libZSservicesZSamazonka-kmsZSamazonka-kms
Copyright(c) 2013-2021 Brendan Hay
LicenseMozilla Public License, v. 2.0.
MaintainerBrendan Hay <brendan.g.hay+amazonka@gmail.com>
Stabilityauto-generated
Portabilitynon-portable (GHC extensions)
Safe HaskellNone

Amazonka.KMS.RevokeGrant

Description

Deletes the specified grant. You revoke a grant to terminate the permissions that the grant allows. For more information, see Retiring and revoking grants in the /Key Management Service Developer Guide/ .

When you create, retire, or revoke a grant, there might be a brief delay, usually less than five minutes, until the grant is available throughout KMS. This state is known as eventual consistency. For details, see Eventual consistency in the /Key Management Service Developer Guide/ .

For detailed information about grants, including grant terminology, see Using grants in the /Key Management Service Developer Guide/ . For examples of working with grants in several programming languages, see Programming grants.

Cross-account use: Yes. To perform this operation on a KMS key in a different Amazon Web Services account, specify the key ARN in the value of the KeyId parameter.

Required permissions: kms:RevokeGrant (key policy).

Related operations:

  • CreateGrant
  • ListGrants
  • ListRetirableGrants
  • RetireGrant
Synopsis

Creating a Request

data RevokeGrant Source #

See: newRevokeGrant smart constructor.

Constructors

RevokeGrant' 

Fields

  • keyId :: Text

    A unique identifier for the KMS key associated with the grant. To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

    Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN.

    For example:

    • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
    • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

    To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

  • grantId :: Text

    Identifies the grant to revoke. To get the grant ID, use CreateGrant, ListGrants, or ListRetirableGrants.

Instances

Instances details
Eq RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

(==) :: RevokeGrant -> RevokeGrant -> Bool #

(/=) :: RevokeGrant -> RevokeGrant -> Bool #

Read RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

readsPrec :: Int -> ReadS RevokeGrant #

readList :: ReadS [RevokeGrant] #

readPrec :: ReadPrec RevokeGrant #

readListPrec :: ReadPrec [RevokeGrant] #

Show RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

showsPrec :: Int -> RevokeGrant -> ShowS #

show :: RevokeGrant -> String #

showList :: [RevokeGrant] -> ShowS #

Generic RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Associated Types

type Rep RevokeGrant :: Type -> Type #

Methods

from :: RevokeGrant -> Rep RevokeGrant x #

to :: Rep RevokeGrant x -> RevokeGrant #

NFData RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

rnf :: RevokeGrant -> () #

Hashable RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

hashWithSalt :: Int -> RevokeGrant -> Int #

hash :: RevokeGrant -> Int #

ToJSON RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

toJSON :: RevokeGrant -> Value #

toEncoding :: RevokeGrant -> Encoding #

toJSONList :: [RevokeGrant] -> Value #

toEncodingList :: [RevokeGrant] -> Encoding #

AWSRequest RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Associated Types

type AWSResponse RevokeGrant #

Methods

request :: RevokeGrant -> Request RevokeGrant #

response :: MonadResource m => Logger -> Service -> Proxy RevokeGrant -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse RevokeGrant))) #

ToHeaders RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

toHeaders :: RevokeGrant -> [Header] #

ToPath RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

toPath :: RevokeGrant -> ByteString #

ToQuery RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

toQuery :: RevokeGrant -> QueryString #

type Rep RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

type Rep RevokeGrant = D1 ('MetaData "RevokeGrant" "Amazonka.KMS.RevokeGrant" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "RevokeGrant'" 'PrefixI 'True) (S1 ('MetaSel ('Just "keyId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text) :*: S1 ('MetaSel ('Just "grantId") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text)))
type AWSResponse RevokeGrant Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

type AWSResponse RevokeGrant = RevokeGrantResponse

newRevokeGrant Source #

Arguments

:: Text

$sel:keyId:RevokeGrant'

-> Text

$sel:grantId:RevokeGrant'

-> RevokeGrant 

Create a value of RevokeGrant with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:keyId:RevokeGrant', revokeGrant_keyId - A unique identifier for the KMS key associated with the grant. To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

$sel:grantId:RevokeGrant', revokeGrant_grantId - Identifies the grant to revoke. To get the grant ID, use CreateGrant, ListGrants, or ListRetirableGrants.

Request Lenses

revokeGrant_keyId :: Lens' RevokeGrant Text Source #

A unique identifier for the KMS key associated with the grant. To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

Specify the key ID or key ARN of the KMS key. To specify a KMS key in a different Amazon Web Services account, you must use the key ARN.

For example:

  • Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
  • Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey.

revokeGrant_grantId :: Lens' RevokeGrant Text Source #

Identifies the grant to revoke. To get the grant ID, use CreateGrant, ListGrants, or ListRetirableGrants.

Destructuring the Response

data RevokeGrantResponse Source #

See: newRevokeGrantResponse smart constructor.

Constructors

RevokeGrantResponse' 

Instances

Instances details
Eq RevokeGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

(==) :: RevokeGrantResponse -> RevokeGrantResponse -> Bool #

(/=) :: RevokeGrantResponse -> RevokeGrantResponse -> Bool #

Read RevokeGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

readsPrec :: Int -> ReadS RevokeGrantResponse #

readList :: ReadS [RevokeGrantResponse] #

readPrec :: ReadPrec RevokeGrantResponse #

readListPrec :: ReadPrec [RevokeGrantResponse] #

Show RevokeGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

showsPrec :: Int -> RevokeGrantResponse -> ShowS #

show :: RevokeGrantResponse -> String #

showList :: [RevokeGrantResponse] -> ShowS #

Generic RevokeGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Associated Types

type Rep RevokeGrantResponse :: Type -> Type #

Methods

from :: RevokeGrantResponse -> Rep RevokeGrantResponse x #

to :: Rep RevokeGrantResponse x -> RevokeGrantResponse #

NFData RevokeGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

Methods

rnf :: RevokeGrantResponse -> () #

type Rep RevokeGrantResponse Source # 
Instance details

Defined in Amazonka.KMS.RevokeGrant

type Rep RevokeGrantResponse = D1 ('MetaData "RevokeGrantResponse" "Amazonka.KMS.RevokeGrant" "libZSservicesZSamazonka-kmsZSamazonka-kms" 'False) (C1 ('MetaCons "RevokeGrantResponse'" 'PrefixI 'False) (U1 :: Type -> Type))

newRevokeGrantResponse :: RevokeGrantResponse Source #

Create a value of RevokeGrantResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.