Amazon IAM Access Analyzer · Schema

KmsGrantConfigurationsList

KmsGrantConfigurationsList schema from AWS IAM Access Analyzer API

Access ControlComplianceIAMPolicy ManagementSecurity
View JSON Schema on GitHub

JSON Schema

iam-access-analyzer-kms-grant-configurations-list-schema.json Raw ↑ 
{
  "$schema": "https://json-schema.org/draft/2020-12/schema",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-access-analyzer/refs/heads/main/json-schema/iam-access-analyzer-kms-grant-configurations-list-schema.json",
  "title": "KmsGrantConfigurationsList",
  "description": "KmsGrantConfigurationsList schema from AWS IAM Access Analyzer API",
  "type": "array",
  "items": {
    "type": "object",
    "required": [
      "operations",
      "granteePrincipal",
      "issuingAccount"
    ],
    "properties": {
      "operations": {
        "allOf": [
          {
            "$ref": "#/components/schemas/KmsGrantOperationsList"
          },
          {
            "description": "A list of operations that the grant permits."
          }
        ]
      },
      "granteePrincipal": {
        "allOf": [
          {
            "$ref": "#/components/schemas/GranteePrincipal"
          },
          {
            "description": "The principal that is given permission to perform the operations that the grant permits."
          }
        ]
      },
      "retiringPrincipal": {
        "allOf": [
          {
            "$ref": "#/components/schemas/RetiringPrincipal"
          },
          {
            "description": "The principal that is given permission to retire the grant by using <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html\">RetireGrant</a> operation."
          }
        ]
      },
      "constraints": {
        "allOf": [
          {
            "$ref": "#/components/schemas/KmsGrantConstraints"
          },
          {
            "description": "Use this structure to propose allowing <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> in the grant only when the operation request includes the specified <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">encryption context</a>."
          }
        ]
      },
      "issuingAccount": {
        "allOf": [
          {
            "$ref": "#/components/schemas/IssuingAccount"
          },
          {
            "description": " The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key."
          }
        ]
      }
    },
    "description": "A proposed grant configuration for a KMS key. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html\">CreateGrant</a>."
  }
}