Class: Aws::AccessAnalyzer::Types::KmsGrantConfiguration

Inherits:

Struct

• Object
• Struct
• Aws::AccessAnalyzer::Types::KmsGrantConfiguration

Includes:

Structure

Defined in:

lib/aws-sdk-accessanalyzer/types.rb

Overview

A proposed grant configuration for a KMS key. For more information, see [CreateGrant].

[1]: docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html

See Also:

• AWS API Documentation

Constant Summary

SENSITIVE =

[]

Instance Attribute Summary

• #constraints ⇒ Types::KmsGrantConstraints

  Use this structure to propose allowing [cryptographic operations] in the grant only when the operation request includes the specified [encryption context].

• #grantee_principal ⇒ String

  The principal that is given permission to perform the operations that the grant permits.

• #issuing_account ⇒ String

  The Amazon Web Services account under which the grant was issued.

• #operations ⇒ Array<String>

  A list of operations that the grant permits.

• #retiring_principal ⇒ String

  The principal that is given permission to retire the grant by using [RetireGrant] operation.

Instance Attribute Details

#constraints ⇒ Types::KmsGrantConstraints

Use this structure to propose allowing [cryptographic operations] in the grant only when the operation request includes the specified [encryption context].

[1]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations [2]: docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context

Returns:

• (Types::KmsGrantConstraints)

# File 'lib/aws-sdk-accessanalyzer/types.rb', line 3050

class KmsGrantConfiguration < Struct.new(
  :operations,
  :grantee_principal,
  :retiring_principal,
  :constraints,
  :issuing_account)
  SENSITIVE = []
  include Aws::Structure
end

#grantee_principal ⇒ String

The principal that is given permission to perform the operations that the grant permits.

Returns:

• (String)

# File 'lib/aws-sdk-accessanalyzer/types.rb', line 3050

class KmsGrantConfiguration < Struct.new(
  :operations,
  :grantee_principal,
  :retiring_principal,
  :constraints,
  :issuing_account)
  SENSITIVE = []
  include Aws::Structure
end

#issuing_account ⇒ String

The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key.

Returns:

• (String)

# File 'lib/aws-sdk-accessanalyzer/types.rb', line 3050

class KmsGrantConfiguration < Struct.new(
  :operations,
  :grantee_principal,
  :retiring_principal,
  :constraints,
  :issuing_account)
  SENSITIVE = []
  include Aws::Structure
end

#operations ⇒ Array<String>

A list of operations that the grant permits.

Returns:

• (Array<String>)

# File 'lib/aws-sdk-accessanalyzer/types.rb', line 3050

class KmsGrantConfiguration < Struct.new(
  :operations,
  :grantee_principal,
  :retiring_principal,
  :constraints,
  :issuing_account)
  SENSITIVE = []
  include Aws::Structure
end

#retiring_principal ⇒ String

The principal that is given permission to retire the grant by using

RetireGrant][1

operation.

[1]: docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html

Returns:

• (String)

# File 'lib/aws-sdk-accessanalyzer/types.rb', line 3050

class KmsGrantConfiguration < Struct.new(
  :operations,
  :grantee_principal,
  :retiring_principal,
  :constraints,
  :issuing_account)
  SENSITIVE = []
  include Aws::Structure
end