class Aws::AccessAnalyzer::Types::KmsGrantConfiguration

A proposed grant configuration for a KMS key. For more information, see [CreateGrant].

[1]: docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html

@note When making an API call, you may pass KmsGrantConfiguration

data as a hash:

    {
      constraints: {
        encryption_context_equals: {
          "KmsConstraintsKey" => "KmsConstraintsValue",
        },
        encryption_context_subset: {
          "KmsConstraintsKey" => "KmsConstraintsValue",
        },
      },
      grantee_principal: "GranteePrincipal", # required
      issuing_account: "IssuingAccount", # required
      operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
      retiring_principal: "RetiringPrincipal",
    }

@!attribute [rw] constraints

Use this structure to propose allowing [cryptographic operations][1]
in the grant only when the operation request includes the specified
[encryption context][2].

[1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
[2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context
@return [Types::KmsGrantConstraints]

@!attribute [rw] grantee_principal

The principal that is given permission to perform the operations
that the grant permits.
@return [String]

@!attribute [rw] issuing_account

The Amazon Web Services account under which the grant was issued.
The account is used to propose KMS grants issued by accounts other
than the owner of the key.
@return [String]

@!attribute [rw] operations

A list of operations that the grant permits.
@return [Array<String>]

@!attribute [rw] retiring_principal

The principal that is given permission to retire the grant by using
[RetireGrant][1] operation.

[1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html
@return [String]

@see docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsGrantConfiguration AWS API Documentation

Constants

SENSITIVE