KmsGrantConfiguration
A proposed grant configuration for a KMS key. For more information, see CreateGrant.
Contents
- granteePrincipal
-
The principal that is given permission to perform the operations that the grant permits.
Type: String
Required: Yes
- issuingAccount
-
The AWS account under which the grant was issued. The account is used to propose AWS KMS grants issued by accounts other than the owner of the key.
Type: String
Required: Yes
- operations
-
A list of operations that the grant permits.
Type: Array of strings
Valid Values:
CreateGrant | Decrypt | DescribeKey | Encrypt | GenerateDataKey | GenerateDataKeyPair | GenerateDataKeyPairWithoutPlaintext | GenerateDataKeyWithoutPlaintext | GetPublicKey | ReEncryptFrom | ReEncryptTo | RetireGrant | Sign | Verify
Required: Yes
- constraints
-
Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context.
Type: KmsGrantConstraints object
Required: No
- retiringPrincipal
-
The principal that is given permission to retire the grant by using RetireGrant operation.
Type: String
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: