Options
All
  • Public
  • Public/Protected
  • All
Menu

Class RevokeGrantCommand

Deletes the specified grant. You revoke a grant to terminate the permissions that the grant allows. For more information, see Retiring and revoking grants in the Key Management Service Developer Guide .

When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. For details, see Eventual consistency in the Key Management Service Developer Guide .

For detailed information about grants, including grant terminology, see Grants in KMS in the Key Management Service Developer Guide . For examples of working with grants in several programming languages, see Programming grants.

Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

Required permissions: kms:RevokeGrant (key policy).

Related operations:

example

Use a bare-bones client and the command you need to make an API call.

import { KMSClient, RevokeGrantCommand } from "@aws-sdk/client-kms"; // ES Modules import
// const { KMSClient, RevokeGrantCommand } = require("@aws-sdk/client-kms"); // CommonJS import
const client = new KMSClient(config);
const command = new RevokeGrantCommand(input);
const response = await client.send(command);
see

RevokeGrantCommandInput for command's input shape.

see

RevokeGrantCommandOutput for command's response shape.

see

config for KMSClient's config shape.

Hierarchy

Implements

Index

Constructors

constructor

Properties

Readonly input

input: RevokeGrantCommandInput

Readonly middlewareStack

middlewareStack: IMiddlewareStack<RevokeGrantCommandInput, RevokeGrantCommandOutput>

Methods

Static getEndpointParameterInstructions