amazonka-kms-1.6.0: Amazon Key Management Service SDK.

Copyright(c) 2013-2018 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone
LanguageHaskell2010

Network.AWS.KMS

Contents

Description

AWS Key Management Service

AWS Key Management Service (AWS KMS) is an encryption and key management web service. This guide describes the AWS KMS operations that you can call programmatically. For general information about AWS KMS, see the AWS Key Management Service Developer Guide .

We recommend that you use the AWS SDKs to make programmatic API calls to AWS KMS.

Clients must support TLS (Transport Layer Security) 1.0. We recommend TLS 1.2. Clients must also support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman (DHE) or Elliptic Curve Ephemeral Diffie-Hellman (ECDHE). Most modern systems such as Java 7 and later support these modes.

Signing Requests

Requests must be signed by using an access key ID and a secret access key. We strongly recommend that you do not use your AWS account (root) access key ID and secret key for everyday work with AWS KMS. Instead, use the access key ID and secret access key for an IAM user, or you can use the AWS Security Token Service to generate temporary security credentials that you can use to sign requests.

All AWS KMS operations require Signature Version 4 .

Logging API Requests

AWS KMS supports AWS CloudTrail, a service that logs AWS API calls and related events for your AWS account and delivers them to an Amazon S3 bucket that you specify. By using the information collected by CloudTrail, you can determine what requests were made to AWS KMS, who made the request, when it was made, and so on. To learn more about CloudTrail, including how to turn it on and find your log files, see the AWS CloudTrail User Guide .

Additional Resources

For more information about credentials and request signing, see the following:

Commonly Used APIs

Of the APIs discussed in this guide, the following will prove the most useful for most applications. You will likely perform actions other than these, such as creating keys and assigning policies, by using the console.

Synopsis

Service Configuration

kms :: Service #

API version 2014-11-01 of the Amazon Key Management Service SDK configuration.

Errors

Error matchers are designed for use with the functions provided by Control.Exception.Lens. This allows catching (and rethrowing) service specific errors returned by KMS.

InvalidMarkerException

_InvalidMarkerException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the marker that specifies where pagination should next begin is not valid.

KMSInvalidStateException

_KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the state of the specified resource is not valid for this request.

For more information about how key state affects the use of a CMK, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide .

InvalidKeyUsageException

_InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the specified KeySpec value is not valid.

MalformedPolicyDocumentException

_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the specified policy is not syntactically or semantically correct.

UnsupportedOperationException

_UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation.

DisabledException

_DisabledException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the specified CMK is not enabled.

KeyUnavailableException

_KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the specified CMK was not available. The request can be retried.

IncorrectKeyMaterialException

_IncorrectKeyMaterialException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the provided key material is invalid or is not the same key material that was previously imported into this customer master key (CMK).

KMSInternalException

_KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because an internal exception occurred. The request can be retried.

TagException

_TagException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because one or more tags are not valid.

InvalidImportTokenException

_InvalidImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the provided import token is invalid or is associated with a different customer master key (CMK).

NotFoundException

_NotFoundException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the specified entity or resource could not be found.

InvalidAliasNameException

_InvalidAliasNameException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the specified alias name is not valid.

InvalidGrantIdException

_InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the specified GrantId is not valid.

InvalidGrantTokenException

_InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the specified grant token is not valid.

InvalidARNException

_InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because a specified ARN was not valid.

DependencyTimeoutException

_DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError #

The system timed out while trying to fulfill the request. The request can be retried.

ExpiredImportTokenException

_ExpiredImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the provided import token is expired. Use GetParametersForImport to get a new import token and public key, use the new public key to encrypt the key material, and then try the request again.

InvalidCiphertextException

_InvalidCiphertextException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because the specified ciphertext, or additional authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted, missing, or otherwise invalid.

AlreadyExistsException

_AlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because it attempted to create a resource that already exists.

LimitExceededException

_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError #

The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key Management Service Developer Guide .

Waiters

Waiters poll by repeatedly sending a request until some remote success condition configured by the Wait specification is fulfilled. The Wait specification determines how many attempts should be made, in addition to delay and retry strategies.

Operations

Some AWS operations return results that are incomplete and require subsequent requests in order to obtain the entire result set. The process of sending subsequent requests to continue where a previous request left off is called pagination. For example, the ListObjects operation of Amazon S3 returns up to 1000 objects at a time, and you must send subsequent requests with the appropriate Marker in order to retrieve the next page of results.

Operations that have an AWSPager instance can transparently perform subsequent requests, correctly setting Markers and other request facets to iterate through the entire result set of a truncated API operation. Operations which support this have an additional note in the documentation.

Many operations have the ability to filter results on the server side. See the individual operation parameters for details.

Encrypt

ListGrants (Paginated)

DisableKeyRotation

GenerateDataKeyWithoutPlaintext

GetParametersForImport

EnableKeyRotation

CreateAlias

CreateGrant

ListAliases (Paginated)

ListRetirableGrants

GenerateRandom

CreateKey

DisableKey

RetireGrant

ListKeys (Paginated)

ListResourceTags

GetKeyRotationStatus

GenerateDataKey

DeleteAlias

UpdateAlias

DescribeKey

CancelKeyDeletion

Decrypt

UpdateKeyDescription

ReEncrypt

TagResource

ListKeyPolicies (Paginated)

UntagResource

ScheduleKeyDeletion

PutKeyPolicy

EnableKey

RevokeGrant

GetKeyPolicy

ImportKeyMaterial

DeleteImportedKeyMaterial

Types

AlgorithmSpec

data AlgorithmSpec #

Instances

Bounded AlgorithmSpec # 
Enum AlgorithmSpec # 
Eq AlgorithmSpec # 
Data AlgorithmSpec # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> AlgorithmSpec -> c AlgorithmSpec #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c AlgorithmSpec #

toConstr :: AlgorithmSpec -> Constr #

dataTypeOf :: AlgorithmSpec -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c AlgorithmSpec) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c AlgorithmSpec) #

gmapT :: (forall b. Data b => b -> b) -> AlgorithmSpec -> AlgorithmSpec #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> AlgorithmSpec -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> AlgorithmSpec -> r #

gmapQ :: (forall d. Data d => d -> u) -> AlgorithmSpec -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> AlgorithmSpec -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> AlgorithmSpec -> m AlgorithmSpec #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> AlgorithmSpec -> m AlgorithmSpec #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> AlgorithmSpec -> m AlgorithmSpec #

Ord AlgorithmSpec # 
Read AlgorithmSpec # 
Show AlgorithmSpec # 
Generic AlgorithmSpec # 

Associated Types

type Rep AlgorithmSpec :: * -> * #

Hashable AlgorithmSpec # 
ToJSON AlgorithmSpec # 
NFData AlgorithmSpec # 

Methods

rnf :: AlgorithmSpec -> () #

ToHeader AlgorithmSpec # 
ToQuery AlgorithmSpec # 
ToByteString AlgorithmSpec # 
FromText AlgorithmSpec # 
ToText AlgorithmSpec # 

Methods

toText :: AlgorithmSpec -> Text #

type Rep AlgorithmSpec # 
type Rep AlgorithmSpec = D1 * (MetaData "AlgorithmSpec" "Network.AWS.KMS.Types.Sum" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) ((:+:) * (C1 * (MetaCons "RsaesOaepSha1" PrefixI False) (U1 *)) ((:+:) * (C1 * (MetaCons "RsaesOaepSha256" PrefixI False) (U1 *)) (C1 * (MetaCons "RsaesPKCS1V15" PrefixI False) (U1 *))))

DataKeySpec

data DataKeySpec #

Constructors

AES128 
AES256 

Instances

Bounded DataKeySpec # 
Enum DataKeySpec # 
Eq DataKeySpec # 
Data DataKeySpec # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> DataKeySpec -> c DataKeySpec #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c DataKeySpec #

toConstr :: DataKeySpec -> Constr #

dataTypeOf :: DataKeySpec -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c DataKeySpec) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c DataKeySpec) #

gmapT :: (forall b. Data b => b -> b) -> DataKeySpec -> DataKeySpec #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> DataKeySpec -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> DataKeySpec -> r #

gmapQ :: (forall d. Data d => d -> u) -> DataKeySpec -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> DataKeySpec -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> DataKeySpec -> m DataKeySpec #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> DataKeySpec -> m DataKeySpec #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> DataKeySpec -> m DataKeySpec #

Ord DataKeySpec # 
Read DataKeySpec # 
Show DataKeySpec # 
Generic DataKeySpec # 

Associated Types

type Rep DataKeySpec :: * -> * #

Hashable DataKeySpec # 
ToJSON DataKeySpec # 
NFData DataKeySpec # 

Methods

rnf :: DataKeySpec -> () #

ToHeader DataKeySpec # 
ToQuery DataKeySpec # 
ToByteString DataKeySpec # 
FromText DataKeySpec # 
ToText DataKeySpec # 

Methods

toText :: DataKeySpec -> Text #

type Rep DataKeySpec # 
type Rep DataKeySpec = D1 * (MetaData "DataKeySpec" "Network.AWS.KMS.Types.Sum" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) ((:+:) * (C1 * (MetaCons "AES128" PrefixI False) (U1 *)) (C1 * (MetaCons "AES256" PrefixI False) (U1 *)))

ExpirationModelType

data ExpirationModelType #

Instances

Bounded ExpirationModelType # 
Enum ExpirationModelType # 
Eq ExpirationModelType # 
Data ExpirationModelType # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> ExpirationModelType -> c ExpirationModelType #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c ExpirationModelType #

toConstr :: ExpirationModelType -> Constr #

dataTypeOf :: ExpirationModelType -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c ExpirationModelType) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c ExpirationModelType) #

gmapT :: (forall b. Data b => b -> b) -> ExpirationModelType -> ExpirationModelType #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> ExpirationModelType -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> ExpirationModelType -> r #

gmapQ :: (forall d. Data d => d -> u) -> ExpirationModelType -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> ExpirationModelType -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> ExpirationModelType -> m ExpirationModelType #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> ExpirationModelType -> m ExpirationModelType #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> ExpirationModelType -> m ExpirationModelType #

Ord ExpirationModelType # 
Read ExpirationModelType # 
Show ExpirationModelType # 
Generic ExpirationModelType # 
Hashable ExpirationModelType # 
ToJSON ExpirationModelType # 
FromJSON ExpirationModelType # 
NFData ExpirationModelType # 

Methods

rnf :: ExpirationModelType -> () #

ToHeader ExpirationModelType # 
ToQuery ExpirationModelType # 
ToByteString ExpirationModelType # 
FromText ExpirationModelType # 
ToText ExpirationModelType # 
type Rep ExpirationModelType # 
type Rep ExpirationModelType = D1 * (MetaData "ExpirationModelType" "Network.AWS.KMS.Types.Sum" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) ((:+:) * (C1 * (MetaCons "KeyMaterialDoesNotExpire" PrefixI False) (U1 *)) (C1 * (MetaCons "KeyMaterialExpires" PrefixI False) (U1 *)))

GrantOperation

data GrantOperation #

Instances

Bounded GrantOperation # 
Enum GrantOperation # 
Eq GrantOperation # 
Data GrantOperation # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> GrantOperation -> c GrantOperation #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c GrantOperation #

toConstr :: GrantOperation -> Constr #

dataTypeOf :: GrantOperation -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c GrantOperation) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c GrantOperation) #

gmapT :: (forall b. Data b => b -> b) -> GrantOperation -> GrantOperation #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> GrantOperation -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> GrantOperation -> r #

gmapQ :: (forall d. Data d => d -> u) -> GrantOperation -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> GrantOperation -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> GrantOperation -> m GrantOperation #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> GrantOperation -> m GrantOperation #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> GrantOperation -> m GrantOperation #

Ord GrantOperation # 
Read GrantOperation # 
Show GrantOperation # 
Generic GrantOperation # 

Associated Types

type Rep GrantOperation :: * -> * #

Hashable GrantOperation # 
ToJSON GrantOperation # 
FromJSON GrantOperation # 
NFData GrantOperation # 

Methods

rnf :: GrantOperation -> () #

ToHeader GrantOperation # 
ToQuery GrantOperation # 
ToByteString GrantOperation # 
FromText GrantOperation # 
ToText GrantOperation # 
type Rep GrantOperation # 
type Rep GrantOperation = D1 * (MetaData "GrantOperation" "Network.AWS.KMS.Types.Sum" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) ((:+:) * ((:+:) * ((:+:) * (C1 * (MetaCons "CreateGrant" PrefixI False) (U1 *)) (C1 * (MetaCons "Decrypt" PrefixI False) (U1 *))) ((:+:) * (C1 * (MetaCons "DescribeKey" PrefixI False) (U1 *)) (C1 * (MetaCons "Encrypt" PrefixI False) (U1 *)))) ((:+:) * ((:+:) * (C1 * (MetaCons "GenerateDataKey" PrefixI False) (U1 *)) (C1 * (MetaCons "GenerateDataKeyWithoutPlaintext" PrefixI False) (U1 *))) ((:+:) * (C1 * (MetaCons "ReEncryptFrom" PrefixI False) (U1 *)) ((:+:) * (C1 * (MetaCons "ReEncryptTo" PrefixI False) (U1 *)) (C1 * (MetaCons "RetireGrant" PrefixI False) (U1 *))))))

KeyManagerType

data KeyManagerType #

Constructors

AWS 
Customer 

Instances

Bounded KeyManagerType # 
Enum KeyManagerType # 
Eq KeyManagerType # 
Data KeyManagerType # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> KeyManagerType -> c KeyManagerType #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c KeyManagerType #

toConstr :: KeyManagerType -> Constr #

dataTypeOf :: KeyManagerType -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c KeyManagerType) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c KeyManagerType) #

gmapT :: (forall b. Data b => b -> b) -> KeyManagerType -> KeyManagerType #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> KeyManagerType -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> KeyManagerType -> r #

gmapQ :: (forall d. Data d => d -> u) -> KeyManagerType -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> KeyManagerType -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> KeyManagerType -> m KeyManagerType #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyManagerType -> m KeyManagerType #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyManagerType -> m KeyManagerType #

Ord KeyManagerType # 
Read KeyManagerType # 
Show KeyManagerType # 
Generic KeyManagerType # 

Associated Types

type Rep KeyManagerType :: * -> * #

Hashable KeyManagerType # 
FromJSON KeyManagerType # 
NFData KeyManagerType # 

Methods

rnf :: KeyManagerType -> () #

ToHeader KeyManagerType # 
ToQuery KeyManagerType # 
ToByteString KeyManagerType # 
FromText KeyManagerType # 
ToText KeyManagerType # 
type Rep KeyManagerType # 
type Rep KeyManagerType = D1 * (MetaData "KeyManagerType" "Network.AWS.KMS.Types.Sum" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) ((:+:) * (C1 * (MetaCons "AWS" PrefixI False) (U1 *)) (C1 * (MetaCons "Customer" PrefixI False) (U1 *)))

KeyState

data KeyState #

Instances

Bounded KeyState # 
Enum KeyState # 
Eq KeyState # 
Data KeyState # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> KeyState -> c KeyState #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c KeyState #

toConstr :: KeyState -> Constr #

dataTypeOf :: KeyState -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c KeyState) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c KeyState) #

gmapT :: (forall b. Data b => b -> b) -> KeyState -> KeyState #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> KeyState -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> KeyState -> r #

gmapQ :: (forall d. Data d => d -> u) -> KeyState -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> KeyState -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> KeyState -> m KeyState #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyState -> m KeyState #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyState -> m KeyState #

Ord KeyState # 
Read KeyState # 
Show KeyState # 
Generic KeyState # 

Associated Types

type Rep KeyState :: * -> * #

Methods

from :: KeyState -> Rep KeyState x #

to :: Rep KeyState x -> KeyState #

Hashable KeyState # 

Methods

hashWithSalt :: Int -> KeyState -> Int #

hash :: KeyState -> Int #

FromJSON KeyState # 
NFData KeyState # 

Methods

rnf :: KeyState -> () #

ToHeader KeyState # 

Methods

toHeader :: HeaderName -> KeyState -> [Header] #

ToQuery KeyState # 
ToByteString KeyState # 

Methods

toBS :: KeyState -> ByteString #

FromText KeyState # 
ToText KeyState # 

Methods

toText :: KeyState -> Text #

type Rep KeyState # 
type Rep KeyState = D1 * (MetaData "KeyState" "Network.AWS.KMS.Types.Sum" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) ((:+:) * ((:+:) * (C1 * (MetaCons "Disabled" PrefixI False) (U1 *)) (C1 * (MetaCons "Enabled" PrefixI False) (U1 *))) ((:+:) * (C1 * (MetaCons "PendingDeletion" PrefixI False) (U1 *)) (C1 * (MetaCons "PendingImport" PrefixI False) (U1 *))))

KeyUsageType

data KeyUsageType #

Constructors

EncryptDecrypt 

Instances

Bounded KeyUsageType # 
Enum KeyUsageType # 
Eq KeyUsageType # 
Data KeyUsageType # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> KeyUsageType -> c KeyUsageType #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c KeyUsageType #

toConstr :: KeyUsageType -> Constr #

dataTypeOf :: KeyUsageType -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c KeyUsageType) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c KeyUsageType) #

gmapT :: (forall b. Data b => b -> b) -> KeyUsageType -> KeyUsageType #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> KeyUsageType -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> KeyUsageType -> r #

gmapQ :: (forall d. Data d => d -> u) -> KeyUsageType -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> KeyUsageType -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> KeyUsageType -> m KeyUsageType #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyUsageType -> m KeyUsageType #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyUsageType -> m KeyUsageType #

Ord KeyUsageType # 
Read KeyUsageType # 
Show KeyUsageType # 
Generic KeyUsageType # 

Associated Types

type Rep KeyUsageType :: * -> * #

Hashable KeyUsageType # 
ToJSON KeyUsageType # 
FromJSON KeyUsageType # 
NFData KeyUsageType # 

Methods

rnf :: KeyUsageType -> () #

ToHeader KeyUsageType # 
ToQuery KeyUsageType # 
ToByteString KeyUsageType # 
FromText KeyUsageType # 
ToText KeyUsageType # 

Methods

toText :: KeyUsageType -> Text #

type Rep KeyUsageType # 
type Rep KeyUsageType = D1 * (MetaData "KeyUsageType" "Network.AWS.KMS.Types.Sum" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "EncryptDecrypt" PrefixI False) (U1 *))

OriginType

data OriginType #

Constructors

AWSKMS 
External 

Instances

Bounded OriginType # 
Enum OriginType # 
Eq OriginType # 
Data OriginType # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> OriginType -> c OriginType #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c OriginType #

toConstr :: OriginType -> Constr #

dataTypeOf :: OriginType -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c OriginType) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c OriginType) #

gmapT :: (forall b. Data b => b -> b) -> OriginType -> OriginType #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> OriginType -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> OriginType -> r #

gmapQ :: (forall d. Data d => d -> u) -> OriginType -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> OriginType -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> OriginType -> m OriginType #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> OriginType -> m OriginType #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> OriginType -> m OriginType #

Ord OriginType # 
Read OriginType # 
Show OriginType # 
Generic OriginType # 

Associated Types

type Rep OriginType :: * -> * #

Hashable OriginType # 
ToJSON OriginType # 
FromJSON OriginType # 
NFData OriginType # 

Methods

rnf :: OriginType -> () #

ToHeader OriginType # 
ToQuery OriginType # 
ToByteString OriginType # 
FromText OriginType # 
ToText OriginType # 

Methods

toText :: OriginType -> Text #

type Rep OriginType # 
type Rep OriginType = D1 * (MetaData "OriginType" "Network.AWS.KMS.Types.Sum" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) ((:+:) * (C1 * (MetaCons "AWSKMS" PrefixI False) (U1 *)) (C1 * (MetaCons "External" PrefixI False) (U1 *)))

WrappingKeySpec

data WrappingKeySpec #

Constructors

Rsa2048 

Instances

Bounded WrappingKeySpec # 
Enum WrappingKeySpec # 
Eq WrappingKeySpec # 
Data WrappingKeySpec # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> WrappingKeySpec -> c WrappingKeySpec #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c WrappingKeySpec #

toConstr :: WrappingKeySpec -> Constr #

dataTypeOf :: WrappingKeySpec -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c WrappingKeySpec) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c WrappingKeySpec) #

gmapT :: (forall b. Data b => b -> b) -> WrappingKeySpec -> WrappingKeySpec #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> WrappingKeySpec -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> WrappingKeySpec -> r #

gmapQ :: (forall d. Data d => d -> u) -> WrappingKeySpec -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> WrappingKeySpec -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> WrappingKeySpec -> m WrappingKeySpec #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> WrappingKeySpec -> m WrappingKeySpec #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> WrappingKeySpec -> m WrappingKeySpec #

Ord WrappingKeySpec # 
Read WrappingKeySpec # 
Show WrappingKeySpec # 
Generic WrappingKeySpec # 
Hashable WrappingKeySpec # 
ToJSON WrappingKeySpec # 
NFData WrappingKeySpec # 

Methods

rnf :: WrappingKeySpec -> () #

ToHeader WrappingKeySpec # 
ToQuery WrappingKeySpec # 
ToByteString WrappingKeySpec # 
FromText WrappingKeySpec # 
ToText WrappingKeySpec # 
type Rep WrappingKeySpec # 
type Rep WrappingKeySpec = D1 * (MetaData "WrappingKeySpec" "Network.AWS.KMS.Types.Sum" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "Rsa2048" PrefixI False) (U1 *))

AliasListEntry

data AliasListEntry #

Contains information about an alias.

See: aliasListEntry smart constructor.

Instances

Eq AliasListEntry # 
Data AliasListEntry # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> AliasListEntry -> c AliasListEntry #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c AliasListEntry #

toConstr :: AliasListEntry -> Constr #

dataTypeOf :: AliasListEntry -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c AliasListEntry) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c AliasListEntry) #

gmapT :: (forall b. Data b => b -> b) -> AliasListEntry -> AliasListEntry #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> AliasListEntry -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> AliasListEntry -> r #

gmapQ :: (forall d. Data d => d -> u) -> AliasListEntry -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> AliasListEntry -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> AliasListEntry -> m AliasListEntry #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> AliasListEntry -> m AliasListEntry #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> AliasListEntry -> m AliasListEntry #

Read AliasListEntry # 
Show AliasListEntry # 
Generic AliasListEntry # 

Associated Types

type Rep AliasListEntry :: * -> * #

Hashable AliasListEntry # 
FromJSON AliasListEntry # 
NFData AliasListEntry # 

Methods

rnf :: AliasListEntry -> () #

type Rep AliasListEntry # 
type Rep AliasListEntry = D1 * (MetaData "AliasListEntry" "Network.AWS.KMS.Types.Product" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "AliasListEntry'" PrefixI True) ((:*:) * (S1 * (MetaSel (Just Symbol "_aleTargetKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text))) ((:*:) * (S1 * (MetaSel (Just Symbol "_aleAliasName") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text))) (S1 * (MetaSel (Just Symbol "_aleAliasARN") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text))))))

aliasListEntry :: AliasListEntry #

Creates a value of AliasListEntry with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

aleTargetKeyId :: Lens' AliasListEntry (Maybe Text) #

String that contains the key identifier referred to by the alias.

aleAliasName :: Lens' AliasListEntry (Maybe Text) #

String that contains the alias.

aleAliasARN :: Lens' AliasListEntry (Maybe Text) #

String that contains the key ARN.

GrantConstraints

data GrantConstraints #

A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see Encryption Context in the AWS Key Management Service Developer Guide .

Grant constraints apply only to operations that accept encryption context as input. For example, the DescribeKey operation does not accept encryption context as input. A grant that allows the DescribeKey operation does so regardless of the grant constraints. In constrast, the Encrypt operation accepts encryption context as input. A grant that allows the Encrypt operation does so only when the encryption context of the Encrypt operation satisfies the grant constraints.

See: grantConstraints smart constructor.

Instances

Eq GrantConstraints # 
Data GrantConstraints # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> GrantConstraints -> c GrantConstraints #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c GrantConstraints #

toConstr :: GrantConstraints -> Constr #

dataTypeOf :: GrantConstraints -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c GrantConstraints) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c GrantConstraints) #

gmapT :: (forall b. Data b => b -> b) -> GrantConstraints -> GrantConstraints #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> GrantConstraints -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> GrantConstraints -> r #

gmapQ :: (forall d. Data d => d -> u) -> GrantConstraints -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> GrantConstraints -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> GrantConstraints -> m GrantConstraints #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> GrantConstraints -> m GrantConstraints #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> GrantConstraints -> m GrantConstraints #

Read GrantConstraints # 
Show GrantConstraints # 
Generic GrantConstraints # 
Hashable GrantConstraints # 
ToJSON GrantConstraints # 
FromJSON GrantConstraints # 
NFData GrantConstraints # 

Methods

rnf :: GrantConstraints -> () #

type Rep GrantConstraints # 
type Rep GrantConstraints = D1 * (MetaData "GrantConstraints" "Network.AWS.KMS.Types.Product" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "GrantConstraints'" PrefixI True) ((:*:) * (S1 * (MetaSel (Just Symbol "_gcEncryptionContextEquals") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe (Map Text Text)))) (S1 * (MetaSel (Just Symbol "_gcEncryptionContextSubset") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe (Map Text Text))))))

grantConstraints :: GrantConstraints #

Creates a value of GrantConstraints with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • gcEncryptionContextEquals - A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list, the grant allows the operation. Otherwise, the grant does not allow the operation.
  • gcEncryptionContextSubset - A list of key-value pairs, all of which must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list or is a superset of this list, the grant allows the operation. Otherwise, the grant does not allow the operation.

gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text) #

A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list, the grant allows the operation. Otherwise, the grant does not allow the operation.

gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text) #

A list of key-value pairs, all of which must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list or is a superset of this list, the grant allows the operation. Otherwise, the grant does not allow the operation.

GrantListEntry

data GrantListEntry #

Contains information about an entry in a list of grants.

See: grantListEntry smart constructor.

Instances

Eq GrantListEntry # 
Data GrantListEntry # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> GrantListEntry -> c GrantListEntry #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c GrantListEntry #

toConstr :: GrantListEntry -> Constr #

dataTypeOf :: GrantListEntry -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c GrantListEntry) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c GrantListEntry) #

gmapT :: (forall b. Data b => b -> b) -> GrantListEntry -> GrantListEntry #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> GrantListEntry -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> GrantListEntry -> r #

gmapQ :: (forall d. Data d => d -> u) -> GrantListEntry -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> GrantListEntry -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> GrantListEntry -> m GrantListEntry #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> GrantListEntry -> m GrantListEntry #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> GrantListEntry -> m GrantListEntry #

Read GrantListEntry # 
Show GrantListEntry # 
Generic GrantListEntry # 

Associated Types

type Rep GrantListEntry :: * -> * #

Hashable GrantListEntry # 
FromJSON GrantListEntry # 
NFData GrantListEntry # 

Methods

rnf :: GrantListEntry -> () #

type Rep GrantListEntry # 

grantListEntry :: GrantListEntry #

Creates a value of GrantListEntry with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • gleKeyId - The unique identifier for the customer master key (CMK) to which the grant applies.
  • gleRetiringPrincipal - The principal that can retire the grant.
  • gleIssuingAccount - The AWS account under which the grant was issued.
  • gleGrantId - The unique identifier for the grant.
  • gleConstraints - A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.
  • gleGranteePrincipal - The principal that receives the grant's permissions.
  • gleName - The friendly name that identifies the grant. If a name was provided in the CreateGrant request, that name is returned. Otherwise this value is null.
  • gleCreationDate - The date and time when the grant was created.
  • gleOperations - The list of operations permitted by the grant.

gleKeyId :: Lens' GrantListEntry (Maybe Text) #

The unique identifier for the customer master key (CMK) to which the grant applies.

gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text) #

The principal that can retire the grant.

gleIssuingAccount :: Lens' GrantListEntry (Maybe Text) #

The AWS account under which the grant was issued.

gleGrantId :: Lens' GrantListEntry (Maybe Text) #

The unique identifier for the grant.

gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints) #

A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.

gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text) #

The principal that receives the grant's permissions.

gleName :: Lens' GrantListEntry (Maybe Text) #

The friendly name that identifies the grant. If a name was provided in the CreateGrant request, that name is returned. Otherwise this value is null.

gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime) #

The date and time when the grant was created.

gleOperations :: Lens' GrantListEntry [GrantOperation] #

The list of operations permitted by the grant.

KeyListEntry

data KeyListEntry #

Contains information about each entry in the key list.

See: keyListEntry smart constructor.

Instances

Eq KeyListEntry # 
Data KeyListEntry # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> KeyListEntry -> c KeyListEntry #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c KeyListEntry #

toConstr :: KeyListEntry -> Constr #

dataTypeOf :: KeyListEntry -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c KeyListEntry) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c KeyListEntry) #

gmapT :: (forall b. Data b => b -> b) -> KeyListEntry -> KeyListEntry #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> KeyListEntry -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> KeyListEntry -> r #

gmapQ :: (forall d. Data d => d -> u) -> KeyListEntry -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> KeyListEntry -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> KeyListEntry -> m KeyListEntry #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyListEntry -> m KeyListEntry #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyListEntry -> m KeyListEntry #

Read KeyListEntry # 
Show KeyListEntry # 
Generic KeyListEntry # 

Associated Types

type Rep KeyListEntry :: * -> * #

Hashable KeyListEntry # 
FromJSON KeyListEntry # 
NFData KeyListEntry # 

Methods

rnf :: KeyListEntry -> () #

type Rep KeyListEntry # 
type Rep KeyListEntry = D1 * (MetaData "KeyListEntry" "Network.AWS.KMS.Types.Product" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "KeyListEntry'" PrefixI True) ((:*:) * (S1 * (MetaSel (Just Symbol "_kleKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text))) (S1 * (MetaSel (Just Symbol "_kleKeyARN") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text)))))

keyListEntry :: KeyListEntry #

Creates a value of KeyListEntry with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

kleKeyId :: Lens' KeyListEntry (Maybe Text) #

Unique identifier of the key.

kleKeyARN :: Lens' KeyListEntry (Maybe Text) #

ARN of the key.

KeyMetadata

data KeyMetadata #

Contains metadata about a customer master key (CMK).

This data type is used as a response element for the CreateKey and DescribeKey operations.

See: keyMetadata smart constructor.

Instances

Eq KeyMetadata # 
Data KeyMetadata # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> KeyMetadata -> c KeyMetadata #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c KeyMetadata #

toConstr :: KeyMetadata -> Constr #

dataTypeOf :: KeyMetadata -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c KeyMetadata) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c KeyMetadata) #

gmapT :: (forall b. Data b => b -> b) -> KeyMetadata -> KeyMetadata #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> KeyMetadata -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> KeyMetadata -> r #

gmapQ :: (forall d. Data d => d -> u) -> KeyMetadata -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> KeyMetadata -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> KeyMetadata -> m KeyMetadata #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyMetadata -> m KeyMetadata #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> KeyMetadata -> m KeyMetadata #

Read KeyMetadata # 
Show KeyMetadata # 
Generic KeyMetadata # 

Associated Types

type Rep KeyMetadata :: * -> * #

Hashable KeyMetadata # 
FromJSON KeyMetadata # 
NFData KeyMetadata # 

Methods

rnf :: KeyMetadata -> () #

type Rep KeyMetadata # 
type Rep KeyMetadata = D1 * (MetaData "KeyMetadata" "Network.AWS.KMS.Types.Product" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "KeyMetadata'" PrefixI True) ((:*:) * ((:*:) * ((:*:) * (S1 * (MetaSel (Just Symbol "_kmOrigin") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe OriginType))) ((:*:) * (S1 * (MetaSel (Just Symbol "_kmExpirationModel") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe ExpirationModelType))) (S1 * (MetaSel (Just Symbol "_kmKeyManager") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe KeyManagerType))))) ((:*:) * (S1 * (MetaSel (Just Symbol "_kmEnabled") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Bool))) ((:*:) * (S1 * (MetaSel (Just Symbol "_kmValidTo") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe POSIX))) (S1 * (MetaSel (Just Symbol "_kmARN") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text)))))) ((:*:) * ((:*:) * (S1 * (MetaSel (Just Symbol "_kmKeyState") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe KeyState))) ((:*:) * (S1 * (MetaSel (Just Symbol "_kmAWSAccountId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text))) (S1 * (MetaSel (Just Symbol "_kmKeyUsage") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe KeyUsageType))))) ((:*:) * ((:*:) * (S1 * (MetaSel (Just Symbol "_kmCreationDate") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe POSIX))) (S1 * (MetaSel (Just Symbol "_kmDeletionDate") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe POSIX)))) ((:*:) * (S1 * (MetaSel (Just Symbol "_kmDescription") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text))) (S1 * (MetaSel (Just Symbol "_kmKeyId") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Text)))))))

keyMetadata #

Arguments

:: Text

kmKeyId

-> KeyMetadata 

Creates a value of KeyMetadata with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • kmOrigin - The source of the CMK's key material. When this value is AWS_KMS , AWS KMS created the key material. When this value is EXTERNAL , the key material was imported from your existing key management infrastructure or the CMK lacks key material.
  • kmExpirationModel - Specifies whether the CMK's key material expires. This value is present only when Origin is EXTERNAL , otherwise this value is omitted.
  • kmKeyManager - The CMK's manager. CMKs are either customer-managed or AWS-managed. For more information about the difference, see Customer Master Keys in the AWS Key Management Service Developer Guide .
  • kmEnabled - Specifies whether the CMK is enabled. When KeyState is Enabled this value is true, otherwise it is false.
  • kmValidTo - The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. This value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel is KEY_MATERIAL_EXPIRES , otherwise this value is omitted.
  • kmARN - The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management Service (AWS KMS) in the Example ARNs section of the AWS General Reference .
  • kmKeyState - The state of the CMK. For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a Customer Master Key in the AWS Key Management Service Developer Guide .
  • kmAWSAccountId - The twelve-digit account ID of the AWS account that owns the CMK.
  • kmKeyUsage - The cryptographic operations for which you can use the CMK. Currently the only allowed value is ENCRYPT_DECRYPT , which means you can use the CMK for the Encrypt and Decrypt operations.
  • kmCreationDate - The date and time when the CMK was created.
  • kmDeletionDate - The date and time after which AWS KMS deletes the CMK. This value is present only when KeyState is PendingDeletion , otherwise this value is omitted.
  • kmDescription - The description of the CMK.
  • kmKeyId - The globally unique identifier for the CMK.

kmOrigin :: Lens' KeyMetadata (Maybe OriginType) #

The source of the CMK's key material. When this value is AWS_KMS , AWS KMS created the key material. When this value is EXTERNAL , the key material was imported from your existing key management infrastructure or the CMK lacks key material.

kmExpirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType) #

Specifies whether the CMK's key material expires. This value is present only when Origin is EXTERNAL , otherwise this value is omitted.

kmKeyManager :: Lens' KeyMetadata (Maybe KeyManagerType) #

The CMK's manager. CMKs are either customer-managed or AWS-managed. For more information about the difference, see Customer Master Keys in the AWS Key Management Service Developer Guide .

kmEnabled :: Lens' KeyMetadata (Maybe Bool) #

Specifies whether the CMK is enabled. When KeyState is Enabled this value is true, otherwise it is false.

kmValidTo :: Lens' KeyMetadata (Maybe UTCTime) #

The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. This value is present only for CMKs whose Origin is EXTERNAL and whose ExpirationModel is KEY_MATERIAL_EXPIRES , otherwise this value is omitted.

kmARN :: Lens' KeyMetadata (Maybe Text) #

The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management Service (AWS KMS) in the Example ARNs section of the AWS General Reference .

kmKeyState :: Lens' KeyMetadata (Maybe KeyState) #

The state of the CMK. For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a Customer Master Key in the AWS Key Management Service Developer Guide .

kmAWSAccountId :: Lens' KeyMetadata (Maybe Text) #

The twelve-digit account ID of the AWS account that owns the CMK.

kmKeyUsage :: Lens' KeyMetadata (Maybe KeyUsageType) #

The cryptographic operations for which you can use the CMK. Currently the only allowed value is ENCRYPT_DECRYPT , which means you can use the CMK for the Encrypt and Decrypt operations.

kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime) #

The date and time when the CMK was created.

kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime) #

The date and time after which AWS KMS deletes the CMK. This value is present only when KeyState is PendingDeletion , otherwise this value is omitted.

kmDescription :: Lens' KeyMetadata (Maybe Text) #

The description of the CMK.

kmKeyId :: Lens' KeyMetadata Text #

The globally unique identifier for the CMK.

ListGrantsResponse

data ListGrantsResponse #

See: listGrantsResponse smart constructor.

Instances

Eq ListGrantsResponse # 
Data ListGrantsResponse # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> ListGrantsResponse -> c ListGrantsResponse #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c ListGrantsResponse #

toConstr :: ListGrantsResponse -> Constr #

dataTypeOf :: ListGrantsResponse -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c ListGrantsResponse) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c ListGrantsResponse) #

gmapT :: (forall b. Data b => b -> b) -> ListGrantsResponse -> ListGrantsResponse #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> ListGrantsResponse -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> ListGrantsResponse -> r #

gmapQ :: (forall d. Data d => d -> u) -> ListGrantsResponse -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> ListGrantsResponse -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> ListGrantsResponse -> m ListGrantsResponse #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> ListGrantsResponse -> m ListGrantsResponse #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> ListGrantsResponse -> m ListGrantsResponse #

Read ListGrantsResponse # 
Show ListGrantsResponse # 
Generic ListGrantsResponse # 
Hashable ListGrantsResponse # 
FromJSON ListGrantsResponse # 
NFData ListGrantsResponse # 

Methods

rnf :: ListGrantsResponse -> () #

type Rep ListGrantsResponse # 
type Rep ListGrantsResponse = D1 * (MetaData "ListGrantsResponse" "Network.AWS.KMS.Types.Product" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "ListGrantsResponse'" PrefixI True) ((:*:) * (S1 * (MetaSel (Just Symbol "_lgTruncated") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Bool))) ((:*:) * (S1 * (MetaSel (Just Symbol "_lgGrants") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe [GrantListEntry]))) (S1 * (MetaSel (Just Symbol "_lgNextMarker") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * (Maybe Text))))))

listGrantsResponse :: ListGrantsResponse #

Creates a value of ListGrantsResponse with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

  • lgTruncated - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in this response to the Marker parameter in a subsequent request.
  • lgGrants - A list of grants.
  • lgNextMarker - When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.

lgTruncated :: Lens' ListGrantsResponse (Maybe Bool) #

A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in this response to the Marker parameter in a subsequent request.

lgNextMarker :: Lens' ListGrantsResponse (Maybe Text) #

When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.

Tag

data Tag #

A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.

For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the AWS Billing and Cost Management User Guide .

See: tag smart constructor.

Instances

Eq Tag # 

Methods

(==) :: Tag -> Tag -> Bool #

(/=) :: Tag -> Tag -> Bool #

Data Tag # 

Methods

gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Tag -> c Tag #

gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Tag #

toConstr :: Tag -> Constr #

dataTypeOf :: Tag -> DataType #

dataCast1 :: Typeable (* -> *) t => (forall d. Data d => c (t d)) -> Maybe (c Tag) #

dataCast2 :: Typeable (* -> * -> *) t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Tag) #

gmapT :: (forall b. Data b => b -> b) -> Tag -> Tag #

gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Tag -> r #

gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Tag -> r #

gmapQ :: (forall d. Data d => d -> u) -> Tag -> [u] #

gmapQi :: Int -> (forall d. Data d => d -> u) -> Tag -> u #

gmapM :: Monad m => (forall d. Data d => d -> m d) -> Tag -> m Tag #

gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Tag -> m Tag #

gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Tag -> m Tag #

Read Tag # 
Show Tag # 

Methods

showsPrec :: Int -> Tag -> ShowS #

show :: Tag -> String #

showList :: [Tag] -> ShowS #

Generic Tag # 

Associated Types

type Rep Tag :: * -> * #

Methods

from :: Tag -> Rep Tag x #

to :: Rep Tag x -> Tag #

Hashable Tag # 

Methods

hashWithSalt :: Int -> Tag -> Int #

hash :: Tag -> Int #

ToJSON Tag # 
FromJSON Tag # 
NFData Tag # 

Methods

rnf :: Tag -> () #

type Rep Tag # 
type Rep Tag = D1 * (MetaData "Tag" "Network.AWS.KMS.Types.Product" "amazonka-kms-1.6.0-1x3YFaSKSJTDyirX3XbKEX" False) (C1 * (MetaCons "Tag'" PrefixI True) ((:*:) * (S1 * (MetaSel (Just Symbol "_tagTagKey") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Text)) (S1 * (MetaSel (Just Symbol "_tagTagValue") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 * Text))))

tag #

Creates a value of Tag with the minimum fields required to make a request.

Use one of the following lenses to modify other fields as desired:

tagTagKey :: Lens' Tag Text #

The key of the tag.

tagTagValue :: Lens' Tag Text #

The value of the tag.