Learn R Programming
paws.security.identity (version 0.1.12)

kms_list_grants: Gets a list of all grants for the specified customer master key (CMK)

Description

Gets a list of all grants for the specified customer master key (CMK).

The GranteePrincipal field in the list_grants response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an AWS service, the GranteePrincipal field contains the service principal, which might represent several different grantee principals.

Cross-account use: Yes. To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the KeyId parameter.

Required permissions: kms:ListGrants (key policy)

Related operations:

  • create_grant

  • list_retirable_grants

  • retire_grant

  • revoke_grant

Usage

kms_list_grants(Limit, Marker, KeyId)

Value

A list with the following syntax:

list(
  Grants = list(
    list(
      KeyId = "string",
      GrantId = "string",
      Name = "string",
      CreationDate = as.POSIXct(
        "2015-01-01"
      ),
      GranteePrincipal = "string",
      RetiringPrincipal = "string",
      IssuingAccount = "string",
      Operations = list(
        "Decrypt"|"Encrypt"|"GenerateDataKey"|"GenerateDataKeyWithoutPlaintext"|"ReEncryptFrom"|"ReEncryptTo"|"Sign"|"Verify"|"GetPublicKey"|"CreateGrant"|"RetireGrant"|"DescribeKey"|"GenerateDataKeyPair"|"GenerateDataKeyPairWithoutPlaintext"
      ),
      Constraints = list(
        EncryptionContextSubset = list(
          "string"
        ),
        EncryptionContextEquals = list(
          "string"
        )
      )
    )
  ),
  NextMarker = "string",
  Truncated = TRUE|FALSE
)

Arguments

Limit

Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

Marker

Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

KeyId

[required] A unique identifier for the customer master key (CMK).

Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a CMK, use list_keys or describe_key.

Request syntax

svc$list_grants(
  Limit = 123,
  Marker = "string",
  KeyId = "string"
)

Examples

Run this code
if (FALSE) {
# The following example lists grants for the specified CMK.
svc$list_grants(
  KeyId = "1234abcd-12ab-34cd-56ef-1234567890ab"
)
}

Run the code above in your browser using DataLab