Copyright | (c) 2013-2018 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay+amazonka@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Synopsis
- kms :: Service
- _InvalidMarkerException :: AsError a => Getting (First ServiceError) a ServiceError
- _KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError
- _MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError
- _UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError
- _DisabledException :: AsError a => Getting (First ServiceError) a ServiceError
- _KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError
- _IncorrectKeyMaterialException :: AsError a => Getting (First ServiceError) a ServiceError
- _KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError
- _TagException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- _NotFoundException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidAliasNameException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError
- _DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError
- _ExpiredImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError
- _InvalidCiphertextException :: AsError a => Getting (First ServiceError) a ServiceError
- _AlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError
- _LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError
- data AlgorithmSpec
- data DataKeySpec
- data ExpirationModelType
- data GrantOperation
- data KeyManagerType
- data KeyState
- data KeyUsageType = EncryptDecrypt
- data OriginType
- data WrappingKeySpec = Rsa2048
- data AliasListEntry
- aliasListEntry :: AliasListEntry
- aleTargetKeyId :: Lens' AliasListEntry (Maybe Text)
- aleAliasName :: Lens' AliasListEntry (Maybe Text)
- aleAliasARN :: Lens' AliasListEntry (Maybe Text)
- data GrantConstraints
- grantConstraints :: GrantConstraints
- gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text)
- gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text)
- data GrantListEntry
- grantListEntry :: GrantListEntry
- gleKeyId :: Lens' GrantListEntry (Maybe Text)
- gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text)
- gleIssuingAccount :: Lens' GrantListEntry (Maybe Text)
- gleGrantId :: Lens' GrantListEntry (Maybe Text)
- gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints)
- gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text)
- gleName :: Lens' GrantListEntry (Maybe Text)
- gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime)
- gleOperations :: Lens' GrantListEntry [GrantOperation]
- data KeyListEntry
- keyListEntry :: KeyListEntry
- kleKeyId :: Lens' KeyListEntry (Maybe Text)
- kleKeyARN :: Lens' KeyListEntry (Maybe Text)
- data KeyMetadata
- keyMetadata :: Text -> KeyMetadata
- kmOrigin :: Lens' KeyMetadata (Maybe OriginType)
- kmExpirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType)
- kmKeyManager :: Lens' KeyMetadata (Maybe KeyManagerType)
- kmEnabled :: Lens' KeyMetadata (Maybe Bool)
- kmValidTo :: Lens' KeyMetadata (Maybe UTCTime)
- kmARN :: Lens' KeyMetadata (Maybe Text)
- kmKeyState :: Lens' KeyMetadata (Maybe KeyState)
- kmAWSAccountId :: Lens' KeyMetadata (Maybe Text)
- kmKeyUsage :: Lens' KeyMetadata (Maybe KeyUsageType)
- kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime)
- kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime)
- kmDescription :: Lens' KeyMetadata (Maybe Text)
- kmKeyId :: Lens' KeyMetadata Text
- data ListGrantsResponse
- listGrantsResponse :: ListGrantsResponse
- lgTruncated :: Lens' ListGrantsResponse (Maybe Bool)
- lgGrants :: Lens' ListGrantsResponse [GrantListEntry]
- lgNextMarker :: Lens' ListGrantsResponse (Maybe Text)
- data Tag
- tag :: Text -> Text -> Tag
- tagTagKey :: Lens' Tag Text
- tagTagValue :: Lens' Tag Text
Service Configuration
API version 2014-11-01
of the Amazon Key Management Service SDK configuration.
Errors
_InvalidMarkerException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the marker that specifies where pagination should next begin is not valid.
_KMSInvalidStateException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the state of the specified resource is not valid for this request.
For more information about how key state affects the use of a CMK, see How Key State Affects Use of a Customer Master Key in the AWS Key Management Service Developer Guide .
_InvalidKeyUsageException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified KeySpec
value is not valid.
_MalformedPolicyDocumentException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified policy is not syntactically or semantically correct.
_UnsupportedOperationException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because a specified parameter is not supported or a specified resource is not valid for this operation.
_DisabledException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified CMK is not enabled.
_KeyUnavailableException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified CMK was not available. The request can be retried.
_IncorrectKeyMaterialException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the provided key material is invalid or is not the same key material that was previously imported into this customer master key (CMK).
_KMSInternalException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because an internal exception occurred. The request can be retried.
_TagException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because one or more tags are not valid.
_InvalidImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the provided import token is invalid or is associated with a different customer master key (CMK).
_NotFoundException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified entity or resource could not be found.
_InvalidAliasNameException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified alias name is not valid.
_InvalidGrantIdException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified GrantId
is not valid.
_InvalidGrantTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified grant token is not valid.
_InvalidARNException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because a specified ARN was not valid.
_DependencyTimeoutException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The system timed out while trying to fulfill the request. The request can be retried.
_ExpiredImportTokenException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the provided import token is expired. Use GetParametersForImport
to get a new import token and public key, use the new public key to encrypt the key material, and then try the request again.
_InvalidCiphertextException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because the specified ciphertext, or additional authenticated data incorporated into the ciphertext, such as the encryption context, is corrupted, missing, or otherwise invalid.
_AlreadyExistsException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because it attempted to create a resource that already exists.
_LimitExceededException :: AsError a => Getting (First ServiceError) a ServiceError Source #
The request was rejected because a limit was exceeded. For more information, see Limits in the AWS Key Management Service Developer Guide .
AlgorithmSpec
data AlgorithmSpec Source #
Instances
DataKeySpec
data DataKeySpec Source #
Instances
ExpirationModelType
data ExpirationModelType Source #
Instances
GrantOperation
data GrantOperation Source #
CreateGrant | |
Decrypt | |
DescribeKey | |
Encrypt | |
GenerateDataKey | |
GenerateDataKeyWithoutPlaintext | |
ReEncryptFrom | |
ReEncryptTo | |
RetireGrant |
Instances
KeyManagerType
data KeyManagerType Source #
Instances
KeyState
Instances
KeyUsageType
data KeyUsageType Source #
Instances
OriginType
data OriginType Source #
Instances
WrappingKeySpec
data WrappingKeySpec Source #
Instances
AliasListEntry
data AliasListEntry Source #
Contains information about an alias.
See: aliasListEntry
smart constructor.
Instances
aliasListEntry :: AliasListEntry Source #
Creates a value of AliasListEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
aleTargetKeyId
- String that contains the key identifier referred to by the alias.aleAliasName
- String that contains the alias.aleAliasARN
- String that contains the key ARN.
aleTargetKeyId :: Lens' AliasListEntry (Maybe Text) Source #
String that contains the key identifier referred to by the alias.
aleAliasName :: Lens' AliasListEntry (Maybe Text) Source #
String that contains the alias.
aleAliasARN :: Lens' AliasListEntry (Maybe Text) Source #
String that contains the key ARN.
GrantConstraints
data GrantConstraints Source #
A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see Encryption Context in the AWS Key Management Service Developer Guide .
Grant constraints apply only to operations that accept encryption context as input. For example, the
operation does not accept encryption context as input. A grant that allows the DescribeKey
DescribeKey
operation does so regardless of the grant constraints. In constrast, the
operation accepts encryption context as input. A grant that allows the Encrypt
Encrypt
operation does so only when the encryption context of the Encrypt
operation satisfies the grant constraints.
See: grantConstraints
smart constructor.
Instances
grantConstraints :: GrantConstraints Source #
Creates a value of GrantConstraints
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gcEncryptionContextEquals
- A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list, the grant allows the operation. Otherwise, the grant does not allow the operation.gcEncryptionContextSubset
- A list of key-value pairs, all of which must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list or is a superset of this list, the grant allows the operation. Otherwise, the grant does not allow the operation.
gcEncryptionContextEquals :: Lens' GrantConstraints (HashMap Text Text) Source #
A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list, the grant allows the operation. Otherwise, the grant does not allow the operation.
gcEncryptionContextSubset :: Lens' GrantConstraints (HashMap Text Text) Source #
A list of key-value pairs, all of which must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list or is a superset of this list, the grant allows the operation. Otherwise, the grant does not allow the operation.
GrantListEntry
data GrantListEntry Source #
Contains information about an entry in a list of grants.
See: grantListEntry
smart constructor.
Instances
grantListEntry :: GrantListEntry Source #
Creates a value of GrantListEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
gleKeyId
- The unique identifier for the customer master key (CMK) to which the grant applies.gleRetiringPrincipal
- The principal that can retire the grant.gleIssuingAccount
- The AWS account under which the grant was issued.gleGrantId
- The unique identifier for the grant.gleConstraints
- A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.gleGranteePrincipal
- The principal that receives the grant's permissions.gleName
- The friendly name that identifies the grant. If a name was provided in theCreateGrant
request, that name is returned. Otherwise this value is null.gleCreationDate
- The date and time when the grant was created.gleOperations
- The list of operations permitted by the grant.
gleKeyId :: Lens' GrantListEntry (Maybe Text) Source #
The unique identifier for the customer master key (CMK) to which the grant applies.
gleRetiringPrincipal :: Lens' GrantListEntry (Maybe Text) Source #
The principal that can retire the grant.
gleIssuingAccount :: Lens' GrantListEntry (Maybe Text) Source #
The AWS account under which the grant was issued.
gleGrantId :: Lens' GrantListEntry (Maybe Text) Source #
The unique identifier for the grant.
gleConstraints :: Lens' GrantListEntry (Maybe GrantConstraints) Source #
A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.
gleGranteePrincipal :: Lens' GrantListEntry (Maybe Text) Source #
The principal that receives the grant's permissions.
gleName :: Lens' GrantListEntry (Maybe Text) Source #
The friendly name that identifies the grant. If a name was provided in the CreateGrant
request, that name is returned. Otherwise this value is null.
gleCreationDate :: Lens' GrantListEntry (Maybe UTCTime) Source #
The date and time when the grant was created.
gleOperations :: Lens' GrantListEntry [GrantOperation] Source #
The list of operations permitted by the grant.
KeyListEntry
data KeyListEntry Source #
Contains information about each entry in the key list.
See: keyListEntry
smart constructor.
Instances
keyListEntry :: KeyListEntry Source #
Creates a value of KeyListEntry
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
KeyMetadata
data KeyMetadata Source #
Contains metadata about a customer master key (CMK).
This data type is used as a response element for the CreateKey
and DescribeKey
operations.
See: keyMetadata
smart constructor.
Instances
:: Text | |
-> KeyMetadata |
Creates a value of KeyMetadata
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
kmOrigin
- The source of the CMK's key material. When this value isAWS_KMS
, AWS KMS created the key material. When this value isEXTERNAL
, the key material was imported from your existing key management infrastructure or the CMK lacks key material.kmExpirationModel
- Specifies whether the CMK's key material expires. This value is present only whenOrigin
isEXTERNAL
, otherwise this value is omitted.kmKeyManager
- The CMK's manager. CMKs are either customer-managed or AWS-managed. For more information about the difference, see Customer Master Keys in the AWS Key Management Service Developer Guide .kmEnabled
- Specifies whether the CMK is enabled. WhenKeyState
isEnabled
this value is true, otherwise it is false.kmValidTo
- The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. This value is present only for CMKs whoseOrigin
isEXTERNAL
and whoseExpirationModel
isKEY_MATERIAL_EXPIRES
, otherwise this value is omitted.kmARN
- The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management Service (AWS KMS) in the Example ARNs section of the AWS General Reference .kmKeyState
- The state of the CMK. For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a Customer Master Key in the AWS Key Management Service Developer Guide .kmAWSAccountId
- The twelve-digit account ID of the AWS account that owns the CMK.kmKeyUsage
- The cryptographic operations for which you can use the CMK. Currently the only allowed value isENCRYPT_DECRYPT
, which means you can use the CMK for theEncrypt
andDecrypt
operations.kmCreationDate
- The date and time when the CMK was created.kmDeletionDate
- The date and time after which AWS KMS deletes the CMK. This value is present only whenKeyState
isPendingDeletion
, otherwise this value is omitted.kmDescription
- The description of the CMK.kmKeyId
- The globally unique identifier for the CMK.
kmOrigin :: Lens' KeyMetadata (Maybe OriginType) Source #
The source of the CMK's key material. When this value is AWS_KMS
, AWS KMS created the key material. When this value is EXTERNAL
, the key material was imported from your existing key management infrastructure or the CMK lacks key material.
kmExpirationModel :: Lens' KeyMetadata (Maybe ExpirationModelType) Source #
Specifies whether the CMK's key material expires. This value is present only when Origin
is EXTERNAL
, otherwise this value is omitted.
kmKeyManager :: Lens' KeyMetadata (Maybe KeyManagerType) Source #
The CMK's manager. CMKs are either customer-managed or AWS-managed. For more information about the difference, see Customer Master Keys in the AWS Key Management Service Developer Guide .
kmEnabled :: Lens' KeyMetadata (Maybe Bool) Source #
Specifies whether the CMK is enabled. When KeyState
is Enabled
this value is true, otherwise it is false.
kmValidTo :: Lens' KeyMetadata (Maybe UTCTime) Source #
The time at which the imported key material expires. When the key material expires, AWS KMS deletes the key material and the CMK becomes unusable. This value is present only for CMKs whose Origin
is EXTERNAL
and whose ExpirationModel
is KEY_MATERIAL_EXPIRES
, otherwise this value is omitted.
kmARN :: Lens' KeyMetadata (Maybe Text) Source #
The Amazon Resource Name (ARN) of the CMK. For examples, see AWS Key Management Service (AWS KMS) in the Example ARNs section of the AWS General Reference .
kmKeyState :: Lens' KeyMetadata (Maybe KeyState) Source #
The state of the CMK. For more information about how key state affects the use of a CMK, see How Key State Affects the Use of a Customer Master Key in the AWS Key Management Service Developer Guide .
kmAWSAccountId :: Lens' KeyMetadata (Maybe Text) Source #
The twelve-digit account ID of the AWS account that owns the CMK.
kmCreationDate :: Lens' KeyMetadata (Maybe UTCTime) Source #
The date and time when the CMK was created.
kmDeletionDate :: Lens' KeyMetadata (Maybe UTCTime) Source #
The date and time after which AWS KMS deletes the CMK. This value is present only when KeyState
is PendingDeletion
, otherwise this value is omitted.
kmDescription :: Lens' KeyMetadata (Maybe Text) Source #
The description of the CMK.
ListGrantsResponse
data ListGrantsResponse Source #
See: listGrantsResponse
smart constructor.
Instances
listGrantsResponse :: ListGrantsResponse Source #
Creates a value of ListGrantsResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
lgTruncated
- A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of theNextMarker
element in this response to theMarker
parameter in a subsequent request.lgGrants
- A list of grants.lgNextMarker
- WhenTruncated
is true, this element is present and contains the value to use for theMarker
parameter in a subsequent request.
lgTruncated :: Lens' ListGrantsResponse (Maybe Bool) Source #
A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker
element in this response to the Marker
parameter in a subsequent request.
lgGrants :: Lens' ListGrantsResponse [GrantListEntry] Source #
A list of grants.
lgNextMarker :: Lens' ListGrantsResponse (Maybe Text) Source #
When Truncated
is true, this element is present and contains the value to use for the Marker
parameter in a subsequent request.
Tag
A key-value pair. A tag consists of a tag key and a tag value. Tag keys and tag values are both required, but tag values can be empty (null) strings.
For information about the rules that apply to tag keys and tag values, see User-Defined Tag Restrictions in the AWS Billing and Cost Management User Guide .
See: tag
smart constructor.
Instances
Eq Tag Source # | |
Data Tag Source # | |
Defined in Network.AWS.KMS.Types.Product gfoldl :: (forall d b. Data d => c (d -> b) -> d -> c b) -> (forall g. g -> c g) -> Tag -> c Tag # gunfold :: (forall b r. Data b => c (b -> r) -> c r) -> (forall r. r -> c r) -> Constr -> c Tag # dataTypeOf :: Tag -> DataType # dataCast1 :: Typeable t => (forall d. Data d => c (t d)) -> Maybe (c Tag) # dataCast2 :: Typeable t => (forall d e. (Data d, Data e) => c (t d e)) -> Maybe (c Tag) # gmapT :: (forall b. Data b => b -> b) -> Tag -> Tag # gmapQl :: (r -> r' -> r) -> r -> (forall d. Data d => d -> r') -> Tag -> r # gmapQr :: (r' -> r -> r) -> r -> (forall d. Data d => d -> r') -> Tag -> r # gmapQ :: (forall d. Data d => d -> u) -> Tag -> [u] # gmapQi :: Int -> (forall d. Data d => d -> u) -> Tag -> u # gmapM :: Monad m => (forall d. Data d => d -> m d) -> Tag -> m Tag # gmapMp :: MonadPlus m => (forall d. Data d => d -> m d) -> Tag -> m Tag # gmapMo :: MonadPlus m => (forall d. Data d => d -> m d) -> Tag -> m Tag # | |
Read Tag Source # | |
Show Tag Source # | |
Generic Tag Source # | |
Hashable Tag Source # | |
Defined in Network.AWS.KMS.Types.Product | |
ToJSON Tag Source # | |
Defined in Network.AWS.KMS.Types.Product | |
FromJSON Tag Source # | |
NFData Tag Source # | |
Defined in Network.AWS.KMS.Types.Product | |
type Rep Tag Source # | |
Defined in Network.AWS.KMS.Types.Product type Rep Tag = D1 (MetaData "Tag" "Network.AWS.KMS.Types.Product" "amazonka-kms-1.6.1-1UDljZYfeha1jjHbbMax4v" False) (C1 (MetaCons "Tag'" PrefixI True) (S1 (MetaSel (Just "_tagTagKey") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text) :*: S1 (MetaSel (Just "_tagTagValue") NoSourceUnpackedness SourceStrict DecidedStrict) (Rec0 Text))) |