Class: Aws::AccessAnalyzer::Types::KmsGrantConfiguration

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb

Overview

Note:

When making an API call, you may pass KmsGrantConfiguration data as a hash:

{
  constraints: {
    encryption_context_equals: {
      "KmsConstraintsKey" => "KmsConstraintsValue",
    },
    encryption_context_subset: {
      "KmsConstraintsKey" => "KmsConstraintsValue",
    },
  },
  grantee_principal: "GranteePrincipal", # required
  issuing_account: "IssuingAccount", # required
  operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
  retiring_principal: "RetiringPrincipal",
}

A proposed grant configuration for a KMS key. For more information, see CreateGrant.

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#constraintsTypes::KmsGrantConstraints

Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context.



1822
1823
1824
1825
1826
1827
1828
1829
1830
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 1822

class KmsGrantConfiguration < Struct.new(
  :constraints,
  :grantee_principal,
  :issuing_account,
  :operations,
  :retiring_principal)
  SENSITIVE = []
  include Aws::Structure
end

#grantee_principalString

The principal that is given permission to perform the operations that the grant permits.

Returns:

  • (String)


1822
1823
1824
1825
1826
1827
1828
1829
1830
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 1822

class KmsGrantConfiguration < Struct.new(
  :constraints,
  :grantee_principal,
  :issuing_account,
  :operations,
  :retiring_principal)
  SENSITIVE = []
  include Aws::Structure
end

#issuing_accountString

The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key.

Returns:

  • (String)


1822
1823
1824
1825
1826
1827
1828
1829
1830
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 1822

class KmsGrantConfiguration < Struct.new(
  :constraints,
  :grantee_principal,
  :issuing_account,
  :operations,
  :retiring_principal)
  SENSITIVE = []
  include Aws::Structure
end

#operationsArray<String>

A list of operations that the grant permits.

Returns:

  • (Array<String>)


1822
1823
1824
1825
1826
1827
1828
1829
1830
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 1822

class KmsGrantConfiguration < Struct.new(
  :constraints,
  :grantee_principal,
  :issuing_account,
  :operations,
  :retiring_principal)
  SENSITIVE = []
  include Aws::Structure
end

#retiring_principalString

The principal that is given permission to retire the grant by using RetireGrant operation.

Returns:

  • (String)


1822
1823
1824
1825
1826
1827
1828
1829
1830
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 1822

class KmsGrantConfiguration < Struct.new(
  :constraints,
  :grantee_principal,
  :issuing_account,
  :operations,
  :retiring_principal)
  SENSITIVE = []
  include Aws::Structure
end