View a markdown version of this page

GrantListEntry - AWS Key Management Service
ContentsSee Also

GrantListEntry

Contains information about a grant.

Contents

Note

In the following list, the required parameters are described first.

Constraints

The constraints on the grant, such as encryption context pairs or a SourceArn, that restrict the subsequent operations the grant allows.

Type: GrantConstraints object

Required: No

CreationDate

The date and time when the grant was created.

Type: Timestamp

Required: No

GranteePrincipal

The identity that gets the permissions in the grant.

When a grant is created with the GranteePrincipal field, the ListGrants response usually contains the user or role designated as the grantee principal in the grant. However, if the grantee principal is an AWS service, the GranteePrincipal field contains an AWS service principal, which might correspond to several different grantee principals, such as an IAM user, IAM role, or AWS account.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^[\w+=,.@:/-]+$

Required: No

GranteeServicePrincipal

The AWS service principal that gets the permissions in the grant.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: ^([A-Za-z0-9\-]+)\.([A-Za-z0-9\-]+)(\.[A-Za-z0-9\-]+)+$

Required: No

GrantId

The unique identifier for the grant.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Required: No

IssuingAccount

The AWS account under which the grant was issued.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^[\w+=,.@:/-]+$

Required: No

KeyId

The unique identifier for the KMS key to which the grant applies.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: No

Name

The friendly name that identifies the grant. If a name was provided in the CreateGrant request, that name is returned. Otherwise this value is null.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^[a-zA-Z0-9:/_-]+$

Required: No

Operations

The list of operations permitted by the grant.

Type: Array of strings

Valid Values: Decrypt | Encrypt | GenerateDataKey | GenerateDataKeyWithoutPlaintext | ReEncryptFrom | ReEncryptTo | Sign | Verify | GetPublicKey | CreateGrant | RetireGrant | DescribeKey | GenerateDataKeyPair | GenerateDataKeyPairWithoutPlaintext | GenerateMac | VerifyMac | DeriveSharedSecret

Required: No

RetiringPrincipal

The principal that can retire the grant.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 256.

Pattern: ^[\w+=,.@:/-]+$

Required: No

RetiringServicePrincipal

The AWS service principal that can retire the grant.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: ^([A-Za-z0-9\-]+)\.([A-Za-z0-9\-]+)(\.[A-Za-z0-9\-]+)+$

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: