| Safe Haskell | None |
|---|---|
| Language | Haskell2010 |
Network.AWS.KMS.CreateGrant
Description
Adds a grant to a key to specify who can access the key and under what
conditions. Grants are alternate permission mechanisms to key policies. For
more information about grants, see Grants in the developer guide. If a grant
is absent, access to the key is evaluated based on IAM policies attached to
the user. ListGrants RetireGrant RevokeGrant
http://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html
- data CreateGrant
- createGrant :: Text -> Text -> CreateGrant
- cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints)
- cgGrantTokens :: Lens' CreateGrant [Text]
- cgGranteePrincipal :: Lens' CreateGrant Text
- cgKeyId :: Lens' CreateGrant Text
- cgOperations :: Lens' CreateGrant [GrantOperation]
- cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text)
- data CreateGrantResponse
- createGrantResponse :: CreateGrantResponse
- cgrGrantId :: Lens' CreateGrantResponse (Maybe Text)
- cgrGrantToken :: Lens' CreateGrantResponse (Maybe Text)
Request
data CreateGrant Source
Request constructor
Arguments
| :: Text | |
| -> Text | |
| -> CreateGrant |
CreateGrant constructor.
The fields accessible through corresponding lenses are:
Request lenses
cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints) Source
Specifies the conditions under which the actions specified by the Operations
parameter are allowed.
cgGrantTokens :: Lens' CreateGrant [Text] Source
For more information, see Grant Tokens.
cgGranteePrincipal :: Lens' CreateGrant Text Source
Principal given permission by the grant to use the key identified by the keyId
parameter.
cgKeyId :: Lens' CreateGrant Text Source
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key. Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012 Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
cgOperations :: Lens' CreateGrant [GrantOperation] Source
List of operations permitted by the grant. This can be any combination of one or more of the following values: Decrypt Encrypt GenerateDataKey GenerateDataKeyWithoutPlaintext ReEncryptFrom ReEncryptTo CreateGrant RetireGrant
cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text) Source
Principal given permission to retire the grant. For more information, see RetireGrant.
Response
Response constructor
createGrantResponse :: CreateGrantResponse Source
CreateGrantResponse constructor.
The fields accessible through corresponding lenses are:
Response lenses
cgrGrantId :: Lens' CreateGrantResponse (Maybe Text) Source
Unique grant identifier. You can use the GrantId value to revoke a grant.
cgrGrantToken :: Lens' CreateGrantResponse (Maybe Text) Source
For more information, see Grant Tokens.