1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
|
// Code generated by smithy-go-codegen DO NOT EDIT.
// Package kms provides the API client, operations, and parameter types for AWS Key
// Management Service.
//
// Key Management Service Key Management Service (KMS) is an encryption and key
// management web service. This guide describes the KMS operations that you can
// call programmatically. For general information about KMS, see the Key
// Management Service Developer Guide
// (https://docs.aws.amazon.com/kms/latest/developerguide/). KMS is replacing the
// term customer master key (CMK) with KMS key and KMS key. The concept has not
// changed. To prevent breaking changes, KMS is keeping some variations of this
// term. Amazon Web Services provides SDKs that consist of libraries and sample
// code for various programming languages and platforms (Java, Ruby, .Net, macOS,
// Android, etc.). The SDKs provide a convenient way to create programmatic access
// to KMS and other Amazon Web Services services. For example, the SDKs take care
// of tasks such as signing requests (see below), managing errors, and retrying
// requests automatically. For more information about the Amazon Web Services SDKs,
// including how to download and install them, see Tools for Amazon Web Services
// (http://aws.amazon.com/tools/). We recommend that you use the Amazon Web
// Services SDKs to make programmatic API calls to KMS. If you need to use FIPS
// 140-2 validated cryptographic modules when communicating with Amazon Web
// Services, use the FIPS endpoint in your preferred Amazon Web Services Region.
// For more information about the available FIPS endpoints, see Service endpoints
// (https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region) in the Key
// Management Service topic of the Amazon Web Services General Reference. All KMS
// API calls must be signed and be transmitted using Transport Layer Security
// (TLS). KMS recommends you always use the latest supported TLS version. Clients
// must also support cipher suites with Perfect Forward Secrecy (PFS) such as
// Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman
// (ECDHE). Most modern systems such as Java 7 and later support these modes.
// Signing Requests Requests must be signed by using an access key ID and a secret
// access key. We strongly recommend that you do not use your Amazon Web Services
// account (root) access key ID and secret key for everyday work with KMS. Instead,
// use the access key ID and secret access key for an IAM user. You can also use
// the Amazon Web Services Security Token Service to generate temporary security
// credentials that you can use to sign requests. All KMS operations require
// Signature Version 4
// (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
// Logging API Requests KMS supports CloudTrail, a service that logs Amazon Web
// Services API calls and related events for your Amazon Web Services account and
// delivers them to an Amazon S3 bucket that you specify. By using the information
// collected by CloudTrail, you can determine what requests were made to KMS, who
// made the request, when it was made, and so on. To learn more about CloudTrail,
// including how to turn it on and find your log files, see the CloudTrail User
// Guide (https://docs.aws.amazon.com/awscloudtrail/latest/userguide/). Additional
// Resources For more information about credentials and request signing, see the
// following:
//
// * Amazon Web Services Security Credentials
// (https://docs.aws.amazon.com/general/latest/gr/aws-security-credentials.html) -
// This topic provides general information about the types of credentials used to
// access Amazon Web Services.
//
// * Temporary Security Credentials
// (https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html) -
// This section of the IAM User Guide describes how to create and use temporary
// security credentials.
//
// * Signature Version 4 Signing Process
// (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html) - This
// set of topics walks you through the process of signing a request using an access
// key ID and a secret access key.
//
// Commonly Used API Operations Of the API
// operations discussed in this guide, the following will prove the most useful for
// most applications. You will likely perform operations other than these, such as
// creating keys and assigning policies, by using the console.
//
// * Encrypt
//
// *
// Decrypt
//
// * GenerateDataKey
//
// * GenerateDataKeyWithoutPlaintext
package kms
|
