Returns information about all grants in the Amazon Web Services account and Region that have the
specified retiring principal.
You can specify any principal in your Amazon Web Services account. The grants that are returned include
grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this
operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.
For detailed information about grants, including grant terminology, see Grants in KMS in the
Key Management Service Developer Guide. For examples of working with grants in several
programming languages, see Programming grants.
Cross-account use: You must specify a principal in your
Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need
kms:ListRetirableGrants permission (or any other additional permission) in any
Amazon Web Services account other than your own.
Required permissions: kms:ListRetirableGrants (IAM policy) in your
Amazon Web Services account.
Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.
You can specify any principal in your Amazon Web Services account. The grants that are returned include grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.
For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.
Cross-account use: You must specify a principal in your Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need
kms:ListRetirableGrantspermission (or any other additional permission) in any Amazon Web Services account other than your own.Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.
Related operations:
CreateGrant
ListGrants
RetireGrant
RevokeGrant
Use a bare-bones client and the command you need to make an API call.
import { KMSClient, ListRetirableGrantsCommand } from "@aws-sdk/client-kms"; // ES Modules import // const { KMSClient, ListRetirableGrantsCommand } = require("@aws-sdk/client-kms"); // CommonJS import const client = new KMSClient(config); const command = new ListRetirableGrantsCommand(input); const response = await client.send(command);ListRetirableGrantsCommandInput for command's
inputshape.ListRetirableGrantsCommandOutput for command's
responseshape.config for KMSClient's
configshape.