/AWS1/CL_KMS=>DESCRIBECUSTOMKEYSTORES()¶
About DescribeCustomKeyStores¶
Gets information about custom key stores in the account and Region.
This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.
By default, this operation returns information about all custom key stores in the account
and Region. To get only information about a particular custom key store, use either the
CustomKeyStoreName or CustomKeyStoreId parameter (but not
both).
To determine whether the custom key store is connected to its CloudHSM cluster or external
key store proxy, use the ConnectionState element in the response. If an attempt
to connect the custom key store failed, the ConnectionState value is
FAILED and the ConnectionErrorCode element in the response
indicates the cause of the failure. For help interpreting the
ConnectionErrorCode, see CustomKeyStoresListEntry.
Custom key stores have a DISCONNECTED connection state if the key store has
never been connected or you used the DisconnectCustomKeyStore operation to
disconnect it. Otherwise, the connection state is CONNECTED. If your custom key store
connection state is CONNECTED but you are having trouble using it, verify that
the backing store is active and available. For an CloudHSM key store, verify that the associated
CloudHSM cluster is active and contains the minimum number of HSMs required for the operation, if
any. For an external key store, verify that the external key store proxy and its associated
external key manager are reachable and enabled.
For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM key stores. For help repairing your external key store, see the Troubleshooting external key stores. Both topics are in the Key Management Service Developer Guide.
Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.
Required permissions: kms:DescribeCustomKeyStores (IAM policy)
Related operations:
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.
Method Signature¶
IMPORTING¶
Optional arguments:¶
iv_customkeystoreid TYPE /AWS1/KMSCUSTOMKEYSTOREIDTYPE /AWS1/KMSCUSTOMKEYSTOREIDTYPE¶
Gets only information about the specified custom key store. Enter the key store ID.
By default, this operation gets information about all custom key stores in the account and Region. To limit the output to a particular custom key store, provide either the
CustomKeyStoreIdorCustomKeyStoreNameparameter, but not both.
iv_customkeystorename TYPE /AWS1/KMSCUSTKEYSTORENAMETYPE /AWS1/KMSCUSTKEYSTORENAMETYPE¶
Gets only information about the specified custom key store. Enter the friendly name of the custom key store.
By default, this operation gets information about all custom key stores in the account and Region. To limit the output to a particular custom key store, provide either the
CustomKeyStoreIdorCustomKeyStoreNameparameter, but not both.
iv_limit TYPE /AWS1/KMSLIMITTYPE /AWS1/KMSLIMITTYPE¶
Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.
iv_marker TYPE /AWS1/KMSMARKERTYPE /AWS1/KMSMARKERTYPE¶
Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of
NextMarkerfrom the truncated response you just received.
RETURNING¶
oo_output TYPE REF TO /aws1/cl_kmsdsccustkeystores01 /AWS1/CL_KMSDSCCUSTKEYSTORES01¶
Domain /AWS1/RT_ACCOUNT_ID Primitive Type NUMC
Examples¶
Syntax Example¶
This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.
DATA(lo_result) = lo_client->/aws1/if_kms~describecustomkeystores(
iv_customkeystoreid = |string|
iv_customkeystorename = |string|
iv_limit = 123
iv_marker = |string|
).
This is an example of reading all possible response values
lo_result = lo_result.
IF lo_result IS NOT INITIAL.
LOOP AT lo_result->get_customkeystores( ) into lo_row.
lo_row_1 = lo_row.
IF lo_row_1 IS NOT INITIAL.
lv_customkeystoreidtype = lo_row_1->get_customkeystoreid( ).
lv_customkeystorenametype = lo_row_1->get_customkeystorename( ).
lv_cloudhsmclusteridtype = lo_row_1->get_cloudhsmclusterid( ).
lv_trustanchorcertificatet = lo_row_1->get_trustanchorcertificate( ).
lv_connectionstatetype = lo_row_1->get_connectionstate( ).
lv_connectionerrorcodetype = lo_row_1->get_connectionerrorcode( ).
lv_datetype = lo_row_1->get_creationdate( ).
lv_customkeystoretype = lo_row_1->get_customkeystoretype( ).
lo_xksproxyconfigurationty = lo_row_1->get_xksproxyconfiguration( ).
IF lo_xksproxyconfigurationty IS NOT INITIAL.
lv_xksproxyconnectivitytyp = lo_xksproxyconfigurationty->get_connectivity( ).
lv_xksproxyauthenticationa = lo_xksproxyconfigurationty->get_accesskeyid( ).
lv_xksproxyuriendpointtype = lo_xksproxyconfigurationty->get_uriendpoint( ).
lv_xksproxyuripathtype = lo_xksproxyconfigurationty->get_uripath( ).
lv_xksproxyvpcendpointserv = lo_xksproxyconfigurationty->get_vpcendpointservicename( ).
ENDIF.
ENDIF.
ENDLOOP.
lv_markertype = lo_result->get_nextmarker( ).
lv_booleantype = lo_result->get_truncated( ).
ENDIF.
To get detailed information about custom key stores in the account and Region¶
This example gets detailed information about all AWS KMS custom key stores in an AWS account and Region. To get all key stores, do not enter a custom key store name or ID.
DATA(lo_result) = lo_client->/aws1/if_kms~describecustomkeystores( ).