Class: Aws::KMS::Types::CreateGrantRequest
- Inherits:
-
Struct
- Object
- Struct
- Aws::KMS::Types::CreateGrantRequest
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-kms/types.rb
Overview
When making an API call, you may pass CreateGrantRequest data as a hash:
{
key_id: "KeyIdType", # required
grantee_principal: "PrincipalIdType", # required
retiring_principal: "PrincipalIdType",
operations: ["Decrypt"], # required, accepts Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey
constraints: {
encryption_context_subset: {
"EncryptionContextKey" => "EncryptionContextValue",
},
encryption_context_equals: {
"EncryptionContextKey" => "EncryptionContextValue",
},
},
grant_tokens: ["GrantTokenType"],
name: "GrantNameType",
}
Instance Attribute Summary collapse
-
#constraints ⇒ Types::GrantConstraints
A structure that you can use to allow certain operations in the grant only when the desired encryption context is present.
-
#grant_tokens ⇒ Array<String>
A list of grant tokens.
-
#grantee_principal ⇒ String
The principal that is given permission to perform the operations that the grant permits.
-
#key_id ⇒ String
The unique identifier for the customer master key (CMK) that the grant applies to.
-
#name ⇒ String
A friendly name for identifying the grant.
-
#operations ⇒ Array<String>
A list of operations that the grant permits.
-
#retiring_principal ⇒ String
The principal that is given permission to retire the grant by using RetireGrant operation.
Instance Attribute Details
#constraints ⇒ Types::GrantConstraints
A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context] in the *AWS Key Management Service Developer Guide*.
[1]: docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html
235 236 237 238 239 240 241 242 243 244 |
# File 'lib/aws-sdk-kms/types.rb', line 235 class CreateGrantRequest < Struct.new( :key_id, :grantee_principal, :retiring_principal, :operations, :constraints, :grant_tokens, :name) include Aws::Structure end |
#grant_tokens ⇒ Array<String>
A list of grant tokens.
For more information, see [Grant Tokens] in the *AWS Key Management Service Developer Guide*.
[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#grant_token
235 236 237 238 239 240 241 242 243 244 |
# File 'lib/aws-sdk-kms/types.rb', line 235 class CreateGrantRequest < Struct.new( :key_id, :grantee_principal, :retiring_principal, :operations, :constraints, :grant_tokens, :name) include Aws::Structure end |
#grantee_principal ⇒ String
The principal that is given permission to perform the operations that the grant permits.
To specify the principal, use the [Amazon Resource Name (ARN)] of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, IAM roles, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see
- AWS Identity and Access Management (IAM)][2
-
in the Example ARNs
section of the *AWS General Reference*.
[1]: docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html [2]: docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
235 236 237 238 239 240 241 242 243 244 |
# File 'lib/aws-sdk-kms/types.rb', line 235 class CreateGrantRequest < Struct.new( :key_id, :grantee_principal, :retiring_principal, :operations, :constraints, :grant_tokens, :name) include Aws::Structure end |
#key_id ⇒ String
The unique identifier for the customer master key (CMK) that the grant applies to.
Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.
For example:
-
Key ID: ‘1234abcd-12ab-34cd-56ef-1234567890ab`
-
Key ARN: ‘arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab`
To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.
235 236 237 238 239 240 241 242 243 244 |
# File 'lib/aws-sdk-kms/types.rb', line 235 class CreateGrantRequest < Struct.new( :key_id, :grantee_principal, :retiring_principal, :operations, :constraints, :grant_tokens, :name) include Aws::Structure end |
#name ⇒ String
A friendly name for identifying the grant. Use this value to prevent the unintended creation of duplicate grants when retrying this request.
When this value is absent, all ‘CreateGrant` requests result in a new grant with a unique `GrantId` even if all the supplied parameters are identical. This can result in unintended duplicates when you retry the `CreateGrant` request.
When this value is present, you can retry a ‘CreateGrant` request with identical parameters; if the grant already exists, the original `GrantId` is returned without creating a new grant. Note that the returned grant token is unique with every `CreateGrant` request, even when a duplicate `GrantId` is returned. All grant tokens obtained in this way can be used interchangeably.
235 236 237 238 239 240 241 242 243 244 |
# File 'lib/aws-sdk-kms/types.rb', line 235 class CreateGrantRequest < Struct.new( :key_id, :grantee_principal, :retiring_principal, :operations, :constraints, :grant_tokens, :name) include Aws::Structure end |
#operations ⇒ Array<String>
A list of operations that the grant permits.
235 236 237 238 239 240 241 242 243 244 |
# File 'lib/aws-sdk-kms/types.rb', line 235 class CreateGrantRequest < Struct.new( :key_id, :grantee_principal, :retiring_principal, :operations, :constraints, :grant_tokens, :name) include Aws::Structure end |
#retiring_principal ⇒ String
The principal that is given permission to retire the grant by using RetireGrant operation.
To specify the principal, use the [Amazon Resource Name (ARN)] of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax to use for specifying a principal, see [AWS Identity and Access Management (IAM)] in the Example ARNs section of the *AWS General Reference*.
[1]: docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html [2]: docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html#arn-syntax-iam
235 236 237 238 239 240 241 242 243 244 |
# File 'lib/aws-sdk-kms/types.rb', line 235 class CreateGrantRequest < Struct.new( :key_id, :grantee_principal, :retiring_principal, :operations, :constraints, :grant_tokens, :name) include Aws::Structure end |