mirror of
https://github.com/Luzifer/share.git
synced 2025-01-22 18:21:49 +00:00
1433 lines
48 KiB
Go
1433 lines
48 KiB
Go
// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
|
|
|
|
package kms_test
|
|
|
|
import (
|
|
"fmt"
|
|
"strings"
|
|
"time"
|
|
|
|
"github.com/aws/aws-sdk-go/aws"
|
|
"github.com/aws/aws-sdk-go/aws/awserr"
|
|
"github.com/aws/aws-sdk-go/aws/session"
|
|
"github.com/aws/aws-sdk-go/service/kms"
|
|
)
|
|
|
|
var _ time.Duration
|
|
var _ strings.Reader
|
|
var _ aws.Config
|
|
|
|
func parseTime(layout, value string) *time.Time {
|
|
t, err := time.Parse(layout, value)
|
|
if err != nil {
|
|
panic(err)
|
|
}
|
|
return &t
|
|
}
|
|
|
|
// To cancel deletion of a customer master key (CMK)
|
|
//
|
|
// The following example cancels deletion of the specified CMK.
|
|
func ExampleKMS_CancelKeyDeletion_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.CancelKeyDeletionInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.CancelKeyDeletion(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To create an alias
|
|
//
|
|
// The following example creates an alias for the specified customer master key (CMK).
|
|
func ExampleKMS_CreateAlias_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.CreateAliasInput{
|
|
AliasName: aws.String("alias/ExampleAlias"),
|
|
TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.CreateAlias(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeAlreadyExistsException:
|
|
fmt.Println(kms.ErrCodeAlreadyExistsException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidAliasNameException:
|
|
fmt.Println(kms.ErrCodeInvalidAliasNameException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeLimitExceededException:
|
|
fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To create a grant
|
|
//
|
|
// The following example creates a grant that allows the specified IAM role to encrypt
|
|
// data with the specified customer master key (CMK).
|
|
func ExampleKMS_CreateGrant_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.CreateGrantInput{
|
|
GranteePrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"),
|
|
KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
Operations: []*string{
|
|
aws.String("Encrypt"),
|
|
aws.String("Decrypt"),
|
|
},
|
|
}
|
|
|
|
result, err := svc.CreateGrant(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDisabledException:
|
|
fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidGrantTokenException:
|
|
fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
|
|
case kms.ErrCodeLimitExceededException:
|
|
fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To create a customer master key (CMK)
|
|
//
|
|
// The following example creates a CMK.
|
|
func ExampleKMS_CreateKey_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.CreateKeyInput{
|
|
Tags: []*kms.Tag{
|
|
{
|
|
TagKey: aws.String("CreatedBy"),
|
|
TagValue: aws.String("ExampleUser"),
|
|
},
|
|
},
|
|
}
|
|
|
|
result, err := svc.CreateKey(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeMalformedPolicyDocumentException:
|
|
fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeUnsupportedOperationException:
|
|
fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeLimitExceededException:
|
|
fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
|
|
case kms.ErrCodeTagException:
|
|
fmt.Println(kms.ErrCodeTagException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To decrypt data
|
|
//
|
|
// The following example decrypts data that was encrypted with a customer master key
|
|
// (CMK) in AWS KMS.
|
|
func ExampleKMS_Decrypt_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.DecryptInput{
|
|
CiphertextBlob: []byte("<binary data>"),
|
|
}
|
|
|
|
result, err := svc.Decrypt(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDisabledException:
|
|
fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
|
|
case kms.ErrCodeInvalidCiphertextException:
|
|
fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error())
|
|
case kms.ErrCodeKeyUnavailableException:
|
|
fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidGrantTokenException:
|
|
fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To delete an alias
|
|
//
|
|
// The following example deletes the specified alias.
|
|
func ExampleKMS_DeleteAlias_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.DeleteAliasInput{
|
|
AliasName: aws.String("alias/ExampleAlias"),
|
|
}
|
|
|
|
result, err := svc.DeleteAlias(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To delete imported key material
|
|
//
|
|
// The following example deletes the imported key material from the specified customer
|
|
// master key (CMK).
|
|
func ExampleKMS_DeleteImportedKeyMaterial_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.DeleteImportedKeyMaterialInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.DeleteImportedKeyMaterial(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeUnsupportedOperationException:
|
|
fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To obtain information about a customer master key (CMK)
|
|
//
|
|
// The following example returns information (metadata) about the specified CMK.
|
|
func ExampleKMS_DescribeKey_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.DescribeKeyInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.DescribeKey(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To disable a customer master key (CMK)
|
|
//
|
|
// The following example disables the specified CMK.
|
|
func ExampleKMS_DisableKey_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.DisableKeyInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.DisableKey(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To disable automatic rotation of key material
|
|
//
|
|
// The following example disables automatic annual rotation of the key material for
|
|
// the specified CMK.
|
|
func ExampleKMS_DisableKeyRotation_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.DisableKeyRotationInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.DisableKeyRotation(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDisabledException:
|
|
fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
case kms.ErrCodeUnsupportedOperationException:
|
|
fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To enable a customer master key (CMK)
|
|
//
|
|
// The following example enables the specified CMK.
|
|
func ExampleKMS_EnableKey_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.EnableKeyInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.EnableKey(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeLimitExceededException:
|
|
fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To enable automatic rotation of key material
|
|
//
|
|
// The following example enables automatic annual rotation of the key material for the
|
|
// specified CMK.
|
|
func ExampleKMS_EnableKeyRotation_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.EnableKeyRotationInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.EnableKeyRotation(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDisabledException:
|
|
fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
case kms.ErrCodeUnsupportedOperationException:
|
|
fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To encrypt data
|
|
//
|
|
// The following example encrypts data with the specified customer master key (CMK).
|
|
func ExampleKMS_Encrypt_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.EncryptInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
Plaintext: []byte("<binary data>"),
|
|
}
|
|
|
|
result, err := svc.Encrypt(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDisabledException:
|
|
fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
|
|
case kms.ErrCodeKeyUnavailableException:
|
|
fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidKeyUsageException:
|
|
fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error())
|
|
case kms.ErrCodeInvalidGrantTokenException:
|
|
fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To generate a data key
|
|
//
|
|
// The following example generates a 256-bit symmetric data encryption key (data key)
|
|
// in two formats. One is the unencrypted (plainext) data key, and the other is the
|
|
// data key encrypted with the specified customer master key (CMK).
|
|
func ExampleKMS_GenerateDataKey_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.GenerateDataKeyInput{
|
|
KeyId: aws.String("alias/ExampleAlias"),
|
|
KeySpec: aws.String("AES_256"),
|
|
}
|
|
|
|
result, err := svc.GenerateDataKey(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDisabledException:
|
|
fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
|
|
case kms.ErrCodeKeyUnavailableException:
|
|
fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidKeyUsageException:
|
|
fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error())
|
|
case kms.ErrCodeInvalidGrantTokenException:
|
|
fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To generate an encrypted data key
|
|
//
|
|
// The following example generates an encrypted copy of a 256-bit symmetric data encryption
|
|
// key (data key). The data key is encrypted with the specified customer master key
|
|
// (CMK).
|
|
func ExampleKMS_GenerateDataKeyWithoutPlaintext_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.GenerateDataKeyWithoutPlaintextInput{
|
|
KeyId: aws.String("alias/ExampleAlias"),
|
|
KeySpec: aws.String("AES_256"),
|
|
}
|
|
|
|
result, err := svc.GenerateDataKeyWithoutPlaintext(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDisabledException:
|
|
fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
|
|
case kms.ErrCodeKeyUnavailableException:
|
|
fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidKeyUsageException:
|
|
fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error())
|
|
case kms.ErrCodeInvalidGrantTokenException:
|
|
fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To generate random data
|
|
//
|
|
// The following example uses AWS KMS to generate 32 bytes of random data.
|
|
func ExampleKMS_GenerateRandom_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.GenerateRandomInput{
|
|
NumberOfBytes: aws.Int64(32),
|
|
}
|
|
|
|
result, err := svc.GenerateRandom(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To retrieve a key policy
|
|
//
|
|
// The following example retrieves the key policy for the specified customer master
|
|
// key (CMK).
|
|
func ExampleKMS_GetKeyPolicy_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.GetKeyPolicyInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
PolicyName: aws.String("default"),
|
|
}
|
|
|
|
result, err := svc.GetKeyPolicy(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To retrieve the rotation status for a customer master key (CMK)
|
|
//
|
|
// The following example retrieves the status of automatic annual rotation of the key
|
|
// material for the specified CMK.
|
|
func ExampleKMS_GetKeyRotationStatus_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.GetKeyRotationStatusInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.GetKeyRotationStatus(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
case kms.ErrCodeUnsupportedOperationException:
|
|
fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To retrieve the public key and import token for a customer master key (CMK)
|
|
//
|
|
// The following example retrieves the public key and import token for the specified
|
|
// CMK.
|
|
func ExampleKMS_GetParametersForImport_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.GetParametersForImportInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
WrappingAlgorithm: aws.String("RSAES_OAEP_SHA_1"),
|
|
WrappingKeySpec: aws.String("RSA_2048"),
|
|
}
|
|
|
|
result, err := svc.GetParametersForImport(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeUnsupportedOperationException:
|
|
fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To import key material into a customer master key (CMK)
|
|
//
|
|
// The following example imports key material into the specified CMK.
|
|
func ExampleKMS_ImportKeyMaterial_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.ImportKeyMaterialInput{
|
|
EncryptedKeyMaterial: []byte("<binary data>"),
|
|
ExpirationModel: aws.String("KEY_MATERIAL_DOES_NOT_EXPIRE"),
|
|
ImportToken: []byte("<binary data>"),
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.ImportKeyMaterial(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeUnsupportedOperationException:
|
|
fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
case kms.ErrCodeInvalidCiphertextException:
|
|
fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error())
|
|
case kms.ErrCodeIncorrectKeyMaterialException:
|
|
fmt.Println(kms.ErrCodeIncorrectKeyMaterialException, aerr.Error())
|
|
case kms.ErrCodeExpiredImportTokenException:
|
|
fmt.Println(kms.ErrCodeExpiredImportTokenException, aerr.Error())
|
|
case kms.ErrCodeInvalidImportTokenException:
|
|
fmt.Println(kms.ErrCodeInvalidImportTokenException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To list aliases
|
|
//
|
|
// The following example lists aliases.
|
|
func ExampleKMS_ListAliases_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.ListAliasesInput{}
|
|
|
|
result, err := svc.ListAliases(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidMarkerException:
|
|
fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To list grants for a customer master key (CMK)
|
|
//
|
|
// The following example lists grants for the specified CMK.
|
|
func ExampleKMS_ListGrants_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.ListGrantsInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.ListGrants(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidMarkerException:
|
|
fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To list key policies for a customer master key (CMK)
|
|
//
|
|
// The following example lists key policies for the specified CMK.
|
|
func ExampleKMS_ListKeyPolicies_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.ListKeyPoliciesInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.ListKeyPolicies(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To list customer master keys (CMKs)
|
|
//
|
|
// The following example lists CMKs.
|
|
func ExampleKMS_ListKeys_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.ListKeysInput{}
|
|
|
|
result, err := svc.ListKeys(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidMarkerException:
|
|
fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To list tags for a customer master key (CMK)
|
|
//
|
|
// The following example lists tags for a CMK.
|
|
func ExampleKMS_ListResourceTags_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.ListResourceTagsInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.ListResourceTags(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeInvalidMarkerException:
|
|
fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To list grants that the specified principal can retire
|
|
//
|
|
// The following example lists the grants that the specified principal (identity) can
|
|
// retire.
|
|
func ExampleKMS_ListRetirableGrants_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.ListRetirableGrantsInput{
|
|
RetiringPrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"),
|
|
}
|
|
|
|
result, err := svc.ListRetirableGrants(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidMarkerException:
|
|
fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To attach a key policy to a customer master key (CMK)
|
|
//
|
|
// The following example attaches a key policy to the specified CMK.
|
|
func ExampleKMS_PutKeyPolicy_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.PutKeyPolicyInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
Policy: aws.String("{\n \"Version\": \"2012-10-17\",\n \"Id\": \"custom-policy-2016-12-07\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:root\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow access for Key Administrators\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::111122223333:user/ExampleAdminUser\",\n \"arn:aws:iam::111122223333:role/ExampleAdminRole\"\n ]\n },\n \"Action\": [\n \"kms:Create*\",\n \"kms:Describe*\",\n \"kms:Enable*\",\n \"kms:List*\",\n \"kms:Put*\",\n \"kms:Update*\",\n \"kms:Revoke*\",\n \"kms:Disable*\",\n \"kms:Get*\",\n \"kms:Delete*\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow use of the key\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:Encrypt\",\n \"kms:Decrypt\",\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:DescribeKey\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow attachment of persistent resources\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:CreateGrant\",\n \"kms:ListGrants\",\n \"kms:RevokeGrant\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\"\n }\n }\n }\n ]\n}\n"),
|
|
PolicyName: aws.String("default"),
|
|
}
|
|
|
|
result, err := svc.PutKeyPolicy(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeMalformedPolicyDocumentException:
|
|
fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeUnsupportedOperationException:
|
|
fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeLimitExceededException:
|
|
fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To reencrypt data
|
|
//
|
|
// The following example reencrypts data with the specified CMK.
|
|
func ExampleKMS_ReEncrypt_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.ReEncryptInput{
|
|
CiphertextBlob: []byte("<binary data>"),
|
|
DestinationKeyId: aws.String("0987dcba-09fe-87dc-65ba-ab0987654321"),
|
|
}
|
|
|
|
result, err := svc.ReEncrypt(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDisabledException:
|
|
fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
|
|
case kms.ErrCodeInvalidCiphertextException:
|
|
fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error())
|
|
case kms.ErrCodeKeyUnavailableException:
|
|
fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidKeyUsageException:
|
|
fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error())
|
|
case kms.ErrCodeInvalidGrantTokenException:
|
|
fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To retire a grant
|
|
//
|
|
// The following example retires a grant.
|
|
func ExampleKMS_RetireGrant_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.RetireGrantInput{
|
|
GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"),
|
|
KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.RetireGrant(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeInvalidGrantTokenException:
|
|
fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
|
|
case kms.ErrCodeInvalidGrantIdException:
|
|
fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To revoke a grant
|
|
//
|
|
// The following example revokes a grant.
|
|
func ExampleKMS_RevokeGrant_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.RevokeGrantInput{
|
|
GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"),
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.RevokeGrant(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeInvalidGrantIdException:
|
|
fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To schedule a customer master key (CMK) for deletion
|
|
//
|
|
// The following example schedules the specified CMK for deletion.
|
|
func ExampleKMS_ScheduleKeyDeletion_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.ScheduleKeyDeletionInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
PendingWindowInDays: aws.Int64(7),
|
|
}
|
|
|
|
result, err := svc.ScheduleKeyDeletion(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To tag a customer master key (CMK)
|
|
//
|
|
// The following example tags a CMK.
|
|
func ExampleKMS_TagResource_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.TagResourceInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
Tags: []*kms.Tag{
|
|
{
|
|
TagKey: aws.String("Purpose"),
|
|
TagValue: aws.String("Test"),
|
|
},
|
|
},
|
|
}
|
|
|
|
result, err := svc.TagResource(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
case kms.ErrCodeLimitExceededException:
|
|
fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
|
|
case kms.ErrCodeTagException:
|
|
fmt.Println(kms.ErrCodeTagException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To remove tags from a customer master key (CMK)
|
|
//
|
|
// The following example removes tags from a CMK.
|
|
func ExampleKMS_UntagResource_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.UntagResourceInput{
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
TagKeys: []*string{
|
|
aws.String("Purpose"),
|
|
aws.String("CostCenter"),
|
|
},
|
|
}
|
|
|
|
result, err := svc.UntagResource(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
case kms.ErrCodeTagException:
|
|
fmt.Println(kms.ErrCodeTagException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To update an alias
|
|
//
|
|
// The following example updates the specified alias to refer to the specified customer
|
|
// master key (CMK).
|
|
func ExampleKMS_UpdateAlias_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.UpdateAliasInput{
|
|
AliasName: aws.String("alias/ExampleAlias"),
|
|
TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.UpdateAlias(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|
|
|
|
// To update the description of a customer master key (CMK)
|
|
//
|
|
// The following example updates the description of the specified CMK.
|
|
func ExampleKMS_UpdateKeyDescription_shared00() {
|
|
svc := kms.New(session.New())
|
|
input := &kms.UpdateKeyDescriptionInput{
|
|
Description: aws.String("Example description that indicates the intended use of this CMK."),
|
|
KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
|
|
}
|
|
|
|
result, err := svc.UpdateKeyDescription(input)
|
|
if err != nil {
|
|
if aerr, ok := err.(awserr.Error); ok {
|
|
switch aerr.Code() {
|
|
case kms.ErrCodeNotFoundException:
|
|
fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
|
|
case kms.ErrCodeInvalidArnException:
|
|
fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
|
|
case kms.ErrCodeDependencyTimeoutException:
|
|
fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
|
|
case kms.ErrCodeInternalException:
|
|
fmt.Println(kms.ErrCodeInternalException, aerr.Error())
|
|
case kms.ErrCodeInvalidStateException:
|
|
fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
|
|
default:
|
|
fmt.Println(aerr.Error())
|
|
}
|
|
} else {
|
|
// Print the error, cast err to awserr.Error to get the Code and
|
|
// Message from an error.
|
|
fmt.Println(err.Error())
|
|
}
|
|
return
|
|
}
|
|
|
|
fmt.Println(result)
|
|
}
|