mirrors/ceph-csi
1
0
Fork 0
mirror of https://github.com/ceph/ceph-csi.git synced 2025-06-13 02:33:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

rebase: Bump github.com/aws/aws-sdk-go from 1.44.205 to 1.44.220

Browse Source 
Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.44.205 to 1.44.220.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Changelog](https://github.com/aws/aws-sdk-go/blob/main/CHANGELOG_PENDING.md)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.44.205...v1.44.220)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot]
2023-03-13 21:04:04 +00:00
committed by mergify[bot]
parent 7a8b041ca9
commit 30c4caba56
8 changed files with 820 additions and 262 deletions
Download Patch File Download Diff File Expand all files Collapse all files

247
vendor/github.com/aws/aws-sdk-go/service/kms/api.go generated vendored
View File

@ -1449,11 +1449,11 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output
// KMS key that you intend.
//
// Whenever possible, use key policies to give users permission to call the
// Decrypt operation on a particular KMS key, instead of using IAM policies.
// Otherwise, you might create an IAM user policy that gives the user Decrypt
// permission on all KMS keys. This user could decrypt ciphertext that was encrypted
// by KMS keys in other accounts if the key policy for the cross-account KMS
// key permits it. If you must use an IAM policy for Decrypt permissions, limit
// Decrypt operation on a particular KMS key, instead of using &IAM; policies.
// Otherwise, you might create an &IAM; policy that gives the user Decrypt permission
// on all KMS keys. This user could decrypt ciphertext that was encrypted by
// KMS keys in other accounts if the key policy for the cross-account KMS key
// permits it. If you must use an IAM policy for Decrypt permissions, limit
// the user to particular KMS keys or particular trusted accounts. For details,
// see Best practices for IAM policies (https://docs.aws.amazon.com/kms/latest/developerguide/iam-policies.html#iam-policies-best-practices)
// in the Key Management Service Developer Guide.
@ -1468,9 +1468,9 @@ func (c *KMS) DecryptRequest(input *DecryptInput) (req *request.Request, output
// For details, see Key states of KMS keys (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html)
// in the Key Management Service Developer Guide.
//
// Cross-account use: Yes. To perform this operation with a KMS key in a different
// Amazon Web Services account, specify the key ARN or alias ARN in the value
// of the KeyId parameter.
// Cross-account use: Yes. If you use the KeyId parameter to identify a KMS
// key in a different Amazon Web Services account, specify the key ARN or the
// alias ARN of the KMS key.
//
// Required permissions: kms:Decrypt (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html)
// (key policy)
@ -3360,9 +3360,9 @@ func (c *KMS) GenerateDataKeyRequest(input *GenerateDataKeyInput) (req *request.
// or NumberOfBytes parameters (but not both). For 128-bit and 256-bit data
// keys, use the KeySpec parameter.
//
// To generate an SM4 data key (China Regions only), specify a KeySpec value
// of AES_128 or NumberOfBytes value of 128. The symmetric encryption key used
// in China Regions to encrypt your data key is an SM4 encryption key.
// To generate a 128-bit SM4 data key (China Regions only), specify a KeySpec
// value of AES_128 or a NumberOfBytes value of 16. The symmetric encryption
// key used in China Regions to encrypt your data key is an SM4 encryption key.
//
// To get only an encrypted copy of the data key, use GenerateDataKeyWithoutPlaintext.
// To generate an asymmetric data key pair, use the GenerateDataKeyPair or GenerateDataKeyPairWithoutPlaintext
@ -8661,9 +8661,11 @@ func (c *KMS) VerifyRequest(input *VerifyInput) (req *request.Request, output *V
// (https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html)
// in the Key Management Service Developer Guide.
//
// To verify a digital signature, you can use the Verify operation. Specify
// the same asymmetric KMS key, message, and signing algorithm that were used
// to produce the signature.
// To use the Verify operation, specify the same asymmetric KMS key, message,
// and signing algorithm that were used to produce the signature. The message
// type does not need to be the same as the one used for signing, but it must
// indicate whether the value of the Message parameter should be hashed as part
// of the verification process.
//
// You can also verify the digital signature by using the public key of the
// KMS key outside of KMS. Use the GetPublicKey operation to download the public
@ -10073,13 +10075,11 @@ type CreateGrantInput struct {
// The identity that gets the permissions specified in the grant.
//
// To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an Amazon Web Services principal. Valid Amazon Web Services principals
// include Amazon Web Services accounts (root), IAM users, IAM roles, federated
// users, and assumed role users. For examples of the ARN syntax to use for
// specifying a principal, see Amazon Web Services Identity and Access Management
// (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam)
// in the Example ARNs section of the Amazon Web Services General Reference.
// To specify the grantee principal, use the Amazon Resource Name (ARN) of an
// Amazon Web Services principal. Valid principals include Amazon Web Services
// accounts, IAM users, IAM roles, federated users, and assumed role users.
// For help with the ARN syntax for a principal, see IAM ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns)
// in the Identity and Access Management User Guide .
//
// GranteePrincipal is a required field
GranteePrincipal *string `min:"1" type:"string" required:"true"`
@ -10132,12 +10132,10 @@ type CreateGrantInput struct {
// the grant.
//
// To specify the principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an Amazon Web Services principal. Valid Amazon Web Services principals
// include Amazon Web Services accounts (root), IAM users, federated users,
// and assumed role users. For examples of the ARN syntax to use for specifying
// a principal, see Amazon Web Services Identity and Access Management (IAM)
// (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam)
// in the Example ARNs section of the Amazon Web Services General Reference.
// of an Amazon Web Services principal. Valid principals include Amazon Web
// Services accounts, IAM users, IAM roles, federated users, and assumed role
// users. For help with the ARN syntax for a principal, see IAM ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns)
// in the Identity and Access Management User Guide .
//
// The grant determines the retiring principal. Other principals might have
// permission to retire the grant or revoke the grant. For details, see RevokeGrant
@ -10288,19 +10286,18 @@ func (s *CreateGrantOutput) SetGrantToken(v string) *CreateGrantOutput {
type CreateKeyInput struct {
_ struct{} `type:"structure"`
// A flag to indicate whether to bypass the key policy lockout safety check.
// Skips ("bypasses") the key policy lockout safety check. The default value
// is false.
//
// Setting this value to true increases the risk that the KMS key becomes unmanageable.
// Do not set this value to true indiscriminately.
//
// For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section in the Key Management Service Developer Guide .
// For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key)
// in the Key Management Service Developer Guide.
//
// Use this parameter only when you include a policy in the request and you
// intend to prevent the principal that is making the request from making a
// subsequent PutKeyPolicy request on the KMS key.
//
// The default value is false.
// Use this parameter only when you intend to prevent the principal that is
// making the request from making a subsequent PutKeyPolicy request on the KMS
// key.
BypassPolicyLockoutSafetyCheck *bool `type:"boolean"`
// Creates the KMS key in the specified custom key store (https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html).
@ -10442,24 +10439,23 @@ type CreateKeyInput struct {
//
// If you provide a key policy, it must meet the following criteria:
//
// * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy
// must allow the principal that is making the CreateKey request to make
// a subsequent PutKeyPolicy request on the KMS key. This reduces the risk
// that the KMS key becomes unmanageable. For more information, refer to
// the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section of the Key Management Service Developer Guide .
// * The key policy must allow the calling principal to make a subsequent
// PutKeyPolicy request on the KMS key. This reduces the risk that the KMS
// key becomes unmanageable. For more information, see Default key policy
// (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key)
// in the Key Management Service Developer Guide. (To omit this condition,
// set BypassPolicyLockoutSafetyCheck to true.)
//
// * Each statement in the key policy must contain one or more principals.
// The principals in the key policy must exist and be visible to KMS. When
// you create a new Amazon Web Services principal (for example, an IAM user
// or role), you might need to enforce a delay before including the new principal
// in a key policy because the new principal might not be immediately visible
// to KMS. For more information, see Changes that I make are not always immediately
// visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// you create a new Amazon Web Services principal, you might need to enforce
// a delay before including the new principal in a key policy because the
// new principal might not be immediately visible to KMS. For more information,
// see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the Amazon Web Services Identity and Access Management User Guide.
//
// If you do not provide a key policy, KMS attaches a default key policy to
// the KMS key. For more information, see Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
// the KMS key. For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default)
// in the Key Management Service Developer Guide.
//
// The key policy size quota is 32 kilobytes (32768 bytes).
@ -13957,11 +13953,17 @@ type GetParametersForImportInput struct {
// KeyId is a required field
KeyId *string `min:"1" type:"string" required:"true"`
// The algorithm you will use to encrypt the key material before importing it
// with ImportKeyMaterial. For more information, see Encrypt the Key Material
// The algorithm you will use to encrypt the key material before using the ImportKeyMaterial
// operation to import it. For more information, see Encrypt the key material
// (https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys-encrypt-key-material.html)
// in the Key Management Service Developer Guide.
//
// The RSAES_PKCS1_V1_5 wrapping algorithm is deprecated. We recommend that
// you begin using a different wrapping algorithm immediately. KMS will end
// support for RSAES_PKCS1_V1_5 by October 1, 2023 pursuant to cryptographic
// key management guidance (https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf)
// from the National Institute of Standards and Technology (NIST).
//
// WrappingAlgorithm is a required field
WrappingAlgorithm *string `type:"string" required:"true" enum:"AlgorithmSpec"`
@ -16893,11 +16895,10 @@ type ListRetirableGrantsInput struct {
// Amazon Web Services account.
//
// To specify the retiring principal, use the Amazon Resource Name (ARN) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html)
// of an Amazon Web Services principal. Valid Amazon Web Services principals
// include Amazon Web Services accounts (root), IAM users, federated users,
// and assumed role users. For examples of the ARN syntax for specifying a principal,
// see Amazon Web Services Identity and Access Management (IAM) (https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam)
// in the Example ARNs section of the Amazon Web Services General Reference.
// of an Amazon Web Services principal. Valid principals include Amazon Web
// Services accounts, IAM users, IAM roles, federated users, and assumed role
// users. For help with the ARN syntax for a principal, see IAM ARNs (https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html#identifiers-arns)
// in the Identity and Access Management User Guide .
//
// RetiringPrincipal is a required field
RetiringPrincipal *string `min:"1" type:"string" required:"true"`
@ -17191,19 +17192,18 @@ func (s *NotFoundException) RequestID() string {
type PutKeyPolicyInput struct {
_ struct{} `type:"structure"`
// A flag to indicate whether to bypass the key policy lockout safety check.
// Skips ("bypasses") the key policy lockout safety check. The default value
// is false.
//
// Setting this value to true increases the risk that the KMS key becomes unmanageable.
// Do not set this value to true indiscriminately.
//
// For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section in the Key Management Service Developer Guide.
// For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key)
// in the Key Management Service Developer Guide.
//
// Use this parameter only when you intend to prevent the principal that is
// making the request from making a subsequent PutKeyPolicy request on the KMS
// key.
//
// The default value is false.
BypassPolicyLockoutSafetyCheck *bool `type:"boolean"`
// Sets the key policy on the specified KMS key.
@ -17225,20 +17225,19 @@ type PutKeyPolicyInput struct {
//
// The key policy must meet the following criteria:
//
// * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy
// must allow the principal that is making the PutKeyPolicy request to make
// a subsequent PutKeyPolicy request on the KMS key. This reduces the risk
// that the KMS key becomes unmanageable. For more information, refer to
// the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section of the Key Management Service Developer Guide.
// * The key policy must allow the calling principal to make a subsequent
// PutKeyPolicy request on the KMS key. This reduces the risk that the KMS
// key becomes unmanageable. For more information, see Default key policy
// (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key)
// in the Key Management Service Developer Guide. (To omit this condition,
// set BypassPolicyLockoutSafetyCheck to true.)
//
// * Each statement in the key policy must contain one or more principals.
// The principals in the key policy must exist and be visible to KMS. When
// you create a new Amazon Web Services principal (for example, an IAM user
// or role), you might need to enforce a delay before including the new principal
// in a key policy because the new principal might not be immediately visible
// to KMS. For more information, see Changes that I make are not always immediately
// visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// you create a new Amazon Web Services principal, you might need to enforce
// a delay before including the new principal in a key policy because the
// new principal might not be immediately visible to KMS. For more information,
// see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the Amazon Web Services Identity and Access Management User Guide.
//
// A key policy document can include only the following characters:
@ -17651,19 +17650,18 @@ func (s *ReEncryptOutput) SetSourceKeyId(v string) *ReEncryptOutput {
type ReplicateKeyInput struct {
_ struct{} `type:"structure"`
// A flag to indicate whether to bypass the key policy lockout safety check.
// Skips ("bypasses") the key policy lockout safety check. The default value
// is false.
//
// Setting this value to true increases the risk that the KMS key becomes unmanageable.
// Do not set this value to true indiscriminately.
//
// For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section in the Key Management Service Developer Guide.
// For more information, see Default key policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key)
// in the Key Management Service Developer Guide.
//
// Use this parameter only when you intend to prevent the principal that is
// making the request from making a subsequent PutKeyPolicy request on the KMS
// key.
//
// The default value is false.
BypassPolicyLockoutSafetyCheck *bool `type:"boolean"`
// A description of the KMS key. The default value is an empty string (no description).
@ -17700,20 +17698,20 @@ type ReplicateKeyInput struct {
//
// If you provide a key policy, it must meet the following criteria:
//
// * If you don't set BypassPolicyLockoutSafetyCheck to true, the key policy
// must give the caller kms:PutKeyPolicy permission on the replica key. This
// reduces the risk that the KMS key becomes unmanageable. For more information,
// refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam)
// section of the Key Management Service Developer Guide .
// * The key policy must allow the calling principal to make a subsequent
// PutKeyPolicy request on the KMS key. This reduces the risk that the KMS
// key becomes unmanageable. For more information, see Default key policy
// (https://docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key)
// in the Key Management Service Developer Guide. (To omit this condition,
// set BypassPolicyLockoutSafetyCheck to true.)
//
// * Each statement in the key policy must contain one or more principals.
// The principals in the key policy must exist and be visible to KMS. When
// you create a new Amazon Web Services principal (for example, an IAM user
// or role), you might need to enforce a delay before including the new principal
// in a key policy because the new principal might not be immediately visible
// to KMS. For more information, see Changes that I make are not always immediately
// visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the Identity and Access Management User Guide .
// you create a new Amazon Web Services principal, you might need to enforce
// a delay before including the new principal in a key policy because the
// new principal might not be immediately visible to KMS. For more information,
// see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency)
// in the Amazon Web Services Identity and Access Management User Guide.
//
// A key policy document can include only the following characters:
//
@ -18323,10 +18321,10 @@ type SignInput struct {
KeyId *string `min:"1" type:"string" required:"true"`
// Specifies the message or message digest to sign. Messages can be 0-4096 bytes.
// To sign a larger message, provide the message digest.
// To sign a larger message, provide a message digest.
//
// If you provide a message, KMS generates a hash digest of the message and
// then signs it.
// If you provide a message digest, use the DIGEST value of MessageType to prevent
// the digest from being hashed again while signing.
//
// Message is a sensitive parameter and its value will be
// replaced with "sensitive" in string returned by SignInput's
@ -18337,15 +18335,44 @@ type SignInput struct {
// Message is a required field
Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"`
// Tells KMS whether the value of the Message parameter is a message or message
// digest. The default value, RAW, indicates a message. To indicate a message
// digest, enter DIGEST.
// Tells KMS whether the value of the Message parameter should be hashed as
// part of the signing algorithm. Use RAW for unhashed messages; use DIGEST
// for message digests, which are already hashed.
//
// When the value of MessageType is RAW, KMS uses the standard signing algorithm,
// which begins with a hash function. When the value is DIGEST, KMS skips the
// hashing step in the signing algorithm.
//
// Use the DIGEST value only when the value of the Message parameter is a message
// digest. If you use the DIGEST value with an unhashed message, the security
// of the signing operation can be compromised.
//
// When the value of MessageTypeis DIGEST, the length of the Message value must
// match the length of hashed messages for the specified signing algorithm.
//
// You can submit a message digest and omit the MessageType or specify RAW so
// the digest is hashed again while signing. However, this can cause verification
// failures when verifying with a system that assumes a single hash.
//
// The hashing algorithm in that Sign uses is based on the SigningAlgorithm
// value.
//
// * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
//
// * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
//
// * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
//
// * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification
// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification).
MessageType *string `type:"string" enum:"MessageType"`
// Specifies the signing algorithm to use when signing the message.
//
// Choose an algorithm that is compatible with the type and size of the specified
// asymmetric KMS key.
// asymmetric KMS key. When signing with RSA key pairs, RSASSA-PSS algorithms
// are preferred. We include RSASSA-PKCS1-v1_5 algorithms for compatibility
// with existing applications.
//
// SigningAlgorithm is a required field
SigningAlgorithm *string `type:"string" required:"true" enum:"SigningAlgorithmSpec"`
@ -19507,13 +19534,37 @@ type VerifyInput struct {
// Message is a required field
Message []byte `min:"1" type:"blob" required:"true" sensitive:"true"`
// Tells KMS whether the value of the Message parameter is a message or message
// digest. The default value, RAW, indicates a message. To indicate a message
// digest, enter DIGEST.
// Tells KMS whether the value of the Message parameter should be hashed as
// part of the signing algorithm. Use RAW for unhashed messages; use DIGEST
// for message digests, which are already hashed.
//
// When the value of MessageType is RAW, KMS uses the standard signing algorithm,
// which begins with a hash function. When the value is DIGEST, KMS skips the
// hashing step in the signing algorithm.
//
// Use the DIGEST value only when the value of the Message parameter is a message
// digest. If you use the DIGEST value with a raw message, the security of the
// verification operation can be compromised.
// digest. If you use the DIGEST value with an unhashed message, the security
// of the verification operation can be compromised.
//
// When the value of MessageTypeis DIGEST, the length of the Message value must
// match the length of hashed messages for the specified signing algorithm.
//
// You can submit a message digest and omit the MessageType or specify RAW so
// the digest is hashed again while signing. However, if the signed message
// is hashed once while signing, but twice while verifying, verification fails,
// even when the message hasn't changed.
//
// The hashing algorithm in that Verify uses is based on the SigningAlgorithm
// value.
//
// * Signing algorithms that end in SHA_256 use the SHA_256 hashing algorithm.
//
// * Signing algorithms that end in SHA_384 use the SHA_384 hashing algorithm.
//
// * Signing algorithms that end in SHA_512 use the SHA_512 hashing algorithm.
//
// * SM2DSA uses the SM3 hashing algorithm. For details, see Offline verification
// with SM2 key pairs (https://docs.aws.amazon.com/kms/latest/developerguide/asymmetric-key-specs.html#key-spec-sm-offline-verification).
MessageType *string `type:"string" enum:"MessageType"`
// The signature that the Sign operation generated.

14
vendor/github.com/aws/aws-sdk-go/service/kms/doc.go generated vendored
View File

@ -38,14 +38,14 @@
//
// # Signing Requests
//
// Requests must be signed by using an access key ID and a secret access key.
// We strongly recommend that you do not use your Amazon Web Services account
// (root) access key ID and secret access key for everyday work with KMS. Instead,
// use the access key ID and secret access key for an IAM user. You can also
// use the Amazon Web Services Security Token Service to generate temporary
// security credentials that you can use to sign requests.
// Requests must be signed using an access key ID and a secret access key. We
// strongly recommend that you do not use your Amazon Web Services account root
// access key ID and secret access key for everyday work. You can use the access
// key ID and secret access key for an IAM user or you can use the Security
// Token Service (STS) to generate temporary security credentials and use those
// to sign requests.
//
// All KMS operations require Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
// All KMS requests must be signed with Signature Version 4 (https://docs.aws.amazon.com/general/latest/gr/signature-version-4.html).
//
// # Logging API Requests
//