Adds a grant to a customer master key (CMK). The grant specifies who can use the CMK and under what conditions. When setting permissions, grants are an alternative to key policies.
curl -X POST https://kms.us-west-2.amazonaws.com/ \
-H "Content-Type: application/x-amz-json-1.1" \
-H "X-Amz-Target: TrentService.CreateGrant" \
-d '{
"Operations": [
"Encrypt",
"Decrypt"
],
"GranteePrincipal": "arn:aws:iam::954491834127:role/ExampleRole",
"KeyId": "arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab"
}'Chilkat.Rest rest = new Chilkat.Rest();
bool success;
Chilkat.AuthAws authAws = new Chilkat.AuthAws();
authAws.AccessKey = "AWS_ACCESS_KEY";
authAws.SecretKey = "AWS_SECRET_KEY";
authAws.Region = "us-west-2";
authAws.ServiceName = "kms";
rest.SetAuthAws(authAws);
// URL: https://kms.us-west-2.amazonaws.com/
bool bTls = true;
int port = 443;
bool bAutoReconnect = true;
success = rest.Connect("kms.us-west-2.amazonaws.com",port,bTls,bAutoReconnect);
if (success != true) {
Debug.WriteLine("ConnectFailReason: " + Convert.ToString(rest.ConnectFailReason));
Debug.WriteLine(rest.LastErrorText);
return;
}
// See the Online Tool for Generating JSON Creation Code
Chilkat.JsonObject json = new Chilkat.JsonObject();
json.UpdateString("Operations[0]","Encrypt");
json.UpdateString("Operations[1]","Decrypt");
json.UpdateString("GranteePrincipal","arn:aws:iam::954491834127:role/ExampleRole");
json.UpdateString("KeyId","arn:aws:kms:us-east-2:444455556666:key/1234abcd-12ab-34cd-56ef-1234567890ab");
rest.AddHeader("Content-Type","application/x-amz-json-1.1");
rest.AddHeader("X-Amz-Target","TrentService.CreateGrant");
Chilkat.StringBuilder sbRequestBody = new Chilkat.StringBuilder();
json.EmitSb(sbRequestBody);
Chilkat.StringBuilder sbResponseBody = new Chilkat.StringBuilder();
success = rest.FullRequestSb("POST","/",sbRequestBody,sbResponseBody);
if (success != true) {
Debug.WriteLine(rest.LastErrorText);
return;
}
int respStatusCode = rest.ResponseStatusCode;
if (respStatusCode >= 400) {
Debug.WriteLine("Response Status Code = " + Convert.ToString(respStatusCode));
Debug.WriteLine("Response Header:");
Debug.WriteLine(rest.ResponseHeader);
Debug.WriteLine("Response Body:");
Debug.WriteLine(sbResponseBody.GetAsString());
return;
}
Chilkat.JsonObject jsonResponse = new Chilkat.JsonObject();
jsonResponse.LoadSb(sbResponseBody);
// See the Online Tool for Generating JSON Parse Code
string GrantId = jsonResponse.StringOf("GrantId");
string GrantToken = jsonResponse.StringOf("GrantToken");
{
"GrantId": "0c237476b39f8bc44e45212e08498fbe3151305030726c0590dd8d3e9f3d6a60",
"GrantToken": "AQpAM2RhZTk1MGMyNTk2ZmZmMzEyYWVhOWViN2I1MWM4Mzc0MWFiYjc0ZDE1ODkyNGFlNTIzODZhMzgyZjBlNGY3NiKIAgEBAgB4Pa6VDCWW__MSrqnre1HIN0Grt00ViSSuUjhqOC8OT3YAAADfMIHcBgkqhkiG9w0BBwaggc4wgcsCAQAwgcUGCSqGSIb3DQEHATAeBglghkgBZQMEAS4wEQQMmqLyBTAegIn9XlK5AgEQgIGXZQjkBcl1dykDdqZBUQ6L1OfUivQy7JVYO2-ZJP7m6f1g8GzV47HX5phdtONAP7K_HQIflcgpkoCqd_fUnE114mSmiagWkbQ5sqAVV3ov-VeqgrvMe5ZFEWLMSluvBAqdjHEdMIkHMlhlj4ENZbzBfo9Wxk8b8SnwP4kc4gGivedzFXo-dwN8fxjjq_ZZ9JFOj2ijIbj5FyogDCN0drOfi8RORSEuCEmPvjFRMFAwcmwFkN2NPp89amA"
}