Struct: kms.PutKeyPolicyInput

import "../ibm-cos-sdk-go/service/kms"

Implemented Interfaces

s3crypto.Cipher, s3manager.ReadSeekerWriteTo, request.Validator, s3manager.WriterReadFrom

Structure Field Summary collapse

Service Operations collapse

Structure Field Details

BypassPolicyLockoutSafetyCheck *bool `type:"boolean"`

Skips (“bypasses”) the key policy lockout safety check. The default value is false.

Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.

For more information, see Default key policy (docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) in the Key Management Service Developer Guide.

Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent PutKeyPolicy request on the KMS key.

KeyId *string `min:"1" type:"string" required:"true"`

Sets the key policy on the specified KMS key.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

KeyId is a required field

Policy *string `min:"1" type:"string" required:"true"`

The key policy to attach to the KMS key.

The key policy must meet the following criteria:

  • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy (docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key) in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

  • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible (docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the Amazon Web Services Identity and Access Management User Guide.

A key policy document can include only the following characters:

  • Printable ASCII characters from the space character (u0020) through the end of the ASCII character range.

  • Printable characters in the Basic Latin and Latin-1 Supplement character set (through u00FF).

  • The tab (u0009), line feed (u000A), and carriage return (u000D) special characters

For information about key policies, see Key policies in KMS (docs.aws.amazon.com/kms/latest/developerguide/key-policies.html) in the Key Management Service Developer Guide.For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference (docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html) in the Identity and Access Management User Guide .

Policy is a required field

PolicyName *string `min:"1" type:"string" required:"true"`

The name of the key policy. The only valid value is default.

PolicyName is a required field

_ struct{} `type:"structure"`

Method Details

func (s PutKeyPolicyInput) GoString() string

GoString returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.



15605
15606
15607
// File 'service/kms/api.go', line 15605

func (s PutKeyPolicyInput) GoString() string { return s.String() }

func (s *PutKeyPolicyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *PutKeyPolicyInput

SetBypassPolicyLockoutSafetyCheck sets the BypassPolicyLockoutSafetyCheck field's value.



15638
15639
15640
15641
// File 'service/kms/api.go', line 15638

func (s *PutKeyPolicyInput) SetBypassPolicyLockoutSafetyCheck(v bool) *PutKeyPolicyInput { s.BypassPolicyLockoutSafetyCheck = &v return s }

func (s *PutKeyPolicyInput) SetKeyId(v string) *PutKeyPolicyInput

SetKeyId sets the KeyId field's value.



15644
15645
15646
15647
// File 'service/kms/api.go', line 15644

func (s *PutKeyPolicyInput) SetKeyId(v string) *PutKeyPolicyInput { s.KeyId = &v return s }

func (s *PutKeyPolicyInput) SetPolicy(v string) *PutKeyPolicyInput

SetPolicy sets the Policy field's value.



15650
15651
15652
15653
// File 'service/kms/api.go', line 15650

func (s *PutKeyPolicyInput) SetPolicy(v string) *PutKeyPolicyInput { s.Policy = &v return s }

func (s *PutKeyPolicyInput) SetPolicyName(v string) *PutKeyPolicyInput

SetPolicyName sets the PolicyName field's value.



15656
15657
15658
15659
// File 'service/kms/api.go', line 15656

func (s *PutKeyPolicyInput) SetPolicyName(v string) *PutKeyPolicyInput { s.PolicyName = &v return s }

func (s PutKeyPolicyInput) String() string

String returns the string representation.

API parameter values that are decorated as “sensitive” in the API will not be included in the string output. The member name will be present, but the value will be replaced with “sensitive”.



15596
15597
15598
// File 'service/kms/api.go', line 15596

func (s PutKeyPolicyInput) String() string { return awsutil.Prettify(s) }

func (s *PutKeyPolicyInput) Validate() error

Validate inspects the fields of the type to determine if they are valid.



15610
15611
15612
15613
15614
15615
15616
15617
15618
15619
15620
15621
15622
15623
15624
15625
15626
15627
15628
15629
15630
15631
15632
15633
15634
15635
// File 'service/kms/api.go', line 15610

func (s *PutKeyPolicyInput) Validate() error { invalidParams := request.ErrInvalidParams{Context: "PutKeyPolicyInput"} if s.KeyId == nil { invalidParams.Add(request.NewErrParamRequired("KeyId")) } if s.KeyId != nil && len(*s.KeyId) < 1 { invalidParams.Add(request.NewErrParamMinLen("KeyId", 1)) } if s.Policy == nil { invalidParams.Add(request.NewErrParamRequired("Policy")) } if s.Policy != nil && len(*s.Policy) < 1 { invalidParams.Add(request.NewErrParamMinLen("Policy", 1)) } if s.PolicyName == nil { invalidParams.Add(request.NewErrParamRequired("PolicyName")) } if s.PolicyName != nil && len(*s.PolicyName) < 1 { invalidParams.Add(request.NewErrParamMinLen("PolicyName", 1)) } if invalidParams.Len() > 0 { return invalidParams } return nil }