class Aws::KMS::Types::CustomKeyStoresListEntry

Contains information about each custom key store in the custom key store list.

@!attribute [rw] custom_key_store_id

A unique identifier for the custom key store.
@return [String]

@!attribute [rw] custom_key_store_name

The user-specified friendly name for the custom key store.
@return [String]

@!attribute [rw] cloud_hsm_cluster_id

A unique identifier for the CloudHSM cluster that is associated with
the custom key store.
@return [String]

@!attribute [rw] trust_anchor_certificate

The trust anchor certificate of the associated CloudHSM cluster.
When you [initialize the cluster][1], you create this certificate
and save it in the `customerCA.crt` file.

[1]: https://docs.aws.amazon.com/cloudhsm/latest/userguide/initialize-cluster.html#sign-csr
@return [String]

@!attribute [rw] connection_state

Indicates whether the custom key store is connected to its CloudHSM
cluster.

You can create and use KMS keys in your custom key stores only when
its connection state is `CONNECTED`.

The value is `DISCONNECTED` if the key store has never been
connected or you use the DisconnectCustomKeyStore operation to
disconnect it. If the value is `CONNECTED` but you are having
trouble using the custom key store, make sure that its associated
CloudHSM cluster is active and contains at least one active HSM.

A value of `FAILED` indicates that an attempt to connect was
unsuccessful. The `ConnectionErrorCode` field in the response
indicates the cause of the failure. For help resolving a connection
failure, see [Troubleshooting a Custom Key Store][1] in the *Key
Management Service Developer Guide*.

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html
@return [String]

@!attribute [rw] connection_error_code

Describes the connection error. This field appears in the response
only when the `ConnectionState` is `FAILED`. For help resolving
these errors, see [How to Fix a Connection Failure][1] in *Key
Management Service Developer Guide*.

Valid values are:

* `CLUSTER_NOT_FOUND` - KMS cannot find the CloudHSM cluster with
  the specified cluster ID.

* `INSUFFICIENT_CLOUDHSM_HSMS` - The associated CloudHSM cluster
  does not contain any active HSMs. To connect a custom key store to
  its CloudHSM cluster, the cluster must contain at least one active
  HSM.

* `INTERNAL_ERROR` - KMS could not complete the request due to an
  internal error. Retry the request. For `ConnectCustomKeyStore`
  requests, disconnect the custom key store before trying to connect
  again.

* `INVALID_CREDENTIALS` - KMS does not have the correct password for
  the `kmsuser` crypto user in the CloudHSM cluster. Before you can
  connect your custom key store to its CloudHSM cluster, you must
  change the `kmsuser` account password and update the key store
  password value for the custom key store.

* `NETWORK_ERRORS` - Network errors are preventing KMS from
  connecting to the custom key store.

* `SUBNET_NOT_FOUND` - A subnet in the CloudHSM cluster
  configuration was deleted. If KMS cannot find all of the subnets
  in the cluster configuration, attempts to connect the custom key
  store to the CloudHSM cluster fail. To fix this error, create a
  cluster from a recent backup and associate it with your custom key
  store. (This process creates a new cluster configuration with a
  VPC and private subnets.) For details, see [How to Fix a
  Connection Failure][1] in the *Key Management Service Developer
  Guide*.

* `USER_LOCKED_OUT` - The `kmsuser` CU account is locked out of the
  associated CloudHSM cluster due to too many failed password
  attempts. Before you can connect your custom key store to its
  CloudHSM cluster, you must change the `kmsuser` account password
  and update the key store password value for the custom key store.

* `USER_LOGGED_IN` - The `kmsuser` CU account is logged into the the
  associated CloudHSM cluster. This prevents KMS from rotating the
  `kmsuser` account password and logging into the cluster. Before
  you can connect your custom key store to its CloudHSM cluster, you
  must log the `kmsuser` CU out of the cluster. If you changed the
  `kmsuser` password to log into the cluster, you must also and
  update the key store password value for the custom key store. For
  help, see [How to Log Out and Reconnect][2] in the *Key Management
  Service Developer Guide*.

* `USER_NOT_FOUND` - KMS cannot find a `kmsuser` CU account in the
  associated CloudHSM cluster. Before you can connect your custom
  key store to its CloudHSM cluster, you must create a `kmsuser` CU
  account in the cluster, and then update the key store password
  value for the custom key store.

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#fix-keystore-failed
[2]: https://docs.aws.amazon.com/kms/latest/developerguide/fix-keystore.html#login-kmsuser-2
@return [String]

@!attribute [rw] creation_date

The date and time when the custom key store was created.
@return [Time]

@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/CustomKeyStoresListEntry AWS API Documentation

Constants

SENSITIVE