CreateApplicationAccessPoint - Key Management Service - Alibaba Cloud Documentation Center

Creates an application access point (AAP)

Operation description

To perform cryptographic operations and retrieve secret values, self-managed applications must use a client key to access a Key Management Service (KMS) instance. The following process shows how to create a client key-based AAP:

1.Create a network access rule: You can configure the private IP addresses or private CIDR blocks that are allowed to access KMS. For more information, see CreateNetworkRule .

2.Create a permission policy: You can configure the keys and secrets that are allowed to access and bind network access rules to the keys and secrets. For more information, see CreatePolicy .

3.Create an AAP: You can configure an authentication method and bind a permission policy to an AAP. This topic describes how to create an AAP.

4.Create a client key: You can configure the encryption password and validity period of a client key and bind the client key to an AAP. For more information, see CreateClientKey .

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
Name	string	Yes	The name of the AAP.	aap_test
Description	string	No	The description of the AAP.	aap description
AuthenticationMethod	string	No	The authentication method. Currently, only ClientKey is supported.	ClientKey
Policies	string	Yes	The permission policy. Note You can bind up to three permission policies to each AAP.	["kst-hzz62ee817bvyyr5x**.efkd","kst-hzz62ee817bvyyr5x**.eyyp"]

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	bcfefe15-46f0-44a3-bd96-3d422474b71a
Description	string	The description of the AAP.	aap description
Policies	string	The permission policy.	["kst-hzz62ee817bvyyr5x**.efkd","kst-hzz62ee817bvyyr5x**.eyyp"]
Name	string	The name of the AAP.	aap_test
Arn	string	The Alibaba Cloud Resource Name (ARN) of the AAP.	acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test
AuthenticationMethod	string	The authentication method.	ClientKey

Examples

Sample success responses

JSONformat

{
  "RequestId": "bcfefe15-46f0-44a3-bd96-3d422474b71a",
  "Description": "aap description",
  "Policies": [
    "kst-hzz62ee817bvyyr5x****.efkd",
    "kst-hzz62ee817bvyyr5x****.eyyp"
  ],
  "Name": "aap_test",
  "Arn": "acs:kms:cn-hangzhou:119285303511****:applicationaccesspoint/aap_test",
  "AuthenticationMethod": "ClientKey"
}

Error codes

HTTP status code	Error code	Error message	Description
409	Rejected.ResourceExist	The request was rejected because the resource already exists.	The resource already exists.

For a list of error codes, visit the Service error codes.

Change history

Change time	Summary of changes	Operation
2023-10-23	API Description Update. The Error code has changed	View Change Details