Struct aws_sdk_kms::operation::put_key_policy::builders::PutKeyPolicyFluentBuilder

source · 
pub struct PutKeyPolicyFluentBuilder { /* private fields */ }
Expand description

Fluent builder constructing a request to PutKeyPolicy.

Attaches a key policy to the specified KMS key.

For more information about key policies, see Key Policies in the Key Management Service Developer Guide. For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide . For examples of adding a key policy in multiple programming languages, see Setting a key policy in the Key Management Service Developer Guide.

Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.

Required permissions: kms:PutKeyPolicy (key policy)

Related operations: GetKeyPolicy

Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.

Implementations§

source§

impl PutKeyPolicyFluentBuilder

source

pub fn as_input(&self) -> &PutKeyPolicyInputBuilder

Access the PutKeyPolicy as a reference.

source

pub async fn send( self ) -> Result<PutKeyPolicyOutput, SdkError<PutKeyPolicyError, HttpResponse>>

Sends the request and returns the response.

If an error occurs, an SdkError will be returned with additional details that can be matched against.

By default, any retryable failures will be retried twice. Retry behavior is configurable with the RetryConfig, which can be set when configuring the client.

source

pub fn customize( self ) -> CustomizableOperation<PutKeyPolicyOutput, PutKeyPolicyError, Self>

Consumes this builder, creating a customizable operation that can be modified before being sent.

source

pub fn key_id(self, input: impl Into<String>) -> Self

Sets the key policy on the specified KMS key.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

source

pub fn set_key_id(self, input: Option<String>) -> Self

Sets the key policy on the specified KMS key.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

source

pub fn get_key_id(&self) -> &Option<String>

Sets the key policy on the specified KMS key.

Specify the key ID or key ARN of the KMS key.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

source

pub fn policy_name(self, input: impl Into<String>) -> Self

The name of the key policy. If no policy name is specified, the default value is default. The only valid value is default.

source

pub fn set_policy_name(self, input: Option<String>) -> Self

The name of the key policy. If no policy name is specified, the default value is default. The only valid value is default.

source

pub fn get_policy_name(&self) -> &Option<String>

The name of the key policy. If no policy name is specified, the default value is default. The only valid value is default.

source

pub fn policy(self, input: impl Into<String>) -> Self

The key policy to attach to the KMS key.

The key policy must meet the following criteria:

  • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

  • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.

A key policy document can include only the following characters:

  • Printable ASCII characters from the space character (\u0020) through the end of the ASCII character range.

  • Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF).

  • The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special characters

For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide.For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .

source

pub fn set_policy(self, input: Option<String>) -> Self

The key policy to attach to the KMS key.

The key policy must meet the following criteria:

  • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

  • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.

A key policy document can include only the following characters:

  • Printable ASCII characters from the space character (\u0020) through the end of the ASCII character range.

  • Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF).

  • The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special characters

For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide.For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .

source

pub fn get_policy(&self) -> &Option<String>

The key policy to attach to the KMS key.

The key policy must meet the following criteria:

  • The key policy must allow the calling principal to make a subsequent PutKeyPolicy request on the KMS key. This reduces the risk that the KMS key becomes unmanageable. For more information, see Default key policy in the Key Management Service Developer Guide. (To omit this condition, set BypassPolicyLockoutSafetyCheck to true.)

  • Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to KMS. When you create a new Amazon Web Services principal, you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to KMS. For more information, see Changes that I make are not always immediately visible in the Amazon Web Services Identity and Access Management User Guide.

A key policy document can include only the following characters:

  • Printable ASCII characters from the space character (\u0020) through the end of the ASCII character range.

  • Printable characters in the Basic Latin and Latin-1 Supplement character set (through \u00FF).

  • The tab (\u0009), line feed (\u000A), and carriage return (\u000D) special characters

For information about key policies, see Key policies in KMS in the Key Management Service Developer Guide.For help writing and formatting a JSON policy document, see the IAM JSON Policy Reference in the Identity and Access Management User Guide .

source

pub fn bypass_policy_lockout_safety_check(self, input: bool) -> Self

Skips ("bypasses") the key policy lockout safety check. The default value is false.

Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.

For more information, see Default key policy in the Key Management Service Developer Guide.

Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent PutKeyPolicy request on the KMS key.

source

pub fn set_bypass_policy_lockout_safety_check(self, input: Option<bool>) -> Self

Skips ("bypasses") the key policy lockout safety check. The default value is false.

Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.

For more information, see Default key policy in the Key Management Service Developer Guide.

Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent PutKeyPolicy request on the KMS key.

source

pub fn get_bypass_policy_lockout_safety_check(&self) -> &Option<bool>

Skips ("bypasses") the key policy lockout safety check. The default value is false.

Setting this value to true increases the risk that the KMS key becomes unmanageable. Do not set this value to true indiscriminately.

For more information, see Default key policy in the Key Management Service Developer Guide.

Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent PutKeyPolicy request on the KMS key.

Trait Implementations§

source§

impl Clone for PutKeyPolicyFluentBuilder

source§

fn clone(&self) -> PutKeyPolicyFluentBuilder

Returns a copy of the value. Read more
1.0.0 · source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
source§

impl Debug for PutKeyPolicyFluentBuilder

source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more

Auto Trait Implementations§

Blanket Implementations§

source§

impl<T> Any for T
where T: 'static + ?Sized,

source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
source§

impl<T> Borrow<T> for T
where T: ?Sized,

source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
source§

impl<T> From<T> for T

source§

fn from(t: T) -> T

Returns the argument unchanged.

source§

impl<T> Instrument for T

source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
source§

impl<T, U> Into<U> for T
where U: From<T>,

source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

source§

impl<Unshared, Shared> IntoShared<Shared> for Unshared
where Shared: FromUnshared<Unshared>,

source§

fn into_shared(self) -> Shared

Creates a shared type from an unshared type.
source§

impl<T> Same for T

§

type Output = T

Should always be Self
source§

impl<T> ToOwned for T
where T: Clone,

§

type Owned = T

The resulting type after obtaining ownership.
source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

§

type Error = Infallible

The type returned in the event of a conversion error.
source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
source§

impl<T> WithSubscriber for T

source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more