Enum aws_sdk_kms::error::CreateCustomKeyStoreErrorKind

source · 
#[non_exhaustive]
pub enum CreateCustomKeyStoreErrorKind {
    CloudHsmClusterInUseException(CloudHsmClusterInUseException),
    CloudHsmClusterInvalidConfigurationException(CloudHsmClusterInvalidConfigurationException),
    CloudHsmClusterNotActiveException(CloudHsmClusterNotActiveException),
    CloudHsmClusterNotFoundException(CloudHsmClusterNotFoundException),
    CustomKeyStoreNameInUseException(CustomKeyStoreNameInUseException),
    IncorrectTrustAnchorException(IncorrectTrustAnchorException),
    KmsInternalException(KmsInternalException),
    Unhandled(Unhandled),
}
Expand description

Types of errors that can occur for the CreateCustomKeyStore operation.

Variants (Non-exhaustive)§

This enum is marked as non-exhaustive
Non-exhaustive enums could have additional variants added in future. Therefore, when matching against variants of non-exhaustive enums, an extra wildcard arm must be added to account for any future variants.
§

CloudHsmClusterInUseException(CloudHsmClusterInUseException)

The request was rejected because the specified CloudHSM cluster is already associated with a custom key store or it shares a backup history with a cluster that is associated with a custom key store. Each custom key store must be associated with a different CloudHSM cluster.

Clusters that share a backup history have the same cluster certificate. To view the cluster certificate of a cluster, use the DescribeClusters operation.

§

CloudHsmClusterInvalidConfigurationException(CloudHsmClusterInvalidConfigurationException)

The request was rejected because the associated CloudHSM cluster did not meet the configuration requirements for a custom key store.

  • The cluster must be configured with private subnets in at least two different Availability Zones in the Region.

  • The security group for the cluster (cloudhsm-cluster- -sg) must include inbound rules and outbound rules that allow TCP traffic on ports 2223-2225. The Source in the inbound rules and the Destination in the outbound rules must match the security group ID. These rules are set by default when you create the cluster. Do not delete or change them. To get information about a particular security group, use the DescribeSecurityGroups operation.

  • The cluster must contain at least as many HSMs as the operation requires. To add HSMs, use the CloudHSM CreateHsm operation.

    For the CreateCustomKeyStore, UpdateCustomKeyStore, and CreateKey operations, the CloudHSM cluster must have at least two active HSMs, each in a different Availability Zone. For the ConnectCustomKeyStore operation, the CloudHSM must contain at least one active HSM.

For information about the requirements for an CloudHSM cluster that is associated with a custom key store, see Assemble the Prerequisites in the Key Management Service Developer Guide. For information about creating a private subnet for an CloudHSM cluster, see Create a Private Subnet in the CloudHSM User Guide. For information about cluster security groups, see Configure a Default Security Group in the CloudHSM User Guide .

§

CloudHsmClusterNotActiveException(CloudHsmClusterNotActiveException)

The request was rejected because the CloudHSM cluster that is associated with the custom key store is not active. Initialize and activate the cluster and try the command again. For detailed instructions, see Getting Started in the CloudHSM User Guide.

§

CloudHsmClusterNotFoundException(CloudHsmClusterNotFoundException)

The request was rejected because KMS cannot find the CloudHSM cluster with the specified cluster ID. Retry the request with a different cluster ID.

§

CustomKeyStoreNameInUseException(CustomKeyStoreNameInUseException)

The request was rejected because the specified custom key store name is already assigned to another custom key store in the account. Try again with a custom key store name that is unique in the account.

§

IncorrectTrustAnchorException(IncorrectTrustAnchorException)

The request was rejected because the trust anchor certificate in the request is not the trust anchor certificate for the specified CloudHSM cluster.

When you initialize the cluster, you create the trust anchor certificate and save it in the customerCA.crt file.

§

KmsInternalException(KmsInternalException)

The request was rejected because an internal exception occurred. The request can be retried.

§

Unhandled(Unhandled)

An unexpected error occurred (e.g., invalid JSON returned by the service or an unknown error code).

When logging an error from the SDK, it is recommended that you either wrap the error in DisplayErrorContext, use another error reporter library that visits the error’s cause/source chain, or call Error::source for more details about the underlying cause.

Trait Implementations§

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

Gets the TypeId of self. Read more
Immutably borrows from an owned value. Read more
Mutably borrows from an owned value. Read more

Returns the argument unchanged.

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Instruments this type with the current Span, returning an Instrumented wrapper. Read more

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Should always be Self
The type returned in the event of a conversion error.
Performs the conversion.
The type returned in the event of a conversion error.
Performs the conversion.
Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more