The CreateApplication API now supports an optional kms key arn parameter to allow customers to specify a CMK for application encryption.

aws-sdk-dotnet-automation · aws-sdk-dotnet-automation · commit 1ccebfb91f84 · 2025-12-10T19:21:11.000Z
diff --git a/generator/ServiceModels/opensearch/opensearch-2021-01-01.api.json b/generator/ServiceModels/opensearch/opensearch-2021-01-01.api.json
@@ -2069,7 +2069,8 @@
         "dataSources":{"shape":"DataSources"},
         "iamIdentityCenterOptions":{"shape":"IamIdentityCenterOptionsInput"},
         "appConfigs":{"shape":"AppConfigs"},
-        "tagList":{"shape":"TagList"}
+        "tagList":{"shape":"TagList"},
+        "kmsKeyArn":{"shape":"KmsKeyArn"}
       }
     },
     "CreateApplicationResponse":{
@@ -2082,7 +2083,8 @@
         "iamIdentityCenterOptions":{"shape":"IamIdentityCenterOptions"},
         "appConfigs":{"shape":"AppConfigs"},
         "tagList":{"shape":"TagList"},
-        "createdAt":{"shape":"Timestamp"}
+        "createdAt":{"shape":"Timestamp"},
+        "kmsKeyArn":{"shape":"KmsKeyArn"}
       }
     },
     "CreateDomainRequest":{
@@ -3291,7 +3293,8 @@
         "dataSources":{"shape":"DataSources"},
         "appConfigs":{"shape":"AppConfigs"},
         "createdAt":{"shape":"Timestamp"},
-        "lastUpdatedAt":{"shape":"Timestamp"}
+        "lastUpdatedAt":{"shape":"Timestamp"},
+        "kmsKeyArn":{"shape":"KmsKeyArn"}
       }
     },
     "GetCompatibleVersionsRequest":{
@@ -3780,6 +3783,12 @@
         "KeyStoreAccessEnabled":{"shape":"Boolean"}
       }
     },
+    "KmsKeyArn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"^arn:aws[a-zA-Z-]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$"
+    },
     "KmsKeyId":{
       "type":"string",
       "max":500,
diff --git a/generator/ServiceModels/opensearch/opensearch-2021-01-01.docs.json b/generator/ServiceModels/opensearch/opensearch-2021-01-01.docs.json
@@ -1955,6 +1955,14 @@
         "PackageAssociationConfiguration$KeyStoreAccessOption": "<p>The configuration parameters to enable accessing the key store required by the package.</p>"
       }
     },
+    "KmsKeyArn": {
+      "base": null,
+      "refs": {
+        "CreateApplicationRequest$kmsKeyArn": "<p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data at rest. If provided, the application uses your customer-managed key for encryption. If omitted, the application uses an AWS-managed key. The KMS key must be in the same region as the application.</p>",
+        "CreateApplicationResponse$kmsKeyArn": "<p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data at rest.</p>",
+        "GetApplicationResponse$kmsKeyArn": "<p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data at rest.</p>"
+      }
+    },
     "KmsKeyId": {
       "base": null,
       "refs": {
diff --git a/generator/ServiceModels/opensearch/opensearch-2021-01-01.normal.json b/generator/ServiceModels/opensearch/opensearch-2021-01-01.normal.json
@@ -2673,7 +2673,11 @@
           "shape":"AppConfigs",
           "documentation":"<p>Configuration settings for the OpenSearch application, including administrative options.</p>"
         },
-        "tagList":{"shape":"TagList"}
+        "tagList":{"shape":"TagList"},
+        "kmsKeyArn":{
+          "shape":"KmsKeyArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data at rest. If provided, the application uses your customer-managed key for encryption. If omitted, the application uses an AWS-managed key. The KMS key must be in the same region as the application.</p>"
+        }
       }
     },
     "CreateApplicationResponse":{
@@ -2704,6 +2708,10 @@
         "createdAt":{
           "shape":"Timestamp",
           "documentation":"<p>The timestamp indicating when the OpenSearch application was created.</p>"
+        },
+        "kmsKeyArn":{
+          "shape":"KmsKeyArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data at rest.</p>"
         }
       }
     },
@@ -4780,6 +4788,10 @@
         "lastUpdatedAt":{
           "shape":"Timestamp",
           "documentation":"<p>The timestamp of the last update to the OpenSearch application.</p>"
+        },
+        "kmsKeyArn":{
+          "shape":"KmsKeyArn",
+          "documentation":"<p>The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data at rest.</p>"
         }
       }
     },
@@ -5544,6 +5556,12 @@
       },
       "documentation":"<p>The configuration parameters to enable access to the key store required by the package.</p>"
     },
+    "KmsKeyArn":{
+      "type":"string",
+      "max":2048,
+      "min":20,
+      "pattern":"^arn:aws[a-zA-Z-]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$"
+    },
     "KmsKeyId":{
       "type":"string",
       "max":500,
diff --git a/sdk/code-analysis/ServiceAnalysis/OpenSearchService/Generated/PropertyValueRules.xml b/sdk/code-analysis/ServiceAnalysis/OpenSearchService/Generated/PropertyValueRules.xml
@@ -83,6 +83,12 @@
     <min>1</min>
     <max>64</max>
   </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.OpenSearchService.Model.CreateApplicationRequest.KmsKeyArn</property>
+    <min>20</min>
+    <max>2048</max>
+    <pattern>^arn:aws[a-zA-Z-]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$</pattern>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.OpenSearchService.Model.CreateApplicationRequest.Name</property>
     <min>3</min>
@@ -99,6 +105,12 @@
     <property>Amazon.OpenSearchService.Model.CreateApplicationResponse.Id</property>
     <pattern>[a-z0-9]{3,30}</pattern>
   </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.OpenSearchService.Model.CreateApplicationResponse.KmsKeyArn</property>
+    <min>20</min>
+    <max>2048</max>
+    <pattern>^arn:aws[a-zA-Z-]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$</pattern>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.OpenSearchService.Model.CreateApplicationResponse.Name</property>
     <min>3</min>
@@ -398,6 +410,12 @@
     <property>Amazon.OpenSearchService.Model.GetApplicationResponse.Id</property>
     <pattern>[a-z0-9]{3,30}</pattern>
   </property-value-rule>
+  <property-value-rule>
+    <property>Amazon.OpenSearchService.Model.GetApplicationResponse.KmsKeyArn</property>
+    <min>20</min>
+    <max>2048</max>
+    <pattern>^arn:aws[a-zA-Z-]*:kms:[a-z0-9-]+:[0-9]{12}:key/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$</pattern>
+  </property-value-rule>
   <property-value-rule>
     <property>Amazon.OpenSearchService.Model.GetApplicationResponse.Name</property>
     <min>3</min>
diff --git a/sdk/src/Services/OpenSearchService/Generated/Model/CreateApplicationRequest.cs b/sdk/src/Services/OpenSearchService/Generated/Model/CreateApplicationRequest.cs
@@ -40,6 +40,7 @@ public partial class CreateApplicationRequest : AmazonOpenSearchServiceRequest
         private string _clientToken;
         private List<DataSource> _dataSources = AWSConfigs.InitializeCollections ? new List<DataSource>() : null;
         private IamIdentityCenterOptionsInput _iamIdentityCenterOptions;
+        private string _kmsKeyArn;
         private string _name;
         private List<Tag> _tagList = AWSConfigs.InitializeCollections ? new List<Tag>() : null;
 
@@ -128,6 +129,28 @@ internal bool IsSetIamIdentityCenterOptions()
             return this._iamIdentityCenterOptions != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property KmsKeyArn. 
+        /// <para>
+        /// The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data
+        /// at rest. If provided, the application uses your customer-managed key for encryption.
+        /// If omitted, the application uses an AWS-managed key. The KMS key must be in the same
+        /// region as the application.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Min=20, Max=2048)]
+        public string KmsKeyArn
+        {
+            get { return this._kmsKeyArn; }
+            set { this._kmsKeyArn = value; }
+        }
+
+        // Check to see if KmsKeyArn property is set
+        internal bool IsSetKmsKeyArn()
+        {
+            return this._kmsKeyArn != null;
+        }
+
         /// <summary>
         /// Gets and sets the property Name. 
         /// <para>
diff --git a/sdk/src/Services/OpenSearchService/Generated/Model/CreateApplicationResponse.cs b/sdk/src/Services/OpenSearchService/Generated/Model/CreateApplicationResponse.cs
@@ -40,6 +40,7 @@ public partial class CreateApplicationResponse : AmazonWebServiceResponse
         private List<DataSource> _dataSources = AWSConfigs.InitializeCollections ? new List<DataSource>() : null;
         private IamIdentityCenterOptions _iamIdentityCenterOptions;
         private string _id;
+        private string _kmsKeyArn;
         private string _name;
         private List<Tag> _tagList = AWSConfigs.InitializeCollections ? new List<Tag>() : null;
 
@@ -160,6 +161,26 @@ internal bool IsSetId()
             return this._id != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property KmsKeyArn. 
+        /// <para>
+        /// The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data
+        /// at rest.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Min=20, Max=2048)]
+        public string KmsKeyArn
+        {
+            get { return this._kmsKeyArn; }
+            set { this._kmsKeyArn = value; }
+        }
+
+        // Check to see if KmsKeyArn property is set
+        internal bool IsSetKmsKeyArn()
+        {
+            return this._kmsKeyArn != null;
+        }
+
         /// <summary>
         /// Gets and sets the property Name. 
         /// <para>
diff --git a/sdk/src/Services/OpenSearchService/Generated/Model/GetApplicationResponse.cs b/sdk/src/Services/OpenSearchService/Generated/Model/GetApplicationResponse.cs
@@ -41,6 +41,7 @@ public partial class GetApplicationResponse : AmazonWebServiceResponse
         private string _endpoint;
         private IamIdentityCenterOptions _iamIdentityCenterOptions;
         private string _id;
+        private string _kmsKeyArn;
         private DateTime? _lastUpdatedAt;
         private string _name;
         private ApplicationStatus _status;
@@ -180,6 +181,26 @@ internal bool IsSetId()
             return this._id != null;
         }
 
+        /// <summary>
+        /// Gets and sets the property KmsKeyArn. 
+        /// <para>
+        /// The Amazon Resource Name (ARN) of the KMS key used to encrypt the application's data
+        /// at rest.
+        /// </para>
+        /// </summary>
+        [AWSProperty(Min=20, Max=2048)]
+        public string KmsKeyArn
+        {
+            get { return this._kmsKeyArn; }
+            set { this._kmsKeyArn = value; }
+        }
+
+        // Check to see if KmsKeyArn property is set
+        internal bool IsSetKmsKeyArn()
+        {
+            return this._kmsKeyArn != null;
+        }
+
         /// <summary>
         /// Gets and sets the property LastUpdatedAt. 
         /// <para>
diff --git a/sdk/src/Services/OpenSearchService/Generated/Model/Internal/MarshallTransformations/CreateApplicationRequestMarshaller.cs b/sdk/src/Services/OpenSearchService/Generated/Model/Internal/MarshallTransformations/CreateApplicationRequestMarshaller.cs
@@ -127,6 +127,12 @@ public IRequest Marshall(CreateApplicationRequest publicRequest)
                 context.Writer.WriteEndObject();
             }
 
+            if(publicRequest.IsSetKmsKeyArn())
+            {
+                context.Writer.WritePropertyName("kmsKeyArn");
+                context.Writer.WriteStringValue(publicRequest.KmsKeyArn);
+            }
+
             if(publicRequest.IsSetName())
             {
                 context.Writer.WritePropertyName("name");
diff --git a/sdk/src/Services/OpenSearchService/Generated/Model/Internal/MarshallTransformations/CreateApplicationResponseUnmarshaller.cs b/sdk/src/Services/OpenSearchService/Generated/Model/Internal/MarshallTransformations/CreateApplicationResponseUnmarshaller.cs
@@ -88,6 +88,12 @@ public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext cont
                     response.Id = unmarshaller.Unmarshall(context, ref reader);
                     continue;
                 }
+                if (context.TestExpression("kmsKeyArn", targetDepth))
+                {
+                    var unmarshaller = StringUnmarshaller.Instance;
+                    response.KmsKeyArn = unmarshaller.Unmarshall(context, ref reader);
+                    continue;
+                }
                 if (context.TestExpression("name", targetDepth))
                 {
                     var unmarshaller = StringUnmarshaller.Instance;
diff --git a/sdk/src/Services/OpenSearchService/Generated/Model/Internal/MarshallTransformations/GetApplicationResponseUnmarshaller.cs b/sdk/src/Services/OpenSearchService/Generated/Model/Internal/MarshallTransformations/GetApplicationResponseUnmarshaller.cs
@@ -94,6 +94,12 @@ public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext cont
                     response.Id = unmarshaller.Unmarshall(context, ref reader);
                     continue;
                 }
+                if (context.TestExpression("kmsKeyArn", targetDepth))
+                {
+                    var unmarshaller = StringUnmarshaller.Instance;
+                    response.KmsKeyArn = unmarshaller.Unmarshall(context, ref reader);
+                    continue;
+                }
                 if (context.TestExpression("lastUpdatedAt", targetDepth))
                 {
                     var unmarshaller = NullableDateTimeUnmarshaller.Instance;

Original file line number	Diff line number	Diff line change
`@@ -127,6 +127,12 @@ public IRequest Marshall(CreateApplicationRequest publicRequest)`
`127`	`127`	`context.Writer.WriteEndObject();`
`128`	`128`	`}`
`129`	`129`
	`130`	`+ if(publicRequest.IsSetKmsKeyArn())`
	`131`	`+ {`
	`132`	`+ context.Writer.WritePropertyName("kmsKeyArn");`
	`133`	`+ context.Writer.WriteStringValue(publicRequest.KmsKeyArn);`
	`134`	`+ }`
	`135`	`+`
`130`	`136`	`if(publicRequest.IsSetName())`
`131`	`137`	`{`
`132`	`138`	`context.Writer.WritePropertyName("name");`
Original file line number	Diff line number	Diff line change
`@@ -88,6 +88,12 @@ public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext cont`
`88`	`88`	`response.Id = unmarshaller.Unmarshall(context, ref reader);`
`89`	`89`	`continue;`
`90`	`90`	`}`
	`91`	`+ if (context.TestExpression("kmsKeyArn", targetDepth))`
	`92`	`+ {`
	`93`	`+ var unmarshaller = StringUnmarshaller.Instance;`
	`94`	`+ response.KmsKeyArn = unmarshaller.Unmarshall(context, ref reader);`
	`95`	`+ continue;`
	`96`	`+ }`
`91`	`97`	`if (context.TestExpression("name", targetDepth))`
`92`	`98`	`{`
`93`	`99`	`var unmarshaller = StringUnmarshaller.Instance;`
Original file line number	Diff line number	Diff line change
`@@ -94,6 +94,12 @@ public override AmazonWebServiceResponse Unmarshall(JsonUnmarshallerContext cont`
`94`	`94`	`response.Id = unmarshaller.Unmarshall(context, ref reader);`
`95`	`95`	`continue;`
`96`	`96`	`}`
	`97`	`+ if (context.TestExpression("kmsKeyArn", targetDepth))`
	`98`	`+ {`
	`99`	`+ var unmarshaller = StringUnmarshaller.Instance;`
	`100`	`+ response.KmsKeyArn = unmarshaller.Unmarshall(context, ref reader);`
	`101`	`+ continue;`
	`102`	`+ }`
`97`	`103`	`if (context.TestExpression("lastUpdatedAt", targetDepth))`
`98`	`104`	`{`
`99`	`105`	`var unmarshaller = NullableDateTimeUnmarshaller.Instance;`