KeyGrants
- class aws_cdk.aws_kms.KeyGrants(*args: Any, **kwargs)
Bases:
objectCollection of grant methods for an IKey.
- ExampleMetadata:
fixture=_generated
Example:
# The code below shows an example of how to instantiate this type. # The values are placeholders you should change. from aws_cdk import aws_kms as kms from aws_cdk.interfaces import aws_kms as interfaces_kms # key_ref: interfaces_kms.IKeyRef key_grants = kms.KeyGrants.from_key(key_ref, False)
Methods
- actions(grantee, *actions)
Grant the indicated permissions on this key to the given principal.
This modifies both the principal’s policy as well as the resource policy, since the default CloudFormation setup for KMS keys is that the policy must not be empty and so default grants won’t work.
- Parameters:
grantee (
IGrantable)actions (
str)
- Return type:
- decrypt(grantee)
Grant decryption permissions using this key to the given principal.
- Parameters:
grantee (
IGrantable)- Return type:
- encrypt(grantee)
Grant encryption permissions using this key to the given principal.
- Parameters:
grantee (
IGrantable)- Return type:
- encrypt_decrypt(grantee)
Grant encryption and decryption permissions using this key to the given principal.
- Parameters:
grantee (
IGrantable)- Return type:
- generate_mac(grantee)
Grant permissions to generating MACs to the given principal.
- Parameters:
grantee (
IGrantable)- Return type:
- sign(grantee)
Grant sign permissions using this key to the given principal.
- Parameters:
grantee (
IGrantable)- Return type:
- sign_verify(grantee)
Grant sign and verify permissions using this key to the given principal.
- Parameters:
grantee (
IGrantable)- Return type:
- verify(grantee)
Grant verify permissions using this key to the given principal.
- Parameters:
grantee (
IGrantable)- Return type:
- verify_mac(grantee)
Grant permissions to verifying MACs to the given principal.
- Parameters:
grantee (
IGrantable)- Return type:
Static Methods