/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include namespace Aws { namespace KMS { namespace Model { /** */ class ReplicateKeyRequest : public KMSRequest { public: AWS_KMS_API ReplicateKeyRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "ReplicateKey"; } AWS_KMS_API Aws::String SerializePayload() const override; AWS_KMS_API Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

Identifies the multi-Region primary key that is being replicated. To * determine whether a KMS key is a multi-Region primary key, use the * DescribeKey operation to check the value of the * MultiRegionKeyType property.

Specify the key ID or key ARN * of a multi-Region primary key.

For example:

Key ID: * mrk-1234abcd12ab34cd56ef1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey.

*/ inline const Aws::String& GetKeyId() const{ return m_keyId; } /** *

Specify the key ID or key ARN * of a multi-Region primary key.

For example:

Key ID: * mrk-1234abcd12ab34cd56ef1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey.

*/ inline bool KeyIdHasBeenSet() const { return m_keyIdHasBeenSet; } /** *

Specify the key ID or key ARN * of a multi-Region primary key.

For example:

Key ID: * mrk-1234abcd12ab34cd56ef1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey.

*/ inline void SetKeyId(const Aws::String& value) { m_keyIdHasBeenSet = true; m_keyId = value; } /** *

Specify the key ID or key ARN * of a multi-Region primary key.

For example:

Key ID: * mrk-1234abcd12ab34cd56ef1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey.

*/ inline void SetKeyId(Aws::String&& value) { m_keyIdHasBeenSet = true; m_keyId = std::move(value); } /** *

Specify the key ID or key ARN * of a multi-Region primary key.

For example:

Key ID: * mrk-1234abcd12ab34cd56ef1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey.

*/ inline void SetKeyId(const char* value) { m_keyIdHasBeenSet = true; m_keyId.assign(value); } /** *

Specify the key ID or key ARN * of a multi-Region primary key.

For example:

Key ID: * mrk-1234abcd12ab34cd56ef1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey.

*/ inline ReplicateKeyRequest& WithKeyId(const Aws::String& value) { SetKeyId(value); return *this;} /** *

Specify the key ID or key ARN * of a multi-Region primary key.

For example:

Key ID: * mrk-1234abcd12ab34cd56ef1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey.

*/ inline ReplicateKeyRequest& WithKeyId(Aws::String&& value) { SetKeyId(std::move(value)); return *this;} /** *

Specify the key ID or key ARN * of a multi-Region primary key.

For example:

Key ID: * mrk-1234abcd12ab34cd56ef1234567890ab
Key ARN: * arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab *

To get the key ID and key ARN for a KMS key, use * ListKeys or DescribeKey.

*/ inline ReplicateKeyRequest& WithKeyId(const char* value) { SetKeyId(value); return *this;} /** *

The Region ID of the Amazon Web Services Region for this replica key.

Enter the Region ID, such as us-east-1 or * ap-southeast-2. For a list of Amazon Web Services Regions in which * KMS is supported, see KMS * service endpoints in the Amazon Web Services General Reference.

HMAC KMS keys are not supported in all Amazon Web Services Regions. If * you try to replicate an HMAC KMS key in an Amazon Web Services Region in which * HMAC keys are not supported, the ReplicateKey operation returns an * UnsupportedOperationException. For a list of Regions in which HMAC * KMS keys are supported, see HMAC keys * in KMS in the Key Management Service Developer Guide.

The replica must be in a different Amazon Web Services Region than its * primary key and other replicas of that primary key, but in the same Amazon Web * Services partition. KMS must be available in the replica Region. If the Region * is not enabled by default, the Amazon Web Services account must be enabled in * the Region. For information about Amazon Web Services partitions, see Amazon * Resource Names (ARNs) in the Amazon Web Services General Reference. * For information about enabling and disabling Regions, see Enabling * a Region and Disabling * a Region in the Amazon Web Services General Reference.

*/ inline const Aws::String& GetReplicaRegion() const{ return m_replicaRegion; } /** *

The Region ID of the Amazon Web Services Region for this replica key.

*/ inline bool ReplicaRegionHasBeenSet() const { return m_replicaRegionHasBeenSet; } /** *

The Region ID of the Amazon Web Services Region for this replica key.

*/ inline void SetReplicaRegion(const Aws::String& value) { m_replicaRegionHasBeenSet = true; m_replicaRegion = value; } /** *

The Region ID of the Amazon Web Services Region for this replica key.

*/ inline void SetReplicaRegion(Aws::String&& value) { m_replicaRegionHasBeenSet = true; m_replicaRegion = std::move(value); } /** *

The Region ID of the Amazon Web Services Region for this replica key.

*/ inline void SetReplicaRegion(const char* value) { m_replicaRegionHasBeenSet = true; m_replicaRegion.assign(value); } /** *

The Region ID of the Amazon Web Services Region for this replica key.

*/ inline ReplicateKeyRequest& WithReplicaRegion(const Aws::String& value) { SetReplicaRegion(value); return *this;} /** *

The Region ID of the Amazon Web Services Region for this replica key.

*/ inline ReplicateKeyRequest& WithReplicaRegion(Aws::String&& value) { SetReplicaRegion(std::move(value)); return *this;} /** *

The Region ID of the Amazon Web Services Region for this replica key.

*/ inline ReplicateKeyRequest& WithReplicaRegion(const char* value) { SetReplicaRegion(value); return *this;} /** *

The key policy to attach to the KMS key. This parameter is optional. If you * do not provide a key policy, KMS attaches the default * key policy to the KMS key.

The key policy is not a shared property of * multi-Region keys. You can specify the same key policy or a different key policy * for each key in a set of related multi-Region keys. KMS does not synchronize * this property.

If you provide a key policy, it must meet the following * criteria:

The key policy must allow the calling principal to * make a subsequent PutKeyPolicy request on the KMS key. This reduces * the risk that the KMS key becomes unmanageable. For more information, see Default * key policy in the Key Management Service Developer Guide. (To omit * this condition, set BypassPolicyLockoutSafetyCheck to true.)
*
Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be visible to KMS. * When you create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, see Changes * that I make are not always immediately visible in the Amazon Web Services * Identity and Access Management User Guide.

A key policy * document can include only the following characters:

Printable * ASCII characters from the space character (\u0020) through the end * of the ASCII character range.
Printable characters in the * Basic Latin and Latin-1 Supplement character set (through * \u00FF).
The tab (\u0009), line feed * (\u000A), and carriage return (\u000D) special * characters

For information about key policies, see Key * policies in KMS in the Key Management Service Developer Guide. For * help writing and formatting a JSON policy document, see the IAM * JSON Policy Reference in the Identity and Access Management User * Guide .

*/ inline const Aws::String& GetPolicy() const{ return m_policy; } /** *

The key policy to attach to the KMS key. This parameter is optional. If you * do not provide a key policy, KMS attaches the default * key policy to the KMS key.

If you provide a key policy, it must meet the following * criteria:

The key policy must allow the calling principal to * make a subsequent PutKeyPolicy request on the KMS key. This reduces * the risk that the KMS key becomes unmanageable. For more information, see Default * key policy in the Key Management Service Developer Guide. (To omit * this condition, set BypassPolicyLockoutSafetyCheck to true.)
*
Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be visible to KMS. * When you create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, see Changes * that I make are not always immediately visible in the Amazon Web Services * Identity and Access Management User Guide.

A key policy * document can include only the following characters:

Printable * ASCII characters from the space character (\u0020) through the end * of the ASCII character range.
Printable characters in the * Basic Latin and Latin-1 Supplement character set (through * \u00FF).
The tab (\u0009), line feed * (\u000A), and carriage return (\u000D) special * characters

*/ inline bool PolicyHasBeenSet() const { return m_policyHasBeenSet; } /** *

The key policy to attach to the KMS key. This parameter is optional. If you * do not provide a key policy, KMS attaches the default * key policy to the KMS key.

If you provide a key policy, it must meet the following * criteria:

The key policy must allow the calling principal to * make a subsequent PutKeyPolicy request on the KMS key. This reduces * the risk that the KMS key becomes unmanageable. For more information, see Default * key policy in the Key Management Service Developer Guide. (To omit * this condition, set BypassPolicyLockoutSafetyCheck to true.)
*
Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be visible to KMS. * When you create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, see Changes * that I make are not always immediately visible in the Amazon Web Services * Identity and Access Management User Guide.

A key policy * document can include only the following characters:

Printable * ASCII characters from the space character (\u0020) through the end * of the ASCII character range.
Printable characters in the * Basic Latin and Latin-1 Supplement character set (through * \u00FF).
The tab (\u0009), line feed * (\u000A), and carriage return (\u000D) special * characters

*/ inline void SetPolicy(const Aws::String& value) { m_policyHasBeenSet = true; m_policy = value; } /** *

The key policy to attach to the KMS key. This parameter is optional. If you * do not provide a key policy, KMS attaches the default * key policy to the KMS key.

If you provide a key policy, it must meet the following * criteria:

The key policy must allow the calling principal to * make a subsequent PutKeyPolicy request on the KMS key. This reduces * the risk that the KMS key becomes unmanageable. For more information, see Default * key policy in the Key Management Service Developer Guide. (To omit * this condition, set BypassPolicyLockoutSafetyCheck to true.)
*
Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be visible to KMS. * When you create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, see Changes * that I make are not always immediately visible in the Amazon Web Services * Identity and Access Management User Guide.

A key policy * document can include only the following characters:

Printable * ASCII characters from the space character (\u0020) through the end * of the ASCII character range.
Printable characters in the * Basic Latin and Latin-1 Supplement character set (through * \u00FF).
The tab (\u0009), line feed * (\u000A), and carriage return (\u000D) special * characters

*/ inline void SetPolicy(Aws::String&& value) { m_policyHasBeenSet = true; m_policy = std::move(value); } /** *

The key policy to attach to the KMS key. This parameter is optional. If you * do not provide a key policy, KMS attaches the default * key policy to the KMS key.

If you provide a key policy, it must meet the following * criteria:

The key policy must allow the calling principal to * make a subsequent PutKeyPolicy request on the KMS key. This reduces * the risk that the KMS key becomes unmanageable. For more information, see Default * key policy in the Key Management Service Developer Guide. (To omit * this condition, set BypassPolicyLockoutSafetyCheck to true.)
*
Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be visible to KMS. * When you create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, see Changes * that I make are not always immediately visible in the Amazon Web Services * Identity and Access Management User Guide.

A key policy * document can include only the following characters:

Printable * ASCII characters from the space character (\u0020) through the end * of the ASCII character range.
Printable characters in the * Basic Latin and Latin-1 Supplement character set (through * \u00FF).
The tab (\u0009), line feed * (\u000A), and carriage return (\u000D) special * characters

*/ inline void SetPolicy(const char* value) { m_policyHasBeenSet = true; m_policy.assign(value); } /** *

The key policy to attach to the KMS key. This parameter is optional. If you * do not provide a key policy, KMS attaches the default * key policy to the KMS key.

If you provide a key policy, it must meet the following * criteria:

The key policy must allow the calling principal to * make a subsequent PutKeyPolicy request on the KMS key. This reduces * the risk that the KMS key becomes unmanageable. For more information, see Default * key policy in the Key Management Service Developer Guide. (To omit * this condition, set BypassPolicyLockoutSafetyCheck to true.)
*
Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be visible to KMS. * When you create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, see Changes * that I make are not always immediately visible in the Amazon Web Services * Identity and Access Management User Guide.

A key policy * document can include only the following characters:

Printable * ASCII characters from the space character (\u0020) through the end * of the ASCII character range.
Printable characters in the * Basic Latin and Latin-1 Supplement character set (through * \u00FF).
The tab (\u0009), line feed * (\u000A), and carriage return (\u000D) special * characters

*/ inline ReplicateKeyRequest& WithPolicy(const Aws::String& value) { SetPolicy(value); return *this;} /** *

The key policy to attach to the KMS key. This parameter is optional. If you * do not provide a key policy, KMS attaches the default * key policy to the KMS key.

If you provide a key policy, it must meet the following * criteria:

The key policy must allow the calling principal to * make a subsequent PutKeyPolicy request on the KMS key. This reduces * the risk that the KMS key becomes unmanageable. For more information, see Default * key policy in the Key Management Service Developer Guide. (To omit * this condition, set BypassPolicyLockoutSafetyCheck to true.)
*
Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be visible to KMS. * When you create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, see Changes * that I make are not always immediately visible in the Amazon Web Services * Identity and Access Management User Guide.

A key policy * document can include only the following characters:

Printable * ASCII characters from the space character (\u0020) through the end * of the ASCII character range.
Printable characters in the * Basic Latin and Latin-1 Supplement character set (through * \u00FF).
The tab (\u0009), line feed * (\u000A), and carriage return (\u000D) special * characters

*/ inline ReplicateKeyRequest& WithPolicy(Aws::String&& value) { SetPolicy(std::move(value)); return *this;} /** *

The key policy to attach to the KMS key. This parameter is optional. If you * do not provide a key policy, KMS attaches the default * key policy to the KMS key.

If you provide a key policy, it must meet the following * criteria:

The key policy must allow the calling principal to * make a subsequent PutKeyPolicy request on the KMS key. This reduces * the risk that the KMS key becomes unmanageable. For more information, see Default * key policy in the Key Management Service Developer Guide. (To omit * this condition, set BypassPolicyLockoutSafetyCheck to true.)
*
Each statement in the key policy must contain one or more * principals. The principals in the key policy must exist and be visible to KMS. * When you create a new Amazon Web Services principal, you might need to enforce a * delay before including the new principal in a key policy because the new * principal might not be immediately visible to KMS. For more information, see Changes * that I make are not always immediately visible in the Amazon Web Services * Identity and Access Management User Guide.

A key policy * document can include only the following characters:

Printable * ASCII characters from the space character (\u0020) through the end * of the ASCII character range.
Printable characters in the * Basic Latin and Latin-1 Supplement character set (through * \u00FF).
The tab (\u0009), line feed * (\u000A), and carriage return (\u000D) special * characters

*/ inline ReplicateKeyRequest& WithPolicy(const char* value) { SetPolicy(value); return *this;} /** *

Skips ("bypasses") the key policy lockout safety check. The default value is * false.

Setting this value to true increases the risk that the * KMS key becomes unmanageable. Do not set this value to true * indiscriminately.

For more information, see Default * key policy in the Key Management Service Developer Guide.

Use this parameter only when you intend to prevent the principal * that is making the request from making a subsequent PutKeyPolicy request * on the KMS key.

*/ inline bool GetBypassPolicyLockoutSafetyCheck() const{ return m_bypassPolicyLockoutSafetyCheck; } /** *

Skips ("bypasses") the key policy lockout safety check. The default value is * false.

Setting this value to true increases the risk that the * KMS key becomes unmanageable. Do not set this value to true * indiscriminately.

For more information, see Default * key policy in the Key Management Service Developer Guide.

Use this parameter only when you intend to prevent the principal * that is making the request from making a subsequent PutKeyPolicy request * on the KMS key.

*/ inline bool BypassPolicyLockoutSafetyCheckHasBeenSet() const { return m_bypassPolicyLockoutSafetyCheckHasBeenSet; } /** *

Skips ("bypasses") the key policy lockout safety check. The default value is * false.

Setting this value to true increases the risk that the * KMS key becomes unmanageable. Do not set this value to true * indiscriminately.

For more information, see Default * key policy in the Key Management Service Developer Guide.

Use this parameter only when you intend to prevent the principal * that is making the request from making a subsequent PutKeyPolicy request * on the KMS key.

*/ inline void SetBypassPolicyLockoutSafetyCheck(bool value) { m_bypassPolicyLockoutSafetyCheckHasBeenSet = true; m_bypassPolicyLockoutSafetyCheck = value; } /** *

Skips ("bypasses") the key policy lockout safety check. The default value is * false.

Setting this value to true increases the risk that the * KMS key becomes unmanageable. Do not set this value to true * indiscriminately.

For more information, see Default * key policy in the Key Management Service Developer Guide.

Use this parameter only when you intend to prevent the principal * that is making the request from making a subsequent PutKeyPolicy request * on the KMS key.

*/ inline ReplicateKeyRequest& WithBypassPolicyLockoutSafetyCheck(bool value) { SetBypassPolicyLockoutSafetyCheck(value); return *this;} /** *

A description of the KMS key. The default value is an empty string (no * description).