AWS SDK Version 3 for .NET
API Reference

AWS services or capabilities described in AWS Documentation may vary by region/location. Click Getting Started with Amazon AWS to see specific differences applicable to the China (Beijing) Region.

Returns a list of all grants for which the grant's RetiringPrincipal matches the one specified.

A typical use is to list all grants that you are able to retire. To retire a grant, use RetireGrant.


For .NET Core this operation is only available in asynchronous form. Please refer to ListRetirableGrantsAsync.

Namespace: Amazon.KeyManagementService
Assembly: AWSSDK.KeyManagementService.dll
Version: 3.x.y.z


public virtual ListRetirableGrantsResponse ListRetirableGrants(
         ListRetirableGrantsRequest request
Type: Amazon.KeyManagementService.Model.ListRetirableGrantsRequest

Container for the necessary parameters to execute the ListRetirableGrants service method.

Return Value
The response from the ListRetirableGrants service method, as returned by KeyManagementService.


DependencyTimeoutException The system timed out while trying to fulfill the request. The request can be retried.
InvalidArnException The request was rejected because a specified ARN, or an ARN in a key policy, is not valid.
InvalidMarkerException The request was rejected because the marker that specifies where pagination should next begin is not valid.
KMSInternalException The request was rejected because an internal exception occurred. The request can be retried.
NotFoundException The request was rejected because the specified entity or resource could not be found.


The following example lists the grants that the specified principal (identity) can retire.

To list grants that the specified principal can retire

var response = client.ListRetirableGrants(new ListRetirableGrantsRequest 
    RetiringPrincipal = "arn:aws:iam::111122223333:role/ExampleRole" // The retiring principal whose grants you want to list. Use the Amazon Resource Name (ARN) of an AWS principal such as an AWS account (root), IAM user, federated user, or assumed role user.

List<GrantListEntry> grants = response.Grants; // A list of grants that the specified principal can retire.
bool truncated = response.Truncated; // A boolean that indicates whether there are more items in the list. Returns true when there are more items, or false when there are not.


Version Information

.NET Framework:
Supported in: 4.5, 4.0, 3.5

See Also