Struct aws_sdk_kms::operation::create_custom_key_store::builders::CreateCustomKeyStoreFluentBuilder
source · pub struct CreateCustomKeyStoreFluentBuilder { /* private fields */ }
Expand description
Fluent builder constructing a request to CreateCustomKeyStore
.
Creates a custom key store backed by a key store that you own and manage. When you use a KMS key in a custom key store for a cryptographic operation, the cryptographic operation is actually performed in your key store using your keys. KMS supports CloudHSM key stores backed by an CloudHSM cluster and external key stores backed by an external key store proxy and external key manager outside of Amazon Web Services.
This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.
Before you create the custom key store, the required elements must be in place and operational. We recommend that you use the test tools that KMS provides to verify the configuration your external key store proxy. For details about the required elements and verification tests, see Assemble the prerequisites (for CloudHSM key stores) or Assemble the prerequisites (for external key stores) in the Key Management Service Developer Guide.
To create a custom key store, use the following parameters.
-
To create an CloudHSM key store, specify the
CustomKeyStoreName
,CloudHsmClusterId
,KeyStorePassword
, andTrustAnchorCertificate
. TheCustomKeyStoreType
parameter is optional for CloudHSM key stores. If you include it, set it to the default value,AWS_CLOUDHSM
. For help with failures, see Troubleshooting an CloudHSM key store in the Key Management Service Developer Guide. -
To create an external key store, specify the
CustomKeyStoreName
and aCustomKeyStoreType
ofEXTERNAL_KEY_STORE
. Also, specify values forXksProxyConnectivity
,XksProxyAuthenticationCredential
,XksProxyUriEndpoint
, andXksProxyUriPath
. If yourXksProxyConnectivity
value isVPC_ENDPOINT_SERVICE
, specify theXksProxyVpcEndpointServiceName
parameter. For help with failures, see Troubleshooting an external key store in the Key Management Service Developer Guide.
For external key stores:
Some external key managers provide a simpler method for creating an external key store. For details, see your external key manager documentation.
When creating an external key store in the KMS console, you can upload a JSON-based proxy configuration file with the desired values. You cannot use a proxy configuration with the CreateCustomKeyStore
operation. However, you can use the values in the file to help you determine the correct values for the CreateCustomKeyStore
parameters.
When the operation completes successfully, it returns the ID of the new custom key store. Before you can use your new custom key store, you need to use the ConnectCustomKeyStore
operation to connect a new CloudHSM key store to its CloudHSM cluster, or to connect a new external key store to the external key store proxy for your external key manager. Even if you are not going to use your custom key store immediately, you might want to connect it to verify that all settings are correct and then disconnect it until you are ready to use it.
For help with failures, see Troubleshooting a custom key store in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:CreateCustomKeyStore (IAM policy).
Related operations:
-
ConnectCustomKeyStore
-
DeleteCustomKeyStore
-
DescribeCustomKeyStores
-
DisconnectCustomKeyStore
-
UpdateCustomKeyStore
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
Implementations§
source§impl CreateCustomKeyStoreFluentBuilder
impl CreateCustomKeyStoreFluentBuilder
sourcepub fn as_input(&self) -> &CreateCustomKeyStoreInputBuilder
pub fn as_input(&self) -> &CreateCustomKeyStoreInputBuilder
Access the CreateCustomKeyStore as a reference.
sourcepub async fn send(
self
) -> Result<CreateCustomKeyStoreOutput, SdkError<CreateCustomKeyStoreError, HttpResponse>>
pub async fn send( self ) -> Result<CreateCustomKeyStoreOutput, SdkError<CreateCustomKeyStoreError, HttpResponse>>
Sends the request and returns the response.
If an error occurs, an SdkError
will be returned with additional details that
can be matched against.
By default, any retryable failures will be retried twice. Retry behavior is configurable with the RetryConfig, which can be set when configuring the client.
sourcepub fn customize(
self
) -> CustomizableOperation<CreateCustomKeyStoreOutput, CreateCustomKeyStoreError, Self>
pub fn customize( self ) -> CustomizableOperation<CreateCustomKeyStoreOutput, CreateCustomKeyStoreError, Self>
Consumes this builder, creating a customizable operation that can be modified before being sent.
sourcepub fn custom_key_store_name(self, input: impl Into<String>) -> Self
pub fn custom_key_store_name(self, input: impl Into<String>) -> Self
Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account and Region. This parameter is required for all custom key stores.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
sourcepub fn set_custom_key_store_name(self, input: Option<String>) -> Self
pub fn set_custom_key_store_name(self, input: Option<String>) -> Self
Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account and Region. This parameter is required for all custom key stores.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
sourcepub fn get_custom_key_store_name(&self) -> &Option<String>
pub fn get_custom_key_store_name(&self) -> &Option<String>
Specifies a friendly name for the custom key store. The name must be unique in your Amazon Web Services account and Region. This parameter is required for all custom key stores.
Do not include confidential or sensitive information in this field. This field may be displayed in plaintext in CloudTrail logs and other output.
sourcepub fn cloud_hsm_cluster_id(self, input: impl Into<String>) -> Self
pub fn cloud_hsm_cluster_id(self, input: impl Into<String>) -> Self
Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores with CustomKeyStoreType
of AWS_CLOUDHSM
.
Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To find the cluster ID, use the DescribeClusters operation.
sourcepub fn set_cloud_hsm_cluster_id(self, input: Option<String>) -> Self
pub fn set_cloud_hsm_cluster_id(self, input: Option<String>) -> Self
Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores with CustomKeyStoreType
of AWS_CLOUDHSM
.
Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To find the cluster ID, use the DescribeClusters operation.
sourcepub fn get_cloud_hsm_cluster_id(&self) -> &Option<String>
pub fn get_cloud_hsm_cluster_id(&self) -> &Option<String>
Identifies the CloudHSM cluster for an CloudHSM key store. This parameter is required for custom key stores with CustomKeyStoreType
of AWS_CLOUDHSM
.
Enter the cluster ID of any active CloudHSM cluster that is not already associated with a custom key store. To find the cluster ID, use the DescribeClusters operation.
sourcepub fn trust_anchor_certificate(self, input: impl Into<String>) -> Self
pub fn trust_anchor_certificate(self, input: impl Into<String>) -> Self
Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType
of AWS_CLOUDHSM
.
Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the customerCA.crt
file that you created when you initialized the cluster.
sourcepub fn set_trust_anchor_certificate(self, input: Option<String>) -> Self
pub fn set_trust_anchor_certificate(self, input: Option<String>) -> Self
Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType
of AWS_CLOUDHSM
.
Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the customerCA.crt
file that you created when you initialized the cluster.
sourcepub fn get_trust_anchor_certificate(&self) -> &Option<String>
pub fn get_trust_anchor_certificate(&self) -> &Option<String>
Specifies the certificate for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType
of AWS_CLOUDHSM
.
Enter the content of the trust anchor certificate for the CloudHSM cluster. This is the content of the customerCA.crt
file that you created when you initialized the cluster.
sourcepub fn key_store_password(self, input: impl Into<String>) -> Self
pub fn key_store_password(self, input: impl Into<String>) -> Self
Specifies the kmsuser
password for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType
of AWS_CLOUDHSM
.
Enter the password of the kmsuser
crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as this user to manage key material on your behalf.
The password must be a string of 7 to 32 characters. Its value is case sensitive.
This parameter tells KMS the kmsuser
account password; it does not change the password in the CloudHSM cluster.
sourcepub fn set_key_store_password(self, input: Option<String>) -> Self
pub fn set_key_store_password(self, input: Option<String>) -> Self
Specifies the kmsuser
password for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType
of AWS_CLOUDHSM
.
Enter the password of the kmsuser
crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as this user to manage key material on your behalf.
The password must be a string of 7 to 32 characters. Its value is case sensitive.
This parameter tells KMS the kmsuser
account password; it does not change the password in the CloudHSM cluster.
sourcepub fn get_key_store_password(&self) -> &Option<String>
pub fn get_key_store_password(&self) -> &Option<String>
Specifies the kmsuser
password for an CloudHSM key store. This parameter is required for custom key stores with a CustomKeyStoreType
of AWS_CLOUDHSM
.
Enter the password of the kmsuser
crypto user (CU) account in the specified CloudHSM cluster. KMS logs into the cluster as this user to manage key material on your behalf.
The password must be a string of 7 to 32 characters. Its value is case sensitive.
This parameter tells KMS the kmsuser
account password; it does not change the password in the CloudHSM cluster.
sourcepub fn custom_key_store_type(self, input: CustomKeyStoreType) -> Self
pub fn custom_key_store_type(self, input: CustomKeyStoreType) -> Self
Specifies the type of custom key store. The default value is AWS_CLOUDHSM
.
For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM
. For a custom key store backed by an external key manager outside of Amazon Web Services, enter EXTERNAL_KEY_STORE
. You cannot change this property after the key store is created.
sourcepub fn set_custom_key_store_type(
self,
input: Option<CustomKeyStoreType>
) -> Self
pub fn set_custom_key_store_type( self, input: Option<CustomKeyStoreType> ) -> Self
Specifies the type of custom key store. The default value is AWS_CLOUDHSM
.
For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM
. For a custom key store backed by an external key manager outside of Amazon Web Services, enter EXTERNAL_KEY_STORE
. You cannot change this property after the key store is created.
sourcepub fn get_custom_key_store_type(&self) -> &Option<CustomKeyStoreType>
pub fn get_custom_key_store_type(&self) -> &Option<CustomKeyStoreType>
Specifies the type of custom key store. The default value is AWS_CLOUDHSM
.
For a custom key store backed by an CloudHSM cluster, omit the parameter or enter AWS_CLOUDHSM
. For a custom key store backed by an external key manager outside of Amazon Web Services, enter EXTERNAL_KEY_STORE
. You cannot change this property after the key store is created.
sourcepub fn xks_proxy_uri_endpoint(self, input: impl Into<String>) -> Self
pub fn xks_proxy_uri_endpoint(self, input: impl Into<String>) -> Self
Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This parameter is required for custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the XksProxyUriEndpoint
value.
For external key stores with XksProxyConnectivity
value of VPC_ENDPOINT_SERVICE
, specify https://
followed by the private DNS name of the VPC endpoint service.
For external key stores with PUBLIC_ENDPOINT
connectivity, this endpoint must be reachable before you create the custom key store. KMS connects to the external key store proxy while creating the custom key store. For external key stores with VPC_ENDPOINT_SERVICE
connectivity, KMS connects when you call the ConnectCustomKeyStore
operation.
The value of this parameter must begin with https://
. The remainder can contain upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.
), and hyphens (-
). Additional slashes (/
and \
) are not permitted.
Uniqueness requirements:
-
The combined
XksProxyUriEndpoint
andXksProxyUriPath
values must be unique in the Amazon Web Services account and Region. -
An external key store with
PUBLIC_ENDPOINT
connectivity cannot use the sameXksProxyUriEndpoint
value as an external key store withVPC_ENDPOINT_SERVICE
connectivity in this Amazon Web Services Region. -
Each external key store with
VPC_ENDPOINT_SERVICE
connectivity must have its own private DNS name. TheXksProxyUriEndpoint
value for external key stores withVPC_ENDPOINT_SERVICE
connectivity (private DNS name) must be unique in the Amazon Web Services account and Region.
sourcepub fn set_xks_proxy_uri_endpoint(self, input: Option<String>) -> Self
pub fn set_xks_proxy_uri_endpoint(self, input: Option<String>) -> Self
Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This parameter is required for custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the XksProxyUriEndpoint
value.
For external key stores with XksProxyConnectivity
value of VPC_ENDPOINT_SERVICE
, specify https://
followed by the private DNS name of the VPC endpoint service.
For external key stores with PUBLIC_ENDPOINT
connectivity, this endpoint must be reachable before you create the custom key store. KMS connects to the external key store proxy while creating the custom key store. For external key stores with VPC_ENDPOINT_SERVICE
connectivity, KMS connects when you call the ConnectCustomKeyStore
operation.
The value of this parameter must begin with https://
. The remainder can contain upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.
), and hyphens (-
). Additional slashes (/
and \
) are not permitted.
Uniqueness requirements:
-
The combined
XksProxyUriEndpoint
andXksProxyUriPath
values must be unique in the Amazon Web Services account and Region. -
An external key store with
PUBLIC_ENDPOINT
connectivity cannot use the sameXksProxyUriEndpoint
value as an external key store withVPC_ENDPOINT_SERVICE
connectivity in this Amazon Web Services Region. -
Each external key store with
VPC_ENDPOINT_SERVICE
connectivity must have its own private DNS name. TheXksProxyUriEndpoint
value for external key stores withVPC_ENDPOINT_SERVICE
connectivity (private DNS name) must be unique in the Amazon Web Services account and Region.
sourcepub fn get_xks_proxy_uri_endpoint(&self) -> &Option<String>
pub fn get_xks_proxy_uri_endpoint(&self) -> &Option<String>
Specifies the endpoint that KMS uses to send requests to the external key store proxy (XKS proxy). This parameter is required for custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
The protocol must be HTTPS. KMS communicates on port 443. Do not specify the port in the XksProxyUriEndpoint
value.
For external key stores with XksProxyConnectivity
value of VPC_ENDPOINT_SERVICE
, specify https://
followed by the private DNS name of the VPC endpoint service.
For external key stores with PUBLIC_ENDPOINT
connectivity, this endpoint must be reachable before you create the custom key store. KMS connects to the external key store proxy while creating the custom key store. For external key stores with VPC_ENDPOINT_SERVICE
connectivity, KMS connects when you call the ConnectCustomKeyStore
operation.
The value of this parameter must begin with https://
. The remainder can contain upper and lower case letters (A-Z and a-z), numbers (0-9), dots (.
), and hyphens (-
). Additional slashes (/
and \
) are not permitted.
Uniqueness requirements:
-
The combined
XksProxyUriEndpoint
andXksProxyUriPath
values must be unique in the Amazon Web Services account and Region. -
An external key store with
PUBLIC_ENDPOINT
connectivity cannot use the sameXksProxyUriEndpoint
value as an external key store withVPC_ENDPOINT_SERVICE
connectivity in this Amazon Web Services Region. -
Each external key store with
VPC_ENDPOINT_SERVICE
connectivity must have its own private DNS name. TheXksProxyUriEndpoint
value for external key stores withVPC_ENDPOINT_SERVICE
connectivity (private DNS name) must be unique in the Amazon Web Services account and Region.
sourcepub fn xks_proxy_uri_path(self, input: impl Into<String>) -> Self
pub fn xks_proxy_uri_path(self, input: impl Into<String>) -> Self
Specifies the base path to the proxy APIs for this external key store. To find this value, see the documentation for your external key store proxy. This parameter is required for all custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
The value must start with /
and must end with /kms/xks/v1
where v1
represents the version of the KMS external key store proxy API. This path can include an optional prefix between the required elements such as /prefix/kms/xks/v1
.
Uniqueness requirements:
-
The combined
XksProxyUriEndpoint
andXksProxyUriPath
values must be unique in the Amazon Web Services account and Region.
sourcepub fn set_xks_proxy_uri_path(self, input: Option<String>) -> Self
pub fn set_xks_proxy_uri_path(self, input: Option<String>) -> Self
Specifies the base path to the proxy APIs for this external key store. To find this value, see the documentation for your external key store proxy. This parameter is required for all custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
The value must start with /
and must end with /kms/xks/v1
where v1
represents the version of the KMS external key store proxy API. This path can include an optional prefix between the required elements such as /prefix/kms/xks/v1
.
Uniqueness requirements:
-
The combined
XksProxyUriEndpoint
andXksProxyUriPath
values must be unique in the Amazon Web Services account and Region.
sourcepub fn get_xks_proxy_uri_path(&self) -> &Option<String>
pub fn get_xks_proxy_uri_path(&self) -> &Option<String>
Specifies the base path to the proxy APIs for this external key store. To find this value, see the documentation for your external key store proxy. This parameter is required for all custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
The value must start with /
and must end with /kms/xks/v1
where v1
represents the version of the KMS external key store proxy API. This path can include an optional prefix between the required elements such as /prefix/kms/xks/v1
.
Uniqueness requirements:
-
The combined
XksProxyUriEndpoint
andXksProxyUriPath
values must be unique in the Amazon Web Services account and Region.
sourcepub fn xks_proxy_vpc_endpoint_service_name(
self,
input: impl Into<String>
) -> Self
pub fn xks_proxy_vpc_endpoint_service_name( self, input: impl Into<String> ) -> Self
Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with your external key store proxy (XKS proxy). This parameter is required when the value of CustomKeyStoreType
is EXTERNAL_KEY_STORE
and the value of XksProxyConnectivity
is VPC_ENDPOINT_SERVICE
.
The Amazon VPC endpoint service must fulfill all requirements for use with an external key store.
Uniqueness requirements:
-
External key stores with
VPC_ENDPOINT_SERVICE
connectivity can share an Amazon VPC, but each external key store must have its own VPC endpoint service and private DNS name.
sourcepub fn set_xks_proxy_vpc_endpoint_service_name(
self,
input: Option<String>
) -> Self
pub fn set_xks_proxy_vpc_endpoint_service_name( self, input: Option<String> ) -> Self
Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with your external key store proxy (XKS proxy). This parameter is required when the value of CustomKeyStoreType
is EXTERNAL_KEY_STORE
and the value of XksProxyConnectivity
is VPC_ENDPOINT_SERVICE
.
The Amazon VPC endpoint service must fulfill all requirements for use with an external key store.
Uniqueness requirements:
-
External key stores with
VPC_ENDPOINT_SERVICE
connectivity can share an Amazon VPC, but each external key store must have its own VPC endpoint service and private DNS name.
sourcepub fn get_xks_proxy_vpc_endpoint_service_name(&self) -> &Option<String>
pub fn get_xks_proxy_vpc_endpoint_service_name(&self) -> &Option<String>
Specifies the name of the Amazon VPC endpoint service for interface endpoints that is used to communicate with your external key store proxy (XKS proxy). This parameter is required when the value of CustomKeyStoreType
is EXTERNAL_KEY_STORE
and the value of XksProxyConnectivity
is VPC_ENDPOINT_SERVICE
.
The Amazon VPC endpoint service must fulfill all requirements for use with an external key store.
Uniqueness requirements:
-
External key stores with
VPC_ENDPOINT_SERVICE
connectivity can share an Amazon VPC, but each external key store must have its own VPC endpoint service and private DNS name.
sourcepub fn xks_proxy_authentication_credential(
self,
input: XksProxyAuthenticationCredentialType
) -> Self
pub fn xks_proxy_authentication_credential( self, input: XksProxyAuthenticationCredentialType ) -> Self
Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required for all custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
The XksProxyAuthenticationCredential
has two required elements: RawSecretAccessKey
, a secret key, and AccessKeyId
, a unique identifier for the RawSecretAccessKey
. For character requirements, see XksProxyAuthenticationCredentialType.
KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the credential that you established on your external key store proxy. If you rotate your proxy authentication credential, use the UpdateCustomKeyStore
operation to provide the new credential to KMS.
sourcepub fn set_xks_proxy_authentication_credential(
self,
input: Option<XksProxyAuthenticationCredentialType>
) -> Self
pub fn set_xks_proxy_authentication_credential( self, input: Option<XksProxyAuthenticationCredentialType> ) -> Self
Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required for all custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
The XksProxyAuthenticationCredential
has two required elements: RawSecretAccessKey
, a secret key, and AccessKeyId
, a unique identifier for the RawSecretAccessKey
. For character requirements, see XksProxyAuthenticationCredentialType.
KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the credential that you established on your external key store proxy. If you rotate your proxy authentication credential, use the UpdateCustomKeyStore
operation to provide the new credential to KMS.
sourcepub fn get_xks_proxy_authentication_credential(
&self
) -> &Option<XksProxyAuthenticationCredentialType>
pub fn get_xks_proxy_authentication_credential( &self ) -> &Option<XksProxyAuthenticationCredentialType>
Specifies an authentication credential for the external key store proxy (XKS proxy). This parameter is required for all custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
The XksProxyAuthenticationCredential
has two required elements: RawSecretAccessKey
, a secret key, and AccessKeyId
, a unique identifier for the RawSecretAccessKey
. For character requirements, see XksProxyAuthenticationCredentialType.
KMS uses this authentication credential to sign requests to the external key store proxy on your behalf. This credential is unrelated to Identity and Access Management (IAM) and Amazon Web Services credentials.
This parameter doesn't set or change the authentication credentials on the XKS proxy. It just tells KMS the credential that you established on your external key store proxy. If you rotate your proxy authentication credential, use the UpdateCustomKeyStore
operation to provide the new credential to KMS.
sourcepub fn xks_proxy_connectivity(self, input: XksProxyConnectivityType) -> Self
pub fn xks_proxy_connectivity(self, input: XksProxyConnectivityType) -> Self
Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT
. If the external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify VPC_ENDPOINT_SERVICE
. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data center.
sourcepub fn set_xks_proxy_connectivity(
self,
input: Option<XksProxyConnectivityType>
) -> Self
pub fn set_xks_proxy_connectivity( self, input: Option<XksProxyConnectivityType> ) -> Self
Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT
. If the external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify VPC_ENDPOINT_SERVICE
. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data center.
sourcepub fn get_xks_proxy_connectivity(&self) -> &Option<XksProxyConnectivityType>
pub fn get_xks_proxy_connectivity(&self) -> &Option<XksProxyConnectivityType>
Indicates how KMS communicates with the external key store proxy. This parameter is required for custom key stores with a CustomKeyStoreType
of EXTERNAL_KEY_STORE
.
If the external key store proxy uses a public endpoint, specify PUBLIC_ENDPOINT
. If the external key store proxy uses a Amazon VPC endpoint service for communication with KMS, specify VPC_ENDPOINT_SERVICE
. For help making this choice, see Choosing a connectivity option in the Key Management Service Developer Guide.
An Amazon VPC endpoint service keeps your communication with KMS in a private address space entirely within Amazon Web Services, but it requires more configuration, including establishing a Amazon VPC with multiple subnets, a VPC endpoint service, a network load balancer, and a verified private DNS name. A public endpoint is simpler to set up, but it might be slower and might not fulfill your security requirements. You might consider testing with a public endpoint, and then establishing a VPC endpoint service for production tasks. Note that this choice does not determine the location of the external key store proxy. Even if you choose a VPC endpoint service, the proxy can be hosted within the VPC or outside of Amazon Web Services such as in your corporate data center.
Trait Implementations§
source§impl Clone for CreateCustomKeyStoreFluentBuilder
impl Clone for CreateCustomKeyStoreFluentBuilder
source§fn clone(&self) -> CreateCustomKeyStoreFluentBuilder
fn clone(&self) -> CreateCustomKeyStoreFluentBuilder
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more