class Aws::AccessAnalyzer::Types::KmsGrantConstraints
Use this structure to propose allowing [cryptographic operations] in the grant only when the operation request includes the specified [encryption context]. You can specify only one type of encryption context. An empty map is treated as not specified. For more information, see [GrantConstraints].
[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations [2]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context [3]: docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
@note When making an API call, you may pass KmsGrantConstraints
data as a hash: { encryption_context_equals: { "KmsConstraintsKey" => "KmsConstraintsValue", }, encryption_context_subset: { "KmsConstraintsKey" => "KmsConstraintsValue", }, }
@!attribute [rw] encryption_context_equals
A list of key-value pairs that must match the encryption context in the [cryptographic operation][1] request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint. [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations @return [Hash<String,String>]
@!attribute [rw] encryption_context_subset
A list of key-value pairs that must be included in the encryption context of the [cryptographic operation][1] request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs. [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations @return [Hash<String,String>]
@see docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsGrantConstraints AWS API Documentation
Constants
- SENSITIVE