Gets information about
custom key stores in the account and Region.
This operation is part of the
Custom Key Store feature feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a single-tenant key store.
By default, this operation returns information about all custom key stores in the account and Region. To get only information about a particular custom key store, use either the
CustomKeyStoreName
or
CustomKeyStoreId
parameter (but not both).
To determine whether the custom key store is connected to its CloudHSM cluster, use the
ConnectionState
element in the response. If an attempt to connect the custom key store failed, the
ConnectionState
value is
FAILED
and the
ConnectionErrorCode
element in the response indicates the cause of the failure. For help interpreting the
ConnectionErrorCode
, see
CustomKeyStoresListEntry.
Custom key stores have a
DISCONNECTED
connection state if the key store has never been connected or you use the
DisconnectCustomKeyStore operation to disconnect it. If your custom key store state is
CONNECTED
but you are having trouble using it, make sure that its associated CloudHSM cluster is active and contains the minimum number of HSMs required for the operation, if any.
For help repairing your custom key store, see the
Troubleshooting Custom Key Stores topic in the
Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions:
kms:DescribeCustomKeyStores (IAM policy)
Related operations:This cmdlet automatically pages all available results to the pipeline - parameters related to iteration are only needed if you want to manually control the paginated output. To disable autopagination, use -NoAutoIteration.