associateKmsKey method
Associates the specified AWS Key Management Service (AWS KMS) customer master key (CMK) with the specified log group.
Associating an AWS KMS CMK with a log group overrides any existing associations between the log group and a CMK. After a CMK is associated with a log group, all newly ingested data for the log group is encrypted using the CMK. This association is stored as long as the data encrypted with the CMK is still within Amazon CloudWatch Logs. This enables Amazon CloudWatch Logs to decrypt this data whenever it is requested. It can take up to 5 minutes for this operation to take effect.
If you attempt to associate a CMK with a log group but the CMK does not
exist or the CMK is disabled, you receive an
InvalidParameterException
error.
May throw InvalidParameterException. May throw ResourceNotFoundException. May throw OperationAbortedException. May throw ServiceUnavailableException.
Parameter kmsKeyId
:
The Amazon Resource Name (ARN) of the CMK to use when encrypting log data.
This must be a symmetric CMK. For more information, see Amazon
Resource Names - AWS Key Management Service (AWS KMS) and Using
Symmetric and Asymmetric Keys.
Parameter logGroupName
:
The name of the log group.
Implementation
Future<void> associateKmsKey({
required String kmsKeyId,
required String logGroupName,
}) async {
ArgumentError.checkNotNull(kmsKeyId, 'kmsKeyId');
_s.validateStringLength(
'kmsKeyId',
kmsKeyId,
0,
256,
isRequired: true,
);
ArgumentError.checkNotNull(logGroupName, 'logGroupName');
_s.validateStringLength(
'logGroupName',
logGroupName,
1,
512,
isRequired: true,
);
final headers = <String, String>{
'Content-Type': 'application/x-amz-json-1.1',
'X-Amz-Target': 'Logs_20140328.AssociateKmsKey'
};
await _protocol.send(
method: 'POST',
requestUri: '/',
exceptionFnMap: _exceptionFns,
// TODO queryParams
headers: headers,
payload: {
'kmsKeyId': kmsKeyId,
'logGroupName': logGroupName,
},
);
}