GrantListEntry - AWS Key Management Service

GrantListEntry

Contains information about a grant.

Contents

Note

In the following list, the required parameters are described first.

Constraints

A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.

Type: GrantConstraints object

Required: No

CreationDate

The date and time when the grant was created.

Type: Timestamp

Required: No

GranteePrincipal

The identity that gets the permissions in the grant.

The GranteePrincipal field in the ListGrants response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an AWS service, the GranteePrincipal field contains the service principal, which might represent several different grantee principals.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^[\w+=,.@:/-]+$

Required: No

GrantId

The unique identifier for the grant.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Required: No

IssuingAccount

The AWS account under which the grant was issued.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^[\w+=,.@:/-]+$

Required: No

KeyId

The unique identifier for the KMS key to which the grant applies.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

Name

The friendly name that identifies the grant. If a name was provided in the CreateGrant request, that name is returned. Otherwise this value is null.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^[a-zA-Z0-9:/_-]+$

Required: No

Operations

The list of operations permitted by the grant.

Type: Array of strings

Valid Values: Decrypt | Encrypt | GenerateDataKey | GenerateDataKeyWithoutPlaintext | ReEncryptFrom | ReEncryptTo | Sign | Verify | GetPublicKey | CreateGrant | RetireGrant | DescribeKey | GenerateDataKeyPair | GenerateDataKeyPairWithoutPlaintext | GenerateMac | VerifyMac | DeriveSharedSecret

Required: No

RetiringPrincipal

The principal that can retire the grant.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^[\w+=,.@:/-]+$

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: