Changes the properties of a custom key store. Use the CustomKeyStoreId
parameter to identify the custom key store you want to edit. Use the
remaining parameters to change the properties of the custom key store.
kms_update_custom_key_store(CustomKeyStoreId, NewCustomKeyStoreName,
KeyStorePassword, CloudHsmClusterId)[required] Identifies the custom key store that you want to update. Enter the ID of the custom key store. To find the ID of a custom key store, use the DescribeCustomKeyStores operation.
Changes the friendly name of the custom key store to the value that you specify. The custom key store name must be unique in the AWS account.
Enter the current password of the kmsuser crypto user (CU) in the AWS
CloudHSM cluster that is associated with the custom key store.
This parameter tells AWS KMS the current password of the kmsuser
crypto user (CU). It does not set or change the password of any users in
the AWS CloudHSM cluster.
Associates the custom key store with a related AWS CloudHSM cluster.
Enter the cluster ID of the cluster that you used to create the custom key store or a cluster that shares a backup history with the original cluster. You cannot use this parameter to associate a custom key store with a different cluster.
Clusters that share a backup history have the same cluster certificate. To view the cluster certificate of a cluster, use the DescribeClusters operation.
svc$update_custom_key_store( CustomKeyStoreId = "string", NewCustomKeyStoreName = "string", KeyStorePassword = "string", CloudHsmClusterId = "string" )
You can only update a custom key store that is disconnected. To disconnect the custom key store, use DisconnectCustomKeyStore. To reconnect the custom key store after the update completes, use ConnectCustomKeyStore. To find the connection state of a custom key store, use the DescribeCustomKeyStores operation.
Use the NewCustomKeyStoreName parameter to change the friendly name of
the custom key store to the value that you specify.
Use the KeyStorePassword parameter tell AWS KMS the current password
of the kmsuser crypto user (CU)
in the associated AWS CloudHSM cluster. You can use this parameter to
fix connection failures that occur when AWS KMS cannot log into the
associated cluster because the kmsuser password has changed. This
value does not change the password in the AWS CloudHSM cluster.
Use the CloudHsmClusterId parameter to associate the custom key store
with a related AWS CloudHSM cluster, that is, a cluster that shares a
backup history with the original cluster. You can use this parameter to
repair a custom key store if its AWS CloudHSM cluster becomes corrupted
or is deleted, or when you need to create or restore a cluster from a
backup.
The cluster ID must identify a AWS CloudHSM cluster with the following requirements.
The cluster must be active and be in the same AWS account and Region as the custom key store.
The cluster must have the same cluster certificate as the original cluster. You cannot use this parameter to associate the custom key store with an unrelated cluster. To view the cluster certificate, use the AWS CloudHSM DescribeClusters operation. Clusters that share a backup history have the same cluster certificate.
The cluster must be configured with subnets in at least two different Availability Zones in the Region. Because AWS CloudHSM is not supported in all Availability Zones, we recommend that the cluster have subnets in all Availability Zones in the Region.
The cluster must contain at least two active HSMs, each in a different Availability Zone.
If the operation succeeds, it returns a JSON object with no properties.
This operation is part of the Custom Key Store feature feature in AWS KMS, which combines the convenience and extensive integration of AWS KMS with the isolation and control of a single-tenant key store.