A structure that you can use to allow certain operations in the grant only when the desired encryption context is present. For more information about encryption context, see Encryption Context in the AWS Key Management Service Developer Guide.
Grant constraints apply only to operations that accept encryption context as input. For example, the DescribeKey
operation does not accept encryption context as input. A grant that allows the DescribeKey
operation does so regardless of the grant constraints. In constrast, the Encrypt
operation accepts encryption context as input. A grant that allows the Encrypt
operation does so only when the encryption context of the Encrypt
operation satisfies the grant constraints.
A list of key-value pairs that must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list, the grant allows the operation. Otherwise, the grant does not allow the operation.
A list of key-value pairs, all of which must be present in the encryption context of certain subsequent operations that the grant allows. When certain subsequent operations allowed by the grant include encryption context that matches this list or is a superset of this list, the grant allows the operation. Otherwise, the grant does not allow the operation.
Returns the "default value" for a type. Read more
Formats the value using the given formatter. Read more
Performs copy-assignment from source
. Read more
This method tests for self
and other
values to be equal, and is used by ==
. Read more
This method tests for !=
.