Copyright | (c) 2013-2016 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
- kms :: Service
- _InvalidMarkerException :: AsError a => Getting (First ServiceError) a ServiceError
- _KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError
- _UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- _DisabledException :: AsError a => Getting (First ServiceError) a ServiceError
- _KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError
- _IncorrectKeyMaterialException :: AsError a => Getting (First ServiceError) a ServiceError
- _KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- _NotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidAliasNameException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError
- _DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError
- _ExpiredImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidCiphertextException :: AsError a => Getting (First ServiceError) a ServiceError
- _AlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- data AlgorithmSpec
- data DataKeySpec
- data ExpirationModelType
- data GrantOperation
- data KeyState
- data KeyUsageType = EncryptDecrypt
- data OriginType
- data WrappingKeySpec = Rsa2048
- data AliasListEntry
- aliasListEntry :: AliasListEntry
- aleTargetKeyId :: Lens' AliasListEntry (Maybe Text)
- aleAliasName :: Lens' AliasListEntry (Maybe Text)
- aleAliasARN :: Lens' AliasListEntry (Maybe Text)
- data GrantConstraints
- grantConstraints :: GrantConstraints
- gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text)
- gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text)
- data GrantListEntry
- grantListEntry :: GrantListEntry
- gleKeyId :: Lens' GrantListEntry (Maybe Text)
- gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text)
- gleIssuingAccount :: Lens' GrantListEntry (Maybe Text)
- gleGrantId :: Lens' GrantListEntry (Maybe Text)
- gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints)
- gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text)
- gleName :: Lens' GrantListEntry (Maybe Text)
- gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime)
- gleOperations :: Lens' GrantListEntry [GrantOperation]
- data KeyListEntry
- keyListEntry :: KeyListEntry
- kleKeyId :: Lens' KeyListEntry (Maybe Text)
- kleKeyARN :: Lens' KeyListEntry (Maybe Text)
- data KeyMetadata
- keyMetadata :: Text -> KeyMetadata
- kmOrigin :: Lens' KeyMetadata (Maybe OriginType)
- kmExpirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType)
- kmEnabled :: Lens' KeyMetadata (Maybe Bool)
- kmValidTo :: Lens' KeyMetadata (Maybe UTCTime)
- kmARN :: Lens' KeyMetadata (Maybe Text)
- kmKeyState :: Lens' KeyMetadata (Maybe KeyState)
- kmAWSAccountId :: Lens' KeyMetadata (Maybe Text)
- kmKeyUsage :: Lens' KeyMetadata (Maybe KeyUsageType)
- kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime)
- kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime)
- kmDescription :: Lens' KeyMetadata (Maybe Text)
- kmKeyId :: Lens' KeyMetadata Text
- data ListGrantsResponse
- listGrantsResponse :: ListGrantsResponse
- lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
- lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
- lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
Service Configuration
API version '2014-11-01' of the Amazon Key Management Service SDK configuration.
Errors
_InvalidMarkerException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the marker that specifies where pagination should next begin is not valid.
_KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the state of the specified resource is not valid for this request.
For more information about how key state affects the use of a customer master key (CMK), see How Key State Affects the Use of a Customer Master Key in the AWS Key Management Service Developer Guide.
_InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified KeySpec parameter is not valid. The currently supported value is ENCRYPT/DECRYPT.
_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified policy is not syntactically or semantically correct.
_UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation.
_DisabledException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified key was marked as disabled.
_KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the key was not available. The request can be retried.
_IncorrectKeyMaterialException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the provided key material is invalid or is not the same key material that was previously imported into this customer master key (CMK).
_KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because an internal exception occurred. The request can be retried.
_InvalidImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the provided import token is invalid or is associated with a different customer master key (CMK).
_NotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified entity or resource could not be found.
_InvalidAliasNameException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified alias name is not valid.
_InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified GrantId
is not valid.
_InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because a grant token provided as part of the request is invalid.
_InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because a specified ARN was not valid.
_DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The system timed out while trying to fulfill the request. The request can be retried.
_ExpiredImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the provided import token is expired. Use GetParametersForImport to retrieve a new import token and public key, use the new public key to encrypt the key material, and then try the request again.
_InvalidCiphertextException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified ciphertext has been corrupted or is otherwise invalid.
_AlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to create a resource that already exists.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key Management Service Developer Guide.
AlgorithmSpec
data AlgorithmSpec Source #
DataKeySpec
data DataKeySpec Source #
ExpirationModelType
data ExpirationModelType Source #
GrantOperation
data GrantOperation Source #
CreateGrant | |
Decrypt | |
DescribeKey | |
Encrypt | |
GenerateDataKey | |
GenerateDataKeyWithoutPlaintext | |
ReEncryptFrom | |
ReEncryptTo | |
RetireGrant |
KeyState
KeyUsageType
data KeyUsageType Source #
OriginType
data OriginType Source #
WrappingKeySpec
data WrappingKeySpec Source #
AliasListEntry
data AliasListEntry Source #
Contains information about an alias.
See: aliasListEntry
smart constructor.
aliasListEntry :: AliasListEntry Source #
Creates a value of AliasListEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
aleTargetKeyId :: Lens' AliasListEntry (Maybe Text) Source #
String that contains the key identifier pointed to by the alias.
aleAliasName :: Lens' AliasListEntry (Maybe Text) Source #
String that contains the alias.
aleAliasARN :: Lens' AliasListEntry (Maybe Text) Source #
String that contains the key ARN.
GrantConstraints
data GrantConstraints Source #
A structure for specifying the conditions under which the operations permitted by the grant are allowed.
You can use this structure to allow the operations permitted by the grant only when a specified encryption context is present. For more information about encryption context, see Encryption Context in the AWS Key Management Service Developer Guide.
See: grantConstraints
smart constructor.
grantConstraints :: GrantConstraints Source #
Creates a value of GrantConstraints
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text) Source #
Contains a list of key-value pairs that must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list, the grant allows the operation. Otherwise, the operation is not allowed.
gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text) Source #
Contains a list of key-value pairs, a subset of which must be present in the encryption context of a subsequent operation permitted by the grant. When a subsequent operation permitted by the grant includes an encryption context that matches this list or is a subset of this list, the grant allows the operation. Otherwise, the operation is not allowed.
GrantListEntry
data GrantListEntry Source #
Contains information about an entry in a list of grants.
See: grantListEntry
smart constructor.
grantListEntry :: GrantListEntry Source #
Creates a value of GrantListEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gleKeyId :: Lens' GrantListEntry (Maybe Text) Source #
The unique identifier for the customer master key (CMK) to which the grant applies.
gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text) Source #
The principal that can retire the grant.
gleIssuingAccount :: Lens' GrantListEntry (Maybe Text) Source #
The AWS account under which the grant was issued.
gleGrantId :: Lens' GrantListEntry (Maybe Text) Source #
The unique identifier for the grant.
gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints) Source #
The conditions under which the grant's operations are allowed.
gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text) Source #
The principal that receives the grant's permissions.
gleName :: Lens' GrantListEntry (Maybe Text) Source #
The friendly name that identifies the grant. If a name was provided in the CreateGrant request, that name is returned. Otherwise this value is null.
gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime) Source #
The date and time when the grant was created.
gleOperations :: Lens' GrantListEntry [GrantOperation] Source #
The list of operations permitted by the grant.
KeyListEntry
data KeyListEntry Source #
Contains information about each entry in the key list.
See: keyListEntry
smart constructor.
keyListEntry :: KeyListEntry Source #
Creates a value of KeyListEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
KeyMetadata
data KeyMetadata Source #
Contains metadata about a customer master key (CMK).
This data type is used as a response element for the CreateKey and DescribeKey operations.
See: keyMetadata
smart constructor.
:: Text | |
-> KeyMetadata |
Creates a value of KeyMetadata
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
kmOrigin :: Lens' KeyMetadata (Maybe OriginType) Source #
The source of the CMK's key material. When this value is AWS_KMS
, AWS KMS created the key material. When this value is EXTERNAL
, the key material was imported from your existing key management infrastructure or the CMK lacks key material.
kmExpirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType) Source #
Specifies whether the CMK's key material expires. This value is present only when Origin
is EXTERNAL
, otherwise this value is omitted.
kmValidTo :: Lens' KeyMetadata (Maybe UTCTime) Source #
The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. This value is present only for CMKs whose Origin
is EXTERNAL
and whose ExpirationModel
is KEY_MATERIAL_EXPIRES
, otherwise this value is omitted.
kmARN :: Lens' KeyMetadata (Maybe Text) Source #
The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management Service (AWS KMS) in the Example ARNs section of the AWS General Reference.
kmKeyState :: Lens' KeyMetadata (Maybe KeyState) Source #
The state of the CMK.
For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a Customer Master Key in the AWS Key Management Service Developer Guide.
kmAWSAccountId :: Lens' KeyMetadata (Maybe Text) Source #
The twelve-digit account ID of the AWS account that owns the CMK.
kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime) Source #
The date and time when the CMK was created.
kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime) Source #
The date and time after which AWS KMS deletes the CMK. This value is present only when KeyState
is PendingDeletion
, otherwise this value is omitted.
kmDescription :: Lens' KeyMetadata (Maybe Text) Source #
The description of the CMK.
ListGrantsResponse
data ListGrantsResponse Source #
See: listGrantsResponse
smart constructor.
listGrantsResponse :: ListGrantsResponse Source #
Creates a value of ListGrantsResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lgTruncated :: Lens' ListGrantsResponse (Maybe Bool) Source #
A flag that indicates whether there are more items in the list. If your results were truncated, you can use the Marker
parameter to make a subsequent pagination request to retrieve more items in the list.
lgGrants :: Lens' ListGrantsResponse [GrantListEntry] Source #
A list of grants.
lgNextMarker :: Lens' ListGrantsResponse (Maybe Text) Source #
When Truncated
is true, this value is present and contains the value to use for the Marker
parameter in a subsequent pagination request.