Class: Aws::KMS::Types::GrantConstraints
- Inherits:
-
Struct
- Object
- Struct
- Aws::KMS::Types::GrantConstraints
- Includes:
- Structure
- Defined in:
- lib/aws-sdk-kms/types.rb
Overview
When making an API call, you may pass GrantConstraints data as a hash:
{
encryption_context_subset: {
"EncryptionContextKey" => "EncryptionContextValue",
},
encryption_context_equals: {
"EncryptionContextKey" => "EncryptionContextValue",
},
}
A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see [Encryption Context] in the *AWS Key Management Service Developer Guide*.
Grant constraints apply only to operations that accept encryption context as input. For example, the ‘ DescribeKey ` operation does not accept encryption context as input. A grant that allows the `DescribeKey` operation does so regardless of the grant constraints. In constrast, the ` Encrypt ` operation accepts encryption context as input. A grant that allows the `Encrypt` operation does so only when the encryption context of the `Encrypt` operation satisfies the grant constraints.
[1]: docs.aws.amazon.com/kms/latest/developerguide/encryption-context.html
Instance Attribute Summary collapse
-
#encryption_context_equals ⇒ Hash<String,String>
A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows.
-
#encryption_context_subset ⇒ Hash<String,String>
A list of key-value pairs, all of which must be present in the encryption context of certain subsequent operations that the grant allows.
Instance Attribute Details
#encryption_context_equals ⇒ Hash<String,String>
A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list, the grant allows the operation. Otherwise, the grant does not allow the operation.
1623 1624 1625 1626 1627 |
# File 'lib/aws-sdk-kms/types.rb', line 1623 class GrantConstraints < Struct.new( :encryption_context_subset, :encryption_context_equals) include Aws::Structure end |
#encryption_context_subset ⇒ Hash<String,String>
A list of key-value pairs, all of which must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list or is a superset of this list, the grant allows the operation. Otherwise, the grant does not allow the operation.
1623 1624 1625 1626 1627 |
# File 'lib/aws-sdk-kms/types.rb', line 1623 class GrantConstraints < Struct.new( :encryption_context_subset, :encryption_context_equals) include Aws::Structure end |