Skip to content

Kms Classes

AliasListEntryTypeDef

AliasName

  • Type: typing.Optional[str]

AliasArn

  • Type: typing.Optional[str]

TargetKeyId

  • Type: typing.Optional[str]

CreationDate

  • Type: typing.Optional[datetime.datetime]

LastUpdatedDate

  • Type: typing.Optional[datetime.datetime]

BaseValidatorModel

Oops! This Pydantic model is currently empty. Stay tuned!

CancelKeyDeletionRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

CancelKeyDeletionResponseTypeDef

KeyId

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

ConnectCustomKeyStoreRequestRequestTypeDef

CustomKeyStoreId

  • Type:
  • Required: Yes

CreateAliasRequestRequestTypeDef

AliasName

  • Type:
  • Required: Yes

TargetKeyId

  • Type:
  • Required: Yes

CreateCustomKeyStoreRequestRequestTypeDef

CustomKeyStoreName

  • Type:
  • Required: Yes

CloudHsmClusterId

  • Type: typing.Optional[str]

TrustAnchorCertificate

  • Type: typing.Optional[str]

KeyStorePassword

  • Type: typing.Optional[str]

CustomKeyStoreType

  • Type: typing.Optional[typing.Literal['AWS_CLOUDHSM', 'EXTERNAL_KEY_STORE']]

XksProxyUriEndpoint

  • Type: typing.Optional[str]

XksProxyUriPath

  • Type: typing.Optional[str]

XksProxyVpcEndpointServiceName

  • Type: typing.Optional[str]

XksProxyAuthenticationCredential

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.XksProxyAuthenticationCredentialTypeTypeDef]

XksProxyConnectivity

  • Type: typing.Optional[typing.Literal['PUBLIC_ENDPOINT', 'VPC_ENDPOINT_SERVICE']]

CreateCustomKeyStoreResponseTypeDef

CustomKeyStoreId

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

CreateGrantRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

GranteePrincipal

  • Type:
  • Required: Yes

Operations

  • Type: typing.Sequence[typing.Literal['CreateGrant', 'Decrypt', 'DeriveSharedSecret', 'DescribeKey', 'Encrypt', 'GenerateDataKey', 'GenerateDataKeyPair', 'GenerateDataKeyPairWithoutPlaintext', 'GenerateDataKeyWithoutPlaintext', 'GenerateMac', 'GetPublicKey', 'ReEncryptFrom', 'ReEncryptTo', 'RetireGrant', 'Sign', 'Verify', 'VerifyMac']]
  • Required: Yes

RetiringPrincipal

  • Type: typing.Optional[str]

Constraints

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.GrantConstraintsTypeDef]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

Name

  • Type: typing.Optional[str]

DryRun

  • Type: typing.Optional[bool]

CreateGrantResponseTypeDef

GrantToken

  • Type:
  • Required: Yes

GrantId

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

CreateKeyRequestRequestTypeDef

Policy

  • Type: typing.Optional[str]

Description

  • Type: typing.Optional[str]

KeyUsage

  • Type: typing.Optional[typing.Literal['ENCRYPT_DECRYPT', 'GENERATE_VERIFY_MAC', 'KEY_AGREEMENT', 'SIGN_VERIFY']]

CustomerMasterKeySpec

  • Type: typing.Optional[typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'HMAC_224', 'HMAC_256', 'HMAC_384', 'HMAC_512', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2', 'SYMMETRIC_DEFAULT']]

KeySpec

  • Type: typing.Optional[typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'HMAC_224', 'HMAC_256', 'HMAC_384', 'HMAC_512', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2', 'SYMMETRIC_DEFAULT']]

Origin

  • Type: typing.Optional[typing.Literal['AWS_CLOUDHSM', 'AWS_KMS', 'EXTERNAL', 'EXTERNAL_KEY_STORE']]

CustomKeyStoreId

  • Type: typing.Optional[str]

BypassPolicyLockoutSafetyCheck

  • Type: typing.Optional[bool]

Tags

  • Type: typing.Optional[typing.Sequence[aws_resource_validator.pydantic_models.kms_classes.TagTypeDef]]

MultiRegion

  • Type: typing.Optional[bool]

XksKeyId

  • Type: typing.Optional[str]

CreateKeyResponseTypeDef

KeyMetadata

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

CustomKeyStoresListEntryTypeDef

CustomKeyStoreId

  • Type: typing.Optional[str]

CustomKeyStoreName

  • Type: typing.Optional[str]

CloudHsmClusterId

  • Type: typing.Optional[str]

TrustAnchorCertificate

  • Type: typing.Optional[str]

ConnectionState

  • Type: typing.Optional[typing.Literal['CONNECTED', 'CONNECTING', 'DISCONNECTED', 'DISCONNECTING', 'FAILED']]

ConnectionErrorCode

  • Type: typing.Optional[typing.Literal['CLUSTER_NOT_FOUND', 'INSUFFICIENT_CLOUDHSM_HSMS', 'INSUFFICIENT_FREE_ADDRESSES_IN_SUBNET', 'INTERNAL_ERROR', 'INVALID_CREDENTIALS', 'NETWORK_ERRORS', 'SUBNET_NOT_FOUND', 'USER_LOCKED_OUT', 'USER_LOGGED_IN', 'USER_NOT_FOUND', 'XKS_PROXY_ACCESS_DENIED', 'XKS_PROXY_INVALID_CONFIGURATION', 'XKS_PROXY_INVALID_RESPONSE', 'XKS_PROXY_INVALID_TLS_CONFIGURATION', 'XKS_PROXY_NOT_REACHABLE', 'XKS_PROXY_TIMED_OUT', 'XKS_VPC_ENDPOINT_SERVICE_INVALID_CONFIGURATION', 'XKS_VPC_ENDPOINT_SERVICE_NOT_FOUND']]

CreationDate

  • Type: typing.Optional[datetime.datetime]

CustomKeyStoreType

  • Type: typing.Optional[typing.Literal['AWS_CLOUDHSM', 'EXTERNAL_KEY_STORE']]

XksProxyConfiguration

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.XksProxyConfigurationTypeTypeDef]

DecryptRequestRequestTypeDef

CiphertextBlob

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

EncryptionContext

  • Type: typing.Optional[typing.Mapping[str, str]]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

KeyId

  • Type: typing.Optional[str]

EncryptionAlgorithm

  • Type: typing.Optional[typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']]

Recipient

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.RecipientInfoTypeDef]

DryRun

  • Type: typing.Optional[bool]

DecryptResponseTypeDef

KeyId

  • Type:
  • Required: Yes

Plaintext

  • Type:
  • Required: Yes

EncryptionAlgorithm

  • Type: typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']
  • Required: Yes

CiphertextForRecipient

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

DeleteAliasRequestRequestTypeDef

AliasName

  • Type:
  • Required: Yes

DeleteCustomKeyStoreRequestRequestTypeDef

CustomKeyStoreId

  • Type:
  • Required: Yes

DeleteImportedKeyMaterialRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

DeriveSharedSecretRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

KeyAgreementAlgorithm

  • Type: typing.Literal['ECDH']
  • Required: Yes

PublicKey

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

DryRun

  • Type: typing.Optional[bool]

Recipient

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.RecipientInfoTypeDef]

DeriveSharedSecretResponseTypeDef

KeyId

  • Type:
  • Required: Yes

SharedSecret

  • Type:
  • Required: Yes

CiphertextForRecipient

  • Type:
  • Required: Yes

KeyAgreementAlgorithm

  • Type: typing.Literal['ECDH']
  • Required: Yes

KeyOrigin

  • Type: typing.Literal['AWS_CLOUDHSM', 'AWS_KMS', 'EXTERNAL', 'EXTERNAL_KEY_STORE']
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

DescribeCustomKeyStoresRequestDescribeCustomKeyStoresPaginateTypeDef

CustomKeyStoreId

  • Type: typing.Optional[str]

CustomKeyStoreName

  • Type: typing.Optional[str]

PaginationConfig

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.PaginatorConfigTypeDef]

DescribeCustomKeyStoresRequestRequestTypeDef

CustomKeyStoreId

  • Type: typing.Optional[str]

CustomKeyStoreName

  • Type: typing.Optional[str]

Limit

  • Type: typing.Optional[int]

Marker

  • Type: typing.Optional[str]

DescribeCustomKeyStoresResponseTypeDef

CustomKeyStores

  • Type: typing.List[aws_resource_validator.pydantic_models.kms_classes.CustomKeyStoresListEntryTypeDef]
  • Required: Yes

NextMarker

  • Type:
  • Required: Yes

Truncated

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

DescribeKeyRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

DescribeKeyResponseTypeDef

KeyMetadata

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

DisableKeyRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

DisableKeyRotationRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

DisconnectCustomKeyStoreRequestRequestTypeDef

CustomKeyStoreId

  • Type:
  • Required: Yes

EmptyResponseMetadataTypeDef

ResponseMetadata

  • Type:
  • Required: Yes

EnableKeyRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

EnableKeyRotationRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

RotationPeriodInDays

  • Type: typing.Optional[int]

EncryptRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Plaintext

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

EncryptionContext

  • Type: typing.Optional[typing.Mapping[str, str]]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

EncryptionAlgorithm

  • Type: typing.Optional[typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']]

DryRun

  • Type: typing.Optional[bool]

EncryptResponseTypeDef

CiphertextBlob

  • Type:
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

EncryptionAlgorithm

  • Type: typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GenerateDataKeyPairRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

KeyPairSpec

  • Type: typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2']
  • Required: Yes

EncryptionContext

  • Type: typing.Optional[typing.Mapping[str, str]]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

Recipient

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.RecipientInfoTypeDef]

DryRun

  • Type: typing.Optional[bool]

GenerateDataKeyPairResponseTypeDef

PrivateKeyCiphertextBlob

  • Type:
  • Required: Yes

PrivateKeyPlaintext

  • Type:
  • Required: Yes

PublicKey

  • Type:
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

KeyPairSpec

  • Type: typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2']
  • Required: Yes

CiphertextForRecipient

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GenerateDataKeyPairWithoutPlaintextRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

KeyPairSpec

  • Type: typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2']
  • Required: Yes

EncryptionContext

  • Type: typing.Optional[typing.Mapping[str, str]]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

DryRun

  • Type: typing.Optional[bool]

GenerateDataKeyPairWithoutPlaintextResponseTypeDef

PrivateKeyCiphertextBlob

  • Type:
  • Required: Yes

PublicKey

  • Type:
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

KeyPairSpec

  • Type: typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2']
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GenerateDataKeyRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

EncryptionContext

  • Type: typing.Optional[typing.Mapping[str, str]]

NumberOfBytes

  • Type: typing.Optional[int]

KeySpec

  • Type: typing.Optional[typing.Literal['AES_128', 'AES_256']]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

Recipient

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.RecipientInfoTypeDef]

DryRun

  • Type: typing.Optional[bool]

GenerateDataKeyResponseTypeDef

CiphertextBlob

  • Type:
  • Required: Yes

Plaintext

  • Type:
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

CiphertextForRecipient

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GenerateDataKeyWithoutPlaintextRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

EncryptionContext

  • Type: typing.Optional[typing.Mapping[str, str]]

KeySpec

  • Type: typing.Optional[typing.Literal['AES_128', 'AES_256']]

NumberOfBytes

  • Type: typing.Optional[int]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

DryRun

  • Type: typing.Optional[bool]

GenerateDataKeyWithoutPlaintextResponseTypeDef

CiphertextBlob

  • Type:
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GenerateMacRequestRequestTypeDef

Message

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

MacAlgorithm

  • Type: typing.Literal['HMAC_SHA_224', 'HMAC_SHA_256', 'HMAC_SHA_384', 'HMAC_SHA_512']
  • Required: Yes

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

DryRun

  • Type: typing.Optional[bool]

GenerateMacResponseTypeDef

Mac

  • Type:
  • Required: Yes

MacAlgorithm

  • Type: typing.Literal['HMAC_SHA_224', 'HMAC_SHA_256', 'HMAC_SHA_384', 'HMAC_SHA_512']
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GenerateRandomRequestRequestTypeDef

NumberOfBytes

  • Type: typing.Optional[int]

CustomKeyStoreId

  • Type: typing.Optional[str]

Recipient

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.RecipientInfoTypeDef]

GenerateRandomResponseTypeDef

Plaintext

  • Type:
  • Required: Yes

CiphertextForRecipient

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GetKeyPolicyRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

PolicyName

  • Type: typing.Optional[str]

GetKeyPolicyResponseTypeDef

Policy

  • Type:
  • Required: Yes

PolicyName

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GetKeyRotationStatusRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

GetKeyRotationStatusResponseTypeDef

KeyRotationEnabled

  • Type:
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

RotationPeriodInDays

  • Type:
  • Required: Yes

NextRotationDate

  • Type:
  • Required: Yes

OnDemandRotationStartDate

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GetParametersForImportRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

WrappingAlgorithm

  • Type: typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'RSAES_PKCS1_V1_5', 'RSA_AES_KEY_WRAP_SHA_1', 'RSA_AES_KEY_WRAP_SHA_256', 'SM2PKE']
  • Required: Yes

WrappingKeySpec

  • Type: typing.Literal['RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2']
  • Required: Yes

GetParametersForImportResponseTypeDef

KeyId

  • Type:
  • Required: Yes

ImportToken

  • Type:
  • Required: Yes

PublicKey

  • Type:
  • Required: Yes

ParametersValidTo

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GetPublicKeyRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

GetPublicKeyResponseTypeDef

KeyId

  • Type:
  • Required: Yes

PublicKey

  • Type:
  • Required: Yes

CustomerMasterKeySpec

  • Type: typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'HMAC_224', 'HMAC_256', 'HMAC_384', 'HMAC_512', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2', 'SYMMETRIC_DEFAULT']
  • Required: Yes

KeySpec

  • Type: typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'HMAC_224', 'HMAC_256', 'HMAC_384', 'HMAC_512', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2', 'SYMMETRIC_DEFAULT']
  • Required: Yes

KeyUsage

  • Type: typing.Literal['ENCRYPT_DECRYPT', 'GENERATE_VERIFY_MAC', 'KEY_AGREEMENT', 'SIGN_VERIFY']
  • Required: Yes

EncryptionAlgorithms

  • Type: typing.List[typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']]
  • Required: Yes

SigningAlgorithms

  • Type: typing.List[typing.Literal['ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512', 'RSASSA_PKCS1_V1_5_SHA_256', 'RSASSA_PKCS1_V1_5_SHA_384', 'RSASSA_PKCS1_V1_5_SHA_512', 'RSASSA_PSS_SHA_256', 'RSASSA_PSS_SHA_384', 'RSASSA_PSS_SHA_512', 'SM2DSA']]
  • Required: Yes

KeyAgreementAlgorithms

  • Type: typing.List[typing.Literal['ECDH']]
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

GrantConstraintsExtraOutputTypeDef

EncryptionContextSubset

  • Type: typing.Optional[typing.Dict[str, str]]

EncryptionContextEquals

  • Type: typing.Optional[typing.Dict[str, str]]

GrantConstraintsOutputTypeDef

EncryptionContextSubset

  • Type: typing.Optional[typing.Dict[str, str]]

EncryptionContextEquals

  • Type: typing.Optional[typing.Dict[str, str]]

GrantConstraintsTypeDef

EncryptionContextSubset

  • Type: typing.Optional[typing.Mapping[str, str]]

EncryptionContextEquals

  • Type: typing.Optional[typing.Mapping[str, str]]

GrantListEntryTypeDef

KeyId

  • Type: typing.Optional[str]

GrantId

  • Type: typing.Optional[str]

Name

  • Type: typing.Optional[str]

CreationDate

  • Type: typing.Optional[datetime.datetime]

GranteePrincipal

  • Type: typing.Optional[str]

RetiringPrincipal

  • Type: typing.Optional[str]

IssuingAccount

  • Type: typing.Optional[str]

Operations

  • Type: typing.Optional[typing.List[typing.Literal['CreateGrant', 'Decrypt', 'DeriveSharedSecret', 'DescribeKey', 'Encrypt', 'GenerateDataKey', 'GenerateDataKeyPair', 'GenerateDataKeyPairWithoutPlaintext', 'GenerateDataKeyWithoutPlaintext', 'GenerateMac', 'GetPublicKey', 'ReEncryptFrom', 'ReEncryptTo', 'RetireGrant', 'Sign', 'Verify', 'VerifyMac']]]

Constraints

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.GrantConstraintsOutputTypeDef]

ImportKeyMaterialRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

ImportToken

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

EncryptedKeyMaterial

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

ValidTo

  • Type: typing.Union[datetime.datetime, str, NoneType]

ExpirationModel

  • Type: typing.Optional[typing.Literal['KEY_MATERIAL_DOES_NOT_EXPIRE', 'KEY_MATERIAL_EXPIRES']]

KeyListEntryTypeDef

KeyId

  • Type: typing.Optional[str]

KeyArn

  • Type: typing.Optional[str]

KeyMetadataTypeDef

KeyId

  • Type:
  • Required: Yes

AWSAccountId

  • Type: typing.Optional[str]

Arn

  • Type: typing.Optional[str]

CreationDate

  • Type: typing.Optional[datetime.datetime]

Enabled

  • Type: typing.Optional[bool]

Description

  • Type: typing.Optional[str]

KeyUsage

  • Type: typing.Optional[typing.Literal['ENCRYPT_DECRYPT', 'GENERATE_VERIFY_MAC', 'KEY_AGREEMENT', 'SIGN_VERIFY']]

KeyState

  • Type: typing.Optional[typing.Literal['Creating', 'Disabled', 'Enabled', 'PendingDeletion', 'PendingImport', 'PendingReplicaDeletion', 'Unavailable', 'Updating']]

DeletionDate

  • Type: typing.Optional[datetime.datetime]

ValidTo

  • Type: typing.Optional[datetime.datetime]

Origin

  • Type: typing.Optional[typing.Literal['AWS_CLOUDHSM', 'AWS_KMS', 'EXTERNAL', 'EXTERNAL_KEY_STORE']]

CustomKeyStoreId

  • Type: typing.Optional[str]

CloudHsmClusterId

  • Type: typing.Optional[str]

ExpirationModel

  • Type: typing.Optional[typing.Literal['KEY_MATERIAL_DOES_NOT_EXPIRE', 'KEY_MATERIAL_EXPIRES']]

KeyManager

  • Type: typing.Optional[typing.Literal['AWS', 'CUSTOMER']]

CustomerMasterKeySpec

  • Type: typing.Optional[typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'HMAC_224', 'HMAC_256', 'HMAC_384', 'HMAC_512', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2', 'SYMMETRIC_DEFAULT']]

KeySpec

  • Type: typing.Optional[typing.Literal['ECC_NIST_P256', 'ECC_NIST_P384', 'ECC_NIST_P521', 'ECC_SECG_P256K1', 'HMAC_224', 'HMAC_256', 'HMAC_384', 'HMAC_512', 'RSA_2048', 'RSA_3072', 'RSA_4096', 'SM2', 'SYMMETRIC_DEFAULT']]

EncryptionAlgorithms

  • Type: typing.Optional[typing.List[typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']]]

SigningAlgorithms

  • Type: typing.Optional[typing.List[typing.Literal['ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512', 'RSASSA_PKCS1_V1_5_SHA_256', 'RSASSA_PKCS1_V1_5_SHA_384', 'RSASSA_PKCS1_V1_5_SHA_512', 'RSASSA_PSS_SHA_256', 'RSASSA_PSS_SHA_384', 'RSASSA_PSS_SHA_512', 'SM2DSA']]]

KeyAgreementAlgorithms

  • Type: typing.Optional[typing.List[typing.Literal['ECDH']]]

MultiRegion

  • Type: typing.Optional[bool]

MultiRegionConfiguration

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.MultiRegionConfigurationTypeDef]

PendingDeletionWindowInDays

  • Type: typing.Optional[int]

MacAlgorithms

  • Type: typing.Optional[typing.List[typing.Literal['HMAC_SHA_224', 'HMAC_SHA_256', 'HMAC_SHA_384', 'HMAC_SHA_512']]]

XksKeyConfiguration

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.XksKeyConfigurationTypeTypeDef]

ListAliasesRequestListAliasesPaginateTypeDef

KeyId

  • Type: typing.Optional[str]

PaginationConfig

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.PaginatorConfigTypeDef]

ListAliasesRequestRequestTypeDef

KeyId

  • Type: typing.Optional[str]

Limit

  • Type: typing.Optional[int]

Marker

  • Type: typing.Optional[str]

ListAliasesResponseTypeDef

Aliases

  • Type: typing.List[aws_resource_validator.pydantic_models.kms_classes.AliasListEntryTypeDef]
  • Required: Yes

NextMarker

  • Type:
  • Required: Yes

Truncated

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

ListGrantsRequestListGrantsPaginateTypeDef

KeyId

  • Type:
  • Required: Yes

GrantId

  • Type: typing.Optional[str]

GranteePrincipal

  • Type: typing.Optional[str]

PaginationConfig

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.PaginatorConfigTypeDef]

ListGrantsRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Limit

  • Type: typing.Optional[int]

Marker

  • Type: typing.Optional[str]

GrantId

  • Type: typing.Optional[str]

GranteePrincipal

  • Type: typing.Optional[str]

ListGrantsResponseTypeDef

Grants

  • Type: typing.List[aws_resource_validator.pydantic_models.kms_classes.GrantListEntryTypeDef]
  • Required: Yes

NextMarker

  • Type:
  • Required: Yes

Truncated

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

ListKeyPoliciesRequestListKeyPoliciesPaginateTypeDef

KeyId

  • Type:
  • Required: Yes

PaginationConfig

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.PaginatorConfigTypeDef]

ListKeyPoliciesRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Limit

  • Type: typing.Optional[int]

Marker

  • Type: typing.Optional[str]

ListKeyPoliciesResponseTypeDef

PolicyNames

  • Type: typing.List[str]
  • Required: Yes

NextMarker

  • Type:
  • Required: Yes

Truncated

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

ListKeyRotationsRequestListKeyRotationsPaginateTypeDef

KeyId

  • Type:
  • Required: Yes

PaginationConfig

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.PaginatorConfigTypeDef]

ListKeyRotationsRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Limit

  • Type: typing.Optional[int]

Marker

  • Type: typing.Optional[str]

ListKeyRotationsResponseTypeDef

Rotations

  • Type: typing.List[aws_resource_validator.pydantic_models.kms_classes.RotationsListEntryTypeDef]
  • Required: Yes

NextMarker

  • Type:
  • Required: Yes

Truncated

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

ListKeysRequestListKeysPaginateTypeDef

PaginationConfig

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.PaginatorConfigTypeDef]

ListKeysRequestRequestTypeDef

Limit

  • Type: typing.Optional[int]

Marker

  • Type: typing.Optional[str]

ListKeysResponseTypeDef

Keys

  • Type: typing.List[aws_resource_validator.pydantic_models.kms_classes.KeyListEntryTypeDef]
  • Required: Yes

NextMarker

  • Type:
  • Required: Yes

Truncated

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

ListResourceTagsRequestListResourceTagsPaginateTypeDef

KeyId

  • Type:
  • Required: Yes

PaginationConfig

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.PaginatorConfigTypeDef]

ListResourceTagsRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Limit

  • Type: typing.Optional[int]

Marker

  • Type: typing.Optional[str]

ListResourceTagsResponseTypeDef

Tags

  • Type: typing.List[aws_resource_validator.pydantic_models.kms_classes.TagTypeDef]
  • Required: Yes

NextMarker

  • Type:
  • Required: Yes

Truncated

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

ListRetirableGrantsRequestListRetirableGrantsPaginateTypeDef

RetiringPrincipal

  • Type:
  • Required: Yes

PaginationConfig

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.PaginatorConfigTypeDef]

ListRetirableGrantsRequestRequestTypeDef

RetiringPrincipal

  • Type:
  • Required: Yes

Limit

  • Type: typing.Optional[int]

Marker

  • Type: typing.Optional[str]

MultiRegionConfigurationTypeDef

MultiRegionKeyType

  • Type: typing.Optional[typing.Literal['PRIMARY', 'REPLICA']]

PrimaryKey

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.MultiRegionKeyTypeDef]

ReplicaKeys

  • Type: typing.Optional[typing.List[aws_resource_validator.pydantic_models.kms_classes.MultiRegionKeyTypeDef]]

MultiRegionKeyTypeDef

Arn

  • Type: typing.Optional[str]

Region

  • Type: typing.Optional[str]

PaginatorConfigTypeDef

MaxItems

  • Type: typing.Optional[int]

PageSize

  • Type: typing.Optional[int]

StartingToken

  • Type: typing.Optional[str]

PutKeyPolicyRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Policy

  • Type:
  • Required: Yes

PolicyName

  • Type: typing.Optional[str]

BypassPolicyLockoutSafetyCheck

  • Type: typing.Optional[bool]

ReEncryptRequestRequestTypeDef

CiphertextBlob

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

DestinationKeyId

  • Type:
  • Required: Yes

SourceEncryptionContext

  • Type: typing.Optional[typing.Mapping[str, str]]

SourceKeyId

  • Type: typing.Optional[str]

DestinationEncryptionContext

  • Type: typing.Optional[typing.Mapping[str, str]]

SourceEncryptionAlgorithm

  • Type: typing.Optional[typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']]

DestinationEncryptionAlgorithm

  • Type: typing.Optional[typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

DryRun

  • Type: typing.Optional[bool]

ReEncryptResponseTypeDef

CiphertextBlob

  • Type:
  • Required: Yes

SourceKeyId

  • Type:
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

SourceEncryptionAlgorithm

  • Type: typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']
  • Required: Yes

DestinationEncryptionAlgorithm

  • Type: typing.Literal['RSAES_OAEP_SHA_1', 'RSAES_OAEP_SHA_256', 'SM2PKE', 'SYMMETRIC_DEFAULT']
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

RecipientInfoTypeDef

KeyEncryptionAlgorithm

  • Type: typing.Optional[typing.Literal['RSAES_OAEP_SHA_256']]

AttestationDocument

  • Type: typing.Union[str, bytes, typing.IO[typing.Any], NoneType]

ReplicateKeyRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

ReplicaRegion

  • Type:
  • Required: Yes

Policy

  • Type: typing.Optional[str]

BypassPolicyLockoutSafetyCheck

  • Type: typing.Optional[bool]

Description

  • Type: typing.Optional[str]

Tags

  • Type: typing.Optional[typing.Sequence[aws_resource_validator.pydantic_models.kms_classes.TagTypeDef]]

ReplicateKeyResponseTypeDef

ReplicaKeyMetadata

  • Type:
  • Required: Yes

ReplicaPolicy

  • Type:
  • Required: Yes

ReplicaTags

  • Type: typing.List[aws_resource_validator.pydantic_models.kms_classes.TagTypeDef]
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

ResponseMetadataTypeDef

RequestId

  • Type:
  • Required: Yes

HTTPStatusCode

  • Type:
  • Required: Yes

HTTPHeaders

  • Type: typing.Dict[str, str]
  • Required: Yes

RetryAttempts

  • Type:
  • Required: Yes

HostId

  • Type: typing.Optional[str]

RetireGrantRequestRequestTypeDef

GrantToken

  • Type: typing.Optional[str]

KeyId

  • Type: typing.Optional[str]

GrantId

  • Type: typing.Optional[str]

DryRun

  • Type: typing.Optional[bool]

RevokeGrantRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

GrantId

  • Type:
  • Required: Yes

DryRun

  • Type: typing.Optional[bool]

RotateKeyOnDemandRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

RotateKeyOnDemandResponseTypeDef

KeyId

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

RotationsListEntryTypeDef

KeyId

  • Type: typing.Optional[str]

RotationDate

  • Type: typing.Optional[datetime.datetime]

RotationType

  • Type: typing.Optional[typing.Literal['AUTOMATIC', 'ON_DEMAND']]

ScheduleKeyDeletionRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

PendingWindowInDays

  • Type: typing.Optional[int]

ScheduleKeyDeletionResponseTypeDef

KeyId

  • Type:
  • Required: Yes

DeletionDate

  • Type:
  • Required: Yes

KeyState

  • Type: typing.Literal['Creating', 'Disabled', 'Enabled', 'PendingDeletion', 'PendingImport', 'PendingReplicaDeletion', 'Unavailable', 'Updating']
  • Required: Yes

PendingWindowInDays

  • Type:
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

SignRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Message

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

SigningAlgorithm

  • Type: typing.Literal['ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512', 'RSASSA_PKCS1_V1_5_SHA_256', 'RSASSA_PKCS1_V1_5_SHA_384', 'RSASSA_PKCS1_V1_5_SHA_512', 'RSASSA_PSS_SHA_256', 'RSASSA_PSS_SHA_384', 'RSASSA_PSS_SHA_512', 'SM2DSA']
  • Required: Yes

MessageType

  • Type: typing.Optional[typing.Literal['DIGEST', 'RAW']]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

DryRun

  • Type: typing.Optional[bool]

SignResponseTypeDef

KeyId

  • Type:
  • Required: Yes

Signature

  • Type:
  • Required: Yes

SigningAlgorithm

  • Type: typing.Literal['ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512', 'RSASSA_PKCS1_V1_5_SHA_256', 'RSASSA_PKCS1_V1_5_SHA_384', 'RSASSA_PKCS1_V1_5_SHA_512', 'RSASSA_PSS_SHA_256', 'RSASSA_PSS_SHA_384', 'RSASSA_PSS_SHA_512', 'SM2DSA']
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

TagResourceRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Tags

  • Type: typing.Sequence[aws_resource_validator.pydantic_models.kms_classes.TagTypeDef]
  • Required: Yes

TagTypeDef

TagKey

  • Type:
  • Required: Yes

TagValue

  • Type:
  • Required: Yes

UntagResourceRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

TagKeys

  • Type: typing.Sequence[str]
  • Required: Yes

UpdateAliasRequestRequestTypeDef

AliasName

  • Type:
  • Required: Yes

TargetKeyId

  • Type:
  • Required: Yes

UpdateCustomKeyStoreRequestRequestTypeDef

CustomKeyStoreId

  • Type:
  • Required: Yes

NewCustomKeyStoreName

  • Type: typing.Optional[str]

KeyStorePassword

  • Type: typing.Optional[str]

CloudHsmClusterId

  • Type: typing.Optional[str]

XksProxyUriEndpoint

  • Type: typing.Optional[str]

XksProxyUriPath

  • Type: typing.Optional[str]

XksProxyVpcEndpointServiceName

  • Type: typing.Optional[str]

XksProxyAuthenticationCredential

  • Type: typing.Optional[aws_resource_validator.pydantic_models.kms_classes.XksProxyAuthenticationCredentialTypeTypeDef]

XksProxyConnectivity

  • Type: typing.Optional[typing.Literal['PUBLIC_ENDPOINT', 'VPC_ENDPOINT_SERVICE']]

UpdateKeyDescriptionRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Description

  • Type:
  • Required: Yes

UpdatePrimaryRegionRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

PrimaryRegion

  • Type:
  • Required: Yes

VerifyMacRequestRequestTypeDef

Message

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

KeyId

  • Type:
  • Required: Yes

MacAlgorithm

  • Type: typing.Literal['HMAC_SHA_224', 'HMAC_SHA_256', 'HMAC_SHA_384', 'HMAC_SHA_512']
  • Required: Yes

Mac

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

DryRun

  • Type: typing.Optional[bool]

VerifyMacResponseTypeDef

KeyId

  • Type:
  • Required: Yes

MacValid

  • Type:
  • Required: Yes

MacAlgorithm

  • Type: typing.Literal['HMAC_SHA_224', 'HMAC_SHA_256', 'HMAC_SHA_384', 'HMAC_SHA_512']
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

VerifyRequestRequestTypeDef

KeyId

  • Type:
  • Required: Yes

Message

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

Signature

  • Type: typing.Union[str, bytes, typing.IO[typing.Any]]
  • Required: Yes

SigningAlgorithm

  • Type: typing.Literal['ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512', 'RSASSA_PKCS1_V1_5_SHA_256', 'RSASSA_PKCS1_V1_5_SHA_384', 'RSASSA_PKCS1_V1_5_SHA_512', 'RSASSA_PSS_SHA_256', 'RSASSA_PSS_SHA_384', 'RSASSA_PSS_SHA_512', 'SM2DSA']
  • Required: Yes

MessageType

  • Type: typing.Optional[typing.Literal['DIGEST', 'RAW']]

GrantTokens

  • Type: typing.Optional[typing.Sequence[str]]

DryRun

  • Type: typing.Optional[bool]

VerifyResponseTypeDef

KeyId

  • Type:
  • Required: Yes

SignatureValid

  • Type:
  • Required: Yes

SigningAlgorithm

  • Type: typing.Literal['ECDSA_SHA_256', 'ECDSA_SHA_384', 'ECDSA_SHA_512', 'RSASSA_PKCS1_V1_5_SHA_256', 'RSASSA_PKCS1_V1_5_SHA_384', 'RSASSA_PKCS1_V1_5_SHA_512', 'RSASSA_PSS_SHA_256', 'RSASSA_PSS_SHA_384', 'RSASSA_PSS_SHA_512', 'SM2DSA']
  • Required: Yes

ResponseMetadata

  • Type:
  • Required: Yes

XksKeyConfigurationTypeTypeDef

Id

  • Type: typing.Optional[str]

XksProxyAuthenticationCredentialTypeTypeDef

AccessKeyId

  • Type:
  • Required: Yes

RawSecretAccessKey

  • Type:
  • Required: Yes

XksProxyConfigurationTypeTypeDef

Connectivity

  • Type: typing.Optional[typing.Literal['PUBLIC_ENDPOINT', 'VPC_ENDPOINT_SERVICE']]

AccessKeyId

  • Type: typing.Optional[str]

UriEndpoint

  • Type: typing.Optional[str]

UriPath

  • Type: typing.Optional[str]

VpcEndpointServiceName

  • Type: typing.Optional[str]