/
UpdateAliasCommand.ts
247 lines (236 loc) · 10.3 KB
/
UpdateAliasCommand.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
// smithy-typescript generated code
import { EndpointParameterInstructions, getEndpointPlugin } from "@aws-sdk/middleware-endpoint";
import { getSerdePlugin } from "@aws-sdk/middleware-serde";
import { Command as $Command } from "@aws-sdk/smithy-client";
import {
FinalizeHandlerArguments,
Handler,
HandlerExecutionContext,
HttpHandlerOptions as __HttpHandlerOptions,
MetadataBearer as __MetadataBearer,
MiddlewareStack,
} from "@aws-sdk/types";
import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@smithy/protocol-http";
import { SerdeContext as __SerdeContext } from "@smithy/types";
import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
import { UpdateAliasRequest } from "../models/models_0";
import { de_UpdateAliasCommand, se_UpdateAliasCommand } from "../protocols/Aws_json1_1";
/**
* @public
*/
export { __MetadataBearer, $Command };
/**
* @public
*
* The input for {@link UpdateAliasCommand}.
*/
export interface UpdateAliasCommandInput extends UpdateAliasRequest {}
/**
* @public
*
* The output of {@link UpdateAliasCommand}.
*/
export interface UpdateAliasCommandOutput extends __MetadataBearer {}
/**
* @public
* <p>Associates an existing KMS alias with a different KMS key. Each alias is associated with
* only one KMS key at a time, although a KMS key can have multiple aliases. The alias and the
* KMS key must be in the same Amazon Web Services account and Region.</p>
* <note>
* <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">ABAC for KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
* </note>
* <p>The current and new KMS key must be the same type (both symmetric or both asymmetric or
* both HMAC), and they must have the same key usage. This restriction prevents errors in code
* that uses aliases. If you must assign an alias to a different type of KMS key, use <a>DeleteAlias</a> to delete the old alias and <a>CreateAlias</a> to create
* a new alias.</p>
* <p>You cannot use <code>UpdateAlias</code> to change an alias name. To change an alias name,
* use <a>DeleteAlias</a> to delete the old alias and <a>CreateAlias</a> to
* create a new alias.</p>
* <p>Because an alias is not a property of a KMS key, you can create, update, and delete the
* aliases of a KMS key without affecting the KMS key. Also, aliases do not appear in the
* response from the <a>DescribeKey</a> operation. To get the aliases of all KMS keys
* in the account, use the <a>ListAliases</a> operation. </p>
* <p>The KMS key that you use for this operation must be in a compatible key state. For
* details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
* <p>
* <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account. </p>
* <p>
* <b>Required permissions</b>
* </p>
* <ul>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UpdateAlias</a> on
* the alias (IAM policy).</p>
* </li>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UpdateAlias</a> on
* the current KMS key (key policy).</p>
* </li>
* <li>
* <p>
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:UpdateAlias</a> on
* the new KMS key (key policy).</p>
* </li>
* </ul>
* <p>For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access">Controlling access to aliases</a> in the
* <i>Key Management Service Developer Guide</i>.</p>
* <p>
* <b>Related operations:</b>
* </p>
* <ul>
* <li>
* <p>
* <a>CreateAlias</a>
* </p>
* </li>
* <li>
* <p>
* <a>DeleteAlias</a>
* </p>
* </li>
* <li>
* <p>
* <a>ListAliases</a>
* </p>
* </li>
* </ul>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { KMSClient, UpdateAliasCommand } from "@aws-sdk/client-kms"; // ES Modules import
* // const { KMSClient, UpdateAliasCommand } = require("@aws-sdk/client-kms"); // CommonJS import
* const client = new KMSClient(config);
* const input = { // UpdateAliasRequest
* AliasName: "STRING_VALUE", // required
* TargetKeyId: "STRING_VALUE", // required
* };
* const command = new UpdateAliasCommand(input);
* const response = await client.send(command);
* // {};
*
* ```
*
* @param UpdateAliasCommandInput - {@link UpdateAliasCommandInput}
* @returns {@link UpdateAliasCommandOutput}
* @see {@link UpdateAliasCommandInput} for command's `input` shape.
* @see {@link UpdateAliasCommandOutput} for command's `response` shape.
* @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
*
* @throws {@link DependencyTimeoutException} (server fault)
* <p>The system timed out while trying to fulfill the request. You can retry the
* request.</p>
*
* @throws {@link KMSInternalException} (server fault)
* <p>The request was rejected because an internal exception occurred. The request can be
* retried.</p>
*
* @throws {@link KMSInvalidStateException} (client fault)
* <p>The request was rejected because the state of the specified resource is not valid for this
* request.</p>
* <p>This exceptions means one of the following:</p>
* <ul>
* <li>
* <p>The key state of the KMS key is not compatible with the operation. </p>
* <p>To find the key state, use the <a>DescribeKey</a> operation. For more
* information about which key states are compatible with each KMS operation, see
* <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>
* <i>Key Management Service Developer Guide</i>
* </i>.</p>
* </li>
* <li>
* <p>For cryptographic operations on KMS keys in custom key stores, this exception represents a general failure with many possible causes. To identify the cause, see the error message that accompanies the exception.</p>
* </li>
* </ul>
*
* @throws {@link LimitExceededException} (client fault)
* <p>The request was rejected because a quota was exceeded. For more information, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/limits.html">Quotas</a> in the
* <i>Key Management Service Developer Guide</i>.</p>
*
* @throws {@link NotFoundException} (client fault)
* <p>The request was rejected because the specified entity or resource could not be
* found.</p>
*
* @throws {@link KMSServiceException}
* <p>Base exception class for all service exceptions from KMS service.</p>
*
* @example To update an alias
* ```javascript
* // The following example updates the specified alias to refer to the specified KMS key.
* const input = {
* "AliasName": "alias/ExampleAlias",
* "TargetKeyId": "1234abcd-12ab-34cd-56ef-1234567890ab"
* };
* const command = new UpdateAliasCommand(input);
* await client.send(command);
* // example id: to-update-an-alias-1481572726920
* ```
*
*/
export class UpdateAliasCommand extends $Command<
UpdateAliasCommandInput,
UpdateAliasCommandOutput,
KMSClientResolvedConfig
> {
// Start section: command_properties
// End section: command_properties
public static getEndpointParameterInstructions(): EndpointParameterInstructions {
return {
UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
Endpoint: { type: "builtInParams", name: "endpoint" },
Region: { type: "builtInParams", name: "region" },
UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
};
}
/**
* @public
*/
constructor(readonly input: UpdateAliasCommandInput) {
// Start section: command_constructor
super();
// End section: command_constructor
}
/**
* @internal
*/
resolveMiddleware(
clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
configuration: KMSClientResolvedConfig,
options?: __HttpHandlerOptions
): Handler<UpdateAliasCommandInput, UpdateAliasCommandOutput> {
this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
this.middlewareStack.use(getEndpointPlugin(configuration, UpdateAliasCommand.getEndpointParameterInstructions()));
const stack = clientStack.concat(this.middlewareStack);
const { logger } = configuration;
const clientName = "KMSClient";
const commandName = "UpdateAliasCommand";
const handlerExecutionContext: HandlerExecutionContext = {
logger,
clientName,
commandName,
inputFilterSensitiveLog: (_: any) => _,
outputFilterSensitiveLog: (_: any) => _,
};
const { requestHandler } = configuration;
return stack.resolve(
(request: FinalizeHandlerArguments<any>) =>
requestHandler.handle(request.request as __HttpRequest, options || {}),
handlerExecutionContext
);
}
/**
* @internal
*/
private serialize(input: UpdateAliasCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
return se_UpdateAliasCommand(input, context);
}
/**
* @internal
*/
private deserialize(output: __HttpResponse, context: __SerdeContext): Promise<UpdateAliasCommandOutput> {
return de_UpdateAliasCommand(output, context);
}
// Start section: command_body_extra
// End section: command_body_extra
}