/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the kms-2014-11-01.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.KeyManagementService.Model { /// /// Container for the parameters to the CreateCustomKeyStore operation. /// Creates a custom /// key store backed by a key store that you own and manage. When you use a KMS key /// in a custom key store for a cryptographic operation, the cryptographic operation is /// actually performed in your key store using your keys. KMS supports CloudHSM /// key stores backed by an CloudHSM /// cluster and external /// key stores backed by an external key store proxy and external key manager outside /// of Amazon Web Services. /// /// /// /// This operation is part of the custom /// key stores feature in KMS, which combines the convenience and extensive integration /// of KMS with the isolation and control of a key store that you own and manage. /// /// /// /// Before you create the custom key store, the required elements must be in place and /// operational. We recommend that you use the test tools that KMS provides to verify /// the configuration your external key store proxy. For details about the required elements /// and verification tests, see Assemble /// the prerequisites (for CloudHSM key stores) or Assemble /// the prerequisites (for external key stores) in the Key Management Service Developer /// Guide. /// /// /// /// To create a custom key store, use the following parameters. /// /// /// /// For external key stores: /// /// /// /// Some external key managers provide a simpler method for creating an external key store. /// For details, see your external key manager documentation. /// /// /// /// When creating an external key store in the KMS console, you can upload a JSON-based /// proxy configuration file with the desired values. You cannot use a proxy configuration /// with the CreateCustomKeyStore operation. However, you can use the values /// in the file to help you determine the correct values for the CreateCustomKeyStore /// parameters. /// /// /// /// When the operation completes successfully, it returns the ID of the new custom key /// store. Before you can use your new custom key store, you need to use the ConnectCustomKeyStore /// operation to connect a new CloudHSM key store to its CloudHSM cluster, or to connect /// a new external key store to the external key store proxy for your external key manager. /// Even if you are not going to use your custom key store immediately, you might want /// to connect it to verify that all settings are correct and then disconnect it until /// you are ready to use it. /// /// /// /// For help with failures, see Troubleshooting /// a custom key store in the Key Management Service Developer Guide. /// /// /// /// Cross-account use: No. You cannot perform this operation on a custom key store /// in a different Amazon Web Services account. /// /// /// /// Required permissions: kms:CreateCustomKeyStore /// (IAM policy). /// /// /// /// Related operations: /// /// /// public partial class CreateCustomKeyStoreRequest : AmazonKeyManagementServiceRequest { private string _cloudHsmClusterId; private string _customKeyStoreName; private CustomKeyStoreType _customKeyStoreType; private string _keyStorePassword; private string _trustAnchorCertificate; private XksProxyAuthenticationCredentialType _xksProxyAuthenticationCredential; private XksProxyConnectivityType _xksProxyConnectivity; private string _xksProxyUriEndpoint; private string _xksProxyUriPath; private string _xksProxyVpcEndpointServiceName; /// /// Gets and sets the property CloudHsmClusterId. /// /// Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required /// for custom key stores with CustomKeyStoreType of AWS_CLOUDHSM. /// /// /// /// Enter the cluster ID of any active CloudHSM cluster that is not already associated /// with a custom key store. To find the cluster ID, use the DescribeClusters /// operation. /// /// [AWSProperty(Min=19, Max=24)] public string CloudHsmClusterId { get { return this._cloudHsmClusterId; } set { this._cloudHsmClusterId = value; } } // Check to see if CloudHsmClusterId property is set internal bool IsSetCloudHsmClusterId() { return this._cloudHsmClusterId != null; } /// /// Gets and sets the property CustomKeyStoreName. /// /// Specifies a friendly name for the custom key store. The name must be unique in your /// Amazon Web Services account and Region. This parameter is required for all custom /// key stores. /// /// /// /// Do not include confidential or sensitive information in this field. This field may /// be displayed in plaintext in CloudTrail logs and other output. /// /// /// [AWSProperty(Required=true, Min=1, Max=256)] public string CustomKeyStoreName { get { return this._customKeyStoreName; } set { this._customKeyStoreName = value; } } // Check to see if CustomKeyStoreName property is set internal bool IsSetCustomKeyStoreName() { return this._customKeyStoreName != null; } /// /// Gets and sets the property CustomKeyStoreType. /// /// Specifies the type of custom key store. The default value is AWS_CLOUDHSM. /// /// /// /// For a custom key store backed by an CloudHSM cluster, omit the parameter or enter /// AWS_CLOUDHSM. For a custom key store backed by an external key manager /// outside of Amazon Web Services, enter EXTERNAL_KEY_STORE. You cannot /// change this property after the key store is created. /// /// public CustomKeyStoreType CustomKeyStoreType { get { return this._customKeyStoreType; } set { this._customKeyStoreType = value; } } // Check to see if CustomKeyStoreType property is set internal bool IsSetCustomKeyStoreType() { return this._customKeyStoreType != null; } /// /// Gets and sets the property KeyStorePassword. /// /// Specifies the kmsuser password for an CloudHSM key store. This parameter /// is required for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. /// /// /// /// Enter the password of the /// kmsuser crypto user (CU) account in the specified CloudHSM cluster. /// KMS logs into the cluster as this user to manage key material on your behalf. /// /// /// /// The password must be a string of 7 to 32 characters. Its value is case sensitive. /// /// /// /// This parameter tells KMS the kmsuser account password; it does not change /// the password in the CloudHSM cluster. /// /// [AWSProperty(Sensitive=true, Min=7, Max=32)] public string KeyStorePassword { get { return this._keyStorePassword; } set { this._keyStorePassword = value; } } // Check to see if KeyStorePassword property is set internal bool IsSetKeyStorePassword() { return this._keyStorePassword != null; } /// /// Gets and sets the property TrustAnchorCertificate. /// /// Specifies the certificate for an CloudHSM key store. This parameter is required for /// custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. /// /// /// /// Enter the content of the trust anchor certificate for the CloudHSM cluster. This is /// the content of the customerCA.crt file that you created when you initialized /// the cluster. /// /// [AWSProperty(Min=1, Max=5000)] public string TrustAnchorCertificate { get { return this._trustAnchorCertificate; } set { this._trustAnchorCertificate = value; } } // Check to see if TrustAnchorCertificate property is set internal bool IsSetTrustAnchorCertificate() { return this._trustAnchorCertificate != null; } /// /// Gets and sets the property XksProxyAuthenticationCredential. /// /// Specifies an authentication credential for the external key store proxy (XKS proxy). /// This parameter is required for all custom key stores with a CustomKeyStoreType /// of EXTERNAL_KEY_STORE. /// /// /// /// The XksProxyAuthenticationCredential has two required elements: RawSecretAccessKey, /// a secret key, and AccessKeyId, a unique identifier for the RawSecretAccessKey. /// For character requirements, see XksProxyAuthenticationCredentialType. /// /// /// /// KMS uses this authentication credential to sign requests to the external key store /// proxy on your behalf. This credential is unrelated to Identity and Access Management /// (IAM) and Amazon Web Services credentials. /// /// /// /// This parameter doesn't set or change the authentication credentials on the XKS proxy. /// It just tells KMS the credential that you established on your external key store proxy. /// If you rotate your proxy authentication credential, use the UpdateCustomKeyStore /// operation to provide the new credential to KMS. /// /// public XksProxyAuthenticationCredentialType XksProxyAuthenticationCredential { get { return this._xksProxyAuthenticationCredential; } set { this._xksProxyAuthenticationCredential = value; } } // Check to see if XksProxyAuthenticationCredential property is set internal bool IsSetXksProxyAuthenticationCredential() { return this._xksProxyAuthenticationCredential != null; } /// /// Gets and sets the property XksProxyConnectivity. /// /// Indicates how KMS communicates with the external key store proxy. This parameter is /// required for custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. /// /// /// /// If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT. /// If the external key store proxy uses a Amazon VPC endpoint service for communication /// with KMS, specify VPC_ENDPOINT_SERVICE. For help making this choice, /// see Choosing /// a connectivity option in the Key Management Service Developer Guide. /// /// /// /// An Amazon VPC endpoint service keeps your communication with KMS in a private address /// space entirely within Amazon Web Services, but it requires more configuration, including /// establishing a Amazon VPC with multiple subnets, a VPC endpoint service, a network /// load balancer, and a verified private DNS name. A public endpoint is simpler to set /// up, but it might be slower and might not fulfill your security requirements. You might /// consider testing with a public endpoint, and then establishing a VPC endpoint service /// for production tasks. Note that this choice does not determine the location of the /// external key store proxy. Even if you choose a VPC endpoint service, the proxy can /// be hosted within the VPC or outside of Amazon Web Services such as in your corporate /// data center. /// /// public XksProxyConnectivityType XksProxyConnectivity { get { return this._xksProxyConnectivity; } set { this._xksProxyConnectivity = value; } } // Check to see if XksProxyConnectivity property is set internal bool IsSetXksProxyConnectivity() { return this._xksProxyConnectivity != null; } /// /// Gets and sets the property XksProxyUriEndpoint. /// /// Specifies the endpoint that KMS uses to send requests to the external key store proxy /// (XKS proxy). This parameter is required for custom key stores with a CustomKeyStoreType /// of EXTERNAL_KEY_STORE. /// /// /// /// The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port /// in the XksProxyUriEndpoint value. /// /// /// /// For external key stores with XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, /// specify https:// followed by the private DNS name of the VPC endpoint /// service. /// /// /// /// For external key stores with PUBLIC_ENDPOINT connectivity, this endpoint /// must be reachable before you create the custom key store. KMS connects to the external /// key store proxy while creating the custom key store. For external key stores with /// VPC_ENDPOINT_SERVICE connectivity, KMS connects when you call the ConnectCustomKeyStore /// operation. /// /// /// /// The value of this parameter must begin with https://. The remainder can /// contain upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.), /// and hyphens (-). Additional slashes (/ and \) /// are not permitted. /// /// /// /// Uniqueness requirements: /// /// /// [AWSProperty(Min=10, Max=128)] public string XksProxyUriEndpoint { get { return this._xksProxyUriEndpoint; } set { this._xksProxyUriEndpoint = value; } } // Check to see if XksProxyUriEndpoint property is set internal bool IsSetXksProxyUriEndpoint() { return this._xksProxyUriEndpoint != null; } /// /// Gets and sets the property XksProxyUriPath. /// /// Specifies the base path to the proxy APIs for this external key store. To find this /// value, see the documentation for your external key store proxy. This parameter is /// required for all custom key stores with a CustomKeyStoreType of EXTERNAL_KEY_STORE. /// /// /// /// The value must start with / and must end with /kms/xks/v1 /// where v1 represents the version of the KMS external key store proxy API. /// This path can include an optional prefix between the required elements such as /prefix/kms/xks/v1. /// /// /// /// Uniqueness requirements: /// /// /// [AWSProperty(Min=10, Max=128)] public string XksProxyUriPath { get { return this._xksProxyUriPath; } set { this._xksProxyUriPath = value; } } // Check to see if XksProxyUriPath property is set internal bool IsSetXksProxyUriPath() { return this._xksProxyUriPath != null; } /// /// Gets and sets the property XksProxyVpcEndpointServiceName. /// /// Specifies the name of the Amazon VPC endpoint service for interface endpoints that /// is used to communicate with your external key store proxy (XKS proxy). This parameter /// is required when the value of CustomKeyStoreType is EXTERNAL_KEY_STORE /// and the value of XksProxyConnectivity is VPC_ENDPOINT_SERVICE. /// /// /// /// The Amazon VPC endpoint service must fulfill /// all requirements for use with an external key store. /// /// /// /// Uniqueness requirements: /// /// /// [AWSProperty(Min=20, Max=64)] public string XksProxyVpcEndpointServiceName { get { return this._xksProxyVpcEndpointServiceName; } set { this._xksProxyVpcEndpointServiceName = value; } } // Check to see if XksProxyVpcEndpointServiceName property is set internal bool IsSetXksProxyVpcEndpointServiceName() { return this._xksProxyVpcEndpointServiceName != null; } } }