List of usage examples for com.amazonaws.services.kms.model CreateAliasRequest setTargetKeyId
public void setTargetKeyId(String targetKeyId)
Identifies the CMK to which the alias refers.
From source file:com.nike.cerberus.service.KmsService.java
License:Apache License
/** * Provisions a new KMS CMK in the specified region to be used by the specified role. * * @param iamRoleId The IAM role that this CMK will be associated with * @param iamRoleAccountId The AWS account ID for the IAM role * @param iamRoleName The AWS IAM role name for the IAM role * @param awsRegion The region to provision the key in * @param user The user requesting it * @param dateTime The date of creation * @return The AWS Key ID ARN/*w w w . j ava 2 s . co m*/ */ @Transactional public String provisionKmsKey(final String iamRoleId, final String iamRoleAccountId, final String iamRoleName, final String awsRegion, final String user, final OffsetDateTime dateTime) { final AWSKMSClient kmsClient = kmsClientFactory.getClient(awsRegion); final String awsIamRoleKmsKeyId = uuidSupplier.get(); final CreateKeyRequest request = new CreateKeyRequest(); request.setKeyUsage(KeyUsageType.ENCRYPT_DECRYPT); request.setDescription("Key used by Cerberus for IAM role authentication."); request.setPolicy(kmsPolicyService.generateStandardKmsPolicy(iamRoleAccountId, iamRoleName)); final CreateKeyResult result = kmsClient.createKey(request); final CreateAliasRequest aliasRequest = new CreateAliasRequest(); aliasRequest.setAliasName(String.format(KMS_ALIAS_FORMAT, awsIamRoleKmsKeyId)); aliasRequest.setTargetKeyId(result.getKeyMetadata().getArn()); kmsClient.createAlias(aliasRequest); final AwsIamRoleKmsKeyRecord awsIamRoleKmsKeyRecord = new AwsIamRoleKmsKeyRecord(); awsIamRoleKmsKeyRecord.setId(awsIamRoleKmsKeyId); awsIamRoleKmsKeyRecord.setAwsIamRoleId(iamRoleId); awsIamRoleKmsKeyRecord.setAwsKmsKeyId(result.getKeyMetadata().getArn()); awsIamRoleKmsKeyRecord.setAwsRegion(awsRegion); awsIamRoleKmsKeyRecord.setCreatedBy(user); awsIamRoleKmsKeyRecord.setLastUpdatedBy(user); awsIamRoleKmsKeyRecord.setCreatedTs(dateTime); awsIamRoleKmsKeyRecord.setLastUpdatedTs(dateTime); awsIamRoleDao.createIamRoleKmsKey(awsIamRoleKmsKeyRecord); return result.getKeyMetadata().getArn(); }