# CreateKeyGroup
<a name="API_CreateKeyGroup"></a>

Creates a key group that you can use with [CloudFront signed URLs and signed cookies](https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html).

To create a key group, you must specify at least one public key for the key group. After you create a key group, you can reference it from one or more cache behaviors. When you reference a key group in a cache behavior, CloudFront requires signed URLs or signed cookies for all requests that match the cache behavior. The URLs or cookies must be signed with a private key whose corresponding public key is in the key group. The signed URL or cookie contains information about which public key CloudFront should use to verify the signature. For more information, see [Serving private content](https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/PrivateContent.html) in the *Amazon CloudFront Developer Guide*.

## Request Syntax
<a name="API_CreateKeyGroup_RequestSyntax"></a>

```
POST /2020-05-31/key-group HTTP/1.1
<?xml version="1.0" encoding="UTF-8"?>
<KeyGroupConfig xmlns="http://cloudfront.amazonaws.com/doc/2020-05-31/">
   <Comment>string</Comment>
   <Items>
      <PublicKey>string</PublicKey>
   </Items>
   <Name>string</Name>
</KeyGroupConfig>
```

## URI Request Parameters
<a name="API_CreateKeyGroup_RequestParameters"></a>

The request does not use any URI parameters.

## Request Body
<a name="API_CreateKeyGroup_RequestBody"></a>

The request accepts the following data in XML format.

 ** [KeyGroupConfig](#API_CreateKeyGroup_RequestSyntax) **   <a name="cloudfront-CreateKeyGroup-request-KeyGroupConfig"></a>
Root level tag for the KeyGroupConfig parameters.  
Required: Yes

 ** [Comment](#API_CreateKeyGroup_RequestSyntax) **   <a name="cloudfront-CreateKeyGroup-request-Comment"></a>
A comment to describe the key group. The comment cannot be longer than 128 characters.  
Type: String  
Required: No

 ** [Items](#API_CreateKeyGroup_RequestSyntax) **   <a name="cloudfront-CreateKeyGroup-request-Items"></a>
A list of the identifiers of the public keys in the key group.  
Type: Array of strings  
Required: Yes

 ** [Name](#API_CreateKeyGroup_RequestSyntax) **   <a name="cloudfront-CreateKeyGroup-request-Name"></a>
A name to identify the key group.  
Type: String  
Required: Yes

## Response Syntax
<a name="API_CreateKeyGroup_ResponseSyntax"></a>

```
HTTP/1.1 201
<?xml version="1.0" encoding="UTF-8"?>
<KeyGroup>
   <Id>string</Id>
   <KeyGroupConfig>
      <Comment>string</Comment>
      <Items>
         <PublicKey>string</PublicKey>
      </Items>
      <Name>string</Name>
   </KeyGroupConfig>
   <LastModifiedTime>timestamp</LastModifiedTime>
</KeyGroup>
```

## Response Elements
<a name="API_CreateKeyGroup_ResponseElements"></a>

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in XML format by the service.

 ** [KeyGroup](#API_CreateKeyGroup_ResponseSyntax) **   <a name="cloudfront-CreateKeyGroup-response-KeyGroup"></a>
Root level tag for the KeyGroup parameters.  
Required: Yes

 ** [Id](#API_CreateKeyGroup_ResponseSyntax) **   <a name="cloudfront-CreateKeyGroup-response-Id"></a>
The identifier for the key group.  
Type: String

 ** [KeyGroupConfig](#API_CreateKeyGroup_ResponseSyntax) **   <a name="cloudfront-CreateKeyGroup-response-KeyGroupConfig"></a>
The key group configuration.  
Type: [KeyGroupConfig](API_KeyGroupConfig.md) object

 ** [LastModifiedTime](#API_CreateKeyGroup_ResponseSyntax) **   <a name="cloudfront-CreateKeyGroup-response-LastModifiedTime"></a>
The date and time when the key group was last modified.  
Type: Timestamp

## Errors
<a name="API_CreateKeyGroup_Errors"></a>

For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md).

 ** InvalidArgument **   
An argument is invalid.  
HTTP Status Code: 400

 ** KeyGroupAlreadyExists **   
A key group with this name already exists. You must provide a unique name. To modify an existing key group, use `UpdateKeyGroup`.  
HTTP Status Code: 409

 ** TooManyKeyGroups **   
You have reached the maximum number of key groups for this Amazon Web Services account. For more information, see [Quotas](https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) (formerly known as limits) in the *Amazon CloudFront Developer Guide*.  
HTTP Status Code: 400

 ** TooManyPublicKeysInKeyGroup **   
The number of public keys in this key group is more than the maximum allowed. For more information, see [Quotas](https://docs.amazonaws.cn/AmazonCloudFront/latest/DeveloperGuide/cloudfront-limits.html) (formerly known as limits) in the *Amazon CloudFront Developer Guide*.  
HTTP Status Code: 400

## See Also
<a name="API_CreateKeyGroup_SeeAlso"></a>

For more information about using this API in one of the language-specific Amazon SDKs, see the following:
+  [Amazon Command Line Interface V2](https://docs.amazonaws.cn/goto/cli2/cloudfront-2020-05-31/CreateKeyGroup) 
+  [Amazon SDK for .NET V4](https://docs.amazonaws.cn/goto/DotNetSDKV4/cloudfront-2020-05-31/CreateKeyGroup) 
+  [Amazon SDK for C\$1\$1](https://docs.amazonaws.cn/goto/SdkForCpp/cloudfront-2020-05-31/CreateKeyGroup) 
+  [Amazon SDK for Go v2](https://docs.amazonaws.cn/goto/SdkForGoV2/cloudfront-2020-05-31/CreateKeyGroup) 
+  [Amazon SDK for Java V2](https://docs.amazonaws.cn/goto/SdkForJavaV2/cloudfront-2020-05-31/CreateKeyGroup) 
+  [Amazon SDK for JavaScript V3](https://docs.amazonaws.cn/goto/SdkForJavaScriptV3/cloudfront-2020-05-31/CreateKeyGroup) 
+  [Amazon SDK for Kotlin](https://docs.amazonaws.cn/goto/SdkForKotlin/cloudfront-2020-05-31/CreateKeyGroup) 
+  [Amazon SDK for PHP V3](https://docs.amazonaws.cn/goto/SdkForPHPV3/cloudfront-2020-05-31/CreateKeyGroup) 
+  [Amazon SDK for Python](https://docs.amazonaws.cn/goto/boto3/cloudfront-2020-05-31/CreateKeyGroup) 
+  [Amazon SDK for Ruby V3](https://docs.amazonaws.cn/goto/SdkForRubyV3/cloudfront-2020-05-31/CreateKeyGroup)