getKeyPolicy method

Future<GetKeyPolicyResponse> getKeyPolicy({
  1. required String keyId,
  2. required String policyName,
})

Gets a key policy attached to the specified customer master key (CMK).

Cross-account use: No. You cannot perform this operation on a CMK in a different AWS account.

Required permissions: kms:GetKeyPolicy (key policy)

Related operations: PutKeyPolicy

May throw NotFoundException. May throw InvalidArnException. May throw DependencyTimeoutException. May throw KMSInternalException. May throw KMSInvalidStateException.

Parameter keyId : A unique identifier for the customer master key (CMK).

Specify the key ID or the Amazon Resource Name (ARN) of the CMK.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab
To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.

Parameter policyName : Specifies the name of the key policy. The only valid name is default. To get the names of key policies, use ListKeyPolicies.

Implementation

Future<GetKeyPolicyResponse> getKeyPolicy({
  required String keyId,
  required String policyName,
}) async {
  ArgumentError.checkNotNull(keyId, 'keyId');
  _s.validateStringLength(
    'keyId',
    keyId,
    1,
    2048,
    isRequired: true,
  );
  ArgumentError.checkNotNull(policyName, 'policyName');
  _s.validateStringLength(
    'policyName',
    policyName,
    1,
    128,
    isRequired: true,
  );
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.1',
    'X-Amz-Target': 'TrentService.GetKeyPolicy'
  };
  final jsonResponse = await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'KeyId': keyId,
      'PolicyName': policyName,
    },
  );

  return GetKeyPolicyResponse.fromJson(jsonResponse.body);
}