- AWS Code Sample demonstrates how to add a grant to a CMK that specifies the CMK's use.

/* * Copyright, Inc. or its affiliates. All Rights Reserved.* * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ package com.example.kms; import; import; import; import; import; public class CreateGrant { public static void main(String[] args) { final String USAGE = "To run this example, supply a key ID or ARN, a grantee principal" + ", and an operation\n" + "Usage: CreateGrant <key-id> <grantee-principal> <operation>\n" + "Example: CreateGrant 1234abcd-12ab-34cd-56ef-1234567890ab " + "arn:aws:iam::111122223333:user/Alice Encrypt\n"; if (args.length != 3) { System.out.println(USAGE); System.exit(1); } String keyId = args[0]; String granteePrincipal = args[1]; String operation = args[2]; Region region = Region.US_WEST_2; KmsClient kmsClient = KmsClient.builder() .region(region) .build(); String grantId = createGrant(kmsClient, keyId, granteePrincipal, operation); System.out.printf("Successfully created a grant with ID %s%n", grantId); } public static String createGrant(KmsClient kmsClient, String keyId, String granteePrincipal, String operation) { try { CreateGrantRequest grantRequest = CreateGrantRequest.builder() .keyId(keyId) .granteePrincipal(granteePrincipal) .operationsWithStrings(operation) .build(); CreateGrantResponse response = kmsClient.createGrant(grantRequest); return response.grantId(); } catch (KmsException e) { System.err.println(e.getMessage()); System.exit(1); } return ""; } }

Sample Details

Service: AWS Key Management Service

Last tested: 8/10/2020

Author: scmacdon-aws

Type: full-example