Example usage for com.amazonaws.services.kms AWSKMSClient createAlias

List of usage examples for com.amazonaws.services.kms AWSKMSClient createAlias

  1. HOME
  2. Java
  3. com.amazonaws
  4. com.amazonaws.services.kms.*
  5. AWSKMSClient
  6. createAlias

Introduction

In this page you can find the example usage for com.amazonaws.services.kms AWSKMSClient createAlias.

Prototype

@Override
public CreateAliasResult createAlias(CreateAliasRequest request)

Source Link

Document

Creates a display name for a customer managed customer master key (CMK).

Usage

From source file:com.nike.cerberus.service.KmsService.java

License:Apache License

/**
 * Provisions a new KMS CMK in the specified region to be used by the specified role.
 *
 * @param iamRoleId        The IAM role that this CMK will be associated with
 * @param iamRoleAccountId The AWS account ID for the IAM role
 * @param iamRoleName      The AWS IAM role name for the IAM role
 * @param awsRegion        The region to provision the key in
 * @param user             The user requesting it
 * @param dateTime         The date of creation
 * @return The AWS Key ID ARN/*from w  w w  . ja  va2  s.  c  o m*/
 */
@Transactional
public String provisionKmsKey(final String iamRoleId, final String iamRoleAccountId, final String iamRoleName,
        final String awsRegion, final String user, final OffsetDateTime dateTime) {
    final AWSKMSClient kmsClient = kmsClientFactory.getClient(awsRegion);

    final String awsIamRoleKmsKeyId = uuidSupplier.get();

    final CreateKeyRequest request = new CreateKeyRequest();
    request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT);
    request.setDescription("Key used by Cerberus for IAM role authentication.");
    request.setPolicy(kmsPolicyService.generateStandardKmsPolicy(iamRoleAccountId, iamRoleName));
    final CreateKeyResult result = kmsClient.createKey(request);

    final CreateAliasRequest aliasRequest = new CreateAliasRequest();
    aliasRequest.setAliasName(String.format(KMS_ALIAS_FORMAT, awsIamRoleKmsKeyId));
    aliasRequest.setTargetKeyId(result.getKeyMetadata().getArn());
    kmsClient.createAlias(aliasRequest);

    final AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord();
    awsIamRoleKmsKeyRecord.setId(awsIamRoleKmsKeyId);
    awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId);
    awsIamRoleKmsKeyRecord.setAwsKmsKeyId(result.getKeyMetadata().getArn());
    awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion);
    awsIamRoleKmsKeyRecord.setCreatedBy(user);
    awsIamRoleKmsKeyRecord.setLastUpdatedBy(user);
    awsIamRoleKmsKeyRecord.setCreatedTs(dateTime);
    awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime);

    awsIamRoleDao.createIamRoleKmsKey(awsIamRoleKmsKeyRecord);

    return result.getKeyMetadata().getArn();
}