Learn R Programming
paws.security.identity (version 0.1.12)

kms_list_retirable_grants: Returns all grants in which the specified principal is the RetiringPrincipal in the grant

Description

Returns all grants in which the specified principal is the RetiringPrincipal in the grant.

You can specify any principal in your AWS account. The grants that are returned include grants for CMKs in your AWS account and other AWS accounts.

You might use this operation to determine which grants you may retire. To retire a grant, use the retire_grant operation.

Cross-account use: You must specify a principal in your AWS account. However, this operation can return grants in any AWS account. You do not need kms:ListRetirableGrants permission (or any other additional permission) in any AWS account other than your own.

Required permissions: kms:ListRetirableGrants (IAM policy) in your AWS account.

Related operations:

  • create_grant

  • list_grants

  • retire_grant

  • revoke_grant

Usage

kms_list_retirable_grants(Limit, Marker, RetiringPrincipal)

Value

A list with the following syntax:

list(
  Grants = list(
    list(
      KeyId = "string",
      GrantId = "string",
      Name = "string",
      CreationDate = as.POSIXct(
        "2015-01-01"
      ),
      GranteePrincipal = "string",
      RetiringPrincipal = "string",
      IssuingAccount = "string",
      Operations = list(
        "Decrypt"|"Encrypt"|"GenerateDataKey"|"GenerateDataKeyWithoutPlaintext"|"ReEncryptFrom"|"ReEncryptTo"|"Sign"|"Verify"|"GetPublicKey"|"CreateGrant"|"RetireGrant"|"DescribeKey"|"GenerateDataKeyPair"|"GenerateDataKeyPairWithoutPlaintext"
      ),
      Constraints = list(
        EncryptionContextSubset = list(
          "string"
        ),
        EncryptionContextEquals = list(
          "string"
        )
      )
    )
  ),
  NextMarker = "string",
  Truncated = TRUE|FALSE
)

Arguments

Limit

Use this parameter to specify the maximum number of items to return. When this value is present, AWS KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

Marker

Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

RetiringPrincipal

[required] The retiring principal for which to list grants. Enter a principal in your AWS account.

To specify the retiring principal, use the Amazon Resource Name (ARN) of an AWS principal. Valid AWS principals include AWS accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see AWS Identity and Access Management (IAM) in the Example ARNs section of the Amazon Web Services General Reference.

Request syntax

svc$list_retirable_grants(
  Limit = 123,
  Marker = "string",
  RetiringPrincipal = "string"
)

Examples

Run this code
if (FALSE) {
# The following example lists the grants that the specified principal
# (identity) can retire.
svc$list_retirable_grants(
  RetiringPrincipal = "arn:aws:iam::111122223333:role/ExampleRole"
)
}

Run the code above in your browser using DataLab