Copyright	(c) 2013-2021 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay <brendan.g.hay+amazonka@gmail.com>
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	None

Amazonka.KMS.ListRetirableGrants

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.

You can specify any principal in your Amazon Web Services account. The grants that are returned include grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.

For detailed information about grants, including grant terminology, see Using grants in the /Key Management Service Developer Guide/ . For examples of working with grants in several programming languages, see Programming grants.

Cross-account use: You must specify a principal in your Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need kms:ListRetirableGrants permission (or any other additional permission) in any Amazon Web Services account other than your own.

Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.

Related operations:

CreateGrant
ListGrants
RetireGrant
RevokeGrant

Creating a Request

data ListRetirableGrants Source #

See: newListRetirableGrants smart constructor.

Constructors

ListRetirableGrants'

Fields

marker :: Maybe Text
Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.
limit :: Maybe Natural
Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
retiringPrincipal :: Text
The retiring principal for which to list grants. Enter a principal in your Amazon Web Services account.
To specify the retiring principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the /Amazon Web Services General Reference/.

Instances

Instances details

Eq ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods (==) :: ListRetirableGrants -> ListRetirableGrants -> Bool # (/=) :: ListRetirableGrants -> ListRetirableGrants -> Bool #
Read ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods readsPrec :: Int -> ReadS ListRetirableGrants # readList :: ReadS [ListRetirableGrants] # readPrec :: ReadPrec ListRetirableGrants # readListPrec :: ReadPrec [ListRetirableGrants] #
Show ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods showsPrec :: Int -> ListRetirableGrants -> ShowS # show :: ListRetirableGrants -> String # showList :: [ListRetirableGrants] -> ShowS #
Generic ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Associated Types type Rep ListRetirableGrants :: Type -> Type # Methods from :: ListRetirableGrants -> Rep ListRetirableGrants x # to :: Rep ListRetirableGrants x -> ListRetirableGrants #
NFData ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods rnf :: ListRetirableGrants -> () #
Hashable ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods hashWithSalt :: Int -> ListRetirableGrants -> Int # hash :: ListRetirableGrants -> Int #
ToJSON ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods toJSON :: ListRetirableGrants -> Value # toEncoding :: ListRetirableGrants -> Encoding # toJSONList :: [ListRetirableGrants] -> Value # toEncodingList :: [ListRetirableGrants] -> Encoding #
AWSRequest ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Associated Types type AWSResponse ListRetirableGrants # Methods request :: ListRetirableGrants -> Request ListRetirableGrants # response :: MonadResource m => Logger -> Service -> Proxy ListRetirableGrants -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse ListRetirableGrants))) #
ToHeaders ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods toHeaders :: ListRetirableGrants -> [Header] #
ToPath ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods toPath :: ListRetirableGrants -> ByteString #
ToQuery ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods toQuery :: ListRetirableGrants -> QueryString #
type Rep ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants type Rep ListRetirableGrants = D1 ('MetaData "ListRetirableGrants" "Amazonka.KMS.ListRetirableGrants" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ListRetirableGrants'" 'PrefixI 'True) (S1 ('MetaSel ('Just "marker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: (S1 ('MetaSel ('Just "limit") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Natural)) :: S1 ('MetaSel ('Just "retiringPrincipal") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))
type AWSResponse ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants type AWSResponse ListRetirableGrants = ListGrantsResponse

newListRetirableGrants Source #

Arguments

:: Text	`$sel:retiringPrincipal:ListRetirableGrants'`
-> ListRetirableGrants

Create a value of ListRetirableGrants with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:marker:ListRetirableGrants', listRetirableGrants_marker - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

$sel:limit:ListRetirableGrants', listRetirableGrants_limit - Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

$sel:retiringPrincipal:ListRetirableGrants', listRetirableGrants_retiringPrincipal - The retiring principal for which to list grants. Enter a principal in your Amazon Web Services account.

To specify the retiring principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the /Amazon Web Services General Reference/.

Request Lenses

listRetirableGrants_marker :: Lens' ListRetirableGrants (Maybe Text) Source #

Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

listRetirableGrants_limit :: Lens' ListRetirableGrants (Maybe Natural) Source #

Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

listRetirableGrants_retiringPrincipal :: Lens' ListRetirableGrants Text Source #

The retiring principal for which to list grants. Enter a principal in your Amazon Web Services account.

To specify the retiring principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the /Amazon Web Services General Reference/.

Destructuring the Response

data ListGrantsResponse Source #

See: newListGrantsResponse smart constructor.

Constructors

ListGrantsResponse'

Fields

truncated :: Maybe Bool
A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in thisresponse to the Marker parameter in a subsequent request.
grants :: Maybe [GrantListEntry]
A list of grants.
nextMarker :: Maybe Text
When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.

Instances

Instances details

Eq ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods (==) :: ListGrantsResponse -> ListGrantsResponse -> Bool # (/=) :: ListGrantsResponse -> ListGrantsResponse -> Bool #
Read ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods readsPrec :: Int -> ReadS ListGrantsResponse # readList :: ReadS [ListGrantsResponse] # readPrec :: ReadPrec ListGrantsResponse # readListPrec :: ReadPrec [ListGrantsResponse] #
Show ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods showsPrec :: Int -> ListGrantsResponse -> ShowS # show :: ListGrantsResponse -> String # showList :: [ListGrantsResponse] -> ShowS #
Generic ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Associated Types type Rep ListGrantsResponse :: Type -> Type # Methods from :: ListGrantsResponse -> Rep ListGrantsResponse x # to :: Rep ListGrantsResponse x -> ListGrantsResponse #
NFData ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods rnf :: ListGrantsResponse -> () #
Hashable ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods hashWithSalt :: Int -> ListGrantsResponse -> Int # hash :: ListGrantsResponse -> Int #
FromJSON ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods parseJSON :: Value -> Parser ListGrantsResponse # parseJSONList :: Value -> Parser [ListGrantsResponse] #
type Rep ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse type Rep ListGrantsResponse = D1 ('MetaData "ListGrantsResponse" "Amazonka.KMS.Types.ListGrantsResponse" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "ListGrantsResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "truncated") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)) :: (S1 ('MetaSel ('Just "grants") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [GrantListEntry])) :: S1 ('MetaSel ('Just "nextMarker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)))))

newListGrantsResponse :: ListGrantsResponse Source #

Create a value of ListGrantsResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:truncated:ListGrantsResponse', listGrantsResponse_truncated - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in thisresponse to the Marker parameter in a subsequent request.

$sel:grants:ListGrantsResponse', listGrantsResponse_grants - A list of grants.

$sel:nextMarker:ListGrantsResponse', listGrantsResponse_nextMarker - When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.

Response Lenses

listGrantsResponse_truncated :: Lens' ListGrantsResponse (Maybe Bool) Source #

A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in thisresponse to the Marker parameter in a subsequent request.

listGrantsResponse_grants :: Lens' ListGrantsResponse (Maybe [GrantListEntry]) Source #

A list of grants.

listGrantsResponse_nextMarker :: Lens' ListGrantsResponse (Maybe Text) Source #

When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.