New API Documentation - Developer Preview Available
We are excited to announce the developer preview of our new API documentation for AWS SDK for JavaScript v3. Please follow instructions on the landing page to leave us your feedback.
Returns information about all grants in the Amazon Web Services account and Region that have the
specified retiring principal.
You can specify any principal in your Amazon Web Services account. The grants that are returned include
grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this
operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.
For detailed information about grants, including grant terminology, see Grants in KMS in the
Key Management Service Developer Guide. For examples of working with grants in several
programming languages, see Programming grants.
Cross-account use: You must specify a principal in your
Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need
kms:ListRetirableGrants permission (or any other additional permission) in any
Amazon Web Services account other than your own.
Required permissions: kms:ListRetirableGrants (IAM policy) in your
Amazon Web Services account.
Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.
You can specify any principal in your Amazon Web Services account. The grants that are returned include grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.
For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.
Cross-account use: You must specify a principal in your Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need
kms:ListRetirableGrants
permission (or any other additional permission) in any Amazon Web Services account other than your own.Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.
Related operations:
CreateGrant
ListGrants
RetireGrant
RevokeGrant
Example
Use a bare-bones client and the command you need to make an API call.
Param
ListRetirableGrantsCommandInput
Returns
ListRetirableGrantsCommandOutput
See
input
shape.response
shape.config
shape.Throws
DependencyTimeoutException (server fault)
The system timed out while trying to fulfill the request. You can retry the request.
Throws
InvalidArnException (client fault)
The request was rejected because a specified ARN, or an ARN in a key policy, is not valid.
Throws
InvalidMarkerException (client fault)
The request was rejected because the marker that specifies where pagination should next begin is not valid.
Throws
KMSInternalException (server fault)
The request was rejected because an internal exception occurred. The request can be retried.
Throws
NotFoundException (client fault)
The request was rejected because the specified entity or resource could not be found.
Throws
KMSServiceException
Base exception class for all service exceptions from KMS service.
Example
To list grants that the specified principal can retire