KmsGrantConfiguration - IAM Access Analyzer

KmsGrantConfiguration

A proposed grant configuration for a KMS key. For more information, see CreateGrant.

Contents

granteePrincipal

The principal that is given permission to perform the operations that the grant permits.

Type: String

Required: Yes

issuingAccount

The AWS account under which the grant was issued. The account is used to propose AWS KMS grants issued by accounts other than the owner of the key.

Type: String

Required: Yes

operations

A list of operations that the grant permits.

Type: Array of strings

Valid Values: CreateGrant | Decrypt | DescribeKey | Encrypt | GenerateDataKey | GenerateDataKeyPair | GenerateDataKeyPairWithoutPlaintext | GenerateDataKeyWithoutPlaintext | GetPublicKey | ReEncryptFrom | ReEncryptTo | RetireGrant | Sign | Verify

Required: Yes

constraints

Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context.

Type: KmsGrantConstraints object

Required: No

retiringPrincipal

The principal that is given permission to retire the grant by using RetireGrant operation.

Type: String

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: