class KeyGrants
| Language | Type name |
|---|---|
 .NET | Amazon.CDK.AWS.KMS.KeyGrants |
 Go | github.com/aws/aws-cdk-go/awscdk/v2/awskms#KeyGrants |
 Java | software.amazon.awscdk.services.kms.KeyGrants |
 Python | aws_cdk.aws_kms.KeyGrants |
 TypeScript (source) | aws-cdk-lib » aws_kms » KeyGrants |
Collection of grant methods for an IKey.
Example
// The code below shows an example of how to instantiate this type.
// The values are placeholders you should change.
import { aws_kms as kms } from 'aws-cdk-lib';
import { aws_kms as interfaces_kms } from 'aws-cdk-lib/interfaces';
declare const keyRef: interfaces_kms.IKeyRef;
const keyGrants = kms.KeyGrants.fromKey(keyRef, /* all optional props */ false);
Properties
| Name | Type | Description |
|---|---|---|
| resource | IKey |
resource
Type:
IKey
Methods
| Name | Description |
|---|---|
| actions(grantee, ...actions) | Grant the indicated permissions on this key to the given principal. |
| decrypt(grantee) | Grant decryption permissions using this key to the given principal. |
| encrypt(grantee) | Grant encryption permissions using this key to the given principal. |
| encrypt | Grant encryption and decryption permissions using this key to the given principal. |
| generate | Grant permissions to generating MACs to the given principal. |
| sign(grantee) | Grant sign permissions using this key to the given principal. |
| sign | Grant sign and verify permissions using this key to the given principal. |
| verify(grantee) | Grant verify permissions using this key to the given principal. |
| verify | Grant permissions to verifying MACs to the given principal. |
| static from | Creates grants for an IKeyRef. |
actions(grantee, ...actions)
public actions(grantee: IGrantable, ...actions: string[]): Grant
Parameters
- grantee
IGrantable - actions
string
Returns
Grant the indicated permissions on this key to the given principal.
This modifies both the principal's policy as well as the resource policy, since the default CloudFormation setup for KMS keys is that the policy must not be empty and so default grants won't work.
decrypt(grantee)
public decrypt(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant decryption permissions using this key to the given principal.
encrypt(grantee)
public encrypt(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant encryption permissions using this key to the given principal.
encryptDecrypt(grantee)
public encryptDecrypt(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant encryption and decryption permissions using this key to the given principal.
generateMac(grantee)
public generateMac(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant permissions to generating MACs to the given principal.
sign(grantee)
public sign(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant sign permissions using this key to the given principal.
signVerify(grantee)
public signVerify(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant sign and verify permissions using this key to the given principal.
verify(grantee)
public verify(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant verify permissions using this key to the given principal.
verifyMac(grantee)
public verifyMac(grantee: IGrantable): Grant
Parameters
- grantee
IGrantable
Returns
Grant permissions to verifying MACs to the given principal.
static fromKey(resource, trustAccountIdentities?)
public static fromKey(resource: IKeyRef, trustAccountIdentities?: boolean): KeyGrants
Parameters
- resource
IKeyRef - trustAccountIdentities
boolean
Returns
Creates grants for an IKeyRef.