/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the kms-2014-11-01.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.KeyManagementService.Model { ///

/// Container for the parameters to the UpdateCustomKeyStore operation. /// Changes the properties of a custom key store. You can use this operation to change /// the properties of an CloudHSM key store or an external key store. /// /// /// /// Use the required CustomKeyStoreId parameter to identify the custom key /// store. Use the remaining optional parameters to change its properties. This operation /// does not return any property values. To verify the updated property values, use the /// DescribeCustomKeyStores operation. /// /// /// /// This operation is part of the custom /// key stores feature in KMS, which combines the convenience and extensive integration /// of KMS with the isolation and control of a key store that you own and manage. /// /// /// /// When updating the properties of an external key store, verify that the updated settings /// connect your key store, via the external key store proxy, to the same external key /// manager as the previous settings, or to a backup or snapshot of the external key manager /// with the same cryptographic keys. If the updated connection settings fail, you can /// fix them and retry, although an extended delay might disrupt Amazon Web Services services. /// However, if KMS permanently loses its access to cryptographic keys, ciphertext encrypted /// under those keys is unrecoverable. /// /// /// /// For external key stores: /// /// /// /// Some external key managers provide a simpler method for updating an external key store. /// For details, see your external key manager documentation. /// /// /// /// When updating an external key store in the KMS console, you can upload a JSON-based /// proxy configuration file with the desired values. You cannot upload the proxy configuration /// file to the UpdateCustomKeyStore operation. However, you can use the /// file to help you determine the correct values for the UpdateCustomKeyStore /// parameters. /// /// /// /// For an CloudHSM key store, you can use this operation to change the custom key store /// friendly name (NewCustomKeyStoreName), to tell KMS about a change to /// the kmsuser crypto user password (KeyStorePassword), or /// to associate the custom key store with a different, but related, CloudHSM cluster /// (CloudHsmClusterId). To update any property of an CloudHSM key store, /// the ConnectionState of the CloudHSM key store must be DISCONNECTED. /// /// /// /// /// For an external key store, you can use this operation to change the custom key store /// friendly name (NewCustomKeyStoreName), or to tell KMS about a change /// to the external key store proxy authentication credentials (XksProxyAuthenticationCredential), /// connection method (XksProxyConnectivity), external proxy endpoint (XksProxyUriEndpoint) /// and path (XksProxyUriPath). For external key stores with an XksProxyConnectivity /// of VPC_ENDPOINT_SERVICE, you can also update the Amazon VPC endpoint /// service name (XksProxyVpcEndpointServiceName). To update most properties /// of an external key store, the ConnectionState of the external key store /// must be DISCONNECTED. However, you can update the CustomKeyStoreName, /// XksProxyAuthenticationCredential, and XksProxyUriPath of /// an external key store when it is in the CONNECTED or DISCONNECTED state. /// /// /// /// If your update requires a DISCONNECTED state, before using UpdateCustomKeyStore, /// use the DisconnectCustomKeyStore operation to disconnect the custom key store. /// After the UpdateCustomKeyStore operation completes, use the ConnectCustomKeyStore /// to reconnect the custom key store. To find the ConnectionState of the /// custom key store, use the DescribeCustomKeyStores operation. /// /// /// /// /// /// /// /// Before updating the custom key store, verify that the new values allow KMS to connect /// the custom key store to its backing key store. For example, before you change the /// XksProxyUriPath value, verify that the external key store proxy is reachable /// at the new path. /// /// /// /// If the operation succeeds, it returns a JSON object with no properties. /// /// /// /// Cross-account use: No. You cannot perform this operation on a custom key store /// in a different Amazon Web Services account. /// /// /// /// Required permissions: kms:UpdateCustomKeyStore /// (IAM policy) /// /// /// /// Related operations: /// ///

///

public partial class UpdateCustomKeyStoreRequest : AmazonKeyManagementServiceRequest { private string _cloudHsmClusterId; private string _customKeyStoreId; private string _keyStorePassword; private string _newCustomKeyStoreName; private XksProxyAuthenticationCredentialType _xksProxyAuthenticationCredential; private XksProxyConnectivityType _xksProxyConnectivity; private string _xksProxyUriEndpoint; private string _xksProxyUriPath; private string _xksProxyVpcEndpointServiceName; ///

/// Gets and sets the property CloudHsmClusterId. /// /// Associates the custom key store with a related CloudHSM cluster. This parameter is /// valid only for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. /// /// /// /// Enter the cluster ID of the cluster that you used to create the custom key store or /// a cluster that shares a backup history and has the same cluster certificate as the /// original cluster. You cannot use this parameter to associate a custom key store with /// an unrelated cluster. In addition, the replacement cluster must fulfill /// the requirements for a cluster associated with a custom key store. To view the /// cluster certificate of a cluster, use the DescribeClusters /// operation. /// /// /// /// To change this value, the CloudHSM key store must be disconnected. /// ///

[AWSProperty(Min=19, Max=24)] public string CloudHsmClusterId { get { return this._cloudHsmClusterId; } set { this._cloudHsmClusterId = value; } } // Check to see if CloudHsmClusterId property is set internal bool IsSetCloudHsmClusterId() { return this._cloudHsmClusterId != null; } ///

/// Gets and sets the property CustomKeyStoreId. /// /// Identifies the custom key store that you want to update. Enter the ID of the custom /// key store. To find the ID of a custom key store, use the DescribeCustomKeyStores /// operation. /// ///

[AWSProperty(Required=true, Min=1, Max=64)] public string CustomKeyStoreId { get { return this._customKeyStoreId; } set { this._customKeyStoreId = value; } } // Check to see if CustomKeyStoreId property is set internal bool IsSetCustomKeyStoreId() { return this._customKeyStoreId != null; } ///

/// Gets and sets the property KeyStorePassword. /// /// Enter the current password of the kmsuser crypto user (CU) in the CloudHSM /// cluster that is associated with the custom key store. This parameter is valid only /// for custom key stores with a CustomKeyStoreType of AWS_CLOUDHSM. /// /// /// /// This parameter tells KMS the current password of the kmsuser crypto user /// (CU). It does not set or change the password of any users in the CloudHSM cluster. /// /// /// /// To change this value, the CloudHSM key store must be disconnected. /// ///

[AWSProperty(Sensitive=true, Min=7, Max=32)] public string KeyStorePassword { get { return this._keyStorePassword; } set { this._keyStorePassword = value; } } // Check to see if KeyStorePassword property is set internal bool IsSetKeyStorePassword() { return this._keyStorePassword != null; } ///

/// Gets and sets the property NewCustomKeyStoreName. /// /// Changes the friendly name of the custom key store to the value that you specify. The /// custom key store name must be unique in the Amazon Web Services account. /// /// /// /// Do not include confidential or sensitive information in this field. This field may /// be displayed in plaintext in CloudTrail logs and other output. /// /// /// /// To change this value, an CloudHSM key store must be disconnected. An external key /// store can be connected or disconnected. /// ///

[AWSProperty(Min=1, Max=256)] public string NewCustomKeyStoreName { get { return this._newCustomKeyStoreName; } set { this._newCustomKeyStoreName = value; } } // Check to see if NewCustomKeyStoreName property is set internal bool IsSetNewCustomKeyStoreName() { return this._newCustomKeyStoreName != null; } ///

/// Gets and sets the property XksProxyAuthenticationCredential. /// /// Changes the credentials that KMS uses to sign requests to the external key store proxy /// (XKS proxy). This parameter is valid only for custom key stores with a CustomKeyStoreType /// of EXTERNAL_KEY_STORE. /// /// /// /// You must specify both the AccessKeyId and SecretAccessKey /// value in the authentication credential, even if you are only updating one value. /// /// /// /// This parameter doesn't establish or change your authentication credentials on the /// proxy. It just tells KMS the credential that you established with your external key /// store proxy. For example, if you rotate the credential on your external key store /// proxy, you can use this parameter to update the credential in KMS. /// /// /// /// You can change this value when the external key store is connected or disconnected. /// ///

public XksProxyAuthenticationCredentialType XksProxyAuthenticationCredential { get { return this._xksProxyAuthenticationCredential; } set { this._xksProxyAuthenticationCredential = value; } } // Check to see if XksProxyAuthenticationCredential property is set internal bool IsSetXksProxyAuthenticationCredential() { return this._xksProxyAuthenticationCredential != null; } ///

/// Gets and sets the property XksProxyConnectivity. /// /// Changes the connectivity setting for the external key store. To indicate that the /// external key store proxy uses a Amazon VPC endpoint service to communicate with KMS, /// specify VPC_ENDPOINT_SERVICE. Otherwise, specify PUBLIC_ENDPOINT. /// /// /// /// If you change the XksProxyConnectivity to VPC_ENDPOINT_SERVICE, /// you must also change the XksProxyUriEndpoint and add an XksProxyVpcEndpointServiceName /// value. /// /// /// /// If you change the XksProxyConnectivity to PUBLIC_ENDPOINT, /// you must also change the XksProxyUriEndpoint and specify a null or empty /// string for the XksProxyVpcEndpointServiceName value. /// /// /// /// To change this value, the external key store must be disconnected. /// ///

public XksProxyConnectivityType XksProxyConnectivity { get { return this._xksProxyConnectivity; } set { this._xksProxyConnectivity = value; } } // Check to see if XksProxyConnectivity property is set internal bool IsSetXksProxyConnectivity() { return this._xksProxyConnectivity != null; } ///

/// Gets and sets the property XksProxyUriEndpoint. /// /// Changes the URI endpoint that KMS uses to connect to your external key store proxy /// (XKS proxy). This parameter is valid only for custom key stores with a CustomKeyStoreType /// of EXTERNAL_KEY_STORE. /// /// /// /// For external key stores with an XksProxyConnectivity value of PUBLIC_ENDPOINT, /// the protocol must be HTTPS. /// /// /// /// For external key stores with an XksProxyConnectivity value of VPC_ENDPOINT_SERVICE, /// specify https:// followed by the private DNS name associated with the /// VPC endpoint service. Each external key store must use a different private DNS name. /// /// /// /// The combined XksProxyUriEndpoint and XksProxyUriPath values /// must be unique in the Amazon Web Services account and Region. /// /// /// /// To change this value, the external key store must be disconnected. /// ///

[AWSProperty(Min=10, Max=128)] public string XksProxyUriEndpoint { get { return this._xksProxyUriEndpoint; } set { this._xksProxyUriEndpoint = value; } } // Check to see if XksProxyUriEndpoint property is set internal bool IsSetXksProxyUriEndpoint() { return this._xksProxyUriEndpoint != null; } ///

/// Gets and sets the property XksProxyUriPath. /// /// Changes the base path to the proxy APIs for this external key store. To find this /// value, see the documentation for your external key manager and external key store /// proxy (XKS proxy). This parameter is valid only for custom key stores with a CustomKeyStoreType /// of EXTERNAL_KEY_STORE. /// /// /// /// The value must start with / and must end with /kms/xks/v1, /// where v1 represents the version of the KMS external key store proxy API. /// You can include an optional prefix between the required elements such as /example/kms/xks/v1. /// /// /// /// The combined XksProxyUriEndpoint and XksProxyUriPath values /// must be unique in the Amazon Web Services account and Region. /// /// /// /// You can change this value when the external key store is connected or disconnected. /// ///

[AWSProperty(Min=10, Max=128)] public string XksProxyUriPath { get { return this._xksProxyUriPath; } set { this._xksProxyUriPath = value; } } // Check to see if XksProxyUriPath property is set internal bool IsSetXksProxyUriPath() { return this._xksProxyUriPath != null; } ///

/// Gets and sets the property XksProxyVpcEndpointServiceName. /// /// Changes the name that KMS uses to identify the Amazon VPC endpoint service for your /// external key store proxy (XKS proxy). This parameter is valid when the CustomKeyStoreType /// is EXTERNAL_KEY_STORE and the XksProxyConnectivity is VPC_ENDPOINT_SERVICE. /// /// /// /// To change this value, the external key store must be disconnected. /// ///

[AWSProperty(Min=20, Max=64)] public string XksProxyVpcEndpointServiceName { get { return this._xksProxyVpcEndpointServiceName; } set { this._xksProxyVpcEndpointServiceName = value; } } // Check to see if XksProxyVpcEndpointServiceName property is set internal bool IsSetXksProxyVpcEndpointServiceName() { return this._xksProxyVpcEndpointServiceName != null; } } }