|
1027 | 1027 | }, |
1028 | 1028 | "shapes":{ |
1029 | 1029 | "AWSAccountIdType":{"type":"string"}, |
| 1030 | + "AccountIdType":{ |
| 1031 | + "type":"string", |
| 1032 | + "max":12, |
| 1033 | + "min":12, |
| 1034 | + "pattern":"[0-9]{12}" |
| 1035 | + }, |
1030 | 1036 | "AlgorithmSpec":{ |
1031 | 1037 | "type":"string", |
1032 | 1038 | "enum":[ |
|
1283 | 1289 | "shape":"XksProxyVpcEndpointServiceNameType", |
1284 | 1290 | "documentation":"<p>Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with your external key store proxy (XKS proxy). This parameter is required when the value of <code>CustomKeyStoreType</code> is <code>EXTERNAL_KEY_STORE</code> and the value of <code>XksProxyConnectivity</code> is <code>VPC_ENDPOINT_SERVICE</code>.</p> <p>The Amazon VPC endpoint service must <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keystore.html#xks-requirements\">fulfill all requirements</a> for use with an external key store. </p> <p> <b>Uniqueness requirements:</b> </p> <ul> <li> <p>External key stores with <code>VPC_ENDPOINT_SERVICE</code> connectivity can share an Amazon VPC, but each external key store must have its own VPC endpoint service and private DNS name.</p> </li> </ul>" |
1285 | 1291 | }, |
| 1292 | + "XksProxyVpcEndpointServiceOwner":{ |
| 1293 | + "shape":"AccountIdType", |
| 1294 | + "documentation":"<p>Specifies the Amazon Web Services account ID that owns the Amazon VPC service endpoint for the interface that is used to communicate with your external key store proxy (XKS proxy). This parameter is optional. If not provided, the Amazon Web Services account ID calling the action will be used.</p>" |
| 1295 | + }, |
1286 | 1296 | "XksProxyAuthenticationCredential":{ |
1287 | 1297 | "shape":"XksProxyAuthenticationCredentialType", |
1288 | 1298 | "documentation":"<p>Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required for all custom key stores with a <code>CustomKeyStoreType</code> of <code>EXTERNAL_KEY_STORE</code>.</p> <p>The <code>XksProxyAuthenticationCredential</code> has two required elements: <code>RawSecretAccessKey</code>, a secret key, and <code>AccessKeyId</code>, a unique identifier for the <code>RawSecretAccessKey</code>. For character requirements, see <a href=\"API_XksProxyAuthenticationCredentialType.html\">XksProxyAuthenticationCredentialType</a>.</p> <p>KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.</p> <p>This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the credential that you established on your external key store proxy. If you rotate your proxy authentication credential, use the <a>UpdateCustomKeyStore</a> operation to provide the new credential to KMS.</p>" |
|
3874 | 3884 | "shape":"XksProxyVpcEndpointServiceNameType", |
3875 | 3885 | "documentation":"<p>Changes the name that KMS uses to identify the Amazon VPC endpoint service for your external key store proxy (XKS proxy). This parameter is valid when the <code>CustomKeyStoreType</code> is <code>EXTERNAL_KEY_STORE</code> and the <code>XksProxyConnectivity</code> is <code>VPC_ENDPOINT_SERVICE</code>.</p> <p>To change this value, the external key store must be disconnected.</p>" |
3876 | 3886 | }, |
| 3887 | + "XksProxyVpcEndpointServiceOwner":{ |
| 3888 | + "shape":"AccountIdType", |
| 3889 | + "documentation":"<p>Changes the Amazon Web Services account ID that KMS uses to identify the Amazon VPC endpoint service for your external key store proxy (XKS proxy). This parameter is optional. If not specified, the current Amazon Web Services account ID for the VPC endpoint service will not be updated.</p> <p>To change this value, the external key store must be disconnected.</p>" |
| 3890 | + }, |
3877 | 3891 | "XksProxyAuthenticationCredential":{ |
3878 | 3892 | "shape":"XksProxyAuthenticationCredentialType", |
3879 | 3893 | "documentation":"<p>Changes the credentials that KMS uses to sign requests to the external key store proxy (XKS proxy). This parameter is valid only for custom key stores with a <code>CustomKeyStoreType</code> of <code>EXTERNAL_KEY_STORE</code>.</p> <p>You must specify both the <code>AccessKeyId</code> and <code>SecretAccessKey</code> value in the authentication credential, even if you are only updating one value.</p> <p>This parameter doesn't establish or change your authentication credentials on the proxy. It just tells KMS the credential that you established with your external key store proxy. For example, if you rotate the credential on your external key store proxy, you can use this parameter to update the credential in KMS.</p> <p>You can change this value when the external key store is connected or disconnected.</p>" |
|
4133 | 4147 | "VpcEndpointServiceName":{ |
4134 | 4148 | "shape":"XksProxyVpcEndpointServiceNameType", |
4135 | 4149 | "documentation":"<p>The Amazon VPC endpoint service used to communicate with the external key store proxy. This field appears only when the external key store proxy uses an Amazon VPC endpoint service to communicate with KMS.</p>" |
| 4150 | + }, |
| 4151 | + "VpcEndpointServiceOwner":{ |
| 4152 | + "shape":"AccountIdType", |
| 4153 | + "documentation":"<p>The Amazon Web Services account ID that owns the Amazon VPC endpoint service used to communicate with the external key store proxy (XKS). This field appears only when the XKS uses an VPC endpoint service to communicate with KMS.</p>" |
4136 | 4154 | } |
4137 | 4155 | }, |
4138 | 4156 | "documentation":"<p>Detailed information about the external key store proxy (XKS proxy). Your external key store proxy translates KMS requests into a format that your external key manager can understand. These fields appear in a <a>DescribeCustomKeyStores</a> response only when the <code>CustomKeyStoreType</code> is <code>EXTERNAL_KEY_STORE</code>.</p>" |
|
0 commit comments