Copyright	(c) 2013-2023 Brendan Hay
License	Mozilla Public License, v. 2.0.
Maintainer	Brendan Hay
Stability	auto-generated
Portability	non-portable (GHC extensions)
Safe Haskell	Safe-Inferred
Language	Haskell2010

Amazonka.KMS.ListRetirableGrants

Contents

Creating a Request
Request Lenses
Destructuring the Response
Response Lenses

Description

Returns information about all grants in the Amazon Web Services account and Region that have the specified retiring principal.

You can specify any principal in your Amazon Web Services account. The grants that are returned include grants for KMS keys in your Amazon Web Services account and other Amazon Web Services accounts. You might use this operation to determine which grants you may retire. To retire a grant, use the RetireGrant operation.

For detailed information about grants, including grant terminology, see Grants in KMS in the /Key Management Service Developer Guide/ . For examples of working with grants in several programming languages, see Programming grants.

Cross-account use: You must specify a principal in your Amazon Web Services account. However, this operation can return grants in any Amazon Web Services account. You do not need kms:ListRetirableGrants permission (or any other additional permission) in any Amazon Web Services account other than your own.

Required permissions: kms:ListRetirableGrants (IAM policy) in your Amazon Web Services account.

Related operations:

CreateGrant
ListGrants
RetireGrant
RevokeGrant

This operation returns paginated results.

Creating a Request

data ListRetirableGrants Source #

See: newListRetirableGrants smart constructor.

Constructors

ListRetirableGrants'

Fields

limit :: Maybe Natural
Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.
This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.
marker :: Maybe Text
Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.
retiringPrincipal :: Text
The retiring principal for which to list grants. Enter a principal in your Amazon Web Services account.
To specify the retiring principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the /Amazon Web Services General Reference/.

Instances

Instances details

ToJSON ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods toJSON :: ListRetirableGrants -> Value # toEncoding :: ListRetirableGrants -> Encoding # toJSONList :: [ListRetirableGrants] -> Value # toEncodingList :: [ListRetirableGrants] -> Encoding #
ToHeaders ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods toHeaders :: ListRetirableGrants -> [Header] #
ToPath ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods toPath :: ListRetirableGrants -> ByteString #
ToQuery ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods toQuery :: ListRetirableGrants -> QueryString #
AWSPager ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods page :: ListRetirableGrants -> AWSResponse ListRetirableGrants -> Maybe ListRetirableGrants #
AWSRequest ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Associated Types type AWSResponse ListRetirableGrants # Methods request :: (Service -> Service) -> ListRetirableGrants -> Request ListRetirableGrants # response :: MonadResource m => (ByteStringLazy -> IO ByteStringLazy) -> Service -> Proxy ListRetirableGrants -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse ListRetirableGrants))) #
Generic ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Associated Types type Rep ListRetirableGrants :: Type -> Type # Methods from :: ListRetirableGrants -> Rep ListRetirableGrants x # to :: Rep ListRetirableGrants x -> ListRetirableGrants #
Read ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods readsPrec :: Int -> ReadS ListRetirableGrants # readList :: ReadS [ListRetirableGrants] # readPrec :: ReadPrec ListRetirableGrants # readListPrec :: ReadPrec [ListRetirableGrants] #
Show ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods showsPrec :: Int -> ListRetirableGrants -> ShowS # show :: ListRetirableGrants -> String # showList :: [ListRetirableGrants] -> ShowS #
NFData ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods rnf :: ListRetirableGrants -> () #
Eq ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods (==) :: ListRetirableGrants -> ListRetirableGrants -> Bool # (/=) :: ListRetirableGrants -> ListRetirableGrants -> Bool #
Hashable ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants Methods hashWithSalt :: Int -> ListRetirableGrants -> Int # hash :: ListRetirableGrants -> Int #
type AWSResponse ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants type AWSResponse ListRetirableGrants = ListGrantsResponse
type Rep ListRetirableGrants Source #
Instance details Defined in Amazonka.KMS.ListRetirableGrants type Rep ListRetirableGrants = D1 ('MetaData "ListRetirableGrants" "Amazonka.KMS.ListRetirableGrants" "amazonka-kms-2.0-6YhT3Ymbf9Z5PoaGoz7tbG" 'False) (C1 ('MetaCons "ListRetirableGrants'" 'PrefixI 'True) (S1 ('MetaSel ('Just "limit") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Natural)) :: (S1 ('MetaSel ('Just "marker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "retiringPrincipal") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 Text))))

newListRetirableGrants Source #

Arguments

:: Text	`ListRetirableGrants`
-> ListRetirableGrants

Create a value of ListRetirableGrants with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:limit:ListRetirableGrants', listRetirableGrants_limit - Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

$sel:marker:ListRetirableGrants', listRetirableGrants_marker - Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

ListRetirableGrants, listRetirableGrants_retiringPrincipal - The retiring principal for which to list grants. Enter a principal in your Amazon Web Services account.

To specify the retiring principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the /Amazon Web Services General Reference/.

Request Lenses

listRetirableGrants_limit :: Lens' ListRetirableGrants (Maybe Natural) Source #

Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer.

This value is optional. If you include a value, it must be between 1 and 100, inclusive. If you do not include a value, it defaults to 50.

listRetirableGrants_marker :: Lens' ListRetirableGrants (Maybe Text) Source #

Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of NextMarker from the truncated response you just received.

listRetirableGrants_retiringPrincipal :: Lens' ListRetirableGrants Text Source #

The retiring principal for which to list grants. Enter a principal in your Amazon Web Services account.

To specify the retiring principal, use the Amazon Resource Name (ARN) of an Amazon Web Services principal. Valid Amazon Web Services principals include Amazon Web Services accounts (root), IAM users, federated users, and assumed role users. For examples of the ARN syntax for specifying a principal, see Amazon Web Services Identity and Access Management (IAM) in the Example ARNs section of the /Amazon Web Services General Reference/.

Destructuring the Response

data ListGrantsResponse Source #

See: newListGrantsResponse smart constructor.

Constructors

ListGrantsResponse'

Fields

grants :: Maybe [GrantListEntry]
A list of grants.
nextMarker :: Maybe Text
When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.
truncated :: Maybe Bool
A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in thisresponse to the Marker parameter in a subsequent request.

Instances

Instances details

FromJSON ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods parseJSON :: Value -> Parser ListGrantsResponse # parseJSONList :: Value -> Parser [ListGrantsResponse] #
Generic ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Associated Types type Rep ListGrantsResponse :: Type -> Type # Methods from :: ListGrantsResponse -> Rep ListGrantsResponse x # to :: Rep ListGrantsResponse x -> ListGrantsResponse #
Read ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods readsPrec :: Int -> ReadS ListGrantsResponse # readList :: ReadS [ListGrantsResponse] # readPrec :: ReadPrec ListGrantsResponse # readListPrec :: ReadPrec [ListGrantsResponse] #
Show ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods showsPrec :: Int -> ListGrantsResponse -> ShowS # show :: ListGrantsResponse -> String # showList :: [ListGrantsResponse] -> ShowS #
NFData ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods rnf :: ListGrantsResponse -> () #
Eq ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods (==) :: ListGrantsResponse -> ListGrantsResponse -> Bool # (/=) :: ListGrantsResponse -> ListGrantsResponse -> Bool #
Hashable ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse Methods hashWithSalt :: Int -> ListGrantsResponse -> Int # hash :: ListGrantsResponse -> Int #
type Rep ListGrantsResponse Source #
Instance details Defined in Amazonka.KMS.Types.ListGrantsResponse type Rep ListGrantsResponse = D1 ('MetaData "ListGrantsResponse" "Amazonka.KMS.Types.ListGrantsResponse" "amazonka-kms-2.0-6YhT3Ymbf9Z5PoaGoz7tbG" 'False) (C1 ('MetaCons "ListGrantsResponse'" 'PrefixI 'True) (S1 ('MetaSel ('Just "grants") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe [GrantListEntry])) :: (S1 ('MetaSel ('Just "nextMarker") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Text)) :: S1 ('MetaSel ('Just "truncated") 'NoSourceUnpackedness 'NoSourceStrictness 'DecidedStrict) (Rec0 (Maybe Bool)))))

newListGrantsResponse :: ListGrantsResponse Source #

Create a value of ListGrantsResponse with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:grants:ListGrantsResponse', listGrantsResponse_grants - A list of grants.

$sel:nextMarker:ListGrantsResponse', listGrantsResponse_nextMarker - When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.

$sel:truncated:ListGrantsResponse', listGrantsResponse_truncated - A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in thisresponse to the Marker parameter in a subsequent request.

Response Lenses

listGrantsResponse_grants :: Lens' ListGrantsResponse (Maybe [GrantListEntry]) Source #

A list of grants.

listGrantsResponse_nextMarker :: Lens' ListGrantsResponse (Maybe Text) Source #

When Truncated is true, this element is present and contains the value to use for the Marker parameter in a subsequent request.

listGrantsResponse_truncated :: Lens' ListGrantsResponse (Maybe Bool) Source #

A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the NextMarker element in thisresponse to the Marker parameter in a subsequent request.