Class GrantArgs

Inheritance

System.Object

InputArgs

ResourceArgs

GrantArgs

Inherited Members

ResourceArgs.Empty

System.Object.Equals(System.Object)

System.Object.Equals(System.Object, System.Object)

System.Object.GetHashCode()

System.Object.GetType()

System.Object.MemberwiseClone()

System.Object.ReferenceEquals(System.Object, System.Object)

System.Object.ToString()

Namespace: Pulumi.Aws.Kms

Assembly: Pulumi.Aws.dll

Syntax

public sealed class GrantArgs : ResourceArgs

Constructors

View Source

GrantArgs()

Declaration

public GrantArgs()

Properties

View Source

Constraints

A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see Encryption Context.

Declaration

public InputList<GrantConstraintArgs> Constraints { get; set; }

Property Value

Type	Description
InputList<GrantConstraintArgs>

View Source

GrantCreationTokens

A list of grant tokens to be used when creating the grant. See Grant Tokens for more information about grant tokens.

Declaration

public InputList<string> GrantCreationTokens { get; set; }

Property Value

Type	Description
InputList<System.String>

View Source

GranteePrincipal

The principal that is given permission to perform the operations that the grant permits in ARN format. Note that due to eventual consistency issues around IAM principals, the state may not always be refreshed to reflect what is true in AWS.

Declaration

public Input<string> GranteePrincipal { get; set; }

Property Value

Type	Description
Input<System.String>

View Source

KeyId

The unique identifier for the customer master key (CMK) that the grant applies to. Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.

Declaration

public Input<string> KeyId { get; set; }

Property Value

Type	Description
Input<System.String>

View Source

Name

A friendly name for identifying the grant.

Declaration

public Input<string> Name { get; set; }

Property Value

Type	Description
Input<System.String>

View Source

Operations

A list of operations that the grant permits. The permitted values are: Decrypt, Encrypt, GenerateDataKey, GenerateDataKeyWithoutPlaintext, ReEncryptFrom, ReEncryptTo, CreateGrant, RetireGrant, DescribeKey

Declaration

public InputList<string> Operations { get; set; }

Property Value

Type	Description
InputList<System.String>

View Source

RetireOnDelete

-(Defaults to false, Forces new resources) If set to false (the default) the grants will be revoked upon deletion, and if set to true the grants will try to be retired upon deletion. Note that retiring grants requires special permissions, hence why we default to revoking grants. See RetireGrant for more information.

Declaration

public Input<bool> RetireOnDelete { get; set; }

Property Value

Type	Description
Input<System.Boolean>

View Source

RetiringPrincipal

The principal that is given permission to retire the grant by using RetireGrant operation in ARN format. Note that due to eventual consistency issues around IAM principals, the state may not always be refreshed to reflect what is true in AWS.

Declaration

public Input<string> RetiringPrincipal { get; set; }

Property Value

Type	Description
Input<System.String>