class Aws::AccessAnalyzer::Types::KmsGrantConfiguration
A proposed grant configuration for a KMS key. For more information, see [CreateGrant].
[1]: docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
@note When making an API call, you may pass KmsGrantConfiguration
data as a hash: { constraints: { encryption_context_equals: { "KmsConstraintsKey" => "KmsConstraintsValue", }, encryption_context_subset: { "KmsConstraintsKey" => "KmsConstraintsValue", }, }, grantee_principal: "GranteePrincipal", # required issuing_account: "IssuingAccount", # required operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify retiring_principal: "RetiringPrincipal", }
@!attribute [rw] constraints
Use this structure to propose allowing [cryptographic operations][1] in the grant only when the operation request includes the specified [encryption context][2]. [1]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations [2]: https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context @return [Types::KmsGrantConstraints]
@!attribute [rw] grantee_principal
The principal that is given permission to perform the operations that the grant permits. @return [String]
@!attribute [rw] issuing_account
The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key. @return [String]
@!attribute [rw] operations
A list of operations that the grant permits. @return [Array<String>]
@!attribute [rw] retiring_principal
The principal that is given permission to retire the grant by using [RetireGrant][1] operation. [1]: https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html @return [String]
@see docs.aws.amazon.com/goto/WebAPI/accessanalyzer-2019-11-01/KmsGrantConfiguration AWS API Documentation
Constants
- SENSITIVE