Class: Aws::AccessAnalyzer::Types::KmsGrantConstraints

Inherits:

Struct

• Object
• Struct
• Aws::AccessAnalyzer::Types::KmsGrantConstraints

Includes:

Structure

Defined in:

lib/aws-sdk-accessanalyzer/types.rb

Overview

Use this structure to propose allowing [cryptographic operations] in the grant only when the operation request includes the specified [encryption context]. You can specify only one type of encryption context. An empty map is treated as not specified. For more information, see [GrantConstraints].

[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations [2]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context [3]: docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #encryption_context_equals ⇒ Hash<String,String>

  A list of key-value pairs that must match the encryption context in the [cryptographic operation] request.

• #encryption_context_subset ⇒ Hash<String,String>

  A list of key-value pairs that must be included in the encryption context of the [cryptographic operation] request.

Instance Attribute Details

#encryption_context_equals ⇒ Hash<String,String>

A list of key-value pairs that must match the encryption context in the [cryptographic operation] request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.

[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations

Returns:

• (Hash<String,String>)

# File 'lib/aws-sdk-accessanalyzer/types.rb', line 2489

class KmsGrantConstraints < Struct.new(
  :encryption_context_equals,
  :encryption_context_subset)
  SENSITIVE = []
  include Aws::Structure
end

#encryption_context_subset ⇒ Hash<String,String>

A list of key-value pairs that must be included in the encryption context of the [cryptographic operation] request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.

[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations

Returns:

• (Hash<String,String>)

# File 'lib/aws-sdk-accessanalyzer/types.rb', line 2489

class KmsGrantConstraints < Struct.new(
  :encryption_context_equals,
  :encryption_context_subset)
  SENSITIVE = []
  include Aws::Structure
end