target = "aws-kms-key-arn.txt#section-2.8"

# 2.8.  Identifying an an AWS KMS multi-Region ARN
#
# This function MUST take a single AWS KMS ARN
# 
# If the input is an invalid AWS KMS ARN this function MUST error.
# 
# If resource type is "alias", this is an AWS KMS alias ARN and MUST
# return false.  If the resource type is "key" and the resource ID starts with
# "mrk-", this is a AWS KMS multi-Region key ARN and MUST return true.
# If the resource type is "key" and the resource ID does not start with "mrk-",
# this is a (single-region) AWS KMS key ARN and MUST return false.

[[spec]]
level = "MUST"
quote = '''
This function MUST take a single AWS KMS ARN
'''

[[spec]]
level = "MUST"
quote = '''
If the input is an invalid AWS KMS ARN this function MUST error.
'''

[[spec]]
level = "MUST"
quote = '''
If resource type is "alias", this is an AWS KMS alias ARN and MUST
return false.
'''

[[spec]]
level = "MUST"
quote = '''
If the resource type is "key" and the resource ID starts with
"mrk-", this is a AWS KMS multi-Region key ARN and MUST return true.
'''

[[spec]]
level = "MUST"
quote = '''
If the resource type is "key" and the resource ID does not start with "mrk-",
this is a (single-region) AWS KMS key ARN and MUST return false.
'''