PNG  IHDR;IDATxܻn0K )(pA 7LeG{ §㻢|ذaÆ 6lذaÆ 6lذaÆ 6lom$^yذag5bÆ 6lذaÆ 6lذa{ 6lذaÆ `}HFkm,mӪôô! x|'ܢ˟;E:9&ᶒ}{v]n&6 h_tڠ͵-ҫZ;Z$.Pkž)!o>}leQfJTu іچ\X=8Rن4`Vwl>nG^is"ms$ui?wbs[m6K4O.4%/bC%t Mז -lG6mrz2s%9s@-k9=)kB5\+͂Zsٲ Rn~GRC wIcIn7jJhۛNCS|j08yiHKֶۛkɈ+;SzL/F*\Ԕ#"5m2[S=gnaPeғL lذaÆ 6l^ḵaÆ 6lذaÆ 6lذa; _ذaÆ 6lذaÆ 6lذaÆ RIENDB` package Paws::KMS::PutKeyPolicy; use Moose; has BypassPolicyLockoutSafetyCheck => (is => 'ro', isa => 'Bool'); has KeyId => (is => 'ro', isa => 'Str', required => 1); has Policy => (is => 'ro', isa => 'Str', required => 1); has PolicyName => (is => 'ro', isa => 'Str', required => 1); use MooseX::ClassAttribute; class_has _api_call => (isa => 'Str', is => 'ro', default => 'PutKeyPolicy'); class_has _returns => (isa => 'Str', is => 'ro', default => 'Paws::API::Response'); class_has _result_key => (isa => 'Str', is => 'ro'); 1; ### main pod documentation begin ### =head1 NAME Paws::KMS::PutKeyPolicy - Arguments for method PutKeyPolicy on L =head1 DESCRIPTION This class represents the parameters used for calling the method PutKeyPolicy on the L service. Use the attributes of this class as arguments to method PutKeyPolicy. You shouldn't make instances of this class. Each attribute should be used as a named argument in the call to PutKeyPolicy. =head1 SYNOPSIS my $kms = Paws->service('KMS'); # To attach a key policy to a customer master key (CMK) # The following example attaches a key policy to the specified CMK. $kms->PutKeyPolicy( 'KeyId' => '1234abcd-12ab-34cd-56ef-1234567890ab', 'Policy' => '{ "Version": "2012-10-17", "Id": "custom-policy-2016-12-07", "Statement": [ { "Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:root" }, "Action": "kms:*", "Resource": "*" }, { "Sid": "Allow access for Key Administrators", "Effect": "Allow", "Principal": { "AWS": [ "arn:aws:iam::111122223333:user/ExampleAdminUser", "arn:aws:iam::111122223333:role/ExampleAdminRole" ] }, "Action": [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ], "Resource": "*" }, { "Sid": "Allow use of the key", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/ExamplePowerUserRole" }, "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ], "Resource": "*" }, { "Sid": "Allow attachment of persistent resources", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::111122223333:role/ExamplePowerUserRole" }, "Action": [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ], "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" } } } ] } ', 'PolicyName' => 'default' ); Values for attributes that are native types (Int, String, Float, etc) can passed as-is (scalar values). Values for complex Types (objects) can be passed as a HashRef. The keys and values of the hashref will be used to instance the underlying object. For the AWS API documentation, see L =head1 ATTRIBUTES =head2 BypassPolicyLockoutSafetyCheck => Bool A flag to indicate whether to bypass the key policy lockout safety check. Setting this value to true increases the risk that the CMK becomes unmanageable. Do not set this value to true indiscriminately. For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section in the I. Use this parameter only when you intend to prevent the principal that is making the request from making a subsequent C request on the CMK. The default value is false. =head2 B KeyId => Str Sets the key policy on the specified customer master key (CMK). Specify the key ID or key ARN of the CMK. For example: =over =item * Key ID: C<1234abcd-12ab-34cd-56ef-1234567890ab> =item * Key ARN: C =back To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. =head2 B Policy => Str The key policy to attach to the CMK. The key policy must meet the following criteria: =over =item * If you don't set C to true, the key policy must allow the principal that is making the C request to make a subsequent C request on the CMK. This reduces the risk that the CMK becomes unmanageable. For more information, refer to the scenario in the Default Key Policy (https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html#key-policy-default-allow-root-enable-iam) section of the I. =item * Each statement in the key policy must contain one or more principals. The principals in the key policy must exist and be visible to AWS KMS. When you create a new AWS principal (for example, an IAM user or role), you might need to enforce a delay before including the new principal in a key policy because the new principal might not be immediately visible to AWS KMS. For more information, see Changes that I make are not always immediately visible (https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_general.html#troubleshoot_general_eventual-consistency) in the I. =back The key policy cannot exceed 32 kilobytes (32768 bytes). For more information, see Resource Quotas (https://docs.aws.amazon.com/kms/latest/developerguide/resource-limits.html) in the I. =head2 B PolicyName => Str The name of the key policy. The only valid value is C. =head1 SEE ALSO This class forms part of L, documenting arguments for method PutKeyPolicy in L =head1 BUGS and CONTRIBUTIONS The source code is located here: L Please report bugs to: L =cut