KmsGrantConfiguration
A proposed grant configuration for a KMS key. For more information, see CreateGrant.
Contents
- granteePrincipal
-
The principal that is given permission to perform the operations that the grant permits.
Type: String
Required: Yes
- issuingAccount
-
The Amazon Web Services account under which the grant was issued. The account is used to propose Amazon KMS grants issued by accounts other than the owner of the key.
Type: String
Required: Yes
- operations
-
A list of operations that the grant permits.
Type: Array of strings
Valid Values:
CreateGrant | Decrypt | DescribeKey | Encrypt | GenerateDataKey | GenerateDataKeyPair | GenerateDataKeyPairWithoutPlaintext | GenerateDataKeyWithoutPlaintext | GetPublicKey | ReEncryptFrom | ReEncryptTo | RetireGrant | Sign | Verify
Required: Yes
- constraints
-
Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context.
Type: KmsGrantConstraints object
Required: No
- retiringPrincipal
-
The principal that is given permission to retire the grant by using RetireGrant operation.
Type: String
Required: No
See Also
For more information about using this API in one of the language-specific Amazon SDKs, see the following: