AWS Payment Cryptography Service now supports Multi-Region key replication. Customers can choose to automatically distribute keys across AWS Regions.

Author: aws-sdk-dotnet-automation

generator/ServiceModels/payment-cryptography/payment-cryptography-2021-09-14.api.json

@@ -1,5 +1,4 @@
 {
   "version": "1.0",
-  "examples": {
-  }
+  "examples": {}
 }

generator/ServiceModels/payment-cryptography/payment-cryptography-2021-09-14.docs.json

@@ -1,5 +1,11 @@
 <?xml version="1.0" encoding="utf-16"?>
 <property-value-rules>
+  <property-value-rule>
+    <property>Amazon.PaymentCryptography.Model.AddKeyReplicationRegionsRequest.KeyIdentifier</property>
+    <min>7</min>
+    <max>322</max>
+    <pattern>arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+</pattern>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.CreateAliasRequest.AliasName</property>
     <min>7</min>
@@ -49,7 +55,7 @@
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.GetParametersForExportResponse.ExportToken</property>
-    <pattern>export-token-[0-9a-zA-Z]{16,64}</pattern>
+    <pattern>(export-token-[0-9a-zA-Z]{16,64})?</pattern>
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.GetParametersForExportResponse.SigningKeyCertificate</property>
@@ -65,7 +71,7 @@
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.GetParametersForImportResponse.ImportToken</property>
-    <pattern>import-token-[0-9a-zA-Z]{16,64}</pattern>
+    <pattern>(import-token-[0-9a-zA-Z]{16,64})?</pattern>
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.GetParametersForImportResponse.WrappingKeyCertificate</property>
@@ -154,6 +160,12 @@
     <min>1</min>
     <max>8192</max>
   </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.PaymentCryptography.Model.RemoveKeyReplicationRegionsRequest.KeyIdentifier</property>
+    <min>7</min>
+    <max>322</max>
+    <pattern>arn:aws:payment-cryptography:[a-z]{2}-[a-z]{1,16}-[0-9]+:[0-9]{12}:(key/[0-9a-zA-Z]{16,64}|alias/[a-zA-Z0-9/_-]+)$|^alias/[a-zA-Z0-9/_-]+</pattern>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.RestoreKeyRequest.KeyIdentifier</property>
     <min>7</min>
@@ -264,7 +276,7 @@
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.ExportTr34KeyBlock.ExportToken</property>
-    <pattern>export-token-[0-9a-zA-Z]{16,64}</pattern>
+    <pattern>(export-token-[0-9a-zA-Z]{16,64})?</pattern>
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.ExportTr34KeyBlock.RandomNonce</property>
@@ -300,11 +312,11 @@
     <property>Amazon.PaymentCryptography.Model.ImportDiffieHellmanTr31KeyBlock.WrappedKeyBlock</property>
     <min>56</min>
     <max>9984</max>
-    <pattern>[0-9A-Z]+</pattern>
+    <pattern>[0-9a-zA-Z]+</pattern>
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.ImportKeyCryptogram.ImportToken</property>
-    <pattern>import-token-[0-9a-zA-Z]{16,64}</pattern>
+    <pattern>(import-token-[0-9a-zA-Z]{16,64})?</pattern>
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.ImportKeyCryptogram.WrappedKeyCryptogram</property>
@@ -316,7 +328,7 @@
     <property>Amazon.PaymentCryptography.Model.ImportTr31KeyBlock.WrappedKeyBlock</property>
     <min>56</min>
     <max>9984</max>
-    <pattern>[0-9A-Z]+</pattern>
+    <pattern>[0-9a-zA-Z]+</pattern>
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.ImportTr31KeyBlock.WrappingKeyIdentifier</property>
@@ -332,7 +344,7 @@
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.ImportTr34KeyBlock.ImportToken</property>
-    <pattern>import-token-[0-9a-zA-Z]{16,64}</pattern>
+    <pattern>(import-token-[0-9a-zA-Z]{16,64})?</pattern>
   </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.ImportTr34KeyBlock.RandomNonce</property>
@@ -364,6 +376,10 @@
     <max>16</max>
     <pattern>[0-9a-fA-F]+</pattern>
   </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.PaymentCryptography.Model.Key.PrimaryRegion</property>
+    <pattern>[a-z]{2}-[a-z]{1,16}-[0-9]+</pattern>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.KeyBlockHeaders.KeyVersion</property>
     <min>2</min>
@@ -381,6 +397,10 @@
     <max>16</max>
     <pattern>[0-9a-fA-F]+</pattern>
   </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.PaymentCryptography.Model.KeySummary.PrimaryRegion</property>
+    <pattern>[a-z]{2}-[a-z]{1,16}-[0-9]+</pattern>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.PaymentCryptography.Model.RootCertificatePublicKey.PublicKeyCertificate</property>
     <min>1</min>

generator/ServiceModels/payment-cryptography/payment-cryptography-2021-09-14.examples.json

@@ -31,6 +31,13 @@ namespace Amazon.PaymentCryptography.Model
 {
     /// <summary>
     /// You do not have sufficient access to perform this action.
+    /// 
+    ///  
+    /// <para>
+    /// This exception is thrown when the caller lacks the necessary IAM permissions to perform
+    /// the requested operation. Verify that your IAM policy includes the required permissions
+    /// for the specific Amazon Web Services Payment Cryptography action you're attempting.
+    /// </para>
     /// </summary>
     #if !NETSTANDARD
     [Serializable]

generator/ServiceModels/payment-cryptography/payment-cryptography-2021-09-14.normal.json

@@ -0,0 +1,136 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ * 
+ *  http://aws.amazon.com/apache2.0
+ * 
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Do not modify this file. This file is generated from the payment-cryptography-2021-09-14.normal.json service model.
+ */
+using System;
+using System.Collections.Generic;
+using System.Xml.Serialization;
+using System.Text;
+using System.IO;
+using System.Net;
+
+using Amazon.Runtime;
+using Amazon.Runtime.Internal;
+
+#pragma warning disable CS0612,CS0618,CS1570
+namespace Amazon.PaymentCryptography.Model
+{
+    /// <summary>
+    /// Container for the parameters to the AddKeyReplicationRegions operation.
+    /// Adds replication Amazon Web Services Regions to an existing Amazon Web Services Payment
+    /// Cryptography key, enabling the key to be used for cryptographic operations in additional
+    /// Amazon Web Services Regions.
+    /// 
+    ///  
+    /// <para>
+    /// Multi-region keys allow you to use the same key material across multiple Amazon Web
+    /// Services Regions, providing lower latency for applications distributed across regions.
+    /// When you add Replication Regions, Amazon Web Services Payment Cryptography securely
+    /// replicates the key material to the specified Amazon Web Services Regions.
+    /// </para>
+    ///  
+    /// <para>
+    /// The key must be in an active state to add Replication Regions. You can add multiple
+    /// regions in a single operation, and the key will be available for use in those regions
+    /// once replication is complete.
+    /// </para>
+    ///  
+    /// <para>
+    ///  <b>Cross-account use:</b> This operation can't be used across different Amazon Web
+    /// Services accounts.
+    /// </para>
+    ///  
+    /// <para>
+    ///  <b>Related operations:</b> 
+    /// </para>
+    ///  <ul> <li> 
+    /// <para>
+    ///  <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_RemoveKeyReplicationRegions.html">RemoveKeyReplicationRegions</a>
+    /// 
+    /// </para>
+    ///  </li> <li> 
+    /// <para>
+    ///  <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_EnableDefaultKeyReplicationRegions.html">EnableDefaultKeyReplicationRegions</a>
+    /// 
+    /// </para>
+    ///  </li> <li> 
+    /// <para>
+    ///  <a href="https://docs.aws.amazon.com/payment-cryptography/latest/APIReference/API_GetDefaultKeyReplicationRegions.html">GetDefaultKeyReplicationRegions</a>
+    /// 
+    /// </para>
+    ///  </li> </ul>
+    /// </summary>
+    public partial class AddKeyReplicationRegionsRequest : AmazonPaymentCryptographyRequest
+    {
+        private string _keyIdentifier;
+        private List<string> _replicationRegions = AWSConfigs.InitializeCollections ? new List<string>() : null;
+
+        /// <summary>
+        /// Gets and sets the property KeyIdentifier. 
+        /// <para>
+        /// The key identifier (ARN or alias) of the key for which to add replication regions.
+        /// </para>
+        ///  
+        /// <para>
+        /// This key must exist and be in a valid state for replication operations.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Required=true, Min=7, Max=322)]
+        public string KeyIdentifier
+        {
+            get { return this._keyIdentifier; }
+            set { this._keyIdentifier = value; }
+        }
+
+        // Check to see if KeyIdentifier property is set
+        internal bool IsSetKeyIdentifier()
+        {
+            return this._keyIdentifier != null;
+        }
+
+        /// <summary>
+        /// Gets and sets the property ReplicationRegions. 
+        /// <para>
+        /// The list of Amazon Web Services Regions to add to the key's replication configuration.
+        /// </para>
+        ///  
+        /// <para>
+        /// Each region must be a valid Amazon Web Services Region where Amazon Web Services Payment
+        /// Cryptography is available. The key will be replicated to these regions, allowing cryptographic
+        /// operations to be performed closer to your applications.
+        /// </para>
+        /// <para />
+        /// Starting with version 4 of the SDK this property will default to null. If no data for this property is returned
+        /// from the service the property will also be null. This was changed to improve performance and allow the SDK and caller
+        /// to distinguish between a property not set or a property being empty to clear out a value. To retain the previous
+        /// SDK behavior set the AWSConfigs.InitializeCollections static property to true.
+        /// </summary>
+        [AWSProperty(Required=true)]
+        public List<string> ReplicationRegions
+        {
+            get { return this._replicationRegions; }
+            set { this._replicationRegions = value; }
+        }
+
+        // Check to see if ReplicationRegions property is set
+        internal bool IsSetReplicationRegions()
+        {
+            return this._replicationRegions != null && (this._replicationRegions.Count > 0 || !AWSConfigs.InitializeCollections); 
+        }
+
+    }
+}

sdk/code-analysis/ServiceAnalysis/PaymentCryptography/Generated/PropertyValueRules.xml

@@ -0,0 +1,63 @@
+/*
+ * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License").
+ * You may not use this file except in compliance with the License.
+ * A copy of the License is located at
+ * 
+ *  http://aws.amazon.com/apache2.0
+ * 
+ * or in the "license" file accompanying this file. This file is distributed
+ * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either
+ * express or implied. See the License for the specific language governing
+ * permissions and limitations under the License.
+ */
+
+/*
+ * Do not modify this file. This file is generated from the payment-cryptography-2021-09-14.normal.json service model.
+ */
+using System;
+using System.Collections.Generic;
+using System.Xml.Serialization;
+using System.Text;
+using System.IO;
+using System.Net;
+
+using Amazon.Runtime;
+using Amazon.Runtime.Internal;
+
+#pragma warning disable CS0612,CS0618,CS1570
+namespace Amazon.PaymentCryptography.Model
+{
+    /// <summary>
+    /// Output from adding replication regions to a key.
+    /// </summary>
+    public partial class AddKeyReplicationRegionsResponse : AmazonWebServiceResponse
+    {
+        private Key _key;
+
+        /// <summary>
+        /// Gets and sets the property Key. 
+        /// <para>
+        /// The updated key metadata after adding the replication regions.
+        /// </para>
+        ///  
+        /// <para>
+        /// This includes the current state of the key and its replication configuration.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Required=true)]
+        public Key Key
+        {
+            get { return this._key; }
+            set { this._key = value; }
+        }
+
+        // Check to see if Key property is set
+        internal bool IsSetKey()
+        {
+            return this._key != null;
+        }
+
+    }
+}

sdk/src/Services/PaymentCryptography/Generated/Model/AccessDeniedException.cs

@@ -31,6 +31,13 @@ namespace Amazon.PaymentCryptography.Model
 {
     /// <summary>
     /// This request can cause an inconsistent state for the resource.
+    /// 
+    ///  
+    /// <para>
+    /// The requested operation conflicts with the current state of the resource. For example,
+    /// attempting to delete a key that is currently being used, or trying to create a resource
+    /// that already exists.
+    /// </para>
     /// </summary>
     #if !NETSTANDARD
     [Serializable]

sdk/src/Services/PaymentCryptography/Generated/Model/AddKeyReplicationRegionsRequest.cs

@@ -111,6 +111,7 @@ public partial class CreateKeyRequest : AmazonPaymentCryptographyRequest
         private bool? _exportable;
         private KeyAttributes _keyAttributes;
         private KeyCheckValueAlgorithm _keyCheckValueAlgorithm;
+        private List<string> _replicationRegions = AWSConfigs.InitializeCollections ? new List<string>() : null;
         private List<Tag> _tags = AWSConfigs.InitializeCollections ? new List<Tag>() : null;
 
         /// <summary>
@@ -221,6 +222,26 @@ internal bool IsSetKeyCheckValueAlgorithm()
             return this._keyCheckValueAlgorithm != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property ReplicationRegions.
+        /// <para />
+        /// Starting with version 4 of the SDK this property will default to null. If no data for this property is returned
+        /// from the service the property will also be null. This was changed to improve performance and allow the SDK and caller
+        /// to distinguish between a property not set or a property being empty to clear out a value. To retain the previous
+        /// SDK behavior set the AWSConfigs.InitializeCollections static property to true.
+        /// </summary>
+        public List<string> ReplicationRegions
+        {
+            get { return this._replicationRegions; }
+            set { this._replicationRegions = value; }
+        }
+
+        // Check to see if ReplicationRegions property is set
+        internal bool IsSetReplicationRegions()
+        {
+            return this._replicationRegions != null && (this._replicationRegions.Count > 0 || !AWSConfigs.InitializeCollections); 
+        }
+
         /// <summary>
         /// Gets and sets the property Tags. 
         /// <para>