Updating Key Policy
Use the post /v1/cckm/aws/keys/{id}/policy
API to update the policy of an AWS key.
Syntax
Here, {id}
represents the key ID.
Request Parameters
Parameter | Type | Description |
---|---|---|
AUTHTOKEN | string | Authorization token. |
external_accounts | array of strings | AWS accounts that can use this key. |
key_admins | array of strings | IAM users who can administer this key using the KMS API. |
key_admins_roles | array of strings | IAM roles that can administer this key using the KMS API. |
key_users | array of strings | IAM users who can use this key in cryptographic operations. |
key_users_roles | array of strings | IAM roles that can use the CMK in cryptographic operations. |
policy | JSON | Key policy mapped to the key. |
policytemplate | string | ID of the policy template to apply. Note: When a policy template is applied to an AWS key, CCKM adds the template tag ( cckm_policy_template_id ) to the key. Do not modify or delete this tag on the AWS cloud. |
Note
Specify Policy
, policytemplate
, or one of key_admins
, key_admins_roles
, key_users
, key_users_roles
, and external_accounts
. They are mutually exclusive. If no parameters are specified, the default policy is used.
Example Request
Example Response
The sample output shows that Key User (user2
) is added and based on the assigned permissions, the Key User(user2
) can perform cryptographic operations on the AWS KMS.
To know more about response parameters, refer to Response Parameters of Key Life Cycle Management APIs.
Response Codes
Response Code | Description |
---|---|
2xx | Success |
4xx | Client errors |
5xx | Server errors |
Refer to HTTP status codes for details.