-
Notifications
You must be signed in to change notification settings - Fork 597
/
api_op_AssociateEnclaveCertificateIamRole.go
157 lines (139 loc) · 5.61 KB
/
api_op_AssociateEnclaveCertificateIamRole.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
// Code generated by smithy-go-codegen DO NOT EDIT.
package ec2
import (
"context"
awsmiddleware "github.com/aws/aws-sdk-go-v2/aws/middleware"
"github.com/aws/aws-sdk-go-v2/aws/signer/v4"
"github.com/aws/smithy-go/middleware"
smithyhttp "github.com/aws/smithy-go/transport/http"
)
// Associates an Identity and Access Management (IAM) role with an Certificate
// Manager (ACM) certificate. This enables the certificate to be used by the ACM
// for Nitro Enclaves application inside an enclave. For more information, see
// Certificate Manager for Nitro Enclaves
// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html) in
// the Amazon Web Services Nitro Enclaves User Guide. When the IAM role is
// associated with the ACM certificate, the certificate, certificate chain, and
// encrypted private key are placed in an Amazon S3 location that only the
// associated IAM role can access. The private key of the certificate is encrypted
// with an Amazon Web Services managed key that has an attached attestation-based
// key policy. To enable the IAM role to access the Amazon S3 object, you must
// grant it permission to call s3:GetObject on the Amazon S3 bucket returned by the
// command. To enable the IAM role to access the KMS key, you must grant it
// permission to call kms:Decrypt on the KMS key returned by the command. For more
// information, see Grant the role permission to access the certificate and
// encryption key
// (https://docs.aws.amazon.com/enclaves/latest/user/nitro-enclave-refapp.html#add-policy)
// in the Amazon Web Services Nitro Enclaves User Guide.
func (c *Client) AssociateEnclaveCertificateIamRole(ctx context.Context, params *AssociateEnclaveCertificateIamRoleInput, optFns ...func(*Options)) (*AssociateEnclaveCertificateIamRoleOutput, error) {
if params == nil {
params = &AssociateEnclaveCertificateIamRoleInput{}
}
result, metadata, err := c.invokeOperation(ctx, "AssociateEnclaveCertificateIamRole", params, optFns, c.addOperationAssociateEnclaveCertificateIamRoleMiddlewares)
if err != nil {
return nil, err
}
out := result.(*AssociateEnclaveCertificateIamRoleOutput)
out.ResultMetadata = metadata
return out, nil
}
type AssociateEnclaveCertificateIamRoleInput struct {
// The ARN of the ACM certificate with which to associate the IAM role.
//
// This member is required.
CertificateArn *string
// The ARN of the IAM role to associate with the ACM certificate. You can associate
// up to 16 IAM roles with an ACM certificate.
//
// This member is required.
RoleArn *string
// Checks whether you have the required permissions for the action, without
// actually making the request, and provides an error response. If you have the
// required permissions, the error response is DryRunOperation. Otherwise, it is
// UnauthorizedOperation.
DryRun *bool
noSmithyDocumentSerde
}
type AssociateEnclaveCertificateIamRoleOutput struct {
// The name of the Amazon S3 bucket to which the certificate was uploaded.
CertificateS3BucketName *string
// The Amazon S3 object key where the certificate, certificate chain, and encrypted
// private key bundle are stored. The object key is formatted as follows:
// role_arn/certificate_arn.
CertificateS3ObjectKey *string
// The ID of the KMS key used to encrypt the private key of the certificate.
EncryptionKmsKeyId *string
// Metadata pertaining to the operation's result.
ResultMetadata middleware.Metadata
noSmithyDocumentSerde
}
func (c *Client) addOperationAssociateEnclaveCertificateIamRoleMiddlewares(stack *middleware.Stack, options Options) (err error) {
err = stack.Serialize.Add(&awsEc2query_serializeOpAssociateEnclaveCertificateIamRole{}, middleware.After)
if err != nil {
return err
}
err = stack.Deserialize.Add(&awsEc2query_deserializeOpAssociateEnclaveCertificateIamRole{}, middleware.After)
if err != nil {
return err
}
if err = addSetLoggerMiddleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddClientRequestIDMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddComputeContentLengthMiddleware(stack); err != nil {
return err
}
if err = addResolveEndpointMiddleware(stack, options); err != nil {
return err
}
if err = v4.AddComputePayloadSHA256Middleware(stack); err != nil {
return err
}
if err = addRetryMiddlewares(stack, options); err != nil {
return err
}
if err = addHTTPSignerV4Middleware(stack, options); err != nil {
return err
}
if err = awsmiddleware.AddRawResponseToMetadata(stack); err != nil {
return err
}
if err = awsmiddleware.AddRecordResponseTiming(stack); err != nil {
return err
}
if err = addClientUserAgent(stack); err != nil {
return err
}
if err = smithyhttp.AddErrorCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = smithyhttp.AddCloseResponseBodyMiddleware(stack); err != nil {
return err
}
if err = addOpAssociateEnclaveCertificateIamRoleValidationMiddleware(stack); err != nil {
return err
}
if err = stack.Initialize.Add(newServiceMetadataMiddleware_opAssociateEnclaveCertificateIamRole(options.Region), middleware.Before); err != nil {
return err
}
if err = addRequestIDRetrieverMiddleware(stack); err != nil {
return err
}
if err = addResponseErrorMiddleware(stack); err != nil {
return err
}
if err = addRequestResponseLogging(stack, options); err != nil {
return err
}
return nil
}
func newServiceMetadataMiddleware_opAssociateEnclaveCertificateIamRole(region string) *awsmiddleware.RegisterServiceMetadata {
return &awsmiddleware.RegisterServiceMetadata{
Region: region,
ServiceID: ServiceID,
SigningName: "ec2",
OperationName: "AssociateEnclaveCertificateIamRole",
}
}