Amazon IAM Access Analyzer · Schema

KmsGrantConfiguration

A proposed grant configuration for a KMS key. For more information, see CreateGrant.

Access ControlComplianceIAMPolicy ManagementSecurity

Properties

Name Type Description
operations object
granteePrincipal object
retiringPrincipal object
constraints object
issuingAccount object
View JSON Schema on GitHub

JSON Schema

iam-access-analyzer-kms-grant-configuration-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-access-analyzer/refs/heads/main/json-schema/iam-access-analyzer-kms-grant-configuration-schema.json",
  "title": "KmsGrantConfiguration",
  "description": "A proposed grant configuration for a KMS key. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html\">CreateGrant</a>.",
  "type": "object",
  "properties": {
    "operations": {
      "allOf": [
        {
          "$ref": "#/components/schemas/KmsGrantOperationsList"
        },
        {
          "description": "A list of operations that the grant permits."
        }
      ]
    },
    "granteePrincipal": {
      "allOf": [
        {
          "$ref": "#/components/schemas/GranteePrincipal"
        },
        {
          "description": "The principal that is given permission to perform the operations that the grant permits."
        }
      ]
    },
    "retiringPrincipal": {
      "allOf": [
        {
          "$ref": "#/components/schemas/RetiringPrincipal"
        },
        {
          "description": "The principal that is given permission to retire the grant by using <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html\">RetireGrant</a> operation."
        }
      ]
    },
    "constraints": {
      "allOf": [
        {
          "$ref": "#/components/schemas/KmsGrantConstraints"
        },
        {
          "description": "Use this structure to propose allowing <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> in the grant only when the operation request includes the specified <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">encryption context</a>."
        }
      ]
    },
    "issuingAccount": {
      "allOf": [
        {
          "$ref": "#/components/schemas/IssuingAccount"
        },
        {
          "description": " The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key."
        }
      ]
    }
  },
  "required": [
    "operations",
    "granteePrincipal",
    "issuingAccount"
  ]
}