/* * Copyright 2010-2023 Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ package com.amazonaws.services.kms.model; import java.io.Serializable; import com.amazonaws.AmazonWebServiceRequest; /** *

* Replicates a multi-Region key into the specified Region. This operation * creates a multi-Region replica key based on a multi-Region primary key in a * different Region of the same Amazon Web Services partition. You can create * multiple replicas of a primary key, but each must be in a different Region. * To create a multi-Region primary key, use the CreateKey operation. *

* This operation supports multi-Region keys, an KMS feature that lets * you create multiple interoperable KMS keys in different Amazon Web Services * Regions. Because these KMS keys have the same key ID, key material, and other * metadata, you can use them interchangeably to encrypt data in one Amazon Web * Services Region and decrypt it in a different Amazon Web Services Region * without re-encrypting the data or making a cross-Region call. For more * information about multi-Region keys, see Multi-Region keys in KMS in the Key Management Service Developer * Guide. *

* A replica key is a fully-functional KMS key that can be used * independently of its primary and peer replica keys. A primary key and its * replica keys share properties that make them interoperable. They have the * same key ID and key material. They also have the same key spec, key usage, key material origin, and automatic key rotation status. KMS automatically synchronizes these * shared properties among related multi-Region keys. All other properties of a * replica key can differ, including its key * policy, tags, aliases, and Key states of KMS keys. KMS pricing and quotas for KMS keys apply to * each primary key and replica key. *

* When this operation completes, the new replica key has a transient key state * of Creating. This key state changes to Enabled (or * PendingImport) after a few seconds when the process of creating * the new replica key is complete. While the key state is Creating * , you can manage key, but you cannot yet use it in cryptographic operations. * If you are creating and using the replica key programmatically, retry on * KMSInvalidStateException or call DescribeKey to * check its KeyState value before using it. For details about the * Creating key state, see Key states of KMS keys in the Key Management Service Developer * Guide. *

* You cannot create more than one replica of a primary key in any Region. If * the Region already includes a replica of the key you're trying to replicate, * ReplicateKey returns an AlreadyExistsException * error. If the key state of the existing replica is * PendingDeletion, you can cancel the scheduled key deletion * (CancelKeyDeletion) or wait for the key to be deleted. The new replica * key you create will have the same shared properties as the original replica key. *

* The CloudTrail log of a ReplicateKey operation records a * ReplicateKey operation in the primary key's Region and a * CreateKey operation in the replica key's Region. *

* If you replicate a multi-Region primary key with imported key material, the * replica key is created with no key material. You must import the same key * material that you imported into the primary key. For details, see Importing key * material into multi-Region keys in the Key Management Service * Developer Guide. *

* To convert a replica key to a primary key, use the UpdatePrimaryRegion * operation. *

* *

* ReplicateKey uses different default values for the * KeyPolicy and Tags parameters than those used in * the KMS console. For details, see the parameter descriptions. *

* *

* Cross-account use: No. You cannot use this operation to create a * replica key in a different Amazon Web Services account. *

* Required permissions: *

*
* kms:ReplicateKey on the primary key (in the primary key's * Region). Include this permission in the primary key's key policy. *
*
*
* kms:CreateKey in an IAM policy in the replica Region. *
*
*
* To use the Tags parameter, kms:TagResource in an * IAM policy in the replica Region. *
*

* Related operations *

*
* CreateKey *
*
*
* UpdatePrimaryRegion *
*

*/ public class ReplicateKeyRequest extends AmazonWebServiceRequest implements Serializable { /** *

* Identifies the multi-Region primary key that is being replicated. To * determine whether a KMS key is a multi-Region primary key, use the * DescribeKey operation to check the value of the * MultiRegionKeyType property. *

* Specify the key ID or key ARN of a multi-Region primary key. *

* For example: *

*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *

* Constraints:
* Length: 1 - 2048
*/ private String keyId; /** *

* The Region ID of the Amazon Web Services Region for this replica key. *

* Enter the Region ID, such as us-east-1 or * ap-southeast-2. For a list of Amazon Web Services Regions in * which KMS is supported, see KMS * service endpoints in the Amazon Web Services General * Reference. *

* *

* HMAC KMS keys are not supported in all Amazon Web Services Regions. If * you try to replicate an HMAC KMS key in an Amazon Web Services Region in * which HMAC keys are not supported, the ReplicateKey * operation returns an UnsupportedOperationException. For a * list of Regions in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key Management Service Developer * Guide. *

* *

* The replica must be in a different Amazon Web Services Region than its * primary key and other replicas of that primary key, but in the same * Amazon Web Services partition. KMS must be available in the replica * Region. If the Region is not enabled by default, the Amazon Web Services * account must be enabled in the Region. For information about Amazon Web * Services partitions, see Amazon Resource Names (ARNs) in the Amazon Web Services General * Reference. For information about enabling and disabling Regions, see * Enabling a Region and Disabling a Region in the Amazon Web Services General * Reference. *

* Constraints:
* Length: 1 - 32
* Pattern: ^([a-z]+-){2,3}\d+$
*/ private String replicaRegion; /** *

* The key policy to attach to the KMS key. This parameter is optional. If * you do not provide a key policy, KMS attaches the default key policy to the KMS key. *

* The key policy is not a shared property of multi-Region keys. You can * specify the same key policy or a different key policy for each key in a * set of related multi-Region keys. KMS does not synchronize this property. *

* If you provide a key policy, it must meet the following criteria: *

*
* The key policy must allow the calling principal to make a subsequent * PutKeyPolicy request on the KMS key. This reduces the risk * that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer * Guide. (To omit this condition, set * BypassPolicyLockoutSafetyCheck to true.) *
*
*
* Each statement in the key policy must contain one or more principals. The * principals in the key policy must exist and be visible to KMS. When you * create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, * see Changes that I make are not always immediately visible in the * Amazon Web Services Identity and Access Management User Guide. *
*

* A key policy document can include only the following characters: *

*
* Printable ASCII characters from the space character (\u0020) * through the end of the ASCII character range. *
*
*
* Printable characters in the Basic Latin and Latin-1 Supplement character * set (through \u00FF). *
*
*
* The tab (\u0009), line feed (\u000A), and * carriage return (\u000D) special characters *
*

* For information about key policies, see Key policies in KMS in the Key Management Service Developer * Guide. For help writing and formatting a JSON policy document, see * the IAM JSON Policy Reference in the Identity and Access * Management User Guide . *

* Constraints:
* Length: 1 - 131072
* Pattern: [ -\u00FF]+
*/ private String policy; /** *

* Skips ("bypasses") the key policy lockout safety check. The default value * is false. *

* *

* Setting this value to true increases the risk that the KMS key becomes * unmanageable. Do not set this value to true indiscriminately. *

* For more information, see Default key policy in the Key Management Service Developer * Guide. *

* *

* Use this parameter only when you intend to prevent the principal that is * making the request from making a subsequent PutKeyPolicy request * on the KMS key. *

*/ private Boolean bypassPolicyLockoutSafetyCheck; /** *

* A description of the KMS key. The default value is an empty string (no * description). *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* The description is not a shared property of multi-Region keys. You can * specify the same description or a different description for each key in a * set of related multi-Region keys. KMS does not synchronize this property. *

* Constraints:
* Length: 0 - 8192
*/ private String description; /** *

* Assigns one or more tags to the replica key. Use this parameter to tag * the KMS key when it is created. To tag an existing KMS key, use the * TagResource operation. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Tagging or untagging a KMS key can allow or deny permission to the KMS * key. For details, see ABAC for KMS in the Key Management Service Developer Guide. *

* *

* To use this parameter, you must have kms:TagResource permission in an IAM policy. *

* Tags are not a shared property of multi-Region keys. You can specify the * same tags or different tags for each key in a set of related multi-Region * keys. KMS does not synchronize this property. *

* Each tag consists of a tag key and a tag value. Both the tag key and the * tag value are required, but the tag value can be an empty (null) string. * You cannot have more than one tag on a KMS key with the same tag key. If * you specify an existing tag key with a different tag value, KMS replaces * the current tag value with the specified one. *

* When you add tags to an Amazon Web Services resource, Amazon Web Services * generates a cost allocation report with usage and costs aggregated by * tags. Tags can also be used to control access to a KMS key. For details, * see Tagging Keys. *

*/ private java.util.List tags = new java.util.ArrayList(); /** *

* Specify the key ID or key ARN of a multi-Region primary key. *

* For example: *

*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *

* Constraints:
* Length: 1 - 2048
* * @return

* Identifies the multi-Region primary key that is being replicated. * To determine whether a KMS key is a multi-Region primary key, use * the DescribeKey operation to check the value of the * MultiRegionKeyType property. *

* Specify the key ID or key ARN of a multi-Region primary key. *

* For example: *

*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *
*

* To get the key ID and key ARN for a KMS key, use ListKeys * or DescribeKey. *

*/ public String getKeyId() { return keyId; } /** *

* Specify the key ID or key ARN of a multi-Region primary key. *

* For example: *

*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *

* Constraints:
* Length: 1 - 2048
* * @param keyId

* Identifies the multi-Region primary key that is being * replicated. To determine whether a KMS key is a multi-Region * primary key, use the DescribeKey operation to check the * value of the MultiRegionKeyType property. *

* Specify the key ID or key ARN of a multi-Region primary key. *

* For example: *

*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *
*

* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. *

*/ public void setKeyId(String keyId) { this.keyId = keyId; } /** *

* Specify the key ID or key ARN of a multi-Region primary key. *

* For example: *

*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *
*

* To get the key ID and key ARN for a KMS key, use ListKeys or * DescribeKey. *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 2048
* * @param keyId

* Specify the key ID or key ARN of a multi-Region primary key. *

* For example: *

*
* Key ID: mrk-1234abcd12ab34cd56ef1234567890ab *
*
*
* Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *
*

* To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReplicateKeyRequest withKeyId(String keyId) { this.keyId = keyId; return this; } /** *

* The Region ID of the Amazon Web Services Region for this replica key. *

* *

* Constraints:
* Length: 1 - 32
* Pattern: ^([a-z]+-){2,3}\d+$
* * @return

* The Region ID of the Amazon Web Services Region for this replica * key. *

* Enter the Region ID, such as us-east-1 or * ap-southeast-2. For a list of Amazon Web Services * Regions in which KMS is supported, see KMS service endpoints in the Amazon Web Services General * Reference. *

* *

* HMAC KMS keys are not supported in all Amazon Web Services * Regions. If you try to replicate an HMAC KMS key in an Amazon Web * Services Region in which HMAC keys are not supported, the * ReplicateKey operation returns an * UnsupportedOperationException. For a list of Regions * in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key Management Service Developer * Guide. *

* *

* The replica must be in a different Amazon Web Services Region * than its primary key and other replicas of that primary key, but * in the same Amazon Web Services partition. KMS must be available * in the replica Region. If the Region is not enabled by default, * the Amazon Web Services account must be enabled in the Region. * For information about Amazon Web Services partitions, see Amazon Resource Names (ARNs) in the Amazon Web Services * General Reference. For information about enabling and * disabling Regions, see Enabling a Region and Disabling a Region in the Amazon Web Services General * Reference. *

*/ public String getReplicaRegion() { return replicaRegion; } /** *

* The Region ID of the Amazon Web Services Region for this replica key. *

* *

* Constraints:
* Length: 1 - 32
* Pattern: ^([a-z]+-){2,3}\d+$
* * @param replicaRegion

* The Region ID of the Amazon Web Services Region for this * replica key. *

* *

* HMAC KMS keys are not supported in all Amazon Web Services * Regions. If you try to replicate an HMAC KMS key in an Amazon * Web Services Region in which HMAC keys are not supported, the * ReplicateKey operation returns an * UnsupportedOperationException. For a list of * Regions in which HMAC KMS keys are supported, see HMAC keys in KMS in the Key Management Service * Developer Guide. *

* *

* The replica must be in a different Amazon Web Services Region * than its primary key and other replicas of that primary key, * but in the same Amazon Web Services partition. KMS must be * available in the replica Region. If the Region is not enabled * by default, the Amazon Web Services account must be enabled in * the Region. For information about Amazon Web Services * partitions, see Amazon Resource Names (ARNs) in the Amazon Web * Services General Reference. For information about enabling * and disabling Regions, see Enabling a Region and Disabling a Region in the Amazon Web Services General * Reference. *

*/ public void setReplicaRegion(String replicaRegion) { this.replicaRegion = replicaRegion; } /** *

* The Region ID of the Amazon Web Services Region for this replica key. *

* *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 32
* Pattern: ^([a-z]+-){2,3}\d+$
* * @param replicaRegion

* The Region ID of the Amazon Web Services Region for this * replica key. *

* *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReplicateKeyRequest withReplicaRegion(String replicaRegion) { this.replicaRegion = replicaRegion; return this; } /** *

* The key policy to attach to the KMS key. This parameter is optional. If * you do not provide a key policy, KMS attaches the default key policy to the KMS key. *

* If you provide a key policy, it must meet the following criteria: *

*
* The key policy must allow the calling principal to make a subsequent * PutKeyPolicy request on the KMS key. This reduces the risk * that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer * Guide. (To omit this condition, set * BypassPolicyLockoutSafetyCheck to true.) *
*
*
* Each statement in the key policy must contain one or more principals. The * principals in the key policy must exist and be visible to KMS. When you * create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, * see Changes that I make are not always immediately visible in the * Amazon Web Services Identity and Access Management User Guide. *
*

* A key policy document can include only the following characters: *

*
* Printable ASCII characters from the space character (\u0020) * through the end of the ASCII character range. *
*
*
* Printable characters in the Basic Latin and Latin-1 Supplement character * set (through \u00FF). *
*
*
* The tab (\u0009), line feed (\u000A), and * carriage return (\u000D) special characters *
*

* Constraints:
* Length: 1 - 131072
* Pattern: [ -\u00FF]+
* * @return

* The key policy to attach to the KMS key. This parameter is * optional. If you do not provide a key policy, KMS attaches the default key policy to the KMS key. *

* The key policy is not a shared property of multi-Region keys. You * can specify the same key policy or a different key policy for * each key in a set of related multi-Region keys. KMS does not * synchronize this property. *

* If you provide a key policy, it must meet the following criteria: *

*
* The key policy must allow the calling principal to make a * subsequent PutKeyPolicy request on the KMS key. This * reduces the risk that the KMS key becomes unmanageable. For more * information, see Default key policy in the Key Management Service * Developer Guide. (To omit this condition, set * BypassPolicyLockoutSafetyCheck to true.) *
*
*
* Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be * visible to KMS. When you create a new Amazon Web Services * principal, you might need to enforce a delay before including the * new principal in a key policy because the new principal might not * be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in * the Amazon Web Services Identity and Access Management User * Guide. *
*

* A key policy document can include only the following characters: *

*
* Printable ASCII characters from the space character ( * \u0020) through the end of the ASCII character * range. *
*
*
* Printable characters in the Basic Latin and Latin-1 Supplement * character set (through \u00FF). *
*
*
* The tab (\u0009), line feed (\u000A), * and carriage return (\u000D) special characters *
*

* For information about key policies, see Key policies in KMS in the Key Management Service * Developer Guide. For help writing and formatting a JSON * policy document, see the IAM JSON Policy Reference in the Identity and Access * Management User Guide . *

*/ public String getPolicy() { return policy; } /** *

* The key policy to attach to the KMS key. This parameter is optional. If * you do not provide a key policy, KMS attaches the default key policy to the KMS key. *

* If you provide a key policy, it must meet the following criteria: *

*
* The key policy must allow the calling principal to make a subsequent * PutKeyPolicy request on the KMS key. This reduces the risk * that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer * Guide. (To omit this condition, set * BypassPolicyLockoutSafetyCheck to true.) *
*
*
* Each statement in the key policy must contain one or more principals. The * principals in the key policy must exist and be visible to KMS. When you * create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, * see Changes that I make are not always immediately visible in the * Amazon Web Services Identity and Access Management User Guide. *
*

* A key policy document can include only the following characters: *

*
* Printable ASCII characters from the space character (\u0020) * through the end of the ASCII character range. *
*
*
* Printable characters in the Basic Latin and Latin-1 Supplement character * set (through \u00FF). *
*
*
* The tab (\u0009), line feed (\u000A), and * carriage return (\u000D) special characters *
*

* Constraints:
* Length: 1 - 131072
* Pattern: [ -\u00FF]+
* * @param policy

* The key policy to attach to the KMS key. This parameter is * optional. If you do not provide a key policy, KMS attaches the * default key policy to the KMS key. *

* The key policy is not a shared property of multi-Region keys. * You can specify the same key policy or a different key policy * for each key in a set of related multi-Region keys. KMS does * not synchronize this property. *

* If you provide a key policy, it must meet the following * criteria: *

*
* The key policy must allow the calling principal to make a * subsequent PutKeyPolicy request on the KMS key. * This reduces the risk that the KMS key becomes unmanageable. * For more information, see Default key policy in the Key Management Service * Developer Guide. (To omit this condition, set * BypassPolicyLockoutSafetyCheck to true.) *
*
*
* Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be * visible to KMS. When you create a new Amazon Web Services * principal, you might need to enforce a delay before including * the new principal in a key policy because the new principal * might not be immediately visible to KMS. For more information, * see Changes that I make are not always immediately visible in * the Amazon Web Services Identity and Access Management User * Guide. *
*

* A key policy document can include only the following * characters: *

*
* Printable ASCII characters from the space character ( * \u0020) through the end of the ASCII character * range. *
*
*
* Printable characters in the Basic Latin and Latin-1 Supplement * character set (through \u00FF). *
*
*
* The tab (\u0009), line feed (\u000A * ), and carriage return (\u000D) special * characters *
*

*/ public void setPolicy(String policy) { this.policy = policy; } /** *

* The key policy to attach to the KMS key. This parameter is optional. If * you do not provide a key policy, KMS attaches the default key policy to the KMS key. *

* If you provide a key policy, it must meet the following criteria: *

*
* The key policy must allow the calling principal to make a subsequent * PutKeyPolicy request on the KMS key. This reduces the risk * that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer * Guide. (To omit this condition, set * BypassPolicyLockoutSafetyCheck to true.) *
*
*
* Each statement in the key policy must contain one or more principals. The * principals in the key policy must exist and be visible to KMS. When you * create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, * see Changes that I make are not always immediately visible in the * Amazon Web Services Identity and Access Management User Guide. *
*

* A key policy document can include only the following characters: *

*
* Printable ASCII characters from the space character (\u0020) * through the end of the ASCII character range. *
*
*
* Printable characters in the Basic Latin and Latin-1 Supplement character * set (through \u00FF). *
*
*
* The tab (\u0009), line feed (\u000A), and * carriage return (\u000D) special characters *
*

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 1 - 131072
* Pattern: [ -\u00FF]+
* * @param policy

* The key policy to attach to the KMS key. This parameter is * optional. If you do not provide a key policy, KMS attaches the * default key policy to the KMS key. *

* If you provide a key policy, it must meet the following * criteria: *

*
* The key policy must allow the calling principal to make a * subsequent PutKeyPolicy request on the KMS key. * This reduces the risk that the KMS key becomes unmanageable. * For more information, see Default key policy in the Key Management Service * Developer Guide. (To omit this condition, set * BypassPolicyLockoutSafetyCheck to true.) *
*
*
* Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be * visible to KMS. When you create a new Amazon Web Services * principal, you might need to enforce a delay before including * the new principal in a key policy because the new principal * might not be immediately visible to KMS. For more information, * see Changes that I make are not always immediately visible in * the Amazon Web Services Identity and Access Management User * Guide. *
*

* A key policy document can include only the following * characters: *

*
* Printable ASCII characters from the space character ( * \u0020) through the end of the ASCII character * range. *
*
*
* Printable characters in the Basic Latin and Latin-1 Supplement * character set (through \u00FF). *
*
*
* The tab (\u0009), line feed (\u000A * ), and carriage return (\u000D) special * characters *
*

* @return A reference to this updated object so that method calls can be * chained together. */ public ReplicateKeyRequest withPolicy(String policy) { this.policy = policy; return this; } /** *

* Skips ("bypasses") the key policy lockout safety check. The default value * is false. *

* *

* Setting this value to true increases the risk that the KMS key becomes * unmanageable. Do not set this value to true indiscriminately. *

* For more information, see Default key policy in the Key Management Service Developer * Guide. *

* *

* Use this parameter only when you intend to prevent the principal that is * making the request from making a subsequent PutKeyPolicy request * on the KMS key. *

* * @return

* Skips ("bypasses") the key policy lockout safety check. The * default value is false. *

* *

* Setting this value to true increases the risk that the KMS key * becomes unmanageable. Do not set this value to true * indiscriminately. *

* For more information, see Default key policy in the Key Management Service * Developer Guide. *

* *

* Use this parameter only when you intend to prevent the principal * that is making the request from making a subsequent * PutKeyPolicy request on the KMS key. *

*/ public Boolean isBypassPolicyLockoutSafetyCheck() { return bypassPolicyLockoutSafetyCheck; } /** *

* Skips ("bypasses") the key policy lockout safety check. The default value * is false. *

* *

* Setting this value to true increases the risk that the KMS key becomes * unmanageable. Do not set this value to true indiscriminately. *

* For more information, see Default key policy in the Key Management Service Developer * Guide. *

* *

* Use this parameter only when you intend to prevent the principal that is * making the request from making a subsequent PutKeyPolicy request * on the KMS key. *

* * @return

* Skips ("bypasses") the key policy lockout safety check. The * default value is false. *

* *

* Setting this value to true increases the risk that the KMS key * becomes unmanageable. Do not set this value to true * indiscriminately. *

* For more information, see Default key policy in the Key Management Service * Developer Guide. *

* *

* Use this parameter only when you intend to prevent the principal * that is making the request from making a subsequent * PutKeyPolicy request on the KMS key. *

*/ public Boolean getBypassPolicyLockoutSafetyCheck() { return bypassPolicyLockoutSafetyCheck; } /** *

* Skips ("bypasses") the key policy lockout safety check. The default value * is false. *

* *

* Setting this value to true increases the risk that the KMS key becomes * unmanageable. Do not set this value to true indiscriminately. *

* For more information, see Default key policy in the Key Management Service Developer * Guide. *

* *

* Use this parameter only when you intend to prevent the principal that is * making the request from making a subsequent PutKeyPolicy request * on the KMS key. *

* * @param bypassPolicyLockoutSafetyCheck

* Skips ("bypasses") the key policy lockout safety check. The * default value is false. *

* *

* Setting this value to true increases the risk that the KMS key * becomes unmanageable. Do not set this value to true * indiscriminately. *

* For more information, see Default key policy in the Key Management Service * Developer Guide. *

* *

* Use this parameter only when you intend to prevent the * principal that is making the request from making a subsequent * PutKeyPolicy request on the KMS key. *

*/ public void setBypassPolicyLockoutSafetyCheck(Boolean bypassPolicyLockoutSafetyCheck) { this.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck; } /** *

* Skips ("bypasses") the key policy lockout safety check. The default value * is false. *

* *

* Setting this value to true increases the risk that the KMS key becomes * unmanageable. Do not set this value to true indiscriminately. *

* For more information, see Default key policy in the Key Management Service Developer * Guide. *

* *

* Use this parameter only when you intend to prevent the principal that is * making the request from making a subsequent PutKeyPolicy request * on the KMS key. *

* Returns a reference to this object so that method calls can be chained * together. * * @param bypassPolicyLockoutSafetyCheck

* Skips ("bypasses") the key policy lockout safety check. The * default value is false. *

* *

* Setting this value to true increases the risk that the KMS key * becomes unmanageable. Do not set this value to true * indiscriminately. *

* For more information, see Default key policy in the Key Management Service * Developer Guide. *

* *

* Use this parameter only when you intend to prevent the * principal that is making the request from making a subsequent * PutKeyPolicy request on the KMS key. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReplicateKeyRequest withBypassPolicyLockoutSafetyCheck( Boolean bypassPolicyLockoutSafetyCheck) { this.bypassPolicyLockoutSafetyCheck = bypassPolicyLockoutSafetyCheck; return this; } /** *

* A description of the KMS key. The default value is an empty string (no * description). *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Constraints:
* Length: 0 - 8192
* * @return

* A description of the KMS key. The default value is an empty * string (no description). *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* The description is not a shared property of multi-Region keys. * You can specify the same description or a different description * for each key in a set of related multi-Region keys. KMS does not * synchronize this property. *

*/ public String getDescription() { return description; } /** *

* A description of the KMS key. The default value is an empty string (no * description). *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Constraints:
* Length: 0 - 8192
* * @param description

* A description of the KMS key. The default value is an empty * string (no description). *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* The description is not a shared property of multi-Region keys. * You can specify the same description or a different * description for each key in a set of related multi-Region * keys. KMS does not synchronize this property. *

*/ public void setDescription(String description) { this.description = description; } /** *

* A description of the KMS key. The default value is an empty string (no * description). *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Returns a reference to this object so that method calls can be chained * together. *

* Constraints:
* Length: 0 - 8192
* * @param description

* A description of the KMS key. The default value is an empty * string (no description). *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReplicateKeyRequest withDescription(String description) { this.description = description; return this; } /** *

* Assigns one or more tags to the replica key. Use this parameter to tag * the KMS key when it is created. To tag an existing KMS key, use the * TagResource operation. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Tagging or untagging a KMS key can allow or deny permission to the KMS * key. For details, see ABAC for KMS in the Key Management Service Developer Guide. *

* *

* To use this parameter, you must have kms:TagResource permission in an IAM policy. *

* * @return

* Assigns one or more tags to the replica key. Use this parameter * to tag the KMS key when it is created. To tag an existing KMS * key, use the TagResource operation. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* Tagging or untagging a KMS key can allow or deny permission to * the KMS key. For details, see ABAC for KMS in the Key Management Service Developer * Guide. *

* *

* To use this parameter, you must have kms:TagResource permission in an IAM policy. *

* Tags are not a shared property of multi-Region keys. You can * specify the same tags or different tags for each key in a set of * related multi-Region keys. KMS does not synchronize this * property. *

* Each tag consists of a tag key and a tag value. Both the tag key * and the tag value are required, but the tag value can be an empty * (null) string. You cannot have more than one tag on a KMS key * with the same tag key. If you specify an existing tag key with a * different tag value, KMS replaces the current tag value with the * specified one. *

* When you add tags to an Amazon Web Services resource, Amazon Web * Services generates a cost allocation report with usage and costs * aggregated by tags. Tags can also be used to control access to a * KMS key. For details, see Tagging Keys. *

*/ public java.util.List getTags() { return tags; } /** *

* Assigns one or more tags to the replica key. Use this parameter to tag * the KMS key when it is created. To tag an existing KMS key, use the * TagResource operation. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Tagging or untagging a KMS key can allow or deny permission to the KMS * key. For details, see ABAC for KMS in the Key Management Service Developer Guide. *

* *

* To use this parameter, you must have kms:TagResource permission in an IAM policy. *

* * @param tags

* Assigns one or more tags to the replica key. Use this * parameter to tag the KMS key when it is created. To tag an * existing KMS key, use the TagResource operation. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* Tagging or untagging a KMS key can allow or deny permission to * the KMS key. For details, see ABAC for KMS in the Key Management Service Developer * Guide. *

* *

* To use this parameter, you must have kms:TagResource permission in an IAM policy. *

* Tags are not a shared property of multi-Region keys. You can * specify the same tags or different tags for each key in a set * of related multi-Region keys. KMS does not synchronize this * property. *

* Each tag consists of a tag key and a tag value. Both the tag * key and the tag value are required, but the tag value can be * an empty (null) string. You cannot have more than one tag on a * KMS key with the same tag key. If you specify an existing tag * key with a different tag value, KMS replaces the current tag * value with the specified one. *

* When you add tags to an Amazon Web Services resource, Amazon * Web Services generates a cost allocation report with usage and * costs aggregated by tags. Tags can also be used to control * access to a KMS key. For details, see Tagging Keys. *

*/ public void setTags(java.util.Collection tags) { if (tags == null) { this.tags = null; return; } this.tags = new java.util.ArrayList(tags); } /** *

* Assigns one or more tags to the replica key. Use this parameter to tag * the KMS key when it is created. To tag an existing KMS key, use the * TagResource operation. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Tagging or untagging a KMS key can allow or deny permission to the KMS * key. For details, see ABAC for KMS in the Key Management Service Developer Guide. *

* *

* To use this parameter, you must have kms:TagResource permission in an IAM policy. *

* Returns a reference to this object so that method calls can be chained * together. * * @param tags

* Assigns one or more tags to the replica key. Use this * parameter to tag the KMS key when it is created. To tag an * existing KMS key, use the TagResource operation. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* Tagging or untagging a KMS key can allow or deny permission to * the KMS key. For details, see ABAC for KMS in the Key Management Service Developer * Guide. *

* *

* To use this parameter, you must have kms:TagResource permission in an IAM policy. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReplicateKeyRequest withTags(Tag... tags) { if (getTags() == null) { this.tags = new java.util.ArrayList(tags.length); } for (Tag value : tags) { this.tags.add(value); } return this; } /** *

* Assigns one or more tags to the replica key. Use this parameter to tag * the KMS key when it is created. To tag an existing KMS key, use the * TagResource operation. *

* *

* Do not include confidential or sensitive information in this field. This * field may be displayed in plaintext in CloudTrail logs and other output. *

* *

* Tagging or untagging a KMS key can allow or deny permission to the KMS * key. For details, see ABAC for KMS in the Key Management Service Developer Guide. *

* *

* To use this parameter, you must have kms:TagResource permission in an IAM policy. *

* Returns a reference to this object so that method calls can be chained * together. * * @param tags

* Assigns one or more tags to the replica key. Use this * parameter to tag the KMS key when it is created. To tag an * existing KMS key, use the TagResource operation. *

* *

* Do not include confidential or sensitive information in this * field. This field may be displayed in plaintext in CloudTrail * logs and other output. *

* *

* Tagging or untagging a KMS key can allow or deny permission to * the KMS key. For details, see ABAC for KMS in the Key Management Service Developer * Guide. *

* *

* To use this parameter, you must have kms:TagResource permission in an IAM policy. *

* @return A reference to this updated object so that method calls can be * chained together. */ public ReplicateKeyRequest withTags(java.util.Collection tags) { setTags(tags); return this; } /** * Returns a string representation of this object; useful for testing and * debugging. * * @return A string representation of this object. * @see java.lang.Object#toString() */ @Override public String toString() { StringBuilder sb = new StringBuilder(); sb.append("{"); if (getKeyId() != null) sb.append("KeyId: " + getKeyId() + ","); if (getReplicaRegion() != null) sb.append("ReplicaRegion: " + getReplicaRegion() + ","); if (getPolicy() != null) sb.append("Policy: " + getPolicy() + ","); if (getBypassPolicyLockoutSafetyCheck() != null) sb.append("BypassPolicyLockoutSafetyCheck: " + getBypassPolicyLockoutSafetyCheck() + ","); if (getDescription() != null) sb.append("Description: " + getDescription() + ","); if (getTags() != null) sb.append("Tags: " + getTags()); sb.append("}"); return sb.toString(); } @Override public int hashCode() { final int prime = 31; int hashCode = 1; hashCode = prime * hashCode + ((getKeyId() == null) ? 0 : getKeyId().hashCode()); hashCode = prime * hashCode + ((getReplicaRegion() == null) ? 0 : getReplicaRegion().hashCode()); hashCode = prime * hashCode + ((getPolicy() == null) ? 0 : getPolicy().hashCode()); hashCode = prime * hashCode + ((getBypassPolicyLockoutSafetyCheck() == null) ? 0 : getBypassPolicyLockoutSafetyCheck().hashCode()); hashCode = prime * hashCode + ((getDescription() == null) ? 0 : getDescription().hashCode()); hashCode = prime * hashCode + ((getTags() == null) ? 0 : getTags().hashCode()); return hashCode; } @Override public boolean equals(Object obj) { if (this == obj) return true; if (obj == null) return false; if (obj instanceof ReplicateKeyRequest == false) return false; ReplicateKeyRequest other = (ReplicateKeyRequest) obj; if (other.getKeyId() == null ^ this.getKeyId() == null) return false; if (other.getKeyId() != null && other.getKeyId().equals(this.getKeyId()) == false) return false; if (other.getReplicaRegion() == null ^ this.getReplicaRegion() == null) return false; if (other.getReplicaRegion() != null && other.getReplicaRegion().equals(this.getReplicaRegion()) == false) return false; if (other.getPolicy() == null ^ this.getPolicy() == null) return false; if (other.getPolicy() != null && other.getPolicy().equals(this.getPolicy()) == false) return false; if (other.getBypassPolicyLockoutSafetyCheck() == null ^ this.getBypassPolicyLockoutSafetyCheck() == null) return false; if (other.getBypassPolicyLockoutSafetyCheck() != null && other.getBypassPolicyLockoutSafetyCheck().equals( this.getBypassPolicyLockoutSafetyCheck()) == false) return false; if (other.getDescription() == null ^ this.getDescription() == null) return false; if (other.getDescription() != null && other.getDescription().equals(this.getDescription()) == false) return false; if (other.getTags() == null ^ this.getTags() == null) return false; if (other.getTags() != null && other.getTags().equals(this.getTags()) == false) return false; return true; } }