Gets a list of all grants for the specified KMS key.
You must specify the KMS key in all requests. You can filter the grant list by grant ID or grantee principal.
For detailed information about grants, including grant terminology, see
Grants in KMS in the
Key Management Service Developer Guide. For examples of working with grants in several programming languages, see
Programming grants.
The
GranteePrincipal field in the
ListGrants response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an Amazon Web Services service, the
GranteePrincipal field contains the
service principal, which might represent several different grantee principals.
Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the
KeyId parameter.
Required permissions:
kms:ListGrants (key policy)
Related operations:Eventual consistency: The KMS API follows an eventual consistency model. For more information, see
KMS eventual consistency.
This cmdlet automatically pages all available results to the pipeline - parameters related to iteration are only needed if you want to manually control the paginated output. To disable autopagination, use -NoAutoIteration.
Note: For scripts written against earlier versions of this module this cmdlet can also be invoked with the alias,
Get-KMSGrants.