Options
All
  • Public
  • Public/Protected
  • All
Menu

Class ListRetirableGrantsCommand

Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.

You can specify any principal in your Amazon Web Services account. The grants that are returned include grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.

For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.

Cross-account use: You must specify a principal in your Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need kms:ListRetirableGrants permission (or any other additional permission) in any Amazon Web Services account other than your own.

Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.

Related operations:

example

Use a bare-bones client and the command you need to make an API call.

import { KMSClient, ListRetirableGrantsCommand } from "@aws-sdk/client-kms"; // ES Modules import
// const { KMSClient, ListRetirableGrantsCommand } = require("@aws-sdk/client-kms"); // CommonJS import
const client = new KMSClient(config);
const command = new ListRetirableGrantsCommand(input);
const response = await client.send(command);
see

ListRetirableGrantsCommandInput for command's input shape.

see

ListRetirableGrantsCommandOutput for command's response shape.

see

config for KMSClient's config shape.

Hierarchy

Implements

Index

Constructors

constructor

Properties

Readonly input

input: ListRetirableGrantsCommandInput

Readonly middlewareStack

Methods

Static getEndpointParameterInstructions