-
Notifications
You must be signed in to change notification settings - Fork 573
/
DisableKeyRotationCommand.ts
142 lines (131 loc) · 7.03 KB
/
DisableKeyRotationCommand.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
// smithy-typescript generated code
import { EndpointParameterInstructions, getEndpointPlugin } from "@aws-sdk/middleware-endpoint";
import { getSerdePlugin } from "@aws-sdk/middleware-serde";
import { HttpRequest as __HttpRequest, HttpResponse as __HttpResponse } from "@aws-sdk/protocol-http";
import { Command as $Command } from "@aws-sdk/smithy-client";
import {
FinalizeHandlerArguments,
Handler,
HandlerExecutionContext,
HttpHandlerOptions as __HttpHandlerOptions,
MetadataBearer as __MetadataBearer,
MiddlewareStack,
SerdeContext as __SerdeContext,
} from "@aws-sdk/types";
import { KMSClientResolvedConfig, ServiceInputTypes, ServiceOutputTypes } from "../KMSClient";
import { DisableKeyRotationRequest, DisableKeyRotationRequestFilterSensitiveLog } from "../models/models_0";
import {
deserializeAws_json1_1DisableKeyRotationCommand,
serializeAws_json1_1DisableKeyRotationCommand,
} from "../protocols/Aws_json1_1";
export interface DisableKeyRotationCommandInput extends DisableKeyRotationRequest {}
export interface DisableKeyRotationCommandOutput extends __MetadataBearer {}
/**
* <p>Disables <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic
* rotation of the key material</a> of the specified symmetric encryption KMS key.</p>
* <p>Automatic key rotation is supported only on symmetric encryption KMS keys.
* You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate">multi-Region keys</a>, set the property on the primary key.</p>
* <p>You can enable (<a>EnableKeyRotation</a>) and disable automatic rotation of the
* key material in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed KMS keys</a>. Key material rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a> is not
* configurable. KMS always rotates the key material for every year. Rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned KMS
* keys</a> varies.</p>
* <note>
* <p>In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three
* years to every year. For details, see <a>EnableKeyRotation</a>.</p>
* </note>
* <p>The KMS key that you use for this operation must be in a compatible key state. For
* details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
* <p>
* <b>Cross-account use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>
*
* <p>
* <b>Required permissions</b>: <a href="https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html">kms:DisableKeyRotation</a> (key policy)</p>
* <p>
* <b>Related operations:</b>
* </p>
* <ul>
* <li>
* <p>
* <a>EnableKeyRotation</a>
* </p>
* </li>
* <li>
* <p>
* <a>GetKeyRotationStatus</a>
* </p>
* </li>
* </ul>
* @example
* Use a bare-bones client and the command you need to make an API call.
* ```javascript
* import { KMSClient, DisableKeyRotationCommand } from "@aws-sdk/client-kms"; // ES Modules import
* // const { KMSClient, DisableKeyRotationCommand } = require("@aws-sdk/client-kms"); // CommonJS import
* const client = new KMSClient(config);
* const command = new DisableKeyRotationCommand(input);
* const response = await client.send(command);
* ```
*
* @see {@link DisableKeyRotationCommandInput} for command's `input` shape.
* @see {@link DisableKeyRotationCommandOutput} for command's `response` shape.
* @see {@link KMSClientResolvedConfig | config} for KMSClient's `config` shape.
*
*/
export class DisableKeyRotationCommand extends $Command<
DisableKeyRotationCommandInput,
DisableKeyRotationCommandOutput,
KMSClientResolvedConfig
> {
// Start section: command_properties
// End section: command_properties
public static getEndpointParameterInstructions(): EndpointParameterInstructions {
return {
UseFIPS: { type: "builtInParams", name: "useFipsEndpoint" },
Endpoint: { type: "builtInParams", name: "endpoint" },
Region: { type: "builtInParams", name: "region" },
UseDualStack: { type: "builtInParams", name: "useDualstackEndpoint" },
};
}
constructor(readonly input: DisableKeyRotationCommandInput) {
// Start section: command_constructor
super();
// End section: command_constructor
}
/**
* @internal
*/
resolveMiddleware(
clientStack: MiddlewareStack<ServiceInputTypes, ServiceOutputTypes>,
configuration: KMSClientResolvedConfig,
options?: __HttpHandlerOptions
): Handler<DisableKeyRotationCommandInput, DisableKeyRotationCommandOutput> {
this.middlewareStack.use(getSerdePlugin(configuration, this.serialize, this.deserialize));
this.middlewareStack.use(
getEndpointPlugin(configuration, DisableKeyRotationCommand.getEndpointParameterInstructions())
);
const stack = clientStack.concat(this.middlewareStack);
const { logger } = configuration;
const clientName = "KMSClient";
const commandName = "DisableKeyRotationCommand";
const handlerExecutionContext: HandlerExecutionContext = {
logger,
clientName,
commandName,
inputFilterSensitiveLog: DisableKeyRotationRequestFilterSensitiveLog,
outputFilterSensitiveLog: (output: any) => output,
};
const { requestHandler } = configuration;
return stack.resolve(
(request: FinalizeHandlerArguments<any>) =>
requestHandler.handle(request.request as __HttpRequest, options || {}),
handlerExecutionContext
);
}
private serialize(input: DisableKeyRotationCommandInput, context: __SerdeContext): Promise<__HttpRequest> {
return serializeAws_json1_1DisableKeyRotationCommand(input, context);
}
private deserialize(output: __HttpResponse, context: __SerdeContext): Promise<DisableKeyRotationCommandOutput> {
return deserializeAws_json1_1DisableKeyRotationCommand(output, context);
}
// Start section: command_body_extra
// End section: command_body_extra
}