{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-access-analyzer/refs/heads/main/json-schema/iam-access-analyzer-kms-grant-configuration-schema.json",
"title": "KmsGrantConfiguration",
"description": "A proposed grant configuration for a KMS key. For more information, see CreateGrant.",
"type": "object",
"properties": {
"operations": {
"allOf": [
{
"$ref": "#/components/schemas/KmsGrantOperationsList"
},
{
"description": "A list of operations that the grant permits."
}
]
},
"granteePrincipal": {
"allOf": [
{
"$ref": "#/components/schemas/GranteePrincipal"
},
{
"description": "The principal that is given permission to perform the operations that the grant permits."
}
]
},
"retiringPrincipal": {
"allOf": [
{
"$ref": "#/components/schemas/RetiringPrincipal"
},
{
"description": "The principal that is given permission to retire the grant by using RetireGrant operation."
}
]
},
"constraints": {
"allOf": [
{
"$ref": "#/components/schemas/KmsGrantConstraints"
},
{
"description": "Use this structure to propose allowing cryptographic operations in the grant only when the operation request includes the specified encryption context."
}
]
},
"issuingAccount": {
"allOf": [
{
"$ref": "#/components/schemas/IssuingAccount"
},
{
"description": " The Amazon Web Services account under which the grant was issued. The account is used to propose KMS grants issued by accounts other than the owner of the key."
}
]
}
},
"required": [
"operations",
"granteePrincipal",
"issuingAccount"
]
}