Amazon IAM Access Analyzer · JSON Structure

Iam Access Analyzer Kms Grant Configurations List Structure

KmsGrantConfigurationsList schema from AWS IAM Access Analyzer API

Type: array Properties: 0
Access ControlComplianceIAMPolicy ManagementSecurity

KmsGrantConfigurationsList is a JSON Structure definition published by Amazon IAM Access Analyzer. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-access-analyzer/refs/heads/main/json-structure/iam-access-analyzer-kms-grant-configurations-list-structure.json",
  "name": "KmsGrantConfigurationsList",
  "description": "KmsGrantConfigurationsList schema from AWS IAM Access Analyzer API",
  "type": "array",
  "items": {
    "type": "object",
    "required": [
      "operations",
      "granteePrincipal",
      "issuingAccount"
    ],
    "properties": {
      "operations": {
        "allOf": [
          {
            "$ref": "#/components/schemas/KmsGrantOperationsList"
          },
          {
            "description": "A list of operations that the grant permits."
          }
        ]
      },
      "granteePrincipal": {
        "allOf": [
          {
            "$ref": "#/components/schemas/GranteePrincipal"
          },
          {
            "description": "The principal that is given permission to perform the operations that the grant permits."
          }
        ]
      },
      "retiringPrincipal": {
        "allOf": [
          {
            "$ref": "#/components/schemas/RetiringPrincipal"
          },
          {
            "description": "The principal that is given permission to retire the grant by using <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_RetireGrant.html\">RetireGrant</a> operation."
          }
        ]
      },
      "constraints": {
        "allOf": [
          {
            "$ref": "#/components/schemas/KmsGrantConstraints"
          },
          {
            "description": "Use this structure to propose allowing <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#cryptographic-operations\">cryptographic operations</a> in the grant only when the operation request includes the specified <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#encrypt_context\">encryption context</a>."
          }
        ]
      },
      "issuingAccount": {
        "allOf": [
          {
            "$ref": "#/components/schemas/IssuingAccount"
          },
          {
            "description": " The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key."
          }
        ]
      }
    },
    "description": "A proposed grant configuration for a KMS key. For more information, see <a href=\"https://docs.aws.amazon.com/kms/latest/APIReference/API_CreateGrant.html\">CreateGrant</a>."
  }
}