1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT.
2
3package kms_test
4
5import (
6	"fmt"
7	"strings"
8	"time"
9
10	"github.com/aws/aws-sdk-go/aws"
11	"github.com/aws/aws-sdk-go/aws/awserr"
12	"github.com/aws/aws-sdk-go/aws/session"
13	"github.com/aws/aws-sdk-go/service/kms"
14)
15
16var _ time.Duration
17var _ strings.Reader
18var _ aws.Config
19
20func parseTime(layout, value string) *time.Time {
21	t, err := time.Parse(layout, value)
22	if err != nil {
23		panic(err)
24	}
25	return &t
26}
27
28// To cancel deletion of a customer master key (CMK)
29//
30// The following example cancels deletion of the specified CMK.
31func ExampleKMS_CancelKeyDeletion_shared00() {
32	svc := kms.New(session.New())
33	input := &kms.CancelKeyDeletionInput{
34		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
35	}
36
37	result, err := svc.CancelKeyDeletion(input)
38	if err != nil {
39		if aerr, ok := err.(awserr.Error); ok {
40			switch aerr.Code() {
41			case kms.ErrCodeNotFoundException:
42				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
43			case kms.ErrCodeInvalidArnException:
44				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
45			case kms.ErrCodeDependencyTimeoutException:
46				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
47			case kms.ErrCodeInternalException:
48				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
49			case kms.ErrCodeInvalidStateException:
50				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
51			default:
52				fmt.Println(aerr.Error())
53			}
54		} else {
55			// Print the error, cast err to awserr.Error to get the Code and
56			// Message from an error.
57			fmt.Println(err.Error())
58		}
59		return
60	}
61
62	fmt.Println(result)
63}
64
65// To create an alias
66//
67// The following example creates an alias for the specified customer master key (CMK).
68func ExampleKMS_CreateAlias_shared00() {
69	svc := kms.New(session.New())
70	input := &kms.CreateAliasInput{
71		AliasName:   aws.String("alias/ExampleAlias"),
72		TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
73	}
74
75	result, err := svc.CreateAlias(input)
76	if err != nil {
77		if aerr, ok := err.(awserr.Error); ok {
78			switch aerr.Code() {
79			case kms.ErrCodeDependencyTimeoutException:
80				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
81			case kms.ErrCodeAlreadyExistsException:
82				fmt.Println(kms.ErrCodeAlreadyExistsException, aerr.Error())
83			case kms.ErrCodeNotFoundException:
84				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
85			case kms.ErrCodeInvalidAliasNameException:
86				fmt.Println(kms.ErrCodeInvalidAliasNameException, aerr.Error())
87			case kms.ErrCodeInternalException:
88				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
89			case kms.ErrCodeLimitExceededException:
90				fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
91			case kms.ErrCodeInvalidStateException:
92				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
93			default:
94				fmt.Println(aerr.Error())
95			}
96		} else {
97			// Print the error, cast err to awserr.Error to get the Code and
98			// Message from an error.
99			fmt.Println(err.Error())
100		}
101		return
102	}
103
104	fmt.Println(result)
105}
106
107// To create a grant
108//
109// The following example creates a grant that allows the specified IAM role to encrypt
110// data with the specified customer master key (CMK).
111func ExampleKMS_CreateGrant_shared00() {
112	svc := kms.New(session.New())
113	input := &kms.CreateGrantInput{
114		GranteePrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"),
115		KeyId:            aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"),
116		Operations: []*string{
117			aws.String("Encrypt"),
118			aws.String("Decrypt"),
119		},
120	}
121
122	result, err := svc.CreateGrant(input)
123	if err != nil {
124		if aerr, ok := err.(awserr.Error); ok {
125			switch aerr.Code() {
126			case kms.ErrCodeNotFoundException:
127				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
128			case kms.ErrCodeDisabledException:
129				fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
130			case kms.ErrCodeDependencyTimeoutException:
131				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
132			case kms.ErrCodeInvalidArnException:
133				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
134			case kms.ErrCodeInternalException:
135				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
136			case kms.ErrCodeInvalidGrantTokenException:
137				fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
138			case kms.ErrCodeLimitExceededException:
139				fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
140			case kms.ErrCodeInvalidStateException:
141				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
142			default:
143				fmt.Println(aerr.Error())
144			}
145		} else {
146			// Print the error, cast err to awserr.Error to get the Code and
147			// Message from an error.
148			fmt.Println(err.Error())
149		}
150		return
151	}
152
153	fmt.Println(result)
154}
155
156// To create a customer master key (CMK)
157//
158// The following example creates a CMK.
159func ExampleKMS_CreateKey_shared00() {
160	svc := kms.New(session.New())
161	input := &kms.CreateKeyInput{
162		Tags: []*kms.Tag{
163			{
164				TagKey:   aws.String("CreatedBy"),
165				TagValue: aws.String("ExampleUser"),
166			},
167		},
168	}
169
170	result, err := svc.CreateKey(input)
171	if err != nil {
172		if aerr, ok := err.(awserr.Error); ok {
173			switch aerr.Code() {
174			case kms.ErrCodeMalformedPolicyDocumentException:
175				fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error())
176			case kms.ErrCodeDependencyTimeoutException:
177				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
178			case kms.ErrCodeInvalidArnException:
179				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
180			case kms.ErrCodeUnsupportedOperationException:
181				fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
182			case kms.ErrCodeInternalException:
183				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
184			case kms.ErrCodeLimitExceededException:
185				fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
186			case kms.ErrCodeTagException:
187				fmt.Println(kms.ErrCodeTagException, aerr.Error())
188			default:
189				fmt.Println(aerr.Error())
190			}
191		} else {
192			// Print the error, cast err to awserr.Error to get the Code and
193			// Message from an error.
194			fmt.Println(err.Error())
195		}
196		return
197	}
198
199	fmt.Println(result)
200}
201
202// To decrypt data
203//
204// The following example decrypts data that was encrypted with a customer master key
205// (CMK) in AWS KMS.
206func ExampleKMS_Decrypt_shared00() {
207	svc := kms.New(session.New())
208	input := &kms.DecryptInput{
209		CiphertextBlob: []byte("<binary data>"),
210	}
211
212	result, err := svc.Decrypt(input)
213	if err != nil {
214		if aerr, ok := err.(awserr.Error); ok {
215			switch aerr.Code() {
216			case kms.ErrCodeNotFoundException:
217				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
218			case kms.ErrCodeDisabledException:
219				fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
220			case kms.ErrCodeInvalidCiphertextException:
221				fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error())
222			case kms.ErrCodeKeyUnavailableException:
223				fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
224			case kms.ErrCodeDependencyTimeoutException:
225				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
226			case kms.ErrCodeInvalidGrantTokenException:
227				fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
228			case kms.ErrCodeInternalException:
229				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
230			case kms.ErrCodeInvalidStateException:
231				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
232			default:
233				fmt.Println(aerr.Error())
234			}
235		} else {
236			// Print the error, cast err to awserr.Error to get the Code and
237			// Message from an error.
238			fmt.Println(err.Error())
239		}
240		return
241	}
242
243	fmt.Println(result)
244}
245
246// To delete an alias
247//
248// The following example deletes the specified alias.
249func ExampleKMS_DeleteAlias_shared00() {
250	svc := kms.New(session.New())
251	input := &kms.DeleteAliasInput{
252		AliasName: aws.String("alias/ExampleAlias"),
253	}
254
255	result, err := svc.DeleteAlias(input)
256	if err != nil {
257		if aerr, ok := err.(awserr.Error); ok {
258			switch aerr.Code() {
259			case kms.ErrCodeDependencyTimeoutException:
260				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
261			case kms.ErrCodeNotFoundException:
262				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
263			case kms.ErrCodeInternalException:
264				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
265			case kms.ErrCodeInvalidStateException:
266				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
267			default:
268				fmt.Println(aerr.Error())
269			}
270		} else {
271			// Print the error, cast err to awserr.Error to get the Code and
272			// Message from an error.
273			fmt.Println(err.Error())
274		}
275		return
276	}
277
278	fmt.Println(result)
279}
280
281// To delete imported key material
282//
283// The following example deletes the imported key material from the specified customer
284// master key (CMK).
285func ExampleKMS_DeleteImportedKeyMaterial_shared00() {
286	svc := kms.New(session.New())
287	input := &kms.DeleteImportedKeyMaterialInput{
288		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
289	}
290
291	result, err := svc.DeleteImportedKeyMaterial(input)
292	if err != nil {
293		if aerr, ok := err.(awserr.Error); ok {
294			switch aerr.Code() {
295			case kms.ErrCodeInvalidArnException:
296				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
297			case kms.ErrCodeUnsupportedOperationException:
298				fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
299			case kms.ErrCodeDependencyTimeoutException:
300				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
301			case kms.ErrCodeNotFoundException:
302				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
303			case kms.ErrCodeInternalException:
304				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
305			case kms.ErrCodeInvalidStateException:
306				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
307			default:
308				fmt.Println(aerr.Error())
309			}
310		} else {
311			// Print the error, cast err to awserr.Error to get the Code and
312			// Message from an error.
313			fmt.Println(err.Error())
314		}
315		return
316	}
317
318	fmt.Println(result)
319}
320
321// To obtain information about a customer master key (CMK)
322//
323// The following example returns information (metadata) about the specified CMK.
324func ExampleKMS_DescribeKey_shared00() {
325	svc := kms.New(session.New())
326	input := &kms.DescribeKeyInput{
327		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
328	}
329
330	result, err := svc.DescribeKey(input)
331	if err != nil {
332		if aerr, ok := err.(awserr.Error); ok {
333			switch aerr.Code() {
334			case kms.ErrCodeNotFoundException:
335				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
336			case kms.ErrCodeInvalidArnException:
337				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
338			case kms.ErrCodeDependencyTimeoutException:
339				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
340			case kms.ErrCodeInternalException:
341				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
342			default:
343				fmt.Println(aerr.Error())
344			}
345		} else {
346			// Print the error, cast err to awserr.Error to get the Code and
347			// Message from an error.
348			fmt.Println(err.Error())
349		}
350		return
351	}
352
353	fmt.Println(result)
354}
355
356// To disable a customer master key (CMK)
357//
358// The following example disables the specified CMK.
359func ExampleKMS_DisableKey_shared00() {
360	svc := kms.New(session.New())
361	input := &kms.DisableKeyInput{
362		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
363	}
364
365	result, err := svc.DisableKey(input)
366	if err != nil {
367		if aerr, ok := err.(awserr.Error); ok {
368			switch aerr.Code() {
369			case kms.ErrCodeNotFoundException:
370				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
371			case kms.ErrCodeInvalidArnException:
372				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
373			case kms.ErrCodeDependencyTimeoutException:
374				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
375			case kms.ErrCodeInternalException:
376				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
377			case kms.ErrCodeInvalidStateException:
378				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
379			default:
380				fmt.Println(aerr.Error())
381			}
382		} else {
383			// Print the error, cast err to awserr.Error to get the Code and
384			// Message from an error.
385			fmt.Println(err.Error())
386		}
387		return
388	}
389
390	fmt.Println(result)
391}
392
393// To disable automatic rotation of key material
394//
395// The following example disables automatic annual rotation of the key material for
396// the specified CMK.
397func ExampleKMS_DisableKeyRotation_shared00() {
398	svc := kms.New(session.New())
399	input := &kms.DisableKeyRotationInput{
400		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
401	}
402
403	result, err := svc.DisableKeyRotation(input)
404	if err != nil {
405		if aerr, ok := err.(awserr.Error); ok {
406			switch aerr.Code() {
407			case kms.ErrCodeNotFoundException:
408				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
409			case kms.ErrCodeDisabledException:
410				fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
411			case kms.ErrCodeInvalidArnException:
412				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
413			case kms.ErrCodeDependencyTimeoutException:
414				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
415			case kms.ErrCodeInternalException:
416				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
417			case kms.ErrCodeInvalidStateException:
418				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
419			case kms.ErrCodeUnsupportedOperationException:
420				fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
421			default:
422				fmt.Println(aerr.Error())
423			}
424		} else {
425			// Print the error, cast err to awserr.Error to get the Code and
426			// Message from an error.
427			fmt.Println(err.Error())
428		}
429		return
430	}
431
432	fmt.Println(result)
433}
434
435// To enable a customer master key (CMK)
436//
437// The following example enables the specified CMK.
438func ExampleKMS_EnableKey_shared00() {
439	svc := kms.New(session.New())
440	input := &kms.EnableKeyInput{
441		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
442	}
443
444	result, err := svc.EnableKey(input)
445	if err != nil {
446		if aerr, ok := err.(awserr.Error); ok {
447			switch aerr.Code() {
448			case kms.ErrCodeNotFoundException:
449				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
450			case kms.ErrCodeInvalidArnException:
451				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
452			case kms.ErrCodeDependencyTimeoutException:
453				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
454			case kms.ErrCodeInternalException:
455				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
456			case kms.ErrCodeLimitExceededException:
457				fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
458			case kms.ErrCodeInvalidStateException:
459				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
460			default:
461				fmt.Println(aerr.Error())
462			}
463		} else {
464			// Print the error, cast err to awserr.Error to get the Code and
465			// Message from an error.
466			fmt.Println(err.Error())
467		}
468		return
469	}
470
471	fmt.Println(result)
472}
473
474// To enable automatic rotation of key material
475//
476// The following example enables automatic annual rotation of the key material for the
477// specified CMK.
478func ExampleKMS_EnableKeyRotation_shared00() {
479	svc := kms.New(session.New())
480	input := &kms.EnableKeyRotationInput{
481		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
482	}
483
484	result, err := svc.EnableKeyRotation(input)
485	if err != nil {
486		if aerr, ok := err.(awserr.Error); ok {
487			switch aerr.Code() {
488			case kms.ErrCodeNotFoundException:
489				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
490			case kms.ErrCodeDisabledException:
491				fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
492			case kms.ErrCodeInvalidArnException:
493				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
494			case kms.ErrCodeDependencyTimeoutException:
495				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
496			case kms.ErrCodeInternalException:
497				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
498			case kms.ErrCodeInvalidStateException:
499				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
500			case kms.ErrCodeUnsupportedOperationException:
501				fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
502			default:
503				fmt.Println(aerr.Error())
504			}
505		} else {
506			// Print the error, cast err to awserr.Error to get the Code and
507			// Message from an error.
508			fmt.Println(err.Error())
509		}
510		return
511	}
512
513	fmt.Println(result)
514}
515
516// To encrypt data
517//
518// The following example encrypts data with the specified customer master key (CMK).
519func ExampleKMS_Encrypt_shared00() {
520	svc := kms.New(session.New())
521	input := &kms.EncryptInput{
522		KeyId:     aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
523		Plaintext: []byte("<binary data>"),
524	}
525
526	result, err := svc.Encrypt(input)
527	if err != nil {
528		if aerr, ok := err.(awserr.Error); ok {
529			switch aerr.Code() {
530			case kms.ErrCodeNotFoundException:
531				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
532			case kms.ErrCodeDisabledException:
533				fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
534			case kms.ErrCodeKeyUnavailableException:
535				fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
536			case kms.ErrCodeDependencyTimeoutException:
537				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
538			case kms.ErrCodeInvalidKeyUsageException:
539				fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error())
540			case kms.ErrCodeInvalidGrantTokenException:
541				fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
542			case kms.ErrCodeInternalException:
543				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
544			case kms.ErrCodeInvalidStateException:
545				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
546			default:
547				fmt.Println(aerr.Error())
548			}
549		} else {
550			// Print the error, cast err to awserr.Error to get the Code and
551			// Message from an error.
552			fmt.Println(err.Error())
553		}
554		return
555	}
556
557	fmt.Println(result)
558}
559
560// To generate a data key
561//
562// The following example generates a 256-bit symmetric data encryption key (data key)
563// in two formats. One is the unencrypted (plainext) data key, and the other is the
564// data key encrypted with the specified customer master key (CMK).
565func ExampleKMS_GenerateDataKey_shared00() {
566	svc := kms.New(session.New())
567	input := &kms.GenerateDataKeyInput{
568		KeyId:   aws.String("alias/ExampleAlias"),
569		KeySpec: aws.String("AES_256"),
570	}
571
572	result, err := svc.GenerateDataKey(input)
573	if err != nil {
574		if aerr, ok := err.(awserr.Error); ok {
575			switch aerr.Code() {
576			case kms.ErrCodeNotFoundException:
577				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
578			case kms.ErrCodeDisabledException:
579				fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
580			case kms.ErrCodeKeyUnavailableException:
581				fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
582			case kms.ErrCodeDependencyTimeoutException:
583				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
584			case kms.ErrCodeInvalidKeyUsageException:
585				fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error())
586			case kms.ErrCodeInvalidGrantTokenException:
587				fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
588			case kms.ErrCodeInternalException:
589				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
590			case kms.ErrCodeInvalidStateException:
591				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
592			default:
593				fmt.Println(aerr.Error())
594			}
595		} else {
596			// Print the error, cast err to awserr.Error to get the Code and
597			// Message from an error.
598			fmt.Println(err.Error())
599		}
600		return
601	}
602
603	fmt.Println(result)
604}
605
606// To generate an encrypted data key
607//
608// The following example generates an encrypted copy of a 256-bit symmetric data encryption
609// key (data key). The data key is encrypted with the specified customer master key
610// (CMK).
611func ExampleKMS_GenerateDataKeyWithoutPlaintext_shared00() {
612	svc := kms.New(session.New())
613	input := &kms.GenerateDataKeyWithoutPlaintextInput{
614		KeyId:   aws.String("alias/ExampleAlias"),
615		KeySpec: aws.String("AES_256"),
616	}
617
618	result, err := svc.GenerateDataKeyWithoutPlaintext(input)
619	if err != nil {
620		if aerr, ok := err.(awserr.Error); ok {
621			switch aerr.Code() {
622			case kms.ErrCodeNotFoundException:
623				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
624			case kms.ErrCodeDisabledException:
625				fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
626			case kms.ErrCodeKeyUnavailableException:
627				fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
628			case kms.ErrCodeDependencyTimeoutException:
629				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
630			case kms.ErrCodeInvalidKeyUsageException:
631				fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error())
632			case kms.ErrCodeInvalidGrantTokenException:
633				fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
634			case kms.ErrCodeInternalException:
635				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
636			case kms.ErrCodeInvalidStateException:
637				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
638			default:
639				fmt.Println(aerr.Error())
640			}
641		} else {
642			// Print the error, cast err to awserr.Error to get the Code and
643			// Message from an error.
644			fmt.Println(err.Error())
645		}
646		return
647	}
648
649	fmt.Println(result)
650}
651
652// To generate random data
653//
654// The following example uses AWS KMS to generate 32 bytes of random data.
655func ExampleKMS_GenerateRandom_shared00() {
656	svc := kms.New(session.New())
657	input := &kms.GenerateRandomInput{
658		NumberOfBytes: aws.Int64(32),
659	}
660
661	result, err := svc.GenerateRandom(input)
662	if err != nil {
663		if aerr, ok := err.(awserr.Error); ok {
664			switch aerr.Code() {
665			case kms.ErrCodeDependencyTimeoutException:
666				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
667			case kms.ErrCodeInternalException:
668				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
669			default:
670				fmt.Println(aerr.Error())
671			}
672		} else {
673			// Print the error, cast err to awserr.Error to get the Code and
674			// Message from an error.
675			fmt.Println(err.Error())
676		}
677		return
678	}
679
680	fmt.Println(result)
681}
682
683// To retrieve a key policy
684//
685// The following example retrieves the key policy for the specified customer master
686// key (CMK).
687func ExampleKMS_GetKeyPolicy_shared00() {
688	svc := kms.New(session.New())
689	input := &kms.GetKeyPolicyInput{
690		KeyId:      aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
691		PolicyName: aws.String("default"),
692	}
693
694	result, err := svc.GetKeyPolicy(input)
695	if err != nil {
696		if aerr, ok := err.(awserr.Error); ok {
697			switch aerr.Code() {
698			case kms.ErrCodeNotFoundException:
699				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
700			case kms.ErrCodeInvalidArnException:
701				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
702			case kms.ErrCodeDependencyTimeoutException:
703				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
704			case kms.ErrCodeInternalException:
705				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
706			case kms.ErrCodeInvalidStateException:
707				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
708			default:
709				fmt.Println(aerr.Error())
710			}
711		} else {
712			// Print the error, cast err to awserr.Error to get the Code and
713			// Message from an error.
714			fmt.Println(err.Error())
715		}
716		return
717	}
718
719	fmt.Println(result)
720}
721
722// To retrieve the rotation status for a customer master key (CMK)
723//
724// The following example retrieves the status of automatic annual rotation of the key
725// material for the specified CMK.
726func ExampleKMS_GetKeyRotationStatus_shared00() {
727	svc := kms.New(session.New())
728	input := &kms.GetKeyRotationStatusInput{
729		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
730	}
731
732	result, err := svc.GetKeyRotationStatus(input)
733	if err != nil {
734		if aerr, ok := err.(awserr.Error); ok {
735			switch aerr.Code() {
736			case kms.ErrCodeNotFoundException:
737				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
738			case kms.ErrCodeInvalidArnException:
739				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
740			case kms.ErrCodeDependencyTimeoutException:
741				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
742			case kms.ErrCodeInternalException:
743				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
744			case kms.ErrCodeInvalidStateException:
745				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
746			case kms.ErrCodeUnsupportedOperationException:
747				fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
748			default:
749				fmt.Println(aerr.Error())
750			}
751		} else {
752			// Print the error, cast err to awserr.Error to get the Code and
753			// Message from an error.
754			fmt.Println(err.Error())
755		}
756		return
757	}
758
759	fmt.Println(result)
760}
761
762// To retrieve the public key and import token for a customer master key (CMK)
763//
764// The following example retrieves the public key and import token for the specified
765// CMK.
766func ExampleKMS_GetParametersForImport_shared00() {
767	svc := kms.New(session.New())
768	input := &kms.GetParametersForImportInput{
769		KeyId:             aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
770		WrappingAlgorithm: aws.String("RSAES_OAEP_SHA_1"),
771		WrappingKeySpec:   aws.String("RSA_2048"),
772	}
773
774	result, err := svc.GetParametersForImport(input)
775	if err != nil {
776		if aerr, ok := err.(awserr.Error); ok {
777			switch aerr.Code() {
778			case kms.ErrCodeInvalidArnException:
779				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
780			case kms.ErrCodeUnsupportedOperationException:
781				fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
782			case kms.ErrCodeDependencyTimeoutException:
783				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
784			case kms.ErrCodeNotFoundException:
785				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
786			case kms.ErrCodeInternalException:
787				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
788			case kms.ErrCodeInvalidStateException:
789				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
790			default:
791				fmt.Println(aerr.Error())
792			}
793		} else {
794			// Print the error, cast err to awserr.Error to get the Code and
795			// Message from an error.
796			fmt.Println(err.Error())
797		}
798		return
799	}
800
801	fmt.Println(result)
802}
803
804// To import key material into a customer master key (CMK)
805//
806// The following example imports key material into the specified CMK.
807func ExampleKMS_ImportKeyMaterial_shared00() {
808	svc := kms.New(session.New())
809	input := &kms.ImportKeyMaterialInput{
810		EncryptedKeyMaterial: []byte("<binary data>"),
811		ExpirationModel:      aws.String("KEY_MATERIAL_DOES_NOT_EXPIRE"),
812		ImportToken:          []byte("<binary data>"),
813		KeyId:                aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
814	}
815
816	result, err := svc.ImportKeyMaterial(input)
817	if err != nil {
818		if aerr, ok := err.(awserr.Error); ok {
819			switch aerr.Code() {
820			case kms.ErrCodeInvalidArnException:
821				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
822			case kms.ErrCodeUnsupportedOperationException:
823				fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
824			case kms.ErrCodeDependencyTimeoutException:
825				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
826			case kms.ErrCodeNotFoundException:
827				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
828			case kms.ErrCodeInternalException:
829				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
830			case kms.ErrCodeInvalidStateException:
831				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
832			case kms.ErrCodeInvalidCiphertextException:
833				fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error())
834			case kms.ErrCodeIncorrectKeyMaterialException:
835				fmt.Println(kms.ErrCodeIncorrectKeyMaterialException, aerr.Error())
836			case kms.ErrCodeExpiredImportTokenException:
837				fmt.Println(kms.ErrCodeExpiredImportTokenException, aerr.Error())
838			case kms.ErrCodeInvalidImportTokenException:
839				fmt.Println(kms.ErrCodeInvalidImportTokenException, aerr.Error())
840			default:
841				fmt.Println(aerr.Error())
842			}
843		} else {
844			// Print the error, cast err to awserr.Error to get the Code and
845			// Message from an error.
846			fmt.Println(err.Error())
847		}
848		return
849	}
850
851	fmt.Println(result)
852}
853
854// To list aliases
855//
856// The following example lists aliases.
857func ExampleKMS_ListAliases_shared00() {
858	svc := kms.New(session.New())
859	input := &kms.ListAliasesInput{}
860
861	result, err := svc.ListAliases(input)
862	if err != nil {
863		if aerr, ok := err.(awserr.Error); ok {
864			switch aerr.Code() {
865			case kms.ErrCodeDependencyTimeoutException:
866				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
867			case kms.ErrCodeInvalidMarkerException:
868				fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
869			case kms.ErrCodeInternalException:
870				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
871			default:
872				fmt.Println(aerr.Error())
873			}
874		} else {
875			// Print the error, cast err to awserr.Error to get the Code and
876			// Message from an error.
877			fmt.Println(err.Error())
878		}
879		return
880	}
881
882	fmt.Println(result)
883}
884
885// To list grants for a customer master key (CMK)
886//
887// The following example lists grants for the specified CMK.
888func ExampleKMS_ListGrants_shared00() {
889	svc := kms.New(session.New())
890	input := &kms.ListGrantsInput{
891		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
892	}
893
894	result, err := svc.ListGrants(input)
895	if err != nil {
896		if aerr, ok := err.(awserr.Error); ok {
897			switch aerr.Code() {
898			case kms.ErrCodeNotFoundException:
899				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
900			case kms.ErrCodeDependencyTimeoutException:
901				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
902			case kms.ErrCodeInvalidMarkerException:
903				fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
904			case kms.ErrCodeInvalidArnException:
905				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
906			case kms.ErrCodeInternalException:
907				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
908			case kms.ErrCodeInvalidStateException:
909				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
910			default:
911				fmt.Println(aerr.Error())
912			}
913		} else {
914			// Print the error, cast err to awserr.Error to get the Code and
915			// Message from an error.
916			fmt.Println(err.Error())
917		}
918		return
919	}
920
921	fmt.Println(result)
922}
923
924// To list key policies for a customer master key (CMK)
925//
926// The following example lists key policies for the specified CMK.
927func ExampleKMS_ListKeyPolicies_shared00() {
928	svc := kms.New(session.New())
929	input := &kms.ListKeyPoliciesInput{
930		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
931	}
932
933	result, err := svc.ListKeyPolicies(input)
934	if err != nil {
935		if aerr, ok := err.(awserr.Error); ok {
936			switch aerr.Code() {
937			case kms.ErrCodeNotFoundException:
938				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
939			case kms.ErrCodeInvalidArnException:
940				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
941			case kms.ErrCodeDependencyTimeoutException:
942				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
943			case kms.ErrCodeInternalException:
944				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
945			case kms.ErrCodeInvalidStateException:
946				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
947			default:
948				fmt.Println(aerr.Error())
949			}
950		} else {
951			// Print the error, cast err to awserr.Error to get the Code and
952			// Message from an error.
953			fmt.Println(err.Error())
954		}
955		return
956	}
957
958	fmt.Println(result)
959}
960
961// To list customer master keys (CMKs)
962//
963// The following example lists CMKs.
964func ExampleKMS_ListKeys_shared00() {
965	svc := kms.New(session.New())
966	input := &kms.ListKeysInput{}
967
968	result, err := svc.ListKeys(input)
969	if err != nil {
970		if aerr, ok := err.(awserr.Error); ok {
971			switch aerr.Code() {
972			case kms.ErrCodeDependencyTimeoutException:
973				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
974			case kms.ErrCodeInternalException:
975				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
976			case kms.ErrCodeInvalidMarkerException:
977				fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
978			default:
979				fmt.Println(aerr.Error())
980			}
981		} else {
982			// Print the error, cast err to awserr.Error to get the Code and
983			// Message from an error.
984			fmt.Println(err.Error())
985		}
986		return
987	}
988
989	fmt.Println(result)
990}
991
992// To list tags for a customer master key (CMK)
993//
994// The following example lists tags for a CMK.
995func ExampleKMS_ListResourceTags_shared00() {
996	svc := kms.New(session.New())
997	input := &kms.ListResourceTagsInput{
998		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
999	}
1000
1001	result, err := svc.ListResourceTags(input)
1002	if err != nil {
1003		if aerr, ok := err.(awserr.Error); ok {
1004			switch aerr.Code() {
1005			case kms.ErrCodeInternalException:
1006				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1007			case kms.ErrCodeNotFoundException:
1008				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1009			case kms.ErrCodeInvalidArnException:
1010				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
1011			case kms.ErrCodeInvalidMarkerException:
1012				fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
1013			default:
1014				fmt.Println(aerr.Error())
1015			}
1016		} else {
1017			// Print the error, cast err to awserr.Error to get the Code and
1018			// Message from an error.
1019			fmt.Println(err.Error())
1020		}
1021		return
1022	}
1023
1024	fmt.Println(result)
1025}
1026
1027// To list grants that the specified principal can retire
1028//
1029// The following example lists the grants that the specified principal (identity) can
1030// retire.
1031func ExampleKMS_ListRetirableGrants_shared00() {
1032	svc := kms.New(session.New())
1033	input := &kms.ListRetirableGrantsInput{
1034		RetiringPrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"),
1035	}
1036
1037	result, err := svc.ListRetirableGrants(input)
1038	if err != nil {
1039		if aerr, ok := err.(awserr.Error); ok {
1040			switch aerr.Code() {
1041			case kms.ErrCodeDependencyTimeoutException:
1042				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
1043			case kms.ErrCodeInvalidMarkerException:
1044				fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error())
1045			case kms.ErrCodeInvalidArnException:
1046				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
1047			case kms.ErrCodeNotFoundException:
1048				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1049			case kms.ErrCodeInternalException:
1050				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1051			default:
1052				fmt.Println(aerr.Error())
1053			}
1054		} else {
1055			// Print the error, cast err to awserr.Error to get the Code and
1056			// Message from an error.
1057			fmt.Println(err.Error())
1058		}
1059		return
1060	}
1061
1062	fmt.Println(result)
1063}
1064
1065// To attach a key policy to a customer master key (CMK)
1066//
1067// The following example attaches a key policy to the specified CMK.
1068func ExampleKMS_PutKeyPolicy_shared00() {
1069	svc := kms.New(session.New())
1070	input := &kms.PutKeyPolicyInput{
1071		KeyId:      aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
1072		Policy:     aws.String("{\n    \"Version\": \"2012-10-17\",\n    \"Id\": \"custom-policy-2016-12-07\",\n    \"Statement\": [\n        {\n            \"Sid\": \"Enable IAM User Permissions\",\n            \"Effect\": \"Allow\",\n            \"Principal\": {\n                \"AWS\": \"arn:aws:iam::111122223333:root\"\n            },\n            \"Action\": \"kms:*\",\n            \"Resource\": \"*\"\n        },\n        {\n            \"Sid\": \"Allow access for Key Administrators\",\n            \"Effect\": \"Allow\",\n            \"Principal\": {\n                \"AWS\": [\n                    \"arn:aws:iam::111122223333:user/ExampleAdminUser\",\n                    \"arn:aws:iam::111122223333:role/ExampleAdminRole\"\n                ]\n            },\n            \"Action\": [\n                \"kms:Create*\",\n                \"kms:Describe*\",\n                \"kms:Enable*\",\n                \"kms:List*\",\n                \"kms:Put*\",\n                \"kms:Update*\",\n                \"kms:Revoke*\",\n                \"kms:Disable*\",\n                \"kms:Get*\",\n                \"kms:Delete*\",\n                \"kms:ScheduleKeyDeletion\",\n                \"kms:CancelKeyDeletion\"\n            ],\n            \"Resource\": \"*\"\n        },\n        {\n            \"Sid\": \"Allow use of the key\",\n            \"Effect\": \"Allow\",\n            \"Principal\": {\n                \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n            },\n            \"Action\": [\n                \"kms:Encrypt\",\n                \"kms:Decrypt\",\n                \"kms:ReEncrypt*\",\n                \"kms:GenerateDataKey*\",\n                \"kms:DescribeKey\"\n            ],\n            \"Resource\": \"*\"\n        },\n        {\n            \"Sid\": \"Allow attachment of persistent resources\",\n            \"Effect\": \"Allow\",\n            \"Principal\": {\n                \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n            },\n            \"Action\": [\n                \"kms:CreateGrant\",\n                \"kms:ListGrants\",\n                \"kms:RevokeGrant\"\n            ],\n            \"Resource\": \"*\",\n            \"Condition\": {\n                \"Bool\": {\n                    \"kms:GrantIsForAWSResource\": \"true\"\n                }\n            }\n        }\n    ]\n}\n"),
1073		PolicyName: aws.String("default"),
1074	}
1075
1076	result, err := svc.PutKeyPolicy(input)
1077	if err != nil {
1078		if aerr, ok := err.(awserr.Error); ok {
1079			switch aerr.Code() {
1080			case kms.ErrCodeNotFoundException:
1081				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1082			case kms.ErrCodeInvalidArnException:
1083				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
1084			case kms.ErrCodeMalformedPolicyDocumentException:
1085				fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error())
1086			case kms.ErrCodeDependencyTimeoutException:
1087				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
1088			case kms.ErrCodeUnsupportedOperationException:
1089				fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error())
1090			case kms.ErrCodeInternalException:
1091				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1092			case kms.ErrCodeLimitExceededException:
1093				fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
1094			case kms.ErrCodeInvalidStateException:
1095				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
1096			default:
1097				fmt.Println(aerr.Error())
1098			}
1099		} else {
1100			// Print the error, cast err to awserr.Error to get the Code and
1101			// Message from an error.
1102			fmt.Println(err.Error())
1103		}
1104		return
1105	}
1106
1107	fmt.Println(result)
1108}
1109
1110// To reencrypt data
1111//
1112// The following example reencrypts data with the specified CMK.
1113func ExampleKMS_ReEncrypt_shared00() {
1114	svc := kms.New(session.New())
1115	input := &kms.ReEncryptInput{
1116		CiphertextBlob:   []byte("<binary data>"),
1117		DestinationKeyId: aws.String("0987dcba-09fe-87dc-65ba-ab0987654321"),
1118	}
1119
1120	result, err := svc.ReEncrypt(input)
1121	if err != nil {
1122		if aerr, ok := err.(awserr.Error); ok {
1123			switch aerr.Code() {
1124			case kms.ErrCodeNotFoundException:
1125				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1126			case kms.ErrCodeDisabledException:
1127				fmt.Println(kms.ErrCodeDisabledException, aerr.Error())
1128			case kms.ErrCodeInvalidCiphertextException:
1129				fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error())
1130			case kms.ErrCodeKeyUnavailableException:
1131				fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error())
1132			case kms.ErrCodeDependencyTimeoutException:
1133				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
1134			case kms.ErrCodeInvalidKeyUsageException:
1135				fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error())
1136			case kms.ErrCodeInvalidGrantTokenException:
1137				fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
1138			case kms.ErrCodeInternalException:
1139				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1140			case kms.ErrCodeInvalidStateException:
1141				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
1142			default:
1143				fmt.Println(aerr.Error())
1144			}
1145		} else {
1146			// Print the error, cast err to awserr.Error to get the Code and
1147			// Message from an error.
1148			fmt.Println(err.Error())
1149		}
1150		return
1151	}
1152
1153	fmt.Println(result)
1154}
1155
1156// To retire a grant
1157//
1158// The following example retires a grant.
1159func ExampleKMS_RetireGrant_shared00() {
1160	svc := kms.New(session.New())
1161	input := &kms.RetireGrantInput{
1162		GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"),
1163		KeyId:   aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"),
1164	}
1165
1166	result, err := svc.RetireGrant(input)
1167	if err != nil {
1168		if aerr, ok := err.(awserr.Error); ok {
1169			switch aerr.Code() {
1170			case kms.ErrCodeInvalidArnException:
1171				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
1172			case kms.ErrCodeInvalidGrantTokenException:
1173				fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error())
1174			case kms.ErrCodeInvalidGrantIdException:
1175				fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error())
1176			case kms.ErrCodeNotFoundException:
1177				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1178			case kms.ErrCodeDependencyTimeoutException:
1179				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
1180			case kms.ErrCodeInternalException:
1181				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1182			case kms.ErrCodeInvalidStateException:
1183				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
1184			default:
1185				fmt.Println(aerr.Error())
1186			}
1187		} else {
1188			// Print the error, cast err to awserr.Error to get the Code and
1189			// Message from an error.
1190			fmt.Println(err.Error())
1191		}
1192		return
1193	}
1194
1195	fmt.Println(result)
1196}
1197
1198// To revoke a grant
1199//
1200// The following example revokes a grant.
1201func ExampleKMS_RevokeGrant_shared00() {
1202	svc := kms.New(session.New())
1203	input := &kms.RevokeGrantInput{
1204		GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"),
1205		KeyId:   aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
1206	}
1207
1208	result, err := svc.RevokeGrant(input)
1209	if err != nil {
1210		if aerr, ok := err.(awserr.Error); ok {
1211			switch aerr.Code() {
1212			case kms.ErrCodeNotFoundException:
1213				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1214			case kms.ErrCodeDependencyTimeoutException:
1215				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
1216			case kms.ErrCodeInvalidArnException:
1217				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
1218			case kms.ErrCodeInvalidGrantIdException:
1219				fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error())
1220			case kms.ErrCodeInternalException:
1221				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1222			case kms.ErrCodeInvalidStateException:
1223				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
1224			default:
1225				fmt.Println(aerr.Error())
1226			}
1227		} else {
1228			// Print the error, cast err to awserr.Error to get the Code and
1229			// Message from an error.
1230			fmt.Println(err.Error())
1231		}
1232		return
1233	}
1234
1235	fmt.Println(result)
1236}
1237
1238// To schedule a customer master key (CMK) for deletion
1239//
1240// The following example schedules the specified CMK for deletion.
1241func ExampleKMS_ScheduleKeyDeletion_shared00() {
1242	svc := kms.New(session.New())
1243	input := &kms.ScheduleKeyDeletionInput{
1244		KeyId:               aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
1245		PendingWindowInDays: aws.Int64(7),
1246	}
1247
1248	result, err := svc.ScheduleKeyDeletion(input)
1249	if err != nil {
1250		if aerr, ok := err.(awserr.Error); ok {
1251			switch aerr.Code() {
1252			case kms.ErrCodeNotFoundException:
1253				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1254			case kms.ErrCodeInvalidArnException:
1255				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
1256			case kms.ErrCodeDependencyTimeoutException:
1257				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
1258			case kms.ErrCodeInternalException:
1259				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1260			case kms.ErrCodeInvalidStateException:
1261				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
1262			default:
1263				fmt.Println(aerr.Error())
1264			}
1265		} else {
1266			// Print the error, cast err to awserr.Error to get the Code and
1267			// Message from an error.
1268			fmt.Println(err.Error())
1269		}
1270		return
1271	}
1272
1273	fmt.Println(result)
1274}
1275
1276// To tag a customer master key (CMK)
1277//
1278// The following example tags a CMK.
1279func ExampleKMS_TagResource_shared00() {
1280	svc := kms.New(session.New())
1281	input := &kms.TagResourceInput{
1282		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
1283		Tags: []*kms.Tag{
1284			{
1285				TagKey:   aws.String("Purpose"),
1286				TagValue: aws.String("Test"),
1287			},
1288		},
1289	}
1290
1291	result, err := svc.TagResource(input)
1292	if err != nil {
1293		if aerr, ok := err.(awserr.Error); ok {
1294			switch aerr.Code() {
1295			case kms.ErrCodeInternalException:
1296				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1297			case kms.ErrCodeNotFoundException:
1298				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1299			case kms.ErrCodeInvalidArnException:
1300				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
1301			case kms.ErrCodeInvalidStateException:
1302				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
1303			case kms.ErrCodeLimitExceededException:
1304				fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error())
1305			case kms.ErrCodeTagException:
1306				fmt.Println(kms.ErrCodeTagException, aerr.Error())
1307			default:
1308				fmt.Println(aerr.Error())
1309			}
1310		} else {
1311			// Print the error, cast err to awserr.Error to get the Code and
1312			// Message from an error.
1313			fmt.Println(err.Error())
1314		}
1315		return
1316	}
1317
1318	fmt.Println(result)
1319}
1320
1321// To remove tags from a customer master key (CMK)
1322//
1323// The following example removes tags from a CMK.
1324func ExampleKMS_UntagResource_shared00() {
1325	svc := kms.New(session.New())
1326	input := &kms.UntagResourceInput{
1327		KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
1328		TagKeys: []*string{
1329			aws.String("Purpose"),
1330			aws.String("CostCenter"),
1331		},
1332	}
1333
1334	result, err := svc.UntagResource(input)
1335	if err != nil {
1336		if aerr, ok := err.(awserr.Error); ok {
1337			switch aerr.Code() {
1338			case kms.ErrCodeInternalException:
1339				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1340			case kms.ErrCodeNotFoundException:
1341				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1342			case kms.ErrCodeInvalidArnException:
1343				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
1344			case kms.ErrCodeInvalidStateException:
1345				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
1346			case kms.ErrCodeTagException:
1347				fmt.Println(kms.ErrCodeTagException, aerr.Error())
1348			default:
1349				fmt.Println(aerr.Error())
1350			}
1351		} else {
1352			// Print the error, cast err to awserr.Error to get the Code and
1353			// Message from an error.
1354			fmt.Println(err.Error())
1355		}
1356		return
1357	}
1358
1359	fmt.Println(result)
1360}
1361
1362// To update an alias
1363//
1364// The following example updates the specified alias to refer to the specified customer
1365// master key (CMK).
1366func ExampleKMS_UpdateAlias_shared00() {
1367	svc := kms.New(session.New())
1368	input := &kms.UpdateAliasInput{
1369		AliasName:   aws.String("alias/ExampleAlias"),
1370		TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
1371	}
1372
1373	result, err := svc.UpdateAlias(input)
1374	if err != nil {
1375		if aerr, ok := err.(awserr.Error); ok {
1376			switch aerr.Code() {
1377			case kms.ErrCodeDependencyTimeoutException:
1378				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
1379			case kms.ErrCodeNotFoundException:
1380				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1381			case kms.ErrCodeInternalException:
1382				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1383			case kms.ErrCodeInvalidStateException:
1384				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
1385			default:
1386				fmt.Println(aerr.Error())
1387			}
1388		} else {
1389			// Print the error, cast err to awserr.Error to get the Code and
1390			// Message from an error.
1391			fmt.Println(err.Error())
1392		}
1393		return
1394	}
1395
1396	fmt.Println(result)
1397}
1398
1399// To update the description of a customer master key (CMK)
1400//
1401// The following example updates the description of the specified CMK.
1402func ExampleKMS_UpdateKeyDescription_shared00() {
1403	svc := kms.New(session.New())
1404	input := &kms.UpdateKeyDescriptionInput{
1405		Description: aws.String("Example description that indicates the intended use of this CMK."),
1406		KeyId:       aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"),
1407	}
1408
1409	result, err := svc.UpdateKeyDescription(input)
1410	if err != nil {
1411		if aerr, ok := err.(awserr.Error); ok {
1412			switch aerr.Code() {
1413			case kms.ErrCodeNotFoundException:
1414				fmt.Println(kms.ErrCodeNotFoundException, aerr.Error())
1415			case kms.ErrCodeInvalidArnException:
1416				fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error())
1417			case kms.ErrCodeDependencyTimeoutException:
1418				fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error())
1419			case kms.ErrCodeInternalException:
1420				fmt.Println(kms.ErrCodeInternalException, aerr.Error())
1421			case kms.ErrCodeInvalidStateException:
1422				fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error())
1423			default:
1424				fmt.Println(aerr.Error())
1425			}
1426		} else {
1427			// Print the error, cast err to awserr.Error to get the Code and
1428			// Message from an error.
1429			fmt.Println(err.Error())
1430		}
1431		return
1432	}
1433
1434	fmt.Println(result)
1435}
1436