Safe Haskell | None |
---|---|
Language | Haskell2010 |
Adds a grant to a key to specify who can access the key and under what
conditions. Grants are alternate permission mechanisms to key policies. If
absent, access to the key is evaluated based on IAM policies attached to the
user. By default, grants do not expire. Grants can be listed, retired, or
revoked as indicated by the following APIs. Typically, when you are finished
using a grant, you retire it. When you want to end a grant immediately,
revoke it. For more information about grants, see Grants. ListGrants
RetireGrant
RevokeGrant
http://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
- data CreateGrant
- createGrant :: Text -> Text -> CreateGrant
- cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints)
- cgGrantTokens :: Lens' CreateGrant [Text]
- cgGranteePrincipal :: Lens' CreateGrant Text
- cgKeyId :: Lens' CreateGrant Text
- cgOperations :: Lens' CreateGrant [GrantOperation]
- cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text)
- data CreateGrantResponse
- createGrantResponse :: CreateGrantResponse
- cgrGrantId :: Lens' CreateGrantResponse (Maybe Text)
- cgrGrantToken :: Lens' CreateGrantResponse (Maybe Text)
Request
data CreateGrant Source
Request constructor
CreateGrant
constructor.
The fields accessible through corresponding lenses are:
Request lenses
cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints) Source
Specifies the conditions under which the actions specified by the Operations
parameter are allowed.
cgGrantTokens :: Lens' CreateGrant [Text] Source
List of grant tokens.
cgGranteePrincipal :: Lens' CreateGrant Text Source
Principal given permission by the grant to use the key identified by the keyId
parameter.
cgKeyId :: Lens' CreateGrant Text Source
A unique key identifier for a customer master key. This value can be a globally unique identifier, an ARN, or an alias.
cgOperations :: Lens' CreateGrant [GrantOperation] Source
List of operations permitted by the grant. This can be any combination of one or more of the following values: Decrypt Encrypt GenerateDataKey GenerateDataKeyWithoutPlaintext ReEncryptFrom ReEncryptTo CreateGrant
cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text) Source
Principal given permission to retire the grant. For more information, see RetireGrant
.
Response
Response constructor
createGrantResponse :: CreateGrantResponse Source
CreateGrantResponse
constructor.
The fields accessible through corresponding lenses are:
Response lenses
cgrGrantId :: Lens' CreateGrantResponse (Maybe Text) Source
Unique grant identifier. You can use the GrantId value to revoke a grant.
cgrGrantToken :: Lens' CreateGrantResponse (Maybe Text) Source
The grant token. A grant token is a string that identifies a grant and which can be used to make a grant take effect immediately. A token contains all of the information necessary to create a grant.