Creates an application access point (AAP)
Usage notes
To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based AAP:
1. Create a network access rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access KMS. For more information, see CreateNetworkRule.
2. Create a permission policy: You can configure the keys and secrets that are allowed to access and bind network access rules to the keys and secrets. For more information, see CreatePolicy.
3. Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. This topic describes how to create an AAP.
4. Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see CreateClientKey.
Debugging
Request parameters
|
Parameter |
Type |
Required |
Example |
Description |
| Action | String | Yes | CreateApplicationAccessPoint | The operation that you want to perform. Set the value to CreateApplicationAccessPoint. |
| Name | String | Yes | aap_test | The name of the AAP. |
| Description | String | No | aap description | The description of the AAP. |
| AuthenticationMethod | String | No | ClientKey | The authentication method. Currently, only ClientKey is supported. |
| Policies | String | Yes | ["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"] | The permission policy. Note You can bind up to three permission policies to each AAP. |
Response parameters
Parameter |
Type |
Example |
Description |
| RequestId | String | bcfefe15-46f0-44a3-bd96-3d422474b71a | The ID of the request, which is used to locate and troubleshoot issues. |
| Description | String | aap description | The description of the AAP. |
| Policies | String | ["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"] | The permission policy. |
| Name | String | aap_test | The name of the AAP. |
| Arn | String | acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test | The Alibaba Cloud Resource Name (ARN) of the AAP. |
| AuthenticationMethod | String | ClientKey | The authentication method. |
Examples
Sample requests
http(s)://[Endpoint]/?Action=CreateApplicationAccessPoint
&Name=aap_test
&Description=aap description
&AuthenticationMethod=ClientKey
&Policies=["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]
&<Common request parameters>Sample success responses
XML format
HTTP/1.1 200 OK
Content-Type:application/xml
<CreateApplicationAccessPointResponse>
<RequestId>bcfefe15-46f0-44a3-bd96-3d422474b71a</RequestId>
<Description>aap description</Description>
<Policies>["kst-hzz62ee817bvyyr5x****.efkd","kst-hzz62ee817bvyyr5x****.eyyp"]</Policies>
<Name>aap_test</Name>
<Arn>acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test</Arn>
<AuthenticationMethod>ClientKey</AuthenticationMethod>
</CreateApplicationAccessPointResponse>JSON format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "bcfefe15-46f0-44a3-bd96-3d422474b71a",
"Description" : "aap description",
"Policies" : "[\"kst-hzz62ee817bvyyr5x****.efkd\",\"kst-hzz62ee817bvyyr5x****.eyyp\"]",
"Name" : "aap_test",
"Arn" : "acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test",
"AuthenticationMethod" : "ClientKey"
}Error codes
|
HTTP status code |
Error code |
Error message |
Description |
| 409 | Rejected.ResourceExist | The request was rejected because the resource already exists. | The resource already exists. |
For a list of error codes, see Service error codes.