Class: Aws::AccessAnalyzer::Types::KmsGrantConstraints
- Inherits:
-
Struct
- Object
- Struct
- Aws::AccessAnalyzer::Types::KmsGrantConstraints
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-accessanalyzer/types.rb
Overview
Use this structure to propose allowing [cryptographic operations] in the grant only when the operation request includes the specified [encryption context]. You can specify only one type of encryption context. An empty map is treated as not specified. For more information, see [GrantConstraints].
[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations [2]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context [3]: docs.aws.amazon.com/kms/latest/APIReference/API_GrantConstraints.html
Constant Summary collapse
- SENSITIVE =
[]
Instance Attribute Summary collapse
-
#encryption_context_equals ⇒ Hash<String,String>
A list of key-value pairs that must match the encryption context in the [cryptographic operation] request.
-
#encryption_context_subset ⇒ Hash<String,String>
A list of key-value pairs that must be included in the encryption context of the [cryptographic operation] request.
Instance Attribute Details
#encryption_context_equals ⇒ Hash<String,String>
A list of key-value pairs that must match the encryption context in the [cryptographic operation] request. The grant allows the operation only when the encryption context in the request is the same as the encryption context specified in this constraint.
[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
2574 2575 2576 2577 2578 2579 |
# File 'lib/aws-sdk-accessanalyzer/types.rb', line 2574 class KmsGrantConstraints < Struct.new( :encryption_context_equals, :encryption_context_subset) SENSITIVE = [] include Aws::Structure end |
#encryption_context_subset ⇒ Hash<String,String>
A list of key-value pairs that must be included in the encryption context of the [cryptographic operation] request. The grant allows the cryptographic operation only when the encryption context in the request includes the key-value pairs specified in this constraint, although it can include additional key-value pairs.
[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations
2574 2575 2576 2577 2578 2579 |
# File 'lib/aws-sdk-accessanalyzer/types.rb', line 2574 class KmsGrantConstraints < Struct.new( :encryption_context_equals, :encryption_context_subset) SENSITIVE = [] include Aws::Structure end |