1// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3package kms_test 4 5import ( 6 "fmt" 7 "strings" 8 "time" 9 10 "github.com/aws/aws-sdk-go/aws" 11 "github.com/aws/aws-sdk-go/aws/awserr" 12 "github.com/aws/aws-sdk-go/aws/session" 13 "github.com/aws/aws-sdk-go/service/kms" 14) 15 16var _ time.Duration 17var _ strings.Reader 18var _ aws.Config 19 20func parseTime(layout, value string) *time.Time { 21 t, err := time.Parse(layout, value) 22 if err != nil { 23 panic(err) 24 } 25 return &t 26} 27 28// To cancel deletion of a customer master key (CMK) 29// 30// The following example cancels deletion of the specified CMK. 31func ExampleKMS_CancelKeyDeletion_shared00() { 32 svc := kms.New(session.New()) 33 input := &kms.CancelKeyDeletionInput{ 34 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 35 } 36 37 result, err := svc.CancelKeyDeletion(input) 38 if err != nil { 39 if aerr, ok := err.(awserr.Error); ok { 40 switch aerr.Code() { 41 case kms.ErrCodeNotFoundException: 42 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 43 case kms.ErrCodeInvalidArnException: 44 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 45 case kms.ErrCodeDependencyTimeoutException: 46 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 47 case kms.ErrCodeInternalException: 48 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 49 case kms.ErrCodeInvalidStateException: 50 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 51 default: 52 fmt.Println(aerr.Error()) 53 } 54 } else { 55 // Print the error, cast err to awserr.Error to get the Code and 56 // Message from an error. 57 fmt.Println(err.Error()) 58 } 59 return 60 } 61 62 fmt.Println(result) 63} 64 65// To create an alias 66// 67// The following example creates an alias for the specified customer master key (CMK). 68func ExampleKMS_CreateAlias_shared00() { 69 svc := kms.New(session.New()) 70 input := &kms.CreateAliasInput{ 71 AliasName: aws.String("alias/ExampleAlias"), 72 TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 73 } 74 75 result, err := svc.CreateAlias(input) 76 if err != nil { 77 if aerr, ok := err.(awserr.Error); ok { 78 switch aerr.Code() { 79 case kms.ErrCodeDependencyTimeoutException: 80 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 81 case kms.ErrCodeAlreadyExistsException: 82 fmt.Println(kms.ErrCodeAlreadyExistsException, aerr.Error()) 83 case kms.ErrCodeNotFoundException: 84 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 85 case kms.ErrCodeInvalidAliasNameException: 86 fmt.Println(kms.ErrCodeInvalidAliasNameException, aerr.Error()) 87 case kms.ErrCodeInternalException: 88 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 89 case kms.ErrCodeLimitExceededException: 90 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 91 case kms.ErrCodeInvalidStateException: 92 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 93 default: 94 fmt.Println(aerr.Error()) 95 } 96 } else { 97 // Print the error, cast err to awserr.Error to get the Code and 98 // Message from an error. 99 fmt.Println(err.Error()) 100 } 101 return 102 } 103 104 fmt.Println(result) 105} 106 107// To create a grant 108// 109// The following example creates a grant that allows the specified IAM role to encrypt 110// data with the specified customer master key (CMK). 111func ExampleKMS_CreateGrant_shared00() { 112 svc := kms.New(session.New()) 113 input := &kms.CreateGrantInput{ 114 GranteePrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"), 115 KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 116 Operations: []*string{ 117 aws.String("Encrypt"), 118 aws.String("Decrypt"), 119 }, 120 } 121 122 result, err := svc.CreateGrant(input) 123 if err != nil { 124 if aerr, ok := err.(awserr.Error); ok { 125 switch aerr.Code() { 126 case kms.ErrCodeNotFoundException: 127 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 128 case kms.ErrCodeDisabledException: 129 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 130 case kms.ErrCodeDependencyTimeoutException: 131 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 132 case kms.ErrCodeInvalidArnException: 133 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 134 case kms.ErrCodeInternalException: 135 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 136 case kms.ErrCodeInvalidGrantTokenException: 137 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 138 case kms.ErrCodeLimitExceededException: 139 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 140 case kms.ErrCodeInvalidStateException: 141 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 142 default: 143 fmt.Println(aerr.Error()) 144 } 145 } else { 146 // Print the error, cast err to awserr.Error to get the Code and 147 // Message from an error. 148 fmt.Println(err.Error()) 149 } 150 return 151 } 152 153 fmt.Println(result) 154} 155 156// To create a customer master key (CMK) 157// 158// The following example creates a CMK. 159func ExampleKMS_CreateKey_shared00() { 160 svc := kms.New(session.New()) 161 input := &kms.CreateKeyInput{ 162 Tags: []*kms.Tag{ 163 { 164 TagKey: aws.String("CreatedBy"), 165 TagValue: aws.String("ExampleUser"), 166 }, 167 }, 168 } 169 170 result, err := svc.CreateKey(input) 171 if err != nil { 172 if aerr, ok := err.(awserr.Error); ok { 173 switch aerr.Code() { 174 case kms.ErrCodeMalformedPolicyDocumentException: 175 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 176 case kms.ErrCodeDependencyTimeoutException: 177 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 178 case kms.ErrCodeInvalidArnException: 179 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 180 case kms.ErrCodeUnsupportedOperationException: 181 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 182 case kms.ErrCodeInternalException: 183 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 184 case kms.ErrCodeLimitExceededException: 185 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 186 case kms.ErrCodeTagException: 187 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 188 case kms.ErrCodeCustomKeyStoreNotFoundException: 189 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 190 case kms.ErrCodeCustomKeyStoreInvalidStateException: 191 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 192 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 193 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 194 default: 195 fmt.Println(aerr.Error()) 196 } 197 } else { 198 // Print the error, cast err to awserr.Error to get the Code and 199 // Message from an error. 200 fmt.Println(err.Error()) 201 } 202 return 203 } 204 205 fmt.Println(result) 206} 207 208// To decrypt data 209// 210// The following example decrypts data that was encrypted with a customer master key 211// (CMK) in AWS KMS. 212func ExampleKMS_Decrypt_shared00() { 213 svc := kms.New(session.New()) 214 input := &kms.DecryptInput{ 215 CiphertextBlob: []byte("<binary data>"), 216 } 217 218 result, err := svc.Decrypt(input) 219 if err != nil { 220 if aerr, ok := err.(awserr.Error); ok { 221 switch aerr.Code() { 222 case kms.ErrCodeNotFoundException: 223 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 224 case kms.ErrCodeDisabledException: 225 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 226 case kms.ErrCodeInvalidCiphertextException: 227 fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) 228 case kms.ErrCodeKeyUnavailableException: 229 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 230 case kms.ErrCodeIncorrectKeyException: 231 fmt.Println(kms.ErrCodeIncorrectKeyException, aerr.Error()) 232 case kms.ErrCodeInvalidKeyUsageException: 233 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 234 case kms.ErrCodeDependencyTimeoutException: 235 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 236 case kms.ErrCodeInvalidGrantTokenException: 237 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 238 case kms.ErrCodeInternalException: 239 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 240 case kms.ErrCodeInvalidStateException: 241 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 242 default: 243 fmt.Println(aerr.Error()) 244 } 245 } else { 246 // Print the error, cast err to awserr.Error to get the Code and 247 // Message from an error. 248 fmt.Println(err.Error()) 249 } 250 return 251 } 252 253 fmt.Println(result) 254} 255 256// To delete an alias 257// 258// The following example deletes the specified alias. 259func ExampleKMS_DeleteAlias_shared00() { 260 svc := kms.New(session.New()) 261 input := &kms.DeleteAliasInput{ 262 AliasName: aws.String("alias/ExampleAlias"), 263 } 264 265 result, err := svc.DeleteAlias(input) 266 if err != nil { 267 if aerr, ok := err.(awserr.Error); ok { 268 switch aerr.Code() { 269 case kms.ErrCodeDependencyTimeoutException: 270 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 271 case kms.ErrCodeNotFoundException: 272 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 273 case kms.ErrCodeInternalException: 274 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 275 case kms.ErrCodeInvalidStateException: 276 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 277 default: 278 fmt.Println(aerr.Error()) 279 } 280 } else { 281 // Print the error, cast err to awserr.Error to get the Code and 282 // Message from an error. 283 fmt.Println(err.Error()) 284 } 285 return 286 } 287 288 fmt.Println(result) 289} 290 291// To delete imported key material 292// 293// The following example deletes the imported key material from the specified customer 294// master key (CMK). 295func ExampleKMS_DeleteImportedKeyMaterial_shared00() { 296 svc := kms.New(session.New()) 297 input := &kms.DeleteImportedKeyMaterialInput{ 298 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 299 } 300 301 result, err := svc.DeleteImportedKeyMaterial(input) 302 if err != nil { 303 if aerr, ok := err.(awserr.Error); ok { 304 switch aerr.Code() { 305 case kms.ErrCodeInvalidArnException: 306 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 307 case kms.ErrCodeUnsupportedOperationException: 308 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 309 case kms.ErrCodeDependencyTimeoutException: 310 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 311 case kms.ErrCodeNotFoundException: 312 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 313 case kms.ErrCodeInternalException: 314 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 315 case kms.ErrCodeInvalidStateException: 316 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 317 default: 318 fmt.Println(aerr.Error()) 319 } 320 } else { 321 // Print the error, cast err to awserr.Error to get the Code and 322 // Message from an error. 323 fmt.Println(err.Error()) 324 } 325 return 326 } 327 328 fmt.Println(result) 329} 330 331// To obtain information about a customer master key (CMK) 332// 333// The following example returns information (metadata) about the specified CMK. 334func ExampleKMS_DescribeKey_shared00() { 335 svc := kms.New(session.New()) 336 input := &kms.DescribeKeyInput{ 337 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 338 } 339 340 result, err := svc.DescribeKey(input) 341 if err != nil { 342 if aerr, ok := err.(awserr.Error); ok { 343 switch aerr.Code() { 344 case kms.ErrCodeNotFoundException: 345 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 346 case kms.ErrCodeInvalidArnException: 347 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 348 case kms.ErrCodeDependencyTimeoutException: 349 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 350 case kms.ErrCodeInternalException: 351 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 352 default: 353 fmt.Println(aerr.Error()) 354 } 355 } else { 356 // Print the error, cast err to awserr.Error to get the Code and 357 // Message from an error. 358 fmt.Println(err.Error()) 359 } 360 return 361 } 362 363 fmt.Println(result) 364} 365 366// To disable a customer master key (CMK) 367// 368// The following example disables the specified CMK. 369func ExampleKMS_DisableKey_shared00() { 370 svc := kms.New(session.New()) 371 input := &kms.DisableKeyInput{ 372 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 373 } 374 375 result, err := svc.DisableKey(input) 376 if err != nil { 377 if aerr, ok := err.(awserr.Error); ok { 378 switch aerr.Code() { 379 case kms.ErrCodeNotFoundException: 380 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 381 case kms.ErrCodeInvalidArnException: 382 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 383 case kms.ErrCodeDependencyTimeoutException: 384 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 385 case kms.ErrCodeInternalException: 386 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 387 case kms.ErrCodeInvalidStateException: 388 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 389 default: 390 fmt.Println(aerr.Error()) 391 } 392 } else { 393 // Print the error, cast err to awserr.Error to get the Code and 394 // Message from an error. 395 fmt.Println(err.Error()) 396 } 397 return 398 } 399 400 fmt.Println(result) 401} 402 403// To disable automatic rotation of key material 404// 405// The following example disables automatic annual rotation of the key material for 406// the specified CMK. 407func ExampleKMS_DisableKeyRotation_shared00() { 408 svc := kms.New(session.New()) 409 input := &kms.DisableKeyRotationInput{ 410 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 411 } 412 413 result, err := svc.DisableKeyRotation(input) 414 if err != nil { 415 if aerr, ok := err.(awserr.Error); ok { 416 switch aerr.Code() { 417 case kms.ErrCodeNotFoundException: 418 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 419 case kms.ErrCodeDisabledException: 420 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 421 case kms.ErrCodeInvalidArnException: 422 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 423 case kms.ErrCodeDependencyTimeoutException: 424 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 425 case kms.ErrCodeInternalException: 426 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 427 case kms.ErrCodeInvalidStateException: 428 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 429 case kms.ErrCodeUnsupportedOperationException: 430 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 431 default: 432 fmt.Println(aerr.Error()) 433 } 434 } else { 435 // Print the error, cast err to awserr.Error to get the Code and 436 // Message from an error. 437 fmt.Println(err.Error()) 438 } 439 return 440 } 441 442 fmt.Println(result) 443} 444 445// To enable a customer master key (CMK) 446// 447// The following example enables the specified CMK. 448func ExampleKMS_EnableKey_shared00() { 449 svc := kms.New(session.New()) 450 input := &kms.EnableKeyInput{ 451 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 452 } 453 454 result, err := svc.EnableKey(input) 455 if err != nil { 456 if aerr, ok := err.(awserr.Error); ok { 457 switch aerr.Code() { 458 case kms.ErrCodeNotFoundException: 459 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 460 case kms.ErrCodeInvalidArnException: 461 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 462 case kms.ErrCodeDependencyTimeoutException: 463 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 464 case kms.ErrCodeInternalException: 465 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 466 case kms.ErrCodeLimitExceededException: 467 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 468 case kms.ErrCodeInvalidStateException: 469 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 470 default: 471 fmt.Println(aerr.Error()) 472 } 473 } else { 474 // Print the error, cast err to awserr.Error to get the Code and 475 // Message from an error. 476 fmt.Println(err.Error()) 477 } 478 return 479 } 480 481 fmt.Println(result) 482} 483 484// To enable automatic rotation of key material 485// 486// The following example enables automatic annual rotation of the key material for the 487// specified CMK. 488func ExampleKMS_EnableKeyRotation_shared00() { 489 svc := kms.New(session.New()) 490 input := &kms.EnableKeyRotationInput{ 491 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 492 } 493 494 result, err := svc.EnableKeyRotation(input) 495 if err != nil { 496 if aerr, ok := err.(awserr.Error); ok { 497 switch aerr.Code() { 498 case kms.ErrCodeNotFoundException: 499 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 500 case kms.ErrCodeDisabledException: 501 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 502 case kms.ErrCodeInvalidArnException: 503 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 504 case kms.ErrCodeDependencyTimeoutException: 505 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 506 case kms.ErrCodeInternalException: 507 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 508 case kms.ErrCodeInvalidStateException: 509 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 510 case kms.ErrCodeUnsupportedOperationException: 511 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 512 default: 513 fmt.Println(aerr.Error()) 514 } 515 } else { 516 // Print the error, cast err to awserr.Error to get the Code and 517 // Message from an error. 518 fmt.Println(err.Error()) 519 } 520 return 521 } 522 523 fmt.Println(result) 524} 525 526// To encrypt data 527// 528// The following example encrypts data with the specified customer master key (CMK). 529func ExampleKMS_Encrypt_shared00() { 530 svc := kms.New(session.New()) 531 input := &kms.EncryptInput{ 532 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 533 Plaintext: []byte("<binary data>"), 534 } 535 536 result, err := svc.Encrypt(input) 537 if err != nil { 538 if aerr, ok := err.(awserr.Error); ok { 539 switch aerr.Code() { 540 case kms.ErrCodeNotFoundException: 541 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 542 case kms.ErrCodeDisabledException: 543 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 544 case kms.ErrCodeKeyUnavailableException: 545 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 546 case kms.ErrCodeDependencyTimeoutException: 547 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 548 case kms.ErrCodeInvalidKeyUsageException: 549 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 550 case kms.ErrCodeInvalidGrantTokenException: 551 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 552 case kms.ErrCodeInternalException: 553 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 554 case kms.ErrCodeInvalidStateException: 555 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 556 default: 557 fmt.Println(aerr.Error()) 558 } 559 } else { 560 // Print the error, cast err to awserr.Error to get the Code and 561 // Message from an error. 562 fmt.Println(err.Error()) 563 } 564 return 565 } 566 567 fmt.Println(result) 568} 569 570// To generate a data key 571// 572// The following example generates a 256-bit symmetric data encryption key (data key) 573// in two formats. One is the unencrypted (plainext) data key, and the other is the 574// data key encrypted with the specified customer master key (CMK). 575func ExampleKMS_GenerateDataKey_shared00() { 576 svc := kms.New(session.New()) 577 input := &kms.GenerateDataKeyInput{ 578 KeyId: aws.String("alias/ExampleAlias"), 579 KeySpec: aws.String("AES_256"), 580 } 581 582 result, err := svc.GenerateDataKey(input) 583 if err != nil { 584 if aerr, ok := err.(awserr.Error); ok { 585 switch aerr.Code() { 586 case kms.ErrCodeNotFoundException: 587 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 588 case kms.ErrCodeDisabledException: 589 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 590 case kms.ErrCodeKeyUnavailableException: 591 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 592 case kms.ErrCodeDependencyTimeoutException: 593 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 594 case kms.ErrCodeInvalidKeyUsageException: 595 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 596 case kms.ErrCodeInvalidGrantTokenException: 597 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 598 case kms.ErrCodeInternalException: 599 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 600 case kms.ErrCodeInvalidStateException: 601 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 602 default: 603 fmt.Println(aerr.Error()) 604 } 605 } else { 606 // Print the error, cast err to awserr.Error to get the Code and 607 // Message from an error. 608 fmt.Println(err.Error()) 609 } 610 return 611 } 612 613 fmt.Println(result) 614} 615 616// To generate an encrypted data key 617// 618// The following example generates an encrypted copy of a 256-bit symmetric data encryption 619// key (data key). The data key is encrypted with the specified customer master key 620// (CMK). 621func ExampleKMS_GenerateDataKeyWithoutPlaintext_shared00() { 622 svc := kms.New(session.New()) 623 input := &kms.GenerateDataKeyWithoutPlaintextInput{ 624 KeyId: aws.String("alias/ExampleAlias"), 625 KeySpec: aws.String("AES_256"), 626 } 627 628 result, err := svc.GenerateDataKeyWithoutPlaintext(input) 629 if err != nil { 630 if aerr, ok := err.(awserr.Error); ok { 631 switch aerr.Code() { 632 case kms.ErrCodeNotFoundException: 633 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 634 case kms.ErrCodeDisabledException: 635 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 636 case kms.ErrCodeKeyUnavailableException: 637 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 638 case kms.ErrCodeDependencyTimeoutException: 639 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 640 case kms.ErrCodeInvalidKeyUsageException: 641 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 642 case kms.ErrCodeInvalidGrantTokenException: 643 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 644 case kms.ErrCodeInternalException: 645 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 646 case kms.ErrCodeInvalidStateException: 647 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 648 default: 649 fmt.Println(aerr.Error()) 650 } 651 } else { 652 // Print the error, cast err to awserr.Error to get the Code and 653 // Message from an error. 654 fmt.Println(err.Error()) 655 } 656 return 657 } 658 659 fmt.Println(result) 660} 661 662// To generate random data 663// 664// The following example uses AWS KMS to generate 32 bytes of random data. 665func ExampleKMS_GenerateRandom_shared00() { 666 svc := kms.New(session.New()) 667 input := &kms.GenerateRandomInput{ 668 NumberOfBytes: aws.Int64(32), 669 } 670 671 result, err := svc.GenerateRandom(input) 672 if err != nil { 673 if aerr, ok := err.(awserr.Error); ok { 674 switch aerr.Code() { 675 case kms.ErrCodeDependencyTimeoutException: 676 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 677 case kms.ErrCodeInternalException: 678 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 679 case kms.ErrCodeCustomKeyStoreNotFoundException: 680 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 681 case kms.ErrCodeCustomKeyStoreInvalidStateException: 682 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 683 default: 684 fmt.Println(aerr.Error()) 685 } 686 } else { 687 // Print the error, cast err to awserr.Error to get the Code and 688 // Message from an error. 689 fmt.Println(err.Error()) 690 } 691 return 692 } 693 694 fmt.Println(result) 695} 696 697// To retrieve a key policy 698// 699// The following example retrieves the key policy for the specified customer master 700// key (CMK). 701func ExampleKMS_GetKeyPolicy_shared00() { 702 svc := kms.New(session.New()) 703 input := &kms.GetKeyPolicyInput{ 704 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 705 PolicyName: aws.String("default"), 706 } 707 708 result, err := svc.GetKeyPolicy(input) 709 if err != nil { 710 if aerr, ok := err.(awserr.Error); ok { 711 switch aerr.Code() { 712 case kms.ErrCodeNotFoundException: 713 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 714 case kms.ErrCodeInvalidArnException: 715 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 716 case kms.ErrCodeDependencyTimeoutException: 717 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 718 case kms.ErrCodeInternalException: 719 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 720 case kms.ErrCodeInvalidStateException: 721 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 722 default: 723 fmt.Println(aerr.Error()) 724 } 725 } else { 726 // Print the error, cast err to awserr.Error to get the Code and 727 // Message from an error. 728 fmt.Println(err.Error()) 729 } 730 return 731 } 732 733 fmt.Println(result) 734} 735 736// To retrieve the rotation status for a customer master key (CMK) 737// 738// The following example retrieves the status of automatic annual rotation of the key 739// material for the specified CMK. 740func ExampleKMS_GetKeyRotationStatus_shared00() { 741 svc := kms.New(session.New()) 742 input := &kms.GetKeyRotationStatusInput{ 743 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 744 } 745 746 result, err := svc.GetKeyRotationStatus(input) 747 if err != nil { 748 if aerr, ok := err.(awserr.Error); ok { 749 switch aerr.Code() { 750 case kms.ErrCodeNotFoundException: 751 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 752 case kms.ErrCodeInvalidArnException: 753 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 754 case kms.ErrCodeDependencyTimeoutException: 755 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 756 case kms.ErrCodeInternalException: 757 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 758 case kms.ErrCodeInvalidStateException: 759 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 760 case kms.ErrCodeUnsupportedOperationException: 761 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 762 default: 763 fmt.Println(aerr.Error()) 764 } 765 } else { 766 // Print the error, cast err to awserr.Error to get the Code and 767 // Message from an error. 768 fmt.Println(err.Error()) 769 } 770 return 771 } 772 773 fmt.Println(result) 774} 775 776// To retrieve the public key and import token for a customer master key (CMK) 777// 778// The following example retrieves the public key and import token for the specified 779// CMK. 780func ExampleKMS_GetParametersForImport_shared00() { 781 svc := kms.New(session.New()) 782 input := &kms.GetParametersForImportInput{ 783 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 784 WrappingAlgorithm: aws.String("RSAES_OAEP_SHA_1"), 785 WrappingKeySpec: aws.String("RSA_2048"), 786 } 787 788 result, err := svc.GetParametersForImport(input) 789 if err != nil { 790 if aerr, ok := err.(awserr.Error); ok { 791 switch aerr.Code() { 792 case kms.ErrCodeInvalidArnException: 793 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 794 case kms.ErrCodeUnsupportedOperationException: 795 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 796 case kms.ErrCodeDependencyTimeoutException: 797 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 798 case kms.ErrCodeNotFoundException: 799 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 800 case kms.ErrCodeInternalException: 801 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 802 case kms.ErrCodeInvalidStateException: 803 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 804 default: 805 fmt.Println(aerr.Error()) 806 } 807 } else { 808 // Print the error, cast err to awserr.Error to get the Code and 809 // Message from an error. 810 fmt.Println(err.Error()) 811 } 812 return 813 } 814 815 fmt.Println(result) 816} 817 818// To import key material into a customer master key (CMK) 819// 820// The following example imports key material into the specified CMK. 821func ExampleKMS_ImportKeyMaterial_shared00() { 822 svc := kms.New(session.New()) 823 input := &kms.ImportKeyMaterialInput{ 824 EncryptedKeyMaterial: []byte("<binary data>"), 825 ExpirationModel: aws.String("KEY_MATERIAL_DOES_NOT_EXPIRE"), 826 ImportToken: []byte("<binary data>"), 827 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 828 } 829 830 result, err := svc.ImportKeyMaterial(input) 831 if err != nil { 832 if aerr, ok := err.(awserr.Error); ok { 833 switch aerr.Code() { 834 case kms.ErrCodeInvalidArnException: 835 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 836 case kms.ErrCodeUnsupportedOperationException: 837 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 838 case kms.ErrCodeDependencyTimeoutException: 839 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 840 case kms.ErrCodeNotFoundException: 841 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 842 case kms.ErrCodeInternalException: 843 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 844 case kms.ErrCodeInvalidStateException: 845 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 846 case kms.ErrCodeInvalidCiphertextException: 847 fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) 848 case kms.ErrCodeIncorrectKeyMaterialException: 849 fmt.Println(kms.ErrCodeIncorrectKeyMaterialException, aerr.Error()) 850 case kms.ErrCodeExpiredImportTokenException: 851 fmt.Println(kms.ErrCodeExpiredImportTokenException, aerr.Error()) 852 case kms.ErrCodeInvalidImportTokenException: 853 fmt.Println(kms.ErrCodeInvalidImportTokenException, aerr.Error()) 854 default: 855 fmt.Println(aerr.Error()) 856 } 857 } else { 858 // Print the error, cast err to awserr.Error to get the Code and 859 // Message from an error. 860 fmt.Println(err.Error()) 861 } 862 return 863 } 864 865 fmt.Println(result) 866} 867 868// To list aliases 869// 870// The following example lists aliases. 871func ExampleKMS_ListAliases_shared00() { 872 svc := kms.New(session.New()) 873 input := &kms.ListAliasesInput{} 874 875 result, err := svc.ListAliases(input) 876 if err != nil { 877 if aerr, ok := err.(awserr.Error); ok { 878 switch aerr.Code() { 879 case kms.ErrCodeDependencyTimeoutException: 880 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 881 case kms.ErrCodeInvalidMarkerException: 882 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 883 case kms.ErrCodeInternalException: 884 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 885 case kms.ErrCodeInvalidArnException: 886 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 887 case kms.ErrCodeNotFoundException: 888 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 889 default: 890 fmt.Println(aerr.Error()) 891 } 892 } else { 893 // Print the error, cast err to awserr.Error to get the Code and 894 // Message from an error. 895 fmt.Println(err.Error()) 896 } 897 return 898 } 899 900 fmt.Println(result) 901} 902 903// To list grants for a customer master key (CMK) 904// 905// The following example lists grants for the specified CMK. 906func ExampleKMS_ListGrants_shared00() { 907 svc := kms.New(session.New()) 908 input := &kms.ListGrantsInput{ 909 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 910 } 911 912 result, err := svc.ListGrants(input) 913 if err != nil { 914 if aerr, ok := err.(awserr.Error); ok { 915 switch aerr.Code() { 916 case kms.ErrCodeNotFoundException: 917 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 918 case kms.ErrCodeDependencyTimeoutException: 919 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 920 case kms.ErrCodeInvalidMarkerException: 921 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 922 case kms.ErrCodeInvalidArnException: 923 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 924 case kms.ErrCodeInternalException: 925 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 926 case kms.ErrCodeInvalidStateException: 927 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 928 default: 929 fmt.Println(aerr.Error()) 930 } 931 } else { 932 // Print the error, cast err to awserr.Error to get the Code and 933 // Message from an error. 934 fmt.Println(err.Error()) 935 } 936 return 937 } 938 939 fmt.Println(result) 940} 941 942// To list key policies for a customer master key (CMK) 943// 944// The following example lists key policies for the specified CMK. 945func ExampleKMS_ListKeyPolicies_shared00() { 946 svc := kms.New(session.New()) 947 input := &kms.ListKeyPoliciesInput{ 948 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 949 } 950 951 result, err := svc.ListKeyPolicies(input) 952 if err != nil { 953 if aerr, ok := err.(awserr.Error); ok { 954 switch aerr.Code() { 955 case kms.ErrCodeNotFoundException: 956 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 957 case kms.ErrCodeInvalidArnException: 958 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 959 case kms.ErrCodeDependencyTimeoutException: 960 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 961 case kms.ErrCodeInternalException: 962 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 963 case kms.ErrCodeInvalidStateException: 964 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 965 default: 966 fmt.Println(aerr.Error()) 967 } 968 } else { 969 // Print the error, cast err to awserr.Error to get the Code and 970 // Message from an error. 971 fmt.Println(err.Error()) 972 } 973 return 974 } 975 976 fmt.Println(result) 977} 978 979// To list customer master keys (CMKs) 980// 981// The following example lists CMKs. 982func ExampleKMS_ListKeys_shared00() { 983 svc := kms.New(session.New()) 984 input := &kms.ListKeysInput{} 985 986 result, err := svc.ListKeys(input) 987 if err != nil { 988 if aerr, ok := err.(awserr.Error); ok { 989 switch aerr.Code() { 990 case kms.ErrCodeDependencyTimeoutException: 991 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 992 case kms.ErrCodeInternalException: 993 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 994 case kms.ErrCodeInvalidMarkerException: 995 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 996 default: 997 fmt.Println(aerr.Error()) 998 } 999 } else { 1000 // Print the error, cast err to awserr.Error to get the Code and 1001 // Message from an error. 1002 fmt.Println(err.Error()) 1003 } 1004 return 1005 } 1006 1007 fmt.Println(result) 1008} 1009 1010// To list tags for a customer master key (CMK) 1011// 1012// The following example lists tags for a CMK. 1013func ExampleKMS_ListResourceTags_shared00() { 1014 svc := kms.New(session.New()) 1015 input := &kms.ListResourceTagsInput{ 1016 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1017 } 1018 1019 result, err := svc.ListResourceTags(input) 1020 if err != nil { 1021 if aerr, ok := err.(awserr.Error); ok { 1022 switch aerr.Code() { 1023 case kms.ErrCodeInternalException: 1024 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1025 case kms.ErrCodeNotFoundException: 1026 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1027 case kms.ErrCodeInvalidArnException: 1028 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1029 case kms.ErrCodeInvalidMarkerException: 1030 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 1031 default: 1032 fmt.Println(aerr.Error()) 1033 } 1034 } else { 1035 // Print the error, cast err to awserr.Error to get the Code and 1036 // Message from an error. 1037 fmt.Println(err.Error()) 1038 } 1039 return 1040 } 1041 1042 fmt.Println(result) 1043} 1044 1045// To list grants that the specified principal can retire 1046// 1047// The following example lists the grants that the specified principal (identity) can 1048// retire. 1049func ExampleKMS_ListRetirableGrants_shared00() { 1050 svc := kms.New(session.New()) 1051 input := &kms.ListRetirableGrantsInput{ 1052 RetiringPrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"), 1053 } 1054 1055 result, err := svc.ListRetirableGrants(input) 1056 if err != nil { 1057 if aerr, ok := err.(awserr.Error); ok { 1058 switch aerr.Code() { 1059 case kms.ErrCodeDependencyTimeoutException: 1060 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1061 case kms.ErrCodeInvalidMarkerException: 1062 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 1063 case kms.ErrCodeInvalidArnException: 1064 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1065 case kms.ErrCodeNotFoundException: 1066 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1067 case kms.ErrCodeInternalException: 1068 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1069 default: 1070 fmt.Println(aerr.Error()) 1071 } 1072 } else { 1073 // Print the error, cast err to awserr.Error to get the Code and 1074 // Message from an error. 1075 fmt.Println(err.Error()) 1076 } 1077 return 1078 } 1079 1080 fmt.Println(result) 1081} 1082 1083// To attach a key policy to a customer master key (CMK) 1084// 1085// The following example attaches a key policy to the specified CMK. 1086func ExampleKMS_PutKeyPolicy_shared00() { 1087 svc := kms.New(session.New()) 1088 input := &kms.PutKeyPolicyInput{ 1089 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1090 Policy: aws.String("{\n \"Version\": \"2012-10-17\",\n \"Id\": \"custom-policy-2016-12-07\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:root\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow access for Key Administrators\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::111122223333:user/ExampleAdminUser\",\n \"arn:aws:iam::111122223333:role/ExampleAdminRole\"\n ]\n },\n \"Action\": [\n \"kms:Create*\",\n \"kms:Describe*\",\n \"kms:Enable*\",\n \"kms:List*\",\n \"kms:Put*\",\n \"kms:Update*\",\n \"kms:Revoke*\",\n \"kms:Disable*\",\n \"kms:Get*\",\n \"kms:Delete*\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow use of the key\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:Encrypt\",\n \"kms:Decrypt\",\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:DescribeKey\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow attachment of persistent resources\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:CreateGrant\",\n \"kms:ListGrants\",\n \"kms:RevokeGrant\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\"\n }\n }\n }\n ]\n}\n"), 1091 PolicyName: aws.String("default"), 1092 } 1093 1094 result, err := svc.PutKeyPolicy(input) 1095 if err != nil { 1096 if aerr, ok := err.(awserr.Error); ok { 1097 switch aerr.Code() { 1098 case kms.ErrCodeNotFoundException: 1099 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1100 case kms.ErrCodeInvalidArnException: 1101 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1102 case kms.ErrCodeMalformedPolicyDocumentException: 1103 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 1104 case kms.ErrCodeDependencyTimeoutException: 1105 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1106 case kms.ErrCodeUnsupportedOperationException: 1107 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1108 case kms.ErrCodeInternalException: 1109 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1110 case kms.ErrCodeLimitExceededException: 1111 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 1112 case kms.ErrCodeInvalidStateException: 1113 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1114 default: 1115 fmt.Println(aerr.Error()) 1116 } 1117 } else { 1118 // Print the error, cast err to awserr.Error to get the Code and 1119 // Message from an error. 1120 fmt.Println(err.Error()) 1121 } 1122 return 1123 } 1124 1125 fmt.Println(result) 1126} 1127 1128// To reencrypt data 1129// 1130// The following example reencrypts data with the specified CMK. 1131func ExampleKMS_ReEncrypt_shared00() { 1132 svc := kms.New(session.New()) 1133 input := &kms.ReEncryptInput{ 1134 CiphertextBlob: []byte("<binary data>"), 1135 DestinationKeyId: aws.String("0987dcba-09fe-87dc-65ba-ab0987654321"), 1136 } 1137 1138 result, err := svc.ReEncrypt(input) 1139 if err != nil { 1140 if aerr, ok := err.(awserr.Error); ok { 1141 switch aerr.Code() { 1142 case kms.ErrCodeNotFoundException: 1143 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1144 case kms.ErrCodeDisabledException: 1145 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1146 case kms.ErrCodeInvalidCiphertextException: 1147 fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) 1148 case kms.ErrCodeKeyUnavailableException: 1149 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1150 case kms.ErrCodeIncorrectKeyException: 1151 fmt.Println(kms.ErrCodeIncorrectKeyException, aerr.Error()) 1152 case kms.ErrCodeDependencyTimeoutException: 1153 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1154 case kms.ErrCodeInvalidKeyUsageException: 1155 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1156 case kms.ErrCodeInvalidGrantTokenException: 1157 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1158 case kms.ErrCodeInternalException: 1159 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1160 case kms.ErrCodeInvalidStateException: 1161 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1162 default: 1163 fmt.Println(aerr.Error()) 1164 } 1165 } else { 1166 // Print the error, cast err to awserr.Error to get the Code and 1167 // Message from an error. 1168 fmt.Println(err.Error()) 1169 } 1170 return 1171 } 1172 1173 fmt.Println(result) 1174} 1175 1176// To retire a grant 1177// 1178// The following example retires a grant. 1179func ExampleKMS_RetireGrant_shared00() { 1180 svc := kms.New(session.New()) 1181 input := &kms.RetireGrantInput{ 1182 GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"), 1183 KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 1184 } 1185 1186 result, err := svc.RetireGrant(input) 1187 if err != nil { 1188 if aerr, ok := err.(awserr.Error); ok { 1189 switch aerr.Code() { 1190 case kms.ErrCodeInvalidArnException: 1191 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1192 case kms.ErrCodeInvalidGrantTokenException: 1193 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1194 case kms.ErrCodeInvalidGrantIdException: 1195 fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) 1196 case kms.ErrCodeNotFoundException: 1197 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1198 case kms.ErrCodeDependencyTimeoutException: 1199 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1200 case kms.ErrCodeInternalException: 1201 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1202 case kms.ErrCodeInvalidStateException: 1203 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1204 default: 1205 fmt.Println(aerr.Error()) 1206 } 1207 } else { 1208 // Print the error, cast err to awserr.Error to get the Code and 1209 // Message from an error. 1210 fmt.Println(err.Error()) 1211 } 1212 return 1213 } 1214 1215 fmt.Println(result) 1216} 1217 1218// To revoke a grant 1219// 1220// The following example revokes a grant. 1221func ExampleKMS_RevokeGrant_shared00() { 1222 svc := kms.New(session.New()) 1223 input := &kms.RevokeGrantInput{ 1224 GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"), 1225 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1226 } 1227 1228 result, err := svc.RevokeGrant(input) 1229 if err != nil { 1230 if aerr, ok := err.(awserr.Error); ok { 1231 switch aerr.Code() { 1232 case kms.ErrCodeNotFoundException: 1233 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1234 case kms.ErrCodeDependencyTimeoutException: 1235 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1236 case kms.ErrCodeInvalidArnException: 1237 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1238 case kms.ErrCodeInvalidGrantIdException: 1239 fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) 1240 case kms.ErrCodeInternalException: 1241 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1242 case kms.ErrCodeInvalidStateException: 1243 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1244 default: 1245 fmt.Println(aerr.Error()) 1246 } 1247 } else { 1248 // Print the error, cast err to awserr.Error to get the Code and 1249 // Message from an error. 1250 fmt.Println(err.Error()) 1251 } 1252 return 1253 } 1254 1255 fmt.Println(result) 1256} 1257 1258// To schedule a customer master key (CMK) for deletion 1259// 1260// The following example schedules the specified CMK for deletion. 1261func ExampleKMS_ScheduleKeyDeletion_shared00() { 1262 svc := kms.New(session.New()) 1263 input := &kms.ScheduleKeyDeletionInput{ 1264 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1265 PendingWindowInDays: aws.Int64(7), 1266 } 1267 1268 result, err := svc.ScheduleKeyDeletion(input) 1269 if err != nil { 1270 if aerr, ok := err.(awserr.Error); ok { 1271 switch aerr.Code() { 1272 case kms.ErrCodeNotFoundException: 1273 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1274 case kms.ErrCodeInvalidArnException: 1275 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1276 case kms.ErrCodeDependencyTimeoutException: 1277 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1278 case kms.ErrCodeInternalException: 1279 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1280 case kms.ErrCodeInvalidStateException: 1281 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1282 default: 1283 fmt.Println(aerr.Error()) 1284 } 1285 } else { 1286 // Print the error, cast err to awserr.Error to get the Code and 1287 // Message from an error. 1288 fmt.Println(err.Error()) 1289 } 1290 return 1291 } 1292 1293 fmt.Println(result) 1294} 1295 1296// To tag a customer master key (CMK) 1297// 1298// The following example tags a CMK. 1299func ExampleKMS_TagResource_shared00() { 1300 svc := kms.New(session.New()) 1301 input := &kms.TagResourceInput{ 1302 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1303 Tags: []*kms.Tag{ 1304 { 1305 TagKey: aws.String("Purpose"), 1306 TagValue: aws.String("Test"), 1307 }, 1308 }, 1309 } 1310 1311 result, err := svc.TagResource(input) 1312 if err != nil { 1313 if aerr, ok := err.(awserr.Error); ok { 1314 switch aerr.Code() { 1315 case kms.ErrCodeInternalException: 1316 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1317 case kms.ErrCodeNotFoundException: 1318 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1319 case kms.ErrCodeInvalidArnException: 1320 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1321 case kms.ErrCodeInvalidStateException: 1322 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1323 case kms.ErrCodeLimitExceededException: 1324 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 1325 case kms.ErrCodeTagException: 1326 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 1327 default: 1328 fmt.Println(aerr.Error()) 1329 } 1330 } else { 1331 // Print the error, cast err to awserr.Error to get the Code and 1332 // Message from an error. 1333 fmt.Println(err.Error()) 1334 } 1335 return 1336 } 1337 1338 fmt.Println(result) 1339} 1340 1341// To remove tags from a customer master key (CMK) 1342// 1343// The following example removes tags from a CMK. 1344func ExampleKMS_UntagResource_shared00() { 1345 svc := kms.New(session.New()) 1346 input := &kms.UntagResourceInput{ 1347 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1348 TagKeys: []*string{ 1349 aws.String("Purpose"), 1350 aws.String("CostCenter"), 1351 }, 1352 } 1353 1354 result, err := svc.UntagResource(input) 1355 if err != nil { 1356 if aerr, ok := err.(awserr.Error); ok { 1357 switch aerr.Code() { 1358 case kms.ErrCodeInternalException: 1359 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1360 case kms.ErrCodeNotFoundException: 1361 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1362 case kms.ErrCodeInvalidArnException: 1363 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1364 case kms.ErrCodeInvalidStateException: 1365 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1366 case kms.ErrCodeTagException: 1367 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 1368 default: 1369 fmt.Println(aerr.Error()) 1370 } 1371 } else { 1372 // Print the error, cast err to awserr.Error to get the Code and 1373 // Message from an error. 1374 fmt.Println(err.Error()) 1375 } 1376 return 1377 } 1378 1379 fmt.Println(result) 1380} 1381 1382// To update an alias 1383// 1384// The following example updates the specified alias to refer to the specified customer 1385// master key (CMK). 1386func ExampleKMS_UpdateAlias_shared00() { 1387 svc := kms.New(session.New()) 1388 input := &kms.UpdateAliasInput{ 1389 AliasName: aws.String("alias/ExampleAlias"), 1390 TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1391 } 1392 1393 result, err := svc.UpdateAlias(input) 1394 if err != nil { 1395 if aerr, ok := err.(awserr.Error); ok { 1396 switch aerr.Code() { 1397 case kms.ErrCodeDependencyTimeoutException: 1398 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1399 case kms.ErrCodeNotFoundException: 1400 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1401 case kms.ErrCodeInternalException: 1402 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1403 case kms.ErrCodeLimitExceededException: 1404 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 1405 case kms.ErrCodeInvalidStateException: 1406 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1407 default: 1408 fmt.Println(aerr.Error()) 1409 } 1410 } else { 1411 // Print the error, cast err to awserr.Error to get the Code and 1412 // Message from an error. 1413 fmt.Println(err.Error()) 1414 } 1415 return 1416 } 1417 1418 fmt.Println(result) 1419} 1420 1421// To update the description of a customer master key (CMK) 1422// 1423// The following example updates the description of the specified CMK. 1424func ExampleKMS_UpdateKeyDescription_shared00() { 1425 svc := kms.New(session.New()) 1426 input := &kms.UpdateKeyDescriptionInput{ 1427 Description: aws.String("Example description that indicates the intended use of this CMK."), 1428 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1429 } 1430 1431 result, err := svc.UpdateKeyDescription(input) 1432 if err != nil { 1433 if aerr, ok := err.(awserr.Error); ok { 1434 switch aerr.Code() { 1435 case kms.ErrCodeNotFoundException: 1436 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1437 case kms.ErrCodeInvalidArnException: 1438 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1439 case kms.ErrCodeDependencyTimeoutException: 1440 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1441 case kms.ErrCodeInternalException: 1442 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1443 case kms.ErrCodeInvalidStateException: 1444 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1445 default: 1446 fmt.Println(aerr.Error()) 1447 } 1448 } else { 1449 // Print the error, cast err to awserr.Error to get the Code and 1450 // Message from an error. 1451 fmt.Println(err.Error()) 1452 } 1453 return 1454 } 1455 1456 fmt.Println(result) 1457} 1458