POST /#X-Amz-Target=TrentService.DescribeCustomKeyStores

Gets information about custom key stores in the account and Region.

This operation is part of the custom key stores feature in KMS, which combines the convenience and extensive integration of KMS with the isolation and control of a key store that you own and manage.

By default, this operation returns information about all custom key stores in the account and Region. To get only information about a particular custom key store, use either the CustomKeyStoreName or CustomKeyStoreId parameter (but not both).

To determine whether the custom key store is connected to its CloudHSM cluster or external key store proxy, use the ConnectionState element in the response. If an attempt to connect the custom key store failed, the ConnectionState value is FAILED and the ConnectionErrorCode element in the response indicates the cause of the failure. For help interpreting the ConnectionErrorCode, see CustomKeyStoresListEntry.

Custom key stores have a DISCONNECTED connection state if the key store has never been connected or you used the DisconnectCustomKeyStore operation to disconnect it. Otherwise, the connection state is CONNECTED. If your custom key store connection state is CONNECTED but you are having trouble using it, verify that the backing store is active and available. For an CloudHSM key store, verify that the associated CloudHSM cluster is active and contains the minimum number of HSMs required for the operation, if any. For an external key store, verify that the external key store proxy and its associated external key manager are reachable and enabled.

For help repairing your CloudHSM key store, see the Troubleshooting CloudHSM key stores. For help repairing your external key store, see the Troubleshooting external key stores. Both topics are in the Key Management Service Developer Guide.

Cross-account use: No. You cannot perform this operation on a custom key store in a different Amazon Web Services account.

Required permissions: kms:DescribeCustomKeyStores (IAM policy)

Related operations:

ConnectCustomKeyStore
CreateCustomKeyStore
DeleteCustomKeyStore
DisconnectCustomKeyStore
UpdateCustomKeyStore

Servers

https://kms.{region}.amazonaws.com
https://kms.{region}.amazonaws.com.cn

Request headers

Name	Type	Required	Description
`X-Amz-Content-Sha256`	String	No
`X-Amz-Credential`	String	No
`X-Amz-Target`	String	Yes	Valid values: `"TrentService.DescribeCustomKeyStores"`
`Content-Type`	String	Yes	The media type of the request body. Default value: "application/json"
`X-Amz-Date`	String	No
`X-Amz-Algorithm`	String	No
`X-Amz-SignedHeaders`	String	No
`X-Amz-Security-Token`	String	No
`X-Amz-Signature`	String	No

Query parameters

Name	Type	Required	Description
`Limit`	String	No	Pagination limit
`Marker`	String	No	Pagination token

Request body fields

Name	Type	Required	Description
`Limit`	Integer	No	Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.
`CustomKeyStoreId`	String	No	Gets only information about the specified custom key store. Enter the key store ID. By default, this operation gets information about all custom key stores in the account and Region. To limit the output to a particular custom key store, provide either the `CustomKeyStoreId` or `CustomKeyStoreName` parameter, but not both.
`Marker`	String	No	Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of `NextMarker` from the truncated response you just received.
`CustomKeyStoreName`	String	No	Gets only information about the specified custom key store. Enter the friendly name of the custom key store. By default, this operation gets information about all custom key stores in the account and Region. To limit the output to a particular custom key store, provide either the `CustomKeyStoreId` or `CustomKeyStoreName` parameter, but not both.

How to start integrating

Add HTTP Task to your workflow definition.
Search for the API you want to integrate with and click on the name.
- This loads the API reference documentation and prepares the Http request settings.
Click Test request to test run your request to the API and see the API's response.

All third party trademarks (including logos and icons) are the property of their respective owners, which do not sponsor, authorize, or endorse this website.

Pricing Templates Integrations Blog Contact Us Help

Terms of Service Privacy Policy