// snippet-start:[KMS.dotnetv3.CreateGrantExample] public static async Task Main() { var client = new AmazonKeyManagementServiceClient(); // The identity that is given permission to perform the operations // specified in the grant. var grantee = "arn:aws:iam::111122223333:role/ExampleRole"; // The identifier of the AWS KMS key to which the grant applies. You // can use the key ID or the Amazon Resource Name (ARN) of the KMS key. var keyId = "7c9eccc2-38cb-4c4f-9db3-766ee8dd3ad4"; var request = new CreateGrantRequest { GranteePrincipal = grantee, KeyId = keyId, // A list of operations that the grant allows. Operations = new List <string> { "Encrypt", "Decrypt", }, }; var response = await client.CreateGrantAsync(request); string grantId = response.GrantId; // The unique identifier of the grant. string grantToken = response.GrantToken; // The grant token. Console.WriteLine($"Id: {grantId}, Token: {grantToken}"); }
public Task <CreateGrantResponse> CreateGrantAsync( string grantName, string keyId, string principalARN, GrantType grant, CancellationToken cancellationToken = default(CancellationToken)) { var opList = new List <string>(); if ((grant & GrantType.Encrypt) != 0) { opList.Add(GrantOperation.Encrypt); opList.Add(GrantOperation.ReEncryptFrom); opList.Add(GrantOperation.ReEncryptTo); opList.Add(GrantOperation.GenerateDataKey); opList.Add(GrantOperation.GenerateDataKeyWithoutPlaintext); } if ((grant & GrantType.Decrypt) != 0) { opList.Add(GrantOperation.Decrypt); } if ((grant & GrantType.Retire) != 0) { opList.Add(GrantOperation.RetireGrant); } if ((grant & GrantType.Describe) != 0) { opList.Add(GrantOperation.DescribeKey); } return(_client.CreateGrantAsync( new CreateGrantRequest() { KeyId = keyId, GranteePrincipal = principalARN, Name = grantName, Operations = opList, }, cancellationToken).EnsureSuccessAsync()); }