update generated code

Author: async-aws-bot

manifest.json

@@ -1,6 +1,6 @@
 {
     "variables": {
-        "${LATEST}": "3.344.0"
+        "${LATEST}": "3.344.1"
     },
     "endpoints": "https://raw.githubusercontent.com/aws/aws-sdk-php/${LATEST}/src/data/endpoints.json",
     "services": {

src/Service/Kms/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 ## NOT RELEASED
 
+### Added
+
+- AWS api-change: AWS KMS announces the support for on-demand rotation of symmetric-encryption KMS keys with imported key material (EXTERNAL origin).
+
 ## 1.9.0
 
 ### Added

src/Service/Kms/composer.json

@@ -28,7 +28,7 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "1.9-dev"
+            "dev-master": "1.10-dev"
         }
     }
 }

src/Service/Kms/src/Exception/LimitExceededException.php

@@ -5,8 +5,8 @@
 use AsyncAws\Core\Exception\Http\ClientException;
 
 /**
- * The request was rejected because a quota was exceeded. For more information, see Quotas [^1] in the *Key Management
- * Service Developer Guide*.
+ * The request was rejected because a length constraint or quota was exceeded. For more information, see Quotas [^1] in
+ * the *Key Management Service Developer Guide*.
  *
  * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/limits.html
  */

src/Service/Kms/src/Input/CreateAliasRequest.php

@@ -33,7 +33,7 @@ final class CreateAliasRequest extends Input
      *
      * A valid key ID is required. If you supply a null or empty string value, this operation returns an error.
      *
-     * For help finding the key ID and ARN, see Finding the Key ID and ARN [^2] in the **Key Management Service Developer
+     * For help finding the key ID and ARN, see Find the key ID and key ARN [^2] in the **Key Management Service Developer
      * Guide**.
      *
      * Specify the key ID or key ARN of the KMS key.
@@ -46,7 +46,7 @@ final class CreateAliasRequest extends Input
      * To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
      *
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/find-cmk-id-arn.html
      *
      * @required
      *

src/Service/Kms/src/Input/CreateKeyRequest.php

@@ -28,18 +28,27 @@ final class CreateKeyRequest extends Input
      *   KMS. For more information, see Changes that I make are not always immediately visible [^2] in the *Amazon Web
      *   Services Identity and Access Management User Guide*.
      *
+     * > If either of the required `Resource` or `Action` elements are missing from a key policy statement, the policy
+     * > statement has no effect. When a key policy statement is missing one of these elements, the KMS console correctly
+     * > reports an error, but the `CreateKey` and `PutKeyPolicy` API requests succeed, even though the policy statement is
+     * > ineffective.
+     * >
+     * > For more information on required key policy elements, see Elements in a key policy [^3] in the *Key Management
+     * > Service Developer Guide*.
+     *
      * If you do not provide a key policy, KMS attaches a default key policy to the KMS key. For more information, see
-     * Default key policy [^3] in the *Key Management Service Developer Guide*.
+     * Default key policy [^4] in the *Key Management Service Developer Guide*.
      *
-     * The key policy size quota is 32 kilobytes (32768 bytes).
+     * > If the key policy exceeds the length constraint, KMS returns a `LimitExceededException`.
      *
-     * For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference [^4] in the **Identity and
+     * For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference [^5] in the **Identity and
      * Access Management User Guide**.
      *
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key
      * [^2]: https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency
-     * [^3]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default
-     * [^4]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
+     * [^3]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html#key-policy-elements
+     * [^4]: https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html
+     * [^5]: https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html
      *
      * @var string|null
      */
@@ -73,7 +82,7 @@ final class CreateKeyRequest extends Input
      * - For asymmetric KMS keys with SM2 key pairs (China Regions only), specify `ENCRYPT_DECRYPT`, `SIGN_VERIFY`, or
      *   `KEY_AGREEMENT`.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#cryptographic-operations
      *
      * @var KeyUsageType::*|null
      */
@@ -92,16 +101,16 @@ final class CreateKeyRequest extends Input
     /**
      * Specifies the type of KMS key to create. The default value, `SYMMETRIC_DEFAULT`, creates a KMS key with a 256-bit
      * AES-GCM key that is used for encryption and decryption, except in China Regions, where it creates a 128-bit symmetric
-     * key that uses SM4 encryption. For help choosing a key spec for your KMS key, see Choosing a KMS key type [^1] in the
-     * **Key Management Service Developer Guide**.
+     * key that uses SM4 encryption. For a detailed description of all supported key specs, see Key spec reference [^1] in
+     * the **Key Management Service Developer Guide**.
      *
      * The `KeySpec` determines whether the KMS key contains a symmetric key or an asymmetric key pair. It also determines
      * the algorithms that the KMS key supports. You can't change the `KeySpec` after the KMS key is created. To further
      * restrict the algorithms that can be used with the KMS key, use a condition key in its key policy or IAM policy. For
-     * more information, see kms:EncryptionAlgorithm [^2], kms:MacAlgorithm [^3] or kms:Signing Algorithm [^4] in the **Key
-     * Management Service Developer Guide**.
+     * more information, see kms:EncryptionAlgorithm [^2], kms:MacAlgorithm [^3], kms:KeyAgreementAlgorithm [^4], or
+     * kms:SigningAlgorithm [^5] in the **Key Management Service Developer Guide**.
      *
-     * ! Amazon Web Services services that are integrated with KMS [^5] use symmetric encryption KMS keys to protect your
+     * ! Amazon Web Services services that are integrated with KMS [^6] use symmetric encryption KMS keys to protect your
      * ! data. These services do not support asymmetric KMS keys or HMAC KMS keys.
      *
      * KMS supports the following key specs for KMS keys:
@@ -137,11 +146,12 @@ final class CreateKeyRequest extends Input
      *
      *   - `SM2` (China Regions only)
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-types.html#symm-asymm-choose
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-encryption-algorithm
-     * [^3]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-mac-algorithm
-     * [^4]: https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html#conditions-kms-signing-algorithm
-     * [^5]: http://aws.amazon.com/kms/features/#AWS_Service_Integration
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/symm-asymm-choose-key-spec.html
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-encryption-algorithm
+     * [^3]: https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-mac-algorithm
+     * [^4]: https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-key-agreement-algorithm
+     * [^5]: https://docs.aws.amazon.com/kms/latest/developerguide/conditions-kms.html#conditions-kms-signing-algorithm
+     * [^6]: http://aws.amazon.com/kms/features/#AWS_Service_Integration
      *
      * @var KeySpec::*|null
      */
@@ -183,7 +193,7 @@ final class CreateKeyRequest extends Input
      * associated CloudHSM cluster and associates it with the KMS key. When you create a KMS key in an external key store,
      * you must use the `XksKeyId` parameter to specify an external key that serves as key material for the KMS key.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html
      *
      * @var string|null
      */
@@ -224,8 +234,8 @@ final class CreateKeyRequest extends Input
      * an existing tag key with a different tag value, KMS replaces the current tag value with the specified one.
      *
      * When you add tags to an Amazon Web Services resource, Amazon Web Services generates a cost allocation report with
-     * usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tagging
-     * Keys [^3].
+     * usage and costs aggregated by tags. Tags can also be used to control access to a KMS key. For details, see Tags in
+     * KMS [^3].
      *
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/abac.html
      * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html
@@ -282,7 +292,7 @@ final class CreateKeyRequest extends Input
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-external-key
      * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html
      * [^3]: https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-xks-proxy
-     * [^4]: https://docs.aws.amazon.com/create-xks-keys.html#xks-key-requirements
+     * [^4]: https://docs.aws.amazon.com/kms/latest/developerguide/create-xks-keys.html#xks-key-requirements
      * [^5]: https://docs.aws.amazon.com/kms/latest/developerguide/keystore-external.html#concept-double-encryption
      *
      * @var string|null

src/Service/Kms/src/Input/DecryptRequest.php

@@ -33,8 +33,8 @@ final class DecryptRequest extends Input
      *
      * For more information, see Encryption context [^2] in the *Key Management Service Developer Guide*.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#cryptographic-operations
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html
      *
      * @var array<string, string>|null
      */
@@ -48,7 +48,7 @@ final class DecryptRequest extends Input
      * Management Service Developer Guide*.
      *
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html
      *
      * @var string[]|null
      */
@@ -118,10 +118,10 @@ final class DecryptRequest extends Input
     /**
      * Checks if your request will succeed. `DryRun` is an optional parameter.
      *
-     * To learn more about how to use this parameter, see Testing your KMS API calls [^1] in the *Key Management Service
+     * To learn more about how to use this parameter, see Testing your permissions [^1] in the *Key Management Service
      * Developer Guide*.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html
      *
      * @var bool|null
      */

src/Service/Kms/src/Input/EncryptRequest.php

@@ -58,8 +58,8 @@ final class EncryptRequest extends Input
      *
      * For more information, see Encryption context [^2] in the *Key Management Service Developer Guide*.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/kms-cryptography.html#cryptographic-operations
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html
      *
      * @var array<string, string>|null
      */
@@ -73,7 +73,7 @@ final class EncryptRequest extends Input
      * Management Service Developer Guide*.
      *
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html
      *
      * @var string[]|null
      */
@@ -95,10 +95,10 @@ final class EncryptRequest extends Input
     /**
      * Checks if your request will succeed. `DryRun` is an optional parameter.
      *
-     * To learn more about how to use this parameter, see Testing your KMS API calls [^1] in the *Key Management Service
+     * To learn more about how to use this parameter, see Testing your permissions [^1] in the *Key Management Service
      * Developer Guide*.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html
      *
      * @var bool|null
      */

src/Service/Kms/src/Input/GenerateDataKeyRequest.php

@@ -48,7 +48,7 @@ final class GenerateDataKeyRequest extends Input
      *
      * For more information, see Encryption context [^1] in the *Key Management Service Developer Guide*.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/encrypt_context.html
      *
      * @var array<string, string>|null
      */
@@ -84,7 +84,7 @@ final class GenerateDataKeyRequest extends Input
      * Management Service Developer Guide*.
      *
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html
      *
      * @var string[]|null
      */
@@ -117,10 +117,10 @@ final class GenerateDataKeyRequest extends Input
     /**
      * Checks if your request will succeed. `DryRun` is an optional parameter.
      *
-     * To learn more about how to use this parameter, see Testing your KMS API calls [^1] in the *Key Management Service
+     * To learn more about how to use this parameter, see Testing your permissions [^1] in the *Key Management Service
      * Developer Guide*.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html
      *
      * @var bool|null
      */

src/Service/Kms/src/Input/GetPublicKeyRequest.php

@@ -39,7 +39,7 @@ final class GetPublicKeyRequest extends Input
      * Management Service Developer Guide*.
      *
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html
      *
      * @var string[]|null
      */

src/Service/Kms/src/Input/SignRequest.php

@@ -71,7 +71,7 @@ final class SignRequest extends Input
      * - Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
      * - SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs [^1].
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/offline-operations.html#key-spec-sm-offline-verification
      *
      * @var MessageType::*|null
      */
@@ -85,7 +85,7 @@ final class SignRequest extends Input
      * Management Service Developer Guide*.
      *
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html
      *
      * @var string[]|null
      */
@@ -107,10 +107,10 @@ final class SignRequest extends Input
     /**
      * Checks if your request will succeed. `DryRun` is an optional parameter.
      *
-     * To learn more about how to use this parameter, see Testing your KMS API calls [^1] in the *Key Management Service
+     * To learn more about how to use this parameter, see Testing your permissions [^1] in the *Key Management Service
      * Developer Guide*.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html
      *
      * @var bool|null
      */

src/Service/Kms/src/Input/VerifyRequest.php

@@ -71,7 +71,7 @@ final class VerifyRequest extends Input
      * - Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
      * - SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification with SM2 key pairs [^1].
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/offline-operations.html#key-spec-sm-offline-verification
      *
      * @var MessageType::*|null
      */
@@ -104,7 +104,7 @@ final class VerifyRequest extends Input
      * Management Service Developer Guide*.
      *
      * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/grants.html#grant_token
-     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/grant-manage.html#using-grant-token
+     * [^2]: https://docs.aws.amazon.com/kms/latest/developerguide/using-grant-token.html
      *
      * @var string[]|null
      */
@@ -113,10 +113,10 @@ final class VerifyRequest extends Input
     /**
      * Checks if your request will succeed. `DryRun` is an optional parameter.
      *
-     * To learn more about how to use this parameter, see Testing your KMS API calls [^1] in the *Key Management Service
+     * To learn more about how to use this parameter, see Testing your permissions [^1] in the *Key Management Service
      * Developer Guide*.
      *
-     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/programming-dryrun.html
+     * [^1]: https://docs.aws.amazon.com/kms/latest/developerguide/testing-permissions.html
      *
      * @var bool|null
      */