SetKeyPolicy.java - AWS Code Sample

SetKeyPolicy.java

SetKeyPolicy.java demonstrates how to set a key policy.

/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.* * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ package com.example.kms; import software.amazon.awssdk.regions.Region; import software.amazon.awssdk.services.kms.KmsClient; import software.amazon.awssdk.services.kms.model.KmsException; import software.amazon.awssdk.services.kms.model.PutKeyPolicyRequest; public class SetKeyPolicy { public static void main(String[] args) { final String USAGE = "To run this example, supply a key ID and a policy name \n" + "Usage: SetKeyPolicy <key-id> <policyName>\n" + "Example: SetKeyPolicy 1234abcd-12ab-34cd-56ef-1234567890ab" + "default\n"; if (args.length != 2) { System.out.println(USAGE); System.exit(1); } String keyId = args[0]; String policyName = args[1]; Region region = Region.US_WEST_2; KmsClient kmsClient = KmsClient.builder() .region(region) .build(); createPolicy(kmsClient, keyId, policyName ); } public static void createPolicy(KmsClient kmsClient, String keyId, String policyName) { String policy = "{" + " \"Version\": \"2012-10-17\"," + " \"Statement\": [{" + " \"Effect\": \"Allow\"," + // Replace the following user Amazon Resource Name (ARN) with one for a real user. " \"Principal\": {\"AWS\": \"arn:aws:iam::814548047983:root\"}," + " \"Action\": \"kms:*\"," + " \"Resource\": \"*\"" + " }]" + "}"; try { PutKeyPolicyRequest keyPolicyRequest = PutKeyPolicyRequest.builder() .keyId(keyId) .policyName(policyName) .policy(policy) .build(); kmsClient.putKeyPolicy(keyPolicyRequest); System.out.println("Done"); } catch (KmsException e) { System.err.println(e.getMessage()); System.exit(1); } } }

Sample Details

Service: AWS Key Management Service

Last tested: 8/10/2020

Author: scmacdon-aws

Type: full-example