404

[ Avaa Bypassed ]




Upload:

Command:

botdev@13.58.146.48: ~ $
**To view the grants that a principal can retire**

The following ``list-retirable-grants`` example displays all of the grants that the ``ExampleAdmin`` user can retire on the KMS keys in an AWS account and Region. You can use a command like this one to view the grants that any account principal can retire on KMS keys in the AWS account and Region.

The value of the required ``retiring-principal`` parameter must be the Amazon Resource Name (ARN) of an account, user, or role. 

You cannot specify a service for the value of ``retiring-principal`` in this command, even though a service can be the retiring principal. To find the grants in which a particular service is the retiring principal, use the ``list-grants`` command. 

The output shows that ``ExampleAdmin`` user has permission to retire grants on two different KMS keys in the account and region. In addition to the retiring principal, the account has permission to retire any grant in the account. ::

    aws kms list-retirable-grants \
        --retiring-principal arn:aws:iam::111122223333:user/ExampleAdmin

Output::

    {
        "Grants": [
            {
                "KeyId": "arn:aws:kms:us-west-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab",
                "GrantId": "156b69c63cb154aa21f59929ff19760717be8d9d82b99df53e18b94a15a5e88e",
                "Name": "",
                "CreationDate": 2021-01-14T20:17:36.419000+00:00,
                "GranteePrincipal": "arn:aws:iam::111122223333:user/ExampleUser",
                "RetiringPrincipal": "arn:aws:iam::111122223333:user/ExampleAdmin",
                "IssuingAccount": "arn:aws:iam::111122223333:root",
                "Operations": [
                    "Encrypt"
                ],
                "Constraints": {
                    "EncryptionContextSubset": {
                        "Department": "IT"
                    }
                }
            },
            {
                "KeyId": "arn:aws:kms:us-west-2:111122223333:key/0987dcba-09fe-87dc-65ba-ab0987654321",
                "GrantId": "8c94d1f12f5e69f440bae30eaec9570bb1fb7358824f9ddfa1aa5a0dab1a59b2",
                "Name": "",
                "CreationDate": "2021-02-02T19:49:49.638000+00:00",
                "GranteePrincipal": "arn:aws:iam::111122223333:role/ExampleRole",
                "RetiringPrincipal": "arn:aws:iam::111122223333:user/ExampleAdmin",
                "IssuingAccount": "arn:aws:iam::111122223333:root",
                "Operations": [
                    "Decrypt"
                ],
                "Constraints": {
                    "EncryptionContextSubset": {
                        "Department": "IT"
                    }
                }
            }
        ],
        "Truncated": false
    }

For more information, see `Grants in AWS KMS <https://docs.aws.amazon.com/kms/latest/developerguide/grants.html>`__ in the *AWS Key Management Service Developer Guide*.

Filemanager

Name Type Size Permission Actions
cancel-key-deletion.rst File 884 B 0644
connect-custom-key-store.rst File 1.08 KB 0755
create-alias.rst File 729 B 0644
create-custom-key-store.rst File 3.75 KB 0755
create-grant.rst File 1.18 KB 0755
create-key.rst File 12.17 KB 0644
decrypt.rst File 4.44 KB 0644
delete-alias.rst File 502 B 0644
delete-custom-key-store.rst File 1.47 KB 0755
delete-imported-key-material.rst File 656 B 0644
describe-custom-key-stores.rst File 5.32 KB 0755
describe-key.rst File 5.76 KB 0644
disable-key-rotation.rst File 679 B 0644
disable-key.rst File 503 B 0644
disconnect-custom-key-store.rst File 1.25 KB 0644
enable-key-rotation.rst File 708 B 0644
enable-key.rst File 1.02 KB 0644
encrypt.rst File 3.47 KB 0644
generate-data-key-pair-without-plaintext.rst File 1.66 KB 0644
generate-data-key-pair.rst File 1.73 KB 0644
generate-data-key-without-plaintext.rst File 1.35 KB 0644
generate-data-key.rst File 3.17 KB 0644
generate-random.rst File 3.16 KB 0644
get-key-policy.rst File 956 B 0644
get-key-rotation-status.rst File 656 B 0644
get-parameters-for-import.rst File 1.36 KB 0644
get-public-key.rst File 2.31 KB 0644
import-key-material.rst File 1.51 KB 0644
list-aliases.rst File 2.72 KB 0755
list-grants.rst File 2.55 KB 0755
list-key-policies.rst File 926 B 0644
list-keys.rst File 1.04 KB 0644
list-resource-tags.rst File 980 B 0644
list-retirable-grants.rst File 2.92 KB 0644
put-key-policy.rst File 3.44 KB 0755
re-encrypt.rst File 3.82 KB 0644
retire-grant.rst File 810 B 0644
revoke-grant.rst File 776 B 0644
schedule-key-deletion.rst File 1.44 KB 0644
sign.rst File 3.08 KB 0644
tag-resource.rst File 891 B 0644
untag-resource.rst File 836 B 0644
update-alias.rst File 814 B 0644
update-custom-key-store.rst File 6.61 KB 0755
update-key-description.rst File 1.85 KB 0644
verify.rst File 1.38 KB 0644