Class: Aws::AccessAnalyzer::Types::KmsKeyConfiguration

Inherits:
Struct
  • Object
show all
Defined in:
gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb

Overview

Note:

When making an API call, you may pass KmsKeyConfiguration data as a hash:

{
  grants: [
    {
      constraints: {
        encryption_context_equals: {
          "KmsConstraintsKey" => "KmsConstraintsValue",
        },
        encryption_context_subset: {
          "KmsConstraintsKey" => "KmsConstraintsValue",
        },
      },
      grantee_principal: "GranteePrincipal", # required
      issuing_account: "IssuingAccount", # required
      operations: ["CreateGrant"], # required, accepts CreateGrant, Decrypt, DescribeKey, Encrypt, GenerateDataKey, GenerateDataKeyPair, GenerateDataKeyPairWithoutPlaintext, GenerateDataKeyWithoutPlaintext, GetPublicKey, ReEncryptFrom, ReEncryptTo, RetireGrant, Sign, Verify
      retiring_principal: "RetiringPrincipal",
    },
  ],
  key_policies: {
    "PolicyName" => "KmsKeyPolicy",
  },
}

Proposed access control configuration for a KMS key. You can propose a configuration for a new KMS key or an existing KMS key that you own by specifying the key policy and KMS grant configuration. If the configuration is for an existing key and you do not specify the key policy, the access preview uses the existing policy for the key. If the access preview is for a new resource and you do not specify the key policy, then the access preview uses the default key policy. The proposed key policy cannot be an empty string. For more information, see Default key policy. For more information about key policy limits, see Resource quotas.

Constant Summary collapse

SENSITIVE =
[]

Instance Attribute Summary collapse

Instance Attribute Details

#grantsArray<Types::KmsGrantConfiguration>

A list of proposed grant configurations for the KMS key. If the proposed grant configuration is for an existing key, the access preview uses the proposed list of grant configurations in place of the existing grants. Otherwise, the access preview uses the existing grants for the key.

Returns:



1951
1952
1953
1954
1955
1956
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 1951

class KmsKeyConfiguration < Struct.new(
  :grants,
  :key_policies)
  SENSITIVE = []
  include Aws::Structure
end

#key_policiesHash<String,String>

Resource policy configuration for the KMS key. The only valid value for the name of the key policy is default. For more information, see Default key policy.

Returns:

  • (Hash<String,String>)


1951
1952
1953
1954
1955
1956
# File 'gems/aws-sdk-accessanalyzer/lib/aws-sdk-accessanalyzer/types.rb', line 1951

class KmsKeyConfiguration < Struct.new(
  :grants,
  :key_policies)
  SENSITIVE = []
  include Aws::Structure
end