1// Code generated by smithy-go-codegen DO NOT EDIT. 2 3package kms 4 5import ( 6 "context" 7 awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware" 8 "github.com/aws/aws-sdk-go-v2/aws/signer/v4" 9 "github.com/aws/smithy-go/middleware" 10 smithyhttp "github.com/aws/smithy-go/transport/http" 11) 12 13// Creates a friendly name for a KMS key. Adding, deleting, or updating an alias 14// can allow or deny permission to the KMS key. For details, see Using ABAC in KMS 15// (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the Key 16// Management Service Developer Guide. You can use an alias to identify a KMS key 17// in the KMS console, in the DescribeKey operation and in cryptographic operations 18// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations), 19// such as Encrypt and GenerateDataKey. You can also change the KMS key that's 20// associated with the alias (UpdateAlias) or delete the alias (DeleteAlias) at any 21// time. These operations don't affect the underlying KMS key. You can associate 22// the alias with any customer managed key in the same Amazon Web Services Region. 23// Each alias is associated with only one KMS key at a time, but a KMS key can have 24// multiple aliases. A valid KMS key is required. You can't create an alias without 25// a KMS key. The alias must be unique in the account and Region, but you can have 26// aliases with the same name in different Regions. For detailed information about 27// aliases, see Using aliases 28// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) in the 29// Key Management Service Developer Guide. This operation does not return a 30// response. To get the alias that you created, use the ListAliases operation. The 31// KMS key that you use for this operation must be in a compatible key state. For 32// details, see Key state: Effect on your KMS key 33// (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the 34// Key Management Service Developer Guide. Cross-account use: No. You cannot 35// perform this operation on an alias in a different Amazon Web Services account. 36// Required permissions 37// 38// * kms:CreateAlias 39// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) 40// on the alias (IAM policy). 41// 42// * kms:CreateAlias 43// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html) 44// on the KMS key (key policy). 45// 46// For details, see Controlling access to aliases 47// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access) 48// in the Key Management Service Developer Guide. Related operations: 49// 50// * 51// DeleteAlias 52// 53// * ListAliases 54// 55// * UpdateAlias 56func (c *Client) CreateAlias(ctx context.Context, params *CreateAliasInput, optFns ...func(*Options)) (*CreateAliasOutput, error) { 57 if params == nil { 58 params = &CreateAliasInput{} 59 } 60 61 result, metadata, err := c.invokeOperation(ctx, "CreateAlias", params, optFns, c.addOperationCreateAliasMiddlewares) 62 if err != nil { 63 return nil, err 64 } 65 66 out := result.(*CreateAliasOutput) 67 out.ResultMetadata = metadata 68 return out, nil 69} 70 71type CreateAliasInput struct { 72 73 // Specifies the alias name. This value must begin with alias/ followed by a name, 74 // such as alias/ExampleAlias. The AliasName value must be string of 1-256 75 // characters. It can contain only alphanumeric characters, forward slashes (/), 76 // underscores (_), and dashes (-). The alias name cannot begin with alias/aws/. 77 // The alias/aws/ prefix is reserved for Amazon Web Services managed keys 78 // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk). 79 // 80 // This member is required. 81 AliasName *string 82 83 // Associates the alias with the specified customer managed key 84 // (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk). 85 // The KMS key must be in the same Amazon Web Services Region. A valid key ID is 86 // required. If you supply a null or empty string value, this operation returns an 87 // error. For help finding the key ID and ARN, see Finding the Key ID and ARN 88 // (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn) 89 // in the Key Management Service Developer Guide . Specify the key ID or key ARN of 90 // the KMS key. For example: 91 // 92 // * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab 93 // 94 // * Key 95 // ARN: 96 // arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab 97 // 98 // To 99 // get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. 100 // 101 // This member is required. 102 TargetKeyId *string 103 104 noSmithyDocumentSerde 105} 106 107type CreateAliasOutput struct { 108 // Metadata pertaining to the operation's result. 109 ResultMetadata middleware.Metadata 110 111 noSmithyDocumentSerde 112} 113 114func (c *Client) addOperationCreateAliasMiddlewares(stack *middleware.Stack, options Options) (err error) { 115 err = stack.Serialize.Add(&awsAwsjson11_serializeOpCreateAlias{}, middleware.After) 116 if err != nil { 117 return err 118 } 119 err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpCreateAlias{}, middleware.After) 120 if err != nil { 121 return err 122 } 123 if err = addSetLoggerMiddleware(stack, options); err != nil { 124 return err 125 } 126 if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil { 127 return err 128 } 129 if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil { 130 return err 131 } 132 if err = addResolveEndpointMiddleware(stack, options); err != nil { 133 return err 134 } 135 if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil { 136 return err 137 } 138 if err = addRetryMiddlewares(stack, options); err != nil { 139 return err 140 } 141 if err = addHTTPSignerV4Middleware(stack, options); err != nil { 142 return err 143 } 144 if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil { 145 return err 146 } 147 if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil { 148 return err 149 } 150 if err = addClientUserAgent(stack); err != nil { 151 return err 152 } 153 if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil { 154 return err 155 } 156 if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil { 157 return err 158 } 159 if err = addOpCreateAliasValidationMiddleware(stack); err != nil { 160 return err 161 } 162 if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateAlias(options.Region), middleware.Before); err != nil { 163 return err 164 } 165 if err = addRequestIDRetrieverMiddleware(stack); err != nil { 166 return err 167 } 168 if err = addResponseErrorMiddleware(stack); err != nil { 169 return err 170 } 171 if err = addRequestResponseLogging(stack, options); err != nil { 172 return err 173 } 174 return nil 175} 176 177func newServiceMetadataMiddleware_opCreateAlias(region string) *awsmiddleware.RegisterServiceMetadata { 178 return &awsmiddleware.RegisterServiceMetadata{ 179 Region: region, 180 ServiceID: ServiceID, 181 SigningName: "kms", 182 OperationName: "CreateAlias", 183 } 184} 185