/*
* Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License").
* You may not use this file except in compliance with the License.
* A copy of the License is located at
*
* http://aws.amazon.com/apache2.0
*
* or in the "license" file accompanying this file. This file is distributed
* on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
* express or implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
/*
* Do not modify this file. This file is generated from the kms-2014-11-01.normal.json service model.
*/
using System;
using System.Collections.Generic;
using System.Xml.Serialization;
using System.Text;
using System.IO;
using System.Net;
using Amazon.Runtime;
using Amazon.Runtime.Internal;
namespace Amazon.KeyManagementService.Model
{
///
/// Container for the parameters to the UpdatePrimaryRegion operation.
/// Changes the primary key of a multi-Region key.
///
///
///
/// This operation changes the replica key in the specified Region to a primary key and
/// changes the former primary key to a replica key. For example, suppose you have a primary
/// key in us-east-1 and a replica key in eu-west-2. If you
/// run UpdatePrimaryRegion with a PrimaryRegion value of eu-west-2,
/// the primary key is now the key in eu-west-2, and the key in us-east-1
/// becomes a replica key. For details, see Updating
/// the primary Region in the Key Management Service Developer Guide.
///
///
///
/// This operation supports multi-Region keys, an KMS feature that lets you create
/// multiple interoperable KMS keys in different Amazon Web Services Regions. Because
/// these KMS keys have the same key ID, key material, and other metadata, you can use
/// them interchangeably to encrypt data in one Amazon Web Services Region and decrypt
/// it in a different Amazon Web Services Region without re-encrypting the data or making
/// a cross-Region call. For more information about multi-Region keys, see Multi-Region
/// keys in KMS in the Key Management Service Developer Guide.
///
///
///
/// The primary key of a multi-Region key is the source for properties that are
/// always shared by primary and replica keys, including the key material, key
/// ID, key
/// spec, key
/// usage, key
/// material origin, and automatic
/// key rotation. It's the only key that can be replicated. You cannot delete
/// the primary key until all replica keys are deleted.
///
///
///
/// The key ID and primary Region that you specify uniquely identify the replica key that
/// will become the primary key. The primary Region must already have a replica key. This
/// operation does not create a KMS key in the specified Region. To find the replica keys,
/// use the DescribeKey operation on the primary key or any replica key. To create
/// a replica key, use the ReplicateKey operation.
///
///
///
/// You can run this operation while using the affected multi-Region keys in cryptographic
/// operations. This operation should not delay, interrupt, or cause failures in cryptographic
/// operations.
///
///
///
/// Even after this operation completes, the process of updating the primary Region might
/// still be in progress for a few more seconds. Operations such as DescribeKey
/// might display both the old and new primary keys as replicas. The old and new primary
/// keys have a transient key state of Updating. The original key state is
/// restored when the update is complete. While the key state is Updating,
/// you can use the keys in cryptographic operations, but you cannot replicate the new
/// primary key or perform certain management operations, such as enabling or disabling
/// these keys. For details about the Updating key state, see Key
/// states of KMS keys in the Key Management Service Developer Guide.
///
///
///
/// This operation does not return any output. To verify that primary key is changed,
/// use the DescribeKey operation.
///
///
///
/// Cross-account use: No. You cannot use this operation in a different Amazon
/// Web Services account.
///
///
///
/// Required permissions:
///
/// -
///
///
kms:UpdatePrimaryRegion on the current primary key (in the primary key's
/// Region). Include this permission primary key's key policy.
///
/// -
///
///
kms:UpdatePrimaryRegion on the current replica key (in the replica key's
/// Region). Include this permission in the replica key's key policy.
///
///
///
/// Related operations
///
///
///
public partial class UpdatePrimaryRegionRequest : AmazonKeyManagementServiceRequest
{
private string _keyId;
private string _primaryRegion;
///
/// Gets and sets the property KeyId.
///
/// Identifies the current primary key. When the operation completes, this KMS key will
/// be a replica key.
///
///
///
/// Specify the key ID or key ARN of a multi-Region primary key.
///
///
///
/// For example:
///
/// -
///
/// Key ID:
mrk-1234abcd12ab34cd56ef1234567890ab
///
/// -
///
/// Key ARN:
arn:aws:kms:us-east-2:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab
///
///
///
///
/// To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
///
///
[AWSProperty(Required=true, Min=1, Max=2048)]
public string KeyId
{
get { return this._keyId; }
set { this._keyId = value; }
}
// Check to see if KeyId property is set
internal bool IsSetKeyId()
{
return this._keyId != null;
}
///
/// Gets and sets the property PrimaryRegion.
///
/// The Amazon Web Services Region of the new primary key. Enter the Region ID, such as
/// us-east-1 or ap-southeast-2. There must be an existing replica
/// key in this Region.
///
///
///
/// When the operation completes, the multi-Region key in this Region will be the primary
/// key.
///
///
[AWSProperty(Required=true, Min=1, Max=32)]
public string PrimaryRegion
{
get { return this._primaryRegion; }
set { this._primaryRegion = value; }
}
// Check to see if PrimaryRegion property is set
internal bool IsSetPrimaryRegion()
{
return this._primaryRegion != null;
}
}
}