// Code generated by private/model/cli/gen-api/main.go. DO NOT EDIT. package kms_test import ( "context" "fmt" "github.com/aws/aws-sdk-go-v2/aws" "github.com/aws/aws-sdk-go-v2/aws/awserr" "github.com/aws/aws-sdk-go-v2/aws/external" "github.com/aws/aws-sdk-go-v2/service/kms" ) var _ aws.Config // To cancel deletion of a customer master key (CMK) // // The following example cancels deletion of the specified CMK. func ExampleClient_CancelKeyDeletionRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.CancelKeyDeletionInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.CancelKeyDeletionRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To create an alias // // The following example creates an alias for the specified customer master key (CMK). func ExampleClient_CreateAliasRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.CreateAliasInput{ AliasName: aws.String("alias/ExampleAlias"), TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.CreateAliasRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeAlreadyExistsException: fmt.Println(kms.ErrCodeAlreadyExistsException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidAliasNameException: fmt.Println(kms.ErrCodeInvalidAliasNameException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeLimitExceededException: fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To create a grant // // The following example creates a grant that allows the specified IAM role to encrypt // data with the specified customer master key (CMK). func ExampleClient_CreateGrantRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.CreateGrantInput{ GranteePrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"), KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"), Operations: []kms.GrantOperation{ kms.GrantOperationEncrypt, kms.GrantOperationDecrypt, }, } req := svc.CreateGrantRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDisabledException: fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeInvalidGrantTokenException: fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) case kms.ErrCodeLimitExceededException: fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To create a customer master key (CMK) // // The following example creates a CMK. func ExampleClient_CreateKeyRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.CreateKeyInput{ Tags: []kms.Tag{ { TagKey: aws.String("CreatedBy"), TagValue: aws.String("ExampleUser"), }, }, } req := svc.CreateKeyRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeMalformedPolicyDocumentException: fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeUnsupportedOperationException: fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeLimitExceededException: fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) case kms.ErrCodeTagException: fmt.Println(kms.ErrCodeTagException, aerr.Error()) case kms.ErrCodeCustomKeyStoreNotFoundException: fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) case kms.ErrCodeCustomKeyStoreInvalidStateException: fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) case kms.ErrCodeCloudHsmClusterInvalidConfigurationException: fmt.Println(kms.ErrCodeCloudHsmClusterInvalidConfigurationException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To decrypt data // // The following example decrypts data that was encrypted with a customer master key // (CMK) in AWS KMS. func ExampleClient_DecryptRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.DecryptInput{ CiphertextBlob: []byte(""), } req := svc.DecryptRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDisabledException: fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) case kms.ErrCodeInvalidCiphertextException: fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) case kms.ErrCodeKeyUnavailableException: fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) case kms.ErrCodeIncorrectKeyException: fmt.Println(kms.ErrCodeIncorrectKeyException, aerr.Error()) case kms.ErrCodeInvalidKeyUsageException: fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidGrantTokenException: fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To delete an alias // // The following example deletes the specified alias. func ExampleClient_DeleteAliasRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.DeleteAliasInput{ AliasName: aws.String("alias/ExampleAlias"), } req := svc.DeleteAliasRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To delete imported key material // // The following example deletes the imported key material from the specified customer // master key (CMK). func ExampleClient_DeleteImportedKeyMaterialRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.DeleteImportedKeyMaterialInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.DeleteImportedKeyMaterialRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeUnsupportedOperationException: fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To obtain information about a customer master key (CMK) // // The following example returns information (metadata) about the specified CMK. func ExampleClient_DescribeKeyRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.DescribeKeyInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.DescribeKeyRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To disable a customer master key (CMK) // // The following example disables the specified CMK. func ExampleClient_DisableKeyRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.DisableKeyInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.DisableKeyRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To disable automatic rotation of key material // // The following example disables automatic annual rotation of the key material for // the specified CMK. func ExampleClient_DisableKeyRotationRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.DisableKeyRotationInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.DisableKeyRotationRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDisabledException: fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) case kms.ErrCodeUnsupportedOperationException: fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To enable a customer master key (CMK) // // The following example enables the specified CMK. func ExampleClient_EnableKeyRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.EnableKeyInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.EnableKeyRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeLimitExceededException: fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To enable automatic rotation of key material // // The following example enables automatic annual rotation of the key material for the // specified CMK. func ExampleClient_EnableKeyRotationRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.EnableKeyRotationInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.EnableKeyRotationRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDisabledException: fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) case kms.ErrCodeUnsupportedOperationException: fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To encrypt data // // The following example encrypts data with the specified customer master key (CMK). func ExampleClient_EncryptRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.EncryptInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), Plaintext: []byte(""), } req := svc.EncryptRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDisabledException: fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) case kms.ErrCodeKeyUnavailableException: fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidKeyUsageException: fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) case kms.ErrCodeInvalidGrantTokenException: fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To generate a data key // // The following example generates a 256-bit symmetric data encryption key (data key) // in two formats. One is the unencrypted (plainext) data key, and the other is the // data key encrypted with the specified customer master key (CMK). func ExampleClient_GenerateDataKeyRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.GenerateDataKeyInput{ KeyId: aws.String("alias/ExampleAlias"), KeySpec: kms.DataKeySpecAes256, } req := svc.GenerateDataKeyRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDisabledException: fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) case kms.ErrCodeKeyUnavailableException: fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidKeyUsageException: fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) case kms.ErrCodeInvalidGrantTokenException: fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To generate an encrypted data key // // The following example generates an encrypted copy of a 256-bit symmetric data encryption // key (data key). The data key is encrypted with the specified customer master key // (CMK). func ExampleClient_GenerateDataKeyWithoutPlaintextRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.GenerateDataKeyWithoutPlaintextInput{ KeyId: aws.String("alias/ExampleAlias"), KeySpec: kms.DataKeySpecAes256, } req := svc.GenerateDataKeyWithoutPlaintextRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDisabledException: fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) case kms.ErrCodeKeyUnavailableException: fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidKeyUsageException: fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) case kms.ErrCodeInvalidGrantTokenException: fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To generate random data // // The following example uses AWS KMS to generate 32 bytes of random data. func ExampleClient_GenerateRandomRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.GenerateRandomInput{ NumberOfBytes: aws.Int64(32), } req := svc.GenerateRandomRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeCustomKeyStoreNotFoundException: fmt.Println(kms.ErrCodeCustomKeyStoreNotFoundException, aerr.Error()) case kms.ErrCodeCustomKeyStoreInvalidStateException: fmt.Println(kms.ErrCodeCustomKeyStoreInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To retrieve a key policy // // The following example retrieves the key policy for the specified customer master // key (CMK). func ExampleClient_GetKeyPolicyRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.GetKeyPolicyInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), PolicyName: aws.String("default"), } req := svc.GetKeyPolicyRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To retrieve the rotation status for a customer master key (CMK) // // The following example retrieves the status of automatic annual rotation of the key // material for the specified CMK. func ExampleClient_GetKeyRotationStatusRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.GetKeyRotationStatusInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.GetKeyRotationStatusRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) case kms.ErrCodeUnsupportedOperationException: fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To retrieve the public key and import token for a customer master key (CMK) // // The following example retrieves the public key and import token for the specified // CMK. func ExampleClient_GetParametersForImportRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.GetParametersForImportInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), WrappingAlgorithm: kms.AlgorithmSpecRsaesOaepSha1, WrappingKeySpec: kms.WrappingKeySpecRsa2048, } req := svc.GetParametersForImportRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeUnsupportedOperationException: fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To import key material into a customer master key (CMK) // // The following example imports key material into the specified CMK. func ExampleClient_ImportKeyMaterialRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.ImportKeyMaterialInput{ EncryptedKeyMaterial: []byte(""), ExpirationModel: kms.ExpirationModelTypeKeyMaterialDoesNotExpire, ImportToken: []byte(""), KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.ImportKeyMaterialRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeUnsupportedOperationException: fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) case kms.ErrCodeInvalidCiphertextException: fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) case kms.ErrCodeIncorrectKeyMaterialException: fmt.Println(kms.ErrCodeIncorrectKeyMaterialException, aerr.Error()) case kms.ErrCodeExpiredImportTokenException: fmt.Println(kms.ErrCodeExpiredImportTokenException, aerr.Error()) case kms.ErrCodeInvalidImportTokenException: fmt.Println(kms.ErrCodeInvalidImportTokenException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To list aliases // // The following example lists aliases. func ExampleClient_ListAliasesRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.ListAliasesInput{} req := svc.ListAliasesRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidMarkerException: fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To list grants for a customer master key (CMK) // // The following example lists grants for the specified CMK. func ExampleClient_ListGrantsRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.ListGrantsInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.ListGrantsRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidMarkerException: fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To list key policies for a customer master key (CMK) // // The following example lists key policies for the specified CMK. func ExampleClient_ListKeyPoliciesRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.ListKeyPoliciesInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.ListKeyPoliciesRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To list customer master keys (CMKs) // // The following example lists CMKs. func ExampleClient_ListKeysRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.ListKeysInput{} req := svc.ListKeysRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeInvalidMarkerException: fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To list tags for a customer master key (CMK) // // The following example lists tags for a CMK. func ExampleClient_ListResourceTagsRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.ListResourceTagsInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.ListResourceTagsRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeInvalidMarkerException: fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To list grants that the specified principal can retire // // The following example lists the grants that the specified principal (identity) can // retire. func ExampleClient_ListRetirableGrantsRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.ListRetirableGrantsInput{ RetiringPrincipal: aws.String("arn:aws:iam::111122223333:role/ExampleRole"), } req := svc.ListRetirableGrantsRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidMarkerException: fmt.Println(kms.ErrCodeInvalidMarkerException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To attach a key policy to a customer master key (CMK) // // The following example attaches a key policy to the specified CMK. func ExampleClient_PutKeyPolicyRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.PutKeyPolicyInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), Policy: aws.String("{\n \"Version\": \"2012-10-17\",\n \"Id\": \"custom-policy-2016-12-07\",\n \"Statement\": [\n {\n \"Sid\": \"Enable IAM User Permissions\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:root\"\n },\n \"Action\": \"kms:*\",\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow access for Key Administrators\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": [\n \"arn:aws:iam::111122223333:user/ExampleAdminUser\",\n \"arn:aws:iam::111122223333:role/ExampleAdminRole\"\n ]\n },\n \"Action\": [\n \"kms:Create*\",\n \"kms:Describe*\",\n \"kms:Enable*\",\n \"kms:List*\",\n \"kms:Put*\",\n \"kms:Update*\",\n \"kms:Revoke*\",\n \"kms:Disable*\",\n \"kms:Get*\",\n \"kms:Delete*\",\n \"kms:ScheduleKeyDeletion\",\n \"kms:CancelKeyDeletion\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow use of the key\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:Encrypt\",\n \"kms:Decrypt\",\n \"kms:ReEncrypt*\",\n \"kms:GenerateDataKey*\",\n \"kms:DescribeKey\"\n ],\n \"Resource\": \"*\"\n },\n {\n \"Sid\": \"Allow attachment of persistent resources\",\n \"Effect\": \"Allow\",\n \"Principal\": {\n \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\"\n },\n \"Action\": [\n \"kms:CreateGrant\",\n \"kms:ListGrants\",\n \"kms:RevokeGrant\"\n ],\n \"Resource\": \"*\",\n \"Condition\": {\n \"Bool\": {\n \"kms:GrantIsForAWSResource\": \"true\"\n }\n }\n }\n ]\n}\n"), PolicyName: aws.String("default"), } req := svc.PutKeyPolicyRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeMalformedPolicyDocumentException: fmt.Println(kms.ErrCodeMalformedPolicyDocumentException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeUnsupportedOperationException: fmt.Println(kms.ErrCodeUnsupportedOperationException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeLimitExceededException: fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To reencrypt data // // The following example reencrypts data with the specified CMK. func ExampleClient_ReEncryptRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.ReEncryptInput{ CiphertextBlob: []byte(""), DestinationKeyId: aws.String("0987dcba-09fe-87dc-65ba-ab0987654321"), } req := svc.ReEncryptRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDisabledException: fmt.Println(kms.ErrCodeDisabledException, aerr.Error()) case kms.ErrCodeInvalidCiphertextException: fmt.Println(kms.ErrCodeInvalidCiphertextException, aerr.Error()) case kms.ErrCodeKeyUnavailableException: fmt.Println(kms.ErrCodeKeyUnavailableException, aerr.Error()) case kms.ErrCodeIncorrectKeyException: fmt.Println(kms.ErrCodeIncorrectKeyException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidKeyUsageException: fmt.Println(kms.ErrCodeInvalidKeyUsageException, aerr.Error()) case kms.ErrCodeInvalidGrantTokenException: fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To retire a grant // // The following example retires a grant. func ExampleClient_RetireGrantRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.RetireGrantInput{ GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"), KeyId: aws.String("arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.RetireGrantRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeInvalidGrantTokenException: fmt.Println(kms.ErrCodeInvalidGrantTokenException, aerr.Error()) case kms.ErrCodeInvalidGrantIdException: fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To revoke a grant // // The following example revokes a grant. func ExampleClient_RevokeGrantRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.RevokeGrantInput{ GrantId: aws.String("0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60"), KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.RevokeGrantRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeInvalidGrantIdException: fmt.Println(kms.ErrCodeInvalidGrantIdException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To schedule a customer master key (CMK) for deletion // // The following example schedules the specified CMK for deletion. func ExampleClient_ScheduleKeyDeletionRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.ScheduleKeyDeletionInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), PendingWindowInDays: aws.Int64(7), } req := svc.ScheduleKeyDeletionRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To tag a customer master key (CMK) // // The following example tags a CMK. func ExampleClient_TagResourceRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.TagResourceInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), Tags: []kms.Tag{ { TagKey: aws.String("Purpose"), TagValue: aws.String("Test"), }, }, } req := svc.TagResourceRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) case kms.ErrCodeLimitExceededException: fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) case kms.ErrCodeTagException: fmt.Println(kms.ErrCodeTagException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To remove tags from a customer master key (CMK) // // The following example removes tags from a CMK. func ExampleClient_UntagResourceRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.UntagResourceInput{ KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), TagKeys: []string{ "Purpose", "CostCenter", }, } req := svc.UntagResourceRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) case kms.ErrCodeTagException: fmt.Println(kms.ErrCodeTagException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To update an alias // // The following example updates the specified alias to refer to the specified customer // master key (CMK). func ExampleClient_UpdateAliasRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.UpdateAliasInput{ AliasName: aws.String("alias/ExampleAlias"), TargetKeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.UpdateAliasRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeLimitExceededException: fmt.Println(kms.ErrCodeLimitExceededException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) } // To update the description of a customer master key (CMK) // // The following example updates the description of the specified CMK. func ExampleClient_UpdateKeyDescriptionRequest_shared00() { cfg, err := external.LoadDefaultAWSConfig() if err != nil { panic("failed to load config, " + err.Error()) } svc := kms.New(cfg) input := &kms.UpdateKeyDescriptionInput{ Description: aws.String("Example description that indicates the intended use of this CMK."), KeyId: aws.String("1234abcd-12ab-34cd-56ef-1234567890ab"), } req := svc.UpdateKeyDescriptionRequest(input) result, err := req.Send(context.Background()) if err != nil { if aerr, ok := err.(awserr.Error); ok { switch aerr.Code() { case kms.ErrCodeNotFoundException: fmt.Println(kms.ErrCodeNotFoundException, aerr.Error()) case kms.ErrCodeInvalidArnException: fmt.Println(kms.ErrCodeInvalidArnException, aerr.Error()) case kms.ErrCodeDependencyTimeoutException: fmt.Println(kms.ErrCodeDependencyTimeoutException, aerr.Error()) case kms.ErrCodeKMSInternalException: fmt.Println(kms.ErrCodeKMSInternalException, aerr.Error()) case kms.ErrCodeKMSInvalidStateException: fmt.Println(kms.ErrCodeKMSInvalidStateException, aerr.Error()) default: fmt.Println(aerr.Error()) } } else { // Print the error, cast err to awserr.Error to get the Code and // Message from an error. fmt.Println(err.Error()) } return } fmt.Println(result) }