Copyright | (c) 2013-2015 Brendan Hay |
---|---|
License | Mozilla Public License, v. 2.0. |
Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
Stability | auto-generated |
Portability | non-portable (GHC extensions) |
Safe Haskell | None |
Language | Haskell2010 |
Adds a grant to a key to specify who can access the key and under what conditions. Grants are alternate permission mechanisms to key policies. For more information about grants, see Grants in the developer guide. If a grant is absent, access to the key is evaluated based on IAM policies attached to the user.
- ListGrants
- RetireGrant
- RevokeGrant
See: AWS API Reference for CreateGrant.
- createGrant :: Text -> Text -> CreateGrant
- data CreateGrant
- cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text)
- cgGrantTokens :: Lens' CreateGrant [Text]
- cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints)
- cgOperations :: Lens' CreateGrant [GrantOperation]
- cgKeyId :: Lens' CreateGrant Text
- cgGranteePrincipal :: Lens' CreateGrant Text
- createGrantResponse :: Int -> CreateGrantResponse
- data CreateGrantResponse
- cgrsGrantId :: Lens' CreateGrantResponse (Maybe Text)
- cgrsGrantToken :: Lens' CreateGrantResponse (Maybe Text)
- cgrsResponseStatus :: Lens' CreateGrantResponse Int
Creating a Request
Creates a value of CreateGrant
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data CreateGrant Source
See: createGrant
smart constructor.
Request Lenses
cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text) Source
Principal given permission to retire the grant. For more information, see RetireGrant.
cgGrantTokens :: Lens' CreateGrant [Text] Source
For more information, see Grant Tokens.
cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints) Source
Specifies the conditions under which the actions specified by the
Operations
parameter are allowed.
cgOperations :: Lens' CreateGrant [GrantOperation] Source
List of operations permitted by the grant. This can be any combination of one or more of the following values:
- Decrypt
- Encrypt
- GenerateDataKey
- GenerateDataKeyWithoutPlaintext
- ReEncryptFrom
- ReEncryptTo
- CreateGrant
- RetireGrant
cgKeyId :: Lens' CreateGrant Text Source
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key.
- Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
- Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
cgGranteePrincipal :: Lens' CreateGrant Text Source
Principal given permission by the grant to use the key identified by the
keyId
parameter.
Destructuring the Response
Creates a value of CreateGrantResponse
with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data CreateGrantResponse Source
See: createGrantResponse
smart constructor.
Response Lenses
cgrsGrantId :: Lens' CreateGrantResponse (Maybe Text) Source
Unique grant identifier. You can use the GrantId value to revoke a grant.
cgrsGrantToken :: Lens' CreateGrantResponse (Maybe Text) Source
For more information, see Grant Tokens.
cgrsResponseStatus :: Lens' CreateGrantResponse Int Source
The response status code.