AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.
This is the response object from the PutKeyPolicy operation.
Namespace: Amazon.KeyManagementService.Model
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z
public class PutKeyPolicyResponse : AmazonWebServiceResponse
The PutKeyPolicyResponse type exposes the following members
Name | Description | |
---|---|---|
PutKeyPolicyResponse() |
Name | Type | Description | |
---|---|---|---|
ContentLength | System.Int64 | Inherited from Amazon.Runtime.AmazonWebServiceResponse. | |
HttpStatusCode | System.Net.HttpStatusCode | Inherited from Amazon.Runtime.AmazonWebServiceResponse. | |
ResponseMetadata | Amazon.Runtime.ResponseMetadata | Inherited from Amazon.Runtime.AmazonWebServiceResponse. |
The following example attaches a key policy to the specified KMS key.
var client = new AmazonKeyManagementServiceClient(); var response = client.PutKeyPolicy(new PutKeyPolicyRequest { KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab", // The identifier of the KMS key to attach the key policy to. You can use the key ID or the Amazon Resource Name (ARN) of the KMS key. Policy = "{ \"Version\": \"2012-10-17\", \"Id\": \"custom-policy-2016-12-07\", \"Statement\": [ { \"Sid\": \"Enable IAM User Permissions\", \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::111122223333:root\" }, \"Action\": \"kms:*\", \"Resource\": \"*\" }, { \"Sid\": \"Allow access for Key Administrators\", \"Effect\": \"Allow\", \"Principal\": { \"AWS\": [ \"arn:aws:iam::111122223333:user/ExampleAdminUser\", \"arn:aws:iam::111122223333:role/ExampleAdminRole\" ] }, \"Action\": [ \"kms:Create*\", \"kms:Describe*\", \"kms:Enable*\", \"kms:List*\", \"kms:Put*\", \"kms:Update*\", \"kms:Revoke*\", \"kms:Disable*\", \"kms:Get*\", \"kms:Delete*\", \"kms:ScheduleKeyDeletion\", \"kms:CancelKeyDeletion\" ], \"Resource\": \"*\" }, { \"Sid\": \"Allow use of the key\", \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\" }, \"Action\": [ \"kms:Encrypt\", \"kms:Decrypt\", \"kms:ReEncrypt*\", \"kms:GenerateDataKey*\", \"kms:DescribeKey\" ], \"Resource\": \"*\" }, { \"Sid\": \"Allow attachment of persistent resources\", \"Effect\": \"Allow\", \"Principal\": { \"AWS\": \"arn:aws:iam::111122223333:role/ExamplePowerUserRole\" }, \"Action\": [ \"kms:CreateGrant\", \"kms:ListGrants\", \"kms:RevokeGrant\" ], \"Resource\": \"*\", \"Condition\": { \"Bool\": { \"kms:GrantIsForAWSResource\": \"true\" } } } ] } ", // The key policy document. PolicyName = "default" // The name of the key policy. });
.NET:
Supported in: 8.0 and newer, Core 3.1
.NET Standard:
Supported in: 2.0
.NET Framework:
Supported in: 4.5 and newer, 3.5