-
Notifications
You must be signed in to change notification settings - Fork 597
/
api_op_AssociateEnclaveCertificateIamRole.go
145 lines (129 loc) · 5.38 KB
/
api_op_AssociateEnclaveCertificateIamRole.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
// Code generated by smithy-go-codegen DO NOT EDIT.
package ec2
import (
"context"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// Associates an AWS Identity and Access Management (IAM) role with an AWS
// Certificate Manager (ACM) certificate. This enables the certificate to be used
// by the ACM for Nitro Enclaves application inside an enclave. For more
// information, see AWS Certificate Manager for Nitro Enclaves
// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) in
// the AWS Nitro Enclaves User Guide. When the IAM role is associated with the ACM
// certificate, the certificate, certificate chain, and encrypted private key are
// placed in an Amazon S3 bucket that only the associated IAM role can access. The
// private key of the certificate is encrypted with an AWS-managed KMS customer
// master (CMK) that has an attached attestation-based CMK policy. To enable the
// IAM role to access the Amazon S3 object, you must grant it permission to call
// s3:GetObject on the Amazon S3 bucket returned by the command. To enable the IAM
// role to access the AWS KMS CMK, you must grant it permission to call kms:Decrypt
// on the AWS KMS CMK returned by the command. For more information, see Grant the
// role permission to access the certificate and encryption key
// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy)
// in the AWS Nitro Enclaves User Guide.
func (c *Client) AssociateEnclaveCertificateIamRole(ctx context.Context, params *AssociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*AssociateEnclaveCertificateIamRoleOutput, error) {
if params == nil {
params = &AssociateEnclaveCertificateIamRoleInput{}
}
result, metadata, err := c.invokeOperation(ctx, "AssociateEnclaveCertificateIamRole", params, optFns, addOperationAssociateEnclaveCertificateIamRoleMiddlewares)
if err != nil {
return nil, err
}
out := result.(*AssociateEnclaveCertificateIamRoleOutput)
out.ResultMetadata = metadata
return out, nil
}
type AssociateEnclaveCertificateIamRoleInput struct {
// The ARN of the ACM certificate with which to associate the IAM role.
CertificateArn *string
// Checks whether you have the required permissions for the action, without
// actually making the request, and provides an error response. If you have the
// required permissions, the error response is DryRunOperation. Otherwise, it is
// UnauthorizedOperation.
DryRun *bool
// The ARN of the IAM role to associate with the ACM certificate. You can associate
// up to 16 IAM roles with an ACM certificate.
RoleArn *string
}
type AssociateEnclaveCertificateIamRoleOutput struct {
// The name of the Amazon S3 bucket to which the certificate was uploaded.
CertificateS3BucketName *string
// The Amazon S3 object key where the certificate, certificate chain, and encrypted
// private key bundle are stored. The object key is formatted as follows:
// role_arn/certificate_arn.
CertificateS3ObjectKey *string
// The ID of the AWS KMS CMK used to encrypt the private key of the certificate.
EncryptionKmsKeyId *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
}
func addOperationAssociateEnclaveCertificateIamRoleMiddlewares(stack *middleware.Stack, options Options) (err error) {
err = stack.Serialize.Add(&awsEc2query_serializeOpAssociateEnclaveCertificateIamRole{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsEc2query_deserializeOpAssociateEnclaveCertificateIamRole{}, middleware.After)
if err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
return err
}
if err = addClientUserAgent(stack); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssociateEnclaveCertificateIamRole(options.Region), middleware.Before); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
return nil
}
func newServiceMetadataMiddleware_opAssociateEnclaveCertificateIamRole(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "ec2",
OperationName: "AssociateEnclaveCertificateIamRole",
}
}