1// Code generated by smithy-go-codegen DO NOT EDIT.
2
3package kms
4
5import (
6	"context"
7	awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
8	"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
9	"github.com/aws/smithy-go/middleware"
10	smithyhttp "github.com/aws/smithy-go/transport/http"
11)
12
13// Creates a friendly name for a KMS key. Adding, deleting, or updating an alias
14// can allow or deny permission to the KMS key. For details, see Using ABAC in KMS
15// (https://docs.aws.amazon.com/kms/latest/developerguide/abac.html) in the Key
16// Management Service Developer Guide. You can use an alias to identify a KMS key
17// in the KMS console, in the DescribeKey operation and in cryptographic operations
18// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations),
19// such as Encrypt and GenerateDataKey. You can also change the KMS key that's
20// associated with the alias (UpdateAlias) or delete the alias (DeleteAlias) at any
21// time. These operations don't affect the underlying KMS key. You can associate
22// the alias with any customer managed key in the same Amazon Web Services Region.
23// Each alias is associated with only one KMS key at a time, but a KMS key can have
24// multiple aliases. A valid KMS key is required. You can't create an alias without
25// a KMS key. The alias must be unique in the account and Region, but you can have
26// aliases with the same name in different Regions. For detailed information about
27// aliases, see Using aliases
28// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html) in the
29// Key Management Service Developer Guide. This operation does not return a
30// response. To get the alias that you created, use the ListAliases operation. The
31// KMS key that you use for this operation must be in a compatible key state. For
32// details, see Key state: Effect on your KMS key
33// (https://docs.aws.amazon.com/kms/latest/developerguide/key-state.html) in the
34// Key Management Service Developer Guide. Cross-account use: No. You cannot
35// perform this operation on an alias in a different Amazon Web Services account.
36// Required permissions
37//
38// * kms:CreateAlias
39// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html)
40// on the alias (IAM policy).
41//
42// * kms:CreateAlias
43// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html)
44// on the KMS key (key policy).
45//
46// For details, see Controlling access to aliases
47// (https://docs.aws.amazon.com/kms/latest/developerguide/kms-alias.html#alias-access)
48// in the Key Management Service Developer Guide. Related operations:
49//
50// *
51// DeleteAlias
52//
53// * ListAliases
54//
55// * UpdateAlias
56func (c *Client) CreateAlias(ctx context.Context, params *CreateAliasInput, optFns ...func(*Options)) (*CreateAliasOutput, error) {
57	if params == nil {
58		params = &CreateAliasInput{}
59	}
60
61	result, metadata, err := c.invokeOperation(ctx, "CreateAlias", params, optFns, c.addOperationCreateAliasMiddlewares)
62	if err != nil {
63		return nil, err
64	}
65
66	out := result.(*CreateAliasOutput)
67	out.ResultMetadata = metadata
68	return out, nil
69}
70
71type CreateAliasInput struct {
72
73	// Specifies the alias name. This value must begin with alias/ followed by a name,
74	// such as alias/ExampleAlias. The AliasName value must be string of 1-256
75	// characters. It can contain only alphanumeric characters, forward slashes (/),
76	// underscores (_), and dashes (-). The alias name cannot begin with alias/aws/.
77	// The alias/aws/ prefix is reserved for Amazon Web Services managed keys
78	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#aws-managed-cmk).
79	//
80	// This member is required.
81	AliasName *string
82
83	// Associates the alias with the specified customer managed key
84	// (https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#customer-cmk).
85	// The KMS key must be in the same Amazon Web Services Region. A valid key ID is
86	// required. If you supply a null or empty string value, this operation returns an
87	// error. For help finding the key ID and ARN, see Finding the Key ID and ARN
88	// (https://docs.aws.amazon.com/kms/latest/developerguide/viewing-keys.html#find-cmk-id-arn)
89	// in the Key Management Service Developer Guide . Specify the key ID or key ARN of
90	// the KMS key. For example:
91	//
92	// * Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
93	//
94	// * Key
95	// ARN:
96	// arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
97	//
98	// To
99	// get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.
100	//
101	// This member is required.
102	TargetKeyId *string
103
104	noSmithyDocumentSerde
105}
106
107type CreateAliasOutput struct {
108	// Metadata pertaining to the operation's result.
109	ResultMetadata middleware.Metadata
110
111	noSmithyDocumentSerde
112}
113
114func (c *Client) addOperationCreateAliasMiddlewares(stack *middleware.Stack, options Options) (err error) {
115	err = stack.Serialize.Add(&awsAwsjson11_serializeOpCreateAlias{}, middleware.After)
116	if err != nil {
117		return err
118	}
119	err = stack.Deserialize.Add(&awsAwsjson11_deserializeOpCreateAlias{}, middleware.After)
120	if err != nil {
121		return err
122	}
123	if err = addSetLoggerMiddleware(stack, options); err != nil {
124		return err
125	}
126	if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
127		return err
128	}
129	if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
130		return err
131	}
132	if err = addResolveEndpointMiddleware(stack, options); err != nil {
133		return err
134	}
135	if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
136		return err
137	}
138	if err = addRetryMiddlewares(stack, options); err != nil {
139		return err
140	}
141	if err = addHTTPSignerV4Middleware(stack, options); err != nil {
142		return err
143	}
144	if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
145		return err
146	}
147	if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
148		return err
149	}
150	if err = addClientUserAgent(stack); err != nil {
151		return err
152	}
153	if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
154		return err
155	}
156	if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
157		return err
158	}
159	if err = addOpCreateAliasValidationMiddleware(stack); err != nil {
160		return err
161	}
162	if err = stack.Initialize.Add(newServiceMetadataMiddleware_opCreateAlias(options.Region), middleware.Before); err != nil {
163		return err
164	}
165	if err = addRequestIDRetrieverMiddleware(stack); err != nil {
166		return err
167	}
168	if err = addResponseErrorMiddleware(stack); err != nil {
169		return err
170	}
171	if err = addRequestResponseLogging(stack, options); err != nil {
172		return err
173	}
174	return nil
175}
176
177func newServiceMetadataMiddleware_opCreateAlias(region string) *awsmiddleware.RegisterServiceMetadata {
178	return &awsmiddleware.RegisterServiceMetadata{
179		Region:        region,
180		ServiceID:     ServiceID,
181		SigningName:   "kms",
182		OperationName: "CreateAlias",
183	}
184}
185