aws
diff --git a/‎clients/client-kms/README.md
+16 b/‎clients/client-kms/README.md
+16
diff --git a/‎clients/client-kms/src/KMS.ts
+46 b/‎clients/client-kms/src/KMS.ts
+46
diff --git a/‎clients/client-kms/src/KMSClient.ts
+6 b/‎clients/client-kms/src/KMSClient.ts
+6
diff --git a/‎clients/client-kms/src/commands/CreateCustomKeyStoreCommand.ts
+2-2 b/‎clients/client-kms/src/commands/CreateCustomKeyStoreCommand.ts
+2-2
diff --git a/‎clients/client-kms/src/commands/DisableKeyRotationCommand.ts
+10 b/‎clients/client-kms/src/commands/DisableKeyRotationCommand.ts
+10
diff --git a/‎clients/client-kms/src/commands/EnableKeyRotationCommand.ts
+29-7 b/‎clients/client-kms/src/commands/EnableKeyRotationCommand.ts
+29-7
diff --git a/‎clients/client-kms/src/commands/GetKeyRotationStatusCommand.ts
+22-6 b/‎clients/client-kms/src/commands/GetKeyRotationStatusCommand.ts
+22-6
@@ -553,6 +553,14 @@ ListKeyPolicies
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/kms/command/ListKeyPoliciesCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/ListKeyPoliciesCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/ListKeyPoliciesCommandOutput/)
 
+</details>
+<details>
+<summary>
+ListKeyRotations
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/kms/command/ListKeyRotationsCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/ListKeyRotationsCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/ListKeyRotationsCommandOutput/)
+
 </details>
 <details>
 <summary>
@@ -617,6 +625,14 @@ RevokeGrant
 
 [Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/kms/command/RevokeGrantCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/RevokeGrantCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/RevokeGrantCommandOutput/)
 
+</details>
+<details>
+<summary>
+RotateKeyOnDemand
+</summary>
+
+[Command API Reference](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/client/kms/command/RotateKeyOnDemandCommand/) / [Input](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/RotateKeyOnDemandCommandInput/) / [Output](https://docs.aws.amazon.com/AWSJavaScriptSDK/v3/latest/Package/-aws-sdk-client-kms/Interface/RotateKeyOnDemandCommandOutput/)
+
 </details>
 <details>
 <summary>
 
@@ -114,6 +114,11 @@ import {
   ListKeyPoliciesCommandInput,
   ListKeyPoliciesCommandOutput,
 } from "./commands/ListKeyPoliciesCommand";
+import {
+  ListKeyRotationsCommand,
+  ListKeyRotationsCommandInput,
+  ListKeyRotationsCommandOutput,
+} from "./commands/ListKeyRotationsCommand";
 import { ListKeysCommand, ListKeysCommandInput, ListKeysCommandOutput } from "./commands/ListKeysCommand";
 import {
   ListResourceTagsCommand,
@@ -138,6 +143,11 @@ import {
 } from "./commands/ReplicateKeyCommand";
 import { RetireGrantCommand, RetireGrantCommandInput, RetireGrantCommandOutput } from "./commands/RetireGrantCommand";
 import { RevokeGrantCommand, RevokeGrantCommandInput, RevokeGrantCommandOutput } from "./commands/RevokeGrantCommand";
+import {
+  RotateKeyOnDemandCommand,
+  RotateKeyOnDemandCommandInput,
+  RotateKeyOnDemandCommandOutput,
+} from "./commands/RotateKeyOnDemandCommand";
 import {
   ScheduleKeyDeletionCommand,
   ScheduleKeyDeletionCommandInput,
@@ -203,6 +213,7 @@ const commands = {
   ListAliasesCommand,
   ListGrantsCommand,
   ListKeyPoliciesCommand,
+  ListKeyRotationsCommand,
   ListKeysCommand,
   ListResourceTagsCommand,
   ListRetirableGrantsCommand,
@@ -211,6 +222,7 @@ const commands = {
   ReplicateKeyCommand,
   RetireGrantCommand,
   RevokeGrantCommand,
+  RotateKeyOnDemandCommand,
   ScheduleKeyDeletionCommand,
   SignCommand,
   TagResourceCommand,
@@ -679,6 +691,23 @@ export interface KMS {
     cb: (err: any, data?: ListKeyPoliciesCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link ListKeyRotationsCommand}
+   */
+  listKeyRotations(
+    args: ListKeyRotationsCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<ListKeyRotationsCommandOutput>;
+  listKeyRotations(
+    args: ListKeyRotationsCommandInput,
+    cb: (err: any, data?: ListKeyRotationsCommandOutput) => void
+  ): void;
+  listKeyRotations(
+    args: ListKeyRotationsCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: ListKeyRotationsCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link ListKeysCommand}
    */
@@ -781,6 +810,23 @@ export interface KMS {
     cb: (err: any, data?: RevokeGrantCommandOutput) => void
   ): void;
 
+  /**
+   * @see {@link RotateKeyOnDemandCommand}
+   */
+  rotateKeyOnDemand(
+    args: RotateKeyOnDemandCommandInput,
+    options?: __HttpHandlerOptions
+  ): Promise<RotateKeyOnDemandCommandOutput>;
+  rotateKeyOnDemand(
+    args: RotateKeyOnDemandCommandInput,
+    cb: (err: any, data?: RotateKeyOnDemandCommandOutput) => void
+  ): void;
+  rotateKeyOnDemand(
+    args: RotateKeyOnDemandCommandInput,
+    options: __HttpHandlerOptions,
+    cb: (err: any, data?: RotateKeyOnDemandCommandOutput) => void
+  ): void;
+
   /**
    * @see {@link ScheduleKeyDeletionCommand}
    */
 
@@ -118,6 +118,7 @@ import { ImportKeyMaterialCommandInput, ImportKeyMaterialCommandOutput } from ".
 import { ListAliasesCommandInput, ListAliasesCommandOutput } from "./commands/ListAliasesCommand";
 import { ListGrantsCommandInput, ListGrantsCommandOutput } from "./commands/ListGrantsCommand";
 import { ListKeyPoliciesCommandInput, ListKeyPoliciesCommandOutput } from "./commands/ListKeyPoliciesCommand";
+import { ListKeyRotationsCommandInput, ListKeyRotationsCommandOutput } from "./commands/ListKeyRotationsCommand";
 import { ListKeysCommandInput, ListKeysCommandOutput } from "./commands/ListKeysCommand";
 import { ListResourceTagsCommandInput, ListResourceTagsCommandOutput } from "./commands/ListResourceTagsCommand";
 import {
@@ -129,6 +130,7 @@ import { ReEncryptCommandInput, ReEncryptCommandOutput } from "./commands/ReEncr
 import { ReplicateKeyCommandInput, ReplicateKeyCommandOutput } from "./commands/ReplicateKeyCommand";
 import { RetireGrantCommandInput, RetireGrantCommandOutput } from "./commands/RetireGrantCommand";
 import { RevokeGrantCommandInput, RevokeGrantCommandOutput } from "./commands/RevokeGrantCommand";
+import { RotateKeyOnDemandCommandInput, RotateKeyOnDemandCommandOutput } from "./commands/RotateKeyOnDemandCommand";
 import {
   ScheduleKeyDeletionCommandInput,
   ScheduleKeyDeletionCommandOutput,
@@ -198,6 +200,7 @@ export type ServiceInputTypes =
   | ListAliasesCommandInput
   | ListGrantsCommandInput
   | ListKeyPoliciesCommandInput
+  | ListKeyRotationsCommandInput
   | ListKeysCommandInput
   | ListResourceTagsCommandInput
   | ListRetirableGrantsCommandInput
@@ -206,6 +209,7 @@ export type ServiceInputTypes =
   | ReplicateKeyCommandInput
   | RetireGrantCommandInput
   | RevokeGrantCommandInput
+  | RotateKeyOnDemandCommandInput
   | ScheduleKeyDeletionCommandInput
   | SignCommandInput
   | TagResourceCommandInput
@@ -253,6 +257,7 @@ export type ServiceOutputTypes =
   | ListAliasesCommandOutput
   | ListGrantsCommandOutput
   | ListKeyPoliciesCommandOutput
+  | ListKeyRotationsCommandOutput
   | ListKeysCommandOutput
   | ListResourceTagsCommandOutput
   | ListRetirableGrantsCommandOutput
@@ -261,6 +266,7 @@ export type ServiceOutputTypes =
   | ReplicateKeyCommandOutput
   | RetireGrantCommandOutput
   | RevokeGrantCommandOutput
+  | RotateKeyOnDemandCommandOutput
   | ScheduleKeyDeletionCommandOutput
   | SignCommandOutput
   | TagResourceCommandOutput
 
@@ -247,8 +247,8 @@ export interface CreateCustomKeyStoreCommandOutput extends CreateCustomKeyStoreR
  *
  * @throws {@link XksProxyUriEndpointInUseException} (client fault)
  *  <p>The request was rejected because the <code>XksProxyUriEndpoint</code> is already
- *       associated with another external key store in this Amazon Web Services Region. To identify the cause,
- *       see the error message that accompanies the exception. </p>
+ *       associated with another external key store in this Amazon Web Services Region. To identify the cause, see
+ *       the error message that accompanies the exception. </p>
  *
  * @throws {@link XksProxyUriInUseException} (client fault)
  *  <p>The request was rejected because the concatenation of the <code>XksProxyUriEndpoint</code>
 
@@ -59,6 +59,16 @@ export interface DisableKeyRotationCommandOutput extends __MetadataBearer {}
  *                   <a>GetKeyRotationStatus</a>
  *                </p>
  *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListKeyRotations</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>RotateKeyOnDemand</a>
+ *                </p>
+ *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
 
@@ -27,18 +27,25 @@ export interface EnableKeyRotationCommandInput extends EnableKeyRotationRequest
 export interface EnableKeyRotationCommandOutput extends __MetadataBearer {}
 
 /**
- * <p>Enables <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic rotation
+ * <p>Enables <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotating-keys-enable-disable">automatic rotation
  *         of the key material</a> of the specified symmetric encryption KMS key. </p>
- *          <p>When you enable automatic rotation of a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed KMS key</a>, KMS
+ *          <p>By default, when you enable automatic rotation of a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed KMS key</a>, KMS
  *       rotates the key material of the KMS key one year (approximately 365 days) from the enable date
- *       and every year thereafter. You can monitor rotation of the key material for your KMS keys in
- *       CloudTrail and Amazon CloudWatch. To disable rotation of the key material in a customer
- *       managed KMS key, use the <a>DisableKeyRotation</a> operation.</p>
+ *       and every year thereafter. You can use the optional <code>RotationPeriodInDays</code>
+ *       parameter to specify a custom rotation period when you enable key rotation, or you can use
+ *       <code>RotationPeriodInDays</code> to modify the rotation period of a key that you previously
+ *       enabled automatic key rotation on.</p>
+ *          <p>You can monitor rotation of the key material
+ *       for your KMS keys in CloudTrail and Amazon CloudWatch. To disable rotation of the key
+ *       material in a customer managed KMS key, use the <a>DisableKeyRotation</a>
+ *       operation. You can use the <a>GetKeyRotationStatus</a> operation to identify any in progress
+ *       rotations. You can use the <a>ListKeyRotations</a> operation to view the details of
+ *       completed rotations.</p>
  *          <p>Automatic key rotation is supported only on <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks">symmetric encryption KMS keys</a>.
  *       You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate">multi-Region keys</a>, set the property on the primary key. </p>
- *          <p>You cannot enable or disable automatic rotation <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a>. KMS
+ *          <p>You cannot enable or disable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a>. KMS
  *       always rotates the key material of Amazon Web Services managed keys every year. Rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-owned-cmk">Amazon Web Services owned KMS
- *         keys</a> varies.</p>
+ *         keys</a> is managed by the Amazon Web Services service that owns the key.</p>
  *          <note>
  *             <p>In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three
  *         years (approximately 1,095 days) to every year (approximately 365 days).</p>
@@ -67,6 +74,20 @@ export interface EnableKeyRotationCommandOutput extends __MetadataBearer {}
  *                   <a>GetKeyRotationStatus</a>
  *                </p>
  *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListKeyRotations</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>RotateKeyOnDemand</a>
+ *                </p>
+ *                <note>
+ *                   <p>You can perform on-demand (<a>RotateKeyOnDemand</a>) rotation of the
+ *             key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled.</p>
+ *                </note>
+ *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
@@ -79,6 +100,7 @@ export interface EnableKeyRotationCommandOutput extends __MetadataBearer {}
  * const client = new KMSClient(config);
  * const input = { // EnableKeyRotationRequest
  *   KeyId: "STRING_VALUE", // required
+ *   RotationPeriodInDays: Number("int"),
  * };
  * const command = new EnableKeyRotationCommand(input);
  * const response = await client.send(command);
 
@@ -27,18 +27,20 @@ export interface GetKeyRotationStatusCommandInput extends GetKeyRotationStatusRe
 export interface GetKeyRotationStatusCommandOutput extends GetKeyRotationStatusResponse, __MetadataBearer {}
 
 /**
- * <p>Gets a Boolean value that indicates whether <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic rotation of the key material</a> is
- *       enabled for the specified KMS key.</p>
- *          <p>When you enable automatic rotation for <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk">customer managed KMS keys</a>, KMS
- *       rotates the key material of the KMS key one year (approximately 365 days) from the enable date
- *       and every year thereafter. You can monitor rotation of the key material for your KMS keys in
- *       CloudTrail and Amazon CloudWatch.</p>
+ * <p>Provides detailed information about the rotation status for a KMS key, including
+ *       whether <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html">automatic rotation of the key material</a> is enabled for the specified KMS key, the
+ *       <a href="https://docs.aws.amazon.com/kms/latest/developerguide/rotate-keys.html#rotation-period">rotation period</a>, and the next scheduled
+ *       rotation date.</p>
  *          <p>Automatic key rotation is supported only on <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#symmetric-cmks">symmetric encryption KMS keys</a>.
  *       You cannot enable automatic rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/symmetric-asymmetric.html">asymmetric KMS keys</a>, <a href="https://docs.aws.amazon.com/kms/latest/developerguide/hmac.html">HMAC KMS keys</a>, KMS keys with <a href="https://docs.aws.amazon.com/kms/latest/developerguide/importing-keys.html">imported key material</a>, or KMS keys in a <a href="https://docs.aws.amazon.com/kms/latest/developerguide/custom-key-store-overview.html">custom key store</a>. To enable or disable automatic rotation of a set of related <a href="https://docs.aws.amazon.com/kms/latest/developerguide/multi-region-keys-manage.html#multi-region-rotate">multi-Region keys</a>, set the property on the primary key..</p>
  *          <p>You can enable (<a>EnableKeyRotation</a>) and disable automatic rotation (<a>DisableKeyRotation</a>) of the key material in customer managed KMS keys. Key
  *       material rotation of <a href="https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk">Amazon Web Services managed KMS keys</a> is not
  *       configurable. KMS always rotates the key material in Amazon Web Services managed KMS keys every year. The
  *       key rotation status for Amazon Web Services managed KMS keys is always <code>true</code>.</p>
+ *          <p>You can perform on-demand (<a>RotateKeyOnDemand</a>) rotation of the
+ *       key material in customer managed KMS keys, regardless of whether or not automatic key rotation is enabled.
+ *       You can use GetKeyRotationStatus to identify the date and time that an in progress on-demand rotation
+ *       was initiated. You can use <a>ListKeyRotations</a> to view the details of completed rotations.</p>
  *          <note>
  *             <p>In May 2022, KMS changed the rotation schedule for Amazon Web Services managed keys from every three
  *         years to every year. For details, see <a>EnableKeyRotation</a>.</p>
@@ -79,6 +81,16 @@ export interface GetKeyRotationStatusCommandOutput extends GetKeyRotationStatusR
  *                   <a>EnableKeyRotation</a>
  *                </p>
  *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>ListKeyRotations</a>
+ *                </p>
+ *             </li>
+ *             <li>
+ *                <p>
+ *                   <a>RotateKeyOnDemand</a>
+ *                </p>
+ *             </li>
  *          </ul>
  *          <p>
  *             <b>Eventual consistency</b>: The KMS API follows an eventual consistency model.
@@ -96,6 +108,10 @@ export interface GetKeyRotationStatusCommandOutput extends GetKeyRotationStatusR
  * const response = await client.send(command);
  * // { // GetKeyRotationStatusResponse
  * //   KeyRotationEnabled: true || false,
+ * //   KeyId: "STRING_VALUE",
+ * //   RotationPeriodInDays: Number("int"),
+ * //   NextRotationDate: new Date("TIMESTAMP"),
+ * //   OnDemandRotationStartDate: new Date("TIMESTAMP"),
  * // };
  *
  * ```
Original file line number	Diff line number	Diff line change
`@@ -247,8 +247,8 @@ export interface CreateCustomKeyStoreCommandOutput extends CreateCustomKeyStoreR`
`247`	`247`	`*`
`248`	`248`	`* @throws {@link XksProxyUriEndpointInUseException} (client fault)`
`249`	`249`	`* <p>The request was rejected because the <code>XksProxyUriEndpoint</code> is already`
`250`		`- * associated with another external key store in this Amazon Web Services Region. To identify the cause,`
`251`		`- * see the error message that accompanies the exception. </p>`
	`250`	`+ * associated with another external key store in this Amazon Web Services Region. To identify the cause, see`
	`251`	`+ * the error message that accompanies the exception. </p>`
`252`	`252`	`*`
`253`	`253`	`* @throws {@link XksProxyUriInUseException} (client fault)`
`254`	`254`	`* <p>The request was rejected because the concatenation of the <code>XksProxyUriEndpoint</code>`