# The AWS Encryption SDK - Python does not implement Keyrings # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.5 # //= type=exception # //# The caller MUST provide: # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.5 # //= type=exception # //# If an empty set of Region is provided this function MUST fail. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.5 # //= type=exception # //# If # //# any element of the set of regions is null or an empty string this # //# function MUST fail. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.5 # //= type=exception # //# If a regional client supplier is not passed, # //# then a default MUST be created that takes a region string and # //# generates a default AWS SDK client for the given region. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.5 # //= type=exception # //# A set of AWS KMS clients MUST be created by calling regional client # //# supplier for each region in the input set of regions. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.5 # //= type=exception # //# Then a set of AWS KMS MRK Aware Symmetric Region Discovery Keyring # //# (aws-kms-mrk-aware-symmetric-region-discovery-keyring.md) MUST be # //# created for each AWS KMS client by initializing each keyring with # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.5 # //= type=exception # //# Then a Multi-Keyring (../multi-keyring.md#inputs) MUST be initialize # //# by using this set of discovery keyrings as the child keyrings # //# (../multi-keyring.md#child-keyrings). # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.5 # //= type=exception # //# This Multi-Keyring MUST be # //# this functions output. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# The caller MUST provide: # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# If any of the AWS KMS key identifiers is null or an empty string this # //# function MUST fail. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# At least one non-null or non-empty string AWS # //# KMS key identifiers exists in the input this function MUST fail. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# If # //# a regional client supplier is not passed, then a default MUST be # //# created that takes a region string and generates a default AWS SDK # //# client for the given region. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# If there is a generator input then the generator keyring MUST be a # //# AWS KMS MRK Aware Symmetric Keyring (aws-kms-mrk-aware-symmetric- # //# keyring.md) initialized with # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# * The AWS KMS client that MUST be created by the regional client # //# supplier when called with the region part of the generator ARN or # //# a signal for the AWS SDK to select the default region. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# If there is a set of child identifiers then a set of AWS KMS MRK # //# Aware Symmetric Keyring (aws-kms-mrk-aware-symmetric-keyring.md) MUST # //# be created for each AWS KMS key identifier by initialized each # //# keyring with # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# * The AWS KMS client that MUST be created by the regional client # //# supplier when called with the region part of the AWS KMS key # //# identifier or a signal for the AWS SDK to select the default # //# region. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# NOTE: The AWS Encryption SDK SHOULD NOT attempt to evaluate its own # //# default region. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# Then a Multi-Keyring (../multi-keyring.md#inputs) MUST be initialize # //# by using this generator keyring as the generator keyring (../multi- # //# keyring.md#generator-keyring) and this set of child keyrings as the # //# child keyrings (../multi-keyring.md#child-keyrings). # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# This Multi- # //# Keyring MUST be this functions output. # //= compliance/framework/aws-kms/aws-kms-mrk-aware-multi-keyrings.txt#2.6 # //= type=exception # //# All # //# AWS KMS identifiers are passed to Assert AWS KMS MRK are unique (aws- # //# kms-mrk-are-unique.md#Implementation) and the function MUST return # //# success otherwise this MUST fail.