1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package kms_test 4 5import ( 6 "fmt" 7 "strings" 8 "time" 9 10 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/aws/awserr" 12 "github.com/aws/aws-sdk-go/aws/session" 13 "github.com/aws/aws-sdk-go/service/kms" 14) 15 16var _ time.Duration 17var _ strings.Reader 18var _ aws.Config 19 20func parseTime(layout, value string) *time.Time { 21 t, err := time.Parse(layout, value) 22 if err != nil { 23 panic(err) 24 } 25 return &t 26} 27 28// To cancel deletion of a customer master key (CMK) 29// 30// The following example cancels deletion of the specified CMK. 31func ExampleKMS_CancelKeyDeletion_shared00() { 32 svc := kms.New(session.New()) 33 input := &kms.CancelKeyDeletionInput{ 34 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 35 } 36 37 result, err := svc.CancelKeyDeletion(input) 38 if err != nil { 39 if aerr, ok := err.(awserr.Error); ok { 40 switch aerr.Code() { 41 case kms.ErrCodeNotFoundException: 42 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 43 case kms.ErrCodeInvalidArnException: 44 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 45 case kms.ErrCodeDependencyTimeoutException: 46 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 47 case kms.ErrCodeInternalException: 48 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 49 case kms.ErrCodeInvalidStateException: 50 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 51 default: 52 fmt.Println(aerr.Error()) 53 } 54 } else { 55 // Print the error, cast err to awserr.Error to get the Code and 56 // Message from an error. 57 fmt.Println(err.Error()) 58 } 59 return 60 } 61 62 fmt.Println(result) 63} 64 65// To create an alias 66// 67// The following example creates an alias for the specified customer master key (CMK). 68func ExampleKMS_CreateAlias_shared00() { 69 svc := kms.New(session.New()) 70 input := &kms.CreateAliasInput{ 71 AliasName: aws.String("alias/ExampleAlias"), 72 TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 73 } 74 75 result, err := svc.CreateAlias(input) 76 if err != nil { 77 if aerr, ok := err.(awserr.Error); ok { 78 switch aerr.Code() { 79 case kms.ErrCodeDependencyTimeoutException: 80 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 81 case kms.ErrCodeAlreadyExistsException: 82 fmt.Println(kms.ErrCodeAlreadyExistsException, aerr.Error()) 83 case kms.ErrCodeNotFoundException: 84 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 85 case kms.ErrCodeInvalidAliasNameException: 86 fmt.Println(kms.ErrCodeInvalidAliasNameException, aerr.Error()) 87 case kms.ErrCodeInternalException: 88 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 89 case kms.ErrCodeLimitExceededException: 90 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 91 case kms.ErrCodeInvalidStateException: 92 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 93 default: 94 fmt.Println(aerr.Error()) 95 } 96 } else { 97 // Print the error, cast err to awserr.Error to get the Code and 98 // Message from an error. 99 fmt.Println(err.Error()) 100 } 101 return 102 } 103 104 fmt.Println(result) 105} 106 107// To create a grant 108// 109// The following example creates a grant that allows the specified IAM role to encrypt 110// data with the specified customer master key (CMK). 111func ExampleKMS_CreateGrant_shared00() { 112 svc := kms.New(session.New()) 113 input := &kms.CreateGrantInput{ 114 GranteePrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"), 115 KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 116 Operations: []*string{ 117 aws.String("Encrypt"), 118 aws.String("Decrypt"), 119 }, 120 } 121 122 result, err := svc.CreateGrant(input) 123 if err != nil { 124 if aerr, ok := err.(awserr.Error); ok { 125 switch aerr.Code() { 126 case kms.ErrCodeNotFoundException: 127 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 128 case kms.ErrCodeDisabledException: 129 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 130 case kms.ErrCodeDependencyTimeoutException: 131 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 132 case kms.ErrCodeInvalidArnException: 133 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 134 case kms.ErrCodeInternalException: 135 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 136 case kms.ErrCodeInvalidGrantTokenException: 137 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 138 case kms.ErrCodeLimitExceededException: 139 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 140 case kms.ErrCodeInvalidStateException: 141 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 142 default: 143 fmt.Println(aerr.Error()) 144 } 145 } else { 146 // Print the error, cast err to awserr.Error to get the Code and 147 // Message from an error. 148 fmt.Println(err.Error()) 149 } 150 return 151 } 152 153 fmt.Println(result) 154} 155 156// To create a customer master key (CMK) 157// 158// The following example creates a CMK. 159func ExampleKMS_CreateKey_shared00() { 160 svc := kms.New(session.New()) 161 input := &kms.CreateKeyInput{ 162 Tags: []*kms.Tag{ 163 { 164 TagKey: aws.String("CreatedBy"), 165 TagValue: aws.String("ExampleUser"), 166 }, 167 }, 168 } 169 170 result, err := svc.CreateKey(input) 171 if err != nil { 172 if aerr, ok := err.(awserr.Error); ok { 173 switch aerr.Code() { 174 case kms.ErrCodeMalformedPolicyDocumentException: 175 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 176 case kms.ErrCodeDependencyTimeoutException: 177 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 178 case kms.ErrCodeInvalidArnException: 179 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 180 case kms.ErrCodeUnsupportedOperationException: 181 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 182 case kms.ErrCodeInternalException: 183 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 184 case kms.ErrCodeLimitExceededException: 185 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 186 case kms.ErrCodeTagException: 187 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 188 case kms.ErrCodeCustomKeyStoreNotFoundException: 189 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 190 case kms.ErrCodeCustomKeyStoreInvalidStateException: 191 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 192 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 193 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 194 default: 195 fmt.Println(aerr.Error()) 196 } 197 } else { 198 // Print the error, cast err to awserr.Error to get the Code and 199 // Message from an error. 200 fmt.Println(err.Error()) 201 } 202 return 203 } 204 205 fmt.Println(result) 206} 207 208// To decrypt data 209// 210// The following example decrypts data that was encrypted with a customer master key 211// (CMK) in AWS KMS. 212func ExampleKMS_Decrypt_shared00() { 213 svc := kms.New(session.New()) 214 input := &kms.DecryptInput{ 215 CiphertextBlob: []byte("<binary data>"), 216 KeyId: aws.String("arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 217 } 218 219 result, err := svc.Decrypt(input) 220 if err != nil { 221 if aerr, ok := err.(awserr.Error); ok { 222 switch aerr.Code() { 223 case kms.ErrCodeNotFoundException: 224 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 225 case kms.ErrCodeDisabledException: 226 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 227 case kms.ErrCodeInvalidCiphertextException: 228 fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) 229 case kms.ErrCodeKeyUnavailableException: 230 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 231 case kms.ErrCodeIncorrectKeyException: 232 fmt.Println(kms.ErrCodeIncorrectKeyException, aerr.Error()) 233 case kms.ErrCodeInvalidKeyUsageException: 234 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 235 case kms.ErrCodeDependencyTimeoutException: 236 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 237 case kms.ErrCodeInvalidGrantTokenException: 238 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 239 case kms.ErrCodeInternalException: 240 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 241 case kms.ErrCodeInvalidStateException: 242 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 243 default: 244 fmt.Println(aerr.Error()) 245 } 246 } else { 247 // Print the error, cast err to awserr.Error to get the Code and 248 // Message from an error. 249 fmt.Println(err.Error()) 250 } 251 return 252 } 253 254 fmt.Println(result) 255} 256 257// To delete an alias 258// 259// The following example deletes the specified alias. 260func ExampleKMS_DeleteAlias_shared00() { 261 svc := kms.New(session.New()) 262 input := &kms.DeleteAliasInput{ 263 AliasName: aws.String("alias/ExampleAlias"), 264 } 265 266 result, err := svc.DeleteAlias(input) 267 if err != nil { 268 if aerr, ok := err.(awserr.Error); ok { 269 switch aerr.Code() { 270 case kms.ErrCodeDependencyTimeoutException: 271 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 272 case kms.ErrCodeNotFoundException: 273 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 274 case kms.ErrCodeInternalException: 275 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 276 case kms.ErrCodeInvalidStateException: 277 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 278 default: 279 fmt.Println(aerr.Error()) 280 } 281 } else { 282 // Print the error, cast err to awserr.Error to get the Code and 283 // Message from an error. 284 fmt.Println(err.Error()) 285 } 286 return 287 } 288 289 fmt.Println(result) 290} 291 292// To delete imported key material 293// 294// The following example deletes the imported key material from the specified customer 295// master key (CMK). 296func ExampleKMS_DeleteImportedKeyMaterial_shared00() { 297 svc := kms.New(session.New()) 298 input := &kms.DeleteImportedKeyMaterialInput{ 299 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 300 } 301 302 result, err := svc.DeleteImportedKeyMaterial(input) 303 if err != nil { 304 if aerr, ok := err.(awserr.Error); ok { 305 switch aerr.Code() { 306 case kms.ErrCodeInvalidArnException: 307 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 308 case kms.ErrCodeUnsupportedOperationException: 309 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 310 case kms.ErrCodeDependencyTimeoutException: 311 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 312 case kms.ErrCodeNotFoundException: 313 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 314 case kms.ErrCodeInternalException: 315 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 316 case kms.ErrCodeInvalidStateException: 317 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 318 default: 319 fmt.Println(aerr.Error()) 320 } 321 } else { 322 // Print the error, cast err to awserr.Error to get the Code and 323 // Message from an error. 324 fmt.Println(err.Error()) 325 } 326 return 327 } 328 329 fmt.Println(result) 330} 331 332// To obtain information about a customer master key (CMK) 333// 334// The following example returns information (metadata) about the specified CMK. 335func ExampleKMS_DescribeKey_shared00() { 336 svc := kms.New(session.New()) 337 input := &kms.DescribeKeyInput{ 338 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 339 } 340 341 result, err := svc.DescribeKey(input) 342 if err != nil { 343 if aerr, ok := err.(awserr.Error); ok { 344 switch aerr.Code() { 345 case kms.ErrCodeNotFoundException: 346 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 347 case kms.ErrCodeInvalidArnException: 348 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 349 case kms.ErrCodeDependencyTimeoutException: 350 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 351 case kms.ErrCodeInternalException: 352 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 353 default: 354 fmt.Println(aerr.Error()) 355 } 356 } else { 357 // Print the error, cast err to awserr.Error to get the Code and 358 // Message from an error. 359 fmt.Println(err.Error()) 360 } 361 return 362 } 363 364 fmt.Println(result) 365} 366 367// To disable a customer master key (CMK) 368// 369// The following example disables the specified CMK. 370func ExampleKMS_DisableKey_shared00() { 371 svc := kms.New(session.New()) 372 input := &kms.DisableKeyInput{ 373 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 374 } 375 376 result, err := svc.DisableKey(input) 377 if err != nil { 378 if aerr, ok := err.(awserr.Error); ok { 379 switch aerr.Code() { 380 case kms.ErrCodeNotFoundException: 381 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 382 case kms.ErrCodeInvalidArnException: 383 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 384 case kms.ErrCodeDependencyTimeoutException: 385 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 386 case kms.ErrCodeInternalException: 387 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 388 case kms.ErrCodeInvalidStateException: 389 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 390 default: 391 fmt.Println(aerr.Error()) 392 } 393 } else { 394 // Print the error, cast err to awserr.Error to get the Code and 395 // Message from an error. 396 fmt.Println(err.Error()) 397 } 398 return 399 } 400 401 fmt.Println(result) 402} 403 404// To disable automatic rotation of key material 405// 406// The following example disables automatic annual rotation of the key material for 407// the specified CMK. 408func ExampleKMS_DisableKeyRotation_shared00() { 409 svc := kms.New(session.New()) 410 input := &kms.DisableKeyRotationInput{ 411 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 412 } 413 414 result, err := svc.DisableKeyRotation(input) 415 if err != nil { 416 if aerr, ok := err.(awserr.Error); ok { 417 switch aerr.Code() { 418 case kms.ErrCodeNotFoundException: 419 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 420 case kms.ErrCodeDisabledException: 421 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 422 case kms.ErrCodeInvalidArnException: 423 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 424 case kms.ErrCodeDependencyTimeoutException: 425 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 426 case kms.ErrCodeInternalException: 427 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 428 case kms.ErrCodeInvalidStateException: 429 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 430 case kms.ErrCodeUnsupportedOperationException: 431 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 432 default: 433 fmt.Println(aerr.Error()) 434 } 435 } else { 436 // Print the error, cast err to awserr.Error to get the Code and 437 // Message from an error. 438 fmt.Println(err.Error()) 439 } 440 return 441 } 442 443 fmt.Println(result) 444} 445 446// To enable a customer master key (CMK) 447// 448// The following example enables the specified CMK. 449func ExampleKMS_EnableKey_shared00() { 450 svc := kms.New(session.New()) 451 input := &kms.EnableKeyInput{ 452 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 453 } 454 455 result, err := svc.EnableKey(input) 456 if err != nil { 457 if aerr, ok := err.(awserr.Error); ok { 458 switch aerr.Code() { 459 case kms.ErrCodeNotFoundException: 460 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 461 case kms.ErrCodeInvalidArnException: 462 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 463 case kms.ErrCodeDependencyTimeoutException: 464 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 465 case kms.ErrCodeInternalException: 466 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 467 case kms.ErrCodeLimitExceededException: 468 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 469 case kms.ErrCodeInvalidStateException: 470 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 471 default: 472 fmt.Println(aerr.Error()) 473 } 474 } else { 475 // Print the error, cast err to awserr.Error to get the Code and 476 // Message from an error. 477 fmt.Println(err.Error()) 478 } 479 return 480 } 481 482 fmt.Println(result) 483} 484 485// To enable automatic rotation of key material 486// 487// The following example enables automatic annual rotation of the key material for the 488// specified CMK. 489func ExampleKMS_EnableKeyRotation_shared00() { 490 svc := kms.New(session.New()) 491 input := &kms.EnableKeyRotationInput{ 492 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 493 } 494 495 result, err := svc.EnableKeyRotation(input) 496 if err != nil { 497 if aerr, ok := err.(awserr.Error); ok { 498 switch aerr.Code() { 499 case kms.ErrCodeNotFoundException: 500 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 501 case kms.ErrCodeDisabledException: 502 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 503 case kms.ErrCodeInvalidArnException: 504 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 505 case kms.ErrCodeDependencyTimeoutException: 506 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 507 case kms.ErrCodeInternalException: 508 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 509 case kms.ErrCodeInvalidStateException: 510 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 511 case kms.ErrCodeUnsupportedOperationException: 512 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 513 default: 514 fmt.Println(aerr.Error()) 515 } 516 } else { 517 // Print the error, cast err to awserr.Error to get the Code and 518 // Message from an error. 519 fmt.Println(err.Error()) 520 } 521 return 522 } 523 524 fmt.Println(result) 525} 526 527// To encrypt data 528// 529// The following example encrypts data with the specified customer master key (CMK). 530func ExampleKMS_Encrypt_shared00() { 531 svc := kms.New(session.New()) 532 input := &kms.EncryptInput{ 533 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 534 Plaintext: []byte("<binary data>"), 535 } 536 537 result, err := svc.Encrypt(input) 538 if err != nil { 539 if aerr, ok := err.(awserr.Error); ok { 540 switch aerr.Code() { 541 case kms.ErrCodeNotFoundException: 542 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 543 case kms.ErrCodeDisabledException: 544 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 545 case kms.ErrCodeKeyUnavailableException: 546 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 547 case kms.ErrCodeDependencyTimeoutException: 548 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 549 case kms.ErrCodeInvalidKeyUsageException: 550 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 551 case kms.ErrCodeInvalidGrantTokenException: 552 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 553 case kms.ErrCodeInternalException: 554 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 555 case kms.ErrCodeInvalidStateException: 556 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 557 default: 558 fmt.Println(aerr.Error()) 559 } 560 } else { 561 // Print the error, cast err to awserr.Error to get the Code and 562 // Message from an error. 563 fmt.Println(err.Error()) 564 } 565 return 566 } 567 568 fmt.Println(result) 569} 570 571// To generate a data key 572// 573// The following example generates a 256-bit symmetric data encryption key (data key) 574// in two formats. One is the unencrypted (plainext) data key, and the other is the 575// data key encrypted with the specified customer master key (CMK). 576func ExampleKMS_GenerateDataKey_shared00() { 577 svc := kms.New(session.New()) 578 input := &kms.GenerateDataKeyInput{ 579 KeyId: aws.String("alias/ExampleAlias"), 580 KeySpec: aws.String("AES_256"), 581 } 582 583 result, err := svc.GenerateDataKey(input) 584 if err != nil { 585 if aerr, ok := err.(awserr.Error); ok { 586 switch aerr.Code() { 587 case kms.ErrCodeNotFoundException: 588 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 589 case kms.ErrCodeDisabledException: 590 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 591 case kms.ErrCodeKeyUnavailableException: 592 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 593 case kms.ErrCodeDependencyTimeoutException: 594 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 595 case kms.ErrCodeInvalidKeyUsageException: 596 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 597 case kms.ErrCodeInvalidGrantTokenException: 598 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 599 case kms.ErrCodeInternalException: 600 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 601 case kms.ErrCodeInvalidStateException: 602 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 603 default: 604 fmt.Println(aerr.Error()) 605 } 606 } else { 607 // Print the error, cast err to awserr.Error to get the Code and 608 // Message from an error. 609 fmt.Println(err.Error()) 610 } 611 return 612 } 613 614 fmt.Println(result) 615} 616 617// To generate an encrypted data key 618// 619// The following example generates an encrypted copy of a 256-bit symmetric data encryption 620// key (data key). The data key is encrypted with the specified customer master key 621// (CMK). 622func ExampleKMS_GenerateDataKeyWithoutPlaintext_shared00() { 623 svc := kms.New(session.New()) 624 input := &kms.GenerateDataKeyWithoutPlaintextInput{ 625 KeyId: aws.String("alias/ExampleAlias"), 626 KeySpec: aws.String("AES_256"), 627 } 628 629 result, err := svc.GenerateDataKeyWithoutPlaintext(input) 630 if err != nil { 631 if aerr, ok := err.(awserr.Error); ok { 632 switch aerr.Code() { 633 case kms.ErrCodeNotFoundException: 634 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 635 case kms.ErrCodeDisabledException: 636 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 637 case kms.ErrCodeKeyUnavailableException: 638 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 639 case kms.ErrCodeDependencyTimeoutException: 640 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 641 case kms.ErrCodeInvalidKeyUsageException: 642 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 643 case kms.ErrCodeInvalidGrantTokenException: 644 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 645 case kms.ErrCodeInternalException: 646 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 647 case kms.ErrCodeInvalidStateException: 648 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 649 default: 650 fmt.Println(aerr.Error()) 651 } 652 } else { 653 // Print the error, cast err to awserr.Error to get the Code and 654 // Message from an error. 655 fmt.Println(err.Error()) 656 } 657 return 658 } 659 660 fmt.Println(result) 661} 662 663// To generate random data 664// 665// The following example uses AWS KMS to generate 32 bytes of random data. 666func ExampleKMS_GenerateRandom_shared00() { 667 svc := kms.New(session.New()) 668 input := &kms.GenerateRandomInput{ 669 NumberOfBytes: aws.Int64(32), 670 } 671 672 result, err := svc.GenerateRandom(input) 673 if err != nil { 674 if aerr, ok := err.(awserr.Error); ok { 675 switch aerr.Code() { 676 case kms.ErrCodeDependencyTimeoutException: 677 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 678 case kms.ErrCodeInternalException: 679 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 680 case kms.ErrCodeCustomKeyStoreNotFoundException: 681 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 682 case kms.ErrCodeCustomKeyStoreInvalidStateException: 683 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 684 default: 685 fmt.Println(aerr.Error()) 686 } 687 } else { 688 // Print the error, cast err to awserr.Error to get the Code and 689 // Message from an error. 690 fmt.Println(err.Error()) 691 } 692 return 693 } 694 695 fmt.Println(result) 696} 697 698// To retrieve a key policy 699// 700// The following example retrieves the key policy for the specified customer master 701// key (CMK). 702func ExampleKMS_GetKeyPolicy_shared00() { 703 svc := kms.New(session.New()) 704 input := &kms.GetKeyPolicyInput{ 705 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 706 PolicyName: aws.String("default"), 707 } 708 709 result, err := svc.GetKeyPolicy(input) 710 if err != nil { 711 if aerr, ok := err.(awserr.Error); ok { 712 switch aerr.Code() { 713 case kms.ErrCodeNotFoundException: 714 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 715 case kms.ErrCodeInvalidArnException: 716 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 717 case kms.ErrCodeDependencyTimeoutException: 718 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 719 case kms.ErrCodeInternalException: 720 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 721 case kms.ErrCodeInvalidStateException: 722 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 723 default: 724 fmt.Println(aerr.Error()) 725 } 726 } else { 727 // Print the error, cast err to awserr.Error to get the Code and 728 // Message from an error. 729 fmt.Println(err.Error()) 730 } 731 return 732 } 733 734 fmt.Println(result) 735} 736 737// To retrieve the rotation status for a customer master key (CMK) 738// 739// The following example retrieves the status of automatic annual rotation of the key 740// material for the specified CMK. 741func ExampleKMS_GetKeyRotationStatus_shared00() { 742 svc := kms.New(session.New()) 743 input := &kms.GetKeyRotationStatusInput{ 744 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 745 } 746 747 result, err := svc.GetKeyRotationStatus(input) 748 if err != nil { 749 if aerr, ok := err.(awserr.Error); ok { 750 switch aerr.Code() { 751 case kms.ErrCodeNotFoundException: 752 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 753 case kms.ErrCodeInvalidArnException: 754 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 755 case kms.ErrCodeDependencyTimeoutException: 756 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 757 case kms.ErrCodeInternalException: 758 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 759 case kms.ErrCodeInvalidStateException: 760 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 761 case kms.ErrCodeUnsupportedOperationException: 762 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 763 default: 764 fmt.Println(aerr.Error()) 765 } 766 } else { 767 // Print the error, cast err to awserr.Error to get the Code and 768 // Message from an error. 769 fmt.Println(err.Error()) 770 } 771 return 772 } 773 774 fmt.Println(result) 775} 776 777// To retrieve the public key and import token for a customer master key (CMK) 778// 779// The following example retrieves the public key and import token for the specified 780// CMK. 781func ExampleKMS_GetParametersForImport_shared00() { 782 svc := kms.New(session.New()) 783 input := &kms.GetParametersForImportInput{ 784 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 785 WrappingAlgorithm: aws.String("RSAES_OAEP_SHA_1"), 786 WrappingKeySpec: aws.String("RSA_2048"), 787 } 788 789 result, err := svc.GetParametersForImport(input) 790 if err != nil { 791 if aerr, ok := err.(awserr.Error); ok { 792 switch aerr.Code() { 793 case kms.ErrCodeInvalidArnException: 794 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 795 case kms.ErrCodeUnsupportedOperationException: 796 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 797 case kms.ErrCodeDependencyTimeoutException: 798 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 799 case kms.ErrCodeNotFoundException: 800 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 801 case kms.ErrCodeInternalException: 802 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 803 case kms.ErrCodeInvalidStateException: 804 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 805 default: 806 fmt.Println(aerr.Error()) 807 } 808 } else { 809 // Print the error, cast err to awserr.Error to get the Code and 810 // Message from an error. 811 fmt.Println(err.Error()) 812 } 813 return 814 } 815 816 fmt.Println(result) 817} 818 819// To import key material into a customer master key (CMK) 820// 821// The following example imports key material into the specified CMK. 822func ExampleKMS_ImportKeyMaterial_shared00() { 823 svc := kms.New(session.New()) 824 input := &kms.ImportKeyMaterialInput{ 825 EncryptedKeyMaterial: []byte("<binary data>"), 826 ExpirationModel: aws.String("KEY_MATERIAL_DOES_NOT_EXPIRE"), 827 ImportToken: []byte("<binary data>"), 828 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 829 } 830 831 result, err := svc.ImportKeyMaterial(input) 832 if err != nil { 833 if aerr, ok := err.(awserr.Error); ok { 834 switch aerr.Code() { 835 case kms.ErrCodeInvalidArnException: 836 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 837 case kms.ErrCodeUnsupportedOperationException: 838 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 839 case kms.ErrCodeDependencyTimeoutException: 840 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 841 case kms.ErrCodeNotFoundException: 842 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 843 case kms.ErrCodeInternalException: 844 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 845 case kms.ErrCodeInvalidStateException: 846 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 847 case kms.ErrCodeInvalidCiphertextException: 848 fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) 849 case kms.ErrCodeIncorrectKeyMaterialException: 850 fmt.Println(kms.ErrCodeIncorrectKeyMaterialException, aerr.Error()) 851 case kms.ErrCodeExpiredImportTokenException: 852 fmt.Println(kms.ErrCodeExpiredImportTokenException, aerr.Error()) 853 case kms.ErrCodeInvalidImportTokenException: 854 fmt.Println(kms.ErrCodeInvalidImportTokenException, aerr.Error()) 855 default: 856 fmt.Println(aerr.Error()) 857 } 858 } else { 859 // Print the error, cast err to awserr.Error to get the Code and 860 // Message from an error. 861 fmt.Println(err.Error()) 862 } 863 return 864 } 865 866 fmt.Println(result) 867} 868 869// To list aliases 870// 871// The following example lists aliases. 872func ExampleKMS_ListAliases_shared00() { 873 svc := kms.New(session.New()) 874 input := &kms.ListAliasesInput{} 875 876 result, err := svc.ListAliases(input) 877 if err != nil { 878 if aerr, ok := err.(awserr.Error); ok { 879 switch aerr.Code() { 880 case kms.ErrCodeDependencyTimeoutException: 881 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 882 case kms.ErrCodeInvalidMarkerException: 883 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 884 case kms.ErrCodeInternalException: 885 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 886 case kms.ErrCodeInvalidArnException: 887 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 888 case kms.ErrCodeNotFoundException: 889 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 890 default: 891 fmt.Println(aerr.Error()) 892 } 893 } else { 894 // Print the error, cast err to awserr.Error to get the Code and 895 // Message from an error. 896 fmt.Println(err.Error()) 897 } 898 return 899 } 900 901 fmt.Println(result) 902} 903 904// To list grants for a customer master key (CMK) 905// 906// The following example lists grants for the specified CMK. 907func ExampleKMS_ListGrants_shared00() { 908 svc := kms.New(session.New()) 909 input := &kms.ListGrantsInput{ 910 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 911 } 912 913 result, err := svc.ListGrants(input) 914 if err != nil { 915 if aerr, ok := err.(awserr.Error); ok { 916 switch aerr.Code() { 917 case kms.ErrCodeNotFoundException: 918 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 919 case kms.ErrCodeDependencyTimeoutException: 920 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 921 case kms.ErrCodeInvalidMarkerException: 922 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 923 case kms.ErrCodeInvalidGrantIdException: 924 fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) 925 case kms.ErrCodeInvalidArnException: 926 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 927 case kms.ErrCodeInternalException: 928 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 929 case kms.ErrCodeInvalidStateException: 930 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 931 default: 932 fmt.Println(aerr.Error()) 933 } 934 } else { 935 // Print the error, cast err to awserr.Error to get the Code and 936 // Message from an error. 937 fmt.Println(err.Error()) 938 } 939 return 940 } 941 942 fmt.Println(result) 943} 944 945// To list key policies for a customer master key (CMK) 946// 947// The following example lists key policies for the specified CMK. 948func ExampleKMS_ListKeyPolicies_shared00() { 949 svc := kms.New(session.New()) 950 input := &kms.ListKeyPoliciesInput{ 951 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 952 } 953 954 result, err := svc.ListKeyPolicies(input) 955 if err != nil { 956 if aerr, ok := err.(awserr.Error); ok { 957 switch aerr.Code() { 958 case kms.ErrCodeNotFoundException: 959 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 960 case kms.ErrCodeInvalidArnException: 961 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 962 case kms.ErrCodeDependencyTimeoutException: 963 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 964 case kms.ErrCodeInternalException: 965 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 966 case kms.ErrCodeInvalidStateException: 967 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 968 default: 969 fmt.Println(aerr.Error()) 970 } 971 } else { 972 // Print the error, cast err to awserr.Error to get the Code and 973 // Message from an error. 974 fmt.Println(err.Error()) 975 } 976 return 977 } 978 979 fmt.Println(result) 980} 981 982// To list customer master keys (CMKs) 983// 984// The following example lists CMKs. 985func ExampleKMS_ListKeys_shared00() { 986 svc := kms.New(session.New()) 987 input := &kms.ListKeysInput{} 988 989 result, err := svc.ListKeys(input) 990 if err != nil { 991 if aerr, ok := err.(awserr.Error); ok { 992 switch aerr.Code() { 993 case kms.ErrCodeDependencyTimeoutException: 994 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 995 case kms.ErrCodeInternalException: 996 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 997 case kms.ErrCodeInvalidMarkerException: 998 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 999 default: 1000 fmt.Println(aerr.Error()) 1001 } 1002 } else { 1003 // Print the error, cast err to awserr.Error to get the Code and 1004 // Message from an error. 1005 fmt.Println(err.Error()) 1006 } 1007 return 1008 } 1009 1010 fmt.Println(result) 1011} 1012 1013// To list tags for a customer master key (CMK) 1014// 1015// The following example lists tags for a CMK. 1016func ExampleKMS_ListResourceTags_shared00() { 1017 svc := kms.New(session.New()) 1018 input := &kms.ListResourceTagsInput{ 1019 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1020 } 1021 1022 result, err := svc.ListResourceTags(input) 1023 if err != nil { 1024 if aerr, ok := err.(awserr.Error); ok { 1025 switch aerr.Code() { 1026 case kms.ErrCodeInternalException: 1027 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1028 case kms.ErrCodeNotFoundException: 1029 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1030 case kms.ErrCodeInvalidArnException: 1031 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1032 case kms.ErrCodeInvalidMarkerException: 1033 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 1034 default: 1035 fmt.Println(aerr.Error()) 1036 } 1037 } else { 1038 // Print the error, cast err to awserr.Error to get the Code and 1039 // Message from an error. 1040 fmt.Println(err.Error()) 1041 } 1042 return 1043 } 1044 1045 fmt.Println(result) 1046} 1047 1048// To list grants that the specified principal can retire 1049// 1050// The following example lists the grants that the specified principal (identity) can 1051// retire. 1052func ExampleKMS_ListRetirableGrants_shared00() { 1053 svc := kms.New(session.New()) 1054 input := &kms.ListRetirableGrantsInput{ 1055 RetiringPrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"), 1056 } 1057 1058 result, err := svc.ListRetirableGrants(input) 1059 if err != nil { 1060 if aerr, ok := err.(awserr.Error); ok { 1061 switch aerr.Code() { 1062 case kms.ErrCodeDependencyTimeoutException: 1063 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1064 case kms.ErrCodeInvalidMarkerException: 1065 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 1066 case kms.ErrCodeInvalidArnException: 1067 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1068 case kms.ErrCodeNotFoundException: 1069 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1070 case kms.ErrCodeInternalException: 1071 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1072 default: 1073 fmt.Println(aerr.Error()) 1074 } 1075 } else { 1076 // Print the error, cast err to awserr.Error to get the Code and 1077 // Message from an error. 1078 fmt.Println(err.Error()) 1079 } 1080 return 1081 } 1082 1083 fmt.Println(result) 1084} 1085 1086// To attach a key policy to a customer master key (CMK) 1087// 1088// The following example attaches a key policy to the specified CMK. 1089func ExampleKMS_PutKeyPolicy_shared00() { 1090 svc := kms.New(session.New()) 1091 input := &kms.PutKeyPolicyInput{ 1092 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1093 Policy: aws.String("{\n \"Version\": \"2012-10-17\",\n \"Id\": \"custom-policy-2016-12-07\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:root\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow access for Key Administrators\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::111122223333:user/ExampleAdminUser\",\n \"arn:aws:iam::111122223333:role/ExampleAdminRole\"\n ]\n },\n \"Action\": [\n \"kms:Create*\",\n \"kms:Describe*\",\n \"kms:Enable*\",\n \"kms:List*\",\n \"kms:Put*\",\n \"kms:Update*\",\n \"kms:Revoke*\",\n \"kms:Disable*\",\n \"kms:Get*\",\n \"kms:Delete*\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow use of the key\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:Encrypt\",\n \"kms:Decrypt\",\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:DescribeKey\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow attachment of persistent resources\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:CreateGrant\",\n \"kms:ListGrants\",\n \"kms:RevokeGrant\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\"\n }\n }\n }\n ]\n}\n"), 1094 PolicyName: aws.String("default"), 1095 } 1096 1097 result, err := svc.PutKeyPolicy(input) 1098 if err != nil { 1099 if aerr, ok := err.(awserr.Error); ok { 1100 switch aerr.Code() { 1101 case kms.ErrCodeNotFoundException: 1102 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1103 case kms.ErrCodeInvalidArnException: 1104 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1105 case kms.ErrCodeMalformedPolicyDocumentException: 1106 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 1107 case kms.ErrCodeDependencyTimeoutException: 1108 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1109 case kms.ErrCodeUnsupportedOperationException: 1110 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1111 case kms.ErrCodeInternalException: 1112 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1113 case kms.ErrCodeLimitExceededException: 1114 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 1115 case kms.ErrCodeInvalidStateException: 1116 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1117 default: 1118 fmt.Println(aerr.Error()) 1119 } 1120 } else { 1121 // Print the error, cast err to awserr.Error to get the Code and 1122 // Message from an error. 1123 fmt.Println(err.Error()) 1124 } 1125 return 1126 } 1127 1128 fmt.Println(result) 1129} 1130 1131// To reencrypt data 1132// 1133// The following example reencrypts data with the specified CMK. 1134func ExampleKMS_ReEncrypt_shared00() { 1135 svc := kms.New(session.New()) 1136 input := &kms.ReEncryptInput{ 1137 CiphertextBlob: []byte("<binary data>"), 1138 DestinationKeyId: aws.String("0987dcba-09fe-87dc-65ba-ab0987654321"), 1139 } 1140 1141 result, err := svc.ReEncrypt(input) 1142 if err != nil { 1143 if aerr, ok := err.(awserr.Error); ok { 1144 switch aerr.Code() { 1145 case kms.ErrCodeNotFoundException: 1146 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1147 case kms.ErrCodeDisabledException: 1148 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1149 case kms.ErrCodeInvalidCiphertextException: 1150 fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) 1151 case kms.ErrCodeKeyUnavailableException: 1152 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1153 case kms.ErrCodeIncorrectKeyException: 1154 fmt.Println(kms.ErrCodeIncorrectKeyException, aerr.Error()) 1155 case kms.ErrCodeDependencyTimeoutException: 1156 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1157 case kms.ErrCodeInvalidKeyUsageException: 1158 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1159 case kms.ErrCodeInvalidGrantTokenException: 1160 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1161 case kms.ErrCodeInternalException: 1162 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1163 case kms.ErrCodeInvalidStateException: 1164 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1165 default: 1166 fmt.Println(aerr.Error()) 1167 } 1168 } else { 1169 // Print the error, cast err to awserr.Error to get the Code and 1170 // Message from an error. 1171 fmt.Println(err.Error()) 1172 } 1173 return 1174 } 1175 1176 fmt.Println(result) 1177} 1178 1179// To retire a grant 1180// 1181// The following example retires a grant. 1182func ExampleKMS_RetireGrant_shared00() { 1183 svc := kms.New(session.New()) 1184 input := &kms.RetireGrantInput{ 1185 GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"), 1186 KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 1187 } 1188 1189 result, err := svc.RetireGrant(input) 1190 if err != nil { 1191 if aerr, ok := err.(awserr.Error); ok { 1192 switch aerr.Code() { 1193 case kms.ErrCodeInvalidArnException: 1194 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1195 case kms.ErrCodeInvalidGrantTokenException: 1196 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1197 case kms.ErrCodeInvalidGrantIdException: 1198 fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) 1199 case kms.ErrCodeNotFoundException: 1200 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1201 case kms.ErrCodeDependencyTimeoutException: 1202 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1203 case kms.ErrCodeInternalException: 1204 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1205 case kms.ErrCodeInvalidStateException: 1206 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1207 default: 1208 fmt.Println(aerr.Error()) 1209 } 1210 } else { 1211 // Print the error, cast err to awserr.Error to get the Code and 1212 // Message from an error. 1213 fmt.Println(err.Error()) 1214 } 1215 return 1216 } 1217 1218 fmt.Println(result) 1219} 1220 1221// To revoke a grant 1222// 1223// The following example revokes a grant. 1224func ExampleKMS_RevokeGrant_shared00() { 1225 svc := kms.New(session.New()) 1226 input := &kms.RevokeGrantInput{ 1227 GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"), 1228 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1229 } 1230 1231 result, err := svc.RevokeGrant(input) 1232 if err != nil { 1233 if aerr, ok := err.(awserr.Error); ok { 1234 switch aerr.Code() { 1235 case kms.ErrCodeNotFoundException: 1236 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1237 case kms.ErrCodeDependencyTimeoutException: 1238 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1239 case kms.ErrCodeInvalidArnException: 1240 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1241 case kms.ErrCodeInvalidGrantIdException: 1242 fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) 1243 case kms.ErrCodeInternalException: 1244 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1245 case kms.ErrCodeInvalidStateException: 1246 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1247 default: 1248 fmt.Println(aerr.Error()) 1249 } 1250 } else { 1251 // Print the error, cast err to awserr.Error to get the Code and 1252 // Message from an error. 1253 fmt.Println(err.Error()) 1254 } 1255 return 1256 } 1257 1258 fmt.Println(result) 1259} 1260 1261// To schedule a customer master key (CMK) for deletion 1262// 1263// The following example schedules the specified CMK for deletion. 1264func ExampleKMS_ScheduleKeyDeletion_shared00() { 1265 svc := kms.New(session.New()) 1266 input := &kms.ScheduleKeyDeletionInput{ 1267 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1268 PendingWindowInDays: aws.Int64(7), 1269 } 1270 1271 result, err := svc.ScheduleKeyDeletion(input) 1272 if err != nil { 1273 if aerr, ok := err.(awserr.Error); ok { 1274 switch aerr.Code() { 1275 case kms.ErrCodeNotFoundException: 1276 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1277 case kms.ErrCodeInvalidArnException: 1278 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1279 case kms.ErrCodeDependencyTimeoutException: 1280 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1281 case kms.ErrCodeInternalException: 1282 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1283 case kms.ErrCodeInvalidStateException: 1284 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1285 default: 1286 fmt.Println(aerr.Error()) 1287 } 1288 } else { 1289 // Print the error, cast err to awserr.Error to get the Code and 1290 // Message from an error. 1291 fmt.Println(err.Error()) 1292 } 1293 return 1294 } 1295 1296 fmt.Println(result) 1297} 1298 1299// To tag a customer master key (CMK) 1300// 1301// The following example tags a CMK. 1302func ExampleKMS_TagResource_shared00() { 1303 svc := kms.New(session.New()) 1304 input := &kms.TagResourceInput{ 1305 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1306 Tags: []*kms.Tag{ 1307 { 1308 TagKey: aws.String("Purpose"), 1309 TagValue: aws.String("Test"), 1310 }, 1311 }, 1312 } 1313 1314 result, err := svc.TagResource(input) 1315 if err != nil { 1316 if aerr, ok := err.(awserr.Error); ok { 1317 switch aerr.Code() { 1318 case kms.ErrCodeInternalException: 1319 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1320 case kms.ErrCodeNotFoundException: 1321 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1322 case kms.ErrCodeInvalidArnException: 1323 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1324 case kms.ErrCodeInvalidStateException: 1325 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1326 case kms.ErrCodeLimitExceededException: 1327 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 1328 case kms.ErrCodeTagException: 1329 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 1330 default: 1331 fmt.Println(aerr.Error()) 1332 } 1333 } else { 1334 // Print the error, cast err to awserr.Error to get the Code and 1335 // Message from an error. 1336 fmt.Println(err.Error()) 1337 } 1338 return 1339 } 1340 1341 fmt.Println(result) 1342} 1343 1344// To remove tags from a customer master key (CMK) 1345// 1346// The following example removes tags from a CMK. 1347func ExampleKMS_UntagResource_shared00() { 1348 svc := kms.New(session.New()) 1349 input := &kms.UntagResourceInput{ 1350 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1351 TagKeys: []*string{ 1352 aws.String("Purpose"), 1353 aws.String("CostCenter"), 1354 }, 1355 } 1356 1357 result, err := svc.UntagResource(input) 1358 if err != nil { 1359 if aerr, ok := err.(awserr.Error); ok { 1360 switch aerr.Code() { 1361 case kms.ErrCodeInternalException: 1362 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1363 case kms.ErrCodeNotFoundException: 1364 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1365 case kms.ErrCodeInvalidArnException: 1366 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1367 case kms.ErrCodeInvalidStateException: 1368 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1369 case kms.ErrCodeTagException: 1370 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 1371 default: 1372 fmt.Println(aerr.Error()) 1373 } 1374 } else { 1375 // Print the error, cast err to awserr.Error to get the Code and 1376 // Message from an error. 1377 fmt.Println(err.Error()) 1378 } 1379 return 1380 } 1381 1382 fmt.Println(result) 1383} 1384 1385// To update an alias 1386// 1387// The following example updates the specified alias to refer to the specified customer 1388// master key (CMK). 1389func ExampleKMS_UpdateAlias_shared00() { 1390 svc := kms.New(session.New()) 1391 input := &kms.UpdateAliasInput{ 1392 AliasName: aws.String("alias/ExampleAlias"), 1393 TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1394 } 1395 1396 result, err := svc.UpdateAlias(input) 1397 if err != nil { 1398 if aerr, ok := err.(awserr.Error); ok { 1399 switch aerr.Code() { 1400 case kms.ErrCodeDependencyTimeoutException: 1401 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1402 case kms.ErrCodeNotFoundException: 1403 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1404 case kms.ErrCodeInternalException: 1405 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1406 case kms.ErrCodeLimitExceededException: 1407 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 1408 case kms.ErrCodeInvalidStateException: 1409 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1410 default: 1411 fmt.Println(aerr.Error()) 1412 } 1413 } else { 1414 // Print the error, cast err to awserr.Error to get the Code and 1415 // Message from an error. 1416 fmt.Println(err.Error()) 1417 } 1418 return 1419 } 1420 1421 fmt.Println(result) 1422} 1423 1424// To update the description of a customer master key (CMK) 1425// 1426// The following example updates the description of the specified CMK. 1427func ExampleKMS_UpdateKeyDescription_shared00() { 1428 svc := kms.New(session.New()) 1429 input := &kms.UpdateKeyDescriptionInput{ 1430 Description: aws.String("Example description that indicates the intended use of this CMK."), 1431 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1432 } 1433 1434 result, err := svc.UpdateKeyDescription(input) 1435 if err != nil { 1436 if aerr, ok := err.(awserr.Error); ok { 1437 switch aerr.Code() { 1438 case kms.ErrCodeNotFoundException: 1439 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1440 case kms.ErrCodeInvalidArnException: 1441 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1442 case kms.ErrCodeDependencyTimeoutException: 1443 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1444 case kms.ErrCodeInternalException: 1445 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1446 case kms.ErrCodeInvalidStateException: 1447 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1448 default: 1449 fmt.Println(aerr.Error()) 1450 } 1451 } else { 1452 // Print the error, cast err to awserr.Error to get the Code and 1453 // Message from an error. 1454 fmt.Println(err.Error()) 1455 } 1456 return 1457 } 1458 1459 fmt.Println(result) 1460} 1461