/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include namespace Aws { namespace KMS { namespace Model { /** */ class AWS_KMS_API PutKeyPolicyRequest : public KMSRequest { public: PutKeyPolicyRequest(); // Service request name is the Operation name which will send this request out, // each operation should has unique request name, so that we can get operation's name from this request. // Note: this is not true for response, multiple operations may have the same response name, // so we can not get operation's name from response. inline virtual const char* GetServiceRequestName() const override { return "PutKeyPolicy"; } Aws::String SerializePayload() const override; Aws::Http::HeaderValueCollection GetRequestSpecificHeaders() const override; /** *

A unique identifier for the customer master key (CMK).

Specify the key * ID or the Amazon Resource Name (ARN) of the CMK.

For example:

    *

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • *

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

To get the key ID and key ARN for a CMK, use ListKeys * or DescribeKey.

*/ inline const Aws::String& GetKeyId() const{ return m_keyId; } /** *

A unique identifier for the customer master key (CMK).

Specify the key * ID or the Amazon Resource Name (ARN) of the CMK.

For example:

    *

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • *

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

To get the key ID and key ARN for a CMK, use ListKeys * or DescribeKey.

*/ inline bool KeyIdHasBeenSet() const { return m_keyIdHasBeenSet; } /** *

A unique identifier for the customer master key (CMK).

Specify the key * ID or the Amazon Resource Name (ARN) of the CMK.

For example:

    *

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • *

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

To get the key ID and key ARN for a CMK, use ListKeys * or DescribeKey.

*/ inline void SetKeyId(const Aws::String& value) { m_keyIdHasBeenSet = true; m_keyId = value; } /** *

A unique identifier for the customer master key (CMK).

Specify the key * ID or the Amazon Resource Name (ARN) of the CMK.

For example:

    *

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • *

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

To get the key ID and key ARN for a CMK, use ListKeys * or DescribeKey.

*/ inline void SetKeyId(Aws::String&& value) { m_keyIdHasBeenSet = true; m_keyId = std::move(value); } /** *

A unique identifier for the customer master key (CMK).

Specify the key * ID or the Amazon Resource Name (ARN) of the CMK.

For example:

    *

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • *

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

To get the key ID and key ARN for a CMK, use ListKeys * or DescribeKey.

*/ inline void SetKeyId(const char* value) { m_keyIdHasBeenSet = true; m_keyId.assign(value); } /** *

A unique identifier for the customer master key (CMK).

Specify the key * ID or the Amazon Resource Name (ARN) of the CMK.

For example:

    *

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • *

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

To get the key ID and key ARN for a CMK, use ListKeys * or DescribeKey.

*/ inline PutKeyPolicyRequest& WithKeyId(const Aws::String& value) { SetKeyId(value); return *this;} /** *

A unique identifier for the customer master key (CMK).

Specify the key * ID or the Amazon Resource Name (ARN) of the CMK.

For example:

    *

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • *

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

To get the key ID and key ARN for a CMK, use ListKeys * or DescribeKey.

*/ inline PutKeyPolicyRequest& WithKeyId(Aws::String&& value) { SetKeyId(std::move(value)); return *this;} /** *

A unique identifier for the customer master key (CMK).

Specify the key * ID or the Amazon Resource Name (ARN) of the CMK.

For example:

    *

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

    • *

  • Key ARN: * arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab *

To get the key ID and key ARN for a CMK, use ListKeys * or DescribeKey.

*/ inline PutKeyPolicyRequest& WithKeyId(const char* value) { SetKeyId(value); return *this;} /** *

The name of the key policy. The only valid value is default.

*/ inline const Aws::String& GetPolicyName() const{ return m_policyName; } /** *

The name of the key policy. The only valid value is default.

*/ inline bool PolicyNameHasBeenSet() const { return m_policyNameHasBeenSet; } /** *

The name of the key policy. The only valid value is default.

*/ inline void SetPolicyName(const Aws::String& value) { m_policyNameHasBeenSet = true; m_policyName = value; } /** *

The name of the key policy. The only valid value is default.

*/ inline void SetPolicyName(Aws::String&& value) { m_policyNameHasBeenSet = true; m_policyName = std::move(value); } /** *

The name of the key policy. The only valid value is default.

*/ inline void SetPolicyName(const char* value) { m_policyNameHasBeenSet = true; m_policyName.assign(value); } /** *

The name of the key policy. The only valid value is default.

*/ inline PutKeyPolicyRequest& WithPolicyName(const Aws::String& value) { SetPolicyName(value); return *this;} /** *

The name of the key policy. The only valid value is default.

*/ inline PutKeyPolicyRequest& WithPolicyName(Aws::String&& value) { SetPolicyName(std::move(value)); return *this;} /** *

The name of the key policy. The only valid value is default.

*/ inline PutKeyPolicyRequest& WithPolicyName(const char* value) { SetPolicyName(value); return *this;} /** *

The key policy to attach to the CMK.

The key policy must meet the * following criteria:

  • If you don't set * BypassPolicyLockoutSafetyCheck to true, the key policy must allow * the principal that is making the PutKeyPolicy request to make a * subsequent PutKeyPolicy request on the CMK. This reduces the risk * that the CMK becomes unmanageable. For more information, refer to the scenario * in the Default * Key Policy section of the AWS Key Management Service Developer * Guide.

  • Each statement in the key policy must contain one * or more principals. The principals in the key policy must exist and be visible * to AWS KMS. When you create a new AWS principal (for example, an IAM user or * role), you might need to enforce a delay before including the new principal in a * key policy because the new principal might not be immediately visible to AWS * KMS. For more information, see Changes * that I make are not always immediately visible in the AWS Identity and * Access Management User Guide.

The key policy cannot * exceed 32 kilobytes (32768 bytes). For more information, see Resource * Quotas in the AWS Key Management Service Developer Guide.

*/ inline const Aws::String& GetPolicy() const{ return m_policy; } /** *

The key policy to attach to the CMK.

The key policy must meet the * following criteria:

  • If you don't set * BypassPolicyLockoutSafetyCheck to true, the key policy must allow * the principal that is making the PutKeyPolicy request to make a * subsequent PutKeyPolicy request on the CMK. This reduces the risk * that the CMK becomes unmanageable. For more information, refer to the scenario * in the Default * Key Policy section of the AWS Key Management Service Developer * Guide.

  • Each statement in the key policy must contain one * or more principals. The principals in the key policy must exist and be visible * to AWS KMS. When you create a new AWS principal (for example, an IAM user or * role), you might need to enforce a delay before including the new principal in a * key policy because the new principal might not be immediately visible to AWS * KMS. For more information, see Changes * that I make are not always immediately visible in the AWS Identity and * Access Management User Guide.

The key policy cannot * exceed 32 kilobytes (32768 bytes). For more information, see Resource * Quotas in the AWS Key Management Service Developer Guide.

*/ inline bool PolicyHasBeenSet() const { return m_policyHasBeenSet; } /** *

The key policy to attach to the CMK.

The key policy must meet the * following criteria:

  • If you don't set * BypassPolicyLockoutSafetyCheck to true, the key policy must allow * the principal that is making the PutKeyPolicy request to make a * subsequent PutKeyPolicy request on the CMK. This reduces the risk * that the CMK becomes unmanageable. For more information, refer to the scenario * in the Default * Key Policy section of the AWS Key Management Service Developer * Guide.

  • Each statement in the key policy must contain one * or more principals. The principals in the key policy must exist and be visible * to AWS KMS. When you create a new AWS principal (for example, an IAM user or * role), you might need to enforce a delay before including the new principal in a * key policy because the new principal might not be immediately visible to AWS * KMS. For more information, see Changes * that I make are not always immediately visible in the AWS Identity and * Access Management User Guide.

The key policy cannot * exceed 32 kilobytes (32768 bytes). For more information, see Resource * Quotas in the AWS Key Management Service Developer Guide.

*/ inline void SetPolicy(const Aws::String& value) { m_policyHasBeenSet = true; m_policy = value; } /** *

The key policy to attach to the CMK.

The key policy must meet the * following criteria:

  • If you don't set * BypassPolicyLockoutSafetyCheck to true, the key policy must allow * the principal that is making the PutKeyPolicy request to make a * subsequent PutKeyPolicy request on the CMK. This reduces the risk * that the CMK becomes unmanageable. For more information, refer to the scenario * in the Default * Key Policy section of the AWS Key Management Service Developer * Guide.

  • Each statement in the key policy must contain one * or more principals. The principals in the key policy must exist and be visible * to AWS KMS. When you create a new AWS principal (for example, an IAM user or * role), you might need to enforce a delay before including the new principal in a * key policy because the new principal might not be immediately visible to AWS * KMS. For more information, see Changes * that I make are not always immediately visible in the AWS Identity and * Access Management User Guide.

The key policy cannot * exceed 32 kilobytes (32768 bytes). For more information, see Resource * Quotas in the AWS Key Management Service Developer Guide.

*/ inline void SetPolicy(Aws::String&& value) { m_policyHasBeenSet = true; m_policy = std::move(value); } /** *

The key policy to attach to the CMK.

The key policy must meet the * following criteria:

  • If you don't set * BypassPolicyLockoutSafetyCheck to true, the key policy must allow * the principal that is making the PutKeyPolicy request to make a * subsequent PutKeyPolicy request on the CMK. This reduces the risk * that the CMK becomes unmanageable. For more information, refer to the scenario * in the Default * Key Policy section of the AWS Key Management Service Developer * Guide.

  • Each statement in the key policy must contain one * or more principals. The principals in the key policy must exist and be visible * to AWS KMS. When you create a new AWS principal (for example, an IAM user or * role), you might need to enforce a delay before including the new principal in a * key policy because the new principal might not be immediately visible to AWS * KMS. For more information, see Changes * that I make are not always immediately visible in the AWS Identity and * Access Management User Guide.

The key policy cannot * exceed 32 kilobytes (32768 bytes). For more information, see Resource * Quotas in the AWS Key Management Service Developer Guide.

*/ inline void SetPolicy(const char* value) { m_policyHasBeenSet = true; m_policy.assign(value); } /** *

The key policy to attach to the CMK.

The key policy must meet the * following criteria:

  • If you don't set * BypassPolicyLockoutSafetyCheck to true, the key policy must allow * the principal that is making the PutKeyPolicy request to make a * subsequent PutKeyPolicy request on the CMK. This reduces the risk * that the CMK becomes unmanageable. For more information, refer to the scenario * in the Default * Key Policy section of the AWS Key Management Service Developer * Guide.

  • Each statement in the key policy must contain one * or more principals. The principals in the key policy must exist and be visible * to AWS KMS. When you create a new AWS principal (for example, an IAM user or * role), you might need to enforce a delay before including the new principal in a * key policy because the new principal might not be immediately visible to AWS * KMS. For more information, see Changes * that I make are not always immediately visible in the AWS Identity and * Access Management User Guide.

The key policy cannot * exceed 32 kilobytes (32768 bytes). For more information, see Resource * Quotas in the AWS Key Management Service Developer Guide.

*/ inline PutKeyPolicyRequest& WithPolicy(const Aws::String& value) { SetPolicy(value); return *this;} /** *

The key policy to attach to the CMK.

The key policy must meet the * following criteria:

  • If you don't set * BypassPolicyLockoutSafetyCheck to true, the key policy must allow * the principal that is making the PutKeyPolicy request to make a * subsequent PutKeyPolicy request on the CMK. This reduces the risk * that the CMK becomes unmanageable. For more information, refer to the scenario * in the Default * Key Policy section of the AWS Key Management Service Developer * Guide.

  • Each statement in the key policy must contain one * or more principals. The principals in the key policy must exist and be visible * to AWS KMS. When you create a new AWS principal (for example, an IAM user or * role), you might need to enforce a delay before including the new principal in a * key policy because the new principal might not be immediately visible to AWS * KMS. For more information, see Changes * that I make are not always immediately visible in the AWS Identity and * Access Management User Guide.

The key policy cannot * exceed 32 kilobytes (32768 bytes). For more information, see Resource * Quotas in the AWS Key Management Service Developer Guide.

*/ inline PutKeyPolicyRequest& WithPolicy(Aws::String&& value) { SetPolicy(std::move(value)); return *this;} /** *

The key policy to attach to the CMK.

The key policy must meet the * following criteria:

  • If you don't set * BypassPolicyLockoutSafetyCheck to true, the key policy must allow * the principal that is making the PutKeyPolicy request to make a * subsequent PutKeyPolicy request on the CMK. This reduces the risk * that the CMK becomes unmanageable. For more information, refer to the scenario * in the Default * Key Policy section of the AWS Key Management Service Developer * Guide.

  • Each statement in the key policy must contain one * or more principals. The principals in the key policy must exist and be visible * to AWS KMS. When you create a new AWS principal (for example, an IAM user or * role), you might need to enforce a delay before including the new principal in a * key policy because the new principal might not be immediately visible to AWS * KMS. For more information, see Changes * that I make are not always immediately visible in the AWS Identity and * Access Management User Guide.

The key policy cannot * exceed 32 kilobytes (32768 bytes). For more information, see Resource * Quotas in the AWS Key Management Service Developer Guide.

*/ inline PutKeyPolicyRequest& WithPolicy(const char* value) { SetPolicy(value); return *this;} /** *

A flag to indicate whether to bypass the key policy lockout safety check.

*

Setting this value to true increases the risk that the CMK * becomes unmanageable. Do not set this value to true indiscriminately.

For * more information, refer to the scenario in the Default * Key Policy section in the AWS Key Management Service Developer * Guide.

Use this parameter only when you intend to * prevent the principal that is making the request from making a subsequent * PutKeyPolicy request on the CMK.

The default value is * false.

*/ inline bool GetBypassPolicyLockoutSafetyCheck() const{ return m_bypassPolicyLockoutSafetyCheck; } /** *

A flag to indicate whether to bypass the key policy lockout safety check.

*

Setting this value to true increases the risk that the CMK * becomes unmanageable. Do not set this value to true indiscriminately.

For * more information, refer to the scenario in the Default * Key Policy section in the AWS Key Management Service Developer * Guide.

Use this parameter only when you intend to * prevent the principal that is making the request from making a subsequent * PutKeyPolicy request on the CMK.

The default value is * false.

*/ inline bool BypassPolicyLockoutSafetyCheckHasBeenSet() const { return m_bypassPolicyLockoutSafetyCheckHasBeenSet; } /** *

A flag to indicate whether to bypass the key policy lockout safety check.

*

Setting this value to true increases the risk that the CMK * becomes unmanageable. Do not set this value to true indiscriminately.

For * more information, refer to the scenario in the Default * Key Policy section in the AWS Key Management Service Developer * Guide.

Use this parameter only when you intend to * prevent the principal that is making the request from making a subsequent * PutKeyPolicy request on the CMK.

The default value is * false.

*/ inline void SetBypassPolicyLockoutSafetyCheck(bool value) { m_bypassPolicyLockoutSafetyCheckHasBeenSet = true; m_bypassPolicyLockoutSafetyCheck = value; } /** *

A flag to indicate whether to bypass the key policy lockout safety check.

*

Setting this value to true increases the risk that the CMK * becomes unmanageable. Do not set this value to true indiscriminately.

For * more information, refer to the scenario in the Default * Key Policy section in the AWS Key Management Service Developer * Guide.

Use this parameter only when you intend to * prevent the principal that is making the request from making a subsequent * PutKeyPolicy request on the CMK.

The default value is * false.

*/ inline PutKeyPolicyRequest& WithBypassPolicyLockoutSafetyCheck(bool value) { SetBypassPolicyLockoutSafetyCheck(value); return *this;} private: Aws::String m_keyId; bool m_keyIdHasBeenSet; Aws::String m_policyName; bool m_policyNameHasBeenSet; Aws::String m_policy; bool m_policyHasBeenSet; bool m_bypassPolicyLockoutSafetyCheck; bool m_bypassPolicyLockoutSafetyCheckHasBeenSet; }; } // namespace Model } // namespace KMS } // namespace Aws