Skip to content

Commit daf9605

Browse files
author
AWS
committed
AWS Key Management Service Update: Adds support for filtering grants by grant ID and grantee principal in ListGrants requests to AWS KMS.
1 parent c64762d commit daf9605

File tree

2 files changed

+21
-12
lines changed

2 files changed

+21
-12
lines changed
Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
{
2+
"type": "feature",
3+
"category": "AWS Key Management Service",
4+
"contributor": "",
5+
"description": "Adds support for filtering grants by grant ID and grantee principal in ListGrants requests to AWS KMS."
6+
}

services/kms/src/main/resources/codegen-resources/service-2.json

Lines changed: 15 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -554,11 +554,12 @@
554554
{"shape":"NotFoundException"},
555555
{"shape":"DependencyTimeoutException"},
556556
{"shape":"InvalidMarkerException"},
557+
{"shape":"InvalidGrantIdException"},
557558
{"shape":"InvalidArnException"},
558559
{"shape":"KMSInternalException"},
559560
{"shape":"KMSInvalidStateException"}
560561
],
561-
"documentation":"<p>Gets a list of all grants for the specified customer master key (CMK).</p> <note> <p>The <code>GranteePrincipal</code> field in the <code>ListGrants</code> response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an AWS service, the <code>GranteePrincipal</code> field contains the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services\">service principal</a>, which might represent several different grantee principals.</p> </note> <p> <b>Cross-account use</b>: Yes. To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the <code>KeyId</code> parameter.</p> <p> <b>Required permissions</b>: <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html\">kms:ListGrants</a> (key policy)</p> <p> <b>Related operations:</b> </p> <ul> <li> <p> <a>CreateGrant</a> </p> </li> <li> <p> <a>ListRetirableGrants</a> </p> </li> <li> <p> <a>RetireGrant</a> </p> </li> <li> <p> <a>RevokeGrant</a> </p> </li> </ul>"
562+
"documentation":"<p>Gets a list of all grants for the specified customer master key (CMK). </p> <p>You must specify the CMK in all requests. You can filter the grant list by grant ID or grantee principal.</p> <note> <p>The <code>GranteePrincipal</code> field in the <code>ListGrants</code> response usually contains the user or role designated as the grantee principal in the grant. However, when the grantee principal in the grant is an AWS service, the <code>GranteePrincipal</code> field contains the <a href=\"https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_elements_principal.html#principal-services\">service principal</a>, which might represent several different grantee principals.</p> </note> <p> <b>Cross-account use</b>: Yes. To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the <code>KeyId</code> parameter.</p> <p> <b>Required permissions</b>: <a href=\"https://docs.aws.amazon.com/kms/latest/developerguide/kms-api-permissions-reference.html\">kms:ListGrants</a> (key policy)</p> <p> <b>Related operations:</b> </p> <ul> <li> <p> <a>CreateGrant</a> </p> </li> <li> <p> <a>ListRetirableGrants</a> </p> </li> <li> <p> <a>RetireGrant</a> </p> </li> <li> <p> <a>RevokeGrant</a> </p> </li> </ul>"
562563
},
563564
"ListKeyPolicies":{
564565
"name":"ListKeyPolicies",
@@ -872,16 +873,10 @@
872873
},
873874
"TargetKeyId":{
874875
"shape":"KeyIdType",
875-
"documentation":"<p>String that contains the key identifier of the CMK associated with the alias.</p>"
876-
},
877-
"CreationDate":{
878-
"shape":"DateType",
879-
"documentation":"<p>Date and time that the alias was most recently created in the account and Region. Formatted as Unix time.</p>"
876+
"documentation":"<p>String that contains the key identifier referred to by the alias.</p>"
880877
},
881-
"LastUpdatedDate":{
882-
"shape":"DateType",
883-
"documentation":"<p>Date and time that the alias was most recently associated with a CMK in the account and Region. Formatted as Unix time.</p>"
884-
}
878+
"CreationDate":{"shape":"DateType"},
879+
"LastUpdatedDate":{"shape":"DateType"}
885880
},
886881
"documentation":"<p>Contains information about an alias.</p>"
887882
},
@@ -1113,7 +1108,7 @@
11131108
},
11141109
"GrantId":{
11151110
"shape":"GrantIdType",
1116-
"documentation":"<p>The unique identifier for the grant.</p> <p>You can use the <code>GrantId</code> in a subsequent <a>RetireGrant</a> or <a>RevokeGrant</a> operation.</p>"
1111+
"documentation":"<p>The unique identifier for the grant.</p> <p>You can use the <code>GrantId</code> in a <a>ListGrants</a>, <a>RetireGrant</a>, or <a>RevokeGrant</a> operation.</p>"
11171112
}
11181113
}
11191114
},
@@ -2359,7 +2354,15 @@
23592354
},
23602355
"KeyId":{
23612356
"shape":"KeyIdType",
2362-
"documentation":"<p>A unique identifier for the customer master key (CMK).</p> <p>Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> </ul> <p>To get the key ID and key ARN for a CMK, use <a>ListKeys</a> or <a>DescribeKey</a>.</p>"
2357+
"documentation":"<p>Returns only grants for the specified customer master key (CMK). This parameter is required.</p> <p>Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.</p> <p>For example:</p> <ul> <li> <p>Key ID: <code>1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> <li> <p>Key ARN: <code>arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab</code> </p> </li> </ul> <p>To get the key ID and key ARN for a CMK, use <a>ListKeys</a> or <a>DescribeKey</a>.</p>"
2358+
},
2359+
"GrantId":{
2360+
"shape":"GrantIdType",
2361+
"documentation":"<p>Returns only the grant with the specified grant ID. The grant ID uniquely identifies the grant. </p>"
2362+
},
2363+
"GranteePrincipal":{
2364+
"shape":"PrincipalIdType",
2365+
"documentation":"<p>Returns only grants where the specified principal is the grantee principal for the grant.</p>"
23632366
}
23642367
}
23652368
},

0 commit comments

Comments
 (0)