-
Notifications
You must be signed in to change notification settings - Fork 5.8k
/
Copy pathCreateGrant.cs
53 lines (43 loc) · 1.74 KB
/
CreateGrant.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: Apache-2.0
namespace CreateGrantExample
{
using System;
using System.Collections.Generic;
using System.Threading.Tasks;
using Amazon.KeyManagementService;
using Amazon.KeyManagementService.Model;
/// <summary>
/// Create a new AWS Key Management Service grant (AWS KMS).
/// </summary>
public class CreateGrant
{
// snippet-start:[KMS.dotnetv3.CreateGrantExample]
public static async Task Main()
{
var client = new AmazonKeyManagementServiceClient();
// The identity that is given permission to perform the operations
// specified in the grant.
var grantee = "arn:aws:iam::111122223333:role/ExampleRole";
// The identifier of the AWS KMS key to which the grant applies. You
// can use the key ID or the Amazon Resource Name (ARN) of the KMS key.
var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4";
var request = new CreateGrantRequest
{
GranteePrincipal = grantee,
KeyId = keyId,
// A list of operations that the grant allows.
Operations = new List<string>
{
"Encrypt",
"Decrypt",
},
};
var response = await client.CreateGrantAsync(request);
string grantId = response.GrantId; // The unique identifier of the grant.
string grantToken = response.GrantToken; // The grant token.
Console.WriteLine($"Id: {grantId}, Token: {grantToken}");
}
}
// snippet-end:[KMS.dotnetv3.CreateGrantExample]
}