docs(client-kms): This release updates AWS CLI examples for KMS APIs.

Author: awstools

clients/client-kms/README.md

@@ -16,18 +16,20 @@ see the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/">
 <note>
 <p>KMS has replaced the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
 <p>Amazon Web Services provides SDKs that consist of libraries and sample code for various programming
-languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a
-convenient way to create programmatic access to KMS and other Amazon Web Services services. For example,
-the SDKs take care of tasks such as signing requests (see below), managing errors, and
-retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to
-download and install them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web
-Services</a>.</p>
+languages and platforms (Java, Rust, Python, Ruby, .Net, macOS, Android, etc.). The SDKs
+provide a convenient way to create programmatic access to KMS and other Amazon Web Services services.
+For example, the SDKs take care of tasks such as signing requests (see below), managing
+errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs,
+including how to download and install them, see <a href="http://aws.amazon.com/tools/">Tools
+for Amazon Web Services</a>.</p>
 </note>
 <p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.</p>
 <p>If you need to use FIPS 140-2 validated cryptographic modules when communicating with
-Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the
-available FIPS endpoints, see <a href="https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region">Service endpoints</a> in the Key Management Service topic of
-the <i>Amazon Web Services General Reference</i>.</p>
+Amazon Web Services, use one of the FIPS endpoints in your preferred Amazon Web Services Region. If you need communicate
+over IPv6, use the dual-stack endpoint in your preferred Amazon Web Services Region. For more information
+see <a href="https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region">Service
+endpoints</a> in the Key Management Service topic of the <i>Amazon Web Services General Reference</i> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/ipv6-kms.html">Dual-stack endpoint
+support</a> in the KMS Developer Guide.</p>
 <p>All KMS API calls must be signed and be transmitted using Transport Layer Security
 (TLS). KMS recommends you always use the latest supported TLS version. Clients must also
 support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman

clients/client-kms/src/KMS.ts

@@ -991,18 +991,20 @@ export interface KMS {
  *          <note>
  *             <p>KMS has replaced the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
  *             <p>Amazon Web Services provides SDKs that consist of libraries and sample code for various programming
- *         languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a
- *         convenient way to create programmatic access to KMS and other Amazon Web Services services. For example,
- *         the SDKs take care of tasks such as signing requests (see below), managing errors, and
- *         retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to
- *         download and install them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web
- *           Services</a>.</p>
+ *         languages and platforms (Java, Rust, Python, Ruby, .Net, macOS, Android, etc.). The SDKs
+ *         provide a convenient way to create programmatic access to KMS and other Amazon Web Services services.
+ *         For example, the SDKs take care of tasks such as signing requests (see below), managing
+ *         errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs,
+ *         including how to download and install them, see <a href="http://aws.amazon.com/tools/">Tools
+ *           for Amazon Web Services</a>.</p>
  *          </note>
  *          <p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.</p>
  *          <p>If you need to use FIPS 140-2 validated cryptographic modules when communicating with
- *       Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the
- *       available FIPS endpoints, see <a href="https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region">Service endpoints</a> in the Key Management Service topic of
- *       the <i>Amazon Web Services General Reference</i>.</p>
+ *       Amazon Web Services, use one of the FIPS endpoints in your preferred Amazon Web Services Region. If you need communicate
+ *       over IPv6, use the dual-stack endpoint in your preferred Amazon Web Services Region. For more information
+ *       see <a href="https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region">Service
+ *         endpoints</a> in the Key Management Service topic of the <i>Amazon Web Services General Reference</i> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/ipv6-kms.html">Dual-stack endpoint
+ *         support</a> in the KMS Developer Guide.</p>
  *          <p>All KMS API calls must be signed and be transmitted using Transport Layer Security
  *       (TLS). KMS recommends you always use the latest supported TLS version. Clients must also
  *       support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman

clients/client-kms/src/KMSClient.ts

@@ -481,18 +481,20 @@ export interface KMSClientResolvedConfig extends KMSClientResolvedConfigType {}
  *          <note>
  *             <p>KMS has replaced the term <i>customer master key (CMK)</i> with <i>KMS key</i> and <i>KMS key</i>. The concept has not changed. To prevent breaking changes, KMS is keeping some variations of this term.</p>
  *             <p>Amazon Web Services provides SDKs that consist of libraries and sample code for various programming
- *         languages and platforms (Java, Ruby, .Net, macOS, Android, etc.). The SDKs provide a
- *         convenient way to create programmatic access to KMS and other Amazon Web Services services. For example,
- *         the SDKs take care of tasks such as signing requests (see below), managing errors, and
- *         retrying requests automatically. For more information about the Amazon Web Services SDKs, including how to
- *         download and install them, see <a href="http://aws.amazon.com/tools/">Tools for Amazon Web
- *           Services</a>.</p>
+ *         languages and platforms (Java, Rust, Python, Ruby, .Net, macOS, Android, etc.). The SDKs
+ *         provide a convenient way to create programmatic access to KMS and other Amazon Web Services services.
+ *         For example, the SDKs take care of tasks such as signing requests (see below), managing
+ *         errors, and retrying requests automatically. For more information about the Amazon Web Services SDKs,
+ *         including how to download and install them, see <a href="http://aws.amazon.com/tools/">Tools
+ *           for Amazon Web Services</a>.</p>
  *          </note>
  *          <p>We recommend that you use the Amazon Web Services SDKs to make programmatic API calls to KMS.</p>
  *          <p>If you need to use FIPS 140-2 validated cryptographic modules when communicating with
- *       Amazon Web Services, use the FIPS endpoint in your preferred Amazon Web Services Region. For more information about the
- *       available FIPS endpoints, see <a href="https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region">Service endpoints</a> in the Key Management Service topic of
- *       the <i>Amazon Web Services General Reference</i>.</p>
+ *       Amazon Web Services, use one of the FIPS endpoints in your preferred Amazon Web Services Region. If you need communicate
+ *       over IPv6, use the dual-stack endpoint in your preferred Amazon Web Services Region. For more information
+ *       see <a href="https://docs.aws.amazon.com/general/latest/gr/kms.html#kms_region">Service
+ *         endpoints</a> in the Key Management Service topic of the <i>Amazon Web Services General Reference</i> and <a href="https://docs.aws.amazon.com/kms/latest/developerguide/ipv6-kms.html">Dual-stack endpoint
+ *         support</a> in the KMS Developer Guide.</p>
  *          <p>All KMS API calls must be signed and be transmitted using Transport Layer Security
  *       (TLS). KMS recommends you always use the latest supported TLS version. Clients must also
  *       support cipher suites with Perfect Forward Secrecy (PFS) such as Ephemeral Diffie-Hellman

clients/client-kms/src/commands/ImportKeyMaterialCommand.ts

@@ -29,36 +29,36 @@ export interface ImportKeyMaterialCommandOutput extends ImportKeyMaterialRespons
 
 /**
  * <p>Imports or reimports key material into an existing KMS key that was created without key
- *       material. You can also use this operation to set or update the expiration model and expiration date of
- *       the imported key material.</p>
- *          <p>By default, KMS creates KMS keys with key material that it generates. You can also generate and
- *       import your own key material. For more information about importing key material, see
- *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing key
+ *       material. You can also use this operation to set or update the expiration model and expiration
+ *       date of the imported key material.</p>
+ *          <p>By default, KMS creates KMS keys with key material that it generates. You can also
+ *       generate and import your own key material. For more information about importing key material,
+ *       see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">Importing key
  *         material</a>.</p>
- *          <p>For asymmetric, HMAC and multi-Region keys, you cannot change the key material after the initial import.
- *       You can import multiple key materials into single-Region, symmetric encryption keys and rotate the key material
- *       on demand using <code>RotateKeyOnDemand</code>.</p>
+ *          <p>For asymmetric, HMAC and multi-Region keys, you cannot change the key material after the
+ *       initial import. You can import multiple key materials into single-Region, symmetric encryption
+ *       keys and rotate the key material on demand using <code>RotateKeyOnDemand</code>.</p>
  *          <p>After you import key material, you can <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-import-key-material.html#reimport-key-material">reimport
- *       the same key material</a> into that KMS key or, if the key supports on-demand rotation,
- *       import new key material. You can use the <code>ImportType</code> parameter to indicate
- *       whether you are importing new key material or re-importing previously imported key material.
- *       You might reimport key material to replace key material that expired or key material
- *       that you deleted. You might also reimport key material to change the expiration model or
- *       expiration date of the key material.</p>
+ *         the same key material</a> into that KMS key or, if the key supports on-demand rotation,
+ *       import new key material. You can use the <code>ImportType</code> parameter to indicate whether
+ *       you are importing new key material or re-importing previously imported key material. You might
+ *       reimport key material to replace key material that expired or key material that you deleted.
+ *       You might also reimport key material to change the expiration model or expiration date of the
+ *       key material.</p>
  *          <p>Each time you import key material into KMS, you can determine whether
  *         (<code>ExpirationModel</code>) and when (<code>ValidTo</code>) the key material expires. To
  *       change the expiration of your key material, you must import it again, either by calling
  *         <code>ImportKeyMaterial</code> or using the <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-import-key-material.html#importing-keys-import-key-material-console">import features</a> of the KMS console.</p>
  *          <p>Before you call <code>ImportKeyMaterial</code>, complete these steps:</p>
  *          <ul>
  *             <li>
- *                <p>Create or identify a KMS key with <code>EXTERNAL</code> origin, which indicates that the KMS key is
- *           designed for imported key material. </p>
+ *                <p>Create or identify a KMS key with <code>EXTERNAL</code> origin, which indicates that
+ *           the KMS key is designed for imported key material. </p>
  *                <p>To create a new KMS key for imported key material, call the <a>CreateKey</a> operation with an <code>Origin</code> value of <code>EXTERNAL</code>. You can create a
- *           symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, asymmetric key agreement key,
- *           or asymmetric signing KMS key. You can also import key material into a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">multi-Region key</a> of any
- *           supported type. However, you can't import key material into a KMS key in a
- *           <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a>.</p>
+ *           symmetric encryption KMS key, HMAC KMS key, asymmetric encryption KMS key, asymmetric key
+ *           agreement key, or asymmetric signing KMS key. You can also import key material into a
+ *             <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-overview.html">multi-Region key</a> of any supported type. However, you can't import key material
+ *           into a KMS key in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/key-store-overview.html">custom key store</a>.</p>
  *             </li>
  *             <li>
  *                <p>Call the <a>GetParametersForImport</a> operation to get a public key and
@@ -100,9 +100,9 @@ export interface ImportKeyMaterialCommandOutput extends ImportKeyMaterialRespons
  *          <p>When this operation is successful, the key state of the KMS key changes from
  *         <code>PendingImport</code> to <code>Enabled</code>, and you can use the KMS key in
  *       cryptographic operations. For single-Region, symmetric encryption keys, you will need to
- *       import all of the key materials associated with the KMS key to change its state to <code>Enabled</code>.
- *       Use the <code>ListKeyRotations</code> operation to list the ID and import state of each key material
- *       associated with a KMS key.</p>
+ *       import all of the key materials associated with the KMS key to change its state to
+ *         <code>Enabled</code>. Use the <code>ListKeyRotations</code> operation to list the ID and
+ *       import state of each key material associated with a KMS key.</p>
  *          <p>If this operation fails, use the exception to help determine the problem. If the error is
  *       related to the key material, the import token, or wrapping key, use <a>GetParametersForImport</a> to get a new public key and import token for the KMS key
  *       and repeat the import procedure. For help, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-conceptual.html">Create a KMS key with imported key
@@ -182,9 +182,9 @@ export interface ImportKeyMaterialCommandOutput extends ImportKeyMaterialRespons
  *
  * @throws {@link IncorrectKeyMaterialException} (client fault)
  *  <p>The request was rejected because the key material in the request is, expired, invalid, or
- *       does not meet expectations. For example, it is not the same key material that was previously imported or
- *       KMS expected new key material but the key material being imported is already associated with
- *       the KMS key.</p>
+ *       does not meet expectations. For example, it is not the same key material that was previously
+ *       imported or KMS expected new key material but the key material being imported is already
+ *       associated with the KMS key.</p>
  *
  * @throws {@link InvalidArnException} (client fault)
  *  <p>The request was rejected because a specified ARN, or an ARN in a key policy, is not

clients/client-kms/src/commands/ListKeyRotationsCommand.ts

@@ -28,9 +28,9 @@ export interface ListKeyRotationsCommandInput extends ListKeyRotationsRequest {}
 export interface ListKeyRotationsCommandOutput extends ListKeyRotationsResponse, __MetadataBearer {}
 
 /**
- * <p>Returns information about the key materials associated with the specified KMS
- *       key. You can use the optional <code>IncludeKeyMaterial</code> parameter to control which key materials
- *       are included in the response.</p>
+ * <p>Returns information about the key materials associated with the specified KMS key. You can
+ *       use the optional <code>IncludeKeyMaterial</code> parameter to control which key materials are
+ *       included in the response.</p>
  *          <p>You must specify the KMS key in all requests. You can refine the key rotations list by
  *       limiting the number of rotations returned.</p>
  *          <p>For detailed information about automatic and on-demand key rotations, see <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">Rotate KMS keys</a> in the