| Copyright | (c) 2013-2015 Brendan Hay |
|---|---|
| License | Mozilla Public License, v. 2.0. |
| Maintainer | Brendan Hay <brendan.g.hay@gmail.com> |
| Stability | auto-generated |
| Portability | non-portable (GHC extensions) |
| Safe Haskell | None |
| Language | Haskell2010 |
Network.AWS.KMS.CreateGrant
Description
Adds a grant to a key to specify who can access the key and under what conditions. Grants are alternate permission mechanisms to key policies. For more information about grants, see Grants in the developer guide. If a grant is absent, access to the key is evaluated based on IAM policies attached to the user.
- ListGrants
- RetireGrant
- RevokeGrant
See: AWS API Reference for CreateGrant.
- createGrant :: Text -> Text -> CreateGrant
- data CreateGrant
- cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text)
- cgGrantTokens :: Lens' CreateGrant [Text]
- cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints)
- cgOperations :: Lens' CreateGrant [GrantOperation]
- cgKeyId :: Lens' CreateGrant Text
- cgGranteePrincipal :: Lens' CreateGrant Text
- createGrantResponse :: Int -> CreateGrantResponse
- data CreateGrantResponse
- cgrsGrantId :: Lens' CreateGrantResponse (Maybe Text)
- cgrsGrantToken :: Lens' CreateGrantResponse (Maybe Text)
- cgrsResponseStatus :: Lens' CreateGrantResponse Int
Creating a Request
Arguments
| :: Text | |
| -> Text | |
| -> CreateGrant |
Creates a value of CreateGrant with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data CreateGrant Source
See: createGrant smart constructor.
Request Lenses
cgRetiringPrincipal :: Lens' CreateGrant (Maybe Text) Source
Principal given permission to retire the grant. For more information, see RetireGrant.
cgGrantTokens :: Lens' CreateGrant [Text] Source
For more information, see Grant Tokens.
cgConstraints :: Lens' CreateGrant (Maybe GrantConstraints) Source
Specifies the conditions under which the actions specified by the
Operations parameter are allowed.
cgOperations :: Lens' CreateGrant [GrantOperation] Source
List of operations permitted by the grant. This can be any combination of one or more of the following values:
- Decrypt
- Encrypt
- GenerateDataKey
- GenerateDataKeyWithoutPlaintext
- ReEncryptFrom
- ReEncryptTo
- CreateGrant
- RetireGrant
cgKeyId :: Lens' CreateGrant Text Source
A unique identifier for the customer master key. This value can be a globally unique identifier or the fully specified ARN to a key.
- Key ARN Example - arn:aws:kms:us-east-1:123456789012:key/12345678-1234-1234-1234-123456789012
- Globally Unique Key ID Example - 12345678-1234-1234-1234-123456789012
cgGranteePrincipal :: Lens' CreateGrant Text Source
Principal given permission by the grant to use the key identified by the
keyId parameter.
Destructuring the Response
Arguments
| :: Int | |
| -> CreateGrantResponse |
Creates a value of CreateGrantResponse with the minimum fields required to make a request.
Use one of the following lenses to modify other fields as desired:
data CreateGrantResponse Source
See: createGrantResponse smart constructor.
Response Lenses
cgrsGrantId :: Lens' CreateGrantResponse (Maybe Text) Source
Unique grant identifier. You can use the GrantId value to revoke a grant.
cgrsGrantToken :: Lens' CreateGrantResponse (Maybe Text) Source
For more information, see Grant Tokens.
cgrsResponseStatus :: Lens' CreateGrantResponse Int Source
The response status code.