github.com/aavshr/aws-sdk-go@v1.41.3/service/kms/examples_test.go (about) 1 // Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. 2 3 package kms_test 4 5 import ( 6 "fmt" 7 "strings" 8 "time" 9 10 "github.com/aavshr/aws-sdk-go/aws" 11 "github.com/aavshr/aws-sdk-go/aws/awserr" 12 "github.com/aavshr/aws-sdk-go/aws/session" 13 "github.com/aavshr/aws-sdk-go/service/kms" 14 ) 15 16 var _ time.Duration 17 var _ strings.Reader 18 var _ aws.Config 19 20 func parseTime(layout, value string) *time.Time { 21 t, err := time.Parse(layout, value) 22 if err != nil { 23 panic(err) 24 } 25 return &t 26 } 27 28 // To cancel deletion of a KMS key 29 // 30 // The following example cancels deletion of the specified KMS key. 31 func ExampleKMS_CancelKeyDeletion_shared00() { 32 svc := kms.New(session.New()) 33 input := &kms.CancelKeyDeletionInput{ 34 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 35 } 36 37 result, err := svc.CancelKeyDeletion(input) 38 if err != nil { 39 if aerr, ok := err.(awserr.Error); ok { 40 switch aerr.Code() { 41 case kms.ErrCodeNotFoundException: 42 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 43 case kms.ErrCodeInvalidArnException: 44 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 45 case kms.ErrCodeDependencyTimeoutException: 46 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 47 case kms.ErrCodeInternalException: 48 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 49 case kms.ErrCodeInvalidStateException: 50 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 51 default: 52 fmt.Println(aerr.Error()) 53 } 54 } else { 55 // Print the error, cast err to awserr.Error to get the Code and 56 // Message from an error. 57 fmt.Println(err.Error()) 58 } 59 return 60 } 61 62 fmt.Println(result) 63 } 64 65 // To connect a custom key store to its CloudHSM cluster 66 // 67 // This example connects an AWS KMS custom key store to its AWS CloudHSM cluster. This 68 // operation does not return any data. To verify that the custom key store is connected, 69 // use the <code>DescribeCustomKeyStores</code> operation. 70 func ExampleKMS_ConnectCustomKeyStore_shared00() { 71 svc := kms.New(session.New()) 72 input := &kms.ConnectCustomKeyStoreInput{ 73 CustomKeyStoreId: aws.String("cks-1234567890abcdef0"), 74 } 75 76 result, err := svc.ConnectCustomKeyStore(input) 77 if err != nil { 78 if aerr, ok := err.(awserr.Error); ok { 79 switch aerr.Code() { 80 case kms.ErrCodeCloudHsmClusterNotActiveException: 81 fmt.Println(kms.ErrCodeCloudHsmClusterNotActiveException, aerr.Error()) 82 case kms.ErrCodeCustomKeyStoreInvalidStateException: 83 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 84 case kms.ErrCodeCustomKeyStoreNotFoundException: 85 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 86 case kms.ErrCodeInternalException: 87 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 88 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 89 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 90 default: 91 fmt.Println(aerr.Error()) 92 } 93 } else { 94 // Print the error, cast err to awserr.Error to get the Code and 95 // Message from an error. 96 fmt.Println(err.Error()) 97 } 98 return 99 } 100 101 fmt.Println(result) 102 } 103 104 // To create an alias 105 // 106 // The following example creates an alias for the specified KMS key. 107 func ExampleKMS_CreateAlias_shared00() { 108 svc := kms.New(session.New()) 109 input := &kms.CreateAliasInput{ 110 AliasName: aws.String("alias/ExampleAlias"), 111 TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 112 } 113 114 result, err := svc.CreateAlias(input) 115 if err != nil { 116 if aerr, ok := err.(awserr.Error); ok { 117 switch aerr.Code() { 118 case kms.ErrCodeDependencyTimeoutException: 119 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 120 case kms.ErrCodeAlreadyExistsException: 121 fmt.Println(kms.ErrCodeAlreadyExistsException, aerr.Error()) 122 case kms.ErrCodeNotFoundException: 123 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 124 case kms.ErrCodeInvalidAliasNameException: 125 fmt.Println(kms.ErrCodeInvalidAliasNameException, aerr.Error()) 126 case kms.ErrCodeInternalException: 127 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 128 case kms.ErrCodeLimitExceededException: 129 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 130 case kms.ErrCodeInvalidStateException: 131 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 132 default: 133 fmt.Println(aerr.Error()) 134 } 135 } else { 136 // Print the error, cast err to awserr.Error to get the Code and 137 // Message from an error. 138 fmt.Println(err.Error()) 139 } 140 return 141 } 142 143 fmt.Println(result) 144 } 145 146 // To create an AWS CloudHSM custom key store 147 // 148 // This example creates a custom key store that is associated with an AWS CloudHSM cluster. 149 func ExampleKMS_CreateCustomKeyStore_shared00() { 150 svc := kms.New(session.New()) 151 input := &kms.CreateCustomKeyStoreInput{ 152 CloudHsmClusterId: aws.String("cluster-1a23b4cdefg"), 153 CustomKeyStoreName: aws.String("ExampleKeyStore"), 154 KeyStorePassword: aws.String("kmsPswd"), 155 TrustAnchorCertificate: aws.String("<certificate-goes-here>"), 156 } 157 158 result, err := svc.CreateCustomKeyStore(input) 159 if err != nil { 160 if aerr, ok := err.(awserr.Error); ok { 161 switch aerr.Code() { 162 case kms.ErrCodeCloudHsmClusterInUseException: 163 fmt.Println(kms.ErrCodeCloudHsmClusterInUseException, aerr.Error()) 164 case kms.ErrCodeCustomKeyStoreNameInUseException: 165 fmt.Println(kms.ErrCodeCustomKeyStoreNameInUseException, aerr.Error()) 166 case kms.ErrCodeCloudHsmClusterNotFoundException: 167 fmt.Println(kms.ErrCodeCloudHsmClusterNotFoundException, aerr.Error()) 168 case kms.ErrCodeInternalException: 169 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 170 case kms.ErrCodeCloudHsmClusterNotActiveException: 171 fmt.Println(kms.ErrCodeCloudHsmClusterNotActiveException, aerr.Error()) 172 case kms.ErrCodeIncorrectTrustAnchorException: 173 fmt.Println(kms.ErrCodeIncorrectTrustAnchorException, aerr.Error()) 174 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 175 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 176 default: 177 fmt.Println(aerr.Error()) 178 } 179 } else { 180 // Print the error, cast err to awserr.Error to get the Code and 181 // Message from an error. 182 fmt.Println(err.Error()) 183 } 184 return 185 } 186 187 fmt.Println(result) 188 } 189 190 // To create a grant 191 // 192 // The following example creates a grant that allows the specified IAM role to encrypt 193 // data with the specified KMS key. 194 func ExampleKMS_CreateGrant_shared00() { 195 svc := kms.New(session.New()) 196 input := &kms.CreateGrantInput{ 197 GranteePrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"), 198 KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 199 Operations: []*string{ 200 aws.String("Encrypt"), 201 aws.String("Decrypt"), 202 }, 203 } 204 205 result, err := svc.CreateGrant(input) 206 if err != nil { 207 if aerr, ok := err.(awserr.Error); ok { 208 switch aerr.Code() { 209 case kms.ErrCodeNotFoundException: 210 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 211 case kms.ErrCodeDisabledException: 212 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 213 case kms.ErrCodeDependencyTimeoutException: 214 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 215 case kms.ErrCodeInvalidArnException: 216 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 217 case kms.ErrCodeInternalException: 218 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 219 case kms.ErrCodeInvalidGrantTokenException: 220 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 221 case kms.ErrCodeLimitExceededException: 222 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 223 case kms.ErrCodeInvalidStateException: 224 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 225 default: 226 fmt.Println(aerr.Error()) 227 } 228 } else { 229 // Print the error, cast err to awserr.Error to get the Code and 230 // Message from an error. 231 fmt.Println(err.Error()) 232 } 233 return 234 } 235 236 fmt.Println(result) 237 } 238 239 // To create a KMS key 240 // 241 // The following example creates a symmetric KMS key for encryption and decryption. 242 // No parameters are required for this operation. 243 func ExampleKMS_CreateKey_shared00() { 244 svc := kms.New(session.New()) 245 input := &kms.CreateKeyInput{} 246 247 result, err := svc.CreateKey(input) 248 if err != nil { 249 if aerr, ok := err.(awserr.Error); ok { 250 switch aerr.Code() { 251 case kms.ErrCodeMalformedPolicyDocumentException: 252 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 253 case kms.ErrCodeDependencyTimeoutException: 254 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 255 case kms.ErrCodeInvalidArnException: 256 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 257 case kms.ErrCodeUnsupportedOperationException: 258 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 259 case kms.ErrCodeInternalException: 260 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 261 case kms.ErrCodeLimitExceededException: 262 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 263 case kms.ErrCodeTagException: 264 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 265 case kms.ErrCodeCustomKeyStoreNotFoundException: 266 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 267 case kms.ErrCodeCustomKeyStoreInvalidStateException: 268 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 269 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 270 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 271 default: 272 fmt.Println(aerr.Error()) 273 } 274 } else { 275 // Print the error, cast err to awserr.Error to get the Code and 276 // Message from an error. 277 fmt.Println(err.Error()) 278 } 279 return 280 } 281 282 fmt.Println(result) 283 } 284 285 // To create an asymmetric RSA KMS key for encryption and decryption 286 // 287 // This example creates a KMS key that contains an asymmetric RSA key pair for encryption 288 // and decryption. The key spec and key usage can't be changed after the key is created. 289 func ExampleKMS_CreateKey_shared01() { 290 svc := kms.New(session.New()) 291 input := &kms.CreateKeyInput{ 292 KeySpec: aws.String("RSA_4096"), 293 KeyUsage: aws.String("ENCRYPT_DECRYPT"), 294 } 295 296 result, err := svc.CreateKey(input) 297 if err != nil { 298 if aerr, ok := err.(awserr.Error); ok { 299 switch aerr.Code() { 300 case kms.ErrCodeMalformedPolicyDocumentException: 301 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 302 case kms.ErrCodeDependencyTimeoutException: 303 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 304 case kms.ErrCodeInvalidArnException: 305 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 306 case kms.ErrCodeUnsupportedOperationException: 307 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 308 case kms.ErrCodeInternalException: 309 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 310 case kms.ErrCodeLimitExceededException: 311 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 312 case kms.ErrCodeTagException: 313 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 314 case kms.ErrCodeCustomKeyStoreNotFoundException: 315 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 316 case kms.ErrCodeCustomKeyStoreInvalidStateException: 317 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 318 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 319 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 320 default: 321 fmt.Println(aerr.Error()) 322 } 323 } else { 324 // Print the error, cast err to awserr.Error to get the Code and 325 // Message from an error. 326 fmt.Println(err.Error()) 327 } 328 return 329 } 330 331 fmt.Println(result) 332 } 333 334 // To create an asymmetric elliptic curve KMS key for signing and verification 335 // 336 // This example creates a KMS key that contains an asymmetric elliptic curve (ECC) key 337 // pair for signing and verification. The key usage is required even though "SIGN_VERIFY" 338 // is the only valid value for ECC KMS keys. The key spec and key usage can't be changed 339 // after the key is created. 340 func ExampleKMS_CreateKey_shared02() { 341 svc := kms.New(session.New()) 342 input := &kms.CreateKeyInput{ 343 KeySpec: aws.String("ECC_NIST_P521"), 344 KeyUsage: aws.String("SIGN_VERIFY"), 345 } 346 347 result, err := svc.CreateKey(input) 348 if err != nil { 349 if aerr, ok := err.(awserr.Error); ok { 350 switch aerr.Code() { 351 case kms.ErrCodeMalformedPolicyDocumentException: 352 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 353 case kms.ErrCodeDependencyTimeoutException: 354 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 355 case kms.ErrCodeInvalidArnException: 356 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 357 case kms.ErrCodeUnsupportedOperationException: 358 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 359 case kms.ErrCodeInternalException: 360 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 361 case kms.ErrCodeLimitExceededException: 362 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 363 case kms.ErrCodeTagException: 364 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 365 case kms.ErrCodeCustomKeyStoreNotFoundException: 366 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 367 case kms.ErrCodeCustomKeyStoreInvalidStateException: 368 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 369 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 370 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 371 default: 372 fmt.Println(aerr.Error()) 373 } 374 } else { 375 // Print the error, cast err to awserr.Error to get the Code and 376 // Message from an error. 377 fmt.Println(err.Error()) 378 } 379 return 380 } 381 382 fmt.Println(result) 383 } 384 385 // To create a multi-Region primary KMS key 386 // 387 // This example creates a multi-Region primary symmetric encryption key. Because the 388 // default values for all parameters create a symmetric encryption key, only the MultiRegion 389 // parameter is required for this KMS key. 390 func ExampleKMS_CreateKey_shared03() { 391 svc := kms.New(session.New()) 392 input := &kms.CreateKeyInput{ 393 MultiRegion: aws.Bool(true), 394 } 395 396 result, err := svc.CreateKey(input) 397 if err != nil { 398 if aerr, ok := err.(awserr.Error); ok { 399 switch aerr.Code() { 400 case kms.ErrCodeMalformedPolicyDocumentException: 401 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 402 case kms.ErrCodeDependencyTimeoutException: 403 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 404 case kms.ErrCodeInvalidArnException: 405 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 406 case kms.ErrCodeUnsupportedOperationException: 407 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 408 case kms.ErrCodeInternalException: 409 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 410 case kms.ErrCodeLimitExceededException: 411 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 412 case kms.ErrCodeTagException: 413 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 414 case kms.ErrCodeCustomKeyStoreNotFoundException: 415 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 416 case kms.ErrCodeCustomKeyStoreInvalidStateException: 417 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 418 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 419 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 420 default: 421 fmt.Println(aerr.Error()) 422 } 423 } else { 424 // Print the error, cast err to awserr.Error to get the Code and 425 // Message from an error. 426 fmt.Println(err.Error()) 427 } 428 return 429 } 430 431 fmt.Println(result) 432 } 433 434 // To create a KMS key for imported key material 435 // 436 // This example creates a KMS key with no key material. When the operation is complete, 437 // you can import your own key material into the KMS key. To create this KMS key, set 438 // the Origin parameter to EXTERNAL. 439 func ExampleKMS_CreateKey_shared04() { 440 svc := kms.New(session.New()) 441 input := &kms.CreateKeyInput{ 442 Origin: aws.String("EXTERNAL"), 443 } 444 445 result, err := svc.CreateKey(input) 446 if err != nil { 447 if aerr, ok := err.(awserr.Error); ok { 448 switch aerr.Code() { 449 case kms.ErrCodeMalformedPolicyDocumentException: 450 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 451 case kms.ErrCodeDependencyTimeoutException: 452 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 453 case kms.ErrCodeInvalidArnException: 454 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 455 case kms.ErrCodeUnsupportedOperationException: 456 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 457 case kms.ErrCodeInternalException: 458 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 459 case kms.ErrCodeLimitExceededException: 460 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 461 case kms.ErrCodeTagException: 462 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 463 case kms.ErrCodeCustomKeyStoreNotFoundException: 464 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 465 case kms.ErrCodeCustomKeyStoreInvalidStateException: 466 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 467 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 468 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 469 default: 470 fmt.Println(aerr.Error()) 471 } 472 } else { 473 // Print the error, cast err to awserr.Error to get the Code and 474 // Message from an error. 475 fmt.Println(err.Error()) 476 } 477 return 478 } 479 480 fmt.Println(result) 481 } 482 483 // To create a KMS key in a custom key store 484 // 485 // This example creates a KMS key in the specified custom key store. The operation creates 486 // the KMS key and its metadata in AWS KMS and the key material in the AWS CloudHSM 487 // cluster associated with the custom key store. This example requires the Origin and 488 // CustomKeyStoreId parameters. 489 func ExampleKMS_CreateKey_shared05() { 490 svc := kms.New(session.New()) 491 input := &kms.CreateKeyInput{ 492 CustomKeyStoreId: aws.String("cks-1234567890abcdef0"), 493 Origin: aws.String("AWS_CLOUDHSM"), 494 } 495 496 result, err := svc.CreateKey(input) 497 if err != nil { 498 if aerr, ok := err.(awserr.Error); ok { 499 switch aerr.Code() { 500 case kms.ErrCodeMalformedPolicyDocumentException: 501 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 502 case kms.ErrCodeDependencyTimeoutException: 503 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 504 case kms.ErrCodeInvalidArnException: 505 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 506 case kms.ErrCodeUnsupportedOperationException: 507 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 508 case kms.ErrCodeInternalException: 509 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 510 case kms.ErrCodeLimitExceededException: 511 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 512 case kms.ErrCodeTagException: 513 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 514 case kms.ErrCodeCustomKeyStoreNotFoundException: 515 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 516 case kms.ErrCodeCustomKeyStoreInvalidStateException: 517 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 518 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 519 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 520 default: 521 fmt.Println(aerr.Error()) 522 } 523 } else { 524 // Print the error, cast err to awserr.Error to get the Code and 525 // Message from an error. 526 fmt.Println(err.Error()) 527 } 528 return 529 } 530 531 fmt.Println(result) 532 } 533 534 // To decrypt data 535 // 536 // The following example decrypts data that was encrypted with a KMS key. 537 func ExampleKMS_Decrypt_shared00() { 538 svc := kms.New(session.New()) 539 input := &kms.DecryptInput{ 540 CiphertextBlob: []byte("<binary data>"), 541 KeyId: aws.String("arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 542 } 543 544 result, err := svc.Decrypt(input) 545 if err != nil { 546 if aerr, ok := err.(awserr.Error); ok { 547 switch aerr.Code() { 548 case kms.ErrCodeNotFoundException: 549 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 550 case kms.ErrCodeDisabledException: 551 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 552 case kms.ErrCodeInvalidCiphertextException: 553 fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) 554 case kms.ErrCodeKeyUnavailableException: 555 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 556 case kms.ErrCodeIncorrectKeyException: 557 fmt.Println(kms.ErrCodeIncorrectKeyException, aerr.Error()) 558 case kms.ErrCodeInvalidKeyUsageException: 559 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 560 case kms.ErrCodeDependencyTimeoutException: 561 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 562 case kms.ErrCodeInvalidGrantTokenException: 563 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 564 case kms.ErrCodeInternalException: 565 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 566 case kms.ErrCodeInvalidStateException: 567 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 568 default: 569 fmt.Println(aerr.Error()) 570 } 571 } else { 572 // Print the error, cast err to awserr.Error to get the Code and 573 // Message from an error. 574 fmt.Println(err.Error()) 575 } 576 return 577 } 578 579 fmt.Println(result) 580 } 581 582 // To delete an alias 583 // 584 // The following example deletes the specified alias. 585 func ExampleKMS_DeleteAlias_shared00() { 586 svc := kms.New(session.New()) 587 input := &kms.DeleteAliasInput{ 588 AliasName: aws.String("alias/ExampleAlias"), 589 } 590 591 result, err := svc.DeleteAlias(input) 592 if err != nil { 593 if aerr, ok := err.(awserr.Error); ok { 594 switch aerr.Code() { 595 case kms.ErrCodeDependencyTimeoutException: 596 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 597 case kms.ErrCodeNotFoundException: 598 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 599 case kms.ErrCodeInternalException: 600 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 601 case kms.ErrCodeInvalidStateException: 602 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 603 default: 604 fmt.Println(aerr.Error()) 605 } 606 } else { 607 // Print the error, cast err to awserr.Error to get the Code and 608 // Message from an error. 609 fmt.Println(err.Error()) 610 } 611 return 612 } 613 614 fmt.Println(result) 615 } 616 617 // To delete a custom key store from AWS KMS 618 // 619 // This example deletes a custom key store from AWS KMS. This operation does not delete 620 // the AWS CloudHSM cluster that was associated with the CloudHSM cluster. This operation 621 // doesn't return any data. To verify that the operation was successful, use the DescribeCustomKeyStores 622 // operation. 623 func ExampleKMS_DeleteCustomKeyStore_shared00() { 624 svc := kms.New(session.New()) 625 input := &kms.DeleteCustomKeyStoreInput{ 626 CustomKeyStoreId: aws.String("cks-1234567890abcdef0"), 627 } 628 629 result, err := svc.DeleteCustomKeyStore(input) 630 if err != nil { 631 if aerr, ok := err.(awserr.Error); ok { 632 switch aerr.Code() { 633 case kms.ErrCodeCustomKeyStoreHasCMKsException: 634 fmt.Println(kms.ErrCodeCustomKeyStoreHasCMKsException, aerr.Error()) 635 case kms.ErrCodeCustomKeyStoreInvalidStateException: 636 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 637 case kms.ErrCodeCustomKeyStoreNotFoundException: 638 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 639 case kms.ErrCodeInternalException: 640 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 641 default: 642 fmt.Println(aerr.Error()) 643 } 644 } else { 645 // Print the error, cast err to awserr.Error to get the Code and 646 // Message from an error. 647 fmt.Println(err.Error()) 648 } 649 return 650 } 651 652 fmt.Println(result) 653 } 654 655 // To delete imported key material 656 // 657 // The following example deletes the imported key material from the specified KMS key. 658 func ExampleKMS_DeleteImportedKeyMaterial_shared00() { 659 svc := kms.New(session.New()) 660 input := &kms.DeleteImportedKeyMaterialInput{ 661 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 662 } 663 664 result, err := svc.DeleteImportedKeyMaterial(input) 665 if err != nil { 666 if aerr, ok := err.(awserr.Error); ok { 667 switch aerr.Code() { 668 case kms.ErrCodeInvalidArnException: 669 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 670 case kms.ErrCodeUnsupportedOperationException: 671 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 672 case kms.ErrCodeDependencyTimeoutException: 673 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 674 case kms.ErrCodeNotFoundException: 675 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 676 case kms.ErrCodeInternalException: 677 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 678 case kms.ErrCodeInvalidStateException: 679 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 680 default: 681 fmt.Println(aerr.Error()) 682 } 683 } else { 684 // Print the error, cast err to awserr.Error to get the Code and 685 // Message from an error. 686 fmt.Println(err.Error()) 687 } 688 return 689 } 690 691 fmt.Println(result) 692 } 693 694 // To get detailed information about custom key stores in the account and Region 695 // 696 // This example gets detailed information about all AWS KMS custom key stores in an 697 // AWS account and Region. To get all key stores, do not enter a custom key store name 698 // or ID. 699 func ExampleKMS_DescribeCustomKeyStores_shared00() { 700 svc := kms.New(session.New()) 701 input := &kms.DescribeCustomKeyStoresInput{} 702 703 result, err := svc.DescribeCustomKeyStores(input) 704 if err != nil { 705 if aerr, ok := err.(awserr.Error); ok { 706 switch aerr.Code() { 707 case kms.ErrCodeCustomKeyStoreNotFoundException: 708 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 709 case kms.ErrCodeInvalidMarkerException: 710 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 711 case kms.ErrCodeInternalException: 712 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 713 default: 714 fmt.Println(aerr.Error()) 715 } 716 } else { 717 // Print the error, cast err to awserr.Error to get the Code and 718 // Message from an error. 719 fmt.Println(err.Error()) 720 } 721 return 722 } 723 724 fmt.Println(result) 725 } 726 727 // To get detailed information about a custom key store associated with a CloudHSM cluster. 728 // 729 // This example gets detailed information about a particular AWS KMS custom key store 730 // that is associate with an AWS CloudHSM cluster. To limit the output to a particular 731 // custom key store, provide the custom key store name or ID. 732 func ExampleKMS_DescribeCustomKeyStores_shared01() { 733 svc := kms.New(session.New()) 734 input := &kms.DescribeCustomKeyStoresInput{ 735 CustomKeyStoreName: aws.String("ExampleKeyStore"), 736 } 737 738 result, err := svc.DescribeCustomKeyStores(input) 739 if err != nil { 740 if aerr, ok := err.(awserr.Error); ok { 741 switch aerr.Code() { 742 case kms.ErrCodeCustomKeyStoreNotFoundException: 743 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 744 case kms.ErrCodeInvalidMarkerException: 745 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 746 case kms.ErrCodeInternalException: 747 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 748 default: 749 fmt.Println(aerr.Error()) 750 } 751 } else { 752 // Print the error, cast err to awserr.Error to get the Code and 753 // Message from an error. 754 fmt.Println(err.Error()) 755 } 756 return 757 } 758 759 fmt.Println(result) 760 } 761 762 // To get details about a KMS key 763 // 764 // The following example gets metadata about a symmetric KMS key. 765 func ExampleKMS_DescribeKey_shared00() { 766 svc := kms.New(session.New()) 767 input := &kms.DescribeKeyInput{ 768 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 769 } 770 771 result, err := svc.DescribeKey(input) 772 if err != nil { 773 if aerr, ok := err.(awserr.Error); ok { 774 switch aerr.Code() { 775 case kms.ErrCodeNotFoundException: 776 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 777 case kms.ErrCodeInvalidArnException: 778 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 779 case kms.ErrCodeDependencyTimeoutException: 780 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 781 case kms.ErrCodeInternalException: 782 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 783 default: 784 fmt.Println(aerr.Error()) 785 } 786 } else { 787 // Print the error, cast err to awserr.Error to get the Code and 788 // Message from an error. 789 fmt.Println(err.Error()) 790 } 791 return 792 } 793 794 fmt.Println(result) 795 } 796 797 // To disable a KMS key 798 // 799 // The following example disables the specified KMS key. 800 func ExampleKMS_DisableKey_shared00() { 801 svc := kms.New(session.New()) 802 input := &kms.DisableKeyInput{ 803 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 804 } 805 806 result, err := svc.DisableKey(input) 807 if err != nil { 808 if aerr, ok := err.(awserr.Error); ok { 809 switch aerr.Code() { 810 case kms.ErrCodeNotFoundException: 811 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 812 case kms.ErrCodeInvalidArnException: 813 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 814 case kms.ErrCodeDependencyTimeoutException: 815 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 816 case kms.ErrCodeInternalException: 817 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 818 case kms.ErrCodeInvalidStateException: 819 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 820 default: 821 fmt.Println(aerr.Error()) 822 } 823 } else { 824 // Print the error, cast err to awserr.Error to get the Code and 825 // Message from an error. 826 fmt.Println(err.Error()) 827 } 828 return 829 } 830 831 fmt.Println(result) 832 } 833 834 // To disable automatic rotation of key material 835 // 836 // The following example disables automatic annual rotation of the key material for 837 // the specified KMS key. 838 func ExampleKMS_DisableKeyRotation_shared00() { 839 svc := kms.New(session.New()) 840 input := &kms.DisableKeyRotationInput{ 841 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 842 } 843 844 result, err := svc.DisableKeyRotation(input) 845 if err != nil { 846 if aerr, ok := err.(awserr.Error); ok { 847 switch aerr.Code() { 848 case kms.ErrCodeNotFoundException: 849 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 850 case kms.ErrCodeDisabledException: 851 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 852 case kms.ErrCodeInvalidArnException: 853 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 854 case kms.ErrCodeDependencyTimeoutException: 855 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 856 case kms.ErrCodeInternalException: 857 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 858 case kms.ErrCodeInvalidStateException: 859 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 860 case kms.ErrCodeUnsupportedOperationException: 861 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 862 default: 863 fmt.Println(aerr.Error()) 864 } 865 } else { 866 // Print the error, cast err to awserr.Error to get the Code and 867 // Message from an error. 868 fmt.Println(err.Error()) 869 } 870 return 871 } 872 873 fmt.Println(result) 874 } 875 876 // To disconnect a custom key store from its CloudHSM cluster 877 // 878 // This example disconnects an AWS KMS custom key store from its AWS CloudHSM cluster. 879 // This operation doesn't return any data. To verify that the custom key store is disconnected, 880 // use the <code>DescribeCustomKeyStores</code> operation. 881 func ExampleKMS_DisconnectCustomKeyStore_shared00() { 882 svc := kms.New(session.New()) 883 input := &kms.DisconnectCustomKeyStoreInput{ 884 CustomKeyStoreId: aws.String("cks-1234567890abcdef0"), 885 } 886 887 result, err := svc.DisconnectCustomKeyStore(input) 888 if err != nil { 889 if aerr, ok := err.(awserr.Error); ok { 890 switch aerr.Code() { 891 case kms.ErrCodeCustomKeyStoreInvalidStateException: 892 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 893 case kms.ErrCodeCustomKeyStoreNotFoundException: 894 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 895 case kms.ErrCodeInternalException: 896 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 897 default: 898 fmt.Println(aerr.Error()) 899 } 900 } else { 901 // Print the error, cast err to awserr.Error to get the Code and 902 // Message from an error. 903 fmt.Println(err.Error()) 904 } 905 return 906 } 907 908 fmt.Println(result) 909 } 910 911 // To enable a KMS key 912 // 913 // The following example enables the specified KMS key. 914 func ExampleKMS_EnableKey_shared00() { 915 svc := kms.New(session.New()) 916 input := &kms.EnableKeyInput{ 917 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 918 } 919 920 result, err := svc.EnableKey(input) 921 if err != nil { 922 if aerr, ok := err.(awserr.Error); ok { 923 switch aerr.Code() { 924 case kms.ErrCodeNotFoundException: 925 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 926 case kms.ErrCodeInvalidArnException: 927 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 928 case kms.ErrCodeDependencyTimeoutException: 929 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 930 case kms.ErrCodeInternalException: 931 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 932 case kms.ErrCodeLimitExceededException: 933 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 934 case kms.ErrCodeInvalidStateException: 935 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 936 default: 937 fmt.Println(aerr.Error()) 938 } 939 } else { 940 // Print the error, cast err to awserr.Error to get the Code and 941 // Message from an error. 942 fmt.Println(err.Error()) 943 } 944 return 945 } 946 947 fmt.Println(result) 948 } 949 950 // To enable automatic rotation of key material 951 // 952 // The following example enables automatic annual rotation of the key material for the 953 // specified KMS key. 954 func ExampleKMS_EnableKeyRotation_shared00() { 955 svc := kms.New(session.New()) 956 input := &kms.EnableKeyRotationInput{ 957 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 958 } 959 960 result, err := svc.EnableKeyRotation(input) 961 if err != nil { 962 if aerr, ok := err.(awserr.Error); ok { 963 switch aerr.Code() { 964 case kms.ErrCodeNotFoundException: 965 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 966 case kms.ErrCodeDisabledException: 967 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 968 case kms.ErrCodeInvalidArnException: 969 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 970 case kms.ErrCodeDependencyTimeoutException: 971 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 972 case kms.ErrCodeInternalException: 973 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 974 case kms.ErrCodeInvalidStateException: 975 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 976 case kms.ErrCodeUnsupportedOperationException: 977 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 978 default: 979 fmt.Println(aerr.Error()) 980 } 981 } else { 982 // Print the error, cast err to awserr.Error to get the Code and 983 // Message from an error. 984 fmt.Println(err.Error()) 985 } 986 return 987 } 988 989 fmt.Println(result) 990 } 991 992 // To encrypt data 993 // 994 // The following example encrypts data with the specified KMS key. 995 func ExampleKMS_Encrypt_shared00() { 996 svc := kms.New(session.New()) 997 input := &kms.EncryptInput{ 998 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 999 Plaintext: []byte("<binary data>"), 1000 } 1001 1002 result, err := svc.Encrypt(input) 1003 if err != nil { 1004 if aerr, ok := err.(awserr.Error); ok { 1005 switch aerr.Code() { 1006 case kms.ErrCodeNotFoundException: 1007 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1008 case kms.ErrCodeDisabledException: 1009 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1010 case kms.ErrCodeKeyUnavailableException: 1011 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1012 case kms.ErrCodeDependencyTimeoutException: 1013 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1014 case kms.ErrCodeInvalidKeyUsageException: 1015 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1016 case kms.ErrCodeInvalidGrantTokenException: 1017 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1018 case kms.ErrCodeInternalException: 1019 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1020 case kms.ErrCodeInvalidStateException: 1021 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1022 default: 1023 fmt.Println(aerr.Error()) 1024 } 1025 } else { 1026 // Print the error, cast err to awserr.Error to get the Code and 1027 // Message from an error. 1028 fmt.Println(err.Error()) 1029 } 1030 return 1031 } 1032 1033 fmt.Println(result) 1034 } 1035 1036 // To generate a data key 1037 // 1038 // The following example generates a 256-bit symmetric data encryption key (data key) 1039 // in two formats. One is the unencrypted (plainext) data key, and the other is the 1040 // data key encrypted with the specified KMS key. 1041 func ExampleKMS_GenerateDataKey_shared00() { 1042 svc := kms.New(session.New()) 1043 input := &kms.GenerateDataKeyInput{ 1044 KeyId: aws.String("alias/ExampleAlias"), 1045 KeySpec: aws.String("AES_256"), 1046 } 1047 1048 result, err := svc.GenerateDataKey(input) 1049 if err != nil { 1050 if aerr, ok := err.(awserr.Error); ok { 1051 switch aerr.Code() { 1052 case kms.ErrCodeNotFoundException: 1053 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1054 case kms.ErrCodeDisabledException: 1055 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1056 case kms.ErrCodeKeyUnavailableException: 1057 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1058 case kms.ErrCodeDependencyTimeoutException: 1059 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1060 case kms.ErrCodeInvalidKeyUsageException: 1061 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1062 case kms.ErrCodeInvalidGrantTokenException: 1063 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1064 case kms.ErrCodeInternalException: 1065 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1066 case kms.ErrCodeInvalidStateException: 1067 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1068 default: 1069 fmt.Println(aerr.Error()) 1070 } 1071 } else { 1072 // Print the error, cast err to awserr.Error to get the Code and 1073 // Message from an error. 1074 fmt.Println(err.Error()) 1075 } 1076 return 1077 } 1078 1079 fmt.Println(result) 1080 } 1081 1082 // To generate an RSA key pair for encryption and decryption 1083 // 1084 // This example generates an RSA data key pair for encryption and decryption. The operation 1085 // returns a plaintext public key and private key, and a copy of the private key that 1086 // is encrypted under a symmetric KMS key that you specify. 1087 func ExampleKMS_GenerateDataKeyPair_shared00() { 1088 svc := kms.New(session.New()) 1089 input := &kms.GenerateDataKeyPairInput{ 1090 KeyId: aws.String("arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 1091 KeyPairSpec: aws.String("RSA_3072"), 1092 } 1093 1094 result, err := svc.GenerateDataKeyPair(input) 1095 if err != nil { 1096 if aerr, ok := err.(awserr.Error); ok { 1097 switch aerr.Code() { 1098 case kms.ErrCodeNotFoundException: 1099 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1100 case kms.ErrCodeDisabledException: 1101 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1102 case kms.ErrCodeKeyUnavailableException: 1103 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1104 case kms.ErrCodeDependencyTimeoutException: 1105 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1106 case kms.ErrCodeInvalidKeyUsageException: 1107 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1108 case kms.ErrCodeInvalidGrantTokenException: 1109 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1110 case kms.ErrCodeInternalException: 1111 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1112 case kms.ErrCodeInvalidStateException: 1113 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1114 case kms.ErrCodeUnsupportedOperationException: 1115 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1116 default: 1117 fmt.Println(aerr.Error()) 1118 } 1119 } else { 1120 // Print the error, cast err to awserr.Error to get the Code and 1121 // Message from an error. 1122 fmt.Println(err.Error()) 1123 } 1124 return 1125 } 1126 1127 fmt.Println(result) 1128 } 1129 1130 // To generate an asymmetric data key pair without a plaintext key 1131 // 1132 // This example returns an asymmetric elliptic curve (ECC) data key pair. The private 1133 // key is encrypted under the symmetric KMS key that you specify. This operation doesn't 1134 // return a plaintext (unencrypted) private key. 1135 func ExampleKMS_GenerateDataKeyPairWithoutPlaintext_shared00() { 1136 svc := kms.New(session.New()) 1137 input := &kms.GenerateDataKeyPairWithoutPlaintextInput{ 1138 KeyId: aws.String("arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 1139 KeyPairSpec: aws.String("ECC_NIST_P521"), 1140 } 1141 1142 result, err := svc.GenerateDataKeyPairWithoutPlaintext(input) 1143 if err != nil { 1144 if aerr, ok := err.(awserr.Error); ok { 1145 switch aerr.Code() { 1146 case kms.ErrCodeNotFoundException: 1147 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1148 case kms.ErrCodeDisabledException: 1149 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1150 case kms.ErrCodeKeyUnavailableException: 1151 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1152 case kms.ErrCodeDependencyTimeoutException: 1153 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1154 case kms.ErrCodeInvalidKeyUsageException: 1155 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1156 case kms.ErrCodeInvalidGrantTokenException: 1157 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1158 case kms.ErrCodeInternalException: 1159 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1160 case kms.ErrCodeInvalidStateException: 1161 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1162 case kms.ErrCodeUnsupportedOperationException: 1163 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1164 default: 1165 fmt.Println(aerr.Error()) 1166 } 1167 } else { 1168 // Print the error, cast err to awserr.Error to get the Code and 1169 // Message from an error. 1170 fmt.Println(err.Error()) 1171 } 1172 return 1173 } 1174 1175 fmt.Println(result) 1176 } 1177 1178 // To generate an encrypted data key 1179 // 1180 // The following example generates an encrypted copy of a 256-bit symmetric data encryption 1181 // key (data key). The data key is encrypted with the specified KMS key. 1182 func ExampleKMS_GenerateDataKeyWithoutPlaintext_shared00() { 1183 svc := kms.New(session.New()) 1184 input := &kms.GenerateDataKeyWithoutPlaintextInput{ 1185 KeyId: aws.String("alias/ExampleAlias"), 1186 KeySpec: aws.String("AES_256"), 1187 } 1188 1189 result, err := svc.GenerateDataKeyWithoutPlaintext(input) 1190 if err != nil { 1191 if aerr, ok := err.(awserr.Error); ok { 1192 switch aerr.Code() { 1193 case kms.ErrCodeNotFoundException: 1194 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1195 case kms.ErrCodeDisabledException: 1196 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1197 case kms.ErrCodeKeyUnavailableException: 1198 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1199 case kms.ErrCodeDependencyTimeoutException: 1200 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1201 case kms.ErrCodeInvalidKeyUsageException: 1202 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1203 case kms.ErrCodeInvalidGrantTokenException: 1204 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1205 case kms.ErrCodeInternalException: 1206 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1207 case kms.ErrCodeInvalidStateException: 1208 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1209 default: 1210 fmt.Println(aerr.Error()) 1211 } 1212 } else { 1213 // Print the error, cast err to awserr.Error to get the Code and 1214 // Message from an error. 1215 fmt.Println(err.Error()) 1216 } 1217 return 1218 } 1219 1220 fmt.Println(result) 1221 } 1222 1223 // To generate random data 1224 // 1225 // The following example generates 32 bytes of random data. 1226 func ExampleKMS_GenerateRandom_shared00() { 1227 svc := kms.New(session.New()) 1228 input := &kms.GenerateRandomInput{ 1229 NumberOfBytes: aws.Int64(32), 1230 } 1231 1232 result, err := svc.GenerateRandom(input) 1233 if err != nil { 1234 if aerr, ok := err.(awserr.Error); ok { 1235 switch aerr.Code() { 1236 case kms.ErrCodeDependencyTimeoutException: 1237 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1238 case kms.ErrCodeInternalException: 1239 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1240 case kms.ErrCodeCustomKeyStoreNotFoundException: 1241 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 1242 case kms.ErrCodeCustomKeyStoreInvalidStateException: 1243 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 1244 default: 1245 fmt.Println(aerr.Error()) 1246 } 1247 } else { 1248 // Print the error, cast err to awserr.Error to get the Code and 1249 // Message from an error. 1250 fmt.Println(err.Error()) 1251 } 1252 return 1253 } 1254 1255 fmt.Println(result) 1256 } 1257 1258 // To retrieve a key policy 1259 // 1260 // The following example retrieves the key policy for the specified KMS key. 1261 func ExampleKMS_GetKeyPolicy_shared00() { 1262 svc := kms.New(session.New()) 1263 input := &kms.GetKeyPolicyInput{ 1264 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1265 PolicyName: aws.String("default"), 1266 } 1267 1268 result, err := svc.GetKeyPolicy(input) 1269 if err != nil { 1270 if aerr, ok := err.(awserr.Error); ok { 1271 switch aerr.Code() { 1272 case kms.ErrCodeNotFoundException: 1273 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1274 case kms.ErrCodeInvalidArnException: 1275 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1276 case kms.ErrCodeDependencyTimeoutException: 1277 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1278 case kms.ErrCodeInternalException: 1279 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1280 case kms.ErrCodeInvalidStateException: 1281 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1282 default: 1283 fmt.Println(aerr.Error()) 1284 } 1285 } else { 1286 // Print the error, cast err to awserr.Error to get the Code and 1287 // Message from an error. 1288 fmt.Println(err.Error()) 1289 } 1290 return 1291 } 1292 1293 fmt.Println(result) 1294 } 1295 1296 // To retrieve the rotation status for a KMS key 1297 // 1298 // The following example retrieves the status of automatic annual rotation of the key 1299 // material for the specified KMS key. 1300 func ExampleKMS_GetKeyRotationStatus_shared00() { 1301 svc := kms.New(session.New()) 1302 input := &kms.GetKeyRotationStatusInput{ 1303 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1304 } 1305 1306 result, err := svc.GetKeyRotationStatus(input) 1307 if err != nil { 1308 if aerr, ok := err.(awserr.Error); ok { 1309 switch aerr.Code() { 1310 case kms.ErrCodeNotFoundException: 1311 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1312 case kms.ErrCodeInvalidArnException: 1313 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1314 case kms.ErrCodeDependencyTimeoutException: 1315 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1316 case kms.ErrCodeInternalException: 1317 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1318 case kms.ErrCodeInvalidStateException: 1319 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1320 case kms.ErrCodeUnsupportedOperationException: 1321 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1322 default: 1323 fmt.Println(aerr.Error()) 1324 } 1325 } else { 1326 // Print the error, cast err to awserr.Error to get the Code and 1327 // Message from an error. 1328 fmt.Println(err.Error()) 1329 } 1330 return 1331 } 1332 1333 fmt.Println(result) 1334 } 1335 1336 // To retrieve the public key and import token for a KMS key 1337 // 1338 // The following example retrieves the public key and import token for the specified 1339 // KMS key. 1340 func ExampleKMS_GetParametersForImport_shared00() { 1341 svc := kms.New(session.New()) 1342 input := &kms.GetParametersForImportInput{ 1343 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1344 WrappingAlgorithm: aws.String("RSAES_OAEP_SHA_1"), 1345 WrappingKeySpec: aws.String("RSA_2048"), 1346 } 1347 1348 result, err := svc.GetParametersForImport(input) 1349 if err != nil { 1350 if aerr, ok := err.(awserr.Error); ok { 1351 switch aerr.Code() { 1352 case kms.ErrCodeInvalidArnException: 1353 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1354 case kms.ErrCodeUnsupportedOperationException: 1355 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1356 case kms.ErrCodeDependencyTimeoutException: 1357 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1358 case kms.ErrCodeNotFoundException: 1359 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1360 case kms.ErrCodeInternalException: 1361 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1362 case kms.ErrCodeInvalidStateException: 1363 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1364 default: 1365 fmt.Println(aerr.Error()) 1366 } 1367 } else { 1368 // Print the error, cast err to awserr.Error to get the Code and 1369 // Message from an error. 1370 fmt.Println(err.Error()) 1371 } 1372 return 1373 } 1374 1375 fmt.Println(result) 1376 } 1377 1378 // To download the public key of an asymmetric KMS key 1379 // 1380 // This example gets the public key of an asymmetric RSA KMS key used for encryption 1381 // and decryption. The operation returns the key spec, key usage, and encryption or 1382 // signing algorithms to help you use the public key correctly outside of AWS KMS. 1383 func ExampleKMS_GetPublicKey_shared00() { 1384 svc := kms.New(session.New()) 1385 input := &kms.GetPublicKeyInput{ 1386 KeyId: aws.String("arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321"), 1387 } 1388 1389 result, err := svc.GetPublicKey(input) 1390 if err != nil { 1391 if aerr, ok := err.(awserr.Error); ok { 1392 switch aerr.Code() { 1393 case kms.ErrCodeNotFoundException: 1394 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1395 case kms.ErrCodeDisabledException: 1396 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1397 case kms.ErrCodeKeyUnavailableException: 1398 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1399 case kms.ErrCodeDependencyTimeoutException: 1400 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1401 case kms.ErrCodeUnsupportedOperationException: 1402 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1403 case kms.ErrCodeInvalidArnException: 1404 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1405 case kms.ErrCodeInvalidGrantTokenException: 1406 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1407 case kms.ErrCodeInvalidKeyUsageException: 1408 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1409 case kms.ErrCodeInternalException: 1410 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1411 case kms.ErrCodeInvalidStateException: 1412 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1413 default: 1414 fmt.Println(aerr.Error()) 1415 } 1416 } else { 1417 // Print the error, cast err to awserr.Error to get the Code and 1418 // Message from an error. 1419 fmt.Println(err.Error()) 1420 } 1421 return 1422 } 1423 1424 fmt.Println(result) 1425 } 1426 1427 // To import key material into a KMS key 1428 // 1429 // The following example imports key material into the specified KMS key. 1430 func ExampleKMS_ImportKeyMaterial_shared00() { 1431 svc := kms.New(session.New()) 1432 input := &kms.ImportKeyMaterialInput{ 1433 EncryptedKeyMaterial: []byte("<binary data>"), 1434 ExpirationModel: aws.String("KEY_MATERIAL_DOES_NOT_EXPIRE"), 1435 ImportToken: []byte("<binary data>"), 1436 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1437 } 1438 1439 result, err := svc.ImportKeyMaterial(input) 1440 if err != nil { 1441 if aerr, ok := err.(awserr.Error); ok { 1442 switch aerr.Code() { 1443 case kms.ErrCodeInvalidArnException: 1444 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1445 case kms.ErrCodeUnsupportedOperationException: 1446 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1447 case kms.ErrCodeDependencyTimeoutException: 1448 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1449 case kms.ErrCodeNotFoundException: 1450 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1451 case kms.ErrCodeInternalException: 1452 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1453 case kms.ErrCodeInvalidStateException: 1454 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1455 case kms.ErrCodeInvalidCiphertextException: 1456 fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) 1457 case kms.ErrCodeIncorrectKeyMaterialException: 1458 fmt.Println(kms.ErrCodeIncorrectKeyMaterialException, aerr.Error()) 1459 case kms.ErrCodeExpiredImportTokenException: 1460 fmt.Println(kms.ErrCodeExpiredImportTokenException, aerr.Error()) 1461 case kms.ErrCodeInvalidImportTokenException: 1462 fmt.Println(kms.ErrCodeInvalidImportTokenException, aerr.Error()) 1463 default: 1464 fmt.Println(aerr.Error()) 1465 } 1466 } else { 1467 // Print the error, cast err to awserr.Error to get the Code and 1468 // Message from an error. 1469 fmt.Println(err.Error()) 1470 } 1471 return 1472 } 1473 1474 fmt.Println(result) 1475 } 1476 1477 // To list aliases 1478 // 1479 // The following example lists aliases. 1480 func ExampleKMS_ListAliases_shared00() { 1481 svc := kms.New(session.New()) 1482 input := &kms.ListAliasesInput{} 1483 1484 result, err := svc.ListAliases(input) 1485 if err != nil { 1486 if aerr, ok := err.(awserr.Error); ok { 1487 switch aerr.Code() { 1488 case kms.ErrCodeDependencyTimeoutException: 1489 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1490 case kms.ErrCodeInvalidMarkerException: 1491 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 1492 case kms.ErrCodeInternalException: 1493 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1494 case kms.ErrCodeInvalidArnException: 1495 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1496 case kms.ErrCodeNotFoundException: 1497 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1498 default: 1499 fmt.Println(aerr.Error()) 1500 } 1501 } else { 1502 // Print the error, cast err to awserr.Error to get the Code and 1503 // Message from an error. 1504 fmt.Println(err.Error()) 1505 } 1506 return 1507 } 1508 1509 fmt.Println(result) 1510 } 1511 1512 // To list grants for a KMS key 1513 // 1514 // The following example lists grants for the specified KMS key. 1515 func ExampleKMS_ListGrants_shared00() { 1516 svc := kms.New(session.New()) 1517 input := &kms.ListGrantsInput{ 1518 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1519 } 1520 1521 result, err := svc.ListGrants(input) 1522 if err != nil { 1523 if aerr, ok := err.(awserr.Error); ok { 1524 switch aerr.Code() { 1525 case kms.ErrCodeNotFoundException: 1526 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1527 case kms.ErrCodeDependencyTimeoutException: 1528 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1529 case kms.ErrCodeInvalidMarkerException: 1530 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 1531 case kms.ErrCodeInvalidGrantIdException: 1532 fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) 1533 case kms.ErrCodeInvalidArnException: 1534 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1535 case kms.ErrCodeInternalException: 1536 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1537 case kms.ErrCodeInvalidStateException: 1538 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1539 default: 1540 fmt.Println(aerr.Error()) 1541 } 1542 } else { 1543 // Print the error, cast err to awserr.Error to get the Code and 1544 // Message from an error. 1545 fmt.Println(err.Error()) 1546 } 1547 return 1548 } 1549 1550 fmt.Println(result) 1551 } 1552 1553 // To list key policies for a KMS key 1554 // 1555 // The following example lists key policies for the specified KMS key. 1556 func ExampleKMS_ListKeyPolicies_shared00() { 1557 svc := kms.New(session.New()) 1558 input := &kms.ListKeyPoliciesInput{ 1559 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1560 } 1561 1562 result, err := svc.ListKeyPolicies(input) 1563 if err != nil { 1564 if aerr, ok := err.(awserr.Error); ok { 1565 switch aerr.Code() { 1566 case kms.ErrCodeNotFoundException: 1567 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1568 case kms.ErrCodeInvalidArnException: 1569 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1570 case kms.ErrCodeDependencyTimeoutException: 1571 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1572 case kms.ErrCodeInternalException: 1573 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1574 case kms.ErrCodeInvalidStateException: 1575 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1576 default: 1577 fmt.Println(aerr.Error()) 1578 } 1579 } else { 1580 // Print the error, cast err to awserr.Error to get the Code and 1581 // Message from an error. 1582 fmt.Println(err.Error()) 1583 } 1584 return 1585 } 1586 1587 fmt.Println(result) 1588 } 1589 1590 // To list KMS keys 1591 // 1592 // The following example lists KMS keys. 1593 func ExampleKMS_ListKeys_shared00() { 1594 svc := kms.New(session.New()) 1595 input := &kms.ListKeysInput{} 1596 1597 result, err := svc.ListKeys(input) 1598 if err != nil { 1599 if aerr, ok := err.(awserr.Error); ok { 1600 switch aerr.Code() { 1601 case kms.ErrCodeDependencyTimeoutException: 1602 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1603 case kms.ErrCodeInternalException: 1604 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1605 case kms.ErrCodeInvalidMarkerException: 1606 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 1607 default: 1608 fmt.Println(aerr.Error()) 1609 } 1610 } else { 1611 // Print the error, cast err to awserr.Error to get the Code and 1612 // Message from an error. 1613 fmt.Println(err.Error()) 1614 } 1615 return 1616 } 1617 1618 fmt.Println(result) 1619 } 1620 1621 // To list tags for a KMS key 1622 // 1623 // The following example lists tags for a KMS key. 1624 func ExampleKMS_ListResourceTags_shared00() { 1625 svc := kms.New(session.New()) 1626 input := &kms.ListResourceTagsInput{ 1627 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1628 } 1629 1630 result, err := svc.ListResourceTags(input) 1631 if err != nil { 1632 if aerr, ok := err.(awserr.Error); ok { 1633 switch aerr.Code() { 1634 case kms.ErrCodeInternalException: 1635 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1636 case kms.ErrCodeNotFoundException: 1637 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1638 case kms.ErrCodeInvalidArnException: 1639 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1640 case kms.ErrCodeInvalidMarkerException: 1641 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 1642 default: 1643 fmt.Println(aerr.Error()) 1644 } 1645 } else { 1646 // Print the error, cast err to awserr.Error to get the Code and 1647 // Message from an error. 1648 fmt.Println(err.Error()) 1649 } 1650 return 1651 } 1652 1653 fmt.Println(result) 1654 } 1655 1656 // To list grants that the specified principal can retire 1657 // 1658 // The following example lists the grants that the specified principal (identity) can 1659 // retire. 1660 func ExampleKMS_ListRetirableGrants_shared00() { 1661 svc := kms.New(session.New()) 1662 input := &kms.ListRetirableGrantsInput{ 1663 RetiringPrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"), 1664 } 1665 1666 result, err := svc.ListRetirableGrants(input) 1667 if err != nil { 1668 if aerr, ok := err.(awserr.Error); ok { 1669 switch aerr.Code() { 1670 case kms.ErrCodeDependencyTimeoutException: 1671 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1672 case kms.ErrCodeInvalidMarkerException: 1673 fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) 1674 case kms.ErrCodeInvalidArnException: 1675 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1676 case kms.ErrCodeNotFoundException: 1677 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1678 case kms.ErrCodeInternalException: 1679 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1680 default: 1681 fmt.Println(aerr.Error()) 1682 } 1683 } else { 1684 // Print the error, cast err to awserr.Error to get the Code and 1685 // Message from an error. 1686 fmt.Println(err.Error()) 1687 } 1688 return 1689 } 1690 1691 fmt.Println(result) 1692 } 1693 1694 // To attach a key policy to a KMS key 1695 // 1696 // The following example attaches a key policy to the specified KMS key. 1697 func ExampleKMS_PutKeyPolicy_shared00() { 1698 svc := kms.New(session.New()) 1699 input := &kms.PutKeyPolicyInput{ 1700 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1701 Policy: aws.String("{\n \"Version\": \"2012-10-17\",\n \"Id\": \"custom-policy-2016-12-07\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:root\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow access for Key Administrators\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::111122223333:user/ExampleAdminUser\",\n \"arn:aws:iam::111122223333:role/ExampleAdminRole\"\n ]\n },\n \"Action\": [\n \"kms:Create*\",\n \"kms:Describe*\",\n \"kms:Enable*\",\n \"kms:List*\",\n \"kms:Put*\",\n \"kms:Update*\",\n \"kms:Revoke*\",\n \"kms:Disable*\",\n \"kms:Get*\",\n \"kms:Delete*\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow use of the key\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:Encrypt\",\n \"kms:Decrypt\",\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:DescribeKey\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow attachment of persistent resources\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:CreateGrant\",\n \"kms:ListGrants\",\n \"kms:RevokeGrant\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\"\n }\n }\n }\n ]\n}\n"), 1702 PolicyName: aws.String("default"), 1703 } 1704 1705 result, err := svc.PutKeyPolicy(input) 1706 if err != nil { 1707 if aerr, ok := err.(awserr.Error); ok { 1708 switch aerr.Code() { 1709 case kms.ErrCodeNotFoundException: 1710 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1711 case kms.ErrCodeInvalidArnException: 1712 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1713 case kms.ErrCodeMalformedPolicyDocumentException: 1714 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 1715 case kms.ErrCodeDependencyTimeoutException: 1716 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1717 case kms.ErrCodeUnsupportedOperationException: 1718 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1719 case kms.ErrCodeInternalException: 1720 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1721 case kms.ErrCodeLimitExceededException: 1722 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 1723 case kms.ErrCodeInvalidStateException: 1724 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1725 default: 1726 fmt.Println(aerr.Error()) 1727 } 1728 } else { 1729 // Print the error, cast err to awserr.Error to get the Code and 1730 // Message from an error. 1731 fmt.Println(err.Error()) 1732 } 1733 return 1734 } 1735 1736 fmt.Println(result) 1737 } 1738 1739 // To reencrypt data 1740 // 1741 // The following example reencrypts data with the specified KMS key. 1742 func ExampleKMS_ReEncrypt_shared00() { 1743 svc := kms.New(session.New()) 1744 input := &kms.ReEncryptInput{ 1745 CiphertextBlob: []byte("<binary data>"), 1746 DestinationKeyId: aws.String("0987dcba-09fe-87dc-65ba-ab0987654321"), 1747 } 1748 1749 result, err := svc.ReEncrypt(input) 1750 if err != nil { 1751 if aerr, ok := err.(awserr.Error); ok { 1752 switch aerr.Code() { 1753 case kms.ErrCodeNotFoundException: 1754 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1755 case kms.ErrCodeDisabledException: 1756 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1757 case kms.ErrCodeInvalidCiphertextException: 1758 fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) 1759 case kms.ErrCodeKeyUnavailableException: 1760 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1761 case kms.ErrCodeIncorrectKeyException: 1762 fmt.Println(kms.ErrCodeIncorrectKeyException, aerr.Error()) 1763 case kms.ErrCodeDependencyTimeoutException: 1764 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1765 case kms.ErrCodeInvalidKeyUsageException: 1766 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1767 case kms.ErrCodeInvalidGrantTokenException: 1768 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1769 case kms.ErrCodeInternalException: 1770 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1771 case kms.ErrCodeInvalidStateException: 1772 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1773 default: 1774 fmt.Println(aerr.Error()) 1775 } 1776 } else { 1777 // Print the error, cast err to awserr.Error to get the Code and 1778 // Message from an error. 1779 fmt.Println(err.Error()) 1780 } 1781 return 1782 } 1783 1784 fmt.Println(result) 1785 } 1786 1787 // To replicate a multi-Region key in a different AWS Region 1788 // 1789 // This example creates a multi-Region replica key in us-west-2 of a multi-Region primary 1790 // key in us-east-1. 1791 func ExampleKMS_ReplicateKey_shared00() { 1792 svc := kms.New(session.New()) 1793 input := &kms.ReplicateKeyInput{ 1794 KeyId: aws.String("arn:aws:kms:us-east-1:111122223333:key/mrk-1234abcd12ab34cd56ef1234567890ab"), 1795 ReplicaRegion: aws.String("us-west-2"), 1796 } 1797 1798 result, err := svc.ReplicateKey(input) 1799 if err != nil { 1800 if aerr, ok := err.(awserr.Error); ok { 1801 switch aerr.Code() { 1802 case kms.ErrCodeAlreadyExistsException: 1803 fmt.Println(kms.ErrCodeAlreadyExistsException, aerr.Error()) 1804 case kms.ErrCodeDisabledException: 1805 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1806 case kms.ErrCodeInvalidArnException: 1807 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1808 case kms.ErrCodeInvalidStateException: 1809 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1810 case kms.ErrCodeInternalException: 1811 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1812 case kms.ErrCodeLimitExceededException: 1813 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 1814 case kms.ErrCodeMalformedPolicyDocumentException: 1815 fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) 1816 case kms.ErrCodeNotFoundException: 1817 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1818 case kms.ErrCodeTagException: 1819 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 1820 case kms.ErrCodeUnsupportedOperationException: 1821 fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) 1822 default: 1823 fmt.Println(aerr.Error()) 1824 } 1825 } else { 1826 // Print the error, cast err to awserr.Error to get the Code and 1827 // Message from an error. 1828 fmt.Println(err.Error()) 1829 } 1830 return 1831 } 1832 1833 fmt.Println(result) 1834 } 1835 1836 // To retire a grant 1837 // 1838 // The following example retires a grant. 1839 func ExampleKMS_RetireGrant_shared00() { 1840 svc := kms.New(session.New()) 1841 input := &kms.RetireGrantInput{ 1842 GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"), 1843 KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"), 1844 } 1845 1846 result, err := svc.RetireGrant(input) 1847 if err != nil { 1848 if aerr, ok := err.(awserr.Error); ok { 1849 switch aerr.Code() { 1850 case kms.ErrCodeInvalidArnException: 1851 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1852 case kms.ErrCodeInvalidGrantTokenException: 1853 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1854 case kms.ErrCodeInvalidGrantIdException: 1855 fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) 1856 case kms.ErrCodeNotFoundException: 1857 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1858 case kms.ErrCodeDependencyTimeoutException: 1859 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1860 case kms.ErrCodeInternalException: 1861 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1862 case kms.ErrCodeInvalidStateException: 1863 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1864 default: 1865 fmt.Println(aerr.Error()) 1866 } 1867 } else { 1868 // Print the error, cast err to awserr.Error to get the Code and 1869 // Message from an error. 1870 fmt.Println(err.Error()) 1871 } 1872 return 1873 } 1874 1875 fmt.Println(result) 1876 } 1877 1878 // To revoke a grant 1879 // 1880 // The following example revokes a grant. 1881 func ExampleKMS_RevokeGrant_shared00() { 1882 svc := kms.New(session.New()) 1883 input := &kms.RevokeGrantInput{ 1884 GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"), 1885 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1886 } 1887 1888 result, err := svc.RevokeGrant(input) 1889 if err != nil { 1890 if aerr, ok := err.(awserr.Error); ok { 1891 switch aerr.Code() { 1892 case kms.ErrCodeNotFoundException: 1893 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1894 case kms.ErrCodeDependencyTimeoutException: 1895 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1896 case kms.ErrCodeInvalidArnException: 1897 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1898 case kms.ErrCodeInvalidGrantIdException: 1899 fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) 1900 case kms.ErrCodeInternalException: 1901 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1902 case kms.ErrCodeInvalidStateException: 1903 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1904 default: 1905 fmt.Println(aerr.Error()) 1906 } 1907 } else { 1908 // Print the error, cast err to awserr.Error to get the Code and 1909 // Message from an error. 1910 fmt.Println(err.Error()) 1911 } 1912 return 1913 } 1914 1915 fmt.Println(result) 1916 } 1917 1918 // To schedule a KMS key for deletion 1919 // 1920 // The following example schedules the specified KMS key for deletion. 1921 func ExampleKMS_ScheduleKeyDeletion_shared00() { 1922 svc := kms.New(session.New()) 1923 input := &kms.ScheduleKeyDeletionInput{ 1924 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 1925 PendingWindowInDays: aws.Int64(7), 1926 } 1927 1928 result, err := svc.ScheduleKeyDeletion(input) 1929 if err != nil { 1930 if aerr, ok := err.(awserr.Error); ok { 1931 switch aerr.Code() { 1932 case kms.ErrCodeNotFoundException: 1933 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1934 case kms.ErrCodeInvalidArnException: 1935 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 1936 case kms.ErrCodeDependencyTimeoutException: 1937 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1938 case kms.ErrCodeInternalException: 1939 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1940 case kms.ErrCodeInvalidStateException: 1941 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1942 default: 1943 fmt.Println(aerr.Error()) 1944 } 1945 } else { 1946 // Print the error, cast err to awserr.Error to get the Code and 1947 // Message from an error. 1948 fmt.Println(err.Error()) 1949 } 1950 return 1951 } 1952 1953 fmt.Println(result) 1954 } 1955 1956 // To digitally sign a message with an asymmetric KMS key. 1957 // 1958 // This operation uses the private key in an asymmetric elliptic curve (ECC) KMS key 1959 // to generate a digital signature for a given message. 1960 func ExampleKMS_Sign_shared00() { 1961 svc := kms.New(session.New()) 1962 input := &kms.SignInput{ 1963 KeyId: aws.String("alias/ECC_signing_key"), 1964 Message: []byte("<message to be signed>"), 1965 MessageType: aws.String("RAW"), 1966 SigningAlgorithm: aws.String("ECDSA_SHA_384"), 1967 } 1968 1969 result, err := svc.Sign(input) 1970 if err != nil { 1971 if aerr, ok := err.(awserr.Error); ok { 1972 switch aerr.Code() { 1973 case kms.ErrCodeNotFoundException: 1974 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 1975 case kms.ErrCodeDisabledException: 1976 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 1977 case kms.ErrCodeKeyUnavailableException: 1978 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 1979 case kms.ErrCodeDependencyTimeoutException: 1980 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 1981 case kms.ErrCodeInvalidKeyUsageException: 1982 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 1983 case kms.ErrCodeInvalidGrantTokenException: 1984 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 1985 case kms.ErrCodeInternalException: 1986 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 1987 case kms.ErrCodeInvalidStateException: 1988 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 1989 default: 1990 fmt.Println(aerr.Error()) 1991 } 1992 } else { 1993 // Print the error, cast err to awserr.Error to get the Code and 1994 // Message from an error. 1995 fmt.Println(err.Error()) 1996 } 1997 return 1998 } 1999 2000 fmt.Println(result) 2001 } 2002 2003 // To tag a KMS key 2004 // 2005 // The following example tags a KMS key. 2006 func ExampleKMS_TagResource_shared00() { 2007 svc := kms.New(session.New()) 2008 input := &kms.TagResourceInput{ 2009 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 2010 Tags: []*kms.Tag{ 2011 { 2012 TagKey: aws.String("Purpose"), 2013 TagValue: aws.String("Test"), 2014 }, 2015 }, 2016 } 2017 2018 result, err := svc.TagResource(input) 2019 if err != nil { 2020 if aerr, ok := err.(awserr.Error); ok { 2021 switch aerr.Code() { 2022 case kms.ErrCodeInternalException: 2023 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 2024 case kms.ErrCodeNotFoundException: 2025 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 2026 case kms.ErrCodeInvalidArnException: 2027 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 2028 case kms.ErrCodeInvalidStateException: 2029 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 2030 case kms.ErrCodeLimitExceededException: 2031 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 2032 case kms.ErrCodeTagException: 2033 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 2034 default: 2035 fmt.Println(aerr.Error()) 2036 } 2037 } else { 2038 // Print the error, cast err to awserr.Error to get the Code and 2039 // Message from an error. 2040 fmt.Println(err.Error()) 2041 } 2042 return 2043 } 2044 2045 fmt.Println(result) 2046 } 2047 2048 // To remove tags from a KMS key 2049 // 2050 // The following example removes tags from a KMS key. 2051 func ExampleKMS_UntagResource_shared00() { 2052 svc := kms.New(session.New()) 2053 input := &kms.UntagResourceInput{ 2054 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 2055 TagKeys: []*string{ 2056 aws.String("Purpose"), 2057 aws.String("CostCenter"), 2058 }, 2059 } 2060 2061 result, err := svc.UntagResource(input) 2062 if err != nil { 2063 if aerr, ok := err.(awserr.Error); ok { 2064 switch aerr.Code() { 2065 case kms.ErrCodeInternalException: 2066 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 2067 case kms.ErrCodeNotFoundException: 2068 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 2069 case kms.ErrCodeInvalidArnException: 2070 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 2071 case kms.ErrCodeInvalidStateException: 2072 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 2073 case kms.ErrCodeTagException: 2074 fmt.Println(kms.ErrCodeTagException, aerr.Error()) 2075 default: 2076 fmt.Println(aerr.Error()) 2077 } 2078 } else { 2079 // Print the error, cast err to awserr.Error to get the Code and 2080 // Message from an error. 2081 fmt.Println(err.Error()) 2082 } 2083 return 2084 } 2085 2086 fmt.Println(result) 2087 } 2088 2089 // To update an alias 2090 // 2091 // The following example updates the specified alias to refer to the specified KMS key. 2092 func ExampleKMS_UpdateAlias_shared00() { 2093 svc := kms.New(session.New()) 2094 input := &kms.UpdateAliasInput{ 2095 AliasName: aws.String("alias/ExampleAlias"), 2096 TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 2097 } 2098 2099 result, err := svc.UpdateAlias(input) 2100 if err != nil { 2101 if aerr, ok := err.(awserr.Error); ok { 2102 switch aerr.Code() { 2103 case kms.ErrCodeDependencyTimeoutException: 2104 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 2105 case kms.ErrCodeNotFoundException: 2106 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 2107 case kms.ErrCodeInternalException: 2108 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 2109 case kms.ErrCodeLimitExceededException: 2110 fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) 2111 case kms.ErrCodeInvalidStateException: 2112 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 2113 default: 2114 fmt.Println(aerr.Error()) 2115 } 2116 } else { 2117 // Print the error, cast err to awserr.Error to get the Code and 2118 // Message from an error. 2119 fmt.Println(err.Error()) 2120 } 2121 return 2122 } 2123 2124 fmt.Println(result) 2125 } 2126 2127 // To edit the password of a custom key store 2128 // 2129 // This example tells KMS the password for the kmsuser crypto user in the AWS CloudHSM 2130 // cluster that is associated with the AWS KMS custom key store. (It does not change 2131 // the password in the CloudHSM cluster.) This operation does not return any data. 2132 func ExampleKMS_UpdateCustomKeyStore_shared00() { 2133 svc := kms.New(session.New()) 2134 input := &kms.UpdateCustomKeyStoreInput{ 2135 CustomKeyStoreId: aws.String("cks-1234567890abcdef0"), 2136 KeyStorePassword: aws.String("ExamplePassword"), 2137 } 2138 2139 result, err := svc.UpdateCustomKeyStore(input) 2140 if err != nil { 2141 if aerr, ok := err.(awserr.Error); ok { 2142 switch aerr.Code() { 2143 case kms.ErrCodeCustomKeyStoreNotFoundException: 2144 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 2145 case kms.ErrCodeCustomKeyStoreNameInUseException: 2146 fmt.Println(kms.ErrCodeCustomKeyStoreNameInUseException, aerr.Error()) 2147 case kms.ErrCodeCloudHsmClusterNotFoundException: 2148 fmt.Println(kms.ErrCodeCloudHsmClusterNotFoundException, aerr.Error()) 2149 case kms.ErrCodeCloudHsmClusterNotRelatedException: 2150 fmt.Println(kms.ErrCodeCloudHsmClusterNotRelatedException, aerr.Error()) 2151 case kms.ErrCodeCustomKeyStoreInvalidStateException: 2152 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 2153 case kms.ErrCodeInternalException: 2154 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 2155 case kms.ErrCodeCloudHsmClusterNotActiveException: 2156 fmt.Println(kms.ErrCodeCloudHsmClusterNotActiveException, aerr.Error()) 2157 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 2158 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 2159 default: 2160 fmt.Println(aerr.Error()) 2161 } 2162 } else { 2163 // Print the error, cast err to awserr.Error to get the Code and 2164 // Message from an error. 2165 fmt.Println(err.Error()) 2166 } 2167 return 2168 } 2169 2170 fmt.Println(result) 2171 } 2172 2173 // To edit the friendly name of a custom key store 2174 // 2175 // This example changes the friendly name of the AWS KMS custom key store to the name 2176 // that you specify. This operation does not return any data. To verify that the operation 2177 // worked, use the DescribeCustomKeyStores operation. 2178 func ExampleKMS_UpdateCustomKeyStore_shared01() { 2179 svc := kms.New(session.New()) 2180 input := &kms.UpdateCustomKeyStoreInput{ 2181 CustomKeyStoreId: aws.String("cks-1234567890abcdef0"), 2182 NewCustomKeyStoreName: aws.String("DevelopmentKeys"), 2183 } 2184 2185 result, err := svc.UpdateCustomKeyStore(input) 2186 if err != nil { 2187 if aerr, ok := err.(awserr.Error); ok { 2188 switch aerr.Code() { 2189 case kms.ErrCodeCustomKeyStoreNotFoundException: 2190 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 2191 case kms.ErrCodeCustomKeyStoreNameInUseException: 2192 fmt.Println(kms.ErrCodeCustomKeyStoreNameInUseException, aerr.Error()) 2193 case kms.ErrCodeCloudHsmClusterNotFoundException: 2194 fmt.Println(kms.ErrCodeCloudHsmClusterNotFoundException, aerr.Error()) 2195 case kms.ErrCodeCloudHsmClusterNotRelatedException: 2196 fmt.Println(kms.ErrCodeCloudHsmClusterNotRelatedException, aerr.Error()) 2197 case kms.ErrCodeCustomKeyStoreInvalidStateException: 2198 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 2199 case kms.ErrCodeInternalException: 2200 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 2201 case kms.ErrCodeCloudHsmClusterNotActiveException: 2202 fmt.Println(kms.ErrCodeCloudHsmClusterNotActiveException, aerr.Error()) 2203 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 2204 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 2205 default: 2206 fmt.Println(aerr.Error()) 2207 } 2208 } else { 2209 // Print the error, cast err to awserr.Error to get the Code and 2210 // Message from an error. 2211 fmt.Println(err.Error()) 2212 } 2213 return 2214 } 2215 2216 fmt.Println(result) 2217 } 2218 2219 // To associate the custom key store with a different, but related, AWS CloudHSM cluster. 2220 // 2221 // This example changes the cluster that is associated with a custom key store to a 2222 // related cluster, such as a different backup of the same cluster. This operation does 2223 // not return any data. To verify that the operation worked, use the DescribeCustomKeyStores 2224 // operation. 2225 func ExampleKMS_UpdateCustomKeyStore_shared02() { 2226 svc := kms.New(session.New()) 2227 input := &kms.UpdateCustomKeyStoreInput{ 2228 CloudHsmClusterId: aws.String("cluster-1a23b4cdefg"), 2229 CustomKeyStoreId: aws.String("cks-1234567890abcdef0"), 2230 } 2231 2232 result, err := svc.UpdateCustomKeyStore(input) 2233 if err != nil { 2234 if aerr, ok := err.(awserr.Error); ok { 2235 switch aerr.Code() { 2236 case kms.ErrCodeCustomKeyStoreNotFoundException: 2237 fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) 2238 case kms.ErrCodeCustomKeyStoreNameInUseException: 2239 fmt.Println(kms.ErrCodeCustomKeyStoreNameInUseException, aerr.Error()) 2240 case kms.ErrCodeCloudHsmClusterNotFoundException: 2241 fmt.Println(kms.ErrCodeCloudHsmClusterNotFoundException, aerr.Error()) 2242 case kms.ErrCodeCloudHsmClusterNotRelatedException: 2243 fmt.Println(kms.ErrCodeCloudHsmClusterNotRelatedException, aerr.Error()) 2244 case kms.ErrCodeCustomKeyStoreInvalidStateException: 2245 fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) 2246 case kms.ErrCodeInternalException: 2247 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 2248 case kms.ErrCodeCloudHsmClusterNotActiveException: 2249 fmt.Println(kms.ErrCodeCloudHsmClusterNotActiveException, aerr.Error()) 2250 case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: 2251 fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) 2252 default: 2253 fmt.Println(aerr.Error()) 2254 } 2255 } else { 2256 // Print the error, cast err to awserr.Error to get the Code and 2257 // Message from an error. 2258 fmt.Println(err.Error()) 2259 } 2260 return 2261 } 2262 2263 fmt.Println(result) 2264 } 2265 2266 // To update the description of a KMS key 2267 // 2268 // The following example updates the description of the specified KMS key. 2269 func ExampleKMS_UpdateKeyDescription_shared00() { 2270 svc := kms.New(session.New()) 2271 input := &kms.UpdateKeyDescriptionInput{ 2272 Description: aws.String("Example description that indicates the intended use of this KMS key."), 2273 KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), 2274 } 2275 2276 result, err := svc.UpdateKeyDescription(input) 2277 if err != nil { 2278 if aerr, ok := err.(awserr.Error); ok { 2279 switch aerr.Code() { 2280 case kms.ErrCodeNotFoundException: 2281 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 2282 case kms.ErrCodeInvalidArnException: 2283 fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) 2284 case kms.ErrCodeDependencyTimeoutException: 2285 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 2286 case kms.ErrCodeInternalException: 2287 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 2288 case kms.ErrCodeInvalidStateException: 2289 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 2290 default: 2291 fmt.Println(aerr.Error()) 2292 } 2293 } else { 2294 // Print the error, cast err to awserr.Error to get the Code and 2295 // Message from an error. 2296 fmt.Println(err.Error()) 2297 } 2298 return 2299 } 2300 2301 fmt.Println(result) 2302 } 2303 2304 // To use an asymmetric KMS key to verify a digital signature 2305 // 2306 // This operation uses the public key in an elliptic curve (ECC) asymmetric key to verify 2307 // a digital signature within AWS KMS. 2308 func ExampleKMS_Verify_shared00() { 2309 svc := kms.New(session.New()) 2310 input := &kms.VerifyInput{ 2311 KeyId: aws.String("alias/ECC_signing_key"), 2312 Message: []byte("<message to be verified>"), 2313 MessageType: aws.String("RAW"), 2314 Signature: []byte("<binary data>"), 2315 SigningAlgorithm: aws.String("ECDSA_SHA_384"), 2316 } 2317 2318 result, err := svc.Verify(input) 2319 if err != nil { 2320 if aerr, ok := err.(awserr.Error); ok { 2321 switch aerr.Code() { 2322 case kms.ErrCodeNotFoundException: 2323 fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) 2324 case kms.ErrCodeDisabledException: 2325 fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) 2326 case kms.ErrCodeKeyUnavailableException: 2327 fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) 2328 case kms.ErrCodeDependencyTimeoutException: 2329 fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) 2330 case kms.ErrCodeInvalidKeyUsageException: 2331 fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) 2332 case kms.ErrCodeInvalidGrantTokenException: 2333 fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) 2334 case kms.ErrCodeInternalException: 2335 fmt.Println(kms.ErrCodeInternalException, aerr.Error()) 2336 case kms.ErrCodeInvalidStateException: 2337 fmt.Println(kms.ErrCodeInvalidStateException, aerr.Error()) 2338 case kms.ErrCodeKMSInvalidSignatureException: 2339 fmt.Println(kms.ErrCodeKMSInvalidSignatureException, aerr.Error()) 2340 default: 2341 fmt.Println(aerr.Error()) 2342 } 2343 } else { 2344 // Print the error, cast err to awserr.Error to get the Code and 2345 // Message from an error. 2346 fmt.Println(err.Error()) 2347 } 2348 return 2349 } 2350 2351 fmt.Println(result) 2352 }