KMS
CancelKeyDeletion
valid {
input.Body.KeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ConnectCustomKeyStore
valid {
input.Body.CustomKeyStoreId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateAlias
valid {
input.Body.AliasName == STRING
input.Body.TargetKeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateCustomKeyStore
enum_CustomKeyStoreType := [ "AWS_CLOUDHSM", "EXTERNAL_KEY_STORE" ]
enum_XksProxyConnectivityType := [ "PUBLIC_ENDPOINT", "VPC_ENDPOINT_SERVICE" ]
valid {
input.Body.CustomKeyStoreName == STRING
input.Body.CloudHsmClusterId == STRING
input.Body.TrustAnchorCertificate == STRING
input.Body.KeyStorePassword == STRING
input.Body.CustomKeyStoreType == enum_CustomKeyStoreType[_]
input.Body.XksProxyUriEndpoint == STRING
input.Body.XksProxyUriPath == STRING
input.Body.XksProxyVpcEndpointServiceName == STRING
input.Body.XksProxyVpcEndpointServiceOwner == STRING
input.Body.XksProxyAuthenticationCredential.AccessKeyId == STRING
input.Body.XksProxyAuthenticationCredential.RawSecretAccessKey == STRING
input.Body.XksProxyConnectivity == enum_XksProxyConnectivityType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateGrant
enum_GrantOperation := [ "Decrypt", "Encrypt", "GenerateDataKey", "GenerateDataKeyWithoutPlaintext", "ReEncryptFrom", "ReEncryptTo", "Sign", "Verify", "GetPublicKey", "CreateGrant", "RetireGrant", "DescribeKey", "GenerateDataKeyPair", "GenerateDataKeyPairWithoutPlaintext", "GenerateMac", "VerifyMac", "DeriveSharedSecret" ]
valid {
input.Body.KeyId == STRING
input.Body.GranteePrincipal == STRING
input.Body.RetiringPrincipal == STRING
input.Body.Operations[_] == enum_GrantOperation[_]
input.Body.Constraints.EncryptionContextSubset.STRING == STRING
input.Body.Constraints.EncryptionContextEquals.STRING == STRING
input.Body.GrantTokens[_] == STRING
input.Body.Name == STRING
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}CreateKey
enum_CustomerMasterKeySpec := [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2" ]
enum_KeySpec := [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SYMMETRIC_DEFAULT", "HMAC_224", "HMAC_256", "HMAC_384", "HMAC_512", "SM2", "ML_DSA_44", "ML_DSA_65", "ML_DSA_87", "ECC_NIST_EDWARDS25519" ]
enum_KeyUsageType := [ "SIGN_VERIFY", "ENCRYPT_DECRYPT", "GENERATE_VERIFY_MAC", "KEY_AGREEMENT" ]
enum_OriginType := [ "AWS_KMS", "EXTERNAL", "AWS_CLOUDHSM", "EXTERNAL_KEY_STORE" ]
valid {
input.Body.Policy == STRING
input.Body.Description == STRING
input.Body.KeyUsage == enum_KeyUsageType[_]
input.Body.CustomerMasterKeySpec == enum_CustomerMasterKeySpec[_]
input.Body.KeySpec == enum_KeySpec[_]
input.Body.Origin == enum_OriginType[_]
input.Body.CustomKeyStoreId == STRING
input.Body.BypassPolicyLockoutSafetyCheck == BOOLEAN
input.Body.Tags[_].TagKey == STRING
input.Body.Tags[_].TagValue == STRING
input.Body.MultiRegion == BOOLEAN
input.Body.XksKeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Decrypt
enum_EncryptionAlgorithmSpec := [ "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE" ]
enum_KeyEncryptionMechanism := [ "RSAES_OAEP_SHA_256" ]
valid {
input.Body.CiphertextBlob == BLOB
input.Body.EncryptionContext.STRING == STRING
input.Body.GrantTokens[_] == STRING
input.Body.KeyId == STRING
input.Body.EncryptionAlgorithm == enum_EncryptionAlgorithmSpec[_]
input.Body.Recipient.KeyEncryptionAlgorithm == enum_KeyEncryptionMechanism[_]
input.Body.Recipient.AttestationDocument == BLOB
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteAlias
valid {
input.Body.AliasName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteCustomKeyStore
valid {
input.Body.CustomKeyStoreId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeleteImportedKeyMaterial
valid {
input.Body.KeyId == STRING
input.Body.KeyMaterialId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DeriveSharedSecret
enum_KeyAgreementAlgorithmSpec := [ "ECDH" ]
enum_KeyEncryptionMechanism := [ "RSAES_OAEP_SHA_256" ]
valid {
input.Body.KeyId == STRING
input.Body.KeyAgreementAlgorithm == enum_KeyAgreementAlgorithmSpec[_]
input.Body.PublicKey == BLOB
input.Body.GrantTokens[_] == STRING
input.Body.DryRun == BOOLEAN
input.Body.Recipient.KeyEncryptionAlgorithm == enum_KeyEncryptionMechanism[_]
input.Body.Recipient.AttestationDocument == BLOB
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeCustomKeyStores
valid {
input.Body.CustomKeyStoreId == STRING
input.Body.CustomKeyStoreName == STRING
input.Body.Limit == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DescribeKey
valid {
input.Body.KeyId == STRING
input.Body.GrantTokens[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisableKey
valid {
input.Body.KeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisableKeyRotation
valid {
input.Body.KeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}DisconnectCustomKeyStore
valid {
input.Body.CustomKeyStoreId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}EnableKey
valid {
input.Body.KeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}EnableKeyRotation
valid {
input.Body.KeyId == STRING
input.Body.RotationPeriodInDays == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Encrypt
enum_EncryptionAlgorithmSpec := [ "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE" ]
valid {
input.Body.KeyId == STRING
input.Body.Plaintext == BLOB
input.Body.EncryptionContext.STRING == STRING
input.Body.GrantTokens[_] == STRING
input.Body.EncryptionAlgorithm == enum_EncryptionAlgorithmSpec[_]
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GenerateDataKey
enum_DataKeySpec := [ "AES_256", "AES_128" ]
enum_KeyEncryptionMechanism := [ "RSAES_OAEP_SHA_256" ]
valid {
input.Body.KeyId == STRING
input.Body.EncryptionContext.STRING == STRING
input.Body.NumberOfBytes == INTEGER
input.Body.KeySpec == enum_DataKeySpec[_]
input.Body.GrantTokens[_] == STRING
input.Body.Recipient.KeyEncryptionAlgorithm == enum_KeyEncryptionMechanism[_]
input.Body.Recipient.AttestationDocument == BLOB
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GenerateDataKeyPair
enum_DataKeyPairSpec := [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SM2", "ECC_NIST_EDWARDS25519" ]
enum_KeyEncryptionMechanism := [ "RSAES_OAEP_SHA_256" ]
valid {
input.Body.EncryptionContext.STRING == STRING
input.Body.KeyId == STRING
input.Body.KeyPairSpec == enum_DataKeyPairSpec[_]
input.Body.GrantTokens[_] == STRING
input.Body.Recipient.KeyEncryptionAlgorithm == enum_KeyEncryptionMechanism[_]
input.Body.Recipient.AttestationDocument == BLOB
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GenerateDataKeyPairWithoutPlaintext
enum_DataKeyPairSpec := [ "RSA_2048", "RSA_3072", "RSA_4096", "ECC_NIST_P256", "ECC_NIST_P384", "ECC_NIST_P521", "ECC_SECG_P256K1", "SM2", "ECC_NIST_EDWARDS25519" ]
valid {
input.Body.EncryptionContext.STRING == STRING
input.Body.KeyId == STRING
input.Body.KeyPairSpec == enum_DataKeyPairSpec[_]
input.Body.GrantTokens[_] == STRING
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GenerateDataKeyWithoutPlaintext
enum_DataKeySpec := [ "AES_256", "AES_128" ]
valid {
input.Body.KeyId == STRING
input.Body.EncryptionContext.STRING == STRING
input.Body.KeySpec == enum_DataKeySpec[_]
input.Body.NumberOfBytes == INTEGER
input.Body.GrantTokens[_] == STRING
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GenerateMac
enum_MacAlgorithmSpec := [ "HMAC_SHA_224", "HMAC_SHA_256", "HMAC_SHA_384", "HMAC_SHA_512" ]
valid {
input.Body.Message == BLOB
input.Body.KeyId == STRING
input.Body.MacAlgorithm == enum_MacAlgorithmSpec[_]
input.Body.GrantTokens[_] == STRING
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GenerateRandom
enum_KeyEncryptionMechanism := [ "RSAES_OAEP_SHA_256" ]
valid {
input.Body.NumberOfBytes == INTEGER
input.Body.CustomKeyStoreId == STRING
input.Body.Recipient.KeyEncryptionAlgorithm == enum_KeyEncryptionMechanism[_]
input.Body.Recipient.AttestationDocument == BLOB
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetKeyPolicy
valid {
input.Body.KeyId == STRING
input.Body.PolicyName == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetKeyRotationStatus
valid {
input.Body.KeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetParametersForImport
enum_AlgorithmSpec := [ "RSAES_PKCS1_V1_5", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "RSA_AES_KEY_WRAP_SHA_1", "RSA_AES_KEY_WRAP_SHA_256", "SM2PKE" ]
enum_WrappingKeySpec := [ "RSA_2048", "RSA_3072", "RSA_4096", "SM2" ]
valid {
input.Body.KeyId == STRING
input.Body.WrappingAlgorithm == enum_AlgorithmSpec[_]
input.Body.WrappingKeySpec == enum_WrappingKeySpec[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}GetPublicKey
valid {
input.Body.KeyId == STRING
input.Body.GrantTokens[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ImportKeyMaterial
enum_ExpirationModelType := [ "KEY_MATERIAL_EXPIRES", "KEY_MATERIAL_DOES_NOT_EXPIRE" ]
enum_ImportType := [ "NEW_KEY_MATERIAL", "EXISTING_KEY_MATERIAL" ]
valid {
input.Body.KeyId == STRING
input.Body.ImportToken == BLOB
input.Body.EncryptedKeyMaterial == BLOB
input.Body.ValidTo == TIMESTAMP
input.Body.ExpirationModel == enum_ExpirationModelType[_]
input.Body.ImportType == enum_ImportType[_]
input.Body.KeyMaterialDescription == STRING
input.Body.KeyMaterialId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListAliases
valid {
input.Body.KeyId == STRING
input.Body.Limit == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListGrants
valid {
input.Body.Limit == INTEGER
input.Body.Marker == STRING
input.Body.KeyId == STRING
input.Body.GrantId == STRING
input.Body.GranteePrincipal == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListKeyPolicies
valid {
input.Body.KeyId == STRING
input.Body.Limit == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListKeyRotations
enum_IncludeKeyMaterial := [ "ALL_KEY_MATERIAL", "ROTATIONS_ONLY" ]
valid {
input.Body.KeyId == STRING
input.Body.IncludeKeyMaterial == enum_IncludeKeyMaterial[_]
input.Body.Limit == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListKeys
valid {
input.Body.Limit == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListResourceTags
valid {
input.Body.KeyId == STRING
input.Body.Limit == INTEGER
input.Body.Marker == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ListRetirableGrants
valid {
input.Body.Limit == INTEGER
input.Body.Marker == STRING
input.Body.RetiringPrincipal == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}PutKeyPolicy
valid {
input.Body.KeyId == STRING
input.Body.PolicyName == STRING
input.Body.Policy == STRING
input.Body.BypassPolicyLockoutSafetyCheck == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ReEncrypt
enum_EncryptionAlgorithmSpec := [ "SYMMETRIC_DEFAULT", "RSAES_OAEP_SHA_1", "RSAES_OAEP_SHA_256", "SM2PKE" ]
valid {
input.Body.CiphertextBlob == BLOB
input.Body.SourceEncryptionContext.STRING == STRING
input.Body.SourceKeyId == STRING
input.Body.DestinationKeyId == STRING
input.Body.DestinationEncryptionContext.STRING == STRING
input.Body.SourceEncryptionAlgorithm == enum_EncryptionAlgorithmSpec[_]
input.Body.DestinationEncryptionAlgorithm == enum_EncryptionAlgorithmSpec[_]
input.Body.GrantTokens[_] == STRING
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ReplicateKey
valid {
input.Body.KeyId == STRING
input.Body.ReplicaRegion == STRING
input.Body.Policy == STRING
input.Body.BypassPolicyLockoutSafetyCheck == BOOLEAN
input.Body.Description == STRING
input.Body.Tags[_].TagKey == STRING
input.Body.Tags[_].TagValue == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RetireGrant
valid {
input.Body.GrantToken == STRING
input.Body.KeyId == STRING
input.Body.GrantId == STRING
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RevokeGrant
valid {
input.Body.KeyId == STRING
input.Body.GrantId == STRING
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}RotateKeyOnDemand
valid {
input.Body.KeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}ScheduleKeyDeletion
valid {
input.Body.KeyId == STRING
input.Body.PendingWindowInDays == INTEGER
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Sign
enum_MessageType := [ "RAW", "DIGEST", "EXTERNAL_MU" ]
enum_SigningAlgorithmSpec := [ "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512", "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "SM2DSA", "ML_DSA_SHAKE_256", "ED25519_SHA_512", "ED25519_PH_SHA_512" ]
valid {
input.Body.KeyId == STRING
input.Body.Message == BLOB
input.Body.MessageType == enum_MessageType[_]
input.Body.GrantTokens[_] == STRING
input.Body.SigningAlgorithm == enum_SigningAlgorithmSpec[_]
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}TagResource
valid {
input.Body.KeyId == STRING
input.Body.Tags[_].TagKey == STRING
input.Body.Tags[_].TagValue == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UntagResource
valid {
input.Body.KeyId == STRING
input.Body.TagKeys[_] == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateAlias
valid {
input.Body.AliasName == STRING
input.Body.TargetKeyId == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateCustomKeyStore
enum_XksProxyConnectivityType := [ "PUBLIC_ENDPOINT", "VPC_ENDPOINT_SERVICE" ]
valid {
input.Body.CustomKeyStoreId == STRING
input.Body.NewCustomKeyStoreName == STRING
input.Body.KeyStorePassword == STRING
input.Body.CloudHsmClusterId == STRING
input.Body.XksProxyUriEndpoint == STRING
input.Body.XksProxyUriPath == STRING
input.Body.XksProxyVpcEndpointServiceName == STRING
input.Body.XksProxyVpcEndpointServiceOwner == STRING
input.Body.XksProxyAuthenticationCredential.AccessKeyId == STRING
input.Body.XksProxyAuthenticationCredential.RawSecretAccessKey == STRING
input.Body.XksProxyConnectivity == enum_XksProxyConnectivityType[_]
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdateKeyDescription
valid {
input.Body.KeyId == STRING
input.Body.Description == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}UpdatePrimaryRegion
valid {
input.Body.KeyId == STRING
input.Body.PrimaryRegion == STRING
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Verify
enum_MessageType := [ "RAW", "DIGEST", "EXTERNAL_MU" ]
enum_SigningAlgorithmSpec := [ "RSASSA_PSS_SHA_256", "RSASSA_PSS_SHA_384", "RSASSA_PSS_SHA_512", "RSASSA_PKCS1_V1_5_SHA_256", "RSASSA_PKCS1_V1_5_SHA_384", "RSASSA_PKCS1_V1_5_SHA_512", "ECDSA_SHA_256", "ECDSA_SHA_384", "ECDSA_SHA_512", "SM2DSA", "ML_DSA_SHAKE_256", "ED25519_SHA_512", "ED25519_PH_SHA_512" ]
valid {
input.Body.KeyId == STRING
input.Body.Message == BLOB
input.Body.MessageType == enum_MessageType[_]
input.Body.Signature == BLOB
input.Body.SigningAlgorithm == enum_SigningAlgorithmSpec[_]
input.Body.GrantTokens[_] == STRING
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}VerifyMac
enum_MacAlgorithmSpec := [ "HMAC_SHA_224", "HMAC_SHA_256", "HMAC_SHA_384", "HMAC_SHA_512" ]
valid {
input.Body.Message == BLOB
input.Body.KeyId == STRING
input.Body.MacAlgorithm == enum_MacAlgorithmSpec[_]
input.Body.Mac == BLOB
input.Body.GrantTokens[_] == STRING
input.Body.DryRun == BOOLEAN
input.ProviderMetadata.Account == STRING
input.ProviderMetadata.AccessKeyId == STRING
input.ProviderMetadata.Region == STRING
}Updated 6 days ago