/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include namespace Aws { namespace KMS { namespace Model { /** */ class CreateCustomKeyStoreRequest : public KMSRequest { public: AWS_KMS_API CreateCustomKeyStoreRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "CreateCustomKeyStore"; } AWS_KMS_API Aws::String SerializePayload() const override; AWS_KMS_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

Specifies a friendly name for the custom key store. The name must be unique * in your Amazon Web Services account and Region. This parameter is required for * all custom key stores.

Do not include confidential or * sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output.

*/ inline const Aws::String& GetCustomKeyStoreName() const{ return m_customKeyStoreName; } /** *

Specifies a friendly name for the custom key store. The name must be unique * in your Amazon Web Services account and Region. This parameter is required for * all custom key stores.

Do not include confidential or * sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output.

*/ inline bool CustomKeyStoreNameHasBeenSet() const { return m_customKeyStoreNameHasBeenSet; } /** *

Specifies a friendly name for the custom key store. The name must be unique * in your Amazon Web Services account and Region. This parameter is required for * all custom key stores.

Do not include confidential or * sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output.

*/ inline void SetCustomKeyStoreName(const Aws::String& value) { m_customKeyStoreNameHasBeenSet = true; m_customKeyStoreName = value; } /** *

Specifies a friendly name for the custom key store. The name must be unique * in your Amazon Web Services account and Region. This parameter is required for * all custom key stores.

Do not include confidential or * sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output.

*/ inline void SetCustomKeyStoreName(Aws::String&& value) { m_customKeyStoreNameHasBeenSet = true; m_customKeyStoreName = std::move(value); } /** *

Specifies a friendly name for the custom key store. The name must be unique * in your Amazon Web Services account and Region. This parameter is required for * all custom key stores.

Do not include confidential or * sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output.

*/ inline void SetCustomKeyStoreName(const char* value) { m_customKeyStoreNameHasBeenSet = true; m_customKeyStoreName.assign(value); } /** *

Specifies a friendly name for the custom key store. The name must be unique * in your Amazon Web Services account and Region. This parameter is required for * all custom key stores.

Do not include confidential or * sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output.

*/ inline CreateCustomKeyStoreRequest& WithCustomKeyStoreName(const Aws::String& value) { SetCustomKeyStoreName(value); return *this;} /** *

Specifies a friendly name for the custom key store. The name must be unique * in your Amazon Web Services account and Region. This parameter is required for * all custom key stores.

Do not include confidential or * sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output.

*/ inline CreateCustomKeyStoreRequest& WithCustomKeyStoreName(Aws::String&& value) { SetCustomKeyStoreName(std::move(value)); return *this;} /** *

Specifies a friendly name for the custom key store. The name must be unique * in your Amazon Web Services account and Region. This parameter is required for * all custom key stores.

Do not include confidential or * sensitive information in this field. This field may be displayed in plaintext in * CloudTrail logs and other output.

*/ inline CreateCustomKeyStoreRequest& WithCustomKeyStoreName(const char* value) { SetCustomKeyStoreName(value); return *this;} /** *

Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is * required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the cluster ID of any active CloudHSM * cluster that is not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters * operation.

*/ inline const Aws::String& GetCloudHsmClusterId() const{ return m_cloudHsmClusterId; } /** *

Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is * required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the cluster ID of any active CloudHSM * cluster that is not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters * operation.

*/ inline bool CloudHsmClusterIdHasBeenSet() const { return m_cloudHsmClusterIdHasBeenSet; } /** *

Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is * required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the cluster ID of any active CloudHSM * cluster that is not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters * operation.

*/ inline void SetCloudHsmClusterId(const Aws::String& value) { m_cloudHsmClusterIdHasBeenSet = true; m_cloudHsmClusterId = value; } /** *

Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is * required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the cluster ID of any active CloudHSM * cluster that is not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters * operation.

*/ inline void SetCloudHsmClusterId(Aws::String&& value) { m_cloudHsmClusterIdHasBeenSet = true; m_cloudHsmClusterId = std::move(value); } /** *

Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is * required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the cluster ID of any active CloudHSM * cluster that is not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters * operation.

*/ inline void SetCloudHsmClusterId(const char* value) { m_cloudHsmClusterIdHasBeenSet = true; m_cloudHsmClusterId.assign(value); } /** *

Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is * required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the cluster ID of any active CloudHSM * cluster that is not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters * operation.

*/ inline CreateCustomKeyStoreRequest& WithCloudHsmClusterId(const Aws::String& value) { SetCloudHsmClusterId(value); return *this;} /** *

Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is * required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the cluster ID of any active CloudHSM * cluster that is not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters * operation.

*/ inline CreateCustomKeyStoreRequest& WithCloudHsmClusterId(Aws::String&& value) { SetCloudHsmClusterId(std::move(value)); return *this;} /** *

Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is * required for custom key stores with CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the cluster ID of any active CloudHSM * cluster that is not already associated with a custom key store. To find the * cluster ID, use the DescribeClusters * operation.

*/ inline CreateCustomKeyStoreRequest& WithCloudHsmClusterId(const char* value) { SetCloudHsmClusterId(value); return *this;} /** *

Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the content of the trust anchor * certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized * the cluster.

*/ inline const Aws::String& GetTrustAnchorCertificate() const{ return m_trustAnchorCertificate; } /** *

Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the content of the trust anchor * certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized * the cluster.

*/ inline bool TrustAnchorCertificateHasBeenSet() const { return m_trustAnchorCertificateHasBeenSet; } /** *

Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the content of the trust anchor * certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized * the cluster.

*/ inline void SetTrustAnchorCertificate(const Aws::String& value) { m_trustAnchorCertificateHasBeenSet = true; m_trustAnchorCertificate = value; } /** *

Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the content of the trust anchor * certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized * the cluster.

*/ inline void SetTrustAnchorCertificate(Aws::String&& value) { m_trustAnchorCertificateHasBeenSet = true; m_trustAnchorCertificate = std::move(value); } /** *

Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the content of the trust anchor * certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized * the cluster.

*/ inline void SetTrustAnchorCertificate(const char* value) { m_trustAnchorCertificateHasBeenSet = true; m_trustAnchorCertificate.assign(value); } /** *

Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the content of the trust anchor * certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized * the cluster.

*/ inline CreateCustomKeyStoreRequest& WithTrustAnchorCertificate(const Aws::String& value) { SetTrustAnchorCertificate(value); return *this;} /** *

Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the content of the trust anchor * certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized * the cluster.

*/ inline CreateCustomKeyStoreRequest& WithTrustAnchorCertificate(Aws::String&& value) { SetTrustAnchorCertificate(std::move(value)); return *this;} /** *

Specifies the certificate for an CloudHSM key store. This parameter is * required for custom key stores with a CustomKeyStoreType of * AWS_CLOUDHSM.

Enter the content of the trust anchor * certificate for the CloudHSM cluster. This is the content of the * customerCA.crt file that you created when you initialized * the cluster.

*/ inline CreateCustomKeyStoreRequest& WithTrustAnchorCertificate(const char* value) { SetTrustAnchorCertificate(value); return *this;} /** *

Specifies the kmsuser password for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM.

Enter the * password of the * kmsuser crypto user (CU) account in the specified CloudHSM * cluster. KMS logs into the cluster as this user to manage key material on your * behalf.

The password must be a string of 7 to 32 characters. Its value is * case sensitive.

This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM cluster.

*/ inline const Aws::String& GetKeyStorePassword() const{ return m_keyStorePassword; } /** *

Specifies the kmsuser password for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM.

Enter the * password of the * kmsuser crypto user (CU) account in the specified CloudHSM * cluster. KMS logs into the cluster as this user to manage key material on your * behalf.

The password must be a string of 7 to 32 characters. Its value is * case sensitive.

This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM cluster.

*/ inline bool KeyStorePasswordHasBeenSet() const { return m_keyStorePasswordHasBeenSet; } /** *

Specifies the kmsuser password for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM.

Enter the * password of the * kmsuser crypto user (CU) account in the specified CloudHSM * cluster. KMS logs into the cluster as this user to manage key material on your * behalf.

The password must be a string of 7 to 32 characters. Its value is * case sensitive.

This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM cluster.

*/ inline void SetKeyStorePassword(const Aws::String& value) { m_keyStorePasswordHasBeenSet = true; m_keyStorePassword = value; } /** *

Specifies the kmsuser password for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM.

Enter the * password of the * kmsuser crypto user (CU) account in the specified CloudHSM * cluster. KMS logs into the cluster as this user to manage key material on your * behalf.

The password must be a string of 7 to 32 characters. Its value is * case sensitive.

This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM cluster.

*/ inline void SetKeyStorePassword(Aws::String&& value) { m_keyStorePasswordHasBeenSet = true; m_keyStorePassword = std::move(value); } /** *

Specifies the kmsuser password for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM.

Enter the * password of the * kmsuser crypto user (CU) account in the specified CloudHSM * cluster. KMS logs into the cluster as this user to manage key material on your * behalf.

The password must be a string of 7 to 32 characters. Its value is * case sensitive.

This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM cluster.

*/ inline void SetKeyStorePassword(const char* value) { m_keyStorePasswordHasBeenSet = true; m_keyStorePassword.assign(value); } /** *

Specifies the kmsuser password for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM.

Enter the * password of the * kmsuser crypto user (CU) account in the specified CloudHSM * cluster. KMS logs into the cluster as this user to manage key material on your * behalf.

The password must be a string of 7 to 32 characters. Its value is * case sensitive.

This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM cluster.

*/ inline CreateCustomKeyStoreRequest& WithKeyStorePassword(const Aws::String& value) { SetKeyStorePassword(value); return *this;} /** *

Specifies the kmsuser password for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM.

Enter the * password of the * kmsuser crypto user (CU) account in the specified CloudHSM * cluster. KMS logs into the cluster as this user to manage key material on your * behalf.

The password must be a string of 7 to 32 characters. Its value is * case sensitive.

This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM cluster.

*/ inline CreateCustomKeyStoreRequest& WithKeyStorePassword(Aws::String&& value) { SetKeyStorePassword(std::move(value)); return *this;} /** *

Specifies the kmsuser password for an CloudHSM key store. This * parameter is required for custom key stores with a * CustomKeyStoreType of AWS_CLOUDHSM.

Enter the * password of the * kmsuser crypto user (CU) account in the specified CloudHSM * cluster. KMS logs into the cluster as this user to manage key material on your * behalf.

The password must be a string of 7 to 32 characters. Its value is * case sensitive.

This parameter tells KMS the kmsuser account * password; it does not change the password in the CloudHSM cluster.

*/ inline CreateCustomKeyStoreRequest& WithKeyStorePassword(const char* value) { SetKeyStorePassword(value); return *this;} /** *

Specifies the type of custom key store. The default value is * AWS_CLOUDHSM.

For a custom key store backed by an CloudHSM * cluster, omit the parameter or enter AWS_CLOUDHSM. For a custom key * store backed by an external key manager outside of Amazon Web Services, enter * EXTERNAL_KEY_STORE. You cannot change this property after the key * store is created.

*/ inline const CustomKeyStoreType& GetCustomKeyStoreType() const{ return m_customKeyStoreType; } /** *

Specifies the type of custom key store. The default value is * AWS_CLOUDHSM.

*/ inline bool CustomKeyStoreTypeHasBeenSet() const { return m_customKeyStoreTypeHasBeenSet; } /** *

Specifies the type of custom key store. The default value is * AWS_CLOUDHSM.

*/ inline void SetCustomKeyStoreType(const CustomKeyStoreType& value) { m_customKeyStoreTypeHasBeenSet = true; m_customKeyStoreType = value; } /** *

Specifies the type of custom key store. The default value is * AWS_CLOUDHSM.

*/ inline void SetCustomKeyStoreType(CustomKeyStoreType&& value) { m_customKeyStoreTypeHasBeenSet = true; m_customKeyStoreType = std::move(value); } /** *

Specifies the type of custom key store. The default value is * AWS_CLOUDHSM.

*/ inline CreateCustomKeyStoreRequest& WithCustomKeyStoreType(const CustomKeyStoreType& value) { SetCustomKeyStoreType(value); return *this;} /** *

Specifies the type of custom key store. The default value is * AWS_CLOUDHSM.

*/ inline CreateCustomKeyStoreRequest& WithCustomKeyStoreType(CustomKeyStoreType&& value) { SetCustomKeyStoreType(std::move(value)); return *this;} /** *

Specifies the endpoint that KMS uses to send requests to the external key * store proxy (XKS proxy). This parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

The * protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in * the XksProxyUriEndpoint value.

For external key stores with * XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC * endpoint service.

For external key stores with * PUBLIC_ENDPOINT connectivity, this endpoint must be reachable * before you create the custom key store. KMS connects to the external key store * proxy while creating the custom key store. For external key stores with * VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call the * ConnectCustomKeyStore operation.

The value of this parameter must * begin with https://. The remainder can contain upper and lower case * letters (A-Z and a-z), numbers (0-9), dots (.), and hyphens * (-). Additional slashes (/ and \) are not * permitted.

Uniqueness requirements:

The * combined XksProxyUriEndpoint and XksProxyUriPath * values must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity * cannot use the same XksProxyUriEndpoint value as an external key * store with VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web * Services Region.
Each external key store with * VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique * in the Amazon Web Services account and Region.

*/ inline const Aws::String& GetXksProxyUriEndpoint() const{ return m_xksProxyUriEndpoint; } /** *

The * protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in * the XksProxyUriEndpoint value.

For external key stores with * XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC * endpoint service.

Uniqueness requirements:

The * combined XksProxyUriEndpoint and XksProxyUriPath * values must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity * cannot use the same XksProxyUriEndpoint value as an external key * store with VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web * Services Region.
Each external key store with * VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique * in the Amazon Web Services account and Region.

*/ inline bool XksProxyUriEndpointHasBeenSet() const { return m_xksProxyUriEndpointHasBeenSet; } /** *

The * protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in * the XksProxyUriEndpoint value.

For external key stores with * XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC * endpoint service.

Uniqueness requirements:

The * combined XksProxyUriEndpoint and XksProxyUriPath * values must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity * cannot use the same XksProxyUriEndpoint value as an external key * store with VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web * Services Region.
Each external key store with * VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique * in the Amazon Web Services account and Region.

*/ inline void SetXksProxyUriEndpoint(const Aws::String& value) { m_xksProxyUriEndpointHasBeenSet = true; m_xksProxyUriEndpoint = value; } /** *

The * protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in * the XksProxyUriEndpoint value.

For external key stores with * XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC * endpoint service.

Uniqueness requirements:

The * combined XksProxyUriEndpoint and XksProxyUriPath * values must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity * cannot use the same XksProxyUriEndpoint value as an external key * store with VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web * Services Region.
Each external key store with * VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique * in the Amazon Web Services account and Region.

*/ inline void SetXksProxyUriEndpoint(Aws::String&& value) { m_xksProxyUriEndpointHasBeenSet = true; m_xksProxyUriEndpoint = std::move(value); } /** *

The * protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in * the XksProxyUriEndpoint value.

For external key stores with * XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC * endpoint service.

Uniqueness requirements:

The * combined XksProxyUriEndpoint and XksProxyUriPath * values must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity * cannot use the same XksProxyUriEndpoint value as an external key * store with VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web * Services Region.
Each external key store with * VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique * in the Amazon Web Services account and Region.

*/ inline void SetXksProxyUriEndpoint(const char* value) { m_xksProxyUriEndpointHasBeenSet = true; m_xksProxyUriEndpoint.assign(value); } /** *

The * protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in * the XksProxyUriEndpoint value.

For external key stores with * XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC * endpoint service.

Uniqueness requirements:

The * combined XksProxyUriEndpoint and XksProxyUriPath * values must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity * cannot use the same XksProxyUriEndpoint value as an external key * store with VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web * Services Region.
Each external key store with * VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique * in the Amazon Web Services account and Region.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyUriEndpoint(const Aws::String& value) { SetXksProxyUriEndpoint(value); return *this;} /** *

The * protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in * the XksProxyUriEndpoint value.

For external key stores with * XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC * endpoint service.

Uniqueness requirements:

The * combined XksProxyUriEndpoint and XksProxyUriPath * values must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity * cannot use the same XksProxyUriEndpoint value as an external key * store with VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web * Services Region.
Each external key store with * VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique * in the Amazon Web Services account and Region.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyUriEndpoint(Aws::String&& value) { SetXksProxyUriEndpoint(std::move(value)); return *this;} /** *

The * protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in * the XksProxyUriEndpoint value.

For external key stores with * XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, * specify https:// followed by the private DNS name of the VPC * endpoint service.

Uniqueness requirements:

The * combined XksProxyUriEndpoint and XksProxyUriPath * values must be unique in the Amazon Web Services account and Region.
An external key store with PUBLIC_ENDPOINT connectivity * cannot use the same XksProxyUriEndpoint value as an external key * store with VPC_ENDPOINT_SERVICE connectivity in the same Amazon Web * Services Region.
Each external key store with * VPC_ENDPOINT_SERVICE connectivity must have its own private DNS * name. The XksProxyUriEndpoint value for external key stores with * VPC_ENDPOINT_SERVICE connectivity (private DNS name) must be unique * in the Amazon Web Services account and Region.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyUriEndpoint(const char* value) { SetXksProxyUriEndpoint(value); return *this;} /** *

Specifies the base path to the proxy APIs for this external key store. To * find this value, see the documentation for your external key store proxy. This * parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

The * value must start with / and must end with /kms/xks/v1 * where v1 represents the version of the KMS external key store proxy * API. This path can include an optional prefix between the required elements such * as /prefix/kms/xks/v1.

Uniqueness requirements: *

The combined XksProxyUriEndpoint and * XksProxyUriPath values must be unique in the Amazon Web Services * account and Region.

*/ inline const Aws::String& GetXksProxyUriPath() const{ return m_xksProxyUriPath; } /** *

Uniqueness requirements: *

The combined XksProxyUriEndpoint and * XksProxyUriPath values must be unique in the Amazon Web Services * account and Region.

*/ inline bool XksProxyUriPathHasBeenSet() const { return m_xksProxyUriPathHasBeenSet; } /** *

Uniqueness requirements: *

The combined XksProxyUriEndpoint and * XksProxyUriPath values must be unique in the Amazon Web Services * account and Region.

*/ inline void SetXksProxyUriPath(const Aws::String& value) { m_xksProxyUriPathHasBeenSet = true; m_xksProxyUriPath = value; } /** *

Uniqueness requirements: *

The combined XksProxyUriEndpoint and * XksProxyUriPath values must be unique in the Amazon Web Services * account and Region.

*/ inline void SetXksProxyUriPath(Aws::String&& value) { m_xksProxyUriPathHasBeenSet = true; m_xksProxyUriPath = std::move(value); } /** *

Uniqueness requirements: *

The combined XksProxyUriEndpoint and * XksProxyUriPath values must be unique in the Amazon Web Services * account and Region.

*/ inline void SetXksProxyUriPath(const char* value) { m_xksProxyUriPathHasBeenSet = true; m_xksProxyUriPath.assign(value); } /** *

Uniqueness requirements: *

The combined XksProxyUriEndpoint and * XksProxyUriPath values must be unique in the Amazon Web Services * account and Region.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyUriPath(const Aws::String& value) { SetXksProxyUriPath(value); return *this;} /** *

Uniqueness requirements: *

The combined XksProxyUriEndpoint and * XksProxyUriPath values must be unique in the Amazon Web Services * account and Region.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyUriPath(Aws::String&& value) { SetXksProxyUriPath(std::move(value)); return *this;} /** *

Uniqueness requirements: *

The combined XksProxyUriEndpoint and * XksProxyUriPath values must be unique in the Amazon Web Services * account and Region.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyUriPath(const char* value) { SetXksProxyUriPath(value); return *this;} /** *

Specifies the name of the Amazon VPC endpoint service for interface endpoints * that is used to communicate with your external key store proxy (XKS proxy). This * parameter is required when the value of CustomKeyStoreType is * EXTERNAL_KEY_STORE and the value of * XksProxyConnectivity is VPC_ENDPOINT_SERVICE.

The Amazon VPC endpoint service must fulfill * all requirements for use with an external key store.

Uniqueness * requirements:

External key stores with * VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS * name.

*/ inline const Aws::String& GetXksProxyVpcEndpointServiceName() const{ return m_xksProxyVpcEndpointServiceName; } /** *

The Amazon VPC endpoint service must fulfill * all requirements for use with an external key store.

Uniqueness * requirements:

External key stores with * VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS * name.

*/ inline bool XksProxyVpcEndpointServiceNameHasBeenSet() const { return m_xksProxyVpcEndpointServiceNameHasBeenSet; } /** *

The Amazon VPC endpoint service must fulfill * all requirements for use with an external key store.

Uniqueness * requirements:

External key stores with * VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS * name.

*/ inline void SetXksProxyVpcEndpointServiceName(const Aws::String& value) { m_xksProxyVpcEndpointServiceNameHasBeenSet = true; m_xksProxyVpcEndpointServiceName = value; } /** *

The Amazon VPC endpoint service must fulfill * all requirements for use with an external key store.

Uniqueness * requirements:

External key stores with * VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS * name.

*/ inline void SetXksProxyVpcEndpointServiceName(Aws::String&& value) { m_xksProxyVpcEndpointServiceNameHasBeenSet = true; m_xksProxyVpcEndpointServiceName = std::move(value); } /** *

The Amazon VPC endpoint service must fulfill * all requirements for use with an external key store.

Uniqueness * requirements:

External key stores with * VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS * name.

*/ inline void SetXksProxyVpcEndpointServiceName(const char* value) { m_xksProxyVpcEndpointServiceNameHasBeenSet = true; m_xksProxyVpcEndpointServiceName.assign(value); } /** *

The Amazon VPC endpoint service must fulfill * all requirements for use with an external key store.

Uniqueness * requirements:

External key stores with * VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS * name.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyVpcEndpointServiceName(const Aws::String& value) { SetXksProxyVpcEndpointServiceName(value); return *this;} /** *

The Amazon VPC endpoint service must fulfill * all requirements for use with an external key store.

Uniqueness * requirements:

External key stores with * VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS * name.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyVpcEndpointServiceName(Aws::String&& value) { SetXksProxyVpcEndpointServiceName(std::move(value)); return *this;} /** *

The Amazon VPC endpoint service must fulfill * all requirements for use with an external key store.

Uniqueness * requirements:

External key stores with * VPC_ENDPOINT_SERVICE connectivity can share an Amazon VPC, but each * external key store must have its own VPC endpoint service and private DNS * name.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyVpcEndpointServiceName(const char* value) { SetXksProxyVpcEndpointServiceName(value); return *this;} /** *

Specifies an authentication credential for the external key store proxy (XKS * proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

The * XksProxyAuthenticationCredential has two required elements: * RawSecretAccessKey, a secret key, and AccessKeyId, a * unique identifier for the RawSecretAccessKey. For character * requirements, see XksProxyAuthenticationCredentialType.

KMS uses this authentication credential to sign requests to the external key * store proxy on your behalf. This credential is unrelated to Identity and Access * Management (IAM) and Amazon Web Services credentials.

This parameter * doesn't set or change the authentication credentials on the XKS proxy. It just * tells KMS the credential that you established on your external key store proxy. * If you rotate your proxy authentication credential, use the * UpdateCustomKeyStore operation to provide the new credential to KMS.

*/ inline const XksProxyAuthenticationCredentialType& GetXksProxyAuthenticationCredential() const{ return m_xksProxyAuthenticationCredential; } /** *

Specifies an authentication credential for the external key store proxy (XKS * proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline bool XksProxyAuthenticationCredentialHasBeenSet() const { return m_xksProxyAuthenticationCredentialHasBeenSet; } /** *

Specifies an authentication credential for the external key store proxy (XKS * proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline void SetXksProxyAuthenticationCredential(const XksProxyAuthenticationCredentialType& value) { m_xksProxyAuthenticationCredentialHasBeenSet = true; m_xksProxyAuthenticationCredential = value; } /** *

Specifies an authentication credential for the external key store proxy (XKS * proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline void SetXksProxyAuthenticationCredential(XksProxyAuthenticationCredentialType&& value) { m_xksProxyAuthenticationCredentialHasBeenSet = true; m_xksProxyAuthenticationCredential = std::move(value); } /** *

Specifies an authentication credential for the external key store proxy (XKS * proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyAuthenticationCredential(const XksProxyAuthenticationCredentialType& value) { SetXksProxyAuthenticationCredential(value); return *this;} /** *

Specifies an authentication credential for the external key store proxy (XKS * proxy). This parameter is required for all custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyAuthenticationCredential(XksProxyAuthenticationCredentialType&& value) { SetXksProxyAuthenticationCredential(std::move(value)); return *this;} /** *

Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

If * the external key store proxy uses a public endpoint, specify * PUBLIC_ENDPOINT. If the external key store proxy uses a Amazon VPC * endpoint service for communication with KMS, specify * VPC_ENDPOINT_SERVICE. For help making this choice, see Choosing * a connectivity option in the Key Management Service Developer * Guide.

An Amazon VPC endpoint service keeps your communication with * KMS in a private address space entirely within Amazon Web Services, but it * requires more configuration, including establishing a Amazon VPC with multiple * subnets, a VPC endpoint service, a network load balancer, and a verified private * DNS name. A public endpoint is simpler to set up, but it might be slower and * might not fulfill your security requirements. You might consider testing with a * public endpoint, and then establishing a VPC endpoint service for production * tasks. Note that this choice does not determine the location of the external key * store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted * within the VPC or outside of Amazon Web Services such as in your corporate data * center.

*/ inline const XksProxyConnectivityType& GetXksProxyConnectivity() const{ return m_xksProxyConnectivity; } /** *

Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline bool XksProxyConnectivityHasBeenSet() const { return m_xksProxyConnectivityHasBeenSet; } /** *

Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline void SetXksProxyConnectivity(const XksProxyConnectivityType& value) { m_xksProxyConnectivityHasBeenSet = true; m_xksProxyConnectivity = value; } /** *

Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline void SetXksProxyConnectivity(XksProxyConnectivityType&& value) { m_xksProxyConnectivityHasBeenSet = true; m_xksProxyConnectivity = std::move(value); } /** *

Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyConnectivity(const XksProxyConnectivityType& value) { SetXksProxyConnectivity(value); return *this;} /** *

Indicates how KMS communicates with the external key store proxy. This * parameter is required for custom key stores with a * CustomKeyStoreType of EXTERNAL_KEY_STORE.

*/ inline CreateCustomKeyStoreRequest& WithXksProxyConnectivity(XksProxyConnectivityType&& value) { SetXksProxyConnectivity(std::move(value)); return *this;} private: Aws::String m_customKeyStoreName; bool m_customKeyStoreNameHasBeenSet = false; Aws::String m_cloudHsmClusterId; bool m_cloudHsmClusterIdHasBeenSet = false; Aws::String m_trustAnchorCertificate; bool m_trustAnchorCertificateHasBeenSet = false; Aws::String m_keyStorePassword; bool m_keyStorePasswordHasBeenSet = false; CustomKeyStoreType m_customKeyStoreType; bool m_customKeyStoreTypeHasBeenSet = false; Aws::String m_xksProxyUriEndpoint; bool m_xksProxyUriEndpointHasBeenSet = false; Aws::String m_xksProxyUriPath; bool m_xksProxyUriPathHasBeenSet = false; Aws::String m_xksProxyVpcEndpointServiceName; bool m_xksProxyVpcEndpointServiceNameHasBeenSet = false; XksProxyAuthenticationCredentialType m_xksProxyAuthenticationCredential; bool m_xksProxyAuthenticationCredentialHasBeenSet = false; XksProxyConnectivityType m_xksProxyConnectivity; bool m_xksProxyConnectivityHasBeenSet = false; }; } // namespace Model } // namespace KMS } // namespace Aws