feat(client-kms): Adds support for KMS keys and APIs that generate an…

…d verify HMAC codes
aws · Apr 19, 2022 · 90a9a16 · 90a9a16
1 parent 67d79bf
commit 90a9a16
Show file tree

Hide file tree

Showing 44 changed files with 1,760 additions and 647 deletions.
diff --git a/clients/client-kms/README.md b/clients/client-kms/README.md
@@ -24,7 +24,10 @@ retrying requests automatically. For more information about the Amazon Web Servi
 download and install them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web
 Services</a>.</p>
 </note>
-<p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.</p>
+<p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS. </p>
+<p>If you need to use FIPS 140-2 validated cryptographic modules when communicating with
+Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the
+available FIPS endpoints, see <a href="https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region">Service endpoints</a> in the Key Management Service topic of the <i>Amazon Web Services General Reference</i>.</p>
 <p>Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients
 must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral
 Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems

diff --git a/clients/client-kms/src/KMS.ts b/clients/client-kms/src/KMS.ts
diff --git a/clients/client-kms/src/KMSClient.ts b/clients/client-kms/src/KMSClient.ts
@@ -100,6 +100,7 @@ import {
   GenerateDataKeyWithoutPlaintextCommandInput,
   GenerateDataKeyWithoutPlaintextCommandOutput,
 } from "./commands/GenerateDataKeyWithoutPlaintextCommand";
+import { GenerateMacCommandInput, GenerateMacCommandOutput } from "./commands/GenerateMacCommand";
 import { GenerateRandomCommandInput, GenerateRandomCommandOutput } from "./commands/GenerateRandomCommand";
 import { GetKeyPolicyCommandInput, GetKeyPolicyCommandOutput } from "./commands/GetKeyPolicyCommand";
 import {
@@ -147,6 +148,7 @@ import {
   UpdatePrimaryRegionCommandOutput,
 } from "./commands/UpdatePrimaryRegionCommand";
 import { VerifyCommandInput, VerifyCommandOutput } from "./commands/VerifyCommand";
+import { VerifyMacCommandInput, VerifyMacCommandOutput } from "./commands/VerifyMacCommand";
 import { getRuntimeConfig as __getRuntimeConfig } from "./runtimeConfig";
 
 export type ServiceInputTypes =
@@ -172,6 +174,7 @@ export type ServiceInputTypes =
   | GenerateDataKeyPairCommandInput
   | GenerateDataKeyPairWithoutPlaintextCommandInput
   | GenerateDataKeyWithoutPlaintextCommandInput
+  | GenerateMacCommandInput
   | GenerateRandomCommandInput
   | GetKeyPolicyCommandInput
   | GetKeyRotationStatusCommandInput
@@ -197,7 +200,8 @@ export type ServiceInputTypes =
   | UpdateCustomKeyStoreCommandInput
   | UpdateKeyDescriptionCommandInput
   | UpdatePrimaryRegionCommandInput
-  | VerifyCommandInput;
+  | VerifyCommandInput
+  | VerifyMacCommandInput;
 
 export type ServiceOutputTypes =
   | CancelKeyDeletionCommandOutput
@@ -222,6 +226,7 @@ export type ServiceOutputTypes =
   | GenerateDataKeyPairCommandOutput
   | GenerateDataKeyPairWithoutPlaintextCommandOutput
   | GenerateDataKeyWithoutPlaintextCommandOutput
+  | GenerateMacCommandOutput
   | GenerateRandomCommandOutput
   | GetKeyPolicyCommandOutput
   | GetKeyRotationStatusCommandOutput
@@ -247,7 +252,8 @@ export type ServiceOutputTypes =
   | UpdateCustomKeyStoreCommandOutput
   | UpdateKeyDescriptionCommandOutput
   | UpdatePrimaryRegionCommandOutput
-  | VerifyCommandOutput;
+  | VerifyCommandOutput
+  | VerifyMacCommandOutput;
 
 export interface ClientDefaults extends Partial<__SmithyResolvedConfiguration<__HttpHandlerOptions>> {
   /**
@@ -419,7 +425,10 @@ export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {}
  *         download and install them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web
  *           Services</a>.</p>
  *          </note>
- *          <p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.</p>
+ *          <p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS. </p>
+ *          <p>If you need to use FIPS 140-2 validated cryptographic modules when communicating with
+ *       Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the
+ *       available FIPS endpoints, see <a href="https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region">Service endpoints</a> in the Key Management Service topic of the <i>Amazon Web Services General Reference</i>.</p>
  *          <p>Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients
  *       must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral
  *       Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems

diff --git a/clients/client-kms/src/commands/CancelKeyDeletionCommand.ts b/clients/client-kms/src/commands/CancelKeyDeletionCommand.ts
@@ -27,7 +27,7 @@ export interface CancelKeyDeletionCommandOutput extends CancelKeyDeletionRespons
  *          <p>For more information about scheduling and canceling deletion of a KMS key, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/deleting-keys.html">Deleting KMS keys</a> in the
  *       <i>Key Management Service Developer Guide</i>.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account
  *         use</b>: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.</p>

diff --git a/clients/client-kms/src/commands/CreateAliasCommand.ts b/clients/client-kms/src/commands/CreateAliasCommand.ts
@@ -24,7 +24,7 @@ export interface CreateAliasCommandOutput extends __MetadataBearer {}
 /**
  * <p>Creates a friendly name for a KMS key. </p>
  *          <note>
- *             <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">Using ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ *             <p>Adding, deleting, or updating an alias can allow or deny permission to the KMS key. For details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/abac.html">ABAC in KMS</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          </note>
  *          <p>You can use an alias to identify a KMS key in the KMS console, in the <a>DescribeKey</a> operation and in <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations">cryptographic operations</a>, such as <a>Encrypt</a> and
  *         <a>GenerateDataKey</a>. You can also change the KMS key that's associated with
@@ -39,7 +39,7 @@ export interface CreateAliasCommandOutput extends __MetadataBearer {}
  *          <p>This operation does not return a response. To get the alias that you created, use the
  *         <a>ListAliases</a> operation.</p>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: No. You cannot perform this operation on an alias in a different Amazon Web Services account.</p>
  *

diff --git a/clients/client-kms/src/commands/CreateGrantCommand.ts b/clients/client-kms/src/commands/CreateGrantCommand.ts
@@ -28,7 +28,7 @@ export interface CreateGrantCommandOutput extends CreateGrantResponse, __Metadat
  *       grants are considered along with key policies and IAM policies. Grants are often used for
  *       temporary permissions because you can create one, use its permissions, and delete it without
  *       changing your key policies or IAM policies. </p>
- *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Using grants</a> in the
+ *          <p>For detailed information about grants, including grant terminology, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/grants.html">Grants in KMS</a> in the
  *         <i>
  *                <i>Key Management Service Developer Guide</i>
  *             </i>. For examples of working with grants in several
@@ -53,7 +53,7 @@ export interface CreateGrantCommandOutput extends CreateGrantResponse, __Metadat
  *             </li>
  *          </ul>
  *          <p>The KMS key that you use for this operation must be in a compatible key state. For
- * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key state: Effect on your KMS key</a> in the <i>Key Management Service Developer Guide</i>.</p>
+ * details, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html">Key states of KMS keys</a> in the <i>Key Management Service Developer Guide</i>.</p>
  *          <p>
  *             <b>Cross-account use</b>: Yes.
  *       To perform this operation on a KMS key in a different Amazon Web Services account, specify the key