class Aws::KMS::Types::PutKeyPolicyRequest


@see docs.aws.amazon.com/goto/WebAPI/kms-2014-11-01/PutKeyPolicyRequest AWS API Documentation
@return [Boolean]<br>: docs.aws.amazon.com/kms/latest/APIReference/API_PutKeyPolicy.html<br>[1]: docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key<br><br><br><br>[PutKeyPolicy][2] request on the KMS key.
that is making the request from making a subsequent
Use this parameter only when you intend to prevent the principal
Management Service Developer Guide*.
For more information, see [Default key policy] in the *Key
indiscriminately.
becomes unmanageable. Do not set this value to true
Setting this value to true increases the risk that the KMS key
default value is false.
Skips (“bypasses”) the key policy lockout safety check. The
@!attribute [rw] bypass_policy_lockout_safety_check
@return [String]<br>: docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies.html<br>[4]: docs.aws.amazon.com/kms/latest/developerguide/key-policies.html<br>[3]: docs.aws.amazon.com/kms/latest/developerguide/key-policy-overview.html#key-policy-elements<br>[2]: docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency<br>[1]: docs.aws.amazon.com/kms/latest/developerguide/key-policy-default.html#prevent-unmanageable-key<br><br><br><br>Guide</i> </i>.<br>Reference] in the <i> <i>Identity and Access Management User
formatting a JSON policy document, see the [IAM JSON Policy
the *Key Management Service Developer Guide*.For help writing and
For information about key policies, see [Key policies in KMS] in
</note>
‘LimitExceededException`.
<note markdown=“1”> If the key policy exceeds the length constraint, KMS returns a
(`u000D`) special characters
* The tab (`u0009`), line feed (`u000A`), and carriage return
character set (through `u00FF`).
* Printable characters in the Basic Latin and Latin-1 Supplement
through the end of the ASCII character range.
* Printable ASCII characters from the space character (`u0020`)
A key policy document can include only the following characters:
</note>
in a key policy] in the *Key Management Service Developer Guide*.
For more information on required key policy elements, see [Elements
statement is ineffective.
`PutKeyPolicy` API request succeeds, even though the policy
elements, the KMS console correctly reports an error, but the
effect. When a key policy statement is missing one of these
missing from a key policy statement, the policy statement has no
<note markdown=“1”> If either of the required `Resource` or `Action` elements are
Web Services Identity and Access Management User Guide*.
that I make are not always immediately visible] in the *Amazon
be immediately visible to KMS. For more information, see [Changes
new principal in a key policy because the new principal might not
principal, you might need to enforce a delay before including the
visible to KMS. When you create a new Amazon Web Services
principals. The principals in the key policy must exist and be
* Each statement in the key policy must contain one or more
`BypassPolicyLockoutSafetyCheck` to true.)
Developer Guide*. (To omit this condition, set
see [Default key policy] in the *Key Management Service
risk that the KMS key becomes unmanageable. For more information,
subsequent `PutKeyPolicy` request on the KMS key. This reduces the
* The key policy must allow the calling principal to make a
The key policy must meet the following criteria:
The key policy to attach to the KMS key.
@!attribute [rw] policy
@return [String]
default value is `default`. The only valid value is `default`.
The name of the key policy. If no policy name is specified, the
@!attribute [rw] policy_name
@return [String]
DescribeKey.
To get the key ID and key ARN for a KMS key, use ListKeys or
`arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
* Key ARN:
* Key ID: `1234abcd-12ab-34cd-56ef-1234567890ab`
For example:
Specify the key ID or key ARN of the KMS key.
Sets the key policy on the specified KMS key.
@!attribute [rw] key_id