Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- import boto3
- import json
- # Create an S3 client
- client = boto3.client('kms', region_name='ap-southeast-2')
- #laydown policies for the key
- key_policy = {
- "Version": "2012-10-17",
- "Id": "key-consolepolicy-3",
- "Statement": [
- {
- "Sid": "Enable IAM User Permissions",
- "Effect": "Allow",
- "Principal": {
- "AWS": "arn:aws:iam::032418238795:root"
- },
- "Action": "kms:*",
- "Resource": "*"
- },
- {
- "Sid": "Allow access for Key Administrators",
- "Effect": "Allow",
- "Principal": {
- "AWS": "arn:aws:iam::032418238795:user/CITS5503/21999347@student.uwa.edu.au"
- },
- "Action": [
- "kms:Create*",
- "kms:Describe*",
- "kms:Enable*",
- "kms:List*",
- "kms:Put*",
- "kms:Update*",
- "kms:Revoke*",
- "kms:Disable*",
- "kms:Get*",
- "kms:Delete*",
- "kms:TagResource",
- "kms:UntagResource",
- "kms:ScheduleKeyDeletion",
- "kms:CancelKeyDeletion"
- ],
- "Resource": "*"
- },
- {
- "Sid": "Allow use of the key",
- "Effect": "Allow",
- "Principal": {
- "AWS": "arn:aws:iam::032418238795:user/CITS5503/21999347@student.uwa.edu.au"
- },
- "Action": [
- "kms:Encrypt",
- "kms:Decrypt",
- "kms:ReEncrypt*",
- "kms:GenerateDataKey*",
- "kms:DescribeKey"
- ],
- "Resource": "*"
- },
- {
- "Sid": "Allow attachment of persistent resources",
- "Effect": "Allow",
- "Principal": {
- "AWS": "arn:aws:iam::032418238795:user/CITS5503/21999347@student.uwa.edu.au"
- },
- "Action": [
- "kms:CreateGrant",
- "kms:ListGrants",
- "kms:RevokeGrant"
- ],
- "Resource": "*",
- "Condition": {
- "Bool": {
- "kms:GrantIsForAWSResource": "true"
- }
- }
- }
- ]
- }
- #serialise key policies
- key_policy = json.dumps(key_policy)
- try:
- response = client.create_key(
- Policy=key_policy,
- Description='description',
- KeyUsage='ENCRYPT_DECRYPT',
- Origin='AWS_KMS'
- )
- aliasname = "alias/21999347-1231"
- cmk_key_arn = response['KeyMetadata']['Arn']
- client.create_alias(AliasName=aliasname, TargetKeyId=cmk_key_arn)
- res = client.describe_key(KeyId=aliasname)
- # assert res['KeyMetadata']['Arn'] == cmk_key_arn
- print("your Key id is:")
- print (res['KeyMetadata']['KeyId'])
- except Exception as error:
- print(error)
Add Comment
Please, Sign In to add comment