/GrantConstraints.hs view
@@ -0,0 +1,156 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.GrantConstraints+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.GrantConstraints where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | Use this structure to allow+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- in the grant only when the operation request includes the specified+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context encryption context>.+--+-- KMS applies the grant constraints only to cryptographic operations that+-- support an encryption context, that is, all cryptographic operations+-- with a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-concepts.html#symmetric-cmks symmetric KMS key>.+-- Grant constraints are not applied to operations that do not support an+-- encryption context, such as cryptographic operations with asymmetric KMS+-- keys and management operations, such as DescribeKey or RetireGrant.+--+-- In a cryptographic operation, the encryption context in the decryption+-- operation must be an exact, case-sensitive match for the keys and values+-- in the encryption context of the encryption operation. Only the order of+-- the pairs can vary.+--+-- However, in a grant constraint, the key in each key-value pair is not+-- case sensitive, but the value is case sensitive.+--+-- To avoid confusion, do not use multiple encryption context pairs that+-- differ only by case. To require a fully case-sensitive encryption+-- context, use the @kms:EncryptionContext:@ and+-- @kms:EncryptionContextKeys@ conditions in an IAM or key policy. For+-- details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-context kms:EncryptionContext:>+-- in the //Key Management Service Developer Guide// .+--+-- /See:/ 'newGrantConstraints' smart constructor.+data GrantConstraints = GrantConstraints'+ { -- | A list of key-value pairs that must match the encryption context in the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>+ -- request. The grant allows the operation only when the encryption context+ -- in the request is the same as the encryption context specified in this+ -- constraint.+ encryptionContextEquals :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text),+ -- | A list of key-value pairs that must be included in the encryption+ -- context of the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>+ -- request. The grant allows the cryptographic operation only when the+ -- encryption context in the request includes the key-value pairs specified+ -- in this constraint, although it can include additional key-value pairs.+ encryptionContextSubset :: Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text)+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GrantConstraints' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'encryptionContextEquals', 'grantConstraints_encryptionContextEquals' - A list of key-value pairs that must match the encryption context in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>+-- request. The grant allows the operation only when the encryption context+-- in the request is the same as the encryption context specified in this+-- constraint.+--+-- 'encryptionContextSubset', 'grantConstraints_encryptionContextSubset' - A list of key-value pairs that must be included in the encryption+-- context of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>+-- request. The grant allows the cryptographic operation only when the+-- encryption context in the request includes the key-value pairs specified+-- in this constraint, although it can include additional key-value pairs.+newGrantConstraints ::+ GrantConstraints+newGrantConstraints =+ GrantConstraints'+ { encryptionContextEquals =+ Prelude.Nothing,+ encryptionContextSubset = Prelude.Nothing+ }++-- | A list of key-value pairs that must match the encryption context in the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>+-- request. The grant allows the operation only when the encryption context+-- in the request is the same as the encryption context specified in this+-- constraint.+grantConstraints_encryptionContextEquals :: Lens.Lens' GrantConstraints (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+grantConstraints_encryptionContextEquals = Lens.lens (\GrantConstraints' {encryptionContextEquals} -> encryptionContextEquals) (\s@GrantConstraints' {} a -> s {encryptionContextEquals = a} :: GrantConstraints) Prelude.. Lens.mapping Lens.coerced++-- | A list of key-value pairs that must be included in the encryption+-- context of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operation>+-- request. The grant allows the cryptographic operation only when the+-- encryption context in the request includes the key-value pairs specified+-- in this constraint, although it can include additional key-value pairs.+grantConstraints_encryptionContextSubset :: Lens.Lens' GrantConstraints (Prelude.Maybe (Prelude.HashMap Prelude.Text Prelude.Text))+grantConstraints_encryptionContextSubset = Lens.lens (\GrantConstraints' {encryptionContextSubset} -> encryptionContextSubset) (\s@GrantConstraints' {} a -> s {encryptionContextSubset = a} :: GrantConstraints) Prelude.. Lens.mapping Lens.coerced++instance Data.FromJSON GrantConstraints where+ parseJSON =+ Data.withObject+ "GrantConstraints"+ ( \x ->+ GrantConstraints'+ Prelude.<$> ( x+ Data..:? "EncryptionContextEquals"+ Data..!= Prelude.mempty+ )+ Prelude.<*> ( x+ Data..:? "EncryptionContextSubset"+ Data..!= Prelude.mempty+ )+ )++instance Prelude.Hashable GrantConstraints where+ hashWithSalt _salt GrantConstraints' {..} =+ _salt+ `Prelude.hashWithSalt` encryptionContextEquals+ `Prelude.hashWithSalt` encryptionContextSubset++instance Prelude.NFData GrantConstraints where+ rnf GrantConstraints' {..} =+ Prelude.rnf encryptionContextEquals+ `Prelude.seq` Prelude.rnf encryptionContextSubset++instance Data.ToJSON GrantConstraints where+ toJSON GrantConstraints' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("EncryptionContextEquals" Data..=)+ Prelude.<$> encryptionContextEquals,+ ("EncryptionContextSubset" Data..=)+ Prelude.<$> encryptionContextSubset+ ]+ )
+ gen/Amazonka/KMS/Types/GrantListEntry.hs view
@@ -0,0 +1,200 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.GrantListEntry+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.GrantListEntry where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types.GrantConstraints+import Amazonka.KMS.Types.GrantOperation+import qualified Amazonka.Prelude as Prelude++-- | Contains information about a grant.+--+-- /See:/ 'newGrantListEntry' smart constructor.+data GrantListEntry = GrantListEntry'+ { -- | A list of key-value pairs that must be present in the encryption context+ -- of certain subsequent operations that the grant allows.+ constraints :: Prelude.Maybe GrantConstraints,+ -- | The date and time when the grant was created.+ creationDate :: Prelude.Maybe Data.POSIX,+ -- | The unique identifier for the grant.+ grantId :: Prelude.Maybe Prelude.Text,+ -- | The identity that gets the permissions in the grant.+ --+ -- The @GranteePrincipal@ field in the @ListGrants@ response usually+ -- contains the user or role designated as the grantee principal in the+ -- grant. However, when the grantee principal in the grant is an Amazon Web+ -- Services service, the @GranteePrincipal@ field contains the+ -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services service principal>,+ -- which might represent several different grantee principals.+ granteePrincipal :: Prelude.Maybe Prelude.Text,+ -- | The Amazon Web Services account under which the grant was issued.+ issuingAccount :: Prelude.Maybe Prelude.Text,+ -- | The unique identifier for the KMS key to which the grant applies.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The friendly name that identifies the grant. If a name was provided in+ -- the CreateGrant request, that name is returned. Otherwise this value is+ -- null.+ name :: Prelude.Maybe Prelude.Text,+ -- | The list of operations permitted by the grant.+ operations :: Prelude.Maybe [GrantOperation],+ -- | The principal that can retire the grant.+ retiringPrincipal :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'GrantListEntry' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'constraints', 'grantListEntry_constraints' - A list of key-value pairs that must be present in the encryption context+-- of certain subsequent operations that the grant allows.+--+-- 'creationDate', 'grantListEntry_creationDate' - The date and time when the grant was created.+--+-- 'grantId', 'grantListEntry_grantId' - The unique identifier for the grant.+--+-- 'granteePrincipal', 'grantListEntry_granteePrincipal' - The identity that gets the permissions in the grant.+--+-- The @GranteePrincipal@ field in the @ListGrants@ response usually+-- contains the user or role designated as the grantee principal in the+-- grant. However, when the grantee principal in the grant is an Amazon Web+-- Services service, the @GranteePrincipal@ field contains the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services service principal>,+-- which might represent several different grantee principals.+--+-- 'issuingAccount', 'grantListEntry_issuingAccount' - The Amazon Web Services account under which the grant was issued.+--+-- 'keyId', 'grantListEntry_keyId' - The unique identifier for the KMS key to which the grant applies.+--+-- 'name', 'grantListEntry_name' - The friendly name that identifies the grant. If a name was provided in+-- the CreateGrant request, that name is returned. Otherwise this value is+-- null.+--+-- 'operations', 'grantListEntry_operations' - The list of operations permitted by the grant.+--+-- 'retiringPrincipal', 'grantListEntry_retiringPrincipal' - The principal that can retire the grant.+newGrantListEntry ::+ GrantListEntry+newGrantListEntry =+ GrantListEntry'+ { constraints = Prelude.Nothing,+ creationDate = Prelude.Nothing,+ grantId = Prelude.Nothing,+ granteePrincipal = Prelude.Nothing,+ issuingAccount = Prelude.Nothing,+ keyId = Prelude.Nothing,+ name = Prelude.Nothing,+ operations = Prelude.Nothing,+ retiringPrincipal = Prelude.Nothing+ }++-- | A list of key-value pairs that must be present in the encryption context+-- of certain subsequent operations that the grant allows.+grantListEntry_constraints :: Lens.Lens' GrantListEntry (Prelude.Maybe GrantConstraints)+grantListEntry_constraints = Lens.lens (\GrantListEntry' {constraints} -> constraints) (\s@GrantListEntry' {} a -> s {constraints = a} :: GrantListEntry)++-- | The date and time when the grant was created.+grantListEntry_creationDate :: Lens.Lens' GrantListEntry (Prelude.Maybe Prelude.UTCTime)+grantListEntry_creationDate = Lens.lens (\GrantListEntry' {creationDate} -> creationDate) (\s@GrantListEntry' {} a -> s {creationDate = a} :: GrantListEntry) Prelude.. Lens.mapping Data._Time++-- | The unique identifier for the grant.+grantListEntry_grantId :: Lens.Lens' GrantListEntry (Prelude.Maybe Prelude.Text)+grantListEntry_grantId = Lens.lens (\GrantListEntry' {grantId} -> grantId) (\s@GrantListEntry' {} a -> s {grantId = a} :: GrantListEntry)++-- | The identity that gets the permissions in the grant.+--+-- The @GranteePrincipal@ field in the @ListGrants@ response usually+-- contains the user or role designated as the grantee principal in the+-- grant. However, when the grantee principal in the grant is an Amazon Web+-- Services service, the @GranteePrincipal@ field contains the+-- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services service principal>,+-- which might represent several different grantee principals.+grantListEntry_granteePrincipal :: Lens.Lens' GrantListEntry (Prelude.Maybe Prelude.Text)+grantListEntry_granteePrincipal = Lens.lens (\GrantListEntry' {granteePrincipal} -> granteePrincipal) (\s@GrantListEntry' {} a -> s {granteePrincipal = a} :: GrantListEntry)++-- | The Amazon Web Services account under which the grant was issued.+grantListEntry_issuingAccount :: Lens.Lens' GrantListEntry (Prelude.Maybe Prelude.Text)+grantListEntry_issuingAccount = Lens.lens (\GrantListEntry' {issuingAccount} -> issuingAccount) (\s@GrantListEntry' {} a -> s {issuingAccount = a} :: GrantListEntry)++-- | The unique identifier for the KMS key to which the grant applies.+grantListEntry_keyId :: Lens.Lens' GrantListEntry (Prelude.Maybe Prelude.Text)+grantListEntry_keyId = Lens.lens (\GrantListEntry' {keyId} -> keyId) (\s@GrantListEntry' {} a -> s {keyId = a} :: GrantListEntry)++-- | The friendly name that identifies the grant. If a name was provided in+-- the CreateGrant request, that name is returned. Otherwise this value is+-- null.+grantListEntry_name :: Lens.Lens' GrantListEntry (Prelude.Maybe Prelude.Text)+grantListEntry_name = Lens.lens (\GrantListEntry' {name} -> name) (\s@GrantListEntry' {} a -> s {name = a} :: GrantListEntry)++-- | The list of operations permitted by the grant.+grantListEntry_operations :: Lens.Lens' GrantListEntry (Prelude.Maybe [GrantOperation])+grantListEntry_operations = Lens.lens (\GrantListEntry' {operations} -> operations) (\s@GrantListEntry' {} a -> s {operations = a} :: GrantListEntry) Prelude.. Lens.mapping Lens.coerced++-- | The principal that can retire the grant.+grantListEntry_retiringPrincipal :: Lens.Lens' GrantListEntry (Prelude.Maybe Prelude.Text)+grantListEntry_retiringPrincipal = Lens.lens (\GrantListEntry' {retiringPrincipal} -> retiringPrincipal) (\s@GrantListEntry' {} a -> s {retiringPrincipal = a} :: GrantListEntry)++instance Data.FromJSON GrantListEntry where+ parseJSON =+ Data.withObject+ "GrantListEntry"+ ( \x ->+ GrantListEntry'+ Prelude.<$> (x Data..:? "Constraints")+ Prelude.<*> (x Data..:? "CreationDate")+ Prelude.<*> (x Data..:? "GrantId")+ Prelude.<*> (x Data..:? "GranteePrincipal")+ Prelude.<*> (x Data..:? "IssuingAccount")+ Prelude.<*> (x Data..:? "KeyId")+ Prelude.<*> (x Data..:? "Name")+ Prelude.<*> (x Data..:? "Operations" Data..!= Prelude.mempty)+ Prelude.<*> (x Data..:? "RetiringPrincipal")+ )++instance Prelude.Hashable GrantListEntry where+ hashWithSalt _salt GrantListEntry' {..} =+ _salt+ `Prelude.hashWithSalt` constraints+ `Prelude.hashWithSalt` creationDate+ `Prelude.hashWithSalt` grantId+ `Prelude.hashWithSalt` granteePrincipal+ `Prelude.hashWithSalt` issuingAccount+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` name+ `Prelude.hashWithSalt` operations+ `Prelude.hashWithSalt` retiringPrincipal++instance Prelude.NFData GrantListEntry where+ rnf GrantListEntry' {..} =+ Prelude.rnf constraints+ `Prelude.seq` Prelude.rnf creationDate+ `Prelude.seq` Prelude.rnf grantId+ `Prelude.seq` Prelude.rnf granteePrincipal+ `Prelude.seq` Prelude.rnf issuingAccount+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf name+ `Prelude.seq` Prelude.rnf operations+ `Prelude.seq` Prelude.rnf retiringPrincipal
+ gen/Amazonka/KMS/Types/GrantOperation.hs view
@@ -0,0 +1,141 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.GrantOperation+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.GrantOperation+ ( GrantOperation+ ( ..,+ GrantOperation_CreateGrant,+ GrantOperation_Decrypt,+ GrantOperation_DescribeKey,+ GrantOperation_Encrypt,+ GrantOperation_GenerateDataKey,+ GrantOperation_GenerateDataKeyPair,+ GrantOperation_GenerateDataKeyPairWithoutPlaintext,+ GrantOperation_GenerateDataKeyWithoutPlaintext,+ GrantOperation_GenerateMac,+ GrantOperation_GetPublicKey,+ GrantOperation_ReEncryptFrom,+ GrantOperation_ReEncryptTo,+ GrantOperation_RetireGrant,+ GrantOperation_Sign,+ GrantOperation_Verify,+ GrantOperation_VerifyMac+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype GrantOperation = GrantOperation'+ { fromGrantOperation ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern GrantOperation_CreateGrant :: GrantOperation+pattern GrantOperation_CreateGrant = GrantOperation' "CreateGrant"++pattern GrantOperation_Decrypt :: GrantOperation+pattern GrantOperation_Decrypt = GrantOperation' "Decrypt"++pattern GrantOperation_DescribeKey :: GrantOperation+pattern GrantOperation_DescribeKey = GrantOperation' "DescribeKey"++pattern GrantOperation_Encrypt :: GrantOperation+pattern GrantOperation_Encrypt = GrantOperation' "Encrypt"++pattern GrantOperation_GenerateDataKey :: GrantOperation+pattern GrantOperation_GenerateDataKey = GrantOperation' "GenerateDataKey"++pattern GrantOperation_GenerateDataKeyPair :: GrantOperation+pattern GrantOperation_GenerateDataKeyPair = GrantOperation' "GenerateDataKeyPair"++pattern GrantOperation_GenerateDataKeyPairWithoutPlaintext :: GrantOperation+pattern GrantOperation_GenerateDataKeyPairWithoutPlaintext = GrantOperation' "GenerateDataKeyPairWithoutPlaintext"++pattern GrantOperation_GenerateDataKeyWithoutPlaintext :: GrantOperation+pattern GrantOperation_GenerateDataKeyWithoutPlaintext = GrantOperation' "GenerateDataKeyWithoutPlaintext"++pattern GrantOperation_GenerateMac :: GrantOperation+pattern GrantOperation_GenerateMac = GrantOperation' "GenerateMac"++pattern GrantOperation_GetPublicKey :: GrantOperation+pattern GrantOperation_GetPublicKey = GrantOperation' "GetPublicKey"++pattern GrantOperation_ReEncryptFrom :: GrantOperation+pattern GrantOperation_ReEncryptFrom = GrantOperation' "ReEncryptFrom"++pattern GrantOperation_ReEncryptTo :: GrantOperation+pattern GrantOperation_ReEncryptTo = GrantOperation' "ReEncryptTo"++pattern GrantOperation_RetireGrant :: GrantOperation+pattern GrantOperation_RetireGrant = GrantOperation' "RetireGrant"++pattern GrantOperation_Sign :: GrantOperation+pattern GrantOperation_Sign = GrantOperation' "Sign"++pattern GrantOperation_Verify :: GrantOperation+pattern GrantOperation_Verify = GrantOperation' "Verify"++pattern GrantOperation_VerifyMac :: GrantOperation+pattern GrantOperation_VerifyMac = GrantOperation' "VerifyMac"++{-# COMPLETE+ GrantOperation_CreateGrant,+ GrantOperation_Decrypt,+ GrantOperation_DescribeKey,+ GrantOperation_Encrypt,+ GrantOperation_GenerateDataKey,+ GrantOperation_GenerateDataKeyPair,+ GrantOperation_GenerateDataKeyPairWithoutPlaintext,+ GrantOperation_GenerateDataKeyWithoutPlaintext,+ GrantOperation_GenerateMac,+ GrantOperation_GetPublicKey,+ GrantOperation_ReEncryptFrom,+ GrantOperation_ReEncryptTo,+ GrantOperation_RetireGrant,+ GrantOperation_Sign,+ GrantOperation_Verify,+ GrantOperation_VerifyMac,+ GrantOperation'+ #-}
+ gen/Amazonka/KMS/Types/KeyListEntry.hs view
@@ -0,0 +1,83 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.KeyListEntry+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.KeyListEntry where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | Contains information about each entry in the key list.+--+-- /See:/ 'newKeyListEntry' smart constructor.+data KeyListEntry = KeyListEntry'+ { -- | ARN of the key.+ keyArn :: Prelude.Maybe Prelude.Text,+ -- | Unique identifier of the key.+ keyId :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'KeyListEntry' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyArn', 'keyListEntry_keyArn' - ARN of the key.+--+-- 'keyId', 'keyListEntry_keyId' - Unique identifier of the key.+newKeyListEntry ::+ KeyListEntry+newKeyListEntry =+ KeyListEntry'+ { keyArn = Prelude.Nothing,+ keyId = Prelude.Nothing+ }++-- | ARN of the key.+keyListEntry_keyArn :: Lens.Lens' KeyListEntry (Prelude.Maybe Prelude.Text)+keyListEntry_keyArn = Lens.lens (\KeyListEntry' {keyArn} -> keyArn) (\s@KeyListEntry' {} a -> s {keyArn = a} :: KeyListEntry)++-- | Unique identifier of the key.+keyListEntry_keyId :: Lens.Lens' KeyListEntry (Prelude.Maybe Prelude.Text)+keyListEntry_keyId = Lens.lens (\KeyListEntry' {keyId} -> keyId) (\s@KeyListEntry' {} a -> s {keyId = a} :: KeyListEntry)++instance Data.FromJSON KeyListEntry where+ parseJSON =+ Data.withObject+ "KeyListEntry"+ ( \x ->+ KeyListEntry'+ Prelude.<$> (x Data..:? "KeyArn")+ Prelude.<*> (x Data..:? "KeyId")+ )++instance Prelude.Hashable KeyListEntry where+ hashWithSalt _salt KeyListEntry' {..} =+ _salt+ `Prelude.hashWithSalt` keyArn+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData KeyListEntry where+ rnf KeyListEntry' {..} =+ Prelude.rnf keyArn `Prelude.seq` Prelude.rnf keyId
+ gen/Amazonka/KMS/Types/KeyManagerType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.KeyManagerType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.KeyManagerType+ ( KeyManagerType+ ( ..,+ KeyManagerType_AWS,+ KeyManagerType_CUSTOMER+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype KeyManagerType = KeyManagerType'+ { fromKeyManagerType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern KeyManagerType_AWS :: KeyManagerType+pattern KeyManagerType_AWS = KeyManagerType' "AWS"++pattern KeyManagerType_CUSTOMER :: KeyManagerType+pattern KeyManagerType_CUSTOMER = KeyManagerType' "CUSTOMER"++{-# COMPLETE+ KeyManagerType_AWS,+ KeyManagerType_CUSTOMER,+ KeyManagerType'+ #-}
+ gen/Amazonka/KMS/Types/KeyMetadata.hs view
@@ -0,0 +1,663 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.KeyMetadata+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.KeyMetadata where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types.CustomerMasterKeySpec+import Amazonka.KMS.Types.EncryptionAlgorithmSpec+import Amazonka.KMS.Types.ExpirationModelType+import Amazonka.KMS.Types.KeyManagerType+import Amazonka.KMS.Types.KeySpec+import Amazonka.KMS.Types.KeyState+import Amazonka.KMS.Types.KeyUsageType+import Amazonka.KMS.Types.MacAlgorithmSpec+import Amazonka.KMS.Types.MultiRegionConfiguration+import Amazonka.KMS.Types.OriginType+import Amazonka.KMS.Types.SigningAlgorithmSpec+import Amazonka.KMS.Types.XksKeyConfigurationType+import qualified Amazonka.Prelude as Prelude++-- | Contains metadata about a KMS key.+--+-- This data type is used as a response element for the CreateKey,+-- DescribeKey, and ReplicateKey operations.+--+-- /See:/ 'newKeyMetadata' smart constructor.+data KeyMetadata = KeyMetadata'+ { -- | The twelve-digit account ID of the Amazon Web Services account that owns+ -- the KMS key.+ aWSAccountId :: Prelude.Maybe Prelude.Text,+ -- | The Amazon Resource Name (ARN) of the KMS key. For examples, see+ -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms Key Management Service (KMS)>+ -- in the Example ARNs section of the /Amazon Web Services General+ -- Reference/.+ arn :: Prelude.Maybe Prelude.Text,+ -- | The cluster ID of the CloudHSM cluster that contains the key material+ -- for the KMS key. When you create a KMS key in an CloudHSM+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>,+ -- KMS creates the key material for the KMS key in the associated CloudHSM+ -- cluster. This field is present only when the KMS key is created in an+ -- CloudHSM key store.+ cloudHsmClusterId :: Prelude.Maybe Prelude.Text,+ -- | The date and time when the KMS key was created.+ creationDate :: Prelude.Maybe Data.POSIX,+ -- | A unique identifier for the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>+ -- that contains the KMS key. This field is present only when the KMS key+ -- is created in a custom key store.+ customKeyStoreId :: Prelude.Maybe Prelude.Text,+ -- | Instead, use the @KeySpec@ field.+ --+ -- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We+ -- recommend that you use the @KeySpec@ field in your code. However, to+ -- avoid breaking changes, KMS supports both fields.+ customerMasterKeySpec :: Prelude.Maybe CustomerMasterKeySpec,+ -- | The date and time after which KMS deletes this KMS key. This value is+ -- present only when the KMS key is scheduled for deletion, that is, when+ -- its @KeyState@ is @PendingDeletion@.+ --+ -- When the primary key in a multi-Region key is scheduled for deletion but+ -- still has replica keys, its key state is @PendingReplicaDeletion@ and+ -- the length of its waiting period is displayed in the+ -- @PendingDeletionWindowInDays@ field.+ deletionDate :: Prelude.Maybe Data.POSIX,+ -- | The description of the KMS key.+ description :: Prelude.Maybe Prelude.Text,+ -- | Specifies whether the KMS key is enabled. When @KeyState@ is @Enabled@+ -- this value is true, otherwise it is false.+ enabled :: Prelude.Maybe Prelude.Bool,+ -- | The encryption algorithms that the KMS key supports. You cannot use the+ -- KMS key with other encryption algorithms within KMS.+ --+ -- This value is present only when the @KeyUsage@ of the KMS key is+ -- @ENCRYPT_DECRYPT@.+ encryptionAlgorithms :: Prelude.Maybe [EncryptionAlgorithmSpec],+ -- | Specifies whether the KMS key\'s key material expires. This value is+ -- present only when @Origin@ is @EXTERNAL@, otherwise this value is+ -- omitted.+ expirationModel :: Prelude.Maybe ExpirationModelType,+ -- | The manager of the KMS key. KMS keys in your Amazon Web Services account+ -- are either customer managed or Amazon Web Services managed. For more+ -- information about the difference, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys KMS keys>+ -- in the /Key Management Service Developer Guide/.+ keyManager :: Prelude.Maybe KeyManagerType,+ -- | Describes the type of key material in the KMS key.+ keySpec :: Prelude.Maybe KeySpec,+ -- | The current status of the KMS key.+ --+ -- For more information about how key state affects the use of a KMS key,+ -- see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+ -- in the /Key Management Service Developer Guide/.+ keyState :: Prelude.Maybe KeyState,+ -- | The+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+ -- for which you can use the KMS key.+ keyUsage :: Prelude.Maybe KeyUsageType,+ -- | The message authentication code (MAC) algorithm that the HMAC KMS key+ -- supports.+ --+ -- This value is present only when the @KeyUsage@ of the KMS key is+ -- @GENERATE_VERIFY_MAC@.+ macAlgorithms :: Prelude.Maybe [MacAlgorithmSpec],+ -- | Indicates whether the KMS key is a multi-Region (@True@) or regional+ -- (@False@) key. This value is @True@ for multi-Region primary and replica+ -- keys and @False@ for regional KMS keys.+ --+ -- For more information about multi-Region keys, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+ -- in the /Key Management Service Developer Guide/.+ multiRegion :: Prelude.Maybe Prelude.Bool,+ -- | Lists the primary and replica keys in same multi-Region key. This field+ -- is present only when the value of the @MultiRegion@ field is @True@.+ --+ -- For more information about any listed KMS key, use the DescribeKey+ -- operation.+ --+ -- - @MultiRegionKeyType@ indicates whether the KMS key is a @PRIMARY@ or+ -- @REPLICA@ key.+ --+ -- - @PrimaryKey@ displays the key ARN and Region of the primary key.+ -- This field displays the current KMS key if it is the primary key.+ --+ -- - @ReplicaKeys@ displays the key ARNs and Regions of all replica keys.+ -- This field includes the current KMS key if it is a replica key.+ multiRegionConfiguration :: Prelude.Maybe MultiRegionConfiguration,+ -- | The source of the key material for the KMS key. When this value is+ -- @AWS_KMS@, KMS created the key material. When this value is @EXTERNAL@,+ -- the key material was imported or the KMS key doesn\'t have any key+ -- material. When this value is @AWS_CLOUDHSM@, the key material was+ -- created in the CloudHSM cluster associated with a custom key store.+ origin :: Prelude.Maybe OriginType,+ -- | The waiting period before the primary key in a multi-Region key is+ -- deleted. This waiting period begins when the last of its replica keys is+ -- deleted. This value is present only when the @KeyState@ of the KMS key+ -- is @PendingReplicaDeletion@. That indicates that the KMS key is the+ -- primary key in a multi-Region key, it is scheduled for deletion, and it+ -- still has existing replica keys.+ --+ -- When a single-Region KMS key or a multi-Region replica key is scheduled+ -- for deletion, its deletion date is displayed in the @DeletionDate@+ -- field. However, when the primary key in a multi-Region key is scheduled+ -- for deletion, its waiting period doesn\'t begin until all of its replica+ -- keys are deleted. This value displays that waiting period. When the last+ -- replica key in the multi-Region key is deleted, the @KeyState@ of the+ -- scheduled primary key changes from @PendingReplicaDeletion@ to+ -- @PendingDeletion@ and the deletion date appears in the @DeletionDate@+ -- field.+ pendingDeletionWindowInDays :: Prelude.Maybe Prelude.Natural,+ -- | The signing algorithms that the KMS key supports. You cannot use the KMS+ -- key with other signing algorithms within KMS.+ --+ -- This field appears only when the @KeyUsage@ of the KMS key is+ -- @SIGN_VERIFY@.+ signingAlgorithms :: Prelude.Maybe [SigningAlgorithmSpec],+ -- | The time at which the imported key material expires. When the key+ -- material expires, KMS deletes the key material and the KMS key becomes+ -- unusable. This value is present only for KMS keys whose @Origin@ is+ -- @EXTERNAL@ and whose @ExpirationModel@ is @KEY_MATERIAL_EXPIRES@,+ -- otherwise this value is omitted.+ validTo :: Prelude.Maybe Data.POSIX,+ -- | Information about the external key that is associated with a KMS key in+ -- an external key store.+ --+ -- For more information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key External key>+ -- in the /Key Management Service Developer Guide/.+ xksKeyConfiguration :: Prelude.Maybe XksKeyConfigurationType,+ -- | The globally unique identifier for the KMS key.+ keyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'KeyMetadata' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'aWSAccountId', 'keyMetadata_aWSAccountId' - The twelve-digit account ID of the Amazon Web Services account that owns+-- the KMS key.+--+-- 'arn', 'keyMetadata_arn' - The Amazon Resource Name (ARN) of the KMS key. For examples, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms Key Management Service (KMS)>+-- in the Example ARNs section of the /Amazon Web Services General+-- Reference/.+--+-- 'cloudHsmClusterId', 'keyMetadata_cloudHsmClusterId' - The cluster ID of the CloudHSM cluster that contains the key material+-- for the KMS key. When you create a KMS key in an CloudHSM+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>,+-- KMS creates the key material for the KMS key in the associated CloudHSM+-- cluster. This field is present only when the KMS key is created in an+-- CloudHSM key store.+--+-- 'creationDate', 'keyMetadata_creationDate' - The date and time when the KMS key was created.+--+-- 'customKeyStoreId', 'keyMetadata_customKeyStoreId' - A unique identifier for the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>+-- that contains the KMS key. This field is present only when the KMS key+-- is created in a custom key store.+--+-- 'customerMasterKeySpec', 'keyMetadata_customerMasterKeySpec' - Instead, use the @KeySpec@ field.+--+-- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We+-- recommend that you use the @KeySpec@ field in your code. However, to+-- avoid breaking changes, KMS supports both fields.+--+-- 'deletionDate', 'keyMetadata_deletionDate' - The date and time after which KMS deletes this KMS key. This value is+-- present only when the KMS key is scheduled for deletion, that is, when+-- its @KeyState@ is @PendingDeletion@.+--+-- When the primary key in a multi-Region key is scheduled for deletion but+-- still has replica keys, its key state is @PendingReplicaDeletion@ and+-- the length of its waiting period is displayed in the+-- @PendingDeletionWindowInDays@ field.+--+-- 'description', 'keyMetadata_description' - The description of the KMS key.+--+-- 'enabled', 'keyMetadata_enabled' - Specifies whether the KMS key is enabled. When @KeyState@ is @Enabled@+-- this value is true, otherwise it is false.+--+-- 'encryptionAlgorithms', 'keyMetadata_encryptionAlgorithms' - The encryption algorithms that the KMS key supports. You cannot use the+-- KMS key with other encryption algorithms within KMS.+--+-- This value is present only when the @KeyUsage@ of the KMS key is+-- @ENCRYPT_DECRYPT@.+--+-- 'expirationModel', 'keyMetadata_expirationModel' - Specifies whether the KMS key\'s key material expires. This value is+-- present only when @Origin@ is @EXTERNAL@, otherwise this value is+-- omitted.+--+-- 'keyManager', 'keyMetadata_keyManager' - The manager of the KMS key. KMS keys in your Amazon Web Services account+-- are either customer managed or Amazon Web Services managed. For more+-- information about the difference, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- 'keySpec', 'keyMetadata_keySpec' - Describes the type of key material in the KMS key.+--+-- 'keyState', 'keyMetadata_keyState' - The current status of the KMS key.+--+-- For more information about how key state affects the use of a KMS key,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyUsage', 'keyMetadata_keyUsage' - The+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- for which you can use the KMS key.+--+-- 'macAlgorithms', 'keyMetadata_macAlgorithms' - The message authentication code (MAC) algorithm that the HMAC KMS key+-- supports.+--+-- This value is present only when the @KeyUsage@ of the KMS key is+-- @GENERATE_VERIFY_MAC@.+--+-- 'multiRegion', 'keyMetadata_multiRegion' - Indicates whether the KMS key is a multi-Region (@True@) or regional+-- (@False@) key. This value is @True@ for multi-Region primary and replica+-- keys and @False@ for regional KMS keys.+--+-- For more information about multi-Region keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- 'multiRegionConfiguration', 'keyMetadata_multiRegionConfiguration' - Lists the primary and replica keys in same multi-Region key. This field+-- is present only when the value of the @MultiRegion@ field is @True@.+--+-- For more information about any listed KMS key, use the DescribeKey+-- operation.+--+-- - @MultiRegionKeyType@ indicates whether the KMS key is a @PRIMARY@ or+-- @REPLICA@ key.+--+-- - @PrimaryKey@ displays the key ARN and Region of the primary key.+-- This field displays the current KMS key if it is the primary key.+--+-- - @ReplicaKeys@ displays the key ARNs and Regions of all replica keys.+-- This field includes the current KMS key if it is a replica key.+--+-- 'origin', 'keyMetadata_origin' - The source of the key material for the KMS key. When this value is+-- @AWS_KMS@, KMS created the key material. When this value is @EXTERNAL@,+-- the key material was imported or the KMS key doesn\'t have any key+-- material. When this value is @AWS_CLOUDHSM@, the key material was+-- created in the CloudHSM cluster associated with a custom key store.+--+-- 'pendingDeletionWindowInDays', 'keyMetadata_pendingDeletionWindowInDays' - The waiting period before the primary key in a multi-Region key is+-- deleted. This waiting period begins when the last of its replica keys is+-- deleted. This value is present only when the @KeyState@ of the KMS key+-- is @PendingReplicaDeletion@. That indicates that the KMS key is the+-- primary key in a multi-Region key, it is scheduled for deletion, and it+-- still has existing replica keys.+--+-- When a single-Region KMS key or a multi-Region replica key is scheduled+-- for deletion, its deletion date is displayed in the @DeletionDate@+-- field. However, when the primary key in a multi-Region key is scheduled+-- for deletion, its waiting period doesn\'t begin until all of its replica+-- keys are deleted. This value displays that waiting period. When the last+-- replica key in the multi-Region key is deleted, the @KeyState@ of the+-- scheduled primary key changes from @PendingReplicaDeletion@ to+-- @PendingDeletion@ and the deletion date appears in the @DeletionDate@+-- field.+--+-- 'signingAlgorithms', 'keyMetadata_signingAlgorithms' - The signing algorithms that the KMS key supports. You cannot use the KMS+-- key with other signing algorithms within KMS.+--+-- This field appears only when the @KeyUsage@ of the KMS key is+-- @SIGN_VERIFY@.+--+-- 'validTo', 'keyMetadata_validTo' - The time at which the imported key material expires. When the key+-- material expires, KMS deletes the key material and the KMS key becomes+-- unusable. This value is present only for KMS keys whose @Origin@ is+-- @EXTERNAL@ and whose @ExpirationModel@ is @KEY_MATERIAL_EXPIRES@,+-- otherwise this value is omitted.+--+-- 'xksKeyConfiguration', 'keyMetadata_xksKeyConfiguration' - Information about the external key that is associated with a KMS key in+-- an external key store.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key External key>+-- in the /Key Management Service Developer Guide/.+--+-- 'keyId', 'keyMetadata_keyId' - The globally unique identifier for the KMS key.+newKeyMetadata ::+ -- | 'keyId'+ Prelude.Text ->+ KeyMetadata+newKeyMetadata pKeyId_ =+ KeyMetadata'+ { aWSAccountId = Prelude.Nothing,+ arn = Prelude.Nothing,+ cloudHsmClusterId = Prelude.Nothing,+ creationDate = Prelude.Nothing,+ customKeyStoreId = Prelude.Nothing,+ customerMasterKeySpec = Prelude.Nothing,+ deletionDate = Prelude.Nothing,+ description = Prelude.Nothing,+ enabled = Prelude.Nothing,+ encryptionAlgorithms = Prelude.Nothing,+ expirationModel = Prelude.Nothing,+ keyManager = Prelude.Nothing,+ keySpec = Prelude.Nothing,+ keyState = Prelude.Nothing,+ keyUsage = Prelude.Nothing,+ macAlgorithms = Prelude.Nothing,+ multiRegion = Prelude.Nothing,+ multiRegionConfiguration = Prelude.Nothing,+ origin = Prelude.Nothing,+ pendingDeletionWindowInDays = Prelude.Nothing,+ signingAlgorithms = Prelude.Nothing,+ validTo = Prelude.Nothing,+ xksKeyConfiguration = Prelude.Nothing,+ keyId = pKeyId_+ }++-- | The twelve-digit account ID of the Amazon Web Services account that owns+-- the KMS key.+keyMetadata_aWSAccountId :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.Text)+keyMetadata_aWSAccountId = Lens.lens (\KeyMetadata' {aWSAccountId} -> aWSAccountId) (\s@KeyMetadata' {} a -> s {aWSAccountId = a} :: KeyMetadata)++-- | The Amazon Resource Name (ARN) of the KMS key. For examples, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms Key Management Service (KMS)>+-- in the Example ARNs section of the /Amazon Web Services General+-- Reference/.+keyMetadata_arn :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.Text)+keyMetadata_arn = Lens.lens (\KeyMetadata' {arn} -> arn) (\s@KeyMetadata' {} a -> s {arn = a} :: KeyMetadata)++-- | The cluster ID of the CloudHSM cluster that contains the key material+-- for the KMS key. When you create a KMS key in an CloudHSM+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>,+-- KMS creates the key material for the KMS key in the associated CloudHSM+-- cluster. This field is present only when the KMS key is created in an+-- CloudHSM key store.+keyMetadata_cloudHsmClusterId :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.Text)+keyMetadata_cloudHsmClusterId = Lens.lens (\KeyMetadata' {cloudHsmClusterId} -> cloudHsmClusterId) (\s@KeyMetadata' {} a -> s {cloudHsmClusterId = a} :: KeyMetadata)++-- | The date and time when the KMS key was created.+keyMetadata_creationDate :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.UTCTime)+keyMetadata_creationDate = Lens.lens (\KeyMetadata' {creationDate} -> creationDate) (\s@KeyMetadata' {} a -> s {creationDate = a} :: KeyMetadata) Prelude.. Lens.mapping Data._Time++-- | A unique identifier for the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key store>+-- that contains the KMS key. This field is present only when the KMS key+-- is created in a custom key store.+keyMetadata_customKeyStoreId :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.Text)+keyMetadata_customKeyStoreId = Lens.lens (\KeyMetadata' {customKeyStoreId} -> customKeyStoreId) (\s@KeyMetadata' {} a -> s {customKeyStoreId = a} :: KeyMetadata)++-- | Instead, use the @KeySpec@ field.+--+-- The @KeySpec@ and @CustomerMasterKeySpec@ fields have the same value. We+-- recommend that you use the @KeySpec@ field in your code. However, to+-- avoid breaking changes, KMS supports both fields.+keyMetadata_customerMasterKeySpec :: Lens.Lens' KeyMetadata (Prelude.Maybe CustomerMasterKeySpec)+keyMetadata_customerMasterKeySpec = Lens.lens (\KeyMetadata' {customerMasterKeySpec} -> customerMasterKeySpec) (\s@KeyMetadata' {} a -> s {customerMasterKeySpec = a} :: KeyMetadata)++-- | The date and time after which KMS deletes this KMS key. This value is+-- present only when the KMS key is scheduled for deletion, that is, when+-- its @KeyState@ is @PendingDeletion@.+--+-- When the primary key in a multi-Region key is scheduled for deletion but+-- still has replica keys, its key state is @PendingReplicaDeletion@ and+-- the length of its waiting period is displayed in the+-- @PendingDeletionWindowInDays@ field.+keyMetadata_deletionDate :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.UTCTime)+keyMetadata_deletionDate = Lens.lens (\KeyMetadata' {deletionDate} -> deletionDate) (\s@KeyMetadata' {} a -> s {deletionDate = a} :: KeyMetadata) Prelude.. Lens.mapping Data._Time++-- | The description of the KMS key.+keyMetadata_description :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.Text)+keyMetadata_description = Lens.lens (\KeyMetadata' {description} -> description) (\s@KeyMetadata' {} a -> s {description = a} :: KeyMetadata)++-- | Specifies whether the KMS key is enabled. When @KeyState@ is @Enabled@+-- this value is true, otherwise it is false.+keyMetadata_enabled :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.Bool)+keyMetadata_enabled = Lens.lens (\KeyMetadata' {enabled} -> enabled) (\s@KeyMetadata' {} a -> s {enabled = a} :: KeyMetadata)++-- | The encryption algorithms that the KMS key supports. You cannot use the+-- KMS key with other encryption algorithms within KMS.+--+-- This value is present only when the @KeyUsage@ of the KMS key is+-- @ENCRYPT_DECRYPT@.+keyMetadata_encryptionAlgorithms :: Lens.Lens' KeyMetadata (Prelude.Maybe [EncryptionAlgorithmSpec])+keyMetadata_encryptionAlgorithms = Lens.lens (\KeyMetadata' {encryptionAlgorithms} -> encryptionAlgorithms) (\s@KeyMetadata' {} a -> s {encryptionAlgorithms = a} :: KeyMetadata) Prelude.. Lens.mapping Lens.coerced++-- | Specifies whether the KMS key\'s key material expires. This value is+-- present only when @Origin@ is @EXTERNAL@, otherwise this value is+-- omitted.+keyMetadata_expirationModel :: Lens.Lens' KeyMetadata (Prelude.Maybe ExpirationModelType)+keyMetadata_expirationModel = Lens.lens (\KeyMetadata' {expirationModel} -> expirationModel) (\s@KeyMetadata' {} a -> s {expirationModel = a} :: KeyMetadata)++-- | The manager of the KMS key. KMS keys in your Amazon Web Services account+-- are either customer managed or Amazon Web Services managed. For more+-- information about the difference, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#kms_keys KMS keys>+-- in the /Key Management Service Developer Guide/.+keyMetadata_keyManager :: Lens.Lens' KeyMetadata (Prelude.Maybe KeyManagerType)+keyMetadata_keyManager = Lens.lens (\KeyMetadata' {keyManager} -> keyManager) (\s@KeyMetadata' {} a -> s {keyManager = a} :: KeyMetadata)++-- | Describes the type of key material in the KMS key.+keyMetadata_keySpec :: Lens.Lens' KeyMetadata (Prelude.Maybe KeySpec)+keyMetadata_keySpec = Lens.lens (\KeyMetadata' {keySpec} -> keySpec) (\s@KeyMetadata' {} a -> s {keySpec = a} :: KeyMetadata)++-- | The current status of the KMS key.+--+-- For more information about how key state affects the use of a KMS key,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+keyMetadata_keyState :: Lens.Lens' KeyMetadata (Prelude.Maybe KeyState)+keyMetadata_keyState = Lens.lens (\KeyMetadata' {keyState} -> keyState) (\s@KeyMetadata' {} a -> s {keyState = a} :: KeyMetadata)++-- | The+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations cryptographic operations>+-- for which you can use the KMS key.+keyMetadata_keyUsage :: Lens.Lens' KeyMetadata (Prelude.Maybe KeyUsageType)+keyMetadata_keyUsage = Lens.lens (\KeyMetadata' {keyUsage} -> keyUsage) (\s@KeyMetadata' {} a -> s {keyUsage = a} :: KeyMetadata)++-- | The message authentication code (MAC) algorithm that the HMAC KMS key+-- supports.+--+-- This value is present only when the @KeyUsage@ of the KMS key is+-- @GENERATE_VERIFY_MAC@.+keyMetadata_macAlgorithms :: Lens.Lens' KeyMetadata (Prelude.Maybe [MacAlgorithmSpec])+keyMetadata_macAlgorithms = Lens.lens (\KeyMetadata' {macAlgorithms} -> macAlgorithms) (\s@KeyMetadata' {} a -> s {macAlgorithms = a} :: KeyMetadata) Prelude.. Lens.mapping Lens.coerced++-- | Indicates whether the KMS key is a multi-Region (@True@) or regional+-- (@False@) key. This value is @True@ for multi-Region primary and replica+-- keys and @False@ for regional KMS keys.+--+-- For more information about multi-Region keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+-- in the /Key Management Service Developer Guide/.+keyMetadata_multiRegion :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.Bool)+keyMetadata_multiRegion = Lens.lens (\KeyMetadata' {multiRegion} -> multiRegion) (\s@KeyMetadata' {} a -> s {multiRegion = a} :: KeyMetadata)++-- | Lists the primary and replica keys in same multi-Region key. This field+-- is present only when the value of the @MultiRegion@ field is @True@.+--+-- For more information about any listed KMS key, use the DescribeKey+-- operation.+--+-- - @MultiRegionKeyType@ indicates whether the KMS key is a @PRIMARY@ or+-- @REPLICA@ key.+--+-- - @PrimaryKey@ displays the key ARN and Region of the primary key.+-- This field displays the current KMS key if it is the primary key.+--+-- - @ReplicaKeys@ displays the key ARNs and Regions of all replica keys.+-- This field includes the current KMS key if it is a replica key.+keyMetadata_multiRegionConfiguration :: Lens.Lens' KeyMetadata (Prelude.Maybe MultiRegionConfiguration)+keyMetadata_multiRegionConfiguration = Lens.lens (\KeyMetadata' {multiRegionConfiguration} -> multiRegionConfiguration) (\s@KeyMetadata' {} a -> s {multiRegionConfiguration = a} :: KeyMetadata)++-- | The source of the key material for the KMS key. When this value is+-- @AWS_KMS@, KMS created the key material. When this value is @EXTERNAL@,+-- the key material was imported or the KMS key doesn\'t have any key+-- material. When this value is @AWS_CLOUDHSM@, the key material was+-- created in the CloudHSM cluster associated with a custom key store.+keyMetadata_origin :: Lens.Lens' KeyMetadata (Prelude.Maybe OriginType)+keyMetadata_origin = Lens.lens (\KeyMetadata' {origin} -> origin) (\s@KeyMetadata' {} a -> s {origin = a} :: KeyMetadata)++-- | The waiting period before the primary key in a multi-Region key is+-- deleted. This waiting period begins when the last of its replica keys is+-- deleted. This value is present only when the @KeyState@ of the KMS key+-- is @PendingReplicaDeletion@. That indicates that the KMS key is the+-- primary key in a multi-Region key, it is scheduled for deletion, and it+-- still has existing replica keys.+--+-- When a single-Region KMS key or a multi-Region replica key is scheduled+-- for deletion, its deletion date is displayed in the @DeletionDate@+-- field. However, when the primary key in a multi-Region key is scheduled+-- for deletion, its waiting period doesn\'t begin until all of its replica+-- keys are deleted. This value displays that waiting period. When the last+-- replica key in the multi-Region key is deleted, the @KeyState@ of the+-- scheduled primary key changes from @PendingReplicaDeletion@ to+-- @PendingDeletion@ and the deletion date appears in the @DeletionDate@+-- field.+keyMetadata_pendingDeletionWindowInDays :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.Natural)+keyMetadata_pendingDeletionWindowInDays = Lens.lens (\KeyMetadata' {pendingDeletionWindowInDays} -> pendingDeletionWindowInDays) (\s@KeyMetadata' {} a -> s {pendingDeletionWindowInDays = a} :: KeyMetadata)++-- | The signing algorithms that the KMS key supports. You cannot use the KMS+-- key with other signing algorithms within KMS.+--+-- This field appears only when the @KeyUsage@ of the KMS key is+-- @SIGN_VERIFY@.+keyMetadata_signingAlgorithms :: Lens.Lens' KeyMetadata (Prelude.Maybe [SigningAlgorithmSpec])+keyMetadata_signingAlgorithms = Lens.lens (\KeyMetadata' {signingAlgorithms} -> signingAlgorithms) (\s@KeyMetadata' {} a -> s {signingAlgorithms = a} :: KeyMetadata) Prelude.. Lens.mapping Lens.coerced++-- | The time at which the imported key material expires. When the key+-- material expires, KMS deletes the key material and the KMS key becomes+-- unusable. This value is present only for KMS keys whose @Origin@ is+-- @EXTERNAL@ and whose @ExpirationModel@ is @KEY_MATERIAL_EXPIRES@,+-- otherwise this value is omitted.+keyMetadata_validTo :: Lens.Lens' KeyMetadata (Prelude.Maybe Prelude.UTCTime)+keyMetadata_validTo = Lens.lens (\KeyMetadata' {validTo} -> validTo) (\s@KeyMetadata' {} a -> s {validTo = a} :: KeyMetadata) Prelude.. Lens.mapping Data._Time++-- | Information about the external key that is associated with a KMS key in+-- an external key store.+--+-- For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key External key>+-- in the /Key Management Service Developer Guide/.+keyMetadata_xksKeyConfiguration :: Lens.Lens' KeyMetadata (Prelude.Maybe XksKeyConfigurationType)+keyMetadata_xksKeyConfiguration = Lens.lens (\KeyMetadata' {xksKeyConfiguration} -> xksKeyConfiguration) (\s@KeyMetadata' {} a -> s {xksKeyConfiguration = a} :: KeyMetadata)++-- | The globally unique identifier for the KMS key.+keyMetadata_keyId :: Lens.Lens' KeyMetadata Prelude.Text+keyMetadata_keyId = Lens.lens (\KeyMetadata' {keyId} -> keyId) (\s@KeyMetadata' {} a -> s {keyId = a} :: KeyMetadata)++instance Data.FromJSON KeyMetadata where+ parseJSON =+ Data.withObject+ "KeyMetadata"+ ( \x ->+ KeyMetadata'+ Prelude.<$> (x Data..:? "AWSAccountId")+ Prelude.<*> (x Data..:? "Arn")+ Prelude.<*> (x Data..:? "CloudHsmClusterId")+ Prelude.<*> (x Data..:? "CreationDate")+ Prelude.<*> (x Data..:? "CustomKeyStoreId")+ Prelude.<*> (x Data..:? "CustomerMasterKeySpec")+ Prelude.<*> (x Data..:? "DeletionDate")+ Prelude.<*> (x Data..:? "Description")+ Prelude.<*> (x Data..:? "Enabled")+ Prelude.<*> ( x+ Data..:? "EncryptionAlgorithms"+ Data..!= Prelude.mempty+ )+ Prelude.<*> (x Data..:? "ExpirationModel")+ Prelude.<*> (x Data..:? "KeyManager")+ Prelude.<*> (x Data..:? "KeySpec")+ Prelude.<*> (x Data..:? "KeyState")+ Prelude.<*> (x Data..:? "KeyUsage")+ Prelude.<*> (x Data..:? "MacAlgorithms" Data..!= Prelude.mempty)+ Prelude.<*> (x Data..:? "MultiRegion")+ Prelude.<*> (x Data..:? "MultiRegionConfiguration")+ Prelude.<*> (x Data..:? "Origin")+ Prelude.<*> (x Data..:? "PendingDeletionWindowInDays")+ Prelude.<*> ( x+ Data..:? "SigningAlgorithms"+ Data..!= Prelude.mempty+ )+ Prelude.<*> (x Data..:? "ValidTo")+ Prelude.<*> (x Data..:? "XksKeyConfiguration")+ Prelude.<*> (x Data..: "KeyId")+ )++instance Prelude.Hashable KeyMetadata where+ hashWithSalt _salt KeyMetadata' {..} =+ _salt+ `Prelude.hashWithSalt` aWSAccountId+ `Prelude.hashWithSalt` arn+ `Prelude.hashWithSalt` cloudHsmClusterId+ `Prelude.hashWithSalt` creationDate+ `Prelude.hashWithSalt` customKeyStoreId+ `Prelude.hashWithSalt` customerMasterKeySpec+ `Prelude.hashWithSalt` deletionDate+ `Prelude.hashWithSalt` description+ `Prelude.hashWithSalt` enabled+ `Prelude.hashWithSalt` encryptionAlgorithms+ `Prelude.hashWithSalt` expirationModel+ `Prelude.hashWithSalt` keyManager+ `Prelude.hashWithSalt` keySpec+ `Prelude.hashWithSalt` keyState+ `Prelude.hashWithSalt` keyUsage+ `Prelude.hashWithSalt` macAlgorithms+ `Prelude.hashWithSalt` multiRegion+ `Prelude.hashWithSalt` multiRegionConfiguration+ `Prelude.hashWithSalt` origin+ `Prelude.hashWithSalt` pendingDeletionWindowInDays+ `Prelude.hashWithSalt` signingAlgorithms+ `Prelude.hashWithSalt` validTo+ `Prelude.hashWithSalt` xksKeyConfiguration+ `Prelude.hashWithSalt` keyId++instance Prelude.NFData KeyMetadata where+ rnf KeyMetadata' {..} =+ Prelude.rnf aWSAccountId+ `Prelude.seq` Prelude.rnf arn+ `Prelude.seq` Prelude.rnf cloudHsmClusterId+ `Prelude.seq` Prelude.rnf creationDate+ `Prelude.seq` Prelude.rnf customKeyStoreId+ `Prelude.seq` Prelude.rnf customerMasterKeySpec+ `Prelude.seq` Prelude.rnf deletionDate+ `Prelude.seq` Prelude.rnf description+ `Prelude.seq` Prelude.rnf enabled+ `Prelude.seq` Prelude.rnf encryptionAlgorithms+ `Prelude.seq` Prelude.rnf expirationModel+ `Prelude.seq` Prelude.rnf keyManager+ `Prelude.seq` Prelude.rnf keySpec+ `Prelude.seq` Prelude.rnf keyState+ `Prelude.seq` Prelude.rnf keyUsage+ `Prelude.seq` Prelude.rnf macAlgorithms+ `Prelude.seq` Prelude.rnf multiRegion+ `Prelude.seq` Prelude.rnf+ multiRegionConfiguration+ `Prelude.seq` Prelude.rnf origin+ `Prelude.seq` Prelude.rnf+ pendingDeletionWindowInDays+ `Prelude.seq` Prelude.rnf+ signingAlgorithms+ `Prelude.seq` Prelude.rnf validTo+ `Prelude.seq` Prelude.rnf+ xksKeyConfiguration+ `Prelude.seq` Prelude.rnf keyId
+ gen/Amazonka/KMS/Types/KeySpec.hs view
@@ -0,0 +1,123 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.KeySpec+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.KeySpec+ ( KeySpec+ ( ..,+ KeySpec_ECC_NIST_P256,+ KeySpec_ECC_NIST_P384,+ KeySpec_ECC_NIST_P521,+ KeySpec_ECC_SECG_P256K1,+ KeySpec_HMAC_224,+ KeySpec_HMAC_256,+ KeySpec_HMAC_384,+ KeySpec_HMAC_512,+ KeySpec_RSA_2048,+ KeySpec_RSA_3072,+ KeySpec_RSA_4096,+ KeySpec_SM2,+ KeySpec_SYMMETRIC_DEFAULT+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype KeySpec = KeySpec' {fromKeySpec :: Data.Text}+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern KeySpec_ECC_NIST_P256 :: KeySpec+pattern KeySpec_ECC_NIST_P256 = KeySpec' "ECC_NIST_P256"++pattern KeySpec_ECC_NIST_P384 :: KeySpec+pattern KeySpec_ECC_NIST_P384 = KeySpec' "ECC_NIST_P384"++pattern KeySpec_ECC_NIST_P521 :: KeySpec+pattern KeySpec_ECC_NIST_P521 = KeySpec' "ECC_NIST_P521"++pattern KeySpec_ECC_SECG_P256K1 :: KeySpec+pattern KeySpec_ECC_SECG_P256K1 = KeySpec' "ECC_SECG_P256K1"++pattern KeySpec_HMAC_224 :: KeySpec+pattern KeySpec_HMAC_224 = KeySpec' "HMAC_224"++pattern KeySpec_HMAC_256 :: KeySpec+pattern KeySpec_HMAC_256 = KeySpec' "HMAC_256"++pattern KeySpec_HMAC_384 :: KeySpec+pattern KeySpec_HMAC_384 = KeySpec' "HMAC_384"++pattern KeySpec_HMAC_512 :: KeySpec+pattern KeySpec_HMAC_512 = KeySpec' "HMAC_512"++pattern KeySpec_RSA_2048 :: KeySpec+pattern KeySpec_RSA_2048 = KeySpec' "RSA_2048"++pattern KeySpec_RSA_3072 :: KeySpec+pattern KeySpec_RSA_3072 = KeySpec' "RSA_3072"++pattern KeySpec_RSA_4096 :: KeySpec+pattern KeySpec_RSA_4096 = KeySpec' "RSA_4096"++pattern KeySpec_SM2 :: KeySpec+pattern KeySpec_SM2 = KeySpec' "SM2"++pattern KeySpec_SYMMETRIC_DEFAULT :: KeySpec+pattern KeySpec_SYMMETRIC_DEFAULT = KeySpec' "SYMMETRIC_DEFAULT"++{-# COMPLETE+ KeySpec_ECC_NIST_P256,+ KeySpec_ECC_NIST_P384,+ KeySpec_ECC_NIST_P521,+ KeySpec_ECC_SECG_P256K1,+ KeySpec_HMAC_224,+ KeySpec_HMAC_256,+ KeySpec_HMAC_384,+ KeySpec_HMAC_512,+ KeySpec_RSA_2048,+ KeySpec_RSA_3072,+ KeySpec_RSA_4096,+ KeySpec_SM2,+ KeySpec_SYMMETRIC_DEFAULT,+ KeySpec'+ #-}
+ gen/Amazonka/KMS/Types/KeyState.hs view
@@ -0,0 +1,101 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.KeyState+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.KeyState+ ( KeyState+ ( ..,+ KeyState_Creating,+ KeyState_Disabled,+ KeyState_Enabled,+ KeyState_PendingDeletion,+ KeyState_PendingImport,+ KeyState_PendingReplicaDeletion,+ KeyState_Unavailable,+ KeyState_Updating+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype KeyState = KeyState'+ { fromKeyState ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern KeyState_Creating :: KeyState+pattern KeyState_Creating = KeyState' "Creating"++pattern KeyState_Disabled :: KeyState+pattern KeyState_Disabled = KeyState' "Disabled"++pattern KeyState_Enabled :: KeyState+pattern KeyState_Enabled = KeyState' "Enabled"++pattern KeyState_PendingDeletion :: KeyState+pattern KeyState_PendingDeletion = KeyState' "PendingDeletion"++pattern KeyState_PendingImport :: KeyState+pattern KeyState_PendingImport = KeyState' "PendingImport"++pattern KeyState_PendingReplicaDeletion :: KeyState+pattern KeyState_PendingReplicaDeletion = KeyState' "PendingReplicaDeletion"++pattern KeyState_Unavailable :: KeyState+pattern KeyState_Unavailable = KeyState' "Unavailable"++pattern KeyState_Updating :: KeyState+pattern KeyState_Updating = KeyState' "Updating"++{-# COMPLETE+ KeyState_Creating,+ KeyState_Disabled,+ KeyState_Enabled,+ KeyState_PendingDeletion,+ KeyState_PendingImport,+ KeyState_PendingReplicaDeletion,+ KeyState_Unavailable,+ KeyState_Updating,+ KeyState'+ #-}
+ gen/Amazonka/KMS/Types/KeyUsageType.hs view
@@ -0,0 +1,76 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.KeyUsageType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.KeyUsageType+ ( KeyUsageType+ ( ..,+ KeyUsageType_ENCRYPT_DECRYPT,+ KeyUsageType_GENERATE_VERIFY_MAC,+ KeyUsageType_SIGN_VERIFY+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype KeyUsageType = KeyUsageType'+ { fromKeyUsageType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern KeyUsageType_ENCRYPT_DECRYPT :: KeyUsageType+pattern KeyUsageType_ENCRYPT_DECRYPT = KeyUsageType' "ENCRYPT_DECRYPT"++pattern KeyUsageType_GENERATE_VERIFY_MAC :: KeyUsageType+pattern KeyUsageType_GENERATE_VERIFY_MAC = KeyUsageType' "GENERATE_VERIFY_MAC"++pattern KeyUsageType_SIGN_VERIFY :: KeyUsageType+pattern KeyUsageType_SIGN_VERIFY = KeyUsageType' "SIGN_VERIFY"++{-# COMPLETE+ KeyUsageType_ENCRYPT_DECRYPT,+ KeyUsageType_GENERATE_VERIFY_MAC,+ KeyUsageType_SIGN_VERIFY,+ KeyUsageType'+ #-}
+ gen/Amazonka/KMS/Types/ListGrantsResponse.hs view
@@ -0,0 +1,107 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.ListGrantsResponse+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.ListGrantsResponse where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types.GrantListEntry+import qualified Amazonka.Prelude as Prelude++-- | /See:/ 'newListGrantsResponse' smart constructor.+data ListGrantsResponse = ListGrantsResponse'+ { -- | A list of grants.+ grants :: Prelude.Maybe [GrantListEntry],+ -- | When @Truncated@ is true, this element is present and contains the value+ -- to use for the @Marker@ parameter in a subsequent request.+ nextMarker :: Prelude.Maybe Prelude.Text,+ -- | A flag that indicates whether there are more items in the list. When+ -- this value is true, the list in this response is truncated. To get more+ -- items, pass the value of the @NextMarker@ element in thisresponse to the+ -- @Marker@ parameter in a subsequent request.+ truncated :: Prelude.Maybe Prelude.Bool+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'ListGrantsResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grants', 'listGrantsResponse_grants' - A list of grants.+--+-- 'nextMarker', 'listGrantsResponse_nextMarker' - When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+--+-- 'truncated', 'listGrantsResponse_truncated' - A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+newListGrantsResponse ::+ ListGrantsResponse+newListGrantsResponse =+ ListGrantsResponse'+ { grants = Prelude.Nothing,+ nextMarker = Prelude.Nothing,+ truncated = Prelude.Nothing+ }++-- | A list of grants.+listGrantsResponse_grants :: Lens.Lens' ListGrantsResponse (Prelude.Maybe [GrantListEntry])+listGrantsResponse_grants = Lens.lens (\ListGrantsResponse' {grants} -> grants) (\s@ListGrantsResponse' {} a -> s {grants = a} :: ListGrantsResponse) Prelude.. Lens.mapping Lens.coerced++-- | When @Truncated@ is true, this element is present and contains the value+-- to use for the @Marker@ parameter in a subsequent request.+listGrantsResponse_nextMarker :: Lens.Lens' ListGrantsResponse (Prelude.Maybe Prelude.Text)+listGrantsResponse_nextMarker = Lens.lens (\ListGrantsResponse' {nextMarker} -> nextMarker) (\s@ListGrantsResponse' {} a -> s {nextMarker = a} :: ListGrantsResponse)++-- | A flag that indicates whether there are more items in the list. When+-- this value is true, the list in this response is truncated. To get more+-- items, pass the value of the @NextMarker@ element in thisresponse to the+-- @Marker@ parameter in a subsequent request.+listGrantsResponse_truncated :: Lens.Lens' ListGrantsResponse (Prelude.Maybe Prelude.Bool)+listGrantsResponse_truncated = Lens.lens (\ListGrantsResponse' {truncated} -> truncated) (\s@ListGrantsResponse' {} a -> s {truncated = a} :: ListGrantsResponse)++instance Data.FromJSON ListGrantsResponse where+ parseJSON =+ Data.withObject+ "ListGrantsResponse"+ ( \x ->+ ListGrantsResponse'+ Prelude.<$> (x Data..:? "Grants" Data..!= Prelude.mempty)+ Prelude.<*> (x Data..:? "NextMarker")+ Prelude.<*> (x Data..:? "Truncated")+ )++instance Prelude.Hashable ListGrantsResponse where+ hashWithSalt _salt ListGrantsResponse' {..} =+ _salt+ `Prelude.hashWithSalt` grants+ `Prelude.hashWithSalt` nextMarker+ `Prelude.hashWithSalt` truncated++instance Prelude.NFData ListGrantsResponse where+ rnf ListGrantsResponse' {..} =+ Prelude.rnf grants+ `Prelude.seq` Prelude.rnf nextMarker+ `Prelude.seq` Prelude.rnf truncated
+ gen/Amazonka/KMS/Types/MacAlgorithmSpec.hs view
@@ -0,0 +1,81 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.MacAlgorithmSpec+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.MacAlgorithmSpec+ ( MacAlgorithmSpec+ ( ..,+ MacAlgorithmSpec_HMAC_SHA_224,+ MacAlgorithmSpec_HMAC_SHA_256,+ MacAlgorithmSpec_HMAC_SHA_384,+ MacAlgorithmSpec_HMAC_SHA_512+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype MacAlgorithmSpec = MacAlgorithmSpec'+ { fromMacAlgorithmSpec ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern MacAlgorithmSpec_HMAC_SHA_224 :: MacAlgorithmSpec+pattern MacAlgorithmSpec_HMAC_SHA_224 = MacAlgorithmSpec' "HMAC_SHA_224"++pattern MacAlgorithmSpec_HMAC_SHA_256 :: MacAlgorithmSpec+pattern MacAlgorithmSpec_HMAC_SHA_256 = MacAlgorithmSpec' "HMAC_SHA_256"++pattern MacAlgorithmSpec_HMAC_SHA_384 :: MacAlgorithmSpec+pattern MacAlgorithmSpec_HMAC_SHA_384 = MacAlgorithmSpec' "HMAC_SHA_384"++pattern MacAlgorithmSpec_HMAC_SHA_512 :: MacAlgorithmSpec+pattern MacAlgorithmSpec_HMAC_SHA_512 = MacAlgorithmSpec' "HMAC_SHA_512"++{-# COMPLETE+ MacAlgorithmSpec_HMAC_SHA_224,+ MacAlgorithmSpec_HMAC_SHA_256,+ MacAlgorithmSpec_HMAC_SHA_384,+ MacAlgorithmSpec_HMAC_SHA_512,+ MacAlgorithmSpec'+ #-}
+ gen/Amazonka/KMS/Types/MessageType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.MessageType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.MessageType+ ( MessageType+ ( ..,+ MessageType_DIGEST,+ MessageType_RAW+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype MessageType = MessageType'+ { fromMessageType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern MessageType_DIGEST :: MessageType+pattern MessageType_DIGEST = MessageType' "DIGEST"++pattern MessageType_RAW :: MessageType+pattern MessageType_RAW = MessageType' "RAW"++{-# COMPLETE+ MessageType_DIGEST,+ MessageType_RAW,+ MessageType'+ #-}
+ gen/Amazonka/KMS/Types/MultiRegionConfiguration.hs view
@@ -0,0 +1,109 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.MultiRegionConfiguration+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.MultiRegionConfiguration where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types.MultiRegionKey+import Amazonka.KMS.Types.MultiRegionKeyType+import qualified Amazonka.Prelude as Prelude++-- | Describes the configuration of this multi-Region key. This field appears+-- only when the KMS key is a primary or replica of a multi-Region key.+--+-- For more information about any listed KMS key, use the DescribeKey+-- operation.+--+-- /See:/ 'newMultiRegionConfiguration' smart constructor.+data MultiRegionConfiguration = MultiRegionConfiguration'+ { -- | Indicates whether the KMS key is a @PRIMARY@ or @REPLICA@ key.+ multiRegionKeyType :: Prelude.Maybe MultiRegionKeyType,+ -- | Displays the key ARN and Region of the primary key. This field includes+ -- the current KMS key if it is the primary key.+ primaryKey :: Prelude.Maybe MultiRegionKey,+ -- | displays the key ARNs and Regions of all replica keys. This field+ -- includes the current KMS key if it is a replica key.+ replicaKeys :: Prelude.Maybe [MultiRegionKey]+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'MultiRegionConfiguration' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'multiRegionKeyType', 'multiRegionConfiguration_multiRegionKeyType' - Indicates whether the KMS key is a @PRIMARY@ or @REPLICA@ key.+--+-- 'primaryKey', 'multiRegionConfiguration_primaryKey' - Displays the key ARN and Region of the primary key. This field includes+-- the current KMS key if it is the primary key.+--+-- 'replicaKeys', 'multiRegionConfiguration_replicaKeys' - displays the key ARNs and Regions of all replica keys. This field+-- includes the current KMS key if it is a replica key.+newMultiRegionConfiguration ::+ MultiRegionConfiguration+newMultiRegionConfiguration =+ MultiRegionConfiguration'+ { multiRegionKeyType =+ Prelude.Nothing,+ primaryKey = Prelude.Nothing,+ replicaKeys = Prelude.Nothing+ }++-- | Indicates whether the KMS key is a @PRIMARY@ or @REPLICA@ key.+multiRegionConfiguration_multiRegionKeyType :: Lens.Lens' MultiRegionConfiguration (Prelude.Maybe MultiRegionKeyType)+multiRegionConfiguration_multiRegionKeyType = Lens.lens (\MultiRegionConfiguration' {multiRegionKeyType} -> multiRegionKeyType) (\s@MultiRegionConfiguration' {} a -> s {multiRegionKeyType = a} :: MultiRegionConfiguration)++-- | Displays the key ARN and Region of the primary key. This field includes+-- the current KMS key if it is the primary key.+multiRegionConfiguration_primaryKey :: Lens.Lens' MultiRegionConfiguration (Prelude.Maybe MultiRegionKey)+multiRegionConfiguration_primaryKey = Lens.lens (\MultiRegionConfiguration' {primaryKey} -> primaryKey) (\s@MultiRegionConfiguration' {} a -> s {primaryKey = a} :: MultiRegionConfiguration)++-- | displays the key ARNs and Regions of all replica keys. This field+-- includes the current KMS key if it is a replica key.+multiRegionConfiguration_replicaKeys :: Lens.Lens' MultiRegionConfiguration (Prelude.Maybe [MultiRegionKey])+multiRegionConfiguration_replicaKeys = Lens.lens (\MultiRegionConfiguration' {replicaKeys} -> replicaKeys) (\s@MultiRegionConfiguration' {} a -> s {replicaKeys = a} :: MultiRegionConfiguration) Prelude.. Lens.mapping Lens.coerced++instance Data.FromJSON MultiRegionConfiguration where+ parseJSON =+ Data.withObject+ "MultiRegionConfiguration"+ ( \x ->+ MultiRegionConfiguration'+ Prelude.<$> (x Data..:? "MultiRegionKeyType")+ Prelude.<*> (x Data..:? "PrimaryKey")+ Prelude.<*> (x Data..:? "ReplicaKeys" Data..!= Prelude.mempty)+ )++instance Prelude.Hashable MultiRegionConfiguration where+ hashWithSalt _salt MultiRegionConfiguration' {..} =+ _salt+ `Prelude.hashWithSalt` multiRegionKeyType+ `Prelude.hashWithSalt` primaryKey+ `Prelude.hashWithSalt` replicaKeys++instance Prelude.NFData MultiRegionConfiguration where+ rnf MultiRegionConfiguration' {..} =+ Prelude.rnf multiRegionKeyType+ `Prelude.seq` Prelude.rnf primaryKey+ `Prelude.seq` Prelude.rnf replicaKeys
+ gen/Amazonka/KMS/Types/MultiRegionKey.hs view
@@ -0,0 +1,86 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.MultiRegionKey+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.MultiRegionKey where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | Describes the primary or replica key in a multi-Region key.+--+-- /See:/ 'newMultiRegionKey' smart constructor.+data MultiRegionKey = MultiRegionKey'+ { -- | Displays the key ARN of a primary or replica key of a multi-Region key.+ arn :: Prelude.Maybe Prelude.Text,+ -- | Displays the Amazon Web Services Region of a primary or replica key in a+ -- multi-Region key.+ region :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'MultiRegionKey' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'arn', 'multiRegionKey_arn' - Displays the key ARN of a primary or replica key of a multi-Region key.+--+-- 'region', 'multiRegionKey_region' - Displays the Amazon Web Services Region of a primary or replica key in a+-- multi-Region key.+newMultiRegionKey ::+ MultiRegionKey+newMultiRegionKey =+ MultiRegionKey'+ { arn = Prelude.Nothing,+ region = Prelude.Nothing+ }++-- | Displays the key ARN of a primary or replica key of a multi-Region key.+multiRegionKey_arn :: Lens.Lens' MultiRegionKey (Prelude.Maybe Prelude.Text)+multiRegionKey_arn = Lens.lens (\MultiRegionKey' {arn} -> arn) (\s@MultiRegionKey' {} a -> s {arn = a} :: MultiRegionKey)++-- | Displays the Amazon Web Services Region of a primary or replica key in a+-- multi-Region key.+multiRegionKey_region :: Lens.Lens' MultiRegionKey (Prelude.Maybe Prelude.Text)+multiRegionKey_region = Lens.lens (\MultiRegionKey' {region} -> region) (\s@MultiRegionKey' {} a -> s {region = a} :: MultiRegionKey)++instance Data.FromJSON MultiRegionKey where+ parseJSON =+ Data.withObject+ "MultiRegionKey"+ ( \x ->+ MultiRegionKey'+ Prelude.<$> (x Data..:? "Arn")+ Prelude.<*> (x Data..:? "Region")+ )++instance Prelude.Hashable MultiRegionKey where+ hashWithSalt _salt MultiRegionKey' {..} =+ _salt+ `Prelude.hashWithSalt` arn+ `Prelude.hashWithSalt` region++instance Prelude.NFData MultiRegionKey where+ rnf MultiRegionKey' {..} =+ Prelude.rnf arn `Prelude.seq` Prelude.rnf region
+ gen/Amazonka/KMS/Types/MultiRegionKeyType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.MultiRegionKeyType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.MultiRegionKeyType+ ( MultiRegionKeyType+ ( ..,+ MultiRegionKeyType_PRIMARY,+ MultiRegionKeyType_REPLICA+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype MultiRegionKeyType = MultiRegionKeyType'+ { fromMultiRegionKeyType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern MultiRegionKeyType_PRIMARY :: MultiRegionKeyType+pattern MultiRegionKeyType_PRIMARY = MultiRegionKeyType' "PRIMARY"++pattern MultiRegionKeyType_REPLICA :: MultiRegionKeyType+pattern MultiRegionKeyType_REPLICA = MultiRegionKeyType' "REPLICA"++{-# COMPLETE+ MultiRegionKeyType_PRIMARY,+ MultiRegionKeyType_REPLICA,+ MultiRegionKeyType'+ #-}
+ gen/Amazonka/KMS/Types/OriginType.hs view
@@ -0,0 +1,81 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.OriginType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.OriginType+ ( OriginType+ ( ..,+ OriginType_AWS_CLOUDHSM,+ OriginType_AWS_KMS,+ OriginType_EXTERNAL,+ OriginType_EXTERNAL_KEY_STORE+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype OriginType = OriginType'+ { fromOriginType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern OriginType_AWS_CLOUDHSM :: OriginType+pattern OriginType_AWS_CLOUDHSM = OriginType' "AWS_CLOUDHSM"++pattern OriginType_AWS_KMS :: OriginType+pattern OriginType_AWS_KMS = OriginType' "AWS_KMS"++pattern OriginType_EXTERNAL :: OriginType+pattern OriginType_EXTERNAL = OriginType' "EXTERNAL"++pattern OriginType_EXTERNAL_KEY_STORE :: OriginType+pattern OriginType_EXTERNAL_KEY_STORE = OriginType' "EXTERNAL_KEY_STORE"++{-# COMPLETE+ OriginType_AWS_CLOUDHSM,+ OriginType_AWS_KMS,+ OriginType_EXTERNAL,+ OriginType_EXTERNAL_KEY_STORE,+ OriginType'+ #-}
+ gen/Amazonka/KMS/Types/SigningAlgorithmSpec.hs view
@@ -0,0 +1,111 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.SigningAlgorithmSpec+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.SigningAlgorithmSpec+ ( SigningAlgorithmSpec+ ( ..,+ SigningAlgorithmSpec_ECDSA_SHA_256,+ SigningAlgorithmSpec_ECDSA_SHA_384,+ SigningAlgorithmSpec_ECDSA_SHA_512,+ SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256,+ SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384,+ SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512,+ SigningAlgorithmSpec_RSASSA_PSS_SHA_256,+ SigningAlgorithmSpec_RSASSA_PSS_SHA_384,+ SigningAlgorithmSpec_RSASSA_PSS_SHA_512,+ SigningAlgorithmSpec_SM2DSA+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype SigningAlgorithmSpec = SigningAlgorithmSpec'+ { fromSigningAlgorithmSpec ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern SigningAlgorithmSpec_ECDSA_SHA_256 :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_ECDSA_SHA_256 = SigningAlgorithmSpec' "ECDSA_SHA_256"++pattern SigningAlgorithmSpec_ECDSA_SHA_384 :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_ECDSA_SHA_384 = SigningAlgorithmSpec' "ECDSA_SHA_384"++pattern SigningAlgorithmSpec_ECDSA_SHA_512 :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_ECDSA_SHA_512 = SigningAlgorithmSpec' "ECDSA_SHA_512"++pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256 :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256 = SigningAlgorithmSpec' "RSASSA_PKCS1_V1_5_SHA_256"++pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384 :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384 = SigningAlgorithmSpec' "RSASSA_PKCS1_V1_5_SHA_384"++pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512 :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512 = SigningAlgorithmSpec' "RSASSA_PKCS1_V1_5_SHA_512"++pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_256 :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_256 = SigningAlgorithmSpec' "RSASSA_PSS_SHA_256"++pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_384 :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_384 = SigningAlgorithmSpec' "RSASSA_PSS_SHA_384"++pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_512 :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_RSASSA_PSS_SHA_512 = SigningAlgorithmSpec' "RSASSA_PSS_SHA_512"++pattern SigningAlgorithmSpec_SM2DSA :: SigningAlgorithmSpec+pattern SigningAlgorithmSpec_SM2DSA = SigningAlgorithmSpec' "SM2DSA"++{-# COMPLETE+ SigningAlgorithmSpec_ECDSA_SHA_256,+ SigningAlgorithmSpec_ECDSA_SHA_384,+ SigningAlgorithmSpec_ECDSA_SHA_512,+ SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_256,+ SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_384,+ SigningAlgorithmSpec_RSASSA_PKCS1_V1_5_SHA_512,+ SigningAlgorithmSpec_RSASSA_PSS_SHA_256,+ SigningAlgorithmSpec_RSASSA_PSS_SHA_384,+ SigningAlgorithmSpec_RSASSA_PSS_SHA_512,+ SigningAlgorithmSpec_SM2DSA,+ SigningAlgorithmSpec'+ #-}
+ gen/Amazonka/KMS/Types/Tag.hs view
@@ -0,0 +1,101 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.Tag+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.Tag where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | A key-value pair. A tag consists of a tag key and a tag value. Tag keys+-- and tag values are both required, but tag values can be empty (null)+-- strings.+--+-- For information about the rules that apply to tag keys and tag values,+-- see+-- <https://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html User-Defined Tag Restrictions>+-- in the /Amazon Web Services Billing and Cost Management User Guide/.+--+-- /See:/ 'newTag' smart constructor.+data Tag = Tag'+ { -- | The key of the tag.+ tagKey :: Prelude.Text,+ -- | The value of the tag.+ tagValue :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Tag' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'tagKey', 'tag_tagKey' - The key of the tag.+--+-- 'tagValue', 'tag_tagValue' - The value of the tag.+newTag ::+ -- | 'tagKey'+ Prelude.Text ->+ -- | 'tagValue'+ Prelude.Text ->+ Tag+newTag pTagKey_ pTagValue_ =+ Tag' {tagKey = pTagKey_, tagValue = pTagValue_}++-- | The key of the tag.+tag_tagKey :: Lens.Lens' Tag Prelude.Text+tag_tagKey = Lens.lens (\Tag' {tagKey} -> tagKey) (\s@Tag' {} a -> s {tagKey = a} :: Tag)++-- | The value of the tag.+tag_tagValue :: Lens.Lens' Tag Prelude.Text+tag_tagValue = Lens.lens (\Tag' {tagValue} -> tagValue) (\s@Tag' {} a -> s {tagValue = a} :: Tag)++instance Data.FromJSON Tag where+ parseJSON =+ Data.withObject+ "Tag"+ ( \x ->+ Tag'+ Prelude.<$> (x Data..: "TagKey")+ Prelude.<*> (x Data..: "TagValue")+ )++instance Prelude.Hashable Tag where+ hashWithSalt _salt Tag' {..} =+ _salt+ `Prelude.hashWithSalt` tagKey+ `Prelude.hashWithSalt` tagValue++instance Prelude.NFData Tag where+ rnf Tag' {..} =+ Prelude.rnf tagKey+ `Prelude.seq` Prelude.rnf tagValue++instance Data.ToJSON Tag where+ toJSON Tag' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("TagKey" Data..= tagKey),+ Prelude.Just ("TagValue" Data..= tagValue)+ ]+ )
+ gen/Amazonka/KMS/Types/WrappingKeySpec.hs view
@@ -0,0 +1,66 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.WrappingKeySpec+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.WrappingKeySpec+ ( WrappingKeySpec+ ( ..,+ WrappingKeySpec_RSA_2048+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype WrappingKeySpec = WrappingKeySpec'+ { fromWrappingKeySpec ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern WrappingKeySpec_RSA_2048 :: WrappingKeySpec+pattern WrappingKeySpec_RSA_2048 = WrappingKeySpec' "RSA_2048"++{-# COMPLETE+ WrappingKeySpec_RSA_2048,+ WrappingKeySpec'+ #-}
+ gen/Amazonka/KMS/Types/XksKeyConfigurationType.hs view
@@ -0,0 +1,84 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.XksKeyConfigurationType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.XksKeyConfigurationType where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | Information about the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key external key>+-- that is associated with a KMS key in an external key store.+--+-- This element appears in a CreateKey or DescribeKey response only for a+-- KMS key in an external key store.+--+-- The /external key/ is a symmetric encryption key that is hosted by an+-- external key manager outside of Amazon Web Services. When you use the+-- KMS key in an external key store in a cryptographic operation, the+-- cryptographic operation is performed in the external key manager using+-- the specified external key. For more information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key External key>+-- in the /Key Management Service Developer Guide/.+--+-- /See:/ 'newXksKeyConfigurationType' smart constructor.+data XksKeyConfigurationType = XksKeyConfigurationType'+ { -- | The ID of the external key in its external key manager. This is the ID+ -- that the external key store proxy uses to identify the external key.+ id :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'XksKeyConfigurationType' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'id', 'xksKeyConfigurationType_id' - The ID of the external key in its external key manager. This is the ID+-- that the external key store proxy uses to identify the external key.+newXksKeyConfigurationType ::+ XksKeyConfigurationType+newXksKeyConfigurationType =+ XksKeyConfigurationType' {id = Prelude.Nothing}++-- | The ID of the external key in its external key manager. This is the ID+-- that the external key store proxy uses to identify the external key.+xksKeyConfigurationType_id :: Lens.Lens' XksKeyConfigurationType (Prelude.Maybe Prelude.Text)+xksKeyConfigurationType_id = Lens.lens (\XksKeyConfigurationType' {id} -> id) (\s@XksKeyConfigurationType' {} a -> s {id = a} :: XksKeyConfigurationType)++instance Data.FromJSON XksKeyConfigurationType where+ parseJSON =+ Data.withObject+ "XksKeyConfigurationType"+ ( \x ->+ XksKeyConfigurationType'+ Prelude.<$> (x Data..:? "Id")+ )++instance Prelude.Hashable XksKeyConfigurationType where+ hashWithSalt _salt XksKeyConfigurationType' {..} =+ _salt `Prelude.hashWithSalt` id++instance Prelude.NFData XksKeyConfigurationType where+ rnf XksKeyConfigurationType' {..} = Prelude.rnf id
+ gen/Amazonka/KMS/Types/XksProxyAuthenticationCredentialType.hs view
@@ -0,0 +1,113 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.XksProxyAuthenticationCredentialType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.XksProxyAuthenticationCredentialType where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++-- | KMS uses the authentication credential to sign requests that it sends to+-- the external key store proxy (XKS proxy) on your behalf. You establish+-- these credentials on your external key store proxy and report them to+-- KMS.+--+-- The @XksProxyAuthenticationCredential@ includes two required elements.+--+-- /See:/ 'newXksProxyAuthenticationCredentialType' smart constructor.+data XksProxyAuthenticationCredentialType = XksProxyAuthenticationCredentialType'+ { -- | A unique identifier for the raw secret access key.+ accessKeyId :: Data.Sensitive Prelude.Text,+ -- | A secret string of 43-64 characters. Valid characters are a-z, A-Z, 0-9,+ -- \/, +, and =.+ rawSecretAccessKey :: Data.Sensitive Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'XksProxyAuthenticationCredentialType' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'accessKeyId', 'xksProxyAuthenticationCredentialType_accessKeyId' - A unique identifier for the raw secret access key.+--+-- 'rawSecretAccessKey', 'xksProxyAuthenticationCredentialType_rawSecretAccessKey' - A secret string of 43-64 characters. Valid characters are a-z, A-Z, 0-9,+-- \/, +, and =.+newXksProxyAuthenticationCredentialType ::+ -- | 'accessKeyId'+ Prelude.Text ->+ -- | 'rawSecretAccessKey'+ Prelude.Text ->+ XksProxyAuthenticationCredentialType+newXksProxyAuthenticationCredentialType+ pAccessKeyId_+ pRawSecretAccessKey_ =+ XksProxyAuthenticationCredentialType'+ { accessKeyId =+ Data._Sensitive+ Lens.# pAccessKeyId_,+ rawSecretAccessKey =+ Data._Sensitive+ Lens.# pRawSecretAccessKey_+ }++-- | A unique identifier for the raw secret access key.+xksProxyAuthenticationCredentialType_accessKeyId :: Lens.Lens' XksProxyAuthenticationCredentialType Prelude.Text+xksProxyAuthenticationCredentialType_accessKeyId = Lens.lens (\XksProxyAuthenticationCredentialType' {accessKeyId} -> accessKeyId) (\s@XksProxyAuthenticationCredentialType' {} a -> s {accessKeyId = a} :: XksProxyAuthenticationCredentialType) Prelude.. Data._Sensitive++-- | A secret string of 43-64 characters. Valid characters are a-z, A-Z, 0-9,+-- \/, +, and =.+xksProxyAuthenticationCredentialType_rawSecretAccessKey :: Lens.Lens' XksProxyAuthenticationCredentialType Prelude.Text+xksProxyAuthenticationCredentialType_rawSecretAccessKey = Lens.lens (\XksProxyAuthenticationCredentialType' {rawSecretAccessKey} -> rawSecretAccessKey) (\s@XksProxyAuthenticationCredentialType' {} a -> s {rawSecretAccessKey = a} :: XksProxyAuthenticationCredentialType) Prelude.. Data._Sensitive++instance+ Prelude.Hashable+ XksProxyAuthenticationCredentialType+ where+ hashWithSalt+ _salt+ XksProxyAuthenticationCredentialType' {..} =+ _salt+ `Prelude.hashWithSalt` accessKeyId+ `Prelude.hashWithSalt` rawSecretAccessKey++instance+ Prelude.NFData+ XksProxyAuthenticationCredentialType+ where+ rnf XksProxyAuthenticationCredentialType' {..} =+ Prelude.rnf accessKeyId+ `Prelude.seq` Prelude.rnf rawSecretAccessKey++instance+ Data.ToJSON+ XksProxyAuthenticationCredentialType+ where+ toJSON XksProxyAuthenticationCredentialType' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("AccessKeyId" Data..= accessKeyId),+ Prelude.Just+ ("RawSecretAccessKey" Data..= rawSecretAccessKey)+ ]+ )
+ gen/Amazonka/KMS/Types/XksProxyConfigurationType.hs view
@@ -0,0 +1,162 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.XksProxyConfigurationType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.XksProxyConfigurationType where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types.XksProxyConnectivityType+import qualified Amazonka.Prelude as Prelude++-- | Detailed information about the external key store proxy (XKS proxy).+-- Your external key store proxy translates KMS requests into a format that+-- your external key manager can understand. These fields appear in a+-- DescribeCustomKeyStores response only when the @CustomKeyStoreType@ is+-- @EXTERNAL_KEY_STORE@.+--+-- /See:/ 'newXksProxyConfigurationType' smart constructor.+data XksProxyConfigurationType = XksProxyConfigurationType'+ { -- | The part of the external key store+ -- <https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html#KMS-CreateCustomKeyStore-request-XksProxyAuthenticationCredential proxy authentication credential>+ -- that uniquely identifies the secret access key.+ accessKeyId :: Prelude.Maybe (Data.Sensitive Prelude.Text),+ -- | Indicates whether the external key store proxy uses a public endpoint or+ -- an Amazon VPC endpoint service to communicate with KMS.+ connectivity :: Prelude.Maybe XksProxyConnectivityType,+ -- | The URI endpoint for the external key store proxy.+ --+ -- If the external key store proxy has a public endpoint, it is displayed+ -- here.+ --+ -- If the external key store proxy uses an Amazon VPC endpoint service+ -- name, this field displays the private DNS name associated with the VPC+ -- endpoint service.+ uriEndpoint :: Prelude.Maybe Prelude.Text,+ -- | The path to the external key store proxy APIs.+ uriPath :: Prelude.Maybe Prelude.Text,+ -- | The Amazon VPC endpoint service used to communicate with the external+ -- key store proxy. This field appears only when the external key store+ -- proxy uses an Amazon VPC endpoint service to communicate with KMS.+ vpcEndpointServiceName :: Prelude.Maybe Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'XksProxyConfigurationType' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'accessKeyId', 'xksProxyConfigurationType_accessKeyId' - The part of the external key store+-- <https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html#KMS-CreateCustomKeyStore-request-XksProxyAuthenticationCredential proxy authentication credential>+-- that uniquely identifies the secret access key.+--+-- 'connectivity', 'xksProxyConfigurationType_connectivity' - Indicates whether the external key store proxy uses a public endpoint or+-- an Amazon VPC endpoint service to communicate with KMS.+--+-- 'uriEndpoint', 'xksProxyConfigurationType_uriEndpoint' - The URI endpoint for the external key store proxy.+--+-- If the external key store proxy has a public endpoint, it is displayed+-- here.+--+-- If the external key store proxy uses an Amazon VPC endpoint service+-- name, this field displays the private DNS name associated with the VPC+-- endpoint service.+--+-- 'uriPath', 'xksProxyConfigurationType_uriPath' - The path to the external key store proxy APIs.+--+-- 'vpcEndpointServiceName', 'xksProxyConfigurationType_vpcEndpointServiceName' - The Amazon VPC endpoint service used to communicate with the external+-- key store proxy. This field appears only when the external key store+-- proxy uses an Amazon VPC endpoint service to communicate with KMS.+newXksProxyConfigurationType ::+ XksProxyConfigurationType+newXksProxyConfigurationType =+ XksProxyConfigurationType'+ { accessKeyId =+ Prelude.Nothing,+ connectivity = Prelude.Nothing,+ uriEndpoint = Prelude.Nothing,+ uriPath = Prelude.Nothing,+ vpcEndpointServiceName = Prelude.Nothing+ }++-- | The part of the external key store+-- <https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateCustomKeyStore.html#KMS-CreateCustomKeyStore-request-XksProxyAuthenticationCredential proxy authentication credential>+-- that uniquely identifies the secret access key.+xksProxyConfigurationType_accessKeyId :: Lens.Lens' XksProxyConfigurationType (Prelude.Maybe Prelude.Text)+xksProxyConfigurationType_accessKeyId = Lens.lens (\XksProxyConfigurationType' {accessKeyId} -> accessKeyId) (\s@XksProxyConfigurationType' {} a -> s {accessKeyId = a} :: XksProxyConfigurationType) Prelude.. Lens.mapping Data._Sensitive++-- | Indicates whether the external key store proxy uses a public endpoint or+-- an Amazon VPC endpoint service to communicate with KMS.+xksProxyConfigurationType_connectivity :: Lens.Lens' XksProxyConfigurationType (Prelude.Maybe XksProxyConnectivityType)+xksProxyConfigurationType_connectivity = Lens.lens (\XksProxyConfigurationType' {connectivity} -> connectivity) (\s@XksProxyConfigurationType' {} a -> s {connectivity = a} :: XksProxyConfigurationType)++-- | The URI endpoint for the external key store proxy.+--+-- If the external key store proxy has a public endpoint, it is displayed+-- here.+--+-- If the external key store proxy uses an Amazon VPC endpoint service+-- name, this field displays the private DNS name associated with the VPC+-- endpoint service.+xksProxyConfigurationType_uriEndpoint :: Lens.Lens' XksProxyConfigurationType (Prelude.Maybe Prelude.Text)+xksProxyConfigurationType_uriEndpoint = Lens.lens (\XksProxyConfigurationType' {uriEndpoint} -> uriEndpoint) (\s@XksProxyConfigurationType' {} a -> s {uriEndpoint = a} :: XksProxyConfigurationType)++-- | The path to the external key store proxy APIs.+xksProxyConfigurationType_uriPath :: Lens.Lens' XksProxyConfigurationType (Prelude.Maybe Prelude.Text)+xksProxyConfigurationType_uriPath = Lens.lens (\XksProxyConfigurationType' {uriPath} -> uriPath) (\s@XksProxyConfigurationType' {} a -> s {uriPath = a} :: XksProxyConfigurationType)++-- | The Amazon VPC endpoint service used to communicate with the external+-- key store proxy. This field appears only when the external key store+-- proxy uses an Amazon VPC endpoint service to communicate with KMS.+xksProxyConfigurationType_vpcEndpointServiceName :: Lens.Lens' XksProxyConfigurationType (Prelude.Maybe Prelude.Text)+xksProxyConfigurationType_vpcEndpointServiceName = Lens.lens (\XksProxyConfigurationType' {vpcEndpointServiceName} -> vpcEndpointServiceName) (\s@XksProxyConfigurationType' {} a -> s {vpcEndpointServiceName = a} :: XksProxyConfigurationType)++instance Data.FromJSON XksProxyConfigurationType where+ parseJSON =+ Data.withObject+ "XksProxyConfigurationType"+ ( \x ->+ XksProxyConfigurationType'+ Prelude.<$> (x Data..:? "AccessKeyId")+ Prelude.<*> (x Data..:? "Connectivity")+ Prelude.<*> (x Data..:? "UriEndpoint")+ Prelude.<*> (x Data..:? "UriPath")+ Prelude.<*> (x Data..:? "VpcEndpointServiceName")+ )++instance Prelude.Hashable XksProxyConfigurationType where+ hashWithSalt _salt XksProxyConfigurationType' {..} =+ _salt+ `Prelude.hashWithSalt` accessKeyId+ `Prelude.hashWithSalt` connectivity+ `Prelude.hashWithSalt` uriEndpoint+ `Prelude.hashWithSalt` uriPath+ `Prelude.hashWithSalt` vpcEndpointServiceName++instance Prelude.NFData XksProxyConfigurationType where+ rnf XksProxyConfigurationType' {..} =+ Prelude.rnf accessKeyId+ `Prelude.seq` Prelude.rnf connectivity+ `Prelude.seq` Prelude.rnf uriEndpoint+ `Prelude.seq` Prelude.rnf uriPath+ `Prelude.seq` Prelude.rnf vpcEndpointServiceName
+ gen/Amazonka/KMS/Types/XksProxyConnectivityType.hs view
@@ -0,0 +1,71 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DerivingStrategies #-}+{-# LANGUAGE GeneralizedNewtypeDeriving #-}+{-# LANGUAGE LambdaCase #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE PatternSynonyms #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Types.XksProxyConnectivityType+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Types.XksProxyConnectivityType+ ( XksProxyConnectivityType+ ( ..,+ XksProxyConnectivityType_PUBLIC_ENDPOINT,+ XksProxyConnectivityType_VPC_ENDPOINT_SERVICE+ ),+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Data as Data+import qualified Amazonka.Prelude as Prelude++newtype XksProxyConnectivityType = XksProxyConnectivityType'+ { fromXksProxyConnectivityType ::+ Data.Text+ }+ deriving stock+ ( Prelude.Show,+ Prelude.Read,+ Prelude.Eq,+ Prelude.Ord,+ Prelude.Generic+ )+ deriving newtype+ ( Prelude.Hashable,+ Prelude.NFData,+ Data.FromText,+ Data.ToText,+ Data.ToByteString,+ Data.ToLog,+ Data.ToHeader,+ Data.ToQuery,+ Data.FromJSON,+ Data.FromJSONKey,+ Data.ToJSON,+ Data.ToJSONKey,+ Data.FromXML,+ Data.ToXML+ )++pattern XksProxyConnectivityType_PUBLIC_ENDPOINT :: XksProxyConnectivityType+pattern XksProxyConnectivityType_PUBLIC_ENDPOINT = XksProxyConnectivityType' "PUBLIC_ENDPOINT"++pattern XksProxyConnectivityType_VPC_ENDPOINT_SERVICE :: XksProxyConnectivityType+pattern XksProxyConnectivityType_VPC_ENDPOINT_SERVICE = XksProxyConnectivityType' "VPC_ENDPOINT_SERVICE"++{-# COMPLETE+ XksProxyConnectivityType_PUBLIC_ENDPOINT,+ XksProxyConnectivityType_VPC_ENDPOINT_SERVICE,+ XksProxyConnectivityType'+ #-}
+ gen/Amazonka/KMS/UntagResource.hs view
@@ -0,0 +1,223 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.UntagResource+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Deletes tags from a+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>.+-- To delete a tag, specify the tag key and the KMS key.+--+-- Tagging or untagging a KMS key can allow or deny permission to the KMS+-- key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- When it succeeds, the @UntagResource@ operation doesn\'t return any+-- output. Also, if the specified tag key isn\'t found on the KMS key, it+-- doesn\'t throw an exception or return a response. To confirm that the+-- operation worked, use the ListResourceTags operation.+--+-- For information about using tags in KMS, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/tagging-keys.html Tagging keys>.+-- For general information about tags, including the format and syntax, see+-- <https://docs.aws.amazon.com/general/latest/gr/aws_tagging.html Tagging Amazon Web Services resources>+-- in the /Amazon Web Services General Reference/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:UntagResource>+-- (key policy)+--+-- __Related operations__+--+-- - CreateKey+--+-- - ListResourceTags+--+-- - ReplicateKey+--+-- - TagResource+module Amazonka.KMS.UntagResource+ ( -- * Creating a Request+ UntagResource (..),+ newUntagResource,++ -- * Request Lenses+ untagResource_keyId,+ untagResource_tagKeys,++ -- * Destructuring the Response+ UntagResourceResponse (..),+ newUntagResourceResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUntagResource' smart constructor.+data UntagResource = UntagResource'+ { -- | Identifies the KMS key from which you are removing tags.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | One or more tag keys. Specify only the tag keys, not the tag values.+ tagKeys :: [Prelude.Text]+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UntagResource' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'untagResource_keyId' - Identifies the KMS key from which you are removing tags.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'tagKeys', 'untagResource_tagKeys' - One or more tag keys. Specify only the tag keys, not the tag values.+newUntagResource ::+ -- | 'keyId'+ Prelude.Text ->+ UntagResource+newUntagResource pKeyId_ =+ UntagResource'+ { keyId = pKeyId_,+ tagKeys = Prelude.mempty+ }++-- | Identifies the KMS key from which you are removing tags.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+untagResource_keyId :: Lens.Lens' UntagResource Prelude.Text+untagResource_keyId = Lens.lens (\UntagResource' {keyId} -> keyId) (\s@UntagResource' {} a -> s {keyId = a} :: UntagResource)++-- | One or more tag keys. Specify only the tag keys, not the tag values.+untagResource_tagKeys :: Lens.Lens' UntagResource [Prelude.Text]+untagResource_tagKeys = Lens.lens (\UntagResource' {tagKeys} -> tagKeys) (\s@UntagResource' {} a -> s {tagKeys = a} :: UntagResource) Prelude.. Lens.coerced++instance Core.AWSRequest UntagResource where+ type+ AWSResponse UntagResource =+ UntagResourceResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveNull UntagResourceResponse'++instance Prelude.Hashable UntagResource where+ hashWithSalt _salt UntagResource' {..} =+ _salt+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` tagKeys++instance Prelude.NFData UntagResource where+ rnf UntagResource' {..} =+ Prelude.rnf keyId `Prelude.seq` Prelude.rnf tagKeys++instance Data.ToHeaders UntagResource where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.UntagResource" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON UntagResource where+ toJSON UntagResource' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("TagKeys" Data..= tagKeys)+ ]+ )++instance Data.ToPath UntagResource where+ toPath = Prelude.const "/"++instance Data.ToQuery UntagResource where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUntagResourceResponse' smart constructor.+data UntagResourceResponse = UntagResourceResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UntagResourceResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newUntagResourceResponse ::+ UntagResourceResponse+newUntagResourceResponse = UntagResourceResponse'++instance Prelude.NFData UntagResourceResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/UpdateAlias.hs view
@@ -0,0 +1,283 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.UpdateAlias+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Associates an existing KMS alias with a different KMS key. Each alias is+-- associated with only one KMS key at a time, although a KMS key can have+-- multiple aliases. The alias and the KMS key must be in the same Amazon+-- Web Services account and Region.+--+-- Adding, deleting, or updating an alias can allow or deny permission to+-- the KMS key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/abac.html ABAC for KMS>+-- in the /Key Management Service Developer Guide/.+--+-- The current and new KMS key must be the same type (both symmetric or+-- both asymmetric or both HMAC), and they must have the same key usage.+-- This restriction prevents errors in code that uses aliases. If you must+-- assign an alias to a different type of KMS key, use DeleteAlias to+-- delete the old alias and CreateAlias to create a new alias.+--+-- You cannot use @UpdateAlias@ to change an alias name. To change an alias+-- name, use DeleteAlias to delete the old alias and CreateAlias to create+-- a new alias.+--+-- Because an alias is not a property of a KMS key, you can create, update,+-- and delete the aliases of a KMS key without affecting the KMS key. Also,+-- aliases do not appear in the response from the DescribeKey operation. To+-- get the aliases of all KMS keys in the account, use the ListAliases+-- operation.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__+--+-- - <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:UpdateAlias>+-- on the alias (IAM policy).+--+-- - <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:UpdateAlias>+-- on the current KMS key (key policy).+--+-- - <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:UpdateAlias>+-- on the new KMS key (key policy).+--+-- For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access Controlling access to aliases>+-- in the /Key Management Service Developer Guide/.+--+-- __Related operations:__+--+-- - CreateAlias+--+-- - DeleteAlias+--+-- - ListAliases+module Amazonka.KMS.UpdateAlias+ ( -- * Creating a Request+ UpdateAlias (..),+ newUpdateAlias,++ -- * Request Lenses+ updateAlias_aliasName,+ updateAlias_targetKeyId,++ -- * Destructuring the Response+ UpdateAliasResponse (..),+ newUpdateAliasResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateAlias' smart constructor.+data UpdateAlias = UpdateAlias'+ { -- | Identifies the alias that is changing its KMS key. This value must begin+ -- with @alias\/@ followed by the alias name, such as+ -- @alias\/ExampleAlias@. You cannot use @UpdateAlias@ to change the alias+ -- name.+ aliasName :: Prelude.Text,+ -- | Identifies the+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>+ -- to associate with the alias. You don\'t have permission to associate an+ -- alias with an+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed key>.+ --+ -- The KMS key must be in the same Amazon Web Services account and Region+ -- as the alias. Also, the new target KMS key must be the same type as the+ -- current target KMS key (both symmetric or both asymmetric or both HMAC)+ -- and they must have the same key usage.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ --+ -- To verify that the alias is mapped to the correct KMS key, use+ -- ListAliases.+ targetKeyId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateAlias' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'aliasName', 'updateAlias_aliasName' - Identifies the alias that is changing its KMS key. This value must begin+-- with @alias\/@ followed by the alias name, such as+-- @alias\/ExampleAlias@. You cannot use @UpdateAlias@ to change the alias+-- name.+--+-- 'targetKeyId', 'updateAlias_targetKeyId' - Identifies the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>+-- to associate with the alias. You don\'t have permission to associate an+-- alias with an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed key>.+--+-- The KMS key must be in the same Amazon Web Services account and Region+-- as the alias. Also, the new target KMS key must be the same type as the+-- current target KMS key (both symmetric or both asymmetric or both HMAC)+-- and they must have the same key usage.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- To verify that the alias is mapped to the correct KMS key, use+-- ListAliases.+newUpdateAlias ::+ -- | 'aliasName'+ Prelude.Text ->+ -- | 'targetKeyId'+ Prelude.Text ->+ UpdateAlias+newUpdateAlias pAliasName_ pTargetKeyId_ =+ UpdateAlias'+ { aliasName = pAliasName_,+ targetKeyId = pTargetKeyId_+ }++-- | Identifies the alias that is changing its KMS key. This value must begin+-- with @alias\/@ followed by the alias name, such as+-- @alias\/ExampleAlias@. You cannot use @UpdateAlias@ to change the alias+-- name.+updateAlias_aliasName :: Lens.Lens' UpdateAlias Prelude.Text+updateAlias_aliasName = Lens.lens (\UpdateAlias' {aliasName} -> aliasName) (\s@UpdateAlias' {} a -> s {aliasName = a} :: UpdateAlias)++-- | Identifies the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk customer managed key>+-- to associate with the alias. You don\'t have permission to associate an+-- alias with an+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk Amazon Web Services managed key>.+--+-- The KMS key must be in the same Amazon Web Services account and Region+-- as the alias. Also, the new target KMS key must be the same type as the+-- current target KMS key (both symmetric or both asymmetric or both HMAC)+-- and they must have the same key usage.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- To verify that the alias is mapped to the correct KMS key, use+-- ListAliases.+updateAlias_targetKeyId :: Lens.Lens' UpdateAlias Prelude.Text+updateAlias_targetKeyId = Lens.lens (\UpdateAlias' {targetKeyId} -> targetKeyId) (\s@UpdateAlias' {} a -> s {targetKeyId = a} :: UpdateAlias)++instance Core.AWSRequest UpdateAlias where+ type AWSResponse UpdateAlias = UpdateAliasResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response = Response.receiveNull UpdateAliasResponse'++instance Prelude.Hashable UpdateAlias where+ hashWithSalt _salt UpdateAlias' {..} =+ _salt+ `Prelude.hashWithSalt` aliasName+ `Prelude.hashWithSalt` targetKeyId++instance Prelude.NFData UpdateAlias where+ rnf UpdateAlias' {..} =+ Prelude.rnf aliasName+ `Prelude.seq` Prelude.rnf targetKeyId++instance Data.ToHeaders UpdateAlias where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.UpdateAlias" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON UpdateAlias where+ toJSON UpdateAlias' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("AliasName" Data..= aliasName),+ Prelude.Just ("TargetKeyId" Data..= targetKeyId)+ ]+ )++instance Data.ToPath UpdateAlias where+ toPath = Prelude.const "/"++instance Data.ToQuery UpdateAlias where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateAliasResponse' smart constructor.+data UpdateAliasResponse = UpdateAliasResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateAliasResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newUpdateAliasResponse ::+ UpdateAliasResponse+newUpdateAliasResponse = UpdateAliasResponse'++instance Prelude.NFData UpdateAliasResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/UpdateCustomKeyStore.hs view
@@ -0,0 +1,641 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.UpdateCustomKeyStore+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Changes the properties of a custom key store. You can use this operation+-- to change the properties of an CloudHSM key store or an external key+-- store.+--+-- Use the required @CustomKeyStoreId@ parameter to identify the custom key+-- store. Use the remaining optional parameters to change its properties.+-- This operation does not return any property values. To verify the+-- updated property values, use the DescribeCustomKeyStores operation.+--+-- This operation is part of the+-- <https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html custom key stores>+-- feature in KMS, which combines the convenience and extensive integration+-- of KMS with the isolation and control of a key store that you own and+-- manage.+--+-- When updating the properties of an external key store, verify that the+-- updated settings connect your key store, via the external key store+-- proxy, to the same external key manager as the previous settings, or to+-- a backup or snapshot of the external key manager with the same+-- cryptographic keys. If the updated connection settings fail, you can fix+-- them and retry, although an extended delay might disrupt Amazon Web+-- Services services. However, if KMS permanently loses its access to+-- cryptographic keys, ciphertext encrypted under those keys is+-- unrecoverable.+--+-- For external key stores:+--+-- Some external key managers provide a simpler method for updating an+-- external key store. For details, see your external key manager+-- documentation.+--+-- When updating an external key store in the KMS console, you can upload a+-- JSON-based proxy configuration file with the desired values. You cannot+-- upload the proxy configuration file to the @UpdateCustomKeyStore@+-- operation. However, you can use the file to help you determine the+-- correct values for the @UpdateCustomKeyStore@ parameters.+--+-- For an CloudHSM key store, you can use this operation to change the+-- custom key store friendly name (@NewCustomKeyStoreName@), to tell KMS+-- about a change to the @kmsuser@ crypto user password+-- (@KeyStorePassword@), or to associate the custom key store with a+-- different, but related, CloudHSM cluster (@CloudHsmClusterId@). To+-- update any property of an CloudHSM key store, the @ConnectionState@ of+-- the CloudHSM key store must be @DISCONNECTED@.+--+-- For an external key store, you can use this operation to change the+-- custom key store friendly name (@NewCustomKeyStoreName@), or to tell KMS+-- about a change to the external key store proxy authentication+-- credentials (@XksProxyAuthenticationCredential@), connection method+-- (@XksProxyConnectivity@), external proxy endpoint+-- (@XksProxyUriEndpoint@) and path (@XksProxyUriPath@). For external key+-- stores with an @XksProxyConnectivity@ of @VPC_ENDPOINT_SERVICE@, you can+-- also update the Amazon VPC endpoint service name+-- (@XksProxyVpcEndpointServiceName@). To update most properties of an+-- external key store, the @ConnectionState@ of the external key store must+-- be @DISCONNECTED@. However, you can update the @CustomKeyStoreName@,+-- @XksProxyAuthenticationCredential@, and @XksProxyUriPath@ of an external+-- key store when it is in the CONNECTED or DISCONNECTED state.+--+-- If your update requires a @DISCONNECTED@ state, before using+-- @UpdateCustomKeyStore@, use the DisconnectCustomKeyStore operation to+-- disconnect the custom key store. After the @UpdateCustomKeyStore@+-- operation completes, use the ConnectCustomKeyStore to reconnect the+-- custom key store. To find the @ConnectionState@ of the custom key store,+-- use the DescribeCustomKeyStores operation.+--+-- Before updating the custom key store, verify that the new values allow+-- KMS to connect the custom key store to its backing key store. For+-- example, before you change the @XksProxyUriPath@ value, verify that the+-- external key store proxy is reachable at the new path.+--+-- If the operation succeeds, it returns a JSON object with no properties.+--+-- __Cross-account use__: No. You cannot perform this operation on a custom+-- key store in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:UpdateCustomKeyStore>+-- (IAM policy)+--+-- __Related operations:__+--+-- - ConnectCustomKeyStore+--+-- - CreateCustomKeyStore+--+-- - DeleteCustomKeyStore+--+-- - DescribeCustomKeyStores+--+-- - DisconnectCustomKeyStore+module Amazonka.KMS.UpdateCustomKeyStore+ ( -- * Creating a Request+ UpdateCustomKeyStore (..),+ newUpdateCustomKeyStore,++ -- * Request Lenses+ updateCustomKeyStore_cloudHsmClusterId,+ updateCustomKeyStore_keyStorePassword,+ updateCustomKeyStore_newCustomKeyStoreName,+ updateCustomKeyStore_xksProxyAuthenticationCredential,+ updateCustomKeyStore_xksProxyConnectivity,+ updateCustomKeyStore_xksProxyUriEndpoint,+ updateCustomKeyStore_xksProxyUriPath,+ updateCustomKeyStore_xksProxyVpcEndpointServiceName,+ updateCustomKeyStore_customKeyStoreId,++ -- * Destructuring the Response+ UpdateCustomKeyStoreResponse (..),+ newUpdateCustomKeyStoreResponse,++ -- * Response Lenses+ updateCustomKeyStoreResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateCustomKeyStore' smart constructor.+data UpdateCustomKeyStore = UpdateCustomKeyStore'+ { -- | Associates the custom key store with a related CloudHSM cluster. This+ -- parameter is valid only for custom key stores with a+ -- @CustomKeyStoreType@ of @AWS_CLOUDHSM@.+ --+ -- Enter the cluster ID of the cluster that you used to create the custom+ -- key store or a cluster that shares a backup history and has the same+ -- cluster certificate as the original cluster. You cannot use this+ -- parameter to associate a custom key store with an unrelated cluster. In+ -- addition, the replacement cluster must+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore fulfill the requirements>+ -- for a cluster associated with a custom key store. To view the cluster+ -- certificate of a cluster, use the+ -- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>+ -- operation.+ --+ -- To change this value, the CloudHSM key store must be disconnected.+ cloudHsmClusterId :: Prelude.Maybe Prelude.Text,+ -- | Enter the current password of the @kmsuser@ crypto user (CU) in the+ -- CloudHSM cluster that is associated with the custom key store. This+ -- parameter is valid only for custom key stores with a+ -- @CustomKeyStoreType@ of @AWS_CLOUDHSM@.+ --+ -- This parameter tells KMS the current password of the @kmsuser@ crypto+ -- user (CU). It does not set or change the password of any users in the+ -- CloudHSM cluster.+ --+ -- To change this value, the CloudHSM key store must be disconnected.+ keyStorePassword :: Prelude.Maybe (Data.Sensitive Prelude.Text),+ -- | Changes the friendly name of the custom key store to the value that you+ -- specify. The custom key store name must be unique in the Amazon Web+ -- Services account.+ --+ -- To change this value, an CloudHSM key store must be disconnected. An+ -- external key store can be connected or disconnected.+ newCustomKeyStoreName' :: Prelude.Maybe Prelude.Text,+ -- | Changes the credentials that KMS uses to sign requests to the external+ -- key store proxy (XKS proxy). This parameter is valid only for custom key+ -- stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+ --+ -- You must specify both the @AccessKeyId@ and @SecretAccessKey@ value in+ -- the authentication credential, even if you are only updating one value.+ --+ -- This parameter doesn\'t establish or change your authentication+ -- credentials on the proxy. It just tells KMS the credential that you+ -- established with your external key store proxy. For example, if you+ -- rotate the credential on your external key store proxy, you can use this+ -- parameter to update the credential in KMS.+ --+ -- You can change this value when the external key store is connected or+ -- disconnected.+ xksProxyAuthenticationCredential :: Prelude.Maybe XksProxyAuthenticationCredentialType,+ -- | Changes the connectivity setting for the external key store. To indicate+ -- that the external key store proxy uses a Amazon VPC endpoint service to+ -- communicate with KMS, specify @VPC_ENDPOINT_SERVICE@. Otherwise, specify+ -- @PUBLIC_ENDPOINT@.+ --+ -- If you change the @XksProxyConnectivity@ to @VPC_ENDPOINT_SERVICE@, you+ -- must also change the @XksProxyUriEndpoint@ and add an+ -- @XksProxyVpcEndpointServiceName@ value.+ --+ -- If you change the @XksProxyConnectivity@ to @PUBLIC_ENDPOINT@, you must+ -- also change the @XksProxyUriEndpoint@ and specify a null or empty string+ -- for the @XksProxyVpcEndpointServiceName@ value.+ --+ -- To change this value, the external key store must be disconnected.+ xksProxyConnectivity :: Prelude.Maybe XksProxyConnectivityType,+ -- | Changes the URI endpoint that KMS uses to connect to your external key+ -- store proxy (XKS proxy). This parameter is valid only for custom key+ -- stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+ --+ -- For external key stores with an @XksProxyConnectivity@ value of+ -- @PUBLIC_ENDPOINT@, the protocol must be HTTPS.+ --+ -- For external key stores with an @XksProxyConnectivity@ value of+ -- @VPC_ENDPOINT_SERVICE@, specify @https:\/\/@ followed by the private DNS+ -- name associated with the VPC endpoint service. Each external key store+ -- must use a different private DNS name.+ --+ -- The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must be+ -- unique in the Amazon Web Services account and Region.+ --+ -- To change this value, the external key store must be disconnected.+ xksProxyUriEndpoint :: Prelude.Maybe Prelude.Text,+ -- | Changes the base path to the proxy APIs for this external key store. To+ -- find this value, see the documentation for your external key manager and+ -- external key store proxy (XKS proxy). This parameter is valid only for+ -- custom key stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+ --+ -- The value must start with @\/@ and must end with @\/kms\/xks\/v1@, where+ -- @v1@ represents the version of the KMS external key store proxy API. You+ -- can include an optional prefix between the required elements such as+ -- @\/@/@example@/@\/kms\/xks\/v1@.+ --+ -- The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must be+ -- unique in the Amazon Web Services account and Region.+ --+ -- You can change this value when the external key store is connected or+ -- disconnected.+ xksProxyUriPath :: Prelude.Maybe Prelude.Text,+ -- | Changes the name that KMS uses to identify the Amazon VPC endpoint+ -- service for your external key store proxy (XKS proxy). This parameter is+ -- valid when the @CustomKeyStoreType@ is @EXTERNAL_KEY_STORE@ and the+ -- @XksProxyConnectivity@ is @VPC_ENDPOINT_SERVICE@.+ --+ -- To change this value, the external key store must be disconnected.+ xksProxyVpcEndpointServiceName :: Prelude.Maybe Prelude.Text,+ -- | Identifies the custom key store that you want to update. Enter the ID of+ -- the custom key store. To find the ID of a custom key store, use the+ -- DescribeCustomKeyStores operation.+ customKeyStoreId :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateCustomKeyStore' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'cloudHsmClusterId', 'updateCustomKeyStore_cloudHsmClusterId' - Associates the custom key store with a related CloudHSM cluster. This+-- parameter is valid only for custom key stores with a+-- @CustomKeyStoreType@ of @AWS_CLOUDHSM@.+--+-- Enter the cluster ID of the cluster that you used to create the custom+-- key store or a cluster that shares a backup history and has the same+-- cluster certificate as the original cluster. You cannot use this+-- parameter to associate a custom key store with an unrelated cluster. In+-- addition, the replacement cluster must+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore fulfill the requirements>+-- for a cluster associated with a custom key store. To view the cluster+-- certificate of a cluster, use the+-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>+-- operation.+--+-- To change this value, the CloudHSM key store must be disconnected.+--+-- 'keyStorePassword', 'updateCustomKeyStore_keyStorePassword' - Enter the current password of the @kmsuser@ crypto user (CU) in the+-- CloudHSM cluster that is associated with the custom key store. This+-- parameter is valid only for custom key stores with a+-- @CustomKeyStoreType@ of @AWS_CLOUDHSM@.+--+-- This parameter tells KMS the current password of the @kmsuser@ crypto+-- user (CU). It does not set or change the password of any users in the+-- CloudHSM cluster.+--+-- To change this value, the CloudHSM key store must be disconnected.+--+-- 'newCustomKeyStoreName'', 'updateCustomKeyStore_newCustomKeyStoreName' - Changes the friendly name of the custom key store to the value that you+-- specify. The custom key store name must be unique in the Amazon Web+-- Services account.+--+-- To change this value, an CloudHSM key store must be disconnected. An+-- external key store can be connected or disconnected.+--+-- 'xksProxyAuthenticationCredential', 'updateCustomKeyStore_xksProxyAuthenticationCredential' - Changes the credentials that KMS uses to sign requests to the external+-- key store proxy (XKS proxy). This parameter is valid only for custom key+-- stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- You must specify both the @AccessKeyId@ and @SecretAccessKey@ value in+-- the authentication credential, even if you are only updating one value.+--+-- This parameter doesn\'t establish or change your authentication+-- credentials on the proxy. It just tells KMS the credential that you+-- established with your external key store proxy. For example, if you+-- rotate the credential on your external key store proxy, you can use this+-- parameter to update the credential in KMS.+--+-- You can change this value when the external key store is connected or+-- disconnected.+--+-- 'xksProxyConnectivity', 'updateCustomKeyStore_xksProxyConnectivity' - Changes the connectivity setting for the external key store. To indicate+-- that the external key store proxy uses a Amazon VPC endpoint service to+-- communicate with KMS, specify @VPC_ENDPOINT_SERVICE@. Otherwise, specify+-- @PUBLIC_ENDPOINT@.+--+-- If you change the @XksProxyConnectivity@ to @VPC_ENDPOINT_SERVICE@, you+-- must also change the @XksProxyUriEndpoint@ and add an+-- @XksProxyVpcEndpointServiceName@ value.+--+-- If you change the @XksProxyConnectivity@ to @PUBLIC_ENDPOINT@, you must+-- also change the @XksProxyUriEndpoint@ and specify a null or empty string+-- for the @XksProxyVpcEndpointServiceName@ value.+--+-- To change this value, the external key store must be disconnected.+--+-- 'xksProxyUriEndpoint', 'updateCustomKeyStore_xksProxyUriEndpoint' - Changes the URI endpoint that KMS uses to connect to your external key+-- store proxy (XKS proxy). This parameter is valid only for custom key+-- stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- For external key stores with an @XksProxyConnectivity@ value of+-- @PUBLIC_ENDPOINT@, the protocol must be HTTPS.+--+-- For external key stores with an @XksProxyConnectivity@ value of+-- @VPC_ENDPOINT_SERVICE@, specify @https:\/\/@ followed by the private DNS+-- name associated with the VPC endpoint service. Each external key store+-- must use a different private DNS name.+--+-- The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must be+-- unique in the Amazon Web Services account and Region.+--+-- To change this value, the external key store must be disconnected.+--+-- 'xksProxyUriPath', 'updateCustomKeyStore_xksProxyUriPath' - Changes the base path to the proxy APIs for this external key store. To+-- find this value, see the documentation for your external key manager and+-- external key store proxy (XKS proxy). This parameter is valid only for+-- custom key stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- The value must start with @\/@ and must end with @\/kms\/xks\/v1@, where+-- @v1@ represents the version of the KMS external key store proxy API. You+-- can include an optional prefix between the required elements such as+-- @\/@/@example@/@\/kms\/xks\/v1@.+--+-- The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must be+-- unique in the Amazon Web Services account and Region.+--+-- You can change this value when the external key store is connected or+-- disconnected.+--+-- 'xksProxyVpcEndpointServiceName', 'updateCustomKeyStore_xksProxyVpcEndpointServiceName' - Changes the name that KMS uses to identify the Amazon VPC endpoint+-- service for your external key store proxy (XKS proxy). This parameter is+-- valid when the @CustomKeyStoreType@ is @EXTERNAL_KEY_STORE@ and the+-- @XksProxyConnectivity@ is @VPC_ENDPOINT_SERVICE@.+--+-- To change this value, the external key store must be disconnected.+--+-- 'customKeyStoreId', 'updateCustomKeyStore_customKeyStoreId' - Identifies the custom key store that you want to update. Enter the ID of+-- the custom key store. To find the ID of a custom key store, use the+-- DescribeCustomKeyStores operation.+newUpdateCustomKeyStore ::+ -- | 'customKeyStoreId'+ Prelude.Text ->+ UpdateCustomKeyStore+newUpdateCustomKeyStore pCustomKeyStoreId_ =+ UpdateCustomKeyStore'+ { cloudHsmClusterId =+ Prelude.Nothing,+ keyStorePassword = Prelude.Nothing,+ newCustomKeyStoreName' = Prelude.Nothing,+ xksProxyAuthenticationCredential = Prelude.Nothing,+ xksProxyConnectivity = Prelude.Nothing,+ xksProxyUriEndpoint = Prelude.Nothing,+ xksProxyUriPath = Prelude.Nothing,+ xksProxyVpcEndpointServiceName = Prelude.Nothing,+ customKeyStoreId = pCustomKeyStoreId_+ }++-- | Associates the custom key store with a related CloudHSM cluster. This+-- parameter is valid only for custom key stores with a+-- @CustomKeyStoreType@ of @AWS_CLOUDHSM@.+--+-- Enter the cluster ID of the cluster that you used to create the custom+-- key store or a cluster that shares a backup history and has the same+-- cluster certificate as the original cluster. You cannot use this+-- parameter to associate a custom key store with an unrelated cluster. In+-- addition, the replacement cluster must+-- <https://docs.aws.amazon.com/kms/latest/developerguide/create-keystore.html#before-keystore fulfill the requirements>+-- for a cluster associated with a custom key store. To view the cluster+-- certificate of a cluster, use the+-- <https://docs.aws.amazon.com/cloudhsm/latest/APIReference/API_DescribeClusters.html DescribeClusters>+-- operation.+--+-- To change this value, the CloudHSM key store must be disconnected.+updateCustomKeyStore_cloudHsmClusterId :: Lens.Lens' UpdateCustomKeyStore (Prelude.Maybe Prelude.Text)+updateCustomKeyStore_cloudHsmClusterId = Lens.lens (\UpdateCustomKeyStore' {cloudHsmClusterId} -> cloudHsmClusterId) (\s@UpdateCustomKeyStore' {} a -> s {cloudHsmClusterId = a} :: UpdateCustomKeyStore)++-- | Enter the current password of the @kmsuser@ crypto user (CU) in the+-- CloudHSM cluster that is associated with the custom key store. This+-- parameter is valid only for custom key stores with a+-- @CustomKeyStoreType@ of @AWS_CLOUDHSM@.+--+-- This parameter tells KMS the current password of the @kmsuser@ crypto+-- user (CU). It does not set or change the password of any users in the+-- CloudHSM cluster.+--+-- To change this value, the CloudHSM key store must be disconnected.+updateCustomKeyStore_keyStorePassword :: Lens.Lens' UpdateCustomKeyStore (Prelude.Maybe Prelude.Text)+updateCustomKeyStore_keyStorePassword = Lens.lens (\UpdateCustomKeyStore' {keyStorePassword} -> keyStorePassword) (\s@UpdateCustomKeyStore' {} a -> s {keyStorePassword = a} :: UpdateCustomKeyStore) Prelude.. Lens.mapping Data._Sensitive++-- | Changes the friendly name of the custom key store to the value that you+-- specify. The custom key store name must be unique in the Amazon Web+-- Services account.+--+-- To change this value, an CloudHSM key store must be disconnected. An+-- external key store can be connected or disconnected.+updateCustomKeyStore_newCustomKeyStoreName :: Lens.Lens' UpdateCustomKeyStore (Prelude.Maybe Prelude.Text)+updateCustomKeyStore_newCustomKeyStoreName = Lens.lens (\UpdateCustomKeyStore' {newCustomKeyStoreName'} -> newCustomKeyStoreName') (\s@UpdateCustomKeyStore' {} a -> s {newCustomKeyStoreName' = a} :: UpdateCustomKeyStore)++-- | Changes the credentials that KMS uses to sign requests to the external+-- key store proxy (XKS proxy). This parameter is valid only for custom key+-- stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- You must specify both the @AccessKeyId@ and @SecretAccessKey@ value in+-- the authentication credential, even if you are only updating one value.+--+-- This parameter doesn\'t establish or change your authentication+-- credentials on the proxy. It just tells KMS the credential that you+-- established with your external key store proxy. For example, if you+-- rotate the credential on your external key store proxy, you can use this+-- parameter to update the credential in KMS.+--+-- You can change this value when the external key store is connected or+-- disconnected.+updateCustomKeyStore_xksProxyAuthenticationCredential :: Lens.Lens' UpdateCustomKeyStore (Prelude.Maybe XksProxyAuthenticationCredentialType)+updateCustomKeyStore_xksProxyAuthenticationCredential = Lens.lens (\UpdateCustomKeyStore' {xksProxyAuthenticationCredential} -> xksProxyAuthenticationCredential) (\s@UpdateCustomKeyStore' {} a -> s {xksProxyAuthenticationCredential = a} :: UpdateCustomKeyStore)++-- | Changes the connectivity setting for the external key store. To indicate+-- that the external key store proxy uses a Amazon VPC endpoint service to+-- communicate with KMS, specify @VPC_ENDPOINT_SERVICE@. Otherwise, specify+-- @PUBLIC_ENDPOINT@.+--+-- If you change the @XksProxyConnectivity@ to @VPC_ENDPOINT_SERVICE@, you+-- must also change the @XksProxyUriEndpoint@ and add an+-- @XksProxyVpcEndpointServiceName@ value.+--+-- If you change the @XksProxyConnectivity@ to @PUBLIC_ENDPOINT@, you must+-- also change the @XksProxyUriEndpoint@ and specify a null or empty string+-- for the @XksProxyVpcEndpointServiceName@ value.+--+-- To change this value, the external key store must be disconnected.+updateCustomKeyStore_xksProxyConnectivity :: Lens.Lens' UpdateCustomKeyStore (Prelude.Maybe XksProxyConnectivityType)+updateCustomKeyStore_xksProxyConnectivity = Lens.lens (\UpdateCustomKeyStore' {xksProxyConnectivity} -> xksProxyConnectivity) (\s@UpdateCustomKeyStore' {} a -> s {xksProxyConnectivity = a} :: UpdateCustomKeyStore)++-- | Changes the URI endpoint that KMS uses to connect to your external key+-- store proxy (XKS proxy). This parameter is valid only for custom key+-- stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- For external key stores with an @XksProxyConnectivity@ value of+-- @PUBLIC_ENDPOINT@, the protocol must be HTTPS.+--+-- For external key stores with an @XksProxyConnectivity@ value of+-- @VPC_ENDPOINT_SERVICE@, specify @https:\/\/@ followed by the private DNS+-- name associated with the VPC endpoint service. Each external key store+-- must use a different private DNS name.+--+-- The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must be+-- unique in the Amazon Web Services account and Region.+--+-- To change this value, the external key store must be disconnected.+updateCustomKeyStore_xksProxyUriEndpoint :: Lens.Lens' UpdateCustomKeyStore (Prelude.Maybe Prelude.Text)+updateCustomKeyStore_xksProxyUriEndpoint = Lens.lens (\UpdateCustomKeyStore' {xksProxyUriEndpoint} -> xksProxyUriEndpoint) (\s@UpdateCustomKeyStore' {} a -> s {xksProxyUriEndpoint = a} :: UpdateCustomKeyStore)++-- | Changes the base path to the proxy APIs for this external key store. To+-- find this value, see the documentation for your external key manager and+-- external key store proxy (XKS proxy). This parameter is valid only for+-- custom key stores with a @CustomKeyStoreType@ of @EXTERNAL_KEY_STORE@.+--+-- The value must start with @\/@ and must end with @\/kms\/xks\/v1@, where+-- @v1@ represents the version of the KMS external key store proxy API. You+-- can include an optional prefix between the required elements such as+-- @\/@/@example@/@\/kms\/xks\/v1@.+--+-- The combined @XksProxyUriEndpoint@ and @XksProxyUriPath@ values must be+-- unique in the Amazon Web Services account and Region.+--+-- You can change this value when the external key store is connected or+-- disconnected.+updateCustomKeyStore_xksProxyUriPath :: Lens.Lens' UpdateCustomKeyStore (Prelude.Maybe Prelude.Text)+updateCustomKeyStore_xksProxyUriPath = Lens.lens (\UpdateCustomKeyStore' {xksProxyUriPath} -> xksProxyUriPath) (\s@UpdateCustomKeyStore' {} a -> s {xksProxyUriPath = a} :: UpdateCustomKeyStore)++-- | Changes the name that KMS uses to identify the Amazon VPC endpoint+-- service for your external key store proxy (XKS proxy). This parameter is+-- valid when the @CustomKeyStoreType@ is @EXTERNAL_KEY_STORE@ and the+-- @XksProxyConnectivity@ is @VPC_ENDPOINT_SERVICE@.+--+-- To change this value, the external key store must be disconnected.+updateCustomKeyStore_xksProxyVpcEndpointServiceName :: Lens.Lens' UpdateCustomKeyStore (Prelude.Maybe Prelude.Text)+updateCustomKeyStore_xksProxyVpcEndpointServiceName = Lens.lens (\UpdateCustomKeyStore' {xksProxyVpcEndpointServiceName} -> xksProxyVpcEndpointServiceName) (\s@UpdateCustomKeyStore' {} a -> s {xksProxyVpcEndpointServiceName = a} :: UpdateCustomKeyStore)++-- | Identifies the custom key store that you want to update. Enter the ID of+-- the custom key store. To find the ID of a custom key store, use the+-- DescribeCustomKeyStores operation.+updateCustomKeyStore_customKeyStoreId :: Lens.Lens' UpdateCustomKeyStore Prelude.Text+updateCustomKeyStore_customKeyStoreId = Lens.lens (\UpdateCustomKeyStore' {customKeyStoreId} -> customKeyStoreId) (\s@UpdateCustomKeyStore' {} a -> s {customKeyStoreId = a} :: UpdateCustomKeyStore)++instance Core.AWSRequest UpdateCustomKeyStore where+ type+ AWSResponse UpdateCustomKeyStore =+ UpdateCustomKeyStoreResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveEmpty+ ( \s h x ->+ UpdateCustomKeyStoreResponse'+ Prelude.<$> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable UpdateCustomKeyStore where+ hashWithSalt _salt UpdateCustomKeyStore' {..} =+ _salt+ `Prelude.hashWithSalt` cloudHsmClusterId+ `Prelude.hashWithSalt` keyStorePassword+ `Prelude.hashWithSalt` newCustomKeyStoreName'+ `Prelude.hashWithSalt` xksProxyAuthenticationCredential+ `Prelude.hashWithSalt` xksProxyConnectivity+ `Prelude.hashWithSalt` xksProxyUriEndpoint+ `Prelude.hashWithSalt` xksProxyUriPath+ `Prelude.hashWithSalt` xksProxyVpcEndpointServiceName+ `Prelude.hashWithSalt` customKeyStoreId++instance Prelude.NFData UpdateCustomKeyStore where+ rnf UpdateCustomKeyStore' {..} =+ Prelude.rnf cloudHsmClusterId+ `Prelude.seq` Prelude.rnf keyStorePassword+ `Prelude.seq` Prelude.rnf newCustomKeyStoreName'+ `Prelude.seq` Prelude.rnf xksProxyAuthenticationCredential+ `Prelude.seq` Prelude.rnf xksProxyConnectivity+ `Prelude.seq` Prelude.rnf xksProxyUriEndpoint+ `Prelude.seq` Prelude.rnf xksProxyUriPath+ `Prelude.seq` Prelude.rnf xksProxyVpcEndpointServiceName+ `Prelude.seq` Prelude.rnf customKeyStoreId++instance Data.ToHeaders UpdateCustomKeyStore where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.UpdateCustomKeyStore" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON UpdateCustomKeyStore where+ toJSON UpdateCustomKeyStore' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("CloudHsmClusterId" Data..=)+ Prelude.<$> cloudHsmClusterId,+ ("KeyStorePassword" Data..=)+ Prelude.<$> keyStorePassword,+ ("NewCustomKeyStoreName" Data..=)+ Prelude.<$> newCustomKeyStoreName',+ ("XksProxyAuthenticationCredential" Data..=)+ Prelude.<$> xksProxyAuthenticationCredential,+ ("XksProxyConnectivity" Data..=)+ Prelude.<$> xksProxyConnectivity,+ ("XksProxyUriEndpoint" Data..=)+ Prelude.<$> xksProxyUriEndpoint,+ ("XksProxyUriPath" Data..=)+ Prelude.<$> xksProxyUriPath,+ ("XksProxyVpcEndpointServiceName" Data..=)+ Prelude.<$> xksProxyVpcEndpointServiceName,+ Prelude.Just+ ("CustomKeyStoreId" Data..= customKeyStoreId)+ ]+ )++instance Data.ToPath UpdateCustomKeyStore where+ toPath = Prelude.const "/"++instance Data.ToQuery UpdateCustomKeyStore where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateCustomKeyStoreResponse' smart constructor.+data UpdateCustomKeyStoreResponse = UpdateCustomKeyStoreResponse'+ { -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateCustomKeyStoreResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'httpStatus', 'updateCustomKeyStoreResponse_httpStatus' - The response's http status code.+newUpdateCustomKeyStoreResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ UpdateCustomKeyStoreResponse+newUpdateCustomKeyStoreResponse pHttpStatus_ =+ UpdateCustomKeyStoreResponse'+ { httpStatus =+ pHttpStatus_+ }++-- | The response's http status code.+updateCustomKeyStoreResponse_httpStatus :: Lens.Lens' UpdateCustomKeyStoreResponse Prelude.Int+updateCustomKeyStoreResponse_httpStatus = Lens.lens (\UpdateCustomKeyStoreResponse' {httpStatus} -> httpStatus) (\s@UpdateCustomKeyStoreResponse' {} a -> s {httpStatus = a} :: UpdateCustomKeyStoreResponse)++instance Prelude.NFData UpdateCustomKeyStoreResponse where+ rnf UpdateCustomKeyStoreResponse' {..} =+ Prelude.rnf httpStatus
+ gen/Amazonka/KMS/UpdateKeyDescription.hs view
@@ -0,0 +1,208 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.UpdateKeyDescription+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Updates the description of a KMS key. To see the description of a KMS+-- key, use DescribeKey.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: No. You cannot perform this operation on a KMS+-- key in a different Amazon Web Services account.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:UpdateKeyDescription>+-- (key policy)+--+-- __Related operations__+--+-- - CreateKey+--+-- - DescribeKey+module Amazonka.KMS.UpdateKeyDescription+ ( -- * Creating a Request+ UpdateKeyDescription (..),+ newUpdateKeyDescription,++ -- * Request Lenses+ updateKeyDescription_keyId,+ updateKeyDescription_description,++ -- * Destructuring the Response+ UpdateKeyDescriptionResponse (..),+ newUpdateKeyDescriptionResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdateKeyDescription' smart constructor.+data UpdateKeyDescription = UpdateKeyDescription'+ { -- | Updates the description of the specified KMS key.+ --+ -- Specify the key ID or key ARN of the KMS key.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | New description for the KMS key.+ description :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateKeyDescription' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'updateKeyDescription_keyId' - Updates the description of the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'description', 'updateKeyDescription_description' - New description for the KMS key.+newUpdateKeyDescription ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'description'+ Prelude.Text ->+ UpdateKeyDescription+newUpdateKeyDescription pKeyId_ pDescription_ =+ UpdateKeyDescription'+ { keyId = pKeyId_,+ description = pDescription_+ }++-- | Updates the description of the specified KMS key.+--+-- Specify the key ID or key ARN of the KMS key.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+updateKeyDescription_keyId :: Lens.Lens' UpdateKeyDescription Prelude.Text+updateKeyDescription_keyId = Lens.lens (\UpdateKeyDescription' {keyId} -> keyId) (\s@UpdateKeyDescription' {} a -> s {keyId = a} :: UpdateKeyDescription)++-- | New description for the KMS key.+updateKeyDescription_description :: Lens.Lens' UpdateKeyDescription Prelude.Text+updateKeyDescription_description = Lens.lens (\UpdateKeyDescription' {description} -> description) (\s@UpdateKeyDescription' {} a -> s {description = a} :: UpdateKeyDescription)++instance Core.AWSRequest UpdateKeyDescription where+ type+ AWSResponse UpdateKeyDescription =+ UpdateKeyDescriptionResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveNull UpdateKeyDescriptionResponse'++instance Prelude.Hashable UpdateKeyDescription where+ hashWithSalt _salt UpdateKeyDescription' {..} =+ _salt+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` description++instance Prelude.NFData UpdateKeyDescription where+ rnf UpdateKeyDescription' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf description++instance Data.ToHeaders UpdateKeyDescription where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.UpdateKeyDescription" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON UpdateKeyDescription where+ toJSON UpdateKeyDescription' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("Description" Data..= description)+ ]+ )++instance Data.ToPath UpdateKeyDescription where+ toPath = Prelude.const "/"++instance Data.ToQuery UpdateKeyDescription where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdateKeyDescriptionResponse' smart constructor.+data UpdateKeyDescriptionResponse = UpdateKeyDescriptionResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdateKeyDescriptionResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newUpdateKeyDescriptionResponse ::+ UpdateKeyDescriptionResponse+newUpdateKeyDescriptionResponse =+ UpdateKeyDescriptionResponse'++instance Prelude.NFData UpdateKeyDescriptionResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/UpdatePrimaryRegion.hs view
@@ -0,0 +1,285 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.UpdatePrimaryRegion+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Changes the primary key of a multi-Region key.+--+-- This operation changes the replica key in the specified Region to a+-- primary key and changes the former primary key to a replica key. For+-- example, suppose you have a primary key in @us-east-1@ and a replica key+-- in @eu-west-2@. If you run @UpdatePrimaryRegion@ with a @PrimaryRegion@+-- value of @eu-west-2@, the primary key is now the key in @eu-west-2@, and+-- the key in @us-east-1@ becomes a replica key. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-update Updating the primary Region>+-- in the /Key Management Service Developer Guide/.+--+-- This operation supports /multi-Region keys/, an KMS feature that lets+-- you create multiple interoperable KMS keys in different Amazon Web+-- Services Regions. Because these KMS keys have the same key ID, key+-- material, and other metadata, you can use them interchangeably to+-- encrypt data in one Amazon Web Services Region and decrypt it in a+-- different Amazon Web Services Region without re-encrypting the data or+-- making a cross-Region call. For more information about multi-Region+-- keys, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html Multi-Region keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- The /primary key/ of a multi-Region key is the source for properties+-- that are always shared by primary and replica keys, including the key+-- material,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-id key ID>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-spec key spec>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-usage key usage>,+-- <https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-origin key material origin>,+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html automatic key rotation>.+-- It\'s the only key that can be replicated. You cannot+-- <https://docs.aws.amazon.com/kms/latest/APIReference/API_ScheduleKeyDeletion.html delete the primary key>+-- until all replica keys are deleted.+--+-- The key ID and primary Region that you specify uniquely identify the+-- replica key that will become the primary key. The primary Region must+-- already have a replica key. This operation does not create a KMS key in+-- the specified Region. To find the replica keys, use the DescribeKey+-- operation on the primary key or any replica key. To create a replica+-- key, use the ReplicateKey operation.+--+-- You can run this operation while using the affected multi-Region keys in+-- cryptographic operations. This operation should not delay, interrupt, or+-- cause failures in cryptographic operations.+--+-- Even after this operation completes, the process of updating the primary+-- Region might still be in progress for a few more seconds. Operations+-- such as @DescribeKey@ might display both the old and new primary keys as+-- replicas. The old and new primary keys have a transient key state of+-- @Updating@. The original key state is restored when the update is+-- complete. While the key state is @Updating@, you can use the keys in+-- cryptographic operations, but you cannot replicate the new primary key+-- or perform certain management operations, such as enabling or disabling+-- these keys. For details about the @Updating@ key state, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- This operation does not return any output. To verify that primary key is+-- changed, use the DescribeKey operation.+--+-- __Cross-account use__: No. You cannot use this operation in a different+-- Amazon Web Services account.+--+-- __Required permissions__:+--+-- - @kms:UpdatePrimaryRegion@ on the current primary key (in the primary+-- key\'s Region). Include this permission primary key\'s key policy.+--+-- - @kms:UpdatePrimaryRegion@ on the current replica key (in the replica+-- key\'s Region). Include this permission in the replica key\'s key+-- policy.+--+-- __Related operations__+--+-- - CreateKey+--+-- - ReplicateKey+module Amazonka.KMS.UpdatePrimaryRegion+ ( -- * Creating a Request+ UpdatePrimaryRegion (..),+ newUpdatePrimaryRegion,++ -- * Request Lenses+ updatePrimaryRegion_keyId,+ updatePrimaryRegion_primaryRegion,++ -- * Destructuring the Response+ UpdatePrimaryRegionResponse (..),+ newUpdatePrimaryRegionResponse,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newUpdatePrimaryRegion' smart constructor.+data UpdatePrimaryRegion = UpdatePrimaryRegion'+ { -- | Identifies the current primary key. When the operation completes, this+ -- KMS key will be a replica key.+ --+ -- Specify the key ID or key ARN of a multi-Region primary key.+ --+ -- For example:+ --+ -- - Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey.+ keyId :: Prelude.Text,+ -- | The Amazon Web Services Region of the new primary key. Enter the Region+ -- ID, such as @us-east-1@ or @ap-southeast-2@. There must be an existing+ -- replica key in this Region.+ --+ -- When the operation completes, the multi-Region key in this Region will+ -- be the primary key.+ primaryRegion :: Prelude.Text+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdatePrimaryRegion' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'updatePrimaryRegion_keyId' - Identifies the current primary key. When the operation completes, this+-- KMS key will be a replica key.+--+-- Specify the key ID or key ARN of a multi-Region primary key.+--+-- For example:+--+-- - Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+--+-- 'primaryRegion', 'updatePrimaryRegion_primaryRegion' - The Amazon Web Services Region of the new primary key. Enter the Region+-- ID, such as @us-east-1@ or @ap-southeast-2@. There must be an existing+-- replica key in this Region.+--+-- When the operation completes, the multi-Region key in this Region will+-- be the primary key.+newUpdatePrimaryRegion ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'primaryRegion'+ Prelude.Text ->+ UpdatePrimaryRegion+newUpdatePrimaryRegion pKeyId_ pPrimaryRegion_ =+ UpdatePrimaryRegion'+ { keyId = pKeyId_,+ primaryRegion = pPrimaryRegion_+ }++-- | Identifies the current primary key. When the operation completes, this+-- KMS key will be a replica key.+--+-- Specify the key ID or key ARN of a multi-Region primary key.+--+-- For example:+--+-- - Key ID: @mrk-1234abcd12ab34cd56ef1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/mrk-1234abcd12ab34cd56ef1234567890ab@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey.+updatePrimaryRegion_keyId :: Lens.Lens' UpdatePrimaryRegion Prelude.Text+updatePrimaryRegion_keyId = Lens.lens (\UpdatePrimaryRegion' {keyId} -> keyId) (\s@UpdatePrimaryRegion' {} a -> s {keyId = a} :: UpdatePrimaryRegion)++-- | The Amazon Web Services Region of the new primary key. Enter the Region+-- ID, such as @us-east-1@ or @ap-southeast-2@. There must be an existing+-- replica key in this Region.+--+-- When the operation completes, the multi-Region key in this Region will+-- be the primary key.+updatePrimaryRegion_primaryRegion :: Lens.Lens' UpdatePrimaryRegion Prelude.Text+updatePrimaryRegion_primaryRegion = Lens.lens (\UpdatePrimaryRegion' {primaryRegion} -> primaryRegion) (\s@UpdatePrimaryRegion' {} a -> s {primaryRegion = a} :: UpdatePrimaryRegion)++instance Core.AWSRequest UpdatePrimaryRegion where+ type+ AWSResponse UpdatePrimaryRegion =+ UpdatePrimaryRegionResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveNull UpdatePrimaryRegionResponse'++instance Prelude.Hashable UpdatePrimaryRegion where+ hashWithSalt _salt UpdatePrimaryRegion' {..} =+ _salt+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` primaryRegion++instance Prelude.NFData UpdatePrimaryRegion where+ rnf UpdatePrimaryRegion' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf primaryRegion++instance Data.ToHeaders UpdatePrimaryRegion where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ( "TrentService.UpdatePrimaryRegion" ::+ Prelude.ByteString+ ),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON UpdatePrimaryRegion where+ toJSON UpdatePrimaryRegion' {..} =+ Data.object+ ( Prelude.catMaybes+ [ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just+ ("PrimaryRegion" Data..= primaryRegion)+ ]+ )++instance Data.ToPath UpdatePrimaryRegion where+ toPath = Prelude.const "/"++instance Data.ToQuery UpdatePrimaryRegion where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newUpdatePrimaryRegionResponse' smart constructor.+data UpdatePrimaryRegionResponse = UpdatePrimaryRegionResponse'+ {+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'UpdatePrimaryRegionResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+newUpdatePrimaryRegionResponse ::+ UpdatePrimaryRegionResponse+newUpdatePrimaryRegionResponse =+ UpdatePrimaryRegionResponse'++instance Prelude.NFData UpdatePrimaryRegionResponse where+ rnf _ = ()
+ gen/Amazonka/KMS/Verify.hs view
@@ -0,0 +1,482 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Verify+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Verifies a digital signature that was generated by the Sign operation.+--+-- Verification confirms that an authorized user signed the message with+-- the specified KMS key and signing algorithm, and the message hasn\'t+-- changed since it was signed. If the signature is verified, the value of+-- the @SignatureValid@ field in the response is @True@. If the signature+-- verification fails, the @Verify@ operation fails with an+-- @KMSInvalidSignatureException@ exception.+--+-- A digital signature is generated by using the private key in an+-- asymmetric KMS key. The signature is verified by using the public key in+-- the same asymmetric KMS key. For information about asymmetric KMS keys,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html Asymmetric KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- To verify a digital signature, you can use the @Verify@ operation.+-- Specify the same asymmetric KMS key, message, and signing algorithm that+-- were used to produce the signature.+--+-- You can also verify the digital signature by using the public key of the+-- KMS key outside of KMS. Use the GetPublicKey operation to download the+-- public key in the asymmetric KMS key and then use the public key to+-- verify the signature outside of KMS. The advantage of using the @Verify@+-- operation is that it is performed within KMS. As a result, it\'s easy to+-- call, the operation is performed within the FIPS boundary, it is logged+-- in CloudTrail, and you can use key policy and IAM policy to determine+-- who is authorized to use the KMS key to verify signatures.+--+-- To verify a signature outside of KMS with an SM2 public key (China+-- Regions only), you must specify the distinguishing ID. By default, KMS+-- uses @1234567812345678@ as the distinguishing ID. For more information,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification Offline verification with SM2 key pairs>.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:Verify>+-- (key policy)+--+-- __Related operations__: Sign+module Amazonka.KMS.Verify+ ( -- * Creating a Request+ Verify (..),+ newVerify,++ -- * Request Lenses+ verify_grantTokens,+ verify_messageType,+ verify_keyId,+ verify_message,+ verify_signature,+ verify_signingAlgorithm,++ -- * Destructuring the Response+ VerifyResponse (..),+ newVerifyResponse,++ -- * Response Lenses+ verifyResponse_keyId,+ verifyResponse_signatureValid,+ verifyResponse_signingAlgorithm,+ verifyResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newVerify' smart constructor.+data Verify = Verify'+ { -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | Tells KMS whether the value of the @Message@ parameter is a message or+ -- message digest. The default value, RAW, indicates a message. To indicate+ -- a message digest, enter @DIGEST@.+ --+ -- Use the @DIGEST@ value only when the value of the @Message@ parameter is+ -- a message digest. If you use the @DIGEST@ value with a raw message, the+ -- security of the verification operation can be compromised.+ messageType :: Prelude.Maybe MessageType,+ -- | Identifies the asymmetric KMS key that will be used to verify the+ -- signature. This must be the same KMS key that was used to generate the+ -- signature. If you specify a different KMS key, the signature+ -- verification fails.+ --+ -- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+ -- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+ -- key in a different Amazon Web Services account, you must use the key ARN+ -- or alias ARN.+ --+ -- For example:+ --+ -- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Key ARN:+ -- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+ --+ -- - Alias name: @alias\/ExampleAlias@+ --+ -- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+ --+ -- To get the key ID and key ARN for a KMS key, use ListKeys or+ -- DescribeKey. To get the alias name and alias ARN, use ListAliases.+ keyId :: Prelude.Text,+ -- | Specifies the message that was signed. You can submit a raw message of+ -- up to 4096 bytes, or a hash digest of the message. If you submit a+ -- digest, use the @MessageType@ parameter with a value of @DIGEST@.+ --+ -- If the message specified here is different from the message that was+ -- signed, the signature verification fails. A message and its hash digest+ -- are considered to be the same message.+ message :: Data.Sensitive Data.Base64,+ -- | The signature that the @Sign@ operation generated.+ signature :: Data.Base64,+ -- | The signing algorithm that was used to sign the message. If you submit a+ -- different algorithm, the signature verification fails.+ signingAlgorithm :: SigningAlgorithmSpec+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'Verify' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grantTokens', 'verify_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'messageType', 'verify_messageType' - Tells KMS whether the value of the @Message@ parameter is a message or+-- message digest. The default value, RAW, indicates a message. To indicate+-- a message digest, enter @DIGEST@.+--+-- Use the @DIGEST@ value only when the value of the @Message@ parameter is+-- a message digest. If you use the @DIGEST@ value with a raw message, the+-- security of the verification operation can be compromised.+--+-- 'keyId', 'verify_keyId' - Identifies the asymmetric KMS key that will be used to verify the+-- signature. This must be the same KMS key that was used to generate the+-- signature. If you specify a different KMS key, the signature+-- verification fails.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+--+-- 'message', 'verify_message' - Specifies the message that was signed. You can submit a raw message of+-- up to 4096 bytes, or a hash digest of the message. If you submit a+-- digest, use the @MessageType@ parameter with a value of @DIGEST@.+--+-- If the message specified here is different from the message that was+-- signed, the signature verification fails. A message and its hash digest+-- are considered to be the same message.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'signature', 'verify_signature' - The signature that the @Sign@ operation generated.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'signingAlgorithm', 'verify_signingAlgorithm' - The signing algorithm that was used to sign the message. If you submit a+-- different algorithm, the signature verification fails.+newVerify ::+ -- | 'keyId'+ Prelude.Text ->+ -- | 'message'+ Prelude.ByteString ->+ -- | 'signature'+ Prelude.ByteString ->+ -- | 'signingAlgorithm'+ SigningAlgorithmSpec ->+ Verify+newVerify+ pKeyId_+ pMessage_+ pSignature_+ pSigningAlgorithm_ =+ Verify'+ { grantTokens = Prelude.Nothing,+ messageType = Prelude.Nothing,+ keyId = pKeyId_,+ message =+ Data._Sensitive+ Prelude.. Data._Base64+ Lens.# pMessage_,+ signature = Data._Base64 Lens.# pSignature_,+ signingAlgorithm = pSigningAlgorithm_+ }++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+verify_grantTokens :: Lens.Lens' Verify (Prelude.Maybe [Prelude.Text])+verify_grantTokens = Lens.lens (\Verify' {grantTokens} -> grantTokens) (\s@Verify' {} a -> s {grantTokens = a} :: Verify) Prelude.. Lens.mapping Lens.coerced++-- | Tells KMS whether the value of the @Message@ parameter is a message or+-- message digest. The default value, RAW, indicates a message. To indicate+-- a message digest, enter @DIGEST@.+--+-- Use the @DIGEST@ value only when the value of the @Message@ parameter is+-- a message digest. If you use the @DIGEST@ value with a raw message, the+-- security of the verification operation can be compromised.+verify_messageType :: Lens.Lens' Verify (Prelude.Maybe MessageType)+verify_messageType = Lens.lens (\Verify' {messageType} -> messageType) (\s@Verify' {} a -> s {messageType = a} :: Verify)++-- | Identifies the asymmetric KMS key that will be used to verify the+-- signature. This must be the same KMS key that was used to generate the+-- signature. If you specify a different KMS key, the signature+-- verification fails.+--+-- To specify a KMS key, use its key ID, key ARN, alias name, or alias ARN.+-- When using an alias name, prefix it with @\"alias\/\"@. To specify a KMS+-- key in a different Amazon Web Services account, you must use the key ARN+-- or alias ARN.+--+-- For example:+--+-- - Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Key ARN:+-- @arn:aws:kms:us-east-2:111122223333:key\/1234abcd-12ab-34cd-56ef-1234567890ab@+--+-- - Alias name: @alias\/ExampleAlias@+--+-- - Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias\/ExampleAlias@+--+-- To get the key ID and key ARN for a KMS key, use ListKeys or+-- DescribeKey. To get the alias name and alias ARN, use ListAliases.+verify_keyId :: Lens.Lens' Verify Prelude.Text+verify_keyId = Lens.lens (\Verify' {keyId} -> keyId) (\s@Verify' {} a -> s {keyId = a} :: Verify)++-- | Specifies the message that was signed. You can submit a raw message of+-- up to 4096 bytes, or a hash digest of the message. If you submit a+-- digest, use the @MessageType@ parameter with a value of @DIGEST@.+--+-- If the message specified here is different from the message that was+-- signed, the signature verification fails. A message and its hash digest+-- are considered to be the same message.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+verify_message :: Lens.Lens' Verify Prelude.ByteString+verify_message = Lens.lens (\Verify' {message} -> message) (\s@Verify' {} a -> s {message = a} :: Verify) Prelude.. Data._Sensitive Prelude.. Data._Base64++-- | The signature that the @Sign@ operation generated.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+verify_signature :: Lens.Lens' Verify Prelude.ByteString+verify_signature = Lens.lens (\Verify' {signature} -> signature) (\s@Verify' {} a -> s {signature = a} :: Verify) Prelude.. Data._Base64++-- | The signing algorithm that was used to sign the message. If you submit a+-- different algorithm, the signature verification fails.+verify_signingAlgorithm :: Lens.Lens' Verify SigningAlgorithmSpec+verify_signingAlgorithm = Lens.lens (\Verify' {signingAlgorithm} -> signingAlgorithm) (\s@Verify' {} a -> s {signingAlgorithm = a} :: Verify)++instance Core.AWSRequest Verify where+ type AWSResponse Verify = VerifyResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ VerifyResponse'+ Prelude.<$> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "SignatureValid")+ Prelude.<*> (x Data..?> "SigningAlgorithm")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable Verify where+ hashWithSalt _salt Verify' {..} =+ _salt+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` messageType+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` message+ `Prelude.hashWithSalt` signature+ `Prelude.hashWithSalt` signingAlgorithm++instance Prelude.NFData Verify where+ rnf Verify' {..} =+ Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf messageType+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf message+ `Prelude.seq` Prelude.rnf signature+ `Prelude.seq` Prelude.rnf signingAlgorithm++instance Data.ToHeaders Verify where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.Verify" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON Verify where+ toJSON Verify' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ ("MessageType" Data..=) Prelude.<$> messageType,+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("Message" Data..= message),+ Prelude.Just ("Signature" Data..= signature),+ Prelude.Just+ ("SigningAlgorithm" Data..= signingAlgorithm)+ ]+ )++instance Data.ToPath Verify where+ toPath = Prelude.const "/"++instance Data.ToQuery Verify where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newVerifyResponse' smart constructor.+data VerifyResponse = VerifyResponse'+ { -- | The Amazon Resource Name+ -- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+ -- of the asymmetric KMS key that was used to verify the signature.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | A Boolean value that indicates whether the signature was verified. A+ -- value of @True@ indicates that the @Signature@ was produced by signing+ -- the @Message@ with the specified @KeyID@ and @SigningAlgorithm.@ If the+ -- signature is not verified, the @Verify@ operation fails with a+ -- @KMSInvalidSignatureException@ exception.+ signatureValid :: Prelude.Maybe Prelude.Bool,+ -- | The signing algorithm that was used to verify the signature.+ signingAlgorithm :: Prelude.Maybe SigningAlgorithmSpec,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'VerifyResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'verifyResponse_keyId' - The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the asymmetric KMS key that was used to verify the signature.+--+-- 'signatureValid', 'verifyResponse_signatureValid' - A Boolean value that indicates whether the signature was verified. A+-- value of @True@ indicates that the @Signature@ was produced by signing+-- the @Message@ with the specified @KeyID@ and @SigningAlgorithm.@ If the+-- signature is not verified, the @Verify@ operation fails with a+-- @KMSInvalidSignatureException@ exception.+--+-- 'signingAlgorithm', 'verifyResponse_signingAlgorithm' - The signing algorithm that was used to verify the signature.+--+-- 'httpStatus', 'verifyResponse_httpStatus' - The response's http status code.+newVerifyResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ VerifyResponse+newVerifyResponse pHttpStatus_ =+ VerifyResponse'+ { keyId = Prelude.Nothing,+ signatureValid = Prelude.Nothing,+ signingAlgorithm = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The Amazon Resource Name+-- (<https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-id-key-ARN key ARN>)+-- of the asymmetric KMS key that was used to verify the signature.+verifyResponse_keyId :: Lens.Lens' VerifyResponse (Prelude.Maybe Prelude.Text)+verifyResponse_keyId = Lens.lens (\VerifyResponse' {keyId} -> keyId) (\s@VerifyResponse' {} a -> s {keyId = a} :: VerifyResponse)++-- | A Boolean value that indicates whether the signature was verified. A+-- value of @True@ indicates that the @Signature@ was produced by signing+-- the @Message@ with the specified @KeyID@ and @SigningAlgorithm.@ If the+-- signature is not verified, the @Verify@ operation fails with a+-- @KMSInvalidSignatureException@ exception.+verifyResponse_signatureValid :: Lens.Lens' VerifyResponse (Prelude.Maybe Prelude.Bool)+verifyResponse_signatureValid = Lens.lens (\VerifyResponse' {signatureValid} -> signatureValid) (\s@VerifyResponse' {} a -> s {signatureValid = a} :: VerifyResponse)++-- | The signing algorithm that was used to verify the signature.+verifyResponse_signingAlgorithm :: Lens.Lens' VerifyResponse (Prelude.Maybe SigningAlgorithmSpec)+verifyResponse_signingAlgorithm = Lens.lens (\VerifyResponse' {signingAlgorithm} -> signingAlgorithm) (\s@VerifyResponse' {} a -> s {signingAlgorithm = a} :: VerifyResponse)++-- | The response's http status code.+verifyResponse_httpStatus :: Lens.Lens' VerifyResponse Prelude.Int+verifyResponse_httpStatus = Lens.lens (\VerifyResponse' {httpStatus} -> httpStatus) (\s@VerifyResponse' {} a -> s {httpStatus = a} :: VerifyResponse)++instance Prelude.NFData VerifyResponse where+ rnf VerifyResponse' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf signatureValid+ `Prelude.seq` Prelude.rnf signingAlgorithm+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/VerifyMac.hs view
@@ -0,0 +1,378 @@+{-# LANGUAGE DeriveGeneric #-}+{-# LANGUAGE DuplicateRecordFields #-}+{-# LANGUAGE NamedFieldPuns #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE RecordWildCards #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-binds #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}+{-# OPTIONS_GHC -fno-warn-unused-matches #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.VerifyMac+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+--+-- Verifies the hash-based message authentication code (HMAC) for a+-- specified message, HMAC KMS key, and MAC algorithm. To verify the HMAC,+-- @VerifyMac@ computes an HMAC using the message, HMAC KMS key, and MAC+-- algorithm that you specify, and compares the computed HMAC to the HMAC+-- that you specify. If the HMACs are identical, the verification succeeds;+-- otherwise, it fails. Verification indicates that the message hasn\'t+-- changed since the HMAC was calculated, and the specified key was used to+-- generate and verify the HMAC.+--+-- HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry+-- standards defined in+-- <https://datatracker.ietf.org/doc/html/rfc2104 RFC 2104>.+--+-- This operation is part of KMS support for HMAC KMS keys. For details,+-- see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html HMAC keys in KMS>+-- in the /Key Management Service Developer Guide/.+--+-- The KMS key that you use for this operation must be in a compatible key+-- state. For details, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html Key states of KMS keys>+-- in the /Key Management Service Developer Guide/.+--+-- __Cross-account use__: Yes. To perform this operation with a KMS key in+-- a different Amazon Web Services account, specify the key ARN or alias+-- ARN in the value of the @KeyId@ parameter.+--+-- __Required permissions__:+-- <https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html kms:VerifyMac>+-- (key policy)+--+-- __Related operations__: GenerateMac+module Amazonka.KMS.VerifyMac+ ( -- * Creating a Request+ VerifyMac (..),+ newVerifyMac,++ -- * Request Lenses+ verifyMac_grantTokens,+ verifyMac_message,+ verifyMac_keyId,+ verifyMac_macAlgorithm,+ verifyMac_mac,++ -- * Destructuring the Response+ VerifyMacResponse (..),+ newVerifyMacResponse,++ -- * Response Lenses+ verifyMacResponse_keyId,+ verifyMacResponse_macAlgorithm,+ verifyMacResponse_macValid,+ verifyMacResponse_httpStatus,+ )+where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude+import qualified Amazonka.Request as Request+import qualified Amazonka.Response as Response++-- | /See:/ 'newVerifyMac' smart constructor.+data VerifyMac = VerifyMac'+ { -- | A list of grant tokens.+ --+ -- Use a grant token when your permission to call this operation comes from+ -- a new grant that has not yet achieved /eventual consistency/. For more+ -- information, see+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+ -- and+ -- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+ -- in the /Key Management Service Developer Guide/.+ grantTokens :: Prelude.Maybe [Prelude.Text],+ -- | The message that will be used in the verification. Enter the same+ -- message that was used to generate the HMAC.+ --+ -- GenerateMac and @VerifyMac@ do not provide special handling for message+ -- digests. If you generated an HMAC for a hash digest of a message, you+ -- must verify the HMAC for the same hash digest.+ message :: Data.Sensitive Data.Base64,+ -- | The KMS key that will be used in the verification.+ --+ -- Enter a key ID of the KMS key that was used to generate the HMAC. If you+ -- identify a different KMS key, the @VerifyMac@ operation fails.+ keyId :: Prelude.Text,+ -- | The MAC algorithm that will be used in the verification. Enter the same+ -- MAC algorithm that was used to compute the HMAC. This algorithm must be+ -- supported by the HMAC KMS key identified by the @KeyId@ parameter.+ macAlgorithm :: MacAlgorithmSpec,+ -- | The HMAC to verify. Enter the HMAC that was generated by the GenerateMac+ -- operation when you specified the same message, HMAC KMS key, and MAC+ -- algorithm as the values specified in this request.+ mac :: Data.Base64+ }+ deriving (Prelude.Eq, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'VerifyMac' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'grantTokens', 'verifyMac_grantTokens' - A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+--+-- 'message', 'verifyMac_message' - The message that will be used in the verification. Enter the same+-- message that was used to generate the HMAC.+--+-- GenerateMac and @VerifyMac@ do not provide special handling for message+-- digests. If you generated an HMAC for a hash digest of a message, you+-- must verify the HMAC for the same hash digest.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+--+-- 'keyId', 'verifyMac_keyId' - The KMS key that will be used in the verification.+--+-- Enter a key ID of the KMS key that was used to generate the HMAC. If you+-- identify a different KMS key, the @VerifyMac@ operation fails.+--+-- 'macAlgorithm', 'verifyMac_macAlgorithm' - The MAC algorithm that will be used in the verification. Enter the same+-- MAC algorithm that was used to compute the HMAC. This algorithm must be+-- supported by the HMAC KMS key identified by the @KeyId@ parameter.+--+-- 'mac', 'verifyMac_mac' - The HMAC to verify. Enter the HMAC that was generated by the GenerateMac+-- operation when you specified the same message, HMAC KMS key, and MAC+-- algorithm as the values specified in this request.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+newVerifyMac ::+ -- | 'message'+ Prelude.ByteString ->+ -- | 'keyId'+ Prelude.Text ->+ -- | 'macAlgorithm'+ MacAlgorithmSpec ->+ -- | 'mac'+ Prelude.ByteString ->+ VerifyMac+newVerifyMac pMessage_ pKeyId_ pMacAlgorithm_ pMac_ =+ VerifyMac'+ { grantTokens = Prelude.Nothing,+ message =+ Data._Sensitive+ Prelude.. Data._Base64+ Lens.# pMessage_,+ keyId = pKeyId_,+ macAlgorithm = pMacAlgorithm_,+ mac = Data._Base64 Lens.# pMac_+ }++-- | A list of grant tokens.+--+-- Use a grant token when your permission to call this operation comes from+-- a new grant that has not yet achieved /eventual consistency/. For more+-- information, see+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token Grant token>+-- and+-- <https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token Using a grant token>+-- in the /Key Management Service Developer Guide/.+verifyMac_grantTokens :: Lens.Lens' VerifyMac (Prelude.Maybe [Prelude.Text])+verifyMac_grantTokens = Lens.lens (\VerifyMac' {grantTokens} -> grantTokens) (\s@VerifyMac' {} a -> s {grantTokens = a} :: VerifyMac) Prelude.. Lens.mapping Lens.coerced++-- | The message that will be used in the verification. Enter the same+-- message that was used to generate the HMAC.+--+-- GenerateMac and @VerifyMac@ do not provide special handling for message+-- digests. If you generated an HMAC for a hash digest of a message, you+-- must verify the HMAC for the same hash digest.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+verifyMac_message :: Lens.Lens' VerifyMac Prelude.ByteString+verifyMac_message = Lens.lens (\VerifyMac' {message} -> message) (\s@VerifyMac' {} a -> s {message = a} :: VerifyMac) Prelude.. Data._Sensitive Prelude.. Data._Base64++-- | The KMS key that will be used in the verification.+--+-- Enter a key ID of the KMS key that was used to generate the HMAC. If you+-- identify a different KMS key, the @VerifyMac@ operation fails.+verifyMac_keyId :: Lens.Lens' VerifyMac Prelude.Text+verifyMac_keyId = Lens.lens (\VerifyMac' {keyId} -> keyId) (\s@VerifyMac' {} a -> s {keyId = a} :: VerifyMac)++-- | The MAC algorithm that will be used in the verification. Enter the same+-- MAC algorithm that was used to compute the HMAC. This algorithm must be+-- supported by the HMAC KMS key identified by the @KeyId@ parameter.+verifyMac_macAlgorithm :: Lens.Lens' VerifyMac MacAlgorithmSpec+verifyMac_macAlgorithm = Lens.lens (\VerifyMac' {macAlgorithm} -> macAlgorithm) (\s@VerifyMac' {} a -> s {macAlgorithm = a} :: VerifyMac)++-- | The HMAC to verify. Enter the HMAC that was generated by the GenerateMac+-- operation when you specified the same message, HMAC KMS key, and MAC+-- algorithm as the values specified in this request.--+-- -- /Note:/ This 'Lens' automatically encodes and decodes Base64 data.+-- -- The underlying isomorphism will encode to Base64 representation during+-- -- serialisation, and decode from Base64 representation during deserialisation.+-- -- This 'Lens' accepts and returns only raw unencoded data.+verifyMac_mac :: Lens.Lens' VerifyMac Prelude.ByteString+verifyMac_mac = Lens.lens (\VerifyMac' {mac} -> mac) (\s@VerifyMac' {} a -> s {mac = a} :: VerifyMac) Prelude.. Data._Base64++instance Core.AWSRequest VerifyMac where+ type AWSResponse VerifyMac = VerifyMacResponse+ request overrides =+ Request.postJSON (overrides defaultService)+ response =+ Response.receiveJSON+ ( \s h x ->+ VerifyMacResponse'+ Prelude.<$> (x Data..?> "KeyId")+ Prelude.<*> (x Data..?> "MacAlgorithm")+ Prelude.<*> (x Data..?> "MacValid")+ Prelude.<*> (Prelude.pure (Prelude.fromEnum s))+ )++instance Prelude.Hashable VerifyMac where+ hashWithSalt _salt VerifyMac' {..} =+ _salt+ `Prelude.hashWithSalt` grantTokens+ `Prelude.hashWithSalt` message+ `Prelude.hashWithSalt` keyId+ `Prelude.hashWithSalt` macAlgorithm+ `Prelude.hashWithSalt` mac++instance Prelude.NFData VerifyMac where+ rnf VerifyMac' {..} =+ Prelude.rnf grantTokens+ `Prelude.seq` Prelude.rnf message+ `Prelude.seq` Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf macAlgorithm+ `Prelude.seq` Prelude.rnf mac++instance Data.ToHeaders VerifyMac where+ toHeaders =+ Prelude.const+ ( Prelude.mconcat+ [ "X-Amz-Target"+ Data.=# ("TrentService.VerifyMac" :: Prelude.ByteString),+ "Content-Type"+ Data.=# ( "application/x-amz-json-1.1" ::+ Prelude.ByteString+ )+ ]+ )++instance Data.ToJSON VerifyMac where+ toJSON VerifyMac' {..} =+ Data.object+ ( Prelude.catMaybes+ [ ("GrantTokens" Data..=) Prelude.<$> grantTokens,+ Prelude.Just ("Message" Data..= message),+ Prelude.Just ("KeyId" Data..= keyId),+ Prelude.Just ("MacAlgorithm" Data..= macAlgorithm),+ Prelude.Just ("Mac" Data..= mac)+ ]+ )++instance Data.ToPath VerifyMac where+ toPath = Prelude.const "/"++instance Data.ToQuery VerifyMac where+ toQuery = Prelude.const Prelude.mempty++-- | /See:/ 'newVerifyMacResponse' smart constructor.+data VerifyMacResponse = VerifyMacResponse'+ { -- | The HMAC KMS key used in the verification.+ keyId :: Prelude.Maybe Prelude.Text,+ -- | The MAC algorithm used in the verification.+ macAlgorithm :: Prelude.Maybe MacAlgorithmSpec,+ -- | A Boolean value that indicates whether the HMAC was verified. A value of+ -- @True@ indicates that the HMAC (@Mac@) was generated with the specified+ -- @Message@, HMAC KMS key (@KeyID@) and @MacAlgorithm.@.+ --+ -- If the HMAC is not verified, the @VerifyMac@ operation fails with a+ -- @KMSInvalidMacException@ exception. This exception indicates that one or+ -- more of the inputs changed since the HMAC was computed.+ macValid :: Prelude.Maybe Prelude.Bool,+ -- | The response's http status code.+ httpStatus :: Prelude.Int+ }+ deriving (Prelude.Eq, Prelude.Read, Prelude.Show, Prelude.Generic)++-- |+-- Create a value of 'VerifyMacResponse' with all optional fields omitted.+--+-- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields.+--+-- The following record fields are available, with the corresponding lenses provided+-- for backwards compatibility:+--+-- 'keyId', 'verifyMacResponse_keyId' - The HMAC KMS key used in the verification.+--+-- 'macAlgorithm', 'verifyMacResponse_macAlgorithm' - The MAC algorithm used in the verification.+--+-- 'macValid', 'verifyMacResponse_macValid' - A Boolean value that indicates whether the HMAC was verified. A value of+-- @True@ indicates that the HMAC (@Mac@) was generated with the specified+-- @Message@, HMAC KMS key (@KeyID@) and @MacAlgorithm.@.+--+-- If the HMAC is not verified, the @VerifyMac@ operation fails with a+-- @KMSInvalidMacException@ exception. This exception indicates that one or+-- more of the inputs changed since the HMAC was computed.+--+-- 'httpStatus', 'verifyMacResponse_httpStatus' - The response's http status code.+newVerifyMacResponse ::+ -- | 'httpStatus'+ Prelude.Int ->+ VerifyMacResponse+newVerifyMacResponse pHttpStatus_ =+ VerifyMacResponse'+ { keyId = Prelude.Nothing,+ macAlgorithm = Prelude.Nothing,+ macValid = Prelude.Nothing,+ httpStatus = pHttpStatus_+ }++-- | The HMAC KMS key used in the verification.+verifyMacResponse_keyId :: Lens.Lens' VerifyMacResponse (Prelude.Maybe Prelude.Text)+verifyMacResponse_keyId = Lens.lens (\VerifyMacResponse' {keyId} -> keyId) (\s@VerifyMacResponse' {} a -> s {keyId = a} :: VerifyMacResponse)++-- | The MAC algorithm used in the verification.+verifyMacResponse_macAlgorithm :: Lens.Lens' VerifyMacResponse (Prelude.Maybe MacAlgorithmSpec)+verifyMacResponse_macAlgorithm = Lens.lens (\VerifyMacResponse' {macAlgorithm} -> macAlgorithm) (\s@VerifyMacResponse' {} a -> s {macAlgorithm = a} :: VerifyMacResponse)++-- | A Boolean value that indicates whether the HMAC was verified. A value of+-- @True@ indicates that the HMAC (@Mac@) was generated with the specified+-- @Message@, HMAC KMS key (@KeyID@) and @MacAlgorithm.@.+--+-- If the HMAC is not verified, the @VerifyMac@ operation fails with a+-- @KMSInvalidMacException@ exception. This exception indicates that one or+-- more of the inputs changed since the HMAC was computed.+verifyMacResponse_macValid :: Lens.Lens' VerifyMacResponse (Prelude.Maybe Prelude.Bool)+verifyMacResponse_macValid = Lens.lens (\VerifyMacResponse' {macValid} -> macValid) (\s@VerifyMacResponse' {} a -> s {macValid = a} :: VerifyMacResponse)++-- | The response's http status code.+verifyMacResponse_httpStatus :: Lens.Lens' VerifyMacResponse Prelude.Int+verifyMacResponse_httpStatus = Lens.lens (\VerifyMacResponse' {httpStatus} -> httpStatus) (\s@VerifyMacResponse' {} a -> s {httpStatus = a} :: VerifyMacResponse)++instance Prelude.NFData VerifyMacResponse where+ rnf VerifyMacResponse' {..} =+ Prelude.rnf keyId+ `Prelude.seq` Prelude.rnf macAlgorithm+ `Prelude.seq` Prelude.rnf macValid+ `Prelude.seq` Prelude.rnf httpStatus
+ gen/Amazonka/KMS/Waiters.hs view
@@ -0,0 +1,24 @@+{-# LANGUAGE DisambiguateRecordFields #-}+{-# LANGUAGE OverloadedStrings #-}+{-# LANGUAGE StrictData #-}+{-# LANGUAGE TypeFamilies #-}+{-# LANGUAGE NoImplicitPrelude #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Amazonka.KMS.Waiters+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Amazonka.KMS.Waiters where++import qualified Amazonka.Core as Core+import qualified Amazonka.Core.Lens.Internal as Lens+import qualified Amazonka.Data as Data+import Amazonka.KMS.Lens+import Amazonka.KMS.Types+import qualified Amazonka.Prelude as Prelude
− gen/Network/AWS/KMS.hs
@@ -1,398 +0,0 @@-{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-duplicate-exports #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ __AWS Key Management Service__------ AWS Key Management Service (AWS KMS) is an encryption and key management web service. This guide describes the AWS KMS operations that you can call programmatically. For general information about AWS KMS, see the <http://docs.aws.amazon.com/kms/latest/developerguide/ AWS Key Management Service Developer Guide> .------ We recommend that you use the AWS SDKs to make programmatic API calls to AWS KMS.------ Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.------ __Signing Requests__------ Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you /do not/ use your AWS account (root) access key ID and secret key for everyday work with AWS KMS. Instead, use the access key ID and secret access key for an IAM user, or you can use the AWS Security Token Service to generate temporary security credentials that you can use to sign requests.------ All AWS KMS operations require <http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Signature Version 4> .------ __Logging API Requests__------ AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to AWS KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the <http://docs.aws.amazon.com/awscloudtrail/latest/userguide/ AWS CloudTrail User Guide> .------ __Additional Resources__------ For more information about credentials and request signing, see the following:------ * <http://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html AWS Security Credentials> - This topic provides general information about the types of credentials used for accessing AWS.------ * <http://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html Temporary Security Credentials> - This section of the /IAM User Guide/ describes how to create and use temporary security credentials.------ * <http://docs.aws.amazon.com/general/latest/gr/signature-version-4.html Signature Version 4 Signing Process> - This set of topics walks you through the process of signing a request using an access key ID and a secret access key.------------ __Commonly Used APIs__------ Of the APIs discussed in this guide, the following will prove the most useful for most applications. You will likely perform actions other than these, such as creating keys and assigning policies, by using the console.------ * 'Encrypt'------ * 'Decrypt'------ * 'GenerateDataKey'------ * 'GenerateDataKeyWithoutPlaintext'----------module Network.AWS.KMS- (- -- * Service Configuration- kms-- -- * Errors- -- $errors-- -- ** InvalidMarkerException- , _InvalidMarkerException-- -- ** KMSInvalidStateException- , _KMSInvalidStateException-- -- ** InvalidKeyUsageException- , _InvalidKeyUsageException-- -- ** MalformedPolicyDocumentException- , _MalformedPolicyDocumentException-- -- ** UnsupportedOperationException- , _UnsupportedOperationException-- -- ** DisabledException- , _DisabledException-- -- ** KeyUnavailableException- , _KeyUnavailableException-- -- ** IncorrectKeyMaterialException- , _IncorrectKeyMaterialException-- -- ** KMSInternalException- , _KMSInternalException-- -- ** TagException- , _TagException-- -- ** InvalidImportTokenException- , _InvalidImportTokenException-- -- ** NotFoundException- , _NotFoundException-- -- ** InvalidAliasNameException- , _InvalidAliasNameException-- -- ** InvalidGrantIdException- , _InvalidGrantIdException-- -- ** InvalidGrantTokenException- , _InvalidGrantTokenException-- -- ** InvalidARNException- , _InvalidARNException-- -- ** DependencyTimeoutException- , _DependencyTimeoutException-- -- ** ExpiredImportTokenException- , _ExpiredImportTokenException-- -- ** InvalidCiphertextException- , _InvalidCiphertextException-- -- ** AlreadyExistsException- , _AlreadyExistsException-- -- ** LimitExceededException- , _LimitExceededException-- -- * Waiters- -- $waiters-- -- * Operations- -- $operations-- -- ** Encrypt- , module Network.AWS.KMS.Encrypt-- -- ** ListGrants (Paginated)- , module Network.AWS.KMS.ListGrants-- -- ** DisableKeyRotation- , module Network.AWS.KMS.DisableKeyRotation-- -- ** GenerateDataKeyWithoutPlaintext- , module Network.AWS.KMS.GenerateDataKeyWithoutPlaintext-- -- ** GetParametersForImport- , module Network.AWS.KMS.GetParametersForImport-- -- ** EnableKeyRotation- , module Network.AWS.KMS.EnableKeyRotation-- -- ** CreateAlias- , module Network.AWS.KMS.CreateAlias-- -- ** CreateGrant- , module Network.AWS.KMS.CreateGrant-- -- ** ListAliases (Paginated)- , module Network.AWS.KMS.ListAliases-- -- ** ListRetirableGrants- , module Network.AWS.KMS.ListRetirableGrants-- -- ** GenerateRandom- , module Network.AWS.KMS.GenerateRandom-- -- ** CreateKey- , module Network.AWS.KMS.CreateKey-- -- ** DisableKey- , module Network.AWS.KMS.DisableKey-- -- ** RetireGrant- , module Network.AWS.KMS.RetireGrant-- -- ** ListKeys (Paginated)- , module Network.AWS.KMS.ListKeys-- -- ** ListResourceTags- , module Network.AWS.KMS.ListResourceTags-- -- ** GetKeyRotationStatus- , module Network.AWS.KMS.GetKeyRotationStatus-- -- ** GenerateDataKey- , module Network.AWS.KMS.GenerateDataKey-- -- ** DeleteAlias- , module Network.AWS.KMS.DeleteAlias-- -- ** UpdateAlias- , module Network.AWS.KMS.UpdateAlias-- -- ** DescribeKey- , module Network.AWS.KMS.DescribeKey-- -- ** CancelKeyDeletion- , module Network.AWS.KMS.CancelKeyDeletion-- -- ** Decrypt- , module Network.AWS.KMS.Decrypt-- -- ** UpdateKeyDescription- , module Network.AWS.KMS.UpdateKeyDescription-- -- ** ReEncrypt- , module Network.AWS.KMS.ReEncrypt-- -- ** TagResource- , module Network.AWS.KMS.TagResource-- -- ** ListKeyPolicies (Paginated)- , module Network.AWS.KMS.ListKeyPolicies-- -- ** UntagResource- , module Network.AWS.KMS.UntagResource-- -- ** ScheduleKeyDeletion- , module Network.AWS.KMS.ScheduleKeyDeletion-- -- ** PutKeyPolicy- , module Network.AWS.KMS.PutKeyPolicy-- -- ** EnableKey- , module Network.AWS.KMS.EnableKey-- -- ** RevokeGrant- , module Network.AWS.KMS.RevokeGrant-- -- ** GetKeyPolicy- , module Network.AWS.KMS.GetKeyPolicy-- -- ** ImportKeyMaterial- , module Network.AWS.KMS.ImportKeyMaterial-- -- ** DeleteImportedKeyMaterial- , module Network.AWS.KMS.DeleteImportedKeyMaterial-- -- * Types-- -- ** AlgorithmSpec- , AlgorithmSpec (..)-- -- ** DataKeySpec- , DataKeySpec (..)-- -- ** ExpirationModelType- , ExpirationModelType (..)-- -- ** GrantOperation- , GrantOperation (..)-- -- ** KeyManagerType- , KeyManagerType (..)-- -- ** KeyState- , KeyState (..)-- -- ** KeyUsageType- , KeyUsageType (..)-- -- ** OriginType- , OriginType (..)-- -- ** WrappingKeySpec- , WrappingKeySpec (..)-- -- ** AliasListEntry- , AliasListEntry- , aliasListEntry- , aleTargetKeyId- , aleAliasName- , aleAliasARN-- -- ** GrantConstraints- , GrantConstraints- , grantConstraints- , gcEncryptionContextEquals- , gcEncryptionContextSubset-- -- ** GrantListEntry- , GrantListEntry- , grantListEntry- , gleKeyId- , gleRetiringPrincipal- , gleIssuingAccount- , gleGrantId- , gleConstraints- , gleGranteePrincipal- , gleName- , gleCreationDate- , gleOperations-- -- ** KeyListEntry- , KeyListEntry- , keyListEntry- , kleKeyId- , kleKeyARN-- -- ** KeyMetadata- , KeyMetadata- , keyMetadata- , kmOrigin- , kmExpirationModel- , kmKeyManager- , kmEnabled- , kmValidTo- , kmARN- , kmKeyState- , kmAWSAccountId- , kmKeyUsage- , kmCreationDate- , kmDeletionDate- , kmDescription- , kmKeyId-- -- ** ListGrantsResponse- , ListGrantsResponse- , listGrantsResponse- , lgTruncated- , lgGrants- , lgNextMarker-- -- ** Tag- , Tag- , tag- , tagTagKey- , tagTagValue- ) where--import Network.AWS.KMS.CancelKeyDeletion-import Network.AWS.KMS.CreateAlias-import Network.AWS.KMS.CreateGrant-import Network.AWS.KMS.CreateKey-import Network.AWS.KMS.Decrypt-import Network.AWS.KMS.DeleteAlias-import Network.AWS.KMS.DeleteImportedKeyMaterial-import Network.AWS.KMS.DescribeKey-import Network.AWS.KMS.DisableKey-import Network.AWS.KMS.DisableKeyRotation-import Network.AWS.KMS.EnableKey-import Network.AWS.KMS.EnableKeyRotation-import Network.AWS.KMS.Encrypt-import Network.AWS.KMS.GenerateDataKey-import Network.AWS.KMS.GenerateDataKeyWithoutPlaintext-import Network.AWS.KMS.GenerateRandom-import Network.AWS.KMS.GetKeyPolicy-import Network.AWS.KMS.GetKeyRotationStatus-import Network.AWS.KMS.GetParametersForImport-import Network.AWS.KMS.ImportKeyMaterial-import Network.AWS.KMS.ListAliases-import Network.AWS.KMS.ListGrants-import Network.AWS.KMS.ListKeyPolicies-import Network.AWS.KMS.ListKeys-import Network.AWS.KMS.ListResourceTags-import Network.AWS.KMS.ListRetirableGrants-import Network.AWS.KMS.PutKeyPolicy-import Network.AWS.KMS.ReEncrypt-import Network.AWS.KMS.RetireGrant-import Network.AWS.KMS.RevokeGrant-import Network.AWS.KMS.ScheduleKeyDeletion-import Network.AWS.KMS.TagResource-import Network.AWS.KMS.Types-import Network.AWS.KMS.UntagResource-import Network.AWS.KMS.UpdateAlias-import Network.AWS.KMS.UpdateKeyDescription-import Network.AWS.KMS.Waiters--{- $errors-Error matchers are designed for use with the functions provided by-<http://hackage.haskell.org/package/lens/docs/Control-Exception-Lens.html Control.Exception.Lens>.-This allows catching (and rethrowing) service specific errors returned-by 'KMS'.--}--{- $operations-Some AWS operations return results that are incomplete and require subsequent-requests in order to obtain the entire result set. The process of sending-subsequent requests to continue where a previous request left off is called-pagination. For example, the 'ListObjects' operation of Amazon S3 returns up to-1000 objects at a time, and you must send subsequent requests with the-appropriate Marker in order to retrieve the next page of results.--Operations that have an 'AWSPager' instance can transparently perform subsequent-requests, correctly setting Markers and other request facets to iterate through-the entire result set of a truncated API operation. Operations which support-this have an additional note in the documentation.--Many operations have the ability to filter results on the server side. See the-individual operation parameters for details.--}--{- $waiters-Waiters poll by repeatedly sending a request until some remote success condition-configured by the 'Wait' specification is fulfilled. The 'Wait' specification-determines how many attempts should be made, in addition to delay and retry strategies.--}
− gen/Network/AWS/KMS/CancelKeyDeletion.hs
@@ -1,132 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.CancelKeyDeletion--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Cancels the deletion of a customer master key (CMK). When this operation is successful, the CMK is set to the @Disabled@ state. To enable a CMK, use 'EnableKey' . You cannot perform this operation on a CMK in a different AWS account.--------- For more information about scheduling and canceling deletion of a CMK, see <http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html Deleting Customer Master Keys> in the /AWS Key Management Service Developer Guide/ .----module Network.AWS.KMS.CancelKeyDeletion- (- -- * Creating a Request- cancelKeyDeletion- , CancelKeyDeletion- -- * Request Lenses- , ckdKeyId-- -- * Destructuring the Response- , cancelKeyDeletionResponse- , CancelKeyDeletionResponse- -- * Response Lenses- , ckdrsKeyId- , ckdrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'cancelKeyDeletion' smart constructor.-newtype CancelKeyDeletion = CancelKeyDeletion'- { _ckdKeyId :: Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'CancelKeyDeletion' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ckdKeyId' - The unique identifier for the customer master key (CMK) for which to cancel deletion. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-cancelKeyDeletion- :: Text -- ^ 'ckdKeyId'- -> CancelKeyDeletion-cancelKeyDeletion pKeyId_ = CancelKeyDeletion' {_ckdKeyId = pKeyId_}----- | The unique identifier for the customer master key (CMK) for which to cancel deletion. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-ckdKeyId :: Lens' CancelKeyDeletion Text-ckdKeyId = lens _ckdKeyId (\ s a -> s{_ckdKeyId = a})--instance AWSRequest CancelKeyDeletion where- type Rs CancelKeyDeletion = CancelKeyDeletionResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- CancelKeyDeletionResponse' <$>- (x .?> "KeyId") <*> (pure (fromEnum s)))--instance Hashable CancelKeyDeletion where--instance NFData CancelKeyDeletion where--instance ToHeaders CancelKeyDeletion where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.CancelKeyDeletion" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON CancelKeyDeletion where- toJSON CancelKeyDeletion'{..}- = object (catMaybes [Just ("KeyId" .= _ckdKeyId)])--instance ToPath CancelKeyDeletion where- toPath = const "/"--instance ToQuery CancelKeyDeletion where- toQuery = const mempty---- | /See:/ 'cancelKeyDeletionResponse' smart constructor.-data CancelKeyDeletionResponse = CancelKeyDeletionResponse'- { _ckdrsKeyId :: !(Maybe Text)- , _ckdrsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'CancelKeyDeletionResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ckdrsKeyId' - The unique identifier of the master key for which deletion is canceled.------ * 'ckdrsResponseStatus' - -- | The response status code.-cancelKeyDeletionResponse- :: Int -- ^ 'ckdrsResponseStatus'- -> CancelKeyDeletionResponse-cancelKeyDeletionResponse pResponseStatus_ =- CancelKeyDeletionResponse'- {_ckdrsKeyId = Nothing, _ckdrsResponseStatus = pResponseStatus_}----- | The unique identifier of the master key for which deletion is canceled.-ckdrsKeyId :: Lens' CancelKeyDeletionResponse (Maybe Text)-ckdrsKeyId = lens _ckdrsKeyId (\ s a -> s{_ckdrsKeyId = a})---- | -- | The response status code.-ckdrsResponseStatus :: Lens' CancelKeyDeletionResponse Int-ckdrsResponseStatus = lens _ckdrsResponseStatus (\ s a -> s{_ckdrsResponseStatus = a})--instance NFData CancelKeyDeletionResponse where
− gen/Network/AWS/KMS/CreateAlias.hs
@@ -1,129 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.CreateAlias--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Creates a display name for a customer master key (CMK). You can use an alias to identify a CMK in selected operations, such as 'Encrypt' and 'GenerateDataKey' .--------- Each CMK can have multiple aliases, but each alias points to only one CMK. The alias name must be unique in the AWS account and region. To simplify code that runs in multiple regions, use the same alias name, but point it to a different CMK in each region.------ Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the CMK. Also, aliases do not appear in the response from the 'DescribeKey' operation. To get the aliases of all CMKs, use the 'ListAliases' operation.------ An alias must start with the word @alias@ followed by a forward slash (@alias/@ ). The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with @aws@ ; that alias name prefix is reserved by Amazon Web Services (AWS).------ The alias and the CMK it is mapped to must be in the same AWS account and the same region. You cannot perform this operation on an alias in a different AWS account.------ To map an existing alias to a different CMK, call 'UpdateAlias' .----module Network.AWS.KMS.CreateAlias- (- -- * Creating a Request- createAlias- , CreateAlias- -- * Request Lenses- , caAliasName- , caTargetKeyId-- -- * Destructuring the Response- , createAliasResponse- , CreateAliasResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'createAlias' smart constructor.-data CreateAlias = CreateAlias'- { _caAliasName :: !Text- , _caTargetKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'CreateAlias' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'caAliasName' - String that contains the display name. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/AWS" are reserved.------ * 'caTargetKeyId' - Identifies the CMK for which you are creating the alias. This value cannot be an alias. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-createAlias- :: Text -- ^ 'caAliasName'- -> Text -- ^ 'caTargetKeyId'- -> CreateAlias-createAlias pAliasName_ pTargetKeyId_ =- CreateAlias' {_caAliasName = pAliasName_, _caTargetKeyId = pTargetKeyId_}----- | String that contains the display name. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/AWS" are reserved.-caAliasName :: Lens' CreateAlias Text-caAliasName = lens _caAliasName (\ s a -> s{_caAliasName = a})---- | Identifies the CMK for which you are creating the alias. This value cannot be an alias. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-caTargetKeyId :: Lens' CreateAlias Text-caTargetKeyId = lens _caTargetKeyId (\ s a -> s{_caTargetKeyId = a})--instance AWSRequest CreateAlias where- type Rs CreateAlias = CreateAliasResponse- request = postJSON kms- response = receiveNull CreateAliasResponse'--instance Hashable CreateAlias where--instance NFData CreateAlias where--instance ToHeaders CreateAlias where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.CreateAlias" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON CreateAlias where- toJSON CreateAlias'{..}- = object- (catMaybes- [Just ("AliasName" .= _caAliasName),- Just ("TargetKeyId" .= _caTargetKeyId)])--instance ToPath CreateAlias where- toPath = const "/"--instance ToQuery CreateAlias where- toQuery = const mempty---- | /See:/ 'createAliasResponse' smart constructor.-data CreateAliasResponse =- CreateAliasResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'CreateAliasResponse' with the minimum fields required to make a request.----createAliasResponse- :: CreateAliasResponse-createAliasResponse = CreateAliasResponse'---instance NFData CreateAliasResponse where
− gen/Network/AWS/KMS/CreateGrant.hs
@@ -1,209 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.CreateGrant--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Adds a grant to a customer master key (CMK). The grant specifies who can use the CMK and under what conditions. When setting permissions, grants are an alternative to key policies.--------- To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the KeyId parameter. For more information about grants, see <http://docs.aws.amazon.com/kms/latest/developerguide/grants.html Grants> in the /AWS Key Management Service Developer Guide/ .----module Network.AWS.KMS.CreateGrant- (- -- * Creating a Request- createGrant- , CreateGrant- -- * Request Lenses- , cgRetiringPrincipal- , cgGrantTokens- , cgConstraints- , cgName- , cgKeyId- , cgGranteePrincipal- , cgOperations-- -- * Destructuring the Response- , createGrantResponse- , CreateGrantResponse- -- * Response Lenses- , cgrsGrantId- , cgrsGrantToken- , cgrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'createGrant' smart constructor.-data CreateGrant = CreateGrant'- { _cgRetiringPrincipal :: !(Maybe Text)- , _cgGrantTokens :: !(Maybe [Text])- , _cgConstraints :: !(Maybe GrantConstraints)- , _cgName :: !(Maybe Text)- , _cgKeyId :: !Text- , _cgGranteePrincipal :: !Text- , _cgOperations :: ![GrantOperation]- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'CreateGrant' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'cgRetiringPrincipal' - The principal that is given permission to retire the grant by using 'RetireGrant' operation. To specify the principal, use the <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)> of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam AWS Identity and Access Management (IAM)> in the Example ARNs section of the /AWS General Reference/ .------ * 'cgGrantTokens' - A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .------ * 'cgConstraints' - A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> in the /AWS Key Management Service Developer Guide/ .------ * 'cgName' - A friendly name for identifying the grant. Use this value to prevent unintended creation of duplicate grants when retrying this request. When this value is absent, all @CreateGrant@ requests result in a new grant with a unique @GrantId@ even if all the supplied parameters are identical. This can result in unintended duplicates when you retry the @CreateGrant@ request. When this value is present, you can retry a @CreateGrant@ request with identical parameters; if the grant already exists, the original @GrantId@ is returned without creating a new grant. Note that the returned grant token is unique with every @CreateGrant@ request, even when a duplicate @GrantId@ is returned. All grant tokens obtained in this way can be used interchangeably.------ * 'cgKeyId' - The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .------ * 'cgGranteePrincipal' - The principal that is given permission to perform the operations that the grant permits. To specify the principal, use the <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)> of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, IAM roles, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam AWS Identity and Access Management (IAM)> in the Example ARNs section of the /AWS General Reference/ .------ * 'cgOperations' - A list of operations that the grant permits.-createGrant- :: Text -- ^ 'cgKeyId'- -> Text -- ^ 'cgGranteePrincipal'- -> CreateGrant-createGrant pKeyId_ pGranteePrincipal_ =- CreateGrant'- { _cgRetiringPrincipal = Nothing- , _cgGrantTokens = Nothing- , _cgConstraints = Nothing- , _cgName = Nothing- , _cgKeyId = pKeyId_- , _cgGranteePrincipal = pGranteePrincipal_- , _cgOperations = mempty- }----- | The principal that is given permission to retire the grant by using 'RetireGrant' operation. To specify the principal, use the <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)> of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam AWS Identity and Access Management (IAM)> in the Example ARNs section of the /AWS General Reference/ .-cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text)-cgRetiringPrincipal = lens _cgRetiringPrincipal (\ s a -> s{_cgRetiringPrincipal = a})---- | A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .-cgGrantTokens :: Lens' CreateGrant [Text]-cgGrantTokens = lens _cgGrantTokens (\ s a -> s{_cgGrantTokens = a}) . _Default . _Coerce---- | A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> in the /AWS Key Management Service Developer Guide/ .-cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints)-cgConstraints = lens _cgConstraints (\ s a -> s{_cgConstraints = a})---- | A friendly name for identifying the grant. Use this value to prevent unintended creation of duplicate grants when retrying this request. When this value is absent, all @CreateGrant@ requests result in a new grant with a unique @GrantId@ even if all the supplied parameters are identical. This can result in unintended duplicates when you retry the @CreateGrant@ request. When this value is present, you can retry a @CreateGrant@ request with identical parameters; if the grant already exists, the original @GrantId@ is returned without creating a new grant. Note that the returned grant token is unique with every @CreateGrant@ request, even when a duplicate @GrantId@ is returned. All grant tokens obtained in this way can be used interchangeably.-cgName :: Lens' CreateGrant (Maybe Text)-cgName = lens _cgName (\ s a -> s{_cgName = a})---- | The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-cgKeyId :: Lens' CreateGrant Text-cgKeyId = lens _cgKeyId (\ s a -> s{_cgKeyId = a})---- | The principal that is given permission to perform the operations that the grant permits. To specify the principal, use the <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)> of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, IAM roles, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam AWS Identity and Access Management (IAM)> in the Example ARNs section of the /AWS General Reference/ .-cgGranteePrincipal :: Lens' CreateGrant Text-cgGranteePrincipal = lens _cgGranteePrincipal (\ s a -> s{_cgGranteePrincipal = a})---- | A list of operations that the grant permits.-cgOperations :: Lens' CreateGrant [GrantOperation]-cgOperations = lens _cgOperations (\ s a -> s{_cgOperations = a}) . _Coerce--instance AWSRequest CreateGrant where- type Rs CreateGrant = CreateGrantResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- CreateGrantResponse' <$>- (x .?> "GrantId") <*> (x .?> "GrantToken") <*>- (pure (fromEnum s)))--instance Hashable CreateGrant where--instance NFData CreateGrant where--instance ToHeaders CreateGrant where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.CreateGrant" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON CreateGrant where- toJSON CreateGrant'{..}- = object- (catMaybes- [("RetiringPrincipal" .=) <$> _cgRetiringPrincipal,- ("GrantTokens" .=) <$> _cgGrantTokens,- ("Constraints" .=) <$> _cgConstraints,- ("Name" .=) <$> _cgName, Just ("KeyId" .= _cgKeyId),- Just ("GranteePrincipal" .= _cgGranteePrincipal),- Just ("Operations" .= _cgOperations)])--instance ToPath CreateGrant where- toPath = const "/"--instance ToQuery CreateGrant where- toQuery = const mempty---- | /See:/ 'createGrantResponse' smart constructor.-data CreateGrantResponse = CreateGrantResponse'- { _cgrsGrantId :: !(Maybe Text)- , _cgrsGrantToken :: !(Maybe Text)- , _cgrsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'CreateGrantResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'cgrsGrantId' - The unique identifier for the grant. You can use the @GrantId@ in a subsequent 'RetireGrant' or 'RevokeGrant' operation.------ * 'cgrsGrantToken' - The grant token. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .------ * 'cgrsResponseStatus' - -- | The response status code.-createGrantResponse- :: Int -- ^ 'cgrsResponseStatus'- -> CreateGrantResponse-createGrantResponse pResponseStatus_ =- CreateGrantResponse'- { _cgrsGrantId = Nothing- , _cgrsGrantToken = Nothing- , _cgrsResponseStatus = pResponseStatus_- }----- | The unique identifier for the grant. You can use the @GrantId@ in a subsequent 'RetireGrant' or 'RevokeGrant' operation.-cgrsGrantId :: Lens' CreateGrantResponse (Maybe Text)-cgrsGrantId = lens _cgrsGrantId (\ s a -> s{_cgrsGrantId = a})---- | The grant token. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .-cgrsGrantToken :: Lens' CreateGrantResponse (Maybe Text)-cgrsGrantToken = lens _cgrsGrantToken (\ s a -> s{_cgrsGrantToken = a})---- | -- | The response status code.-cgrsResponseStatus :: Lens' CreateGrantResponse Int-cgrsResponseStatus = lens _cgrsResponseStatus (\ s a -> s{_cgrsResponseStatus = a})--instance NFData CreateGrantResponse where
− gen/Network/AWS/KMS/CreateKey.hs
@@ -1,195 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.CreateKey--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Creates a customer master key (CMK) in the caller's AWS account.--------- You can use a CMK to encrypt small amounts of data (4 KiB or less) directly, but CMKs are more commonly used to encrypt data encryption keys (DEKs), which are used to encrypt raw data. For more information about DEKs and the difference between CMKs and DEKs, see the following:------ * The 'GenerateDataKey' operation------ * <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html AWS Key Management Service Concepts> in the /AWS Key Management Service Developer Guide/------------ You cannot use this operation to create a CMK in a different AWS account.----module Network.AWS.KMS.CreateKey- (- -- * Creating a Request- createKey- , CreateKey- -- * Request Lenses- , ckOrigin- , ckKeyUsage- , ckBypassPolicyLockoutSafetyCheck- , ckPolicy- , ckDescription- , ckTags-- -- * Destructuring the Response- , createKeyResponse- , CreateKeyResponse- -- * Response Lenses- , ckrsKeyMetadata- , ckrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'createKey' smart constructor.-data CreateKey = CreateKey'- { _ckOrigin :: !(Maybe OriginType)- , _ckKeyUsage :: !(Maybe KeyUsageType)- , _ckBypassPolicyLockoutSafetyCheck :: !(Maybe Bool)- , _ckPolicy :: !(Maybe Text)- , _ckDescription :: !(Maybe Text)- , _ckTags :: !(Maybe [Tag])- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'CreateKey' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ckOrigin' - The source of the CMK's key material. The default is @AWS_KMS@ , which means AWS KMS creates the key material. When this parameter is set to @EXTERNAL@ , the request creates a CMK without key material so that you can import key material from your existing key management infrastructure. For more information about importing key material into AWS KMS, see <http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material> in the /AWS Key Management Service Developer Guide/ . The CMK's @Origin@ is immutable and is set when the CMK is created.------ * 'ckKeyUsage' - The intended use of the CMK. You can use CMKs only for symmetric encryption and decryption.------ * 'ckBypassPolicyLockoutSafetyCheck' - A flag to indicate whether to bypass the key policy lockout safety check. /Important:/ Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> section in the /AWS Key Management Service Developer Guide/ . Use this parameter only when you include a policy in the request and you intend to prevent the principal that is making the request from making a subsequent 'PutKeyPolicy' request on the CMK. The default value is false.------ * 'ckPolicy' - The key policy to attach to the CMK. If you provide a key policy, it must meet the following criteria: * If you don't set @BypassPolicyLockoutSafetyCheck@ to true, the key policy must allow the principal that is making the @CreateKey@ request to make a subsequent 'PutKeyPolicy' request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> section of the /AWS Key Management Service Developer Guide/ . * Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible> in the /AWS Identity and Access Management User Guide/ . If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default Default Key Policy> in the /AWS Key Management Service Developer Guide/ . The key policy size limit is 32 kilobytes (32768 bytes).------ * 'ckDescription' - A description of the CMK. Use a description that helps you decide whether the CMK is appropriate for a task.------ * 'ckTags' - One or more tags. Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings. Use this parameter to tag the CMK when it is created. Alternately, you can omit this parameter and instead tag the CMK after it is created using 'TagResource' .-createKey- :: CreateKey-createKey =- CreateKey'- { _ckOrigin = Nothing- , _ckKeyUsage = Nothing- , _ckBypassPolicyLockoutSafetyCheck = Nothing- , _ckPolicy = Nothing- , _ckDescription = Nothing- , _ckTags = Nothing- }----- | The source of the CMK's key material. The default is @AWS_KMS@ , which means AWS KMS creates the key material. When this parameter is set to @EXTERNAL@ , the request creates a CMK without key material so that you can import key material from your existing key management infrastructure. For more information about importing key material into AWS KMS, see <http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material> in the /AWS Key Management Service Developer Guide/ . The CMK's @Origin@ is immutable and is set when the CMK is created.-ckOrigin :: Lens' CreateKey (Maybe OriginType)-ckOrigin = lens _ckOrigin (\ s a -> s{_ckOrigin = a})---- | The intended use of the CMK. You can use CMKs only for symmetric encryption and decryption.-ckKeyUsage :: Lens' CreateKey (Maybe KeyUsageType)-ckKeyUsage = lens _ckKeyUsage (\ s a -> s{_ckKeyUsage = a})---- | A flag to indicate whether to bypass the key policy lockout safety check. /Important:/ Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> section in the /AWS Key Management Service Developer Guide/ . Use this parameter only when you include a policy in the request and you intend to prevent the principal that is making the request from making a subsequent 'PutKeyPolicy' request on the CMK. The default value is false.-ckBypassPolicyLockoutSafetyCheck :: Lens' CreateKey (Maybe Bool)-ckBypassPolicyLockoutSafetyCheck = lens _ckBypassPolicyLockoutSafetyCheck (\ s a -> s{_ckBypassPolicyLockoutSafetyCheck = a})---- | The key policy to attach to the CMK. If you provide a key policy, it must meet the following criteria: * If you don't set @BypassPolicyLockoutSafetyCheck@ to true, the key policy must allow the principal that is making the @CreateKey@ request to make a subsequent 'PutKeyPolicy' request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> section of the /AWS Key Management Service Developer Guide/ . * Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible> in the /AWS Identity and Access Management User Guide/ . If you do not provide a key policy, AWS KMS attaches a default key policy to the CMK. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default Default Key Policy> in the /AWS Key Management Service Developer Guide/ . The key policy size limit is 32 kilobytes (32768 bytes).-ckPolicy :: Lens' CreateKey (Maybe Text)-ckPolicy = lens _ckPolicy (\ s a -> s{_ckPolicy = a})---- | A description of the CMK. Use a description that helps you decide whether the CMK is appropriate for a task.-ckDescription :: Lens' CreateKey (Maybe Text)-ckDescription = lens _ckDescription (\ s a -> s{_ckDescription = a})---- | One or more tags. Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings. Use this parameter to tag the CMK when it is created. Alternately, you can omit this parameter and instead tag the CMK after it is created using 'TagResource' .-ckTags :: Lens' CreateKey [Tag]-ckTags = lens _ckTags (\ s a -> s{_ckTags = a}) . _Default . _Coerce--instance AWSRequest CreateKey where- type Rs CreateKey = CreateKeyResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- CreateKeyResponse' <$>- (x .?> "KeyMetadata") <*> (pure (fromEnum s)))--instance Hashable CreateKey where--instance NFData CreateKey where--instance ToHeaders CreateKey where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.CreateKey" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON CreateKey where- toJSON CreateKey'{..}- = object- (catMaybes- [("Origin" .=) <$> _ckOrigin,- ("KeyUsage" .=) <$> _ckKeyUsage,- ("BypassPolicyLockoutSafetyCheck" .=) <$>- _ckBypassPolicyLockoutSafetyCheck,- ("Policy" .=) <$> _ckPolicy,- ("Description" .=) <$> _ckDescription,- ("Tags" .=) <$> _ckTags])--instance ToPath CreateKey where- toPath = const "/"--instance ToQuery CreateKey where- toQuery = const mempty---- | /See:/ 'createKeyResponse' smart constructor.-data CreateKeyResponse = CreateKeyResponse'- { _ckrsKeyMetadata :: !(Maybe KeyMetadata)- , _ckrsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'CreateKeyResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ckrsKeyMetadata' - Metadata associated with the CMK.------ * 'ckrsResponseStatus' - -- | The response status code.-createKeyResponse- :: Int -- ^ 'ckrsResponseStatus'- -> CreateKeyResponse-createKeyResponse pResponseStatus_ =- CreateKeyResponse'- {_ckrsKeyMetadata = Nothing, _ckrsResponseStatus = pResponseStatus_}----- | Metadata associated with the CMK.-ckrsKeyMetadata :: Lens' CreateKeyResponse (Maybe KeyMetadata)-ckrsKeyMetadata = lens _ckrsKeyMetadata (\ s a -> s{_ckrsKeyMetadata = a})---- | -- | The response status code.-ckrsResponseStatus :: Lens' CreateKeyResponse Int-ckrsResponseStatus = lens _ckrsResponseStatus (\ s a -> s{_ckrsResponseStatus = a})--instance NFData CreateKeyResponse where
− gen/Network/AWS/KMS/Decrypt.hs
@@ -1,177 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.Decrypt--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Decrypts ciphertext. Ciphertext is plaintext that has been previously encrypted by using any of the following operations:--------- * 'GenerateDataKey'------ * 'GenerateDataKeyWithoutPlaintext'------ * 'Encrypt'------------ Note that if a caller has been granted access permissions to all keys (through, for example, IAM user policies that grant @Decrypt@ permission on all resources), then ciphertext encrypted by using keys in other accounts where the key grants access to the caller can be decrypted. To remedy this, we recommend that you do not grant @Decrypt@ access in an IAM user policy. Instead grant @Decrypt@ access only in key policies. If you must grant @Decrypt@ access in an IAM user policy, you should scope the resource to specific keys or to specific trusted accounts.----module Network.AWS.KMS.Decrypt- (- -- * Creating a Request- decrypt- , Decrypt- -- * Request Lenses- , decEncryptionContext- , decGrantTokens- , decCiphertextBlob-- -- * Destructuring the Response- , decryptResponse- , DecryptResponse- -- * Response Lenses- , drsKeyId- , drsPlaintext- , drsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'decrypt' smart constructor.-data Decrypt = Decrypt'- { _decEncryptionContext :: !(Maybe (Map Text Text))- , _decGrantTokens :: !(Maybe [Text])- , _decCiphertextBlob :: !Base64- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'Decrypt' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'decEncryptionContext' - The encryption context. If this was specified in the 'Encrypt' function, it must be specified here or the decryption operation will fail. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> .------ * 'decGrantTokens' - A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .------ * 'decCiphertextBlob' - Ciphertext to be decrypted. The blob includes metadata.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-decrypt- :: ByteString -- ^ 'decCiphertextBlob'- -> Decrypt-decrypt pCiphertextBlob_ =- Decrypt'- { _decEncryptionContext = Nothing- , _decGrantTokens = Nothing- , _decCiphertextBlob = _Base64 # pCiphertextBlob_- }----- | The encryption context. If this was specified in the 'Encrypt' function, it must be specified here or the decryption operation will fail. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> .-decEncryptionContext :: Lens' Decrypt (HashMap Text Text)-decEncryptionContext = lens _decEncryptionContext (\ s a -> s{_decEncryptionContext = a}) . _Default . _Map---- | A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .-decGrantTokens :: Lens' Decrypt [Text]-decGrantTokens = lens _decGrantTokens (\ s a -> s{_decGrantTokens = a}) . _Default . _Coerce---- | Ciphertext to be decrypted. The blob includes metadata.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-decCiphertextBlob :: Lens' Decrypt ByteString-decCiphertextBlob = lens _decCiphertextBlob (\ s a -> s{_decCiphertextBlob = a}) . _Base64--instance AWSRequest Decrypt where- type Rs Decrypt = DecryptResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- DecryptResponse' <$>- (x .?> "KeyId") <*> (x .?> "Plaintext") <*>- (pure (fromEnum s)))--instance Hashable Decrypt where--instance NFData Decrypt where--instance ToHeaders Decrypt where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.Decrypt" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON Decrypt where- toJSON Decrypt'{..}- = object- (catMaybes- [("EncryptionContext" .=) <$> _decEncryptionContext,- ("GrantTokens" .=) <$> _decGrantTokens,- Just ("CiphertextBlob" .= _decCiphertextBlob)])--instance ToPath Decrypt where- toPath = const "/"--instance ToQuery Decrypt where- toQuery = const mempty---- | /See:/ 'decryptResponse' smart constructor.-data DecryptResponse = DecryptResponse'- { _drsKeyId :: !(Maybe Text)- , _drsPlaintext :: !(Maybe (Sensitive Base64))- , _drsResponseStatus :: !Int- } deriving (Eq, Show, Data, Typeable, Generic)----- | Creates a value of 'DecryptResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'drsKeyId' - ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.------ * 'drsPlaintext' - Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'drsResponseStatus' - -- | The response status code.-decryptResponse- :: Int -- ^ 'drsResponseStatus'- -> DecryptResponse-decryptResponse pResponseStatus_ =- DecryptResponse'- { _drsKeyId = Nothing- , _drsPlaintext = Nothing- , _drsResponseStatus = pResponseStatus_- }----- | ARN of the key used to perform the decryption. This value is returned if no errors are encountered during the operation.-drsKeyId :: Lens' DecryptResponse (Maybe Text)-drsKeyId = lens _drsKeyId (\ s a -> s{_drsKeyId = a})---- | Decrypted plaintext data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-drsPlaintext :: Lens' DecryptResponse (Maybe ByteString)-drsPlaintext = lens _drsPlaintext (\ s a -> s{_drsPlaintext = a}) . mapping (_Sensitive . _Base64)---- | -- | The response status code.-drsResponseStatus :: Lens' DecryptResponse Int-drsResponseStatus = lens _drsResponseStatus (\ s a -> s{_drsResponseStatus = a})--instance NFData DecryptResponse where
− gen/Network/AWS/KMS/DeleteAlias.hs
@@ -1,111 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.DeleteAlias--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Deletes the specified alias. You cannot perform this operation on an alias in a different AWS account.--------- Because an alias is not a property of a CMK, you can delete and change the aliases of a CMK without affecting the CMK. Also, aliases do not appear in the response from the 'DescribeKey' operation. To get the aliases of all CMKs, use the 'ListAliases' operation.------ Each CMK can have multiple aliases. To change the alias of a CMK, use 'DeleteAlias' to delete the current alias and 'CreateAlias' to create a new alias. To associate an existing alias with a different customer master key (CMK), call 'UpdateAlias' .----module Network.AWS.KMS.DeleteAlias- (- -- * Creating a Request- deleteAlias- , DeleteAlias- -- * Request Lenses- , daAliasName-- -- * Destructuring the Response- , deleteAliasResponse- , DeleteAliasResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'deleteAlias' smart constructor.-newtype DeleteAlias = DeleteAlias'- { _daAliasName :: Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DeleteAlias' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'daAliasName' - The alias to be deleted. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/aws" are reserved.-deleteAlias- :: Text -- ^ 'daAliasName'- -> DeleteAlias-deleteAlias pAliasName_ = DeleteAlias' {_daAliasName = pAliasName_}----- | The alias to be deleted. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/aws" are reserved.-daAliasName :: Lens' DeleteAlias Text-daAliasName = lens _daAliasName (\ s a -> s{_daAliasName = a})--instance AWSRequest DeleteAlias where- type Rs DeleteAlias = DeleteAliasResponse- request = postJSON kms- response = receiveNull DeleteAliasResponse'--instance Hashable DeleteAlias where--instance NFData DeleteAlias where--instance ToHeaders DeleteAlias where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.DeleteAlias" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON DeleteAlias where- toJSON DeleteAlias'{..}- = object- (catMaybes [Just ("AliasName" .= _daAliasName)])--instance ToPath DeleteAlias where- toPath = const "/"--instance ToQuery DeleteAlias where- toQuery = const mempty---- | /See:/ 'deleteAliasResponse' smart constructor.-data DeleteAliasResponse =- DeleteAliasResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DeleteAliasResponse' with the minimum fields required to make a request.----deleteAliasResponse- :: DeleteAliasResponse-deleteAliasResponse = DeleteAliasResponse'---instance NFData DeleteAliasResponse where
− gen/Network/AWS/KMS/DeleteImportedKeyMaterial.hs
@@ -1,115 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.DeleteImportedKeyMaterial--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Deletes key material that you previously imported. This operation makes the specified customer master key (CMK) unusable. For more information about importing key material into AWS KMS, see <http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material> in the /AWS Key Management Service Developer Guide/ . You cannot perform this operation on a CMK in a different AWS account.--------- When the specified CMK is in the @PendingDeletion@ state, this operation does not change the CMK's state. Otherwise, it changes the CMK's state to @PendingImport@ .------ After you delete key material, you can use 'ImportKeyMaterial' to reimport the same key material into the CMK.----module Network.AWS.KMS.DeleteImportedKeyMaterial- (- -- * Creating a Request- deleteImportedKeyMaterial- , DeleteImportedKeyMaterial- -- * Request Lenses- , dikmKeyId-- -- * Destructuring the Response- , deleteImportedKeyMaterialResponse- , DeleteImportedKeyMaterialResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'deleteImportedKeyMaterial' smart constructor.-newtype DeleteImportedKeyMaterial = DeleteImportedKeyMaterial'- { _dikmKeyId :: Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DeleteImportedKeyMaterial' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'dikmKeyId' - The identifier of the CMK whose key material to delete. The CMK's @Origin@ must be @EXTERNAL@ . Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-deleteImportedKeyMaterial- :: Text -- ^ 'dikmKeyId'- -> DeleteImportedKeyMaterial-deleteImportedKeyMaterial pKeyId_ =- DeleteImportedKeyMaterial' {_dikmKeyId = pKeyId_}----- | The identifier of the CMK whose key material to delete. The CMK's @Origin@ must be @EXTERNAL@ . Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-dikmKeyId :: Lens' DeleteImportedKeyMaterial Text-dikmKeyId = lens _dikmKeyId (\ s a -> s{_dikmKeyId = a})--instance AWSRequest DeleteImportedKeyMaterial where- type Rs DeleteImportedKeyMaterial =- DeleteImportedKeyMaterialResponse- request = postJSON kms- response- = receiveNull DeleteImportedKeyMaterialResponse'--instance Hashable DeleteImportedKeyMaterial where--instance NFData DeleteImportedKeyMaterial where--instance ToHeaders DeleteImportedKeyMaterial where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.DeleteImportedKeyMaterial" ::- ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON DeleteImportedKeyMaterial where- toJSON DeleteImportedKeyMaterial'{..}- = object (catMaybes [Just ("KeyId" .= _dikmKeyId)])--instance ToPath DeleteImportedKeyMaterial where- toPath = const "/"--instance ToQuery DeleteImportedKeyMaterial where- toQuery = const mempty---- | /See:/ 'deleteImportedKeyMaterialResponse' smart constructor.-data DeleteImportedKeyMaterialResponse =- DeleteImportedKeyMaterialResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DeleteImportedKeyMaterialResponse' with the minimum fields required to make a request.----deleteImportedKeyMaterialResponse- :: DeleteImportedKeyMaterialResponse-deleteImportedKeyMaterialResponse = DeleteImportedKeyMaterialResponse'---instance NFData DeleteImportedKeyMaterialResponse- where
− gen/Network/AWS/KMS/DescribeKey.hs
@@ -1,143 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.DescribeKey--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Provides detailed information about the specified customer master key (CMK).--------- To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter.----module Network.AWS.KMS.DescribeKey- (- -- * Creating a Request- describeKey- , DescribeKey- -- * Request Lenses- , dGrantTokens- , dKeyId-- -- * Destructuring the Response- , describeKeyResponse- , DescribeKeyResponse- -- * Response Lenses- , dkrsKeyMetadata- , dkrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'describeKey' smart constructor.-data DescribeKey = DescribeKey'- { _dGrantTokens :: !(Maybe [Text])- , _dKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DescribeKey' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'dGrantTokens' - A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .------ * 'dKeyId' - A unique identifier for the customer master key (CMK). To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .-describeKey- :: Text -- ^ 'dKeyId'- -> DescribeKey-describeKey pKeyId_ = DescribeKey' {_dGrantTokens = Nothing, _dKeyId = pKeyId_}----- | A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .-dGrantTokens :: Lens' DescribeKey [Text]-dGrantTokens = lens _dGrantTokens (\ s a -> s{_dGrantTokens = a}) . _Default . _Coerce---- | A unique identifier for the customer master key (CMK). To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .-dKeyId :: Lens' DescribeKey Text-dKeyId = lens _dKeyId (\ s a -> s{_dKeyId = a})--instance AWSRequest DescribeKey where- type Rs DescribeKey = DescribeKeyResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- DescribeKeyResponse' <$>- (x .?> "KeyMetadata") <*> (pure (fromEnum s)))--instance Hashable DescribeKey where--instance NFData DescribeKey where--instance ToHeaders DescribeKey where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.DescribeKey" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON DescribeKey where- toJSON DescribeKey'{..}- = object- (catMaybes- [("GrantTokens" .=) <$> _dGrantTokens,- Just ("KeyId" .= _dKeyId)])--instance ToPath DescribeKey where- toPath = const "/"--instance ToQuery DescribeKey where- toQuery = const mempty---- | /See:/ 'describeKeyResponse' smart constructor.-data DescribeKeyResponse = DescribeKeyResponse'- { _dkrsKeyMetadata :: !(Maybe KeyMetadata)- , _dkrsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DescribeKeyResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'dkrsKeyMetadata' - Metadata associated with the key.------ * 'dkrsResponseStatus' - -- | The response status code.-describeKeyResponse- :: Int -- ^ 'dkrsResponseStatus'- -> DescribeKeyResponse-describeKeyResponse pResponseStatus_ =- DescribeKeyResponse'- {_dkrsKeyMetadata = Nothing, _dkrsResponseStatus = pResponseStatus_}----- | Metadata associated with the key.-dkrsKeyMetadata :: Lens' DescribeKeyResponse (Maybe KeyMetadata)-dkrsKeyMetadata = lens _dkrsKeyMetadata (\ s a -> s{_dkrsKeyMetadata = a})---- | -- | The response status code.-dkrsResponseStatus :: Lens' DescribeKeyResponse Int-dkrsResponseStatus = lens _dkrsResponseStatus (\ s a -> s{_dkrsResponseStatus = a})--instance NFData DescribeKeyResponse where
− gen/Network/AWS/KMS/DisableKey.hs
@@ -1,108 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.DisableKey--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Sets the state of a customer master key (CMK) to disabled, thereby preventing its use for cryptographic operations. You cannot perform this operation on a CMK in a different AWS account.--------- For more information about how key state affects the use of a CMK, see <http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html How Key State Affects the Use of a Customer Master Key> in the /AWS Key Management Service Developer Guide/ .----module Network.AWS.KMS.DisableKey- (- -- * Creating a Request- disableKey- , DisableKey- -- * Request Lenses- , dkKeyId-- -- * Destructuring the Response- , disableKeyResponse- , DisableKeyResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'disableKey' smart constructor.-newtype DisableKey = DisableKey'- { _dkKeyId :: Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DisableKey' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'dkKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-disableKey- :: Text -- ^ 'dkKeyId'- -> DisableKey-disableKey pKeyId_ = DisableKey' {_dkKeyId = pKeyId_}----- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-dkKeyId :: Lens' DisableKey Text-dkKeyId = lens _dkKeyId (\ s a -> s{_dkKeyId = a})--instance AWSRequest DisableKey where- type Rs DisableKey = DisableKeyResponse- request = postJSON kms- response = receiveNull DisableKeyResponse'--instance Hashable DisableKey where--instance NFData DisableKey where--instance ToHeaders DisableKey where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.DisableKey" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON DisableKey where- toJSON DisableKey'{..}- = object (catMaybes [Just ("KeyId" .= _dkKeyId)])--instance ToPath DisableKey where- toPath = const "/"--instance ToQuery DisableKey where- toQuery = const mempty---- | /See:/ 'disableKeyResponse' smart constructor.-data DisableKeyResponse =- DisableKeyResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DisableKeyResponse' with the minimum fields required to make a request.----disableKeyResponse- :: DisableKeyResponse-disableKeyResponse = DisableKeyResponse'---instance NFData DisableKeyResponse where
− gen/Network/AWS/KMS/DisableKeyRotation.hs
@@ -1,107 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.DisableKeyRotation--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Disables automatic rotation of the key material for the specified customer master key (CMK). You cannot perform this operation on a CMK in a different AWS account.-------module Network.AWS.KMS.DisableKeyRotation- (- -- * Creating a Request- disableKeyRotation- , DisableKeyRotation- -- * Request Lenses- , dkrKeyId-- -- * Destructuring the Response- , disableKeyRotationResponse- , DisableKeyRotationResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'disableKeyRotation' smart constructor.-newtype DisableKeyRotation = DisableKeyRotation'- { _dkrKeyId :: Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DisableKeyRotation' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'dkrKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-disableKeyRotation- :: Text -- ^ 'dkrKeyId'- -> DisableKeyRotation-disableKeyRotation pKeyId_ = DisableKeyRotation' {_dkrKeyId = pKeyId_}----- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-dkrKeyId :: Lens' DisableKeyRotation Text-dkrKeyId = lens _dkrKeyId (\ s a -> s{_dkrKeyId = a})--instance AWSRequest DisableKeyRotation where- type Rs DisableKeyRotation =- DisableKeyRotationResponse- request = postJSON kms- response = receiveNull DisableKeyRotationResponse'--instance Hashable DisableKeyRotation where--instance NFData DisableKeyRotation where--instance ToHeaders DisableKeyRotation where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.DisableKeyRotation" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON DisableKeyRotation where- toJSON DisableKeyRotation'{..}- = object (catMaybes [Just ("KeyId" .= _dkrKeyId)])--instance ToPath DisableKeyRotation where- toPath = const "/"--instance ToQuery DisableKeyRotation where- toQuery = const mempty---- | /See:/ 'disableKeyRotationResponse' smart constructor.-data DisableKeyRotationResponse =- DisableKeyRotationResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'DisableKeyRotationResponse' with the minimum fields required to make a request.----disableKeyRotationResponse- :: DisableKeyRotationResponse-disableKeyRotationResponse = DisableKeyRotationResponse'---instance NFData DisableKeyRotationResponse where
− gen/Network/AWS/KMS/EnableKey.hs
@@ -1,106 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.EnableKey--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Sets the state of a customer master key (CMK) to enabled, thereby permitting its use for cryptographic operations. You cannot perform this operation on a CMK in a different AWS account.-------module Network.AWS.KMS.EnableKey- (- -- * Creating a Request- enableKey- , EnableKey- -- * Request Lenses- , ekKeyId-- -- * Destructuring the Response- , enableKeyResponse- , EnableKeyResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'enableKey' smart constructor.-newtype EnableKey = EnableKey'- { _ekKeyId :: Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'EnableKey' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ekKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-enableKey- :: Text -- ^ 'ekKeyId'- -> EnableKey-enableKey pKeyId_ = EnableKey' {_ekKeyId = pKeyId_}----- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-ekKeyId :: Lens' EnableKey Text-ekKeyId = lens _ekKeyId (\ s a -> s{_ekKeyId = a})--instance AWSRequest EnableKey where- type Rs EnableKey = EnableKeyResponse- request = postJSON kms- response = receiveNull EnableKeyResponse'--instance Hashable EnableKey where--instance NFData EnableKey where--instance ToHeaders EnableKey where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.EnableKey" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON EnableKey where- toJSON EnableKey'{..}- = object (catMaybes [Just ("KeyId" .= _ekKeyId)])--instance ToPath EnableKey where- toPath = const "/"--instance ToQuery EnableKey where- toQuery = const mempty---- | /See:/ 'enableKeyResponse' smart constructor.-data EnableKeyResponse =- EnableKeyResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'EnableKeyResponse' with the minimum fields required to make a request.----enableKeyResponse- :: EnableKeyResponse-enableKeyResponse = EnableKeyResponse'---instance NFData EnableKeyResponse where
− gen/Network/AWS/KMS/EnableKeyRotation.hs
@@ -1,106 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.EnableKeyRotation--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Enables automatic rotation of the key material for the specified customer master key (CMK). You cannot perform this operation on a CMK in a different AWS account.-------module Network.AWS.KMS.EnableKeyRotation- (- -- * Creating a Request- enableKeyRotation- , EnableKeyRotation- -- * Request Lenses- , ekrKeyId-- -- * Destructuring the Response- , enableKeyRotationResponse- , EnableKeyRotationResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'enableKeyRotation' smart constructor.-newtype EnableKeyRotation = EnableKeyRotation'- { _ekrKeyId :: Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'EnableKeyRotation' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ekrKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-enableKeyRotation- :: Text -- ^ 'ekrKeyId'- -> EnableKeyRotation-enableKeyRotation pKeyId_ = EnableKeyRotation' {_ekrKeyId = pKeyId_}----- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-ekrKeyId :: Lens' EnableKeyRotation Text-ekrKeyId = lens _ekrKeyId (\ s a -> s{_ekrKeyId = a})--instance AWSRequest EnableKeyRotation where- type Rs EnableKeyRotation = EnableKeyRotationResponse- request = postJSON kms- response = receiveNull EnableKeyRotationResponse'--instance Hashable EnableKeyRotation where--instance NFData EnableKeyRotation where--instance ToHeaders EnableKeyRotation where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.EnableKeyRotation" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON EnableKeyRotation where- toJSON EnableKeyRotation'{..}- = object (catMaybes [Just ("KeyId" .= _ekrKeyId)])--instance ToPath EnableKeyRotation where- toPath = const "/"--instance ToQuery EnableKeyRotation where- toQuery = const mempty---- | /See:/ 'enableKeyRotationResponse' smart constructor.-data EnableKeyRotationResponse =- EnableKeyRotationResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'EnableKeyRotationResponse' with the minimum fields required to make a request.----enableKeyRotationResponse- :: EnableKeyRotationResponse-enableKeyRotationResponse = EnableKeyRotationResponse'---instance NFData EnableKeyRotationResponse where
− gen/Network/AWS/KMS/Encrypt.hs
@@ -1,190 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.Encrypt--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Encrypts plaintext into ciphertext by using a customer master key (CMK). The @Encrypt@ operation has two primary use cases:--------- * You can encrypt up to 4 kilobytes (4096 bytes) of arbitrary data such as an RSA key, a database password, or other sensitive information.------ * To move encrypted data from one AWS region to another, you can use this operation to encrypt in the new region the plaintext data key that was used to encrypt the data in the original region. This provides you with an encrypted copy of the data key that can be decrypted in the new region and used there to decrypt the encrypted data.------------ To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter.------ Unless you are moving encrypted data from one region to another, you don't use this operation to encrypt a generated data key within a region. To get data keys that are already encrypted, call the 'GenerateDataKey' or 'GenerateDataKeyWithoutPlaintext' operation. Data keys don't need to be encrypted again by calling @Encrypt@ .------ To encrypt data locally in your application, use the 'GenerateDataKey' operation to return a plaintext data encryption key and a copy of the key encrypted under the CMK of your choosing.----module Network.AWS.KMS.Encrypt- (- -- * Creating a Request- encrypt- , Encrypt- -- * Request Lenses- , eEncryptionContext- , eGrantTokens- , eKeyId- , ePlaintext-- -- * Destructuring the Response- , encryptResponse- , EncryptResponse- -- * Response Lenses- , ersKeyId- , ersCiphertextBlob- , ersResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'encrypt' smart constructor.-data Encrypt = Encrypt'- { _eEncryptionContext :: !(Maybe (Map Text Text))- , _eGrantTokens :: !(Maybe [Text])- , _eKeyId :: !Text- , _ePlaintext :: !(Sensitive Base64)- } deriving (Eq, Show, Data, Typeable, Generic)----- | Creates a value of 'Encrypt' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'eEncryptionContext' - Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the @Decrypt@ API or decryption will fail. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> .------ * 'eGrantTokens' - A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .------ * 'eKeyId' - A unique identifier for the customer master key (CMK). To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .------ * 'ePlaintext' - Data to be encrypted.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-encrypt- :: Text -- ^ 'eKeyId'- -> ByteString -- ^ 'ePlaintext'- -> Encrypt-encrypt pKeyId_ pPlaintext_ =- Encrypt'- { _eEncryptionContext = Nothing- , _eGrantTokens = Nothing- , _eKeyId = pKeyId_- , _ePlaintext = _Sensitive . _Base64 # pPlaintext_- }----- | Name-value pair that specifies the encryption context to be used for authenticated encryption. If used here, the same value must be supplied to the @Decrypt@ API or decryption will fail. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> .-eEncryptionContext :: Lens' Encrypt (HashMap Text Text)-eEncryptionContext = lens _eEncryptionContext (\ s a -> s{_eEncryptionContext = a}) . _Default . _Map---- | A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .-eGrantTokens :: Lens' Encrypt [Text]-eGrantTokens = lens _eGrantTokens (\ s a -> s{_eGrantTokens = a}) . _Default . _Coerce---- | A unique identifier for the customer master key (CMK). To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .-eKeyId :: Lens' Encrypt Text-eKeyId = lens _eKeyId (\ s a -> s{_eKeyId = a})---- | Data to be encrypted.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-ePlaintext :: Lens' Encrypt ByteString-ePlaintext = lens _ePlaintext (\ s a -> s{_ePlaintext = a}) . _Sensitive . _Base64--instance AWSRequest Encrypt where- type Rs Encrypt = EncryptResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- EncryptResponse' <$>- (x .?> "KeyId") <*> (x .?> "CiphertextBlob") <*>- (pure (fromEnum s)))--instance Hashable Encrypt where--instance NFData Encrypt where--instance ToHeaders Encrypt where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.Encrypt" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON Encrypt where- toJSON Encrypt'{..}- = object- (catMaybes- [("EncryptionContext" .=) <$> _eEncryptionContext,- ("GrantTokens" .=) <$> _eGrantTokens,- Just ("KeyId" .= _eKeyId),- Just ("Plaintext" .= _ePlaintext)])--instance ToPath Encrypt where- toPath = const "/"--instance ToQuery Encrypt where- toQuery = const mempty---- | /See:/ 'encryptResponse' smart constructor.-data EncryptResponse = EncryptResponse'- { _ersKeyId :: !(Maybe Text)- , _ersCiphertextBlob :: !(Maybe Base64)- , _ersResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'EncryptResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ersKeyId' - The ID of the key used during encryption.------ * 'ersCiphertextBlob' - The encrypted plaintext. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'ersResponseStatus' - -- | The response status code.-encryptResponse- :: Int -- ^ 'ersResponseStatus'- -> EncryptResponse-encryptResponse pResponseStatus_ =- EncryptResponse'- { _ersKeyId = Nothing- , _ersCiphertextBlob = Nothing- , _ersResponseStatus = pResponseStatus_- }----- | The ID of the key used during encryption.-ersKeyId :: Lens' EncryptResponse (Maybe Text)-ersKeyId = lens _ersKeyId (\ s a -> s{_ersKeyId = a})---- | The encrypted plaintext. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-ersCiphertextBlob :: Lens' EncryptResponse (Maybe ByteString)-ersCiphertextBlob = lens _ersCiphertextBlob (\ s a -> s{_ersCiphertextBlob = a}) . mapping _Base64---- | -- | The response status code.-ersResponseStatus :: Lens' EncryptResponse Int-ersResponseStatus = lens _ersResponseStatus (\ s a -> s{_ersResponseStatus = a})--instance NFData EncryptResponse where
− gen/Network/AWS/KMS/GenerateDataKey.hs
@@ -1,226 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.GenerateDataKey--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Returns a data encryption key that you can use in your application to encrypt data locally.--------- You must specify the customer master key (CMK) under which to generate the data key. You must also specify the length of the data key using either the @KeySpec@ or @NumberOfBytes@ field. You must specify one field or the other, but not both. For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use @KeySpec@ . To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter.------ This operation returns a plaintext copy of the data key in the @Plaintext@ field of the response, and an encrypted copy of the data key in the @CiphertextBlob@ field. The data key is encrypted under the CMK specified in the @KeyId@ field of the request.------ We recommend that you use the following pattern to encrypt data locally in your application:------ * Use this operation (@GenerateDataKey@ ) to get a data encryption key.------ * Use the plaintext data encryption key (returned in the @Plaintext@ field of the response) to encrypt data locally, then erase the plaintext data key from memory.------ * Store the encrypted data key (returned in the @CiphertextBlob@ field of the response) alongside the locally encrypted data.------------ To decrypt data locally:------ * Use the 'Decrypt' operation to decrypt the encrypted data key into a plaintext copy of the data key.------ * Use the plaintext data key to decrypt data locally, then erase the plaintext data key from memory.------------ To return only an encrypted copy of the data key, use 'GenerateDataKeyWithoutPlaintext' . To return a random byte string that is cryptographically secure, use 'GenerateRandom' .------ If you use the optional @EncryptionContext@ field, you must store at least enough information to be able to reconstruct the full encryption context when you later send the ciphertext to the 'Decrypt' operation. It is a good practice to choose an encryption context that you can reconstruct on the fly to better secure the ciphertext. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> in the /AWS Key Management Service Developer Guide/ .----module Network.AWS.KMS.GenerateDataKey- (- -- * Creating a Request- generateDataKey- , GenerateDataKey- -- * Request Lenses- , gdkKeySpec- , gdkEncryptionContext- , gdkNumberOfBytes- , gdkGrantTokens- , gdkKeyId-- -- * Destructuring the Response- , generateDataKeyResponse- , GenerateDataKeyResponse- -- * Response Lenses- , gdkrsResponseStatus- , gdkrsKeyId- , gdkrsPlaintext- , gdkrsCiphertextBlob- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'generateDataKey' smart constructor.-data GenerateDataKey = GenerateDataKey'- { _gdkKeySpec :: !(Maybe DataKeySpec)- , _gdkEncryptionContext :: !(Maybe (Map Text Text))- , _gdkNumberOfBytes :: !(Maybe Nat)- , _gdkGrantTokens :: !(Maybe [Text])- , _gdkKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GenerateDataKey' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gdkKeySpec' - The length of the data encryption key. Use @AES_128@ to generate a 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.------ * 'gdkEncryptionContext' - A set of key-value pairs that represents additional authenticated data. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> in the /AWS Key Management Service Developer Guide/ .------ * 'gdkNumberOfBytes' - The length of the data encryption key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use the @KeySpec@ field instead of this one.------ * 'gdkGrantTokens' - A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .------ * 'gdkKeyId' - The identifier of the CMK under which to generate and encrypt the data encryption key. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .-generateDataKey- :: Text -- ^ 'gdkKeyId'- -> GenerateDataKey-generateDataKey pKeyId_ =- GenerateDataKey'- { _gdkKeySpec = Nothing- , _gdkEncryptionContext = Nothing- , _gdkNumberOfBytes = Nothing- , _gdkGrantTokens = Nothing- , _gdkKeyId = pKeyId_- }----- | The length of the data encryption key. Use @AES_128@ to generate a 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.-gdkKeySpec :: Lens' GenerateDataKey (Maybe DataKeySpec)-gdkKeySpec = lens _gdkKeySpec (\ s a -> s{_gdkKeySpec = a})---- | A set of key-value pairs that represents additional authenticated data. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> in the /AWS Key Management Service Developer Guide/ .-gdkEncryptionContext :: Lens' GenerateDataKey (HashMap Text Text)-gdkEncryptionContext = lens _gdkEncryptionContext (\ s a -> s{_gdkEncryptionContext = a}) . _Default . _Map---- | The length of the data encryption key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use the @KeySpec@ field instead of this one.-gdkNumberOfBytes :: Lens' GenerateDataKey (Maybe Natural)-gdkNumberOfBytes = lens _gdkNumberOfBytes (\ s a -> s{_gdkNumberOfBytes = a}) . mapping _Nat---- | A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .-gdkGrantTokens :: Lens' GenerateDataKey [Text]-gdkGrantTokens = lens _gdkGrantTokens (\ s a -> s{_gdkGrantTokens = a}) . _Default . _Coerce---- | The identifier of the CMK under which to generate and encrypt the data encryption key. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .-gdkKeyId :: Lens' GenerateDataKey Text-gdkKeyId = lens _gdkKeyId (\ s a -> s{_gdkKeyId = a})--instance AWSRequest GenerateDataKey where- type Rs GenerateDataKey = GenerateDataKeyResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- GenerateDataKeyResponse' <$>- (pure (fromEnum s)) <*> (x .:> "KeyId") <*>- (x .:> "Plaintext")- <*> (x .:> "CiphertextBlob"))--instance Hashable GenerateDataKey where--instance NFData GenerateDataKey where--instance ToHeaders GenerateDataKey where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.GenerateDataKey" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON GenerateDataKey where- toJSON GenerateDataKey'{..}- = object- (catMaybes- [("KeySpec" .=) <$> _gdkKeySpec,- ("EncryptionContext" .=) <$> _gdkEncryptionContext,- ("NumberOfBytes" .=) <$> _gdkNumberOfBytes,- ("GrantTokens" .=) <$> _gdkGrantTokens,- Just ("KeyId" .= _gdkKeyId)])--instance ToPath GenerateDataKey where- toPath = const "/"--instance ToQuery GenerateDataKey where- toQuery = const mempty---- | /See:/ 'generateDataKeyResponse' smart constructor.-data GenerateDataKeyResponse = GenerateDataKeyResponse'- { _gdkrsResponseStatus :: !Int- , _gdkrsKeyId :: !Text- , _gdkrsPlaintext :: !(Sensitive Base64)- , _gdkrsCiphertextBlob :: !Base64- } deriving (Eq, Show, Data, Typeable, Generic)----- | Creates a value of 'GenerateDataKeyResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gdkrsResponseStatus' - -- | The response status code.------ * 'gdkrsKeyId' - The identifier of the CMK under which the data encryption key was generated and encrypted.------ * 'gdkrsPlaintext' - The data encryption key. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded. Use this data key for local encryption and decryption, then remove it from memory as soon as possible.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'gdkrsCiphertextBlob' - The encrypted data encryption key. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-generateDataKeyResponse- :: Int -- ^ 'gdkrsResponseStatus'- -> Text -- ^ 'gdkrsKeyId'- -> ByteString -- ^ 'gdkrsPlaintext'- -> ByteString -- ^ 'gdkrsCiphertextBlob'- -> GenerateDataKeyResponse-generateDataKeyResponse pResponseStatus_ pKeyId_ pPlaintext_ pCiphertextBlob_ =- GenerateDataKeyResponse'- { _gdkrsResponseStatus = pResponseStatus_- , _gdkrsKeyId = pKeyId_- , _gdkrsPlaintext = _Sensitive . _Base64 # pPlaintext_- , _gdkrsCiphertextBlob = _Base64 # pCiphertextBlob_- }----- | -- | The response status code.-gdkrsResponseStatus :: Lens' GenerateDataKeyResponse Int-gdkrsResponseStatus = lens _gdkrsResponseStatus (\ s a -> s{_gdkrsResponseStatus = a})---- | The identifier of the CMK under which the data encryption key was generated and encrypted.-gdkrsKeyId :: Lens' GenerateDataKeyResponse Text-gdkrsKeyId = lens _gdkrsKeyId (\ s a -> s{_gdkrsKeyId = a})---- | The data encryption key. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded. Use this data key for local encryption and decryption, then remove it from memory as soon as possible.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-gdkrsPlaintext :: Lens' GenerateDataKeyResponse ByteString-gdkrsPlaintext = lens _gdkrsPlaintext (\ s a -> s{_gdkrsPlaintext = a}) . _Sensitive . _Base64---- | The encrypted data encryption key. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-gdkrsCiphertextBlob :: Lens' GenerateDataKeyResponse ByteString-gdkrsCiphertextBlob = lens _gdkrsCiphertextBlob (\ s a -> s{_gdkrsCiphertextBlob = a}) . _Base64--instance NFData GenerateDataKeyResponse where
− gen/Network/AWS/KMS/GenerateDataKeyWithoutPlaintext.hs
@@ -1,199 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.GenerateDataKeyWithoutPlaintext--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Returns a data encryption key encrypted under a customer master key (CMK). This operation is identical to 'GenerateDataKey' but returns only the encrypted copy of the data key.--------- To perform this operation on a CMK in a different AWS account, specify the key ARN or alias ARN in the value of the KeyId parameter.------ This operation is useful in a system that has multiple components with different degrees of trust. For example, consider a system that stores encrypted data in containers. Each container stores the encrypted data and an encrypted copy of the data key. One component of the system, called the /control plane/ , creates new containers. When it creates a new container, it uses this operation (@GenerateDataKeyWithoutPlaintext@ ) to get an encrypted data key and then stores it in the container. Later, a different component of the system, called the /data plane/ , puts encrypted data into the containers. To do this, it passes the encrypted data key to the 'Decrypt' operation, then uses the returned plaintext data key to encrypt data, and finally stores the encrypted data in the container. In this system, the control plane never sees the plaintext data key.----module Network.AWS.KMS.GenerateDataKeyWithoutPlaintext- (- -- * Creating a Request- generateDataKeyWithoutPlaintext- , GenerateDataKeyWithoutPlaintext- -- * Request Lenses- , gdkwpKeySpec- , gdkwpEncryptionContext- , gdkwpNumberOfBytes- , gdkwpGrantTokens- , gdkwpKeyId-- -- * Destructuring the Response- , generateDataKeyWithoutPlaintextResponse- , GenerateDataKeyWithoutPlaintextResponse- -- * Response Lenses- , gdkwprsKeyId- , gdkwprsCiphertextBlob- , gdkwprsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'generateDataKeyWithoutPlaintext' smart constructor.-data GenerateDataKeyWithoutPlaintext = GenerateDataKeyWithoutPlaintext'- { _gdkwpKeySpec :: !(Maybe DataKeySpec)- , _gdkwpEncryptionContext :: !(Maybe (Map Text Text))- , _gdkwpNumberOfBytes :: !(Maybe Nat)- , _gdkwpGrantTokens :: !(Maybe [Text])- , _gdkwpKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GenerateDataKeyWithoutPlaintext' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gdkwpKeySpec' - The length of the data encryption key. Use @AES_128@ to generate a 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.------ * 'gdkwpEncryptionContext' - A set of key-value pairs that represents additional authenticated data. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> in the /AWS Key Management Service Developer Guide/ .------ * 'gdkwpNumberOfBytes' - The length of the data encryption key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use the @KeySpec@ field instead of this one.------ * 'gdkwpGrantTokens' - A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .------ * 'gdkwpKeyId' - The identifier of the customer master key (CMK) under which to generate and encrypt the data encryption key. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .-generateDataKeyWithoutPlaintext- :: Text -- ^ 'gdkwpKeyId'- -> GenerateDataKeyWithoutPlaintext-generateDataKeyWithoutPlaintext pKeyId_ =- GenerateDataKeyWithoutPlaintext'- { _gdkwpKeySpec = Nothing- , _gdkwpEncryptionContext = Nothing- , _gdkwpNumberOfBytes = Nothing- , _gdkwpGrantTokens = Nothing- , _gdkwpKeyId = pKeyId_- }----- | The length of the data encryption key. Use @AES_128@ to generate a 128-bit symmetric key, or @AES_256@ to generate a 256-bit symmetric key.-gdkwpKeySpec :: Lens' GenerateDataKeyWithoutPlaintext (Maybe DataKeySpec)-gdkwpKeySpec = lens _gdkwpKeySpec (\ s a -> s{_gdkwpKeySpec = a})---- | A set of key-value pairs that represents additional authenticated data. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> in the /AWS Key Management Service Developer Guide/ .-gdkwpEncryptionContext :: Lens' GenerateDataKeyWithoutPlaintext (HashMap Text Text)-gdkwpEncryptionContext = lens _gdkwpEncryptionContext (\ s a -> s{_gdkwpEncryptionContext = a}) . _Default . _Map---- | The length of the data encryption key in bytes. For example, use the value 64 to generate a 512-bit data key (64 bytes is 512 bits). For common key lengths (128-bit and 256-bit symmetric keys), we recommend that you use the @KeySpec@ field instead of this one.-gdkwpNumberOfBytes :: Lens' GenerateDataKeyWithoutPlaintext (Maybe Natural)-gdkwpNumberOfBytes = lens _gdkwpNumberOfBytes (\ s a -> s{_gdkwpNumberOfBytes = a}) . mapping _Nat---- | A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .-gdkwpGrantTokens :: Lens' GenerateDataKeyWithoutPlaintext [Text]-gdkwpGrantTokens = lens _gdkwpGrantTokens (\ s a -> s{_gdkwpGrantTokens = a}) . _Default . _Coerce---- | The identifier of the customer master key (CMK) under which to generate and encrypt the data encryption key. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .-gdkwpKeyId :: Lens' GenerateDataKeyWithoutPlaintext Text-gdkwpKeyId = lens _gdkwpKeyId (\ s a -> s{_gdkwpKeyId = a})--instance AWSRequest GenerateDataKeyWithoutPlaintext- where- type Rs GenerateDataKeyWithoutPlaintext =- GenerateDataKeyWithoutPlaintextResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- GenerateDataKeyWithoutPlaintextResponse' <$>- (x .?> "KeyId") <*> (x .?> "CiphertextBlob") <*>- (pure (fromEnum s)))--instance Hashable GenerateDataKeyWithoutPlaintext- where--instance NFData GenerateDataKeyWithoutPlaintext where--instance ToHeaders GenerateDataKeyWithoutPlaintext- where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.GenerateDataKeyWithoutPlaintext" ::- ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON GenerateDataKeyWithoutPlaintext where- toJSON GenerateDataKeyWithoutPlaintext'{..}- = object- (catMaybes- [("KeySpec" .=) <$> _gdkwpKeySpec,- ("EncryptionContext" .=) <$> _gdkwpEncryptionContext,- ("NumberOfBytes" .=) <$> _gdkwpNumberOfBytes,- ("GrantTokens" .=) <$> _gdkwpGrantTokens,- Just ("KeyId" .= _gdkwpKeyId)])--instance ToPath GenerateDataKeyWithoutPlaintext where- toPath = const "/"--instance ToQuery GenerateDataKeyWithoutPlaintext- where- toQuery = const mempty---- | /See:/ 'generateDataKeyWithoutPlaintextResponse' smart constructor.-data GenerateDataKeyWithoutPlaintextResponse = GenerateDataKeyWithoutPlaintextResponse'- { _gdkwprsKeyId :: !(Maybe Text)- , _gdkwprsCiphertextBlob :: !(Maybe Base64)- , _gdkwprsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GenerateDataKeyWithoutPlaintextResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gdkwprsKeyId' - The identifier of the CMK under which the data encryption key was generated and encrypted.------ * 'gdkwprsCiphertextBlob' - The encrypted data encryption key. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'gdkwprsResponseStatus' - -- | The response status code.-generateDataKeyWithoutPlaintextResponse- :: Int -- ^ 'gdkwprsResponseStatus'- -> GenerateDataKeyWithoutPlaintextResponse-generateDataKeyWithoutPlaintextResponse pResponseStatus_ =- GenerateDataKeyWithoutPlaintextResponse'- { _gdkwprsKeyId = Nothing- , _gdkwprsCiphertextBlob = Nothing- , _gdkwprsResponseStatus = pResponseStatus_- }----- | The identifier of the CMK under which the data encryption key was generated and encrypted.-gdkwprsKeyId :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe Text)-gdkwprsKeyId = lens _gdkwprsKeyId (\ s a -> s{_gdkwprsKeyId = a})---- | The encrypted data encryption key. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-gdkwprsCiphertextBlob :: Lens' GenerateDataKeyWithoutPlaintextResponse (Maybe ByteString)-gdkwprsCiphertextBlob = lens _gdkwprsCiphertextBlob (\ s a -> s{_gdkwprsCiphertextBlob = a}) . mapping _Base64---- | -- | The response status code.-gdkwprsResponseStatus :: Lens' GenerateDataKeyWithoutPlaintextResponse Int-gdkwprsResponseStatus = lens _gdkwprsResponseStatus (\ s a -> s{_gdkwprsResponseStatus = a})--instance NFData- GenerateDataKeyWithoutPlaintextResponse- where
− gen/Network/AWS/KMS/GenerateRandom.hs
@@ -1,133 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.GenerateRandom--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Returns a random byte string that is cryptographically secure.--------- For more information about entropy and random number generation, see the <https://d0.awsstatic.com/whitepapers/KMS-Cryptographic-Details.pdf AWS Key Management Service Cryptographic Details> whitepaper.----module Network.AWS.KMS.GenerateRandom- (- -- * Creating a Request- generateRandom- , GenerateRandom- -- * Request Lenses- , grNumberOfBytes-- -- * Destructuring the Response- , generateRandomResponse- , GenerateRandomResponse- -- * Response Lenses- , grrsPlaintext- , grrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'generateRandom' smart constructor.-newtype GenerateRandom = GenerateRandom'- { _grNumberOfBytes :: Maybe Nat- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GenerateRandom' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'grNumberOfBytes' - The length of the byte string.-generateRandom- :: GenerateRandom-generateRandom = GenerateRandom' {_grNumberOfBytes = Nothing}----- | The length of the byte string.-grNumberOfBytes :: Lens' GenerateRandom (Maybe Natural)-grNumberOfBytes = lens _grNumberOfBytes (\ s a -> s{_grNumberOfBytes = a}) . mapping _Nat--instance AWSRequest GenerateRandom where- type Rs GenerateRandom = GenerateRandomResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- GenerateRandomResponse' <$>- (x .?> "Plaintext") <*> (pure (fromEnum s)))--instance Hashable GenerateRandom where--instance NFData GenerateRandom where--instance ToHeaders GenerateRandom where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.GenerateRandom" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON GenerateRandom where- toJSON GenerateRandom'{..}- = object- (catMaybes- [("NumberOfBytes" .=) <$> _grNumberOfBytes])--instance ToPath GenerateRandom where- toPath = const "/"--instance ToQuery GenerateRandom where- toQuery = const mempty---- | /See:/ 'generateRandomResponse' smart constructor.-data GenerateRandomResponse = GenerateRandomResponse'- { _grrsPlaintext :: !(Maybe (Sensitive Base64))- , _grrsResponseStatus :: !Int- } deriving (Eq, Show, Data, Typeable, Generic)----- | Creates a value of 'GenerateRandomResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'grrsPlaintext' - The random byte string. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'grrsResponseStatus' - -- | The response status code.-generateRandomResponse- :: Int -- ^ 'grrsResponseStatus'- -> GenerateRandomResponse-generateRandomResponse pResponseStatus_ =- GenerateRandomResponse'- {_grrsPlaintext = Nothing, _grrsResponseStatus = pResponseStatus_}----- | The random byte string. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-grrsPlaintext :: Lens' GenerateRandomResponse (Maybe ByteString)-grrsPlaintext = lens _grrsPlaintext (\ s a -> s{_grrsPlaintext = a}) . mapping (_Sensitive . _Base64)---- | -- | The response status code.-grrsResponseStatus :: Lens' GenerateRandomResponse Int-grrsResponseStatus = lens _grrsResponseStatus (\ s a -> s{_grrsResponseStatus = a})--instance NFData GenerateRandomResponse where
− gen/Network/AWS/KMS/GetKeyPolicy.hs
@@ -1,143 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.GetKeyPolicy--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Gets a key policy attached to the specified customer master key (CMK). You cannot perform this operation on a CMK in a different AWS account.-------module Network.AWS.KMS.GetKeyPolicy- (- -- * Creating a Request- getKeyPolicy- , GetKeyPolicy- -- * Request Lenses- , gkpKeyId- , gkpPolicyName-- -- * Destructuring the Response- , getKeyPolicyResponse- , GetKeyPolicyResponse- -- * Response Lenses- , gkprsPolicy- , gkprsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'getKeyPolicy' smart constructor.-data GetKeyPolicy = GetKeyPolicy'- { _gkpKeyId :: !Text- , _gkpPolicyName :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GetKeyPolicy' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gkpKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .------ * 'gkpPolicyName' - Specifies the name of the key policy. The only valid name is @default@ . To get the names of key policies, use 'ListKeyPolicies' .-getKeyPolicy- :: Text -- ^ 'gkpKeyId'- -> Text -- ^ 'gkpPolicyName'- -> GetKeyPolicy-getKeyPolicy pKeyId_ pPolicyName_ =- GetKeyPolicy' {_gkpKeyId = pKeyId_, _gkpPolicyName = pPolicyName_}----- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-gkpKeyId :: Lens' GetKeyPolicy Text-gkpKeyId = lens _gkpKeyId (\ s a -> s{_gkpKeyId = a})---- | Specifies the name of the key policy. The only valid name is @default@ . To get the names of key policies, use 'ListKeyPolicies' .-gkpPolicyName :: Lens' GetKeyPolicy Text-gkpPolicyName = lens _gkpPolicyName (\ s a -> s{_gkpPolicyName = a})--instance AWSRequest GetKeyPolicy where- type Rs GetKeyPolicy = GetKeyPolicyResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- GetKeyPolicyResponse' <$>- (x .?> "Policy") <*> (pure (fromEnum s)))--instance Hashable GetKeyPolicy where--instance NFData GetKeyPolicy where--instance ToHeaders GetKeyPolicy where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.GetKeyPolicy" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON GetKeyPolicy where- toJSON GetKeyPolicy'{..}- = object- (catMaybes- [Just ("KeyId" .= _gkpKeyId),- Just ("PolicyName" .= _gkpPolicyName)])--instance ToPath GetKeyPolicy where- toPath = const "/"--instance ToQuery GetKeyPolicy where- toQuery = const mempty---- | /See:/ 'getKeyPolicyResponse' smart constructor.-data GetKeyPolicyResponse = GetKeyPolicyResponse'- { _gkprsPolicy :: !(Maybe Text)- , _gkprsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GetKeyPolicyResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gkprsPolicy' - A key policy document in JSON format.------ * 'gkprsResponseStatus' - -- | The response status code.-getKeyPolicyResponse- :: Int -- ^ 'gkprsResponseStatus'- -> GetKeyPolicyResponse-getKeyPolicyResponse pResponseStatus_ =- GetKeyPolicyResponse'- {_gkprsPolicy = Nothing, _gkprsResponseStatus = pResponseStatus_}----- | A key policy document in JSON format.-gkprsPolicy :: Lens' GetKeyPolicyResponse (Maybe Text)-gkprsPolicy = lens _gkprsPolicy (\ s a -> s{_gkprsPolicy = a})---- | -- | The response status code.-gkprsResponseStatus :: Lens' GetKeyPolicyResponse Int-gkprsResponseStatus = lens _gkprsResponseStatus (\ s a -> s{_gkprsResponseStatus = a})--instance NFData GetKeyPolicyResponse where
− gen/Network/AWS/KMS/GetKeyRotationStatus.hs
@@ -1,135 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.GetKeyRotationStatus--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Gets a Boolean value that indicates whether automatic rotation of the key material is enabled for the specified customer master key (CMK).--------- To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the KeyId parameter.----module Network.AWS.KMS.GetKeyRotationStatus- (- -- * Creating a Request- getKeyRotationStatus- , GetKeyRotationStatus- -- * Request Lenses- , gkrsKeyId-- -- * Destructuring the Response- , getKeyRotationStatusResponse- , GetKeyRotationStatusResponse- -- * Response Lenses- , gkrsrsKeyRotationEnabled- , gkrsrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'getKeyRotationStatus' smart constructor.-newtype GetKeyRotationStatus = GetKeyRotationStatus'- { _gkrsKeyId :: Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GetKeyRotationStatus' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gkrsKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-getKeyRotationStatus- :: Text -- ^ 'gkrsKeyId'- -> GetKeyRotationStatus-getKeyRotationStatus pKeyId_ = GetKeyRotationStatus' {_gkrsKeyId = pKeyId_}----- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-gkrsKeyId :: Lens' GetKeyRotationStatus Text-gkrsKeyId = lens _gkrsKeyId (\ s a -> s{_gkrsKeyId = a})--instance AWSRequest GetKeyRotationStatus where- type Rs GetKeyRotationStatus =- GetKeyRotationStatusResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- GetKeyRotationStatusResponse' <$>- (x .?> "KeyRotationEnabled") <*> (pure (fromEnum s)))--instance Hashable GetKeyRotationStatus where--instance NFData GetKeyRotationStatus where--instance ToHeaders GetKeyRotationStatus where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.GetKeyRotationStatus" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON GetKeyRotationStatus where- toJSON GetKeyRotationStatus'{..}- = object (catMaybes [Just ("KeyId" .= _gkrsKeyId)])--instance ToPath GetKeyRotationStatus where- toPath = const "/"--instance ToQuery GetKeyRotationStatus where- toQuery = const mempty---- | /See:/ 'getKeyRotationStatusResponse' smart constructor.-data GetKeyRotationStatusResponse = GetKeyRotationStatusResponse'- { _gkrsrsKeyRotationEnabled :: !(Maybe Bool)- , _gkrsrsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GetKeyRotationStatusResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gkrsrsKeyRotationEnabled' - A Boolean value that specifies whether key rotation is enabled.------ * 'gkrsrsResponseStatus' - -- | The response status code.-getKeyRotationStatusResponse- :: Int -- ^ 'gkrsrsResponseStatus'- -> GetKeyRotationStatusResponse-getKeyRotationStatusResponse pResponseStatus_ =- GetKeyRotationStatusResponse'- { _gkrsrsKeyRotationEnabled = Nothing- , _gkrsrsResponseStatus = pResponseStatus_- }----- | A Boolean value that specifies whether key rotation is enabled.-gkrsrsKeyRotationEnabled :: Lens' GetKeyRotationStatusResponse (Maybe Bool)-gkrsrsKeyRotationEnabled = lens _gkrsrsKeyRotationEnabled (\ s a -> s{_gkrsrsKeyRotationEnabled = a})---- | -- | The response status code.-gkrsrsResponseStatus :: Lens' GetKeyRotationStatusResponse Int-gkrsrsResponseStatus = lens _gkrsrsResponseStatus (\ s a -> s{_gkrsrsResponseStatus = a})--instance NFData GetKeyRotationStatusResponse where
− gen/Network/AWS/KMS/GetParametersForImport.hs
@@ -1,195 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.GetParametersForImport--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Returns the items you need in order to import key material into AWS KMS from your existing key management infrastructure. For more information about importing key material into AWS KMS, see <http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material> in the /AWS Key Management Service Developer Guide/ .--------- You must specify the key ID of the customer master key (CMK) into which you will import key material. This CMK's @Origin@ must be @EXTERNAL@ . You must also specify the wrapping algorithm and type of wrapping key (public key) that you will use to encrypt the key material. You cannot perform this operation on a CMK in a different AWS account.------ This operation returns a public key and an import token. Use the public key to encrypt the key material. Store the import token to send with a subsequent 'ImportKeyMaterial' request. The public key and import token from the same response must be used together. These items are valid for 24 hours. When they expire, they cannot be used for a subsequent 'ImportKeyMaterial' request. To get new ones, send another @GetParametersForImport@ request.----module Network.AWS.KMS.GetParametersForImport- (- -- * Creating a Request- getParametersForImport- , GetParametersForImport- -- * Request Lenses- , gpfiKeyId- , gpfiWrappingAlgorithm- , gpfiWrappingKeySpec-- -- * Destructuring the Response- , getParametersForImportResponse- , GetParametersForImportResponse- -- * Response Lenses- , gpfirsKeyId- , gpfirsPublicKey- , gpfirsParametersValidTo- , gpfirsImportToken- , gpfirsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'getParametersForImport' smart constructor.-data GetParametersForImport = GetParametersForImport'- { _gpfiKeyId :: !Text- , _gpfiWrappingAlgorithm :: !AlgorithmSpec- , _gpfiWrappingKeySpec :: !WrappingKeySpec- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GetParametersForImport' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gpfiKeyId' - The identifier of the CMK into which you will import key material. The CMK's @Origin@ must be @EXTERNAL@ . Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .------ * 'gpfiWrappingAlgorithm' - The algorithm you will use to encrypt the key material before importing it with 'ImportKeyMaterial' . For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html Encrypt the Key Material> in the /AWS Key Management Service Developer Guide/ .------ * 'gpfiWrappingKeySpec' - The type of wrapping key (public key) to return in the response. Only 2048-bit RSA public keys are supported.-getParametersForImport- :: Text -- ^ 'gpfiKeyId'- -> AlgorithmSpec -- ^ 'gpfiWrappingAlgorithm'- -> WrappingKeySpec -- ^ 'gpfiWrappingKeySpec'- -> GetParametersForImport-getParametersForImport pKeyId_ pWrappingAlgorithm_ pWrappingKeySpec_ =- GetParametersForImport'- { _gpfiKeyId = pKeyId_- , _gpfiWrappingAlgorithm = pWrappingAlgorithm_- , _gpfiWrappingKeySpec = pWrappingKeySpec_- }----- | The identifier of the CMK into which you will import key material. The CMK's @Origin@ must be @EXTERNAL@ . Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-gpfiKeyId :: Lens' GetParametersForImport Text-gpfiKeyId = lens _gpfiKeyId (\ s a -> s{_gpfiKeyId = a})---- | The algorithm you will use to encrypt the key material before importing it with 'ImportKeyMaterial' . For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html Encrypt the Key Material> in the /AWS Key Management Service Developer Guide/ .-gpfiWrappingAlgorithm :: Lens' GetParametersForImport AlgorithmSpec-gpfiWrappingAlgorithm = lens _gpfiWrappingAlgorithm (\ s a -> s{_gpfiWrappingAlgorithm = a})---- | The type of wrapping key (public key) to return in the response. Only 2048-bit RSA public keys are supported.-gpfiWrappingKeySpec :: Lens' GetParametersForImport WrappingKeySpec-gpfiWrappingKeySpec = lens _gpfiWrappingKeySpec (\ s a -> s{_gpfiWrappingKeySpec = a})--instance AWSRequest GetParametersForImport where- type Rs GetParametersForImport =- GetParametersForImportResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- GetParametersForImportResponse' <$>- (x .?> "KeyId") <*> (x .?> "PublicKey") <*>- (x .?> "ParametersValidTo")- <*> (x .?> "ImportToken")- <*> (pure (fromEnum s)))--instance Hashable GetParametersForImport where--instance NFData GetParametersForImport where--instance ToHeaders GetParametersForImport where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.GetParametersForImport" ::- ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON GetParametersForImport where- toJSON GetParametersForImport'{..}- = object- (catMaybes- [Just ("KeyId" .= _gpfiKeyId),- Just ("WrappingAlgorithm" .= _gpfiWrappingAlgorithm),- Just ("WrappingKeySpec" .= _gpfiWrappingKeySpec)])--instance ToPath GetParametersForImport where- toPath = const "/"--instance ToQuery GetParametersForImport where- toQuery = const mempty---- | /See:/ 'getParametersForImportResponse' smart constructor.-data GetParametersForImportResponse = GetParametersForImportResponse'- { _gpfirsKeyId :: !(Maybe Text)- , _gpfirsPublicKey :: !(Maybe (Sensitive Base64))- , _gpfirsParametersValidTo :: !(Maybe POSIX)- , _gpfirsImportToken :: !(Maybe Base64)- , _gpfirsResponseStatus :: !Int- } deriving (Eq, Show, Data, Typeable, Generic)----- | Creates a value of 'GetParametersForImportResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gpfirsKeyId' - The identifier of the CMK to use in a subsequent 'ImportKeyMaterial' request. This is the same CMK specified in the @GetParametersForImport@ request.------ * 'gpfirsPublicKey' - The public key to use to encrypt the key material before importing it with 'ImportKeyMaterial' .-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'gpfirsParametersValidTo' - The time at which the import token and public key are no longer valid. After this time, you cannot use them to make an 'ImportKeyMaterial' request and you must send another @GetParametersForImport@ request to get new ones.------ * 'gpfirsImportToken' - The import token to send in a subsequent 'ImportKeyMaterial' request.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'gpfirsResponseStatus' - -- | The response status code.-getParametersForImportResponse- :: Int -- ^ 'gpfirsResponseStatus'- -> GetParametersForImportResponse-getParametersForImportResponse pResponseStatus_ =- GetParametersForImportResponse'- { _gpfirsKeyId = Nothing- , _gpfirsPublicKey = Nothing- , _gpfirsParametersValidTo = Nothing- , _gpfirsImportToken = Nothing- , _gpfirsResponseStatus = pResponseStatus_- }----- | The identifier of the CMK to use in a subsequent 'ImportKeyMaterial' request. This is the same CMK specified in the @GetParametersForImport@ request.-gpfirsKeyId :: Lens' GetParametersForImportResponse (Maybe Text)-gpfirsKeyId = lens _gpfirsKeyId (\ s a -> s{_gpfirsKeyId = a})---- | The public key to use to encrypt the key material before importing it with 'ImportKeyMaterial' .-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-gpfirsPublicKey :: Lens' GetParametersForImportResponse (Maybe ByteString)-gpfirsPublicKey = lens _gpfirsPublicKey (\ s a -> s{_gpfirsPublicKey = a}) . mapping (_Sensitive . _Base64)---- | The time at which the import token and public key are no longer valid. After this time, you cannot use them to make an 'ImportKeyMaterial' request and you must send another @GetParametersForImport@ request to get new ones.-gpfirsParametersValidTo :: Lens' GetParametersForImportResponse (Maybe UTCTime)-gpfirsParametersValidTo = lens _gpfirsParametersValidTo (\ s a -> s{_gpfirsParametersValidTo = a}) . mapping _Time---- | The import token to send in a subsequent 'ImportKeyMaterial' request.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-gpfirsImportToken :: Lens' GetParametersForImportResponse (Maybe ByteString)-gpfirsImportToken = lens _gpfirsImportToken (\ s a -> s{_gpfirsImportToken = a}) . mapping _Base64---- | -- | The response status code.-gpfirsResponseStatus :: Lens' GetParametersForImportResponse Int-gpfirsResponseStatus = lens _gpfirsResponseStatus (\ s a -> s{_gpfirsResponseStatus = a})--instance NFData GetParametersForImportResponse where
− gen/Network/AWS/KMS/ImportKeyMaterial.hs
@@ -1,187 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.ImportKeyMaterial--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Imports key material into an existing AWS KMS customer master key (CMK) that was created without key material. You cannot perform this operation on a CMK in a different AWS account. For more information about creating CMKs with no key material and then importing key material, see <http://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html Importing Key Material> in the /AWS Key Management Service Developer Guide/ .--------- Before using this operation, call 'GetParametersForImport' . Its response includes a public key and an import token. Use the public key to encrypt the key material. Then, submit the import token from the same @GetParametersForImport@ response.------ When calling this operation, you must specify the following values:------ * The key ID or key ARN of a CMK with no key material. Its @Origin@ must be @EXTERNAL@ .------ To create a CMK with no key material, call 'CreateKey' and set the value of its @Origin@ parameter to @EXTERNAL@ . To get the @Origin@ of a CMK, call 'DescribeKey' .)------ * The encrypted key material. To get the public key to encrypt the key material, call 'GetParametersForImport' .------ * The import token that 'GetParametersForImport' returned. This token and the public key used to encrypt the key material must have come from the same response.------ * Whether the key material expires and if so, when. If you set an expiration date, you can change it only by reimporting the same key material and specifying a new expiration date. If the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. To use the CMK again, you must reimport the same key material.------------ When this operation is successful, the CMK's key state changes from @PendingImport@ to @Enabled@ , and you can use the CMK. After you successfully import key material into a CMK, you can reimport the same key material into that CMK, but you cannot import different key material.----module Network.AWS.KMS.ImportKeyMaterial- (- -- * Creating a Request- importKeyMaterial- , ImportKeyMaterial- -- * Request Lenses- , ikmExpirationModel- , ikmValidTo- , ikmKeyId- , ikmImportToken- , ikmEncryptedKeyMaterial-- -- * Destructuring the Response- , importKeyMaterialResponse- , ImportKeyMaterialResponse- -- * Response Lenses- , ikmrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'importKeyMaterial' smart constructor.-data ImportKeyMaterial = ImportKeyMaterial'- { _ikmExpirationModel :: !(Maybe ExpirationModelType)- , _ikmValidTo :: !(Maybe POSIX)- , _ikmKeyId :: !Text- , _ikmImportToken :: !Base64- , _ikmEncryptedKeyMaterial :: !Base64- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ImportKeyMaterial' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ikmExpirationModel' - Specifies whether the key material expires. The default is @KEY_MATERIAL_EXPIRES@ , in which case you must include the @ValidTo@ parameter. When this parameter is set to @KEY_MATERIAL_DOES_NOT_EXPIRE@ , you must omit the @ValidTo@ parameter.------ * 'ikmValidTo' - The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. You must omit this parameter when the @ExpirationModel@ parameter is set to @KEY_MATERIAL_DOES_NOT_EXPIRE@ . Otherwise it is required.------ * 'ikmKeyId' - The identifier of the CMK to import the key material into. The CMK's @Origin@ must be @EXTERNAL@ . Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .------ * 'ikmImportToken' - The import token that you received in the response to a previous 'GetParametersForImport' request. It must be from the same response that contained the public key that you used to encrypt the key material.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'ikmEncryptedKeyMaterial' - The encrypted key material to import. It must be encrypted with the public key that you received in the response to a previous 'GetParametersForImport' request, using the wrapping algorithm that you specified in that request.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-importKeyMaterial- :: Text -- ^ 'ikmKeyId'- -> ByteString -- ^ 'ikmImportToken'- -> ByteString -- ^ 'ikmEncryptedKeyMaterial'- -> ImportKeyMaterial-importKeyMaterial pKeyId_ pImportToken_ pEncryptedKeyMaterial_ =- ImportKeyMaterial'- { _ikmExpirationModel = Nothing- , _ikmValidTo = Nothing- , _ikmKeyId = pKeyId_- , _ikmImportToken = _Base64 # pImportToken_- , _ikmEncryptedKeyMaterial = _Base64 # pEncryptedKeyMaterial_- }----- | Specifies whether the key material expires. The default is @KEY_MATERIAL_EXPIRES@ , in which case you must include the @ValidTo@ parameter. When this parameter is set to @KEY_MATERIAL_DOES_NOT_EXPIRE@ , you must omit the @ValidTo@ parameter.-ikmExpirationModel :: Lens' ImportKeyMaterial (Maybe ExpirationModelType)-ikmExpirationModel = lens _ikmExpirationModel (\ s a -> s{_ikmExpirationModel = a})---- | The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. You must omit this parameter when the @ExpirationModel@ parameter is set to @KEY_MATERIAL_DOES_NOT_EXPIRE@ . Otherwise it is required.-ikmValidTo :: Lens' ImportKeyMaterial (Maybe UTCTime)-ikmValidTo = lens _ikmValidTo (\ s a -> s{_ikmValidTo = a}) . mapping _Time---- | The identifier of the CMK to import the key material into. The CMK's @Origin@ must be @EXTERNAL@ . Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-ikmKeyId :: Lens' ImportKeyMaterial Text-ikmKeyId = lens _ikmKeyId (\ s a -> s{_ikmKeyId = a})---- | The import token that you received in the response to a previous 'GetParametersForImport' request. It must be from the same response that contained the public key that you used to encrypt the key material.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-ikmImportToken :: Lens' ImportKeyMaterial ByteString-ikmImportToken = lens _ikmImportToken (\ s a -> s{_ikmImportToken = a}) . _Base64---- | The encrypted key material to import. It must be encrypted with the public key that you received in the response to a previous 'GetParametersForImport' request, using the wrapping algorithm that you specified in that request.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-ikmEncryptedKeyMaterial :: Lens' ImportKeyMaterial ByteString-ikmEncryptedKeyMaterial = lens _ikmEncryptedKeyMaterial (\ s a -> s{_ikmEncryptedKeyMaterial = a}) . _Base64--instance AWSRequest ImportKeyMaterial where- type Rs ImportKeyMaterial = ImportKeyMaterialResponse- request = postJSON kms- response- = receiveEmpty- (\ s h x ->- ImportKeyMaterialResponse' <$> (pure (fromEnum s)))--instance Hashable ImportKeyMaterial where--instance NFData ImportKeyMaterial where--instance ToHeaders ImportKeyMaterial where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.ImportKeyMaterial" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON ImportKeyMaterial where- toJSON ImportKeyMaterial'{..}- = object- (catMaybes- [("ExpirationModel" .=) <$> _ikmExpirationModel,- ("ValidTo" .=) <$> _ikmValidTo,- Just ("KeyId" .= _ikmKeyId),- Just ("ImportToken" .= _ikmImportToken),- Just- ("EncryptedKeyMaterial" .=- _ikmEncryptedKeyMaterial)])--instance ToPath ImportKeyMaterial where- toPath = const "/"--instance ToQuery ImportKeyMaterial where- toQuery = const mempty---- | /See:/ 'importKeyMaterialResponse' smart constructor.-newtype ImportKeyMaterialResponse = ImportKeyMaterialResponse'- { _ikmrsResponseStatus :: Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ImportKeyMaterialResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ikmrsResponseStatus' - -- | The response status code.-importKeyMaterialResponse- :: Int -- ^ 'ikmrsResponseStatus'- -> ImportKeyMaterialResponse-importKeyMaterialResponse pResponseStatus_ =- ImportKeyMaterialResponse' {_ikmrsResponseStatus = pResponseStatus_}----- | -- | The response status code.-ikmrsResponseStatus :: Lens' ImportKeyMaterialResponse Int-ikmrsResponseStatus = lens _ikmrsResponseStatus (\ s a -> s{_ikmrsResponseStatus = a})--instance NFData ImportKeyMaterialResponse where
− gen/Network/AWS/KMS/ListAliases.hs
@@ -1,174 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.ListAliases--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Gets a list of all aliases in the caller's AWS account and region. You cannot list aliases in other accounts. For more information about aliases, see 'CreateAlias' .--------- The response might include several aliases that do not have a @TargetKeyId@ field because they are not associated with a CMK. These are predefined aliases that are reserved for CMKs managed by AWS services. If an alias is not associated with a CMK, the alias does not count against the <http://docs.aws.amazon.com/kms/latest/developerguide/limits.html#aliases-limit alias limit> for your account.--------- This operation returns paginated results.-module Network.AWS.KMS.ListAliases- (- -- * Creating a Request- listAliases- , ListAliases- -- * Request Lenses- , laMarker- , laLimit-- -- * Destructuring the Response- , listAliasesResponse- , ListAliasesResponse- -- * Response Lenses- , larsTruncated- , larsAliases- , larsNextMarker- , larsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Pager-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'listAliases' smart constructor.-data ListAliases = ListAliases'- { _laMarker :: !(Maybe Text)- , _laLimit :: !(Maybe Nat)- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListAliases' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'laMarker' - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.------ * 'laLimit' - Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.-listAliases- :: ListAliases-listAliases = ListAliases' {_laMarker = Nothing, _laLimit = Nothing}----- | Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.-laMarker :: Lens' ListAliases (Maybe Text)-laMarker = lens _laMarker (\ s a -> s{_laMarker = a})---- | Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.-laLimit :: Lens' ListAliases (Maybe Natural)-laLimit = lens _laLimit (\ s a -> s{_laLimit = a}) . mapping _Nat--instance AWSPager ListAliases where- page rq rs- | stop (rs ^. larsTruncated) = Nothing- | isNothing (rs ^. larsNextMarker) = Nothing- | otherwise =- Just $ rq & laMarker .~ rs ^. larsNextMarker--instance AWSRequest ListAliases where- type Rs ListAliases = ListAliasesResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- ListAliasesResponse' <$>- (x .?> "Truncated") <*> (x .?> "Aliases" .!@ mempty)- <*> (x .?> "NextMarker")- <*> (pure (fromEnum s)))--instance Hashable ListAliases where--instance NFData ListAliases where--instance ToHeaders ListAliases where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.ListAliases" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON ListAliases where- toJSON ListAliases'{..}- = object- (catMaybes- [("Marker" .=) <$> _laMarker,- ("Limit" .=) <$> _laLimit])--instance ToPath ListAliases where- toPath = const "/"--instance ToQuery ListAliases where- toQuery = const mempty---- | /See:/ 'listAliasesResponse' smart constructor.-data ListAliasesResponse = ListAliasesResponse'- { _larsTruncated :: !(Maybe Bool)- , _larsAliases :: !(Maybe [AliasListEntry])- , _larsNextMarker :: !(Maybe Text)- , _larsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListAliasesResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'larsTruncated' - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.------ * 'larsAliases' - A list of aliases.------ * 'larsNextMarker' - When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request.------ * 'larsResponseStatus' - -- | The response status code.-listAliasesResponse- :: Int -- ^ 'larsResponseStatus'- -> ListAliasesResponse-listAliasesResponse pResponseStatus_ =- ListAliasesResponse'- { _larsTruncated = Nothing- , _larsAliases = Nothing- , _larsNextMarker = Nothing- , _larsResponseStatus = pResponseStatus_- }----- | A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.-larsTruncated :: Lens' ListAliasesResponse (Maybe Bool)-larsTruncated = lens _larsTruncated (\ s a -> s{_larsTruncated = a})---- | A list of aliases.-larsAliases :: Lens' ListAliasesResponse [AliasListEntry]-larsAliases = lens _larsAliases (\ s a -> s{_larsAliases = a}) . _Default . _Coerce---- | When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request.-larsNextMarker :: Lens' ListAliasesResponse (Maybe Text)-larsNextMarker = lens _larsNextMarker (\ s a -> s{_larsNextMarker = a})---- | -- | The response status code.-larsResponseStatus :: Lens' ListAliasesResponse Int-larsResponseStatus = lens _larsResponseStatus (\ s a -> s{_larsResponseStatus = a})--instance NFData ListAliasesResponse where
− gen/Network/AWS/KMS/ListGrants.hs
@@ -1,128 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.ListGrants--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Gets a list of all grants for the specified customer master key (CMK).--------- To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the KeyId parameter.--------- This operation returns paginated results.-module Network.AWS.KMS.ListGrants- (- -- * Creating a Request- listGrants- , ListGrants- -- * Request Lenses- , lgMarker- , lgLimit- , lgKeyId-- -- * Destructuring the Response- , listGrantsResponse- , ListGrantsResponse- -- * Response Lenses- , lgTruncated- , lgGrants- , lgNextMarker- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Pager-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'listGrants' smart constructor.-data ListGrants = ListGrants'- { _lgMarker :: !(Maybe Text)- , _lgLimit :: !(Maybe Nat)- , _lgKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListGrants' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lgMarker' - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.------ * 'lgLimit' - Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.------ * 'lgKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-listGrants- :: Text -- ^ 'lgKeyId'- -> ListGrants-listGrants pKeyId_ =- ListGrants' {_lgMarker = Nothing, _lgLimit = Nothing, _lgKeyId = pKeyId_}----- | Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.-lgMarker :: Lens' ListGrants (Maybe Text)-lgMarker = lens _lgMarker (\ s a -> s{_lgMarker = a})---- | Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.-lgLimit :: Lens' ListGrants (Maybe Natural)-lgLimit = lens _lgLimit (\ s a -> s{_lgLimit = a}) . mapping _Nat---- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-lgKeyId :: Lens' ListGrants Text-lgKeyId = lens _lgKeyId (\ s a -> s{_lgKeyId = a})--instance AWSPager ListGrants where- page rq rs- | stop (rs ^. lgTruncated) = Nothing- | isNothing (rs ^. lgNextMarker) = Nothing- | otherwise =- Just $ rq & lgMarker .~ rs ^. lgNextMarker--instance AWSRequest ListGrants where- type Rs ListGrants = ListGrantsResponse- request = postJSON kms- response = receiveJSON (\ s h x -> eitherParseJSON x)--instance Hashable ListGrants where--instance NFData ListGrants where--instance ToHeaders ListGrants where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.ListGrants" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON ListGrants where- toJSON ListGrants'{..}- = object- (catMaybes- [("Marker" .=) <$> _lgMarker,- ("Limit" .=) <$> _lgLimit,- Just ("KeyId" .= _lgKeyId)])--instance ToPath ListGrants where- toPath = const "/"--instance ToQuery ListGrants where- toQuery = const mempty
− gen/Network/AWS/KMS/ListKeyPolicies.hs
@@ -1,185 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.ListKeyPolicies--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Gets the names of the key policies that are attached to a customer master key (CMK). This operation is designed to get policy names that you can use in a 'GetKeyPolicy' operation. However, the only valid policy name is @default@ . You cannot perform this operation on a CMK in a different AWS account.------------ This operation returns paginated results.-module Network.AWS.KMS.ListKeyPolicies- (- -- * Creating a Request- listKeyPolicies- , ListKeyPolicies- -- * Request Lenses- , lkpMarker- , lkpLimit- , lkpKeyId-- -- * Destructuring the Response- , listKeyPoliciesResponse- , ListKeyPoliciesResponse- -- * Response Lenses- , lkprsPolicyNames- , lkprsTruncated- , lkprsNextMarker- , lkprsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Pager-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'listKeyPolicies' smart constructor.-data ListKeyPolicies = ListKeyPolicies'- { _lkpMarker :: !(Maybe Text)- , _lkpLimit :: !(Maybe Nat)- , _lkpKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListKeyPolicies' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lkpMarker' - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.------ * 'lkpLimit' - Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 1000, inclusive. If you do not include a value, it defaults to 100. Currently only 1 policy can be attached to a key.------ * 'lkpKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-listKeyPolicies- :: Text -- ^ 'lkpKeyId'- -> ListKeyPolicies-listKeyPolicies pKeyId_ =- ListKeyPolicies'- {_lkpMarker = Nothing, _lkpLimit = Nothing, _lkpKeyId = pKeyId_}----- | Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.-lkpMarker :: Lens' ListKeyPolicies (Maybe Text)-lkpMarker = lens _lkpMarker (\ s a -> s{_lkpMarker = a})---- | Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 1000, inclusive. If you do not include a value, it defaults to 100. Currently only 1 policy can be attached to a key.-lkpLimit :: Lens' ListKeyPolicies (Maybe Natural)-lkpLimit = lens _lkpLimit (\ s a -> s{_lkpLimit = a}) . mapping _Nat---- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-lkpKeyId :: Lens' ListKeyPolicies Text-lkpKeyId = lens _lkpKeyId (\ s a -> s{_lkpKeyId = a})--instance AWSPager ListKeyPolicies where- page rq rs- | stop (rs ^. lkprsTruncated) = Nothing- | isNothing (rs ^. lkprsNextMarker) = Nothing- | otherwise =- Just $ rq & lkpMarker .~ rs ^. lkprsNextMarker--instance AWSRequest ListKeyPolicies where- type Rs ListKeyPolicies = ListKeyPoliciesResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- ListKeyPoliciesResponse' <$>- (x .?> "PolicyNames" .!@ mempty) <*>- (x .?> "Truncated")- <*> (x .?> "NextMarker")- <*> (pure (fromEnum s)))--instance Hashable ListKeyPolicies where--instance NFData ListKeyPolicies where--instance ToHeaders ListKeyPolicies where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.ListKeyPolicies" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON ListKeyPolicies where- toJSON ListKeyPolicies'{..}- = object- (catMaybes- [("Marker" .=) <$> _lkpMarker,- ("Limit" .=) <$> _lkpLimit,- Just ("KeyId" .= _lkpKeyId)])--instance ToPath ListKeyPolicies where- toPath = const "/"--instance ToQuery ListKeyPolicies where- toQuery = const mempty---- | /See:/ 'listKeyPoliciesResponse' smart constructor.-data ListKeyPoliciesResponse = ListKeyPoliciesResponse'- { _lkprsPolicyNames :: !(Maybe [Text])- , _lkprsTruncated :: !(Maybe Bool)- , _lkprsNextMarker :: !(Maybe Text)- , _lkprsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListKeyPoliciesResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lkprsPolicyNames' - A list of key policy names. Currently, there is only one key policy per CMK and it is always named @default@ .------ * 'lkprsTruncated' - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.------ * 'lkprsNextMarker' - When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request.------ * 'lkprsResponseStatus' - -- | The response status code.-listKeyPoliciesResponse- :: Int -- ^ 'lkprsResponseStatus'- -> ListKeyPoliciesResponse-listKeyPoliciesResponse pResponseStatus_ =- ListKeyPoliciesResponse'- { _lkprsPolicyNames = Nothing- , _lkprsTruncated = Nothing- , _lkprsNextMarker = Nothing- , _lkprsResponseStatus = pResponseStatus_- }----- | A list of key policy names. Currently, there is only one key policy per CMK and it is always named @default@ .-lkprsPolicyNames :: Lens' ListKeyPoliciesResponse [Text]-lkprsPolicyNames = lens _lkprsPolicyNames (\ s a -> s{_lkprsPolicyNames = a}) . _Default . _Coerce---- | A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.-lkprsTruncated :: Lens' ListKeyPoliciesResponse (Maybe Bool)-lkprsTruncated = lens _lkprsTruncated (\ s a -> s{_lkprsTruncated = a})---- | When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request.-lkprsNextMarker :: Lens' ListKeyPoliciesResponse (Maybe Text)-lkprsNextMarker = lens _lkprsNextMarker (\ s a -> s{_lkprsNextMarker = a})---- | -- | The response status code.-lkprsResponseStatus :: Lens' ListKeyPoliciesResponse Int-lkprsResponseStatus = lens _lkprsResponseStatus (\ s a -> s{_lkprsResponseStatus = a})--instance NFData ListKeyPoliciesResponse where
− gen/Network/AWS/KMS/ListKeys.hs
@@ -1,172 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.ListKeys--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Gets a list of all customer master keys (CMKs) in the caller's AWS account and region.------------ This operation returns paginated results.-module Network.AWS.KMS.ListKeys- (- -- * Creating a Request- listKeys- , ListKeys- -- * Request Lenses- , lkMarker- , lkLimit-- -- * Destructuring the Response- , listKeysResponse- , ListKeysResponse- -- * Response Lenses- , lkrsTruncated- , lkrsKeys- , lkrsNextMarker- , lkrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Pager-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'listKeys' smart constructor.-data ListKeys = ListKeys'- { _lkMarker :: !(Maybe Text)- , _lkLimit :: !(Maybe Nat)- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListKeys' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lkMarker' - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.------ * 'lkLimit' - Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 1000, inclusive. If you do not include a value, it defaults to 100.-listKeys- :: ListKeys-listKeys = ListKeys' {_lkMarker = Nothing, _lkLimit = Nothing}----- | Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.-lkMarker :: Lens' ListKeys (Maybe Text)-lkMarker = lens _lkMarker (\ s a -> s{_lkMarker = a})---- | Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 1000, inclusive. If you do not include a value, it defaults to 100.-lkLimit :: Lens' ListKeys (Maybe Natural)-lkLimit = lens _lkLimit (\ s a -> s{_lkLimit = a}) . mapping _Nat--instance AWSPager ListKeys where- page rq rs- | stop (rs ^. lkrsTruncated) = Nothing- | isNothing (rs ^. lkrsNextMarker) = Nothing- | otherwise =- Just $ rq & lkMarker .~ rs ^. lkrsNextMarker--instance AWSRequest ListKeys where- type Rs ListKeys = ListKeysResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- ListKeysResponse' <$>- (x .?> "Truncated") <*> (x .?> "Keys" .!@ mempty) <*>- (x .?> "NextMarker")- <*> (pure (fromEnum s)))--instance Hashable ListKeys where--instance NFData ListKeys where--instance ToHeaders ListKeys where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.ListKeys" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON ListKeys where- toJSON ListKeys'{..}- = object- (catMaybes- [("Marker" .=) <$> _lkMarker,- ("Limit" .=) <$> _lkLimit])--instance ToPath ListKeys where- toPath = const "/"--instance ToQuery ListKeys where- toQuery = const mempty---- | /See:/ 'listKeysResponse' smart constructor.-data ListKeysResponse = ListKeysResponse'- { _lkrsTruncated :: !(Maybe Bool)- , _lkrsKeys :: !(Maybe [KeyListEntry])- , _lkrsNextMarker :: !(Maybe Text)- , _lkrsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListKeysResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lkrsTruncated' - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.------ * 'lkrsKeys' - A list of customer master keys (CMKs).------ * 'lkrsNextMarker' - When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request.------ * 'lkrsResponseStatus' - -- | The response status code.-listKeysResponse- :: Int -- ^ 'lkrsResponseStatus'- -> ListKeysResponse-listKeysResponse pResponseStatus_ =- ListKeysResponse'- { _lkrsTruncated = Nothing- , _lkrsKeys = Nothing- , _lkrsNextMarker = Nothing- , _lkrsResponseStatus = pResponseStatus_- }----- | A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.-lkrsTruncated :: Lens' ListKeysResponse (Maybe Bool)-lkrsTruncated = lens _lkrsTruncated (\ s a -> s{_lkrsTruncated = a})---- | A list of customer master keys (CMKs).-lkrsKeys :: Lens' ListKeysResponse [KeyListEntry]-lkrsKeys = lens _lkrsKeys (\ s a -> s{_lkrsKeys = a}) . _Default . _Coerce---- | When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request.-lkrsNextMarker :: Lens' ListKeysResponse (Maybe Text)-lkrsNextMarker = lens _lkrsNextMarker (\ s a -> s{_lkrsNextMarker = a})---- | -- | The response status code.-lkrsResponseStatus :: Lens' ListKeysResponse Int-lkrsResponseStatus = lens _lkrsResponseStatus (\ s a -> s{_lkrsResponseStatus = a})--instance NFData ListKeysResponse where
− gen/Network/AWS/KMS/ListResourceTags.hs
@@ -1,176 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.ListResourceTags--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Returns a list of all tags for the specified customer master key (CMK).--------- You cannot perform this operation on a CMK in a different AWS account.----module Network.AWS.KMS.ListResourceTags- (- -- * Creating a Request- listResourceTags- , ListResourceTags- -- * Request Lenses- , lrtMarker- , lrtLimit- , lrtKeyId-- -- * Destructuring the Response- , listResourceTagsResponse- , ListResourceTagsResponse- -- * Response Lenses- , lrtrsTruncated- , lrtrsNextMarker- , lrtrsTags- , lrtrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'listResourceTags' smart constructor.-data ListResourceTags = ListResourceTags'- { _lrtMarker :: !(Maybe Text)- , _lrtLimit :: !(Maybe Nat)- , _lrtKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListResourceTags' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lrtMarker' - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received. Do not attempt to construct this value. Use only the value of @NextMarker@ from the truncated response you just received.------ * 'lrtLimit' - Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 50, inclusive. If you do not include a value, it defaults to 50.------ * 'lrtKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-listResourceTags- :: Text -- ^ 'lrtKeyId'- -> ListResourceTags-listResourceTags pKeyId_ =- ListResourceTags'- {_lrtMarker = Nothing, _lrtLimit = Nothing, _lrtKeyId = pKeyId_}----- | Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received. Do not attempt to construct this value. Use only the value of @NextMarker@ from the truncated response you just received.-lrtMarker :: Lens' ListResourceTags (Maybe Text)-lrtMarker = lens _lrtMarker (\ s a -> s{_lrtMarker = a})---- | Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 50, inclusive. If you do not include a value, it defaults to 50.-lrtLimit :: Lens' ListResourceTags (Maybe Natural)-lrtLimit = lens _lrtLimit (\ s a -> s{_lrtLimit = a}) . mapping _Nat---- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-lrtKeyId :: Lens' ListResourceTags Text-lrtKeyId = lens _lrtKeyId (\ s a -> s{_lrtKeyId = a})--instance AWSRequest ListResourceTags where- type Rs ListResourceTags = ListResourceTagsResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- ListResourceTagsResponse' <$>- (x .?> "Truncated") <*> (x .?> "NextMarker") <*>- (x .?> "Tags" .!@ mempty)- <*> (pure (fromEnum s)))--instance Hashable ListResourceTags where--instance NFData ListResourceTags where--instance ToHeaders ListResourceTags where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.ListResourceTags" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON ListResourceTags where- toJSON ListResourceTags'{..}- = object- (catMaybes- [("Marker" .=) <$> _lrtMarker,- ("Limit" .=) <$> _lrtLimit,- Just ("KeyId" .= _lrtKeyId)])--instance ToPath ListResourceTags where- toPath = const "/"--instance ToQuery ListResourceTags where- toQuery = const mempty---- | /See:/ 'listResourceTagsResponse' smart constructor.-data ListResourceTagsResponse = ListResourceTagsResponse'- { _lrtrsTruncated :: !(Maybe Bool)- , _lrtrsNextMarker :: !(Maybe Text)- , _lrtrsTags :: !(Maybe [Tag])- , _lrtrsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListResourceTagsResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lrtrsTruncated' - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.------ * 'lrtrsNextMarker' - When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request. Do not assume or infer any information from this value.------ * 'lrtrsTags' - A list of tags. Each tag consists of a tag key and a tag value.------ * 'lrtrsResponseStatus' - -- | The response status code.-listResourceTagsResponse- :: Int -- ^ 'lrtrsResponseStatus'- -> ListResourceTagsResponse-listResourceTagsResponse pResponseStatus_ =- ListResourceTagsResponse'- { _lrtrsTruncated = Nothing- , _lrtrsNextMarker = Nothing- , _lrtrsTags = Nothing- , _lrtrsResponseStatus = pResponseStatus_- }----- | A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.-lrtrsTruncated :: Lens' ListResourceTagsResponse (Maybe Bool)-lrtrsTruncated = lens _lrtrsTruncated (\ s a -> s{_lrtrsTruncated = a})---- | When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request. Do not assume or infer any information from this value.-lrtrsNextMarker :: Lens' ListResourceTagsResponse (Maybe Text)-lrtrsNextMarker = lens _lrtrsNextMarker (\ s a -> s{_lrtrsNextMarker = a})---- | A list of tags. Each tag consists of a tag key and a tag value.-lrtrsTags :: Lens' ListResourceTagsResponse [Tag]-lrtrsTags = lens _lrtrsTags (\ s a -> s{_lrtrsTags = a}) . _Default . _Coerce---- | -- | The response status code.-lrtrsResponseStatus :: Lens' ListResourceTagsResponse Int-lrtrsResponseStatus = lens _lrtrsResponseStatus (\ s a -> s{_lrtrsResponseStatus = a})--instance NFData ListResourceTagsResponse where
− gen/Network/AWS/KMS/ListRetirableGrants.hs
@@ -1,122 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.ListRetirableGrants--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Returns a list of all grants for which the grant's @RetiringPrincipal@ matches the one specified.--------- A typical use is to list all grants that you are able to retire. To retire a grant, use 'RetireGrant' .----module Network.AWS.KMS.ListRetirableGrants- (- -- * Creating a Request- listRetirableGrants- , ListRetirableGrants- -- * Request Lenses- , lrgMarker- , lrgLimit- , lrgRetiringPrincipal-- -- * Destructuring the Response- , listGrantsResponse- , ListGrantsResponse- -- * Response Lenses- , lgTruncated- , lgGrants- , lgNextMarker- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'listRetirableGrants' smart constructor.-data ListRetirableGrants = ListRetirableGrants'- { _lrgMarker :: !(Maybe Text)- , _lrgLimit :: !(Maybe Nat)- , _lrgRetiringPrincipal :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListRetirableGrants' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lrgMarker' - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.------ * 'lrgLimit' - Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.------ * 'lrgRetiringPrincipal' - The retiring principal for which to list grants. To specify the retiring principal, use the <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)> of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam AWS Identity and Access Management (IAM)> in the Example ARNs section of the /Amazon Web Services General Reference/ .-listRetirableGrants- :: Text -- ^ 'lrgRetiringPrincipal'- -> ListRetirableGrants-listRetirableGrants pRetiringPrincipal_ =- ListRetirableGrants'- { _lrgMarker = Nothing- , _lrgLimit = Nothing- , _lrgRetiringPrincipal = pRetiringPrincipal_- }----- | Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of @NextMarker@ from the truncated response you just received.-lrgMarker :: Lens' ListRetirableGrants (Maybe Text)-lrgMarker = lens _lrgMarker (\ s a -> s{_lrgMarker = a})---- | Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.-lrgLimit :: Lens' ListRetirableGrants (Maybe Natural)-lrgLimit = lens _lrgLimit (\ s a -> s{_lrgLimit = a}) . mapping _Nat---- | The retiring principal for which to list grants. To specify the retiring principal, use the <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Name (ARN)> of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam AWS Identity and Access Management (IAM)> in the Example ARNs section of the /Amazon Web Services General Reference/ .-lrgRetiringPrincipal :: Lens' ListRetirableGrants Text-lrgRetiringPrincipal = lens _lrgRetiringPrincipal (\ s a -> s{_lrgRetiringPrincipal = a})--instance AWSRequest ListRetirableGrants where- type Rs ListRetirableGrants = ListGrantsResponse- request = postJSON kms- response = receiveJSON (\ s h x -> eitherParseJSON x)--instance Hashable ListRetirableGrants where--instance NFData ListRetirableGrants where--instance ToHeaders ListRetirableGrants where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.ListRetirableGrants" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON ListRetirableGrants where- toJSON ListRetirableGrants'{..}- = object- (catMaybes- [("Marker" .=) <$> _lrgMarker,- ("Limit" .=) <$> _lrgLimit,- Just ("RetiringPrincipal" .= _lrgRetiringPrincipal)])--instance ToPath ListRetirableGrants where- toPath = const "/"--instance ToQuery ListRetirableGrants where- toQuery = const mempty
− gen/Network/AWS/KMS/PutKeyPolicy.hs
@@ -1,146 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.PutKeyPolicy--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Attaches a key policy to the specified customer master key (CMK). You cannot perform this operation on a CMK in a different AWS account.--------- For more information about key policies, see <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html Key Policies> in the /AWS Key Management Service Developer Guide/ .----module Network.AWS.KMS.PutKeyPolicy- (- -- * Creating a Request- putKeyPolicy- , PutKeyPolicy- -- * Request Lenses- , pkpBypassPolicyLockoutSafetyCheck- , pkpKeyId- , pkpPolicyName- , pkpPolicy-- -- * Destructuring the Response- , putKeyPolicyResponse- , PutKeyPolicyResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'putKeyPolicy' smart constructor.-data PutKeyPolicy = PutKeyPolicy'- { _pkpBypassPolicyLockoutSafetyCheck :: !(Maybe Bool)- , _pkpKeyId :: !Text- , _pkpPolicyName :: !Text- , _pkpPolicy :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'PutKeyPolicy' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'pkpBypassPolicyLockoutSafetyCheck' - A flag to indicate whether to bypass the key policy lockout safety check. /Important:/ Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> section in the /AWS Key Management Service Developer Guide/ . Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent @PutKeyPolicy@ request on the CMK. The default value is false.------ * 'pkpKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .------ * 'pkpPolicyName' - The name of the key policy. The only valid value is @default@ .------ * 'pkpPolicy' - The key policy to attach to the CMK. The key policy must meet the following criteria: * If you don't set @BypassPolicyLockoutSafetyCheck@ to true, the key policy must allow the principal that is making the @PutKeyPolicy@ request to make a subsequent @PutKeyPolicy@ request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> section of the /AWS Key Management Service Developer Guide/ . * Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible> in the /AWS Identity and Access Management User Guide/ . The key policy size limit is 32 kilobytes (32768 bytes).-putKeyPolicy- :: Text -- ^ 'pkpKeyId'- -> Text -- ^ 'pkpPolicyName'- -> Text -- ^ 'pkpPolicy'- -> PutKeyPolicy-putKeyPolicy pKeyId_ pPolicyName_ pPolicy_ =- PutKeyPolicy'- { _pkpBypassPolicyLockoutSafetyCheck = Nothing- , _pkpKeyId = pKeyId_- , _pkpPolicyName = pPolicyName_- , _pkpPolicy = pPolicy_- }----- | A flag to indicate whether to bypass the key policy lockout safety check. /Important:/ Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> section in the /AWS Key Management Service Developer Guide/ . Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent @PutKeyPolicy@ request on the CMK. The default value is false.-pkpBypassPolicyLockoutSafetyCheck :: Lens' PutKeyPolicy (Maybe Bool)-pkpBypassPolicyLockoutSafetyCheck = lens _pkpBypassPolicyLockoutSafetyCheck (\ s a -> s{_pkpBypassPolicyLockoutSafetyCheck = a})---- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-pkpKeyId :: Lens' PutKeyPolicy Text-pkpKeyId = lens _pkpKeyId (\ s a -> s{_pkpKeyId = a})---- | The name of the key policy. The only valid value is @default@ .-pkpPolicyName :: Lens' PutKeyPolicy Text-pkpPolicyName = lens _pkpPolicyName (\ s a -> s{_pkpPolicyName = a})---- | The key policy to attach to the CMK. The key policy must meet the following criteria: * If you don't set @BypassPolicyLockoutSafetyCheck@ to true, the key policy must allow the principal that is making the @PutKeyPolicy@ request to make a subsequent @PutKeyPolicy@ request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam Default Key Policy> section of the /AWS Key Management Service Developer Guide/ . * Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS. For more information, see <http://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency Changes that I make are not always immediately visible> in the /AWS Identity and Access Management User Guide/ . The key policy size limit is 32 kilobytes (32768 bytes).-pkpPolicy :: Lens' PutKeyPolicy Text-pkpPolicy = lens _pkpPolicy (\ s a -> s{_pkpPolicy = a})--instance AWSRequest PutKeyPolicy where- type Rs PutKeyPolicy = PutKeyPolicyResponse- request = postJSON kms- response = receiveNull PutKeyPolicyResponse'--instance Hashable PutKeyPolicy where--instance NFData PutKeyPolicy where--instance ToHeaders PutKeyPolicy where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.PutKeyPolicy" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON PutKeyPolicy where- toJSON PutKeyPolicy'{..}- = object- (catMaybes- [("BypassPolicyLockoutSafetyCheck" .=) <$>- _pkpBypassPolicyLockoutSafetyCheck,- Just ("KeyId" .= _pkpKeyId),- Just ("PolicyName" .= _pkpPolicyName),- Just ("Policy" .= _pkpPolicy)])--instance ToPath PutKeyPolicy where- toPath = const "/"--instance ToQuery PutKeyPolicy where- toQuery = const mempty---- | /See:/ 'putKeyPolicyResponse' smart constructor.-data PutKeyPolicyResponse =- PutKeyPolicyResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'PutKeyPolicyResponse' with the minimum fields required to make a request.----putKeyPolicyResponse- :: PutKeyPolicyResponse-putKeyPolicyResponse = PutKeyPolicyResponse'---instance NFData PutKeyPolicyResponse where
− gen/Network/AWS/KMS/ReEncrypt.hs
@@ -1,204 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.ReEncrypt--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Encrypts data on the server side with a new customer master key (CMK) without exposing the plaintext of the data on the client side. The data is first decrypted and then reencrypted. You can also use this operation to change the encryption context of a ciphertext.--------- You can reencrypt data using CMKs in different AWS accounts.------ Unlike other operations, @ReEncrypt@ is authorized twice, once as @ReEncryptFrom@ on the source CMK and once as @ReEncryptTo@ on the destination CMK. We recommend that you include the @"kms:ReEncrypt*"@ permission in your <http://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html key policies> to permit reencryption from or to the CMK. This permission is automatically included in the key policy when you create a CMK through the console, but you must include it manually when you create a CMK programmatically or when you set a key policy with the 'PutKeyPolicy' operation.----module Network.AWS.KMS.ReEncrypt- (- -- * Creating a Request- reEncrypt- , ReEncrypt- -- * Request Lenses- , reDestinationEncryptionContext- , reSourceEncryptionContext- , reGrantTokens- , reCiphertextBlob- , reDestinationKeyId-- -- * Destructuring the Response- , reEncryptResponse- , ReEncryptResponse- -- * Response Lenses- , rersSourceKeyId- , rersKeyId- , rersCiphertextBlob- , rersResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'reEncrypt' smart constructor.-data ReEncrypt = ReEncrypt'- { _reDestinationEncryptionContext :: !(Maybe (Map Text Text))- , _reSourceEncryptionContext :: !(Maybe (Map Text Text))- , _reGrantTokens :: !(Maybe [Text])- , _reCiphertextBlob :: !Base64- , _reDestinationKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ReEncrypt' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'reDestinationEncryptionContext' - Encryption context to use when the data is reencrypted.------ * 'reSourceEncryptionContext' - Encryption context used to encrypt and decrypt the data specified in the @CiphertextBlob@ parameter.------ * 'reGrantTokens' - A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .------ * 'reCiphertextBlob' - Ciphertext of the data to reencrypt.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'reDestinationKeyId' - A unique identifier for the CMK that is used to reencrypt the data. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .-reEncrypt- :: ByteString -- ^ 'reCiphertextBlob'- -> Text -- ^ 'reDestinationKeyId'- -> ReEncrypt-reEncrypt pCiphertextBlob_ pDestinationKeyId_ =- ReEncrypt'- { _reDestinationEncryptionContext = Nothing- , _reSourceEncryptionContext = Nothing- , _reGrantTokens = Nothing- , _reCiphertextBlob = _Base64 # pCiphertextBlob_- , _reDestinationKeyId = pDestinationKeyId_- }----- | Encryption context to use when the data is reencrypted.-reDestinationEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)-reDestinationEncryptionContext = lens _reDestinationEncryptionContext (\ s a -> s{_reDestinationEncryptionContext = a}) . _Default . _Map---- | Encryption context used to encrypt and decrypt the data specified in the @CiphertextBlob@ parameter.-reSourceEncryptionContext :: Lens' ReEncrypt (HashMap Text Text)-reSourceEncryptionContext = lens _reSourceEncryptionContext (\ s a -> s{_reSourceEncryptionContext = a}) . _Default . _Map---- | A list of grant tokens. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token Grant Tokens> in the /AWS Key Management Service Developer Guide/ .-reGrantTokens :: Lens' ReEncrypt [Text]-reGrantTokens = lens _reGrantTokens (\ s a -> s{_reGrantTokens = a}) . _Default . _Coerce---- | Ciphertext of the data to reencrypt.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-reCiphertextBlob :: Lens' ReEncrypt ByteString-reCiphertextBlob = lens _reCiphertextBlob (\ s a -> s{_reCiphertextBlob = a}) . _Base64---- | A unique identifier for the CMK that is used to reencrypt the data. To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ * Alias name: @alias/ExampleAlias@ * Alias ARN: @arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To get the alias name and alias ARN, use 'ListAliases' .-reDestinationKeyId :: Lens' ReEncrypt Text-reDestinationKeyId = lens _reDestinationKeyId (\ s a -> s{_reDestinationKeyId = a})--instance AWSRequest ReEncrypt where- type Rs ReEncrypt = ReEncryptResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- ReEncryptResponse' <$>- (x .?> "SourceKeyId") <*> (x .?> "KeyId") <*>- (x .?> "CiphertextBlob")- <*> (pure (fromEnum s)))--instance Hashable ReEncrypt where--instance NFData ReEncrypt where--instance ToHeaders ReEncrypt where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.ReEncrypt" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON ReEncrypt where- toJSON ReEncrypt'{..}- = object- (catMaybes- [("DestinationEncryptionContext" .=) <$>- _reDestinationEncryptionContext,- ("SourceEncryptionContext" .=) <$>- _reSourceEncryptionContext,- ("GrantTokens" .=) <$> _reGrantTokens,- Just ("CiphertextBlob" .= _reCiphertextBlob),- Just ("DestinationKeyId" .= _reDestinationKeyId)])--instance ToPath ReEncrypt where- toPath = const "/"--instance ToQuery ReEncrypt where- toQuery = const mempty---- | /See:/ 'reEncryptResponse' smart constructor.-data ReEncryptResponse = ReEncryptResponse'- { _rersSourceKeyId :: !(Maybe Text)- , _rersKeyId :: !(Maybe Text)- , _rersCiphertextBlob :: !(Maybe Base64)- , _rersResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ReEncryptResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'rersSourceKeyId' - Unique identifier of the CMK used to originally encrypt the data.------ * 'rersKeyId' - Unique identifier of the CMK used to reencrypt the data.------ * 'rersCiphertextBlob' - The reencrypted data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.------ * 'rersResponseStatus' - -- | The response status code.-reEncryptResponse- :: Int -- ^ 'rersResponseStatus'- -> ReEncryptResponse-reEncryptResponse pResponseStatus_ =- ReEncryptResponse'- { _rersSourceKeyId = Nothing- , _rersKeyId = Nothing- , _rersCiphertextBlob = Nothing- , _rersResponseStatus = pResponseStatus_- }----- | Unique identifier of the CMK used to originally encrypt the data.-rersSourceKeyId :: Lens' ReEncryptResponse (Maybe Text)-rersSourceKeyId = lens _rersSourceKeyId (\ s a -> s{_rersSourceKeyId = a})---- | Unique identifier of the CMK used to reencrypt the data.-rersKeyId :: Lens' ReEncryptResponse (Maybe Text)-rersKeyId = lens _rersKeyId (\ s a -> s{_rersKeyId = a})---- | The reencrypted data. When you use the HTTP API or the AWS CLI, the value is Base64-encoded. Otherwise, it is not encoded.-- /Note:/ This 'Lens' automatically encodes and decodes Base64 data. The underlying isomorphism will encode to Base64 representation during serialisation, and decode from Base64 representation during deserialisation. This 'Lens' accepts and returns only raw unencoded data.-rersCiphertextBlob :: Lens' ReEncryptResponse (Maybe ByteString)-rersCiphertextBlob = lens _rersCiphertextBlob (\ s a -> s{_rersCiphertextBlob = a}) . mapping _Base64---- | -- | The response status code.-rersResponseStatus :: Lens' ReEncryptResponse Int-rersResponseStatus = lens _rersResponseStatus (\ s a -> s{_rersResponseStatus = a})--instance NFData ReEncryptResponse where
− gen/Network/AWS/KMS/RetireGrant.hs
@@ -1,137 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.RetireGrant--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Retires a grant. To clean up, you can retire a grant when you're done using it. You should revoke a grant when you intend to actively deny operations that depend on it. The following are permitted to call this API:--------- * The AWS account (root user) under which the grant was created------ * The @RetiringPrincipal@ , if present in the grant------ * The @GranteePrincipal@ , if @RetireGrant@ is an operation specified in the grant------------ You must identify the grant to retire by its grant token or by a combination of the grant ID and the Amazon Resource Name (ARN) of the customer master key (CMK). A grant token is a unique variable-length base64-encoded string. A grant ID is a 64 character unique identifier of a grant. The 'CreateGrant' operation returns both.----module Network.AWS.KMS.RetireGrant- (- -- * Creating a Request- retireGrant- , RetireGrant- -- * Request Lenses- , rgKeyId- , rgGrantId- , rgGrantToken-- -- * Destructuring the Response- , retireGrantResponse- , RetireGrantResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'retireGrant' smart constructor.-data RetireGrant = RetireGrant'- { _rgKeyId :: !(Maybe Text)- , _rgGrantId :: !(Maybe Text)- , _rgGrantToken :: !(Maybe Text)- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'RetireGrant' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'rgKeyId' - The Amazon Resource Name (ARN) of the CMK associated with the grant. For example: @arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab@------ * 'rgGrantId' - Unique identifier of the grant to retire. The grant ID is returned in the response to a @CreateGrant@ operation. * Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123------ * 'rgGrantToken' - Token that identifies the grant to be retired.-retireGrant- :: RetireGrant-retireGrant =- RetireGrant'- {_rgKeyId = Nothing, _rgGrantId = Nothing, _rgGrantToken = Nothing}----- | The Amazon Resource Name (ARN) of the CMK associated with the grant. For example: @arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab@-rgKeyId :: Lens' RetireGrant (Maybe Text)-rgKeyId = lens _rgKeyId (\ s a -> s{_rgKeyId = a})---- | Unique identifier of the grant to retire. The grant ID is returned in the response to a @CreateGrant@ operation. * Grant ID Example - 0123456789012345678901234567890123456789012345678901234567890123-rgGrantId :: Lens' RetireGrant (Maybe Text)-rgGrantId = lens _rgGrantId (\ s a -> s{_rgGrantId = a})---- | Token that identifies the grant to be retired.-rgGrantToken :: Lens' RetireGrant (Maybe Text)-rgGrantToken = lens _rgGrantToken (\ s a -> s{_rgGrantToken = a})--instance AWSRequest RetireGrant where- type Rs RetireGrant = RetireGrantResponse- request = postJSON kms- response = receiveNull RetireGrantResponse'--instance Hashable RetireGrant where--instance NFData RetireGrant where--instance ToHeaders RetireGrant where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.RetireGrant" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON RetireGrant where- toJSON RetireGrant'{..}- = object- (catMaybes- [("KeyId" .=) <$> _rgKeyId,- ("GrantId" .=) <$> _rgGrantId,- ("GrantToken" .=) <$> _rgGrantToken])--instance ToPath RetireGrant where- toPath = const "/"--instance ToQuery RetireGrant where- toQuery = const mempty---- | /See:/ 'retireGrantResponse' smart constructor.-data RetireGrantResponse =- RetireGrantResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'RetireGrantResponse' with the minimum fields required to make a request.----retireGrantResponse- :: RetireGrantResponse-retireGrantResponse = RetireGrantResponse'---instance NFData RetireGrantResponse where
− gen/Network/AWS/KMS/RevokeGrant.hs
@@ -1,121 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.RevokeGrant--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Revokes the specified grant for the specified customer master key (CMK). You can revoke a grant to actively deny operations that depend on it.--------- To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the KeyId parameter.----module Network.AWS.KMS.RevokeGrant- (- -- * Creating a Request- revokeGrant- , RevokeGrant- -- * Request Lenses- , rKeyId- , rGrantId-- -- * Destructuring the Response- , revokeGrantResponse- , RevokeGrantResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'revokeGrant' smart constructor.-data RevokeGrant = RevokeGrant'- { _rKeyId :: !Text- , _rGrantId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'RevokeGrant' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'rKeyId' - A unique identifier for the customer master key associated with the grant. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .------ * 'rGrantId' - Identifier of the grant to be revoked.-revokeGrant- :: Text -- ^ 'rKeyId'- -> Text -- ^ 'rGrantId'- -> RevokeGrant-revokeGrant pKeyId_ pGrantId_ =- RevokeGrant' {_rKeyId = pKeyId_, _rGrantId = pGrantId_}----- | A unique identifier for the customer master key associated with the grant. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-rKeyId :: Lens' RevokeGrant Text-rKeyId = lens _rKeyId (\ s a -> s{_rKeyId = a})---- | Identifier of the grant to be revoked.-rGrantId :: Lens' RevokeGrant Text-rGrantId = lens _rGrantId (\ s a -> s{_rGrantId = a})--instance AWSRequest RevokeGrant where- type Rs RevokeGrant = RevokeGrantResponse- request = postJSON kms- response = receiveNull RevokeGrantResponse'--instance Hashable RevokeGrant where--instance NFData RevokeGrant where--instance ToHeaders RevokeGrant where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.RevokeGrant" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON RevokeGrant where- toJSON RevokeGrant'{..}- = object- (catMaybes- [Just ("KeyId" .= _rKeyId),- Just ("GrantId" .= _rGrantId)])--instance ToPath RevokeGrant where- toPath = const "/"--instance ToQuery RevokeGrant where- toQuery = const mempty---- | /See:/ 'revokeGrantResponse' smart constructor.-data RevokeGrantResponse =- RevokeGrantResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'RevokeGrantResponse' with the minimum fields required to make a request.----revokeGrantResponse- :: RevokeGrantResponse-revokeGrantResponse = RevokeGrantResponse'---instance NFData RevokeGrantResponse where
− gen/Network/AWS/KMS/ScheduleKeyDeletion.hs
@@ -1,162 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.ScheduleKeyDeletion--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Schedules the deletion of a customer master key (CMK). You may provide a waiting period, specified in days, before deletion occurs. If you do not provide a waiting period, the default period of 30 days is used. When this operation is successful, the state of the CMK changes to @PendingDeletion@ . Before the waiting period ends, you can use 'CancelKeyDeletion' to cancel the deletion of the CMK. After the waiting period ends, AWS KMS deletes the CMK and all AWS KMS data associated with it, including all aliases that refer to it.--------- You cannot perform this operation on a CMK in a different AWS account.------ /Important:/ Deleting a CMK is a destructive and potentially dangerous operation. When a CMK is deleted, all data that was encrypted under the CMK is rendered unrecoverable. To restrict the use of a CMK without deleting it, use 'DisableKey' .------ For more information about scheduling a CMK for deletion, see <http://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html Deleting Customer Master Keys> in the /AWS Key Management Service Developer Guide/ .----module Network.AWS.KMS.ScheduleKeyDeletion- (- -- * Creating a Request- scheduleKeyDeletion- , ScheduleKeyDeletion- -- * Request Lenses- , skdPendingWindowInDays- , skdKeyId-- -- * Destructuring the Response- , scheduleKeyDeletionResponse- , ScheduleKeyDeletionResponse- -- * Response Lenses- , skdrsKeyId- , skdrsDeletionDate- , skdrsResponseStatus- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'scheduleKeyDeletion' smart constructor.-data ScheduleKeyDeletion = ScheduleKeyDeletion'- { _skdPendingWindowInDays :: !(Maybe Nat)- , _skdKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ScheduleKeyDeletion' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'skdPendingWindowInDays' - The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the customer master key (CMK). This value is optional. If you include a value, it must be between 7 and 30, inclusive. If you do not include a value, it defaults to 30.------ * 'skdKeyId' - The unique identifier of the customer master key (CMK) to delete. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-scheduleKeyDeletion- :: Text -- ^ 'skdKeyId'- -> ScheduleKeyDeletion-scheduleKeyDeletion pKeyId_ =- ScheduleKeyDeletion' {_skdPendingWindowInDays = Nothing, _skdKeyId = pKeyId_}----- | The waiting period, specified in number of days. After the waiting period ends, AWS KMS deletes the customer master key (CMK). This value is optional. If you include a value, it must be between 7 and 30, inclusive. If you do not include a value, it defaults to 30.-skdPendingWindowInDays :: Lens' ScheduleKeyDeletion (Maybe Natural)-skdPendingWindowInDays = lens _skdPendingWindowInDays (\ s a -> s{_skdPendingWindowInDays = a}) . mapping _Nat---- | The unique identifier of the customer master key (CMK) to delete. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-skdKeyId :: Lens' ScheduleKeyDeletion Text-skdKeyId = lens _skdKeyId (\ s a -> s{_skdKeyId = a})--instance AWSRequest ScheduleKeyDeletion where- type Rs ScheduleKeyDeletion =- ScheduleKeyDeletionResponse- request = postJSON kms- response- = receiveJSON- (\ s h x ->- ScheduleKeyDeletionResponse' <$>- (x .?> "KeyId") <*> (x .?> "DeletionDate") <*>- (pure (fromEnum s)))--instance Hashable ScheduleKeyDeletion where--instance NFData ScheduleKeyDeletion where--instance ToHeaders ScheduleKeyDeletion where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.ScheduleKeyDeletion" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON ScheduleKeyDeletion where- toJSON ScheduleKeyDeletion'{..}- = object- (catMaybes- [("PendingWindowInDays" .=) <$>- _skdPendingWindowInDays,- Just ("KeyId" .= _skdKeyId)])--instance ToPath ScheduleKeyDeletion where- toPath = const "/"--instance ToQuery ScheduleKeyDeletion where- toQuery = const mempty---- | /See:/ 'scheduleKeyDeletionResponse' smart constructor.-data ScheduleKeyDeletionResponse = ScheduleKeyDeletionResponse'- { _skdrsKeyId :: !(Maybe Text)- , _skdrsDeletionDate :: !(Maybe POSIX)- , _skdrsResponseStatus :: !Int- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ScheduleKeyDeletionResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'skdrsKeyId' - The unique identifier of the customer master key (CMK) for which deletion is scheduled.------ * 'skdrsDeletionDate' - The date and time after which AWS KMS deletes the customer master key (CMK).------ * 'skdrsResponseStatus' - -- | The response status code.-scheduleKeyDeletionResponse- :: Int -- ^ 'skdrsResponseStatus'- -> ScheduleKeyDeletionResponse-scheduleKeyDeletionResponse pResponseStatus_ =- ScheduleKeyDeletionResponse'- { _skdrsKeyId = Nothing- , _skdrsDeletionDate = Nothing- , _skdrsResponseStatus = pResponseStatus_- }----- | The unique identifier of the customer master key (CMK) for which deletion is scheduled.-skdrsKeyId :: Lens' ScheduleKeyDeletionResponse (Maybe Text)-skdrsKeyId = lens _skdrsKeyId (\ s a -> s{_skdrsKeyId = a})---- | The date and time after which AWS KMS deletes the customer master key (CMK).-skdrsDeletionDate :: Lens' ScheduleKeyDeletionResponse (Maybe UTCTime)-skdrsDeletionDate = lens _skdrsDeletionDate (\ s a -> s{_skdrsDeletionDate = a}) . mapping _Time---- | -- | The response status code.-skdrsResponseStatus :: Lens' ScheduleKeyDeletionResponse Int-skdrsResponseStatus = lens _skdrsResponseStatus (\ s a -> s{_skdrsResponseStatus = a})--instance NFData ScheduleKeyDeletionResponse where
− gen/Network/AWS/KMS/TagResource.hs
@@ -1,123 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.TagResource--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Adds or overwrites one or more tags for the specified customer master key (CMK). You cannot perform this operation on a CMK in a different AWS account.--------- Each tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.------ You cannot use the same tag key more than once per CMK. For example, consider a CMK with one tag whose tag key is @Purpose@ and tag value is @Test@ . If you send a @TagResource@ request for this CMK with a tag key of @Purpose@ and a tag value of @Prod@ , it does not create a second tag. Instead, the original tag is overwritten with the new tag value.------ For information about the rules that apply to tag keys and tag values, see <http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html User-Defined Tag Restrictions> in the /AWS Billing and Cost Management User Guide/ .----module Network.AWS.KMS.TagResource- (- -- * Creating a Request- tagResource- , TagResource- -- * Request Lenses- , trKeyId- , trTags-- -- * Destructuring the Response- , tagResourceResponse- , TagResourceResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'tagResource' smart constructor.-data TagResource = TagResource'- { _trKeyId :: !Text- , _trTags :: ![Tag]- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'TagResource' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'trKeyId' - A unique identifier for the CMK you are tagging. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .------ * 'trTags' - One or more tags. Each tag consists of a tag key and a tag value.-tagResource- :: Text -- ^ 'trKeyId'- -> TagResource-tagResource pKeyId_ = TagResource' {_trKeyId = pKeyId_, _trTags = mempty}----- | A unique identifier for the CMK you are tagging. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-trKeyId :: Lens' TagResource Text-trKeyId = lens _trKeyId (\ s a -> s{_trKeyId = a})---- | One or more tags. Each tag consists of a tag key and a tag value.-trTags :: Lens' TagResource [Tag]-trTags = lens _trTags (\ s a -> s{_trTags = a}) . _Coerce--instance AWSRequest TagResource where- type Rs TagResource = TagResourceResponse- request = postJSON kms- response = receiveNull TagResourceResponse'--instance Hashable TagResource where--instance NFData TagResource where--instance ToHeaders TagResource where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.TagResource" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON TagResource where- toJSON TagResource'{..}- = object- (catMaybes- [Just ("KeyId" .= _trKeyId),- Just ("Tags" .= _trTags)])--instance ToPath TagResource where- toPath = const "/"--instance ToQuery TagResource where- toQuery = const mempty---- | /See:/ 'tagResourceResponse' smart constructor.-data TagResourceResponse =- TagResourceResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'TagResourceResponse' with the minimum fields required to make a request.----tagResourceResponse- :: TagResourceResponse-tagResourceResponse = TagResourceResponse'---instance NFData TagResourceResponse where
− gen/Network/AWS/KMS/Types.hs
@@ -1,331 +0,0 @@-{-# LANGUAGE OverloadedStrings #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.Types--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)----module Network.AWS.KMS.Types- (- -- * Service Configuration- kms-- -- * Errors- , _InvalidMarkerException- , _KMSInvalidStateException- , _InvalidKeyUsageException- , _MalformedPolicyDocumentException- , _UnsupportedOperationException- , _DisabledException- , _KeyUnavailableException- , _IncorrectKeyMaterialException- , _KMSInternalException- , _TagException- , _InvalidImportTokenException- , _NotFoundException- , _InvalidAliasNameException- , _InvalidGrantIdException- , _InvalidGrantTokenException- , _InvalidARNException- , _DependencyTimeoutException- , _ExpiredImportTokenException- , _InvalidCiphertextException- , _AlreadyExistsException- , _LimitExceededException-- -- * AlgorithmSpec- , AlgorithmSpec (..)-- -- * DataKeySpec- , DataKeySpec (..)-- -- * ExpirationModelType- , ExpirationModelType (..)-- -- * GrantOperation- , GrantOperation (..)-- -- * KeyManagerType- , KeyManagerType (..)-- -- * KeyState- , KeyState (..)-- -- * KeyUsageType- , KeyUsageType (..)-- -- * OriginType- , OriginType (..)-- -- * WrappingKeySpec- , WrappingKeySpec (..)-- -- * AliasListEntry- , AliasListEntry- , aliasListEntry- , aleTargetKeyId- , aleAliasName- , aleAliasARN-- -- * GrantConstraints- , GrantConstraints- , grantConstraints- , gcEncryptionContextEquals- , gcEncryptionContextSubset-- -- * GrantListEntry- , GrantListEntry- , grantListEntry- , gleKeyId- , gleRetiringPrincipal- , gleIssuingAccount- , gleGrantId- , gleConstraints- , gleGranteePrincipal- , gleName- , gleCreationDate- , gleOperations-- -- * KeyListEntry- , KeyListEntry- , keyListEntry- , kleKeyId- , kleKeyARN-- -- * KeyMetadata- , KeyMetadata- , keyMetadata- , kmOrigin- , kmExpirationModel- , kmKeyManager- , kmEnabled- , kmValidTo- , kmARN- , kmKeyState- , kmAWSAccountId- , kmKeyUsage- , kmCreationDate- , kmDeletionDate- , kmDescription- , kmKeyId-- -- * ListGrantsResponse- , ListGrantsResponse- , listGrantsResponse- , lgTruncated- , lgGrants- , lgNextMarker-- -- * Tag- , Tag- , tag- , tagTagKey- , tagTagValue- ) where--import Network.AWS.KMS.Types.Product-import Network.AWS.KMS.Types.Sum-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Sign.V4---- | API version @2014-11-01@ of the Amazon Key Management Service SDK configuration.-kms :: Service-kms =- Service- { _svcAbbrev = "KMS"- , _svcSigner = v4- , _svcPrefix = "kms"- , _svcVersion = "2014-11-01"- , _svcEndpoint = defaultEndpoint kms- , _svcTimeout = Just 70- , _svcCheck = statusSuccess- , _svcError = parseJSONError "KMS"- , _svcRetry = retry- }- where- retry =- Exponential- { _retryBase = 5.0e-2- , _retryGrowth = 2- , _retryAttempts = 5- , _retryCheck = check- }- check e- | has (hasCode "ThrottledException" . hasStatus 400) e =- Just "throttled_exception"- | has (hasStatus 429) e = Just "too_many_requests"- | has (hasCode "ThrottlingException" . hasStatus 400) e =- Just "throttling_exception"- | has (hasCode "Throttling" . hasStatus 400) e = Just "throttling"- | has (hasStatus 504) e = Just "gateway_timeout"- | has (hasCode "RequestThrottledException" . hasStatus 400) e =- Just "request_throttled_exception"- | has (hasStatus 502) e = Just "bad_gateway"- | has (hasStatus 503) e = Just "service_unavailable"- | has (hasStatus 500) e = Just "general_server_error"- | has (hasStatus 509) e = Just "limit_exceeded"- | otherwise = Nothing----- | The request was rejected because the marker that specifies where pagination should next begin is not valid.-------_InvalidMarkerException :: AsError a => Getting (First ServiceError) a ServiceError-_InvalidMarkerException = _MatchServiceError kms "InvalidMarkerException"----- | The request was rejected because the state of the specified resource is not valid for this request.--------- For more information about how key state affects the use of a CMK, see <http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html How Key State Affects Use of a Customer Master Key> in the /AWS Key Management Service Developer Guide/ .----_KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError-_KMSInvalidStateException = _MatchServiceError kms "KMSInvalidStateException"----- | The request was rejected because the specified @KeySpec@ value is not valid.-------_InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError-_InvalidKeyUsageException = _MatchServiceError kms "InvalidKeyUsageException"----- | The request was rejected because the specified policy is not syntactically or semantically correct.-------_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError-_MalformedPolicyDocumentException =- _MatchServiceError kms "MalformedPolicyDocumentException"----- | The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation.-------_UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError-_UnsupportedOperationException =- _MatchServiceError kms "UnsupportedOperationException"----- | The request was rejected because the specified CMK is not enabled.-------_DisabledException :: AsError a => Getting (First ServiceError) a ServiceError-_DisabledException = _MatchServiceError kms "DisabledException"----- | The request was rejected because the specified CMK was not available. The request can be retried.-------_KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError-_KeyUnavailableException = _MatchServiceError kms "KeyUnavailableException"----- | The request was rejected because the provided key material is invalid or is not the same key material that was previously imported into this customer master key (CMK).-------_IncorrectKeyMaterialException :: AsError a => Getting (First ServiceError) a ServiceError-_IncorrectKeyMaterialException =- _MatchServiceError kms "IncorrectKeyMaterialException"----- | The request was rejected because an internal exception occurred. The request can be retried.-------_KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError-_KMSInternalException = _MatchServiceError kms "KMSInternalException"----- | The request was rejected because one or more tags are not valid.-------_TagException :: AsError a => Getting (First ServiceError) a ServiceError-_TagException = _MatchServiceError kms "TagException"----- | The request was rejected because the provided import token is invalid or is associated with a different customer master key (CMK).-------_InvalidImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError-_InvalidImportTokenException =- _MatchServiceError kms "InvalidImportTokenException"----- | The request was rejected because the specified entity or resource could not be found.-------_NotFoundException :: AsError a => Getting (First ServiceError) a ServiceError-_NotFoundException = _MatchServiceError kms "NotFoundException"----- | The request was rejected because the specified alias name is not valid.-------_InvalidAliasNameException :: AsError a => Getting (First ServiceError) a ServiceError-_InvalidAliasNameException = _MatchServiceError kms "InvalidAliasNameException"----- | The request was rejected because the specified @GrantId@ is not valid.-------_InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError-_InvalidGrantIdException = _MatchServiceError kms "InvalidGrantIdException"----- | The request was rejected because the specified grant token is not valid.-------_InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError-_InvalidGrantTokenException =- _MatchServiceError kms "InvalidGrantTokenException"----- | The request was rejected because a specified ARN was not valid.-------_InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError-_InvalidARNException = _MatchServiceError kms "InvalidArnException"----- | The system timed out while trying to fulfill the request. The request can be retried.-------_DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError-_DependencyTimeoutException =- _MatchServiceError kms "DependencyTimeoutException"----- | The request was rejected because the provided import token is expired. Use 'GetParametersForImport' to get a new import token and public key, use the new public key to encrypt the key material, and then try the request again.-------_ExpiredImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError-_ExpiredImportTokenException =- _MatchServiceError kms "ExpiredImportTokenException"----- | The request was rejected because the specified ciphertext, or additional authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted, missing, or otherwise invalid.-------_InvalidCiphertextException :: AsError a => Getting (First ServiceError) a ServiceError-_InvalidCiphertextException =- _MatchServiceError kms "InvalidCiphertextException"----- | The request was rejected because it attempted to create a resource that already exists.-------_AlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError-_AlreadyExistsException = _MatchServiceError kms "AlreadyExistsException"----- | The request was rejected because a limit was exceeded. For more information, see <http://docs.aws.amazon.com/kms/latest/developerguide/limits.html Limits> in the /AWS Key Management Service Developer Guide/ .-------_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError-_LimitExceededException = _MatchServiceError kms "LimitExceededException"-
− gen/Network/AWS/KMS/Types/Product.hs
@@ -1,530 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.Types.Product--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)----module Network.AWS.KMS.Types.Product where--import Network.AWS.KMS.Types.Sum-import Network.AWS.Lens-import Network.AWS.Prelude---- | Contains information about an alias.------------ /See:/ 'aliasListEntry' smart constructor.-data AliasListEntry = AliasListEntry'- { _aleTargetKeyId :: !(Maybe Text)- , _aleAliasName :: !(Maybe Text)- , _aleAliasARN :: !(Maybe Text)- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'AliasListEntry' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'aleTargetKeyId' - String that contains the key identifier referred to by the alias.------ * 'aleAliasName' - String that contains the alias.------ * 'aleAliasARN' - String that contains the key ARN.-aliasListEntry- :: AliasListEntry-aliasListEntry =- AliasListEntry'- {_aleTargetKeyId = Nothing, _aleAliasName = Nothing, _aleAliasARN = Nothing}----- | String that contains the key identifier referred to by the alias.-aleTargetKeyId :: Lens' AliasListEntry (Maybe Text)-aleTargetKeyId = lens _aleTargetKeyId (\ s a -> s{_aleTargetKeyId = a})---- | String that contains the alias.-aleAliasName :: Lens' AliasListEntry (Maybe Text)-aleAliasName = lens _aleAliasName (\ s a -> s{_aleAliasName = a})---- | String that contains the key ARN.-aleAliasARN :: Lens' AliasListEntry (Maybe Text)-aleAliasARN = lens _aleAliasARN (\ s a -> s{_aleAliasARN = a})--instance FromJSON AliasListEntry where- parseJSON- = withObject "AliasListEntry"- (\ x ->- AliasListEntry' <$>- (x .:? "TargetKeyId") <*> (x .:? "AliasName") <*>- (x .:? "AliasArn"))--instance Hashable AliasListEntry where--instance NFData AliasListEntry where---- | A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see <http://docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html Encryption Context> in the /AWS Key Management Service Developer Guide/ .--------- Grant constraints apply only to operations that accept encryption context as input. For example, the @'DescribeKey' @ operation does not accept encryption context as input. A grant that allows the @DescribeKey@ operation does so regardless of the grant constraints. In constrast, the @'Encrypt' @ operation accepts encryption context as input. A grant that allows the @Encrypt@ operation does so only when the encryption context of the @Encrypt@ operation satisfies the grant constraints.--------- /See:/ 'grantConstraints' smart constructor.-data GrantConstraints = GrantConstraints'- { _gcEncryptionContextEquals :: !(Maybe (Map Text Text))- , _gcEncryptionContextSubset :: !(Maybe (Map Text Text))- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GrantConstraints' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gcEncryptionContextEquals' - A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list, the grant allows the operation. Otherwise, the grant does not allow the operation.------ * 'gcEncryptionContextSubset' - A list of key-value pairs, all of which must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list or is a superset of this list, the grant allows the operation. Otherwise, the grant does not allow the operation.-grantConstraints- :: GrantConstraints-grantConstraints =- GrantConstraints'- {_gcEncryptionContextEquals = Nothing, _gcEncryptionContextSubset = Nothing}----- | A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list, the grant allows the operation. Otherwise, the grant does not allow the operation.-gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text)-gcEncryptionContextEquals = lens _gcEncryptionContextEquals (\ s a -> s{_gcEncryptionContextEquals = a}) . _Default . _Map---- | A list of key-value pairs, all of which must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list or is a superset of this list, the grant allows the operation. Otherwise, the grant does not allow the operation.-gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text)-gcEncryptionContextSubset = lens _gcEncryptionContextSubset (\ s a -> s{_gcEncryptionContextSubset = a}) . _Default . _Map--instance FromJSON GrantConstraints where- parseJSON- = withObject "GrantConstraints"- (\ x ->- GrantConstraints' <$>- (x .:? "EncryptionContextEquals" .!= mempty) <*>- (x .:? "EncryptionContextSubset" .!= mempty))--instance Hashable GrantConstraints where--instance NFData GrantConstraints where--instance ToJSON GrantConstraints where- toJSON GrantConstraints'{..}- = object- (catMaybes- [("EncryptionContextEquals" .=) <$>- _gcEncryptionContextEquals,- ("EncryptionContextSubset" .=) <$>- _gcEncryptionContextSubset])---- | Contains information about an entry in a list of grants.------------ /See:/ 'grantListEntry' smart constructor.-data GrantListEntry = GrantListEntry'- { _gleKeyId :: !(Maybe Text)- , _gleRetiringPrincipal :: !(Maybe Text)- , _gleIssuingAccount :: !(Maybe Text)- , _gleGrantId :: !(Maybe Text)- , _gleConstraints :: !(Maybe GrantConstraints)- , _gleGranteePrincipal :: !(Maybe Text)- , _gleName :: !(Maybe Text)- , _gleCreationDate :: !(Maybe POSIX)- , _gleOperations :: !(Maybe [GrantOperation])- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'GrantListEntry' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'gleKeyId' - The unique identifier for the customer master key (CMK) to which the grant applies.------ * 'gleRetiringPrincipal' - The principal that can retire the grant.------ * 'gleIssuingAccount' - The AWS account under which the grant was issued.------ * 'gleGrantId' - The unique identifier for the grant.------ * 'gleConstraints' - A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.------ * 'gleGranteePrincipal' - The principal that receives the grant's permissions.------ * 'gleName' - The friendly name that identifies the grant. If a name was provided in the 'CreateGrant' request, that name is returned. Otherwise this value is null.------ * 'gleCreationDate' - The date and time when the grant was created.------ * 'gleOperations' - The list of operations permitted by the grant.-grantListEntry- :: GrantListEntry-grantListEntry =- GrantListEntry'- { _gleKeyId = Nothing- , _gleRetiringPrincipal = Nothing- , _gleIssuingAccount = Nothing- , _gleGrantId = Nothing- , _gleConstraints = Nothing- , _gleGranteePrincipal = Nothing- , _gleName = Nothing- , _gleCreationDate = Nothing- , _gleOperations = Nothing- }----- | The unique identifier for the customer master key (CMK) to which the grant applies.-gleKeyId :: Lens' GrantListEntry (Maybe Text)-gleKeyId = lens _gleKeyId (\ s a -> s{_gleKeyId = a})---- | The principal that can retire the grant.-gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text)-gleRetiringPrincipal = lens _gleRetiringPrincipal (\ s a -> s{_gleRetiringPrincipal = a})---- | The AWS account under which the grant was issued.-gleIssuingAccount :: Lens' GrantListEntry (Maybe Text)-gleIssuingAccount = lens _gleIssuingAccount (\ s a -> s{_gleIssuingAccount = a})---- | The unique identifier for the grant.-gleGrantId :: Lens' GrantListEntry (Maybe Text)-gleGrantId = lens _gleGrantId (\ s a -> s{_gleGrantId = a})---- | A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.-gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints)-gleConstraints = lens _gleConstraints (\ s a -> s{_gleConstraints = a})---- | The principal that receives the grant's permissions.-gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text)-gleGranteePrincipal = lens _gleGranteePrincipal (\ s a -> s{_gleGranteePrincipal = a})---- | The friendly name that identifies the grant. If a name was provided in the 'CreateGrant' request, that name is returned. Otherwise this value is null.-gleName :: Lens' GrantListEntry (Maybe Text)-gleName = lens _gleName (\ s a -> s{_gleName = a})---- | The date and time when the grant was created.-gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime)-gleCreationDate = lens _gleCreationDate (\ s a -> s{_gleCreationDate = a}) . mapping _Time---- | The list of operations permitted by the grant.-gleOperations :: Lens' GrantListEntry [GrantOperation]-gleOperations = lens _gleOperations (\ s a -> s{_gleOperations = a}) . _Default . _Coerce--instance FromJSON GrantListEntry where- parseJSON- = withObject "GrantListEntry"- (\ x ->- GrantListEntry' <$>- (x .:? "KeyId") <*> (x .:? "RetiringPrincipal") <*>- (x .:? "IssuingAccount")- <*> (x .:? "GrantId")- <*> (x .:? "Constraints")- <*> (x .:? "GranteePrincipal")- <*> (x .:? "Name")- <*> (x .:? "CreationDate")- <*> (x .:? "Operations" .!= mempty))--instance Hashable GrantListEntry where--instance NFData GrantListEntry where---- | Contains information about each entry in the key list.------------ /See:/ 'keyListEntry' smart constructor.-data KeyListEntry = KeyListEntry'- { _kleKeyId :: !(Maybe Text)- , _kleKeyARN :: !(Maybe Text)- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'KeyListEntry' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'kleKeyId' - Unique identifier of the key.------ * 'kleKeyARN' - ARN of the key.-keyListEntry- :: KeyListEntry-keyListEntry = KeyListEntry' {_kleKeyId = Nothing, _kleKeyARN = Nothing}----- | Unique identifier of the key.-kleKeyId :: Lens' KeyListEntry (Maybe Text)-kleKeyId = lens _kleKeyId (\ s a -> s{_kleKeyId = a})---- | ARN of the key.-kleKeyARN :: Lens' KeyListEntry (Maybe Text)-kleKeyARN = lens _kleKeyARN (\ s a -> s{_kleKeyARN = a})--instance FromJSON KeyListEntry where- parseJSON- = withObject "KeyListEntry"- (\ x ->- KeyListEntry' <$>- (x .:? "KeyId") <*> (x .:? "KeyArn"))--instance Hashable KeyListEntry where--instance NFData KeyListEntry where---- | Contains metadata about a customer master key (CMK).--------- This data type is used as a response element for the 'CreateKey' and 'DescribeKey' operations.--------- /See:/ 'keyMetadata' smart constructor.-data KeyMetadata = KeyMetadata'- { _kmOrigin :: !(Maybe OriginType)- , _kmExpirationModel :: !(Maybe ExpirationModelType)- , _kmKeyManager :: !(Maybe KeyManagerType)- , _kmEnabled :: !(Maybe Bool)- , _kmValidTo :: !(Maybe POSIX)- , _kmARN :: !(Maybe Text)- , _kmKeyState :: !(Maybe KeyState)- , _kmAWSAccountId :: !(Maybe Text)- , _kmKeyUsage :: !(Maybe KeyUsageType)- , _kmCreationDate :: !(Maybe POSIX)- , _kmDeletionDate :: !(Maybe POSIX)- , _kmDescription :: !(Maybe Text)- , _kmKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'KeyMetadata' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'kmOrigin' - The source of the CMK's key material. When this value is @AWS_KMS@ , AWS KMS created the key material. When this value is @EXTERNAL@ , the key material was imported from your existing key management infrastructure or the CMK lacks key material.------ * 'kmExpirationModel' - Specifies whether the CMK's key material expires. This value is present only when @Origin@ is @EXTERNAL@ , otherwise this value is omitted.------ * 'kmKeyManager' - The CMK's manager. CMKs are either customer-managed or AWS-managed. For more information about the difference, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys Customer Master Keys> in the /AWS Key Management Service Developer Guide/ .------ * 'kmEnabled' - Specifies whether the CMK is enabled. When @KeyState@ is @Enabled@ this value is true, otherwise it is false.------ * 'kmValidTo' - The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. This value is present only for CMKs whose @Origin@ is @EXTERNAL@ and whose @ExpirationModel@ is @KEY_MATERIAL_EXPIRES@ , otherwise this value is omitted.------ * 'kmARN' - The Amazon Resource Name (ARN) of the CMK. For examples, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms AWS Key Management Service (AWS KMS)> in the Example ARNs section of the /AWS General Reference/ .------ * 'kmKeyState' - The state of the CMK. For more information about how key state affects the use of a CMK, see <http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html How Key State Affects the Use of a Customer Master Key> in the /AWS Key Management Service Developer Guide/ .------ * 'kmAWSAccountId' - The twelve-digit account ID of the AWS account that owns the CMK.------ * 'kmKeyUsage' - The cryptographic operations for which you can use the CMK. Currently the only allowed value is @ENCRYPT_DECRYPT@ , which means you can use the CMK for the 'Encrypt' and 'Decrypt' operations.------ * 'kmCreationDate' - The date and time when the CMK was created.------ * 'kmDeletionDate' - The date and time after which AWS KMS deletes the CMK. This value is present only when @KeyState@ is @PendingDeletion@ , otherwise this value is omitted.------ * 'kmDescription' - The description of the CMK.------ * 'kmKeyId' - The globally unique identifier for the CMK.-keyMetadata- :: Text -- ^ 'kmKeyId'- -> KeyMetadata-keyMetadata pKeyId_ =- KeyMetadata'- { _kmOrigin = Nothing- , _kmExpirationModel = Nothing- , _kmKeyManager = Nothing- , _kmEnabled = Nothing- , _kmValidTo = Nothing- , _kmARN = Nothing- , _kmKeyState = Nothing- , _kmAWSAccountId = Nothing- , _kmKeyUsage = Nothing- , _kmCreationDate = Nothing- , _kmDeletionDate = Nothing- , _kmDescription = Nothing- , _kmKeyId = pKeyId_- }----- | The source of the CMK's key material. When this value is @AWS_KMS@ , AWS KMS created the key material. When this value is @EXTERNAL@ , the key material was imported from your existing key management infrastructure or the CMK lacks key material.-kmOrigin :: Lens' KeyMetadata (Maybe OriginType)-kmOrigin = lens _kmOrigin (\ s a -> s{_kmOrigin = a})---- | Specifies whether the CMK's key material expires. This value is present only when @Origin@ is @EXTERNAL@ , otherwise this value is omitted.-kmExpirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType)-kmExpirationModel = lens _kmExpirationModel (\ s a -> s{_kmExpirationModel = a})---- | The CMK's manager. CMKs are either customer-managed or AWS-managed. For more information about the difference, see <http://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys Customer Master Keys> in the /AWS Key Management Service Developer Guide/ .-kmKeyManager :: Lens' KeyMetadata (Maybe KeyManagerType)-kmKeyManager = lens _kmKeyManager (\ s a -> s{_kmKeyManager = a})---- | Specifies whether the CMK is enabled. When @KeyState@ is @Enabled@ this value is true, otherwise it is false.-kmEnabled :: Lens' KeyMetadata (Maybe Bool)-kmEnabled = lens _kmEnabled (\ s a -> s{_kmEnabled = a})---- | The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. This value is present only for CMKs whose @Origin@ is @EXTERNAL@ and whose @ExpirationModel@ is @KEY_MATERIAL_EXPIRES@ , otherwise this value is omitted.-kmValidTo :: Lens' KeyMetadata (Maybe UTCTime)-kmValidTo = lens _kmValidTo (\ s a -> s{_kmValidTo = a}) . mapping _Time---- | The Amazon Resource Name (ARN) of the CMK. For examples, see <http://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-kms AWS Key Management Service (AWS KMS)> in the Example ARNs section of the /AWS General Reference/ .-kmARN :: Lens' KeyMetadata (Maybe Text)-kmARN = lens _kmARN (\ s a -> s{_kmARN = a})---- | The state of the CMK. For more information about how key state affects the use of a CMK, see <http://docs.aws.amazon.com/kms/latest/developerguide/key-state.html How Key State Affects the Use of a Customer Master Key> in the /AWS Key Management Service Developer Guide/ .-kmKeyState :: Lens' KeyMetadata (Maybe KeyState)-kmKeyState = lens _kmKeyState (\ s a -> s{_kmKeyState = a})---- | The twelve-digit account ID of the AWS account that owns the CMK.-kmAWSAccountId :: Lens' KeyMetadata (Maybe Text)-kmAWSAccountId = lens _kmAWSAccountId (\ s a -> s{_kmAWSAccountId = a})---- | The cryptographic operations for which you can use the CMK. Currently the only allowed value is @ENCRYPT_DECRYPT@ , which means you can use the CMK for the 'Encrypt' and 'Decrypt' operations.-kmKeyUsage :: Lens' KeyMetadata (Maybe KeyUsageType)-kmKeyUsage = lens _kmKeyUsage (\ s a -> s{_kmKeyUsage = a})---- | The date and time when the CMK was created.-kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime)-kmCreationDate = lens _kmCreationDate (\ s a -> s{_kmCreationDate = a}) . mapping _Time---- | The date and time after which AWS KMS deletes the CMK. This value is present only when @KeyState@ is @PendingDeletion@ , otherwise this value is omitted.-kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime)-kmDeletionDate = lens _kmDeletionDate (\ s a -> s{_kmDeletionDate = a}) . mapping _Time---- | The description of the CMK.-kmDescription :: Lens' KeyMetadata (Maybe Text)-kmDescription = lens _kmDescription (\ s a -> s{_kmDescription = a})---- | The globally unique identifier for the CMK.-kmKeyId :: Lens' KeyMetadata Text-kmKeyId = lens _kmKeyId (\ s a -> s{_kmKeyId = a})--instance FromJSON KeyMetadata where- parseJSON- = withObject "KeyMetadata"- (\ x ->- KeyMetadata' <$>- (x .:? "Origin") <*> (x .:? "ExpirationModel") <*>- (x .:? "KeyManager")- <*> (x .:? "Enabled")- <*> (x .:? "ValidTo")- <*> (x .:? "Arn")- <*> (x .:? "KeyState")- <*> (x .:? "AWSAccountId")- <*> (x .:? "KeyUsage")- <*> (x .:? "CreationDate")- <*> (x .:? "DeletionDate")- <*> (x .:? "Description")- <*> (x .: "KeyId"))--instance Hashable KeyMetadata where--instance NFData KeyMetadata where---- | /See:/ 'listGrantsResponse' smart constructor.-data ListGrantsResponse = ListGrantsResponse'- { _lgTruncated :: !(Maybe Bool)- , _lgGrants :: !(Maybe [GrantListEntry])- , _lgNextMarker :: !(Maybe Text)- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'ListGrantsResponse' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'lgTruncated' - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.------ * 'lgGrants' - A list of grants.------ * 'lgNextMarker' - When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request.-listGrantsResponse- :: ListGrantsResponse-listGrantsResponse =- ListGrantsResponse'- {_lgTruncated = Nothing, _lgGrants = Nothing, _lgNextMarker = Nothing}----- | A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the @NextMarker@ element in this response to the @Marker@ parameter in a subsequent request.-lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)-lgTruncated = lens _lgTruncated (\ s a -> s{_lgTruncated = a})---- | A list of grants.-lgGrants :: Lens' ListGrantsResponse [GrantListEntry]-lgGrants = lens _lgGrants (\ s a -> s{_lgGrants = a}) . _Default . _Coerce---- | When @Truncated@ is true, this element is present and contains the value to use for the @Marker@ parameter in a subsequent request.-lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)-lgNextMarker = lens _lgNextMarker (\ s a -> s{_lgNextMarker = a})--instance FromJSON ListGrantsResponse where- parseJSON- = withObject "ListGrantsResponse"- (\ x ->- ListGrantsResponse' <$>- (x .:? "Truncated") <*> (x .:? "Grants" .!= mempty)- <*> (x .:? "NextMarker"))--instance Hashable ListGrantsResponse where--instance NFData ListGrantsResponse where---- | A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.--------- For information about the rules that apply to tag keys and tag values, see <http://docs.aws.amazon.com/awsaccountbilling/latest/aboutv2/allocation-tag-restrictions.html User-Defined Tag Restrictions> in the /AWS Billing and Cost Management User Guide/ .--------- /See:/ 'tag' smart constructor.-data Tag = Tag'- { _tagTagKey :: !Text- , _tagTagValue :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'Tag' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'tagTagKey' - The key of the tag.------ * 'tagTagValue' - The value of the tag.-tag- :: Text -- ^ 'tagTagKey'- -> Text -- ^ 'tagTagValue'- -> Tag-tag pTagKey_ pTagValue_ =- Tag' {_tagTagKey = pTagKey_, _tagTagValue = pTagValue_}----- | The key of the tag.-tagTagKey :: Lens' Tag Text-tagTagKey = lens _tagTagKey (\ s a -> s{_tagTagKey = a})---- | The value of the tag.-tagTagValue :: Lens' Tag Text-tagTagValue = lens _tagTagValue (\ s a -> s{_tagTagValue = a})--instance FromJSON Tag where- parseJSON- = withObject "Tag"- (\ x ->- Tag' <$> (x .: "TagKey") <*> (x .: "TagValue"))--instance Hashable Tag where--instance NFData Tag where--instance ToJSON Tag where- toJSON Tag'{..}- = object- (catMaybes- [Just ("TagKey" .= _tagTagKey),- Just ("TagValue" .= _tagTagValue)])
− gen/Network/AWS/KMS/Types/Sum.hs
@@ -1,299 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE LambdaCase #-}-{-# LANGUAGE OverloadedStrings #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.Types.Sum--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)----module Network.AWS.KMS.Types.Sum where--import Network.AWS.Prelude--data AlgorithmSpec- = RsaesOaepSha1- | RsaesOaepSha256- | RsaesPKCS1V15- deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)---instance FromText AlgorithmSpec where- parser = takeLowerText >>= \case- "rsaes_oaep_sha_1" -> pure RsaesOaepSha1- "rsaes_oaep_sha_256" -> pure RsaesOaepSha256- "rsaes_pkcs1_v1_5" -> pure RsaesPKCS1V15- e -> fromTextError $ "Failure parsing AlgorithmSpec from value: '" <> e- <> "'. Accepted values: rsaes_oaep_sha_1, rsaes_oaep_sha_256, rsaes_pkcs1_v1_5"--instance ToText AlgorithmSpec where- toText = \case- RsaesOaepSha1 -> "RSAES_OAEP_SHA_1"- RsaesOaepSha256 -> "RSAES_OAEP_SHA_256"- RsaesPKCS1V15 -> "RSAES_PKCS1_V1_5"--instance Hashable AlgorithmSpec-instance NFData AlgorithmSpec-instance ToByteString AlgorithmSpec-instance ToQuery AlgorithmSpec-instance ToHeader AlgorithmSpec--instance ToJSON AlgorithmSpec where- toJSON = toJSONText--data DataKeySpec- = AES128- | AES256- deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)---instance FromText DataKeySpec where- parser = takeLowerText >>= \case- "aes_128" -> pure AES128- "aes_256" -> pure AES256- e -> fromTextError $ "Failure parsing DataKeySpec from value: '" <> e- <> "'. Accepted values: aes_128, aes_256"--instance ToText DataKeySpec where- toText = \case- AES128 -> "AES_128"- AES256 -> "AES_256"--instance Hashable DataKeySpec-instance NFData DataKeySpec-instance ToByteString DataKeySpec-instance ToQuery DataKeySpec-instance ToHeader DataKeySpec--instance ToJSON DataKeySpec where- toJSON = toJSONText--data ExpirationModelType- = KeyMaterialDoesNotExpire- | KeyMaterialExpires- deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)---instance FromText ExpirationModelType where- parser = takeLowerText >>= \case- "key_material_does_not_expire" -> pure KeyMaterialDoesNotExpire- "key_material_expires" -> pure KeyMaterialExpires- e -> fromTextError $ "Failure parsing ExpirationModelType from value: '" <> e- <> "'. Accepted values: key_material_does_not_expire, key_material_expires"--instance ToText ExpirationModelType where- toText = \case- KeyMaterialDoesNotExpire -> "KEY_MATERIAL_DOES_NOT_EXPIRE"- KeyMaterialExpires -> "KEY_MATERIAL_EXPIRES"--instance Hashable ExpirationModelType-instance NFData ExpirationModelType-instance ToByteString ExpirationModelType-instance ToQuery ExpirationModelType-instance ToHeader ExpirationModelType--instance ToJSON ExpirationModelType where- toJSON = toJSONText--instance FromJSON ExpirationModelType where- parseJSON = parseJSONText "ExpirationModelType"--data GrantOperation- = CreateGrant- | Decrypt- | DescribeKey- | Encrypt- | GenerateDataKey- | GenerateDataKeyWithoutPlaintext- | ReEncryptFrom- | ReEncryptTo- | RetireGrant- deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)---instance FromText GrantOperation where- parser = takeLowerText >>= \case- "creategrant" -> pure CreateGrant- "decrypt" -> pure Decrypt- "describekey" -> pure DescribeKey- "encrypt" -> pure Encrypt- "generatedatakey" -> pure GenerateDataKey- "generatedatakeywithoutplaintext" -> pure GenerateDataKeyWithoutPlaintext- "reencryptfrom" -> pure ReEncryptFrom- "reencryptto" -> pure ReEncryptTo- "retiregrant" -> pure RetireGrant- e -> fromTextError $ "Failure parsing GrantOperation from value: '" <> e- <> "'. Accepted values: creategrant, decrypt, describekey, encrypt, generatedatakey, generatedatakeywithoutplaintext, reencryptfrom, reencryptto, retiregrant"--instance ToText GrantOperation where- toText = \case- CreateGrant -> "CreateGrant"- Decrypt -> "Decrypt"- DescribeKey -> "DescribeKey"- Encrypt -> "Encrypt"- GenerateDataKey -> "GenerateDataKey"- GenerateDataKeyWithoutPlaintext -> "GenerateDataKeyWithoutPlaintext"- ReEncryptFrom -> "ReEncryptFrom"- ReEncryptTo -> "ReEncryptTo"- RetireGrant -> "RetireGrant"--instance Hashable GrantOperation-instance NFData GrantOperation-instance ToByteString GrantOperation-instance ToQuery GrantOperation-instance ToHeader GrantOperation--instance ToJSON GrantOperation where- toJSON = toJSONText--instance FromJSON GrantOperation where- parseJSON = parseJSONText "GrantOperation"--data KeyManagerType- = AWS- | Customer- deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)---instance FromText KeyManagerType where- parser = takeLowerText >>= \case- "aws" -> pure AWS- "customer" -> pure Customer- e -> fromTextError $ "Failure parsing KeyManagerType from value: '" <> e- <> "'. Accepted values: aws, customer"--instance ToText KeyManagerType where- toText = \case- AWS -> "AWS"- Customer -> "CUSTOMER"--instance Hashable KeyManagerType-instance NFData KeyManagerType-instance ToByteString KeyManagerType-instance ToQuery KeyManagerType-instance ToHeader KeyManagerType--instance FromJSON KeyManagerType where- parseJSON = parseJSONText "KeyManagerType"--data KeyState- = Disabled- | Enabled- | PendingDeletion- | PendingImport- deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)---instance FromText KeyState where- parser = takeLowerText >>= \case- "disabled" -> pure Disabled- "enabled" -> pure Enabled- "pendingdeletion" -> pure PendingDeletion- "pendingimport" -> pure PendingImport- e -> fromTextError $ "Failure parsing KeyState from value: '" <> e- <> "'. Accepted values: disabled, enabled, pendingdeletion, pendingimport"--instance ToText KeyState where- toText = \case- Disabled -> "Disabled"- Enabled -> "Enabled"- PendingDeletion -> "PendingDeletion"- PendingImport -> "PendingImport"--instance Hashable KeyState-instance NFData KeyState-instance ToByteString KeyState-instance ToQuery KeyState-instance ToHeader KeyState--instance FromJSON KeyState where- parseJSON = parseJSONText "KeyState"--data KeyUsageType =- EncryptDecrypt- deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)---instance FromText KeyUsageType where- parser = takeLowerText >>= \case- "encrypt_decrypt" -> pure EncryptDecrypt- e -> fromTextError $ "Failure parsing KeyUsageType from value: '" <> e- <> "'. Accepted values: encrypt_decrypt"--instance ToText KeyUsageType where- toText = \case- EncryptDecrypt -> "ENCRYPT_DECRYPT"--instance Hashable KeyUsageType-instance NFData KeyUsageType-instance ToByteString KeyUsageType-instance ToQuery KeyUsageType-instance ToHeader KeyUsageType--instance ToJSON KeyUsageType where- toJSON = toJSONText--instance FromJSON KeyUsageType where- parseJSON = parseJSONText "KeyUsageType"--data OriginType- = AWSKMS- | External- deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)---instance FromText OriginType where- parser = takeLowerText >>= \case- "aws_kms" -> pure AWSKMS- "external" -> pure External- e -> fromTextError $ "Failure parsing OriginType from value: '" <> e- <> "'. Accepted values: aws_kms, external"--instance ToText OriginType where- toText = \case- AWSKMS -> "AWS_KMS"- External -> "EXTERNAL"--instance Hashable OriginType-instance NFData OriginType-instance ToByteString OriginType-instance ToQuery OriginType-instance ToHeader OriginType--instance ToJSON OriginType where- toJSON = toJSONText--instance FromJSON OriginType where- parseJSON = parseJSONText "OriginType"--data WrappingKeySpec =- Rsa2048- deriving (Eq, Ord, Read, Show, Enum, Bounded, Data, Typeable, Generic)---instance FromText WrappingKeySpec where- parser = takeLowerText >>= \case- "rsa_2048" -> pure Rsa2048- e -> fromTextError $ "Failure parsing WrappingKeySpec from value: '" <> e- <> "'. Accepted values: rsa_2048"--instance ToText WrappingKeySpec where- toText = \case- Rsa2048 -> "RSA_2048"--instance Hashable WrappingKeySpec-instance NFData WrappingKeySpec-instance ToByteString WrappingKeySpec-instance ToQuery WrappingKeySpec-instance ToHeader WrappingKeySpec--instance ToJSON WrappingKeySpec where- toJSON = toJSONText
− gen/Network/AWS/KMS/UntagResource.hs
@@ -1,119 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.UntagResource--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Removes the specified tag or tags from the specified customer master key (CMK). You cannot perform this operation on a CMK in a different AWS account.--------- To remove a tag, you specify the tag key for each tag to remove. You do not specify the tag value. To overwrite the tag value for an existing tag, use 'TagResource' .----module Network.AWS.KMS.UntagResource- (- -- * Creating a Request- untagResource- , UntagResource- -- * Request Lenses- , urKeyId- , urTagKeys-- -- * Destructuring the Response- , untagResourceResponse- , UntagResourceResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'untagResource' smart constructor.-data UntagResource = UntagResource'- { _urKeyId :: !Text- , _urTagKeys :: ![Text]- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'UntagResource' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'urKeyId' - A unique identifier for the CMK from which you are removing tags. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .------ * 'urTagKeys' - One or more tag keys. Specify only the tag keys, not the tag values.-untagResource- :: Text -- ^ 'urKeyId'- -> UntagResource-untagResource pKeyId_ = UntagResource' {_urKeyId = pKeyId_, _urTagKeys = mempty}----- | A unique identifier for the CMK from which you are removing tags. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-urKeyId :: Lens' UntagResource Text-urKeyId = lens _urKeyId (\ s a -> s{_urKeyId = a})---- | One or more tag keys. Specify only the tag keys, not the tag values.-urTagKeys :: Lens' UntagResource [Text]-urTagKeys = lens _urTagKeys (\ s a -> s{_urTagKeys = a}) . _Coerce--instance AWSRequest UntagResource where- type Rs UntagResource = UntagResourceResponse- request = postJSON kms- response = receiveNull UntagResourceResponse'--instance Hashable UntagResource where--instance NFData UntagResource where--instance ToHeaders UntagResource where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.UntagResource" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON UntagResource where- toJSON UntagResource'{..}- = object- (catMaybes- [Just ("KeyId" .= _urKeyId),- Just ("TagKeys" .= _urTagKeys)])--instance ToPath UntagResource where- toPath = const "/"--instance ToQuery UntagResource where- toQuery = const mempty---- | /See:/ 'untagResourceResponse' smart constructor.-data UntagResourceResponse =- UntagResourceResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'UntagResourceResponse' with the minimum fields required to make a request.----untagResourceResponse- :: UntagResourceResponse-untagResourceResponse = UntagResourceResponse'---instance NFData UntagResourceResponse where
− gen/Network/AWS/KMS/UpdateAlias.hs
@@ -1,125 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.UpdateAlias--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Associates an existing alias with a different customer master key (CMK). Each CMK can have multiple aliases, but the aliases must be unique within the account and region. You cannot perform this operation on an alias in a different AWS account.--------- This operation works only on existing aliases. To change the alias of a CMK to a new value, use 'CreateAlias' to create a new alias and 'DeleteAlias' to delete the old alias.------ Because an alias is not a property of a CMK, you can create, update, and delete the aliases of a CMK without affecting the CMK. Also, aliases do not appear in the response from the 'DescribeKey' operation. To get the aliases of all CMKs in the account, use the 'ListAliases' operation.------ An alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). An alias must start with the word @alias@ followed by a forward slash (@alias/@ ). The alias name can contain only alphanumeric characters, forward slashes (/), underscores (_), and dashes (-). Alias names cannot begin with @aws@ ; that alias name prefix is reserved by Amazon Web Services (AWS).----module Network.AWS.KMS.UpdateAlias- (- -- * Creating a Request- updateAlias- , UpdateAlias- -- * Request Lenses- , uaAliasName- , uaTargetKeyId-- -- * Destructuring the Response- , updateAliasResponse- , UpdateAliasResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'updateAlias' smart constructor.-data UpdateAlias = UpdateAlias'- { _uaAliasName :: !Text- , _uaTargetKeyId :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'UpdateAlias' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'uaAliasName' - String that contains the name of the alias to be modified. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/aws" are reserved.------ * 'uaTargetKeyId' - Unique identifier of the customer master key to be mapped to the alias. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To verify that the alias is mapped to the correct CMK, use 'ListAliases' .-updateAlias- :: Text -- ^ 'uaAliasName'- -> Text -- ^ 'uaTargetKeyId'- -> UpdateAlias-updateAlias pAliasName_ pTargetKeyId_ =- UpdateAlias' {_uaAliasName = pAliasName_, _uaTargetKeyId = pTargetKeyId_}----- | String that contains the name of the alias to be modified. The name must start with the word "alias" followed by a forward slash (alias/). Aliases that begin with "alias/aws" are reserved.-uaAliasName :: Lens' UpdateAlias Text-uaAliasName = lens _uaAliasName (\ s a -> s{_uaAliasName = a})---- | Unique identifier of the customer master key to be mapped to the alias. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' . To verify that the alias is mapped to the correct CMK, use 'ListAliases' .-uaTargetKeyId :: Lens' UpdateAlias Text-uaTargetKeyId = lens _uaTargetKeyId (\ s a -> s{_uaTargetKeyId = a})--instance AWSRequest UpdateAlias where- type Rs UpdateAlias = UpdateAliasResponse- request = postJSON kms- response = receiveNull UpdateAliasResponse'--instance Hashable UpdateAlias where--instance NFData UpdateAlias where--instance ToHeaders UpdateAlias where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.UpdateAlias" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON UpdateAlias where- toJSON UpdateAlias'{..}- = object- (catMaybes- [Just ("AliasName" .= _uaAliasName),- Just ("TargetKeyId" .= _uaTargetKeyId)])--instance ToPath UpdateAlias where- toPath = const "/"--instance ToQuery UpdateAlias where- toQuery = const mempty---- | /See:/ 'updateAliasResponse' smart constructor.-data UpdateAliasResponse =- UpdateAliasResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'UpdateAliasResponse' with the minimum fields required to make a request.----updateAliasResponse- :: UpdateAliasResponse-updateAliasResponse = UpdateAliasResponse'---instance NFData UpdateAliasResponse where
− gen/Network/AWS/KMS/UpdateKeyDescription.hs
@@ -1,122 +0,0 @@-{-# LANGUAGE DeriveDataTypeable #-}-{-# LANGUAGE DeriveGeneric #-}-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE RecordWildCards #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-unused-binds #-}-{-# OPTIONS_GHC -fno-warn-unused-matches #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.UpdateKeyDescription--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)------ Updates the description of a customer master key (CMK). To see the decription of a CMK, use 'DescribeKey' .--------- You cannot perform this operation on a CMK in a different AWS account.----module Network.AWS.KMS.UpdateKeyDescription- (- -- * Creating a Request- updateKeyDescription- , UpdateKeyDescription- -- * Request Lenses- , ukdKeyId- , ukdDescription-- -- * Destructuring the Response- , updateKeyDescriptionResponse- , UpdateKeyDescriptionResponse- ) where--import Network.AWS.KMS.Types-import Network.AWS.KMS.Types.Product-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Request-import Network.AWS.Response---- | /See:/ 'updateKeyDescription' smart constructor.-data UpdateKeyDescription = UpdateKeyDescription'- { _ukdKeyId :: !Text- , _ukdDescription :: !Text- } deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'UpdateKeyDescription' with the minimum fields required to make a request.------ Use one of the following lenses to modify other fields as desired:------ * 'ukdKeyId' - A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .------ * 'ukdDescription' - New description for the CMK.-updateKeyDescription- :: Text -- ^ 'ukdKeyId'- -> Text -- ^ 'ukdDescription'- -> UpdateKeyDescription-updateKeyDescription pKeyId_ pDescription_ =- UpdateKeyDescription' {_ukdKeyId = pKeyId_, _ukdDescription = pDescription_}----- | A unique identifier for the customer master key (CMK). Specify the key ID or the Amazon Resource Name (ARN) of the CMK. For example: * Key ID: @1234abcd-12ab-34cd-56ef-1234567890ab@ * Key ARN: @arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab@ To get the key ID and key ARN for a CMK, use 'ListKeys' or 'DescribeKey' .-ukdKeyId :: Lens' UpdateKeyDescription Text-ukdKeyId = lens _ukdKeyId (\ s a -> s{_ukdKeyId = a})---- | New description for the CMK.-ukdDescription :: Lens' UpdateKeyDescription Text-ukdDescription = lens _ukdDescription (\ s a -> s{_ukdDescription = a})--instance AWSRequest UpdateKeyDescription where- type Rs UpdateKeyDescription =- UpdateKeyDescriptionResponse- request = postJSON kms- response = receiveNull UpdateKeyDescriptionResponse'--instance Hashable UpdateKeyDescription where--instance NFData UpdateKeyDescription where--instance ToHeaders UpdateKeyDescription where- toHeaders- = const- (mconcat- ["X-Amz-Target" =#- ("TrentService.UpdateKeyDescription" :: ByteString),- "Content-Type" =#- ("application/x-amz-json-1.1" :: ByteString)])--instance ToJSON UpdateKeyDescription where- toJSON UpdateKeyDescription'{..}- = object- (catMaybes- [Just ("KeyId" .= _ukdKeyId),- Just ("Description" .= _ukdDescription)])--instance ToPath UpdateKeyDescription where- toPath = const "/"--instance ToQuery UpdateKeyDescription where- toQuery = const mempty---- | /See:/ 'updateKeyDescriptionResponse' smart constructor.-data UpdateKeyDescriptionResponse =- UpdateKeyDescriptionResponse'- deriving (Eq, Read, Show, Data, Typeable, Generic)----- | Creates a value of 'UpdateKeyDescriptionResponse' with the minimum fields required to make a request.----updateKeyDescriptionResponse- :: UpdateKeyDescriptionResponse-updateKeyDescriptionResponse = UpdateKeyDescriptionResponse'---instance NFData UpdateKeyDescriptionResponse where
− gen/Network/AWS/KMS/Waiters.hs
@@ -1,21 +0,0 @@-{-# LANGUAGE OverloadedStrings #-}-{-# LANGUAGE TypeFamilies #-}--{-# OPTIONS_GHC -fno-warn-unused-imports #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Network.AWS.KMS.Waiters--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)----module Network.AWS.KMS.Waiters where--import Network.AWS.KMS.Types-import Network.AWS.Lens-import Network.AWS.Prelude-import Network.AWS.Waiter
test/Main.hs view
@@ -2,20 +2,22 @@ -- | -- Module : Main--- Copyright : (c) 2013-2018 Brendan Hay+-- Copyright : (c) 2013-2023 Brendan Hay -- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>+-- Maintainer : Brendan Hay -- Stability : auto-generated -- Portability : non-portable (GHC extensions)--- module Main (main) where +import Test.Amazonka.KMS+import Test.Amazonka.KMS.Internal import Test.Tasty-import Test.AWS.KMS-import Test.AWS.KMS.Internal main :: IO ()-main = defaultMain $ testGroup "KMS"- [ testGroup "tests" tests- , testGroup "fixtures" fixtures- ]+main =+ defaultMain $+ testGroup+ "KMS"+ [ testGroup "tests" tests,+ testGroup "fixtures" fixtures+ ]
− test/Test/AWS/Gen/KMS.hs
@@ -1,669 +0,0 @@-{-# OPTIONS_GHC -fno-warn-unused-imports #-}-{-# OPTIONS_GHC -fno-warn-orphans #-}---- Derived from AWS service descriptions, licensed under Apache 2.0.---- |--- Module : Test.AWS.Gen.KMS--- Copyright : (c) 2013-2018 Brendan Hay--- License : Mozilla Public License, v. 2.0.--- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com>--- Stability : auto-generated--- Portability : non-portable (GHC extensions)----module Test.AWS.Gen.KMS where--import Data.Proxy-import Network.AWS.KMS-import Test.AWS.Fixture-import Test.AWS.KMS.Internal-import Test.AWS.Prelude-import Test.Tasty---- Auto-generated: the actual test selection needs to be manually placed into--- the top-level so that real test data can be incrementally added.------ This commented snippet is what the entire set should look like:---- fixtures :: TestTree--- fixtures =--- [ testGroup "request"--- [ requestEncrypt $--- encrypt------ , requestListGrants $--- listGrants------ , requestDisableKeyRotation $--- disableKeyRotation------ , requestGenerateDataKeyWithoutPlaintext $--- generateDataKeyWithoutPlaintext------ , requestGetParametersForImport $--- getParametersForImport------ , requestEnableKeyRotation $--- enableKeyRotation------ , requestCreateAlias $--- createAlias------ , requestCreateGrant $--- createGrant------ , requestListAliases $--- listAliases------ , requestListRetirableGrants $--- listRetirableGrants------ , requestGenerateRandom $--- generateRandom------ , requestCreateKey $--- createKey------ , requestDisableKey $--- disableKey------ , requestRetireGrant $--- retireGrant------ , requestListKeys $--- listKeys------ , requestListResourceTags $--- listResourceTags------ , requestGetKeyRotationStatus $--- getKeyRotationStatus------ , requestGenerateDataKey $--- generateDataKey------ , requestDeleteAlias $--- deleteAlias------ , requestUpdateAlias $--- updateAlias------ , requestDescribeKey $--- describeKey------ , requestCancelKeyDeletion $--- cancelKeyDeletion------ , requestDecrypt $--- decrypt------ , requestUpdateKeyDescription $--- updateKeyDescription------ , requestReEncrypt $--- reEncrypt------ , requestTagResource $--- tagResource------ , requestListKeyPolicies $--- listKeyPolicies------ , requestUntagResource $--- untagResource------ , requestScheduleKeyDeletion $--- scheduleKeyDeletion------ , requestPutKeyPolicy $--- putKeyPolicy------ , requestEnableKey $--- enableKey------ , requestRevokeGrant $--- revokeGrant------ , requestGetKeyPolicy $--- getKeyPolicy------ , requestImportKeyMaterial $--- importKeyMaterial------ , requestDeleteImportedKeyMaterial $--- deleteImportedKeyMaterial------ ]---- , testGroup "response"--- [ responseEncrypt $--- encryptResponse------ , responseListGrants $--- listGrantsResponse------ , responseDisableKeyRotation $--- disableKeyRotationResponse------ , responseGenerateDataKeyWithoutPlaintext $--- generateDataKeyWithoutPlaintextResponse------ , responseGetParametersForImport $--- getParametersForImportResponse------ , responseEnableKeyRotation $--- enableKeyRotationResponse------ , responseCreateAlias $--- createAliasResponse------ , responseCreateGrant $--- createGrantResponse------ , responseListAliases $--- listAliasesResponse------ , responseListRetirableGrants $--- listGrantsResponse------ , responseGenerateRandom $--- generateRandomResponse------ , responseCreateKey $--- createKeyResponse------ , responseDisableKey $--- disableKeyResponse------ , responseRetireGrant $--- retireGrantResponse------ , responseListKeys $--- listKeysResponse------ , responseListResourceTags $--- listResourceTagsResponse------ , responseGetKeyRotationStatus $--- getKeyRotationStatusResponse------ , responseGenerateDataKey $--- generateDataKeyResponse------ , responseDeleteAlias $--- deleteAliasResponse------ , responseUpdateAlias $--- updateAliasResponse------ , responseDescribeKey $--- describeKeyResponse------ , responseCancelKeyDeletion $--- cancelKeyDeletionResponse------ , responseDecrypt $--- decryptResponse------ , responseUpdateKeyDescription $--- updateKeyDescriptionResponse------ , responseReEncrypt $--- reEncryptResponse------ , responseTagResource $--- tagResourceResponse------ , responseListKeyPolicies $--- listKeyPoliciesResponse------ , responseUntagResource $--- untagResourceResponse------ , responseScheduleKeyDeletion $--- scheduleKeyDeletionResponse------ , responsePutKeyPolicy $--- putKeyPolicyResponse------ , responseEnableKey $--- enableKeyResponse------ , responseRevokeGrant $--- revokeGrantResponse------ , responseGetKeyPolicy $--- getKeyPolicyResponse------ , responseImportKeyMaterial $--- importKeyMaterialResponse------ , responseDeleteImportedKeyMaterial $--- deleteImportedKeyMaterialResponse------ ]--- ]---- Requests--requestEncrypt :: Encrypt -> TestTree-requestEncrypt = req- "Encrypt"- "fixture/Encrypt.yaml"--requestListGrants :: ListGrants -> TestTree-requestListGrants = req- "ListGrants"- "fixture/ListGrants.yaml"--requestDisableKeyRotation :: DisableKeyRotation -> TestTree-requestDisableKeyRotation = req- "DisableKeyRotation"- "fixture/DisableKeyRotation.yaml"--requestGenerateDataKeyWithoutPlaintext :: GenerateDataKeyWithoutPlaintext -> TestTree-requestGenerateDataKeyWithoutPlaintext = req- "GenerateDataKeyWithoutPlaintext"- "fixture/GenerateDataKeyWithoutPlaintext.yaml"--requestGetParametersForImport :: GetParametersForImport -> TestTree-requestGetParametersForImport = req- "GetParametersForImport"- "fixture/GetParametersForImport.yaml"--requestEnableKeyRotation :: EnableKeyRotation -> TestTree-requestEnableKeyRotation = req- "EnableKeyRotation"- "fixture/EnableKeyRotation.yaml"--requestCreateAlias :: CreateAlias -> TestTree-requestCreateAlias = req- "CreateAlias"- "fixture/CreateAlias.yaml"--requestCreateGrant :: CreateGrant -> TestTree-requestCreateGrant = req- "CreateGrant"- "fixture/CreateGrant.yaml"--requestListAliases :: ListAliases -> TestTree-requestListAliases = req- "ListAliases"- "fixture/ListAliases.yaml"--requestListRetirableGrants :: ListRetirableGrants -> TestTree-requestListRetirableGrants = req- "ListRetirableGrants"- "fixture/ListRetirableGrants.yaml"--requestGenerateRandom :: GenerateRandom -> TestTree-requestGenerateRandom = req- "GenerateRandom"- "fixture/GenerateRandom.yaml"--requestCreateKey :: CreateKey -> TestTree-requestCreateKey = req- "CreateKey"- "fixture/CreateKey.yaml"--requestDisableKey :: DisableKey -> TestTree-requestDisableKey = req- "DisableKey"- "fixture/DisableKey.yaml"--requestRetireGrant :: RetireGrant -> TestTree-requestRetireGrant = req- "RetireGrant"- "fixture/RetireGrant.yaml"--requestListKeys :: ListKeys -> TestTree-requestListKeys = req- "ListKeys"- "fixture/ListKeys.yaml"--requestListResourceTags :: ListResourceTags -> TestTree-requestListResourceTags = req- "ListResourceTags"- "fixture/ListResourceTags.yaml"--requestGetKeyRotationStatus :: GetKeyRotationStatus -> TestTree-requestGetKeyRotationStatus = req- "GetKeyRotationStatus"- "fixture/GetKeyRotationStatus.yaml"--requestGenerateDataKey :: GenerateDataKey -> TestTree-requestGenerateDataKey = req- "GenerateDataKey"- "fixture/GenerateDataKey.yaml"--requestDeleteAlias :: DeleteAlias -> TestTree-requestDeleteAlias = req- "DeleteAlias"- "fixture/DeleteAlias.yaml"--requestUpdateAlias :: UpdateAlias -> TestTree-requestUpdateAlias = req- "UpdateAlias"- "fixture/UpdateAlias.yaml"--requestDescribeKey :: DescribeKey -> TestTree-requestDescribeKey = req- "DescribeKey"- "fixture/DescribeKey.yaml"--requestCancelKeyDeletion :: CancelKeyDeletion -> TestTree-requestCancelKeyDeletion = req- "CancelKeyDeletion"- "fixture/CancelKeyDeletion.yaml"--requestDecrypt :: Decrypt -> TestTree-requestDecrypt = req- "Decrypt"- "fixture/Decrypt.yaml"--requestUpdateKeyDescription :: UpdateKeyDescription -> TestTree-requestUpdateKeyDescription = req- "UpdateKeyDescription"- "fixture/UpdateKeyDescription.yaml"--requestReEncrypt :: ReEncrypt -> TestTree-requestReEncrypt = req- "ReEncrypt"- "fixture/ReEncrypt.yaml"--requestTagResource :: TagResource -> TestTree-requestTagResource = req- "TagResource"- "fixture/TagResource.yaml"--requestListKeyPolicies :: ListKeyPolicies -> TestTree-requestListKeyPolicies = req- "ListKeyPolicies"- "fixture/ListKeyPolicies.yaml"--requestUntagResource :: UntagResource -> TestTree-requestUntagResource = req- "UntagResource"- "fixture/UntagResource.yaml"--requestScheduleKeyDeletion :: ScheduleKeyDeletion -> TestTree-requestScheduleKeyDeletion = req- "ScheduleKeyDeletion"- "fixture/ScheduleKeyDeletion.yaml"--requestPutKeyPolicy :: PutKeyPolicy -> TestTree-requestPutKeyPolicy = req- "PutKeyPolicy"- "fixture/PutKeyPolicy.yaml"--requestEnableKey :: EnableKey -> TestTree-requestEnableKey = req- "EnableKey"- "fixture/EnableKey.yaml"--requestRevokeGrant :: RevokeGrant -> TestTree-requestRevokeGrant = req- "RevokeGrant"- "fixture/RevokeGrant.yaml"--requestGetKeyPolicy :: GetKeyPolicy -> TestTree-requestGetKeyPolicy = req- "GetKeyPolicy"- "fixture/GetKeyPolicy.yaml"--requestImportKeyMaterial :: ImportKeyMaterial -> TestTree-requestImportKeyMaterial = req- "ImportKeyMaterial"- "fixture/ImportKeyMaterial.yaml"--requestDeleteImportedKeyMaterial :: DeleteImportedKeyMaterial -> TestTree-requestDeleteImportedKeyMaterial = req- "DeleteImportedKeyMaterial"- "fixture/DeleteImportedKeyMaterial.yaml"---- Responses--responseEncrypt :: EncryptResponse -> TestTree-responseEncrypt = res- "EncryptResponse"- "fixture/EncryptResponse.proto"- kms- (Proxy :: Proxy Encrypt)--responseListGrants :: ListGrantsResponse -> TestTree-responseListGrants = res- "ListGrantsResponse"- "fixture/ListGrantsResponse.proto"- kms- (Proxy :: Proxy ListGrants)--responseDisableKeyRotation :: DisableKeyRotationResponse -> TestTree-responseDisableKeyRotation = res- "DisableKeyRotationResponse"- "fixture/DisableKeyRotationResponse.proto"- kms- (Proxy :: Proxy DisableKeyRotation)--responseGenerateDataKeyWithoutPlaintext :: GenerateDataKeyWithoutPlaintextResponse -> TestTree-responseGenerateDataKeyWithoutPlaintext = res- "GenerateDataKeyWithoutPlaintextResponse"- "fixture/GenerateDataKeyWithoutPlaintextResponse.proto"- kms- (Proxy :: Proxy GenerateDataKeyWithoutPlaintext)--responseGetParametersForImport :: GetParametersForImportResponse -> TestTree-responseGetParametersForImport = res- "GetParametersForImportResponse"- "fixture/GetParametersForImportResponse.proto"- kms- (Proxy :: Proxy GetParametersForImport)--responseEnableKeyRotation :: EnableKeyRotationResponse -> TestTree-responseEnableKeyRotation = res- "EnableKeyRotationResponse"- "fixture/EnableKeyRotationResponse.proto"- kms- (Proxy :: Proxy EnableKeyRotation)--responseCreateAlias :: CreateAliasResponse -> TestTree-responseCreateAlias = res- "CreateAliasResponse"- "fixture/CreateAliasResponse.proto"- kms- (Proxy :: Proxy CreateAlias)--responseCreateGrant :: CreateGrantResponse -> TestTree-responseCreateGrant = res- "CreateGrantResponse"- "fixture/CreateGrantResponse.proto"- kms- (Proxy :: Proxy CreateGrant)--responseListAliases :: ListAliasesResponse -> TestTree-responseListAliases = res- "ListAliasesResponse"- "fixture/ListAliasesResponse.proto"- kms- (Proxy :: Proxy ListAliases)--responseListRetirableGrants :: ListGrantsResponse -> TestTree-responseListRetirableGrants = res- "ListRetirableGrantsResponse"- "fixture/ListRetirableGrantsResponse.proto"- kms- (Proxy :: Proxy ListRetirableGrants)--responseGenerateRandom :: GenerateRandomResponse -> TestTree-responseGenerateRandom = res- "GenerateRandomResponse"- "fixture/GenerateRandomResponse.proto"- kms- (Proxy :: Proxy GenerateRandom)--responseCreateKey :: CreateKeyResponse -> TestTree-responseCreateKey = res- "CreateKeyResponse"- "fixture/CreateKeyResponse.proto"- kms- (Proxy :: Proxy CreateKey)--responseDisableKey :: DisableKeyResponse -> TestTree-responseDisableKey = res- "DisableKeyResponse"- "fixture/DisableKeyResponse.proto"- kms- (Proxy :: Proxy DisableKey)--responseRetireGrant :: RetireGrantResponse -> TestTree-responseRetireGrant = res- "RetireGrantResponse"- "fixture/RetireGrantResponse.proto"- kms- (Proxy :: Proxy RetireGrant)--responseListKeys :: ListKeysResponse -> TestTree-responseListKeys = res- "ListKeysResponse"- "fixture/ListKeysResponse.proto"- kms- (Proxy :: Proxy ListKeys)--responseListResourceTags :: ListResourceTagsResponse -> TestTree-responseListResourceTags = res- "ListResourceTagsResponse"- "fixture/ListResourceTagsResponse.proto"- kms- (Proxy :: Proxy ListResourceTags)--responseGetKeyRotationStatus :: GetKeyRotationStatusResponse -> TestTree-responseGetKeyRotationStatus = res- "GetKeyRotationStatusResponse"- "fixture/GetKeyRotationStatusResponse.proto"- kms- (Proxy :: Proxy GetKeyRotationStatus)--responseGenerateDataKey :: GenerateDataKeyResponse -> TestTree-responseGenerateDataKey = res- "GenerateDataKeyResponse"- "fixture/GenerateDataKeyResponse.proto"- kms- (Proxy :: Proxy GenerateDataKey)--responseDeleteAlias :: DeleteAliasResponse -> TestTree-responseDeleteAlias = res- "DeleteAliasResponse"- "fixture/DeleteAliasResponse.proto"- kms- (Proxy :: Proxy DeleteAlias)--responseUpdateAlias :: UpdateAliasResponse -> TestTree-responseUpdateAlias = res- "UpdateAliasResponse"- "fixture/UpdateAliasResponse.proto"- kms- (Proxy :: Proxy UpdateAlias)--responseDescribeKey :: DescribeKeyResponse -> TestTree-responseDescribeKey = res- "DescribeKeyResponse"- "fixture/DescribeKeyResponse.proto"- kms- (Proxy :: Proxy DescribeKey)--responseCancelKeyDeletion :: CancelKeyDeletionResponse -> TestTree-responseCancelKeyDeletion = res- "CancelKeyDeletionResponse"- "fixture/CancelKeyDeletionResponse.proto"- kms- (Proxy :: Proxy CancelKeyDeletion)--responseDecrypt :: DecryptResponse -> TestTree-responseDecrypt = res- "DecryptResponse"- "fixture/DecryptResponse.proto"- kms- (Proxy :: Proxy Decrypt)--responseUpdateKeyDescription :: UpdateKeyDescriptionResponse -> TestTree-responseUpdateKeyDescription = res- "UpdateKeyDescriptionResponse"- "fixture/UpdateKeyDescriptionResponse.proto"- kms- (Proxy :: Proxy UpdateKeyDescription)--responseReEncrypt :: ReEncryptResponse -> TestTree-responseReEncrypt = res- "ReEncryptResponse"- "fixture/ReEncryptResponse.proto"- kms- (Proxy :: Proxy ReEncrypt)--responseTagResource :: TagResourceResponse -> TestTree-responseTagResource = res- "TagResourceResponse"- "fixture/TagResourceResponse.proto"- kms- (Proxy :: Proxy TagResource)--responseListKeyPolicies :: ListKeyPoliciesResponse -> TestTree-responseListKeyPolicies = res- "ListKeyPoliciesResponse"- "fixture/ListKeyPoliciesResponse.proto"- kms- (Proxy :: Proxy ListKeyPolicies)--responseUntagResource :: UntagResourceResponse -> TestTree-responseUntagResource = res- "UntagResourceResponse"- "fixture/UntagResourceResponse.proto"- kms- (Proxy :: Proxy UntagResource)--responseScheduleKeyDeletion :: ScheduleKeyDeletionResponse -> TestTree-responseScheduleKeyDeletion = res- "ScheduleKeyDeletionResponse"- "fixture/ScheduleKeyDeletionResponse.proto"- kms- (Proxy :: Proxy ScheduleKeyDeletion)--responsePutKeyPolicy :: PutKeyPolicyResponse -> TestTree-responsePutKeyPolicy = res- "PutKeyPolicyResponse"- "fixture/PutKeyPolicyResponse.proto"- kms- (Proxy :: Proxy PutKeyPolicy)--responseEnableKey :: EnableKeyResponse -> TestTree-responseEnableKey = res- "EnableKeyResponse"- "fixture/EnableKeyResponse.proto"- kms- (Proxy :: Proxy EnableKey)--responseRevokeGrant :: RevokeGrantResponse -> TestTree-responseRevokeGrant = res- "RevokeGrantResponse"- "fixture/RevokeGrantResponse.proto"- kms- (Proxy :: Proxy RevokeGrant)--responseGetKeyPolicy :: GetKeyPolicyResponse -> TestTree-responseGetKeyPolicy = res- "GetKeyPolicyResponse"- "fixture/GetKeyPolicyResponse.proto"- kms- (Proxy :: Proxy GetKeyPolicy)--responseImportKeyMaterial :: ImportKeyMaterialResponse -> TestTree-responseImportKeyMaterial = res- "ImportKeyMaterialResponse"- "fixture/ImportKeyMaterialResponse.proto"- kms- (Proxy :: Proxy ImportKeyMaterial)--responseDeleteImportedKeyMaterial :: DeleteImportedKeyMaterialResponse -> TestTree-responseDeleteImportedKeyMaterial = res- "DeleteImportedKeyMaterialResponse"- "fixture/DeleteImportedKeyMaterialResponse.proto"- kms- (Proxy :: Proxy DeleteImportedKeyMaterial)
− test/Test/AWS/KMS.hs
@@ -1,26 +0,0 @@-{-# LANGUAGE OverloadedStrings #-}---- Module : Test.AWS.KMS--- Copyright : (c) 2013-2018 Brendan Hay--- License : This Source Code Form is subject to the terms of--- the Mozilla Public License, v. 2.0.--- A copy of the MPL can be found in the LICENSE file or--- you can obtain it at http://mozilla.org/MPL/2.0/.--- Maintainer : Brendan Hay <brendan.g.hay@gmail.com>--- Stability : experimental--- Portability : non-portable (GHC extensions)--module Test.AWS.KMS- ( tests- , fixtures- ) where--import Network.AWS.KMS-import Test.AWS.Gen.KMS-import Test.Tasty--tests :: [TestTree]-tests = []--fixtures :: [TestTree]-fixtures = []
− test/Test/AWS/KMS/Internal.hs
@@ -1,16 +0,0 @@-{-# LANGUAGE OverloadedStrings #-}-{-# OPTIONS_GHC -fno-warn-unused-imports #-}---- Module : Test.AWS.KMS.Internal--- Copyright : (c) 2013-2018 Brendan Hay--- License : This Source Code Form is subject to the terms of--- the Mozilla Public License, v. 2.0.--- A copy of the MPL can be found in the LICENSE file or--- you can obtain it at http://mozilla.org/MPL/2.0/.--- Maintainer : Brendan Hay <brendan.g.hay@gmail.com>--- Stability : experimental--- Portability : non-portable (GHC extensions)--module Test.AWS.KMS.Internal where--import Test.AWS.Prelude
+ test/Test/Amazonka/Gen/KMS.hs view
@@ -0,0 +1,1038 @@+{-# OPTIONS_GHC -fno-warn-orphans #-}+{-# OPTIONS_GHC -fno-warn-unused-imports #-}++-- Derived from AWS service descriptions, licensed under Apache 2.0.++-- |+-- Module : Test.Amazonka.Gen.KMS+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.Gen.KMS where++import Amazonka.KMS+import qualified Data.Proxy as Proxy+import Test.Amazonka.Fixture+import Test.Amazonka.KMS.Internal+import Test.Amazonka.Prelude+import Test.Tasty++-- Auto-generated: the actual test selection needs to be manually placed into+-- the top-level so that real test data can be incrementally added.+--+-- This commented snippet is what the entire set should look like:++-- fixtures :: TestTree+-- fixtures =+-- [ testGroup "request"+-- [ requestCancelKeyDeletion $+-- newCancelKeyDeletion+--+-- , requestConnectCustomKeyStore $+-- newConnectCustomKeyStore+--+-- , requestCreateAlias $+-- newCreateAlias+--+-- , requestCreateCustomKeyStore $+-- newCreateCustomKeyStore+--+-- , requestCreateGrant $+-- newCreateGrant+--+-- , requestCreateKey $+-- newCreateKey+--+-- , requestDecrypt $+-- newDecrypt+--+-- , requestDeleteAlias $+-- newDeleteAlias+--+-- , requestDeleteCustomKeyStore $+-- newDeleteCustomKeyStore+--+-- , requestDeleteImportedKeyMaterial $+-- newDeleteImportedKeyMaterial+--+-- , requestDescribeCustomKeyStores $+-- newDescribeCustomKeyStores+--+-- , requestDescribeKey $+-- newDescribeKey+--+-- , requestDisableKey $+-- newDisableKey+--+-- , requestDisableKeyRotation $+-- newDisableKeyRotation+--+-- , requestDisconnectCustomKeyStore $+-- newDisconnectCustomKeyStore+--+-- , requestEnableKey $+-- newEnableKey+--+-- , requestEnableKeyRotation $+-- newEnableKeyRotation+--+-- , requestEncrypt $+-- newEncrypt+--+-- , requestGenerateDataKey $+-- newGenerateDataKey+--+-- , requestGenerateDataKeyPair $+-- newGenerateDataKeyPair+--+-- , requestGenerateDataKeyPairWithoutPlaintext $+-- newGenerateDataKeyPairWithoutPlaintext+--+-- , requestGenerateDataKeyWithoutPlaintext $+-- newGenerateDataKeyWithoutPlaintext+--+-- , requestGenerateMac $+-- newGenerateMac+--+-- , requestGenerateRandom $+-- newGenerateRandom+--+-- , requestGetKeyPolicy $+-- newGetKeyPolicy+--+-- , requestGetKeyRotationStatus $+-- newGetKeyRotationStatus+--+-- , requestGetParametersForImport $+-- newGetParametersForImport+--+-- , requestGetPublicKey $+-- newGetPublicKey+--+-- , requestImportKeyMaterial $+-- newImportKeyMaterial+--+-- , requestListAliases $+-- newListAliases+--+-- , requestListGrants $+-- newListGrants+--+-- , requestListKeyPolicies $+-- newListKeyPolicies+--+-- , requestListKeys $+-- newListKeys+--+-- , requestListResourceTags $+-- newListResourceTags+--+-- , requestListRetirableGrants $+-- newListRetirableGrants+--+-- , requestPutKeyPolicy $+-- newPutKeyPolicy+--+-- , requestReEncrypt $+-- newReEncrypt+--+-- , requestReplicateKey $+-- newReplicateKey+--+-- , requestRetireGrant $+-- newRetireGrant+--+-- , requestRevokeGrant $+-- newRevokeGrant+--+-- , requestScheduleKeyDeletion $+-- newScheduleKeyDeletion+--+-- , requestSign $+-- newSign+--+-- , requestTagResource $+-- newTagResource+--+-- , requestUntagResource $+-- newUntagResource+--+-- , requestUpdateAlias $+-- newUpdateAlias+--+-- , requestUpdateCustomKeyStore $+-- newUpdateCustomKeyStore+--+-- , requestUpdateKeyDescription $+-- newUpdateKeyDescription+--+-- , requestUpdatePrimaryRegion $+-- newUpdatePrimaryRegion+--+-- , requestVerify $+-- newVerify+--+-- , requestVerifyMac $+-- newVerifyMac+--+-- ]++-- , testGroup "response"+-- [ responseCancelKeyDeletion $+-- newCancelKeyDeletionResponse+--+-- , responseConnectCustomKeyStore $+-- newConnectCustomKeyStoreResponse+--+-- , responseCreateAlias $+-- newCreateAliasResponse+--+-- , responseCreateCustomKeyStore $+-- newCreateCustomKeyStoreResponse+--+-- , responseCreateGrant $+-- newCreateGrantResponse+--+-- , responseCreateKey $+-- newCreateKeyResponse+--+-- , responseDecrypt $+-- newDecryptResponse+--+-- , responseDeleteAlias $+-- newDeleteAliasResponse+--+-- , responseDeleteCustomKeyStore $+-- newDeleteCustomKeyStoreResponse+--+-- , responseDeleteImportedKeyMaterial $+-- newDeleteImportedKeyMaterialResponse+--+-- , responseDescribeCustomKeyStores $+-- newDescribeCustomKeyStoresResponse+--+-- , responseDescribeKey $+-- newDescribeKeyResponse+--+-- , responseDisableKey $+-- newDisableKeyResponse+--+-- , responseDisableKeyRotation $+-- newDisableKeyRotationResponse+--+-- , responseDisconnectCustomKeyStore $+-- newDisconnectCustomKeyStoreResponse+--+-- , responseEnableKey $+-- newEnableKeyResponse+--+-- , responseEnableKeyRotation $+-- newEnableKeyRotationResponse+--+-- , responseEncrypt $+-- newEncryptResponse+--+-- , responseGenerateDataKey $+-- newGenerateDataKeyResponse+--+-- , responseGenerateDataKeyPair $+-- newGenerateDataKeyPairResponse+--+-- , responseGenerateDataKeyPairWithoutPlaintext $+-- newGenerateDataKeyPairWithoutPlaintextResponse+--+-- , responseGenerateDataKeyWithoutPlaintext $+-- newGenerateDataKeyWithoutPlaintextResponse+--+-- , responseGenerateMac $+-- newGenerateMacResponse+--+-- , responseGenerateRandom $+-- newGenerateRandomResponse+--+-- , responseGetKeyPolicy $+-- newGetKeyPolicyResponse+--+-- , responseGetKeyRotationStatus $+-- newGetKeyRotationStatusResponse+--+-- , responseGetParametersForImport $+-- newGetParametersForImportResponse+--+-- , responseGetPublicKey $+-- newGetPublicKeyResponse+--+-- , responseImportKeyMaterial $+-- newImportKeyMaterialResponse+--+-- , responseListAliases $+-- newListAliasesResponse+--+-- , responseListGrants $+-- newListGrantsResponse+--+-- , responseListKeyPolicies $+-- newListKeyPoliciesResponse+--+-- , responseListKeys $+-- newListKeysResponse+--+-- , responseListResourceTags $+-- newListResourceTagsResponse+--+-- , responseListRetirableGrants $+-- newListGrantsResponse+--+-- , responsePutKeyPolicy $+-- newPutKeyPolicyResponse+--+-- , responseReEncrypt $+-- newReEncryptResponse+--+-- , responseReplicateKey $+-- newReplicateKeyResponse+--+-- , responseRetireGrant $+-- newRetireGrantResponse+--+-- , responseRevokeGrant $+-- newRevokeGrantResponse+--+-- , responseScheduleKeyDeletion $+-- newScheduleKeyDeletionResponse+--+-- , responseSign $+-- newSignResponse+--+-- , responseTagResource $+-- newTagResourceResponse+--+-- , responseUntagResource $+-- newUntagResourceResponse+--+-- , responseUpdateAlias $+-- newUpdateAliasResponse+--+-- , responseUpdateCustomKeyStore $+-- newUpdateCustomKeyStoreResponse+--+-- , responseUpdateKeyDescription $+-- newUpdateKeyDescriptionResponse+--+-- , responseUpdatePrimaryRegion $+-- newUpdatePrimaryRegionResponse+--+-- , responseVerify $+-- newVerifyResponse+--+-- , responseVerifyMac $+-- newVerifyMacResponse+--+-- ]+-- ]++-- Requests++requestCancelKeyDeletion :: CancelKeyDeletion -> TestTree+requestCancelKeyDeletion =+ req+ "CancelKeyDeletion"+ "fixture/CancelKeyDeletion.yaml"++requestConnectCustomKeyStore :: ConnectCustomKeyStore -> TestTree+requestConnectCustomKeyStore =+ req+ "ConnectCustomKeyStore"+ "fixture/ConnectCustomKeyStore.yaml"++requestCreateAlias :: CreateAlias -> TestTree+requestCreateAlias =+ req+ "CreateAlias"+ "fixture/CreateAlias.yaml"++requestCreateCustomKeyStore :: CreateCustomKeyStore -> TestTree+requestCreateCustomKeyStore =+ req+ "CreateCustomKeyStore"+ "fixture/CreateCustomKeyStore.yaml"++requestCreateGrant :: CreateGrant -> TestTree+requestCreateGrant =+ req+ "CreateGrant"+ "fixture/CreateGrant.yaml"++requestCreateKey :: CreateKey -> TestTree+requestCreateKey =+ req+ "CreateKey"+ "fixture/CreateKey.yaml"++requestDecrypt :: Decrypt -> TestTree+requestDecrypt =+ req+ "Decrypt"+ "fixture/Decrypt.yaml"++requestDeleteAlias :: DeleteAlias -> TestTree+requestDeleteAlias =+ req+ "DeleteAlias"+ "fixture/DeleteAlias.yaml"++requestDeleteCustomKeyStore :: DeleteCustomKeyStore -> TestTree+requestDeleteCustomKeyStore =+ req+ "DeleteCustomKeyStore"+ "fixture/DeleteCustomKeyStore.yaml"++requestDeleteImportedKeyMaterial :: DeleteImportedKeyMaterial -> TestTree+requestDeleteImportedKeyMaterial =+ req+ "DeleteImportedKeyMaterial"+ "fixture/DeleteImportedKeyMaterial.yaml"++requestDescribeCustomKeyStores :: DescribeCustomKeyStores -> TestTree+requestDescribeCustomKeyStores =+ req+ "DescribeCustomKeyStores"+ "fixture/DescribeCustomKeyStores.yaml"++requestDescribeKey :: DescribeKey -> TestTree+requestDescribeKey =+ req+ "DescribeKey"+ "fixture/DescribeKey.yaml"++requestDisableKey :: DisableKey -> TestTree+requestDisableKey =+ req+ "DisableKey"+ "fixture/DisableKey.yaml"++requestDisableKeyRotation :: DisableKeyRotation -> TestTree+requestDisableKeyRotation =+ req+ "DisableKeyRotation"+ "fixture/DisableKeyRotation.yaml"++requestDisconnectCustomKeyStore :: DisconnectCustomKeyStore -> TestTree+requestDisconnectCustomKeyStore =+ req+ "DisconnectCustomKeyStore"+ "fixture/DisconnectCustomKeyStore.yaml"++requestEnableKey :: EnableKey -> TestTree+requestEnableKey =+ req+ "EnableKey"+ "fixture/EnableKey.yaml"++requestEnableKeyRotation :: EnableKeyRotation -> TestTree+requestEnableKeyRotation =+ req+ "EnableKeyRotation"+ "fixture/EnableKeyRotation.yaml"++requestEncrypt :: Encrypt -> TestTree+requestEncrypt =+ req+ "Encrypt"+ "fixture/Encrypt.yaml"++requestGenerateDataKey :: GenerateDataKey -> TestTree+requestGenerateDataKey =+ req+ "GenerateDataKey"+ "fixture/GenerateDataKey.yaml"++requestGenerateDataKeyPair :: GenerateDataKeyPair -> TestTree+requestGenerateDataKeyPair =+ req+ "GenerateDataKeyPair"+ "fixture/GenerateDataKeyPair.yaml"++requestGenerateDataKeyPairWithoutPlaintext :: GenerateDataKeyPairWithoutPlaintext -> TestTree+requestGenerateDataKeyPairWithoutPlaintext =+ req+ "GenerateDataKeyPairWithoutPlaintext"+ "fixture/GenerateDataKeyPairWithoutPlaintext.yaml"++requestGenerateDataKeyWithoutPlaintext :: GenerateDataKeyWithoutPlaintext -> TestTree+requestGenerateDataKeyWithoutPlaintext =+ req+ "GenerateDataKeyWithoutPlaintext"+ "fixture/GenerateDataKeyWithoutPlaintext.yaml"++requestGenerateMac :: GenerateMac -> TestTree+requestGenerateMac =+ req+ "GenerateMac"+ "fixture/GenerateMac.yaml"++requestGenerateRandom :: GenerateRandom -> TestTree+requestGenerateRandom =+ req+ "GenerateRandom"+ "fixture/GenerateRandom.yaml"++requestGetKeyPolicy :: GetKeyPolicy -> TestTree+requestGetKeyPolicy =+ req+ "GetKeyPolicy"+ "fixture/GetKeyPolicy.yaml"++requestGetKeyRotationStatus :: GetKeyRotationStatus -> TestTree+requestGetKeyRotationStatus =+ req+ "GetKeyRotationStatus"+ "fixture/GetKeyRotationStatus.yaml"++requestGetParametersForImport :: GetParametersForImport -> TestTree+requestGetParametersForImport =+ req+ "GetParametersForImport"+ "fixture/GetParametersForImport.yaml"++requestGetPublicKey :: GetPublicKey -> TestTree+requestGetPublicKey =+ req+ "GetPublicKey"+ "fixture/GetPublicKey.yaml"++requestImportKeyMaterial :: ImportKeyMaterial -> TestTree+requestImportKeyMaterial =+ req+ "ImportKeyMaterial"+ "fixture/ImportKeyMaterial.yaml"++requestListAliases :: ListAliases -> TestTree+requestListAliases =+ req+ "ListAliases"+ "fixture/ListAliases.yaml"++requestListGrants :: ListGrants -> TestTree+requestListGrants =+ req+ "ListGrants"+ "fixture/ListGrants.yaml"++requestListKeyPolicies :: ListKeyPolicies -> TestTree+requestListKeyPolicies =+ req+ "ListKeyPolicies"+ "fixture/ListKeyPolicies.yaml"++requestListKeys :: ListKeys -> TestTree+requestListKeys =+ req+ "ListKeys"+ "fixture/ListKeys.yaml"++requestListResourceTags :: ListResourceTags -> TestTree+requestListResourceTags =+ req+ "ListResourceTags"+ "fixture/ListResourceTags.yaml"++requestListRetirableGrants :: ListRetirableGrants -> TestTree+requestListRetirableGrants =+ req+ "ListRetirableGrants"+ "fixture/ListRetirableGrants.yaml"++requestPutKeyPolicy :: PutKeyPolicy -> TestTree+requestPutKeyPolicy =+ req+ "PutKeyPolicy"+ "fixture/PutKeyPolicy.yaml"++requestReEncrypt :: ReEncrypt -> TestTree+requestReEncrypt =+ req+ "ReEncrypt"+ "fixture/ReEncrypt.yaml"++requestReplicateKey :: ReplicateKey -> TestTree+requestReplicateKey =+ req+ "ReplicateKey"+ "fixture/ReplicateKey.yaml"++requestRetireGrant :: RetireGrant -> TestTree+requestRetireGrant =+ req+ "RetireGrant"+ "fixture/RetireGrant.yaml"++requestRevokeGrant :: RevokeGrant -> TestTree+requestRevokeGrant =+ req+ "RevokeGrant"+ "fixture/RevokeGrant.yaml"++requestScheduleKeyDeletion :: ScheduleKeyDeletion -> TestTree+requestScheduleKeyDeletion =+ req+ "ScheduleKeyDeletion"+ "fixture/ScheduleKeyDeletion.yaml"++requestSign :: Sign -> TestTree+requestSign =+ req+ "Sign"+ "fixture/Sign.yaml"++requestTagResource :: TagResource -> TestTree+requestTagResource =+ req+ "TagResource"+ "fixture/TagResource.yaml"++requestUntagResource :: UntagResource -> TestTree+requestUntagResource =+ req+ "UntagResource"+ "fixture/UntagResource.yaml"++requestUpdateAlias :: UpdateAlias -> TestTree+requestUpdateAlias =+ req+ "UpdateAlias"+ "fixture/UpdateAlias.yaml"++requestUpdateCustomKeyStore :: UpdateCustomKeyStore -> TestTree+requestUpdateCustomKeyStore =+ req+ "UpdateCustomKeyStore"+ "fixture/UpdateCustomKeyStore.yaml"++requestUpdateKeyDescription :: UpdateKeyDescription -> TestTree+requestUpdateKeyDescription =+ req+ "UpdateKeyDescription"+ "fixture/UpdateKeyDescription.yaml"++requestUpdatePrimaryRegion :: UpdatePrimaryRegion -> TestTree+requestUpdatePrimaryRegion =+ req+ "UpdatePrimaryRegion"+ "fixture/UpdatePrimaryRegion.yaml"++requestVerify :: Verify -> TestTree+requestVerify =+ req+ "Verify"+ "fixture/Verify.yaml"++requestVerifyMac :: VerifyMac -> TestTree+requestVerifyMac =+ req+ "VerifyMac"+ "fixture/VerifyMac.yaml"++-- Responses++responseCancelKeyDeletion :: CancelKeyDeletionResponse -> TestTree+responseCancelKeyDeletion =+ res+ "CancelKeyDeletionResponse"+ "fixture/CancelKeyDeletionResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy CancelKeyDeletion)++responseConnectCustomKeyStore :: ConnectCustomKeyStoreResponse -> TestTree+responseConnectCustomKeyStore =+ res+ "ConnectCustomKeyStoreResponse"+ "fixture/ConnectCustomKeyStoreResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ConnectCustomKeyStore)++responseCreateAlias :: CreateAliasResponse -> TestTree+responseCreateAlias =+ res+ "CreateAliasResponse"+ "fixture/CreateAliasResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy CreateAlias)++responseCreateCustomKeyStore :: CreateCustomKeyStoreResponse -> TestTree+responseCreateCustomKeyStore =+ res+ "CreateCustomKeyStoreResponse"+ "fixture/CreateCustomKeyStoreResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy CreateCustomKeyStore)++responseCreateGrant :: CreateGrantResponse -> TestTree+responseCreateGrant =+ res+ "CreateGrantResponse"+ "fixture/CreateGrantResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy CreateGrant)++responseCreateKey :: CreateKeyResponse -> TestTree+responseCreateKey =+ res+ "CreateKeyResponse"+ "fixture/CreateKeyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy CreateKey)++responseDecrypt :: DecryptResponse -> TestTree+responseDecrypt =+ res+ "DecryptResponse"+ "fixture/DecryptResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy Decrypt)++responseDeleteAlias :: DeleteAliasResponse -> TestTree+responseDeleteAlias =+ res+ "DeleteAliasResponse"+ "fixture/DeleteAliasResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy DeleteAlias)++responseDeleteCustomKeyStore :: DeleteCustomKeyStoreResponse -> TestTree+responseDeleteCustomKeyStore =+ res+ "DeleteCustomKeyStoreResponse"+ "fixture/DeleteCustomKeyStoreResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy DeleteCustomKeyStore)++responseDeleteImportedKeyMaterial :: DeleteImportedKeyMaterialResponse -> TestTree+responseDeleteImportedKeyMaterial =+ res+ "DeleteImportedKeyMaterialResponse"+ "fixture/DeleteImportedKeyMaterialResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy DeleteImportedKeyMaterial)++responseDescribeCustomKeyStores :: DescribeCustomKeyStoresResponse -> TestTree+responseDescribeCustomKeyStores =+ res+ "DescribeCustomKeyStoresResponse"+ "fixture/DescribeCustomKeyStoresResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy DescribeCustomKeyStores)++responseDescribeKey :: DescribeKeyResponse -> TestTree+responseDescribeKey =+ res+ "DescribeKeyResponse"+ "fixture/DescribeKeyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy DescribeKey)++responseDisableKey :: DisableKeyResponse -> TestTree+responseDisableKey =+ res+ "DisableKeyResponse"+ "fixture/DisableKeyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy DisableKey)++responseDisableKeyRotation :: DisableKeyRotationResponse -> TestTree+responseDisableKeyRotation =+ res+ "DisableKeyRotationResponse"+ "fixture/DisableKeyRotationResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy DisableKeyRotation)++responseDisconnectCustomKeyStore :: DisconnectCustomKeyStoreResponse -> TestTree+responseDisconnectCustomKeyStore =+ res+ "DisconnectCustomKeyStoreResponse"+ "fixture/DisconnectCustomKeyStoreResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy DisconnectCustomKeyStore)++responseEnableKey :: EnableKeyResponse -> TestTree+responseEnableKey =+ res+ "EnableKeyResponse"+ "fixture/EnableKeyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy EnableKey)++responseEnableKeyRotation :: EnableKeyRotationResponse -> TestTree+responseEnableKeyRotation =+ res+ "EnableKeyRotationResponse"+ "fixture/EnableKeyRotationResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy EnableKeyRotation)++responseEncrypt :: EncryptResponse -> TestTree+responseEncrypt =+ res+ "EncryptResponse"+ "fixture/EncryptResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy Encrypt)++responseGenerateDataKey :: GenerateDataKeyResponse -> TestTree+responseGenerateDataKey =+ res+ "GenerateDataKeyResponse"+ "fixture/GenerateDataKeyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GenerateDataKey)++responseGenerateDataKeyPair :: GenerateDataKeyPairResponse -> TestTree+responseGenerateDataKeyPair =+ res+ "GenerateDataKeyPairResponse"+ "fixture/GenerateDataKeyPairResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GenerateDataKeyPair)++responseGenerateDataKeyPairWithoutPlaintext :: GenerateDataKeyPairWithoutPlaintextResponse -> TestTree+responseGenerateDataKeyPairWithoutPlaintext =+ res+ "GenerateDataKeyPairWithoutPlaintextResponse"+ "fixture/GenerateDataKeyPairWithoutPlaintextResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GenerateDataKeyPairWithoutPlaintext)++responseGenerateDataKeyWithoutPlaintext :: GenerateDataKeyWithoutPlaintextResponse -> TestTree+responseGenerateDataKeyWithoutPlaintext =+ res+ "GenerateDataKeyWithoutPlaintextResponse"+ "fixture/GenerateDataKeyWithoutPlaintextResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GenerateDataKeyWithoutPlaintext)++responseGenerateMac :: GenerateMacResponse -> TestTree+responseGenerateMac =+ res+ "GenerateMacResponse"+ "fixture/GenerateMacResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GenerateMac)++responseGenerateRandom :: GenerateRandomResponse -> TestTree+responseGenerateRandom =+ res+ "GenerateRandomResponse"+ "fixture/GenerateRandomResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GenerateRandom)++responseGetKeyPolicy :: GetKeyPolicyResponse -> TestTree+responseGetKeyPolicy =+ res+ "GetKeyPolicyResponse"+ "fixture/GetKeyPolicyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GetKeyPolicy)++responseGetKeyRotationStatus :: GetKeyRotationStatusResponse -> TestTree+responseGetKeyRotationStatus =+ res+ "GetKeyRotationStatusResponse"+ "fixture/GetKeyRotationStatusResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GetKeyRotationStatus)++responseGetParametersForImport :: GetParametersForImportResponse -> TestTree+responseGetParametersForImport =+ res+ "GetParametersForImportResponse"+ "fixture/GetParametersForImportResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GetParametersForImport)++responseGetPublicKey :: GetPublicKeyResponse -> TestTree+responseGetPublicKey =+ res+ "GetPublicKeyResponse"+ "fixture/GetPublicKeyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy GetPublicKey)++responseImportKeyMaterial :: ImportKeyMaterialResponse -> TestTree+responseImportKeyMaterial =+ res+ "ImportKeyMaterialResponse"+ "fixture/ImportKeyMaterialResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ImportKeyMaterial)++responseListAliases :: ListAliasesResponse -> TestTree+responseListAliases =+ res+ "ListAliasesResponse"+ "fixture/ListAliasesResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ListAliases)++responseListGrants :: ListGrantsResponse -> TestTree+responseListGrants =+ res+ "ListGrantsResponse"+ "fixture/ListGrantsResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ListGrants)++responseListKeyPolicies :: ListKeyPoliciesResponse -> TestTree+responseListKeyPolicies =+ res+ "ListKeyPoliciesResponse"+ "fixture/ListKeyPoliciesResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ListKeyPolicies)++responseListKeys :: ListKeysResponse -> TestTree+responseListKeys =+ res+ "ListKeysResponse"+ "fixture/ListKeysResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ListKeys)++responseListResourceTags :: ListResourceTagsResponse -> TestTree+responseListResourceTags =+ res+ "ListResourceTagsResponse"+ "fixture/ListResourceTagsResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ListResourceTags)++responseListRetirableGrants :: ListGrantsResponse -> TestTree+responseListRetirableGrants =+ res+ "ListRetirableGrantsResponse"+ "fixture/ListRetirableGrantsResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ListRetirableGrants)++responsePutKeyPolicy :: PutKeyPolicyResponse -> TestTree+responsePutKeyPolicy =+ res+ "PutKeyPolicyResponse"+ "fixture/PutKeyPolicyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy PutKeyPolicy)++responseReEncrypt :: ReEncryptResponse -> TestTree+responseReEncrypt =+ res+ "ReEncryptResponse"+ "fixture/ReEncryptResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ReEncrypt)++responseReplicateKey :: ReplicateKeyResponse -> TestTree+responseReplicateKey =+ res+ "ReplicateKeyResponse"+ "fixture/ReplicateKeyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ReplicateKey)++responseRetireGrant :: RetireGrantResponse -> TestTree+responseRetireGrant =+ res+ "RetireGrantResponse"+ "fixture/RetireGrantResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy RetireGrant)++responseRevokeGrant :: RevokeGrantResponse -> TestTree+responseRevokeGrant =+ res+ "RevokeGrantResponse"+ "fixture/RevokeGrantResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy RevokeGrant)++responseScheduleKeyDeletion :: ScheduleKeyDeletionResponse -> TestTree+responseScheduleKeyDeletion =+ res+ "ScheduleKeyDeletionResponse"+ "fixture/ScheduleKeyDeletionResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy ScheduleKeyDeletion)++responseSign :: SignResponse -> TestTree+responseSign =+ res+ "SignResponse"+ "fixture/SignResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy Sign)++responseTagResource :: TagResourceResponse -> TestTree+responseTagResource =+ res+ "TagResourceResponse"+ "fixture/TagResourceResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy TagResource)++responseUntagResource :: UntagResourceResponse -> TestTree+responseUntagResource =+ res+ "UntagResourceResponse"+ "fixture/UntagResourceResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy UntagResource)++responseUpdateAlias :: UpdateAliasResponse -> TestTree+responseUpdateAlias =+ res+ "UpdateAliasResponse"+ "fixture/UpdateAliasResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy UpdateAlias)++responseUpdateCustomKeyStore :: UpdateCustomKeyStoreResponse -> TestTree+responseUpdateCustomKeyStore =+ res+ "UpdateCustomKeyStoreResponse"+ "fixture/UpdateCustomKeyStoreResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy UpdateCustomKeyStore)++responseUpdateKeyDescription :: UpdateKeyDescriptionResponse -> TestTree+responseUpdateKeyDescription =+ res+ "UpdateKeyDescriptionResponse"+ "fixture/UpdateKeyDescriptionResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy UpdateKeyDescription)++responseUpdatePrimaryRegion :: UpdatePrimaryRegionResponse -> TestTree+responseUpdatePrimaryRegion =+ res+ "UpdatePrimaryRegionResponse"+ "fixture/UpdatePrimaryRegionResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy UpdatePrimaryRegion)++responseVerify :: VerifyResponse -> TestTree+responseVerify =+ res+ "VerifyResponse"+ "fixture/VerifyResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy Verify)++responseVerifyMac :: VerifyMacResponse -> TestTree+responseVerifyMac =+ res+ "VerifyMacResponse"+ "fixture/VerifyMacResponse.proto"+ defaultService+ (Proxy.Proxy :: Proxy.Proxy VerifyMac)
+ test/Test/Amazonka/KMS.hs view
@@ -0,0 +1,20 @@+-- |+-- Module : Test.Amazonka.KMS+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.KMS+ ( tests,+ fixtures,+ )+where++import Test.Tasty (TestTree)++tests :: [TestTree]+tests = []++fixtures :: [TestTree]+fixtures = []
+ test/Test/Amazonka/KMS/Internal.hs view
@@ -0,0 +1,8 @@+-- |+-- Module : Test.Amazonka.KMS.Internal+-- Copyright : (c) 2013-2023 Brendan Hay+-- License : Mozilla Public License, v. 2.0.+-- Maintainer : Brendan Hay+-- Stability : auto-generated+-- Portability : non-portable (GHC extensions)+module Test.Amazonka.KMS.Internal where