Amazon IAM Access Analyzer · JSON Structure

Iam Access Analyzer Kms Grant Configuration Structure

A proposed grant configuration for a KMS key. For more information, see CreateGrant.

Type: object Properties: 5 Required: 3
Access ControlComplianceIAMPolicy ManagementSecurity

KmsGrantConfiguration is a JSON Structure definition published by Amazon IAM Access Analyzer, describing 5 properties, of which 3 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

operations granteePrincipal retiringPrincipal constraints issuingAccount

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-access-analyzer/refs/heads/main/json-structure/iam-access-analyzer-kms-grant-configuration-structure.json",
  "name": "KmsGrantConfiguration",
  "description": "A proposed grant configuration for a KMS key. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html\">CreateGrant</a>.",
  "type": "object",
  "properties": {
    "operations": {
      "allOf": [
        {
          "$ref": "#/components/schemas/KmsGrantOperationsList"
        },
        {
          "description": "A list of operations that the grant permits."
        }
      ]
    },
    "granteePrincipal": {
      "allOf": [
        {
          "$ref": "#/components/schemas/GranteePrincipal"
        },
        {
          "description": "The principal that is given permission to perform the operations that the grant permits."
        }
      ]
    },
    "retiringPrincipal": {
      "allOf": [
        {
          "$ref": "#/components/schemas/RetiringPrincipal"
        },
        {
          "description": "The principal that is given permission to retire the grant by using <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html\">RetireGrant</a> operation."
        }
      ]
    },
    "constraints": {
      "allOf": [
        {
          "$ref": "#/components/schemas/KmsGrantConstraints"
        },
        {
          "description": "Use this structure to propose allowing <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> in the grant only when the operation request includes the specified <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">encryption context</a>."
        }
      ]
    },
    "issuingAccount": {
      "allOf": [
        {
          "$ref": "#/components/schemas/IssuingAccount"
        },
        {
          "description": " The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key."
        }
      ]
    }
  },
  "required": [
    "operations",
    "granteePrincipal",
    "issuingAccount"
  ]
}