revokeGrant method

Future<void> revokeGrant({ required String grantId, required String keyId, })

Revokes the specified grant for the specified customer master key (CMK). You can revoke a grant to actively deny operations that depend on it.

Cross-account use: Yes. To perform this operation on a CMK in a different AWS account, specify the key ARN in the value of the KeyId parameter.

Required permissions: kms:RevokeGrant (key policy)

Related operations:

• CreateGrant
• ListGrants
• ListRetirableGrants
• RetireGrant

May throw NotFoundException. May throw DependencyTimeoutException. May throw InvalidArnException. May throw InvalidGrantIdException. May throw KMSInternalException. May throw KMSInvalidStateException.

Parameter grantId : Identifier of the grant to be revoked.

Parameter keyId : A unique identifier for the customer master key associated with the grant.

Specify the key ID or the Amazon Resource Name (ARN) of the CMK. To specify a CMK in a different AWS account, you must use the key ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab
• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey.

Implementation

Future<void> revokeGrant({
  required String grantId,
  required String keyId,
}) async {
  ArgumentError.checkNotNull(grantId, 'grantId');
  _s.validateStringLength(
    'grantId',
    grantId,
    1,
    128,
    isRequired: true,
  );
  ArgumentError.checkNotNull(keyId, 'keyId');
  _s.validateStringLength(
    'keyId',
    keyId,
    1,
    2048,
    isRequired: true,
  );
  final headers = <String, String>{
    'Content-Type': 'application/x-amz-json-1.1',
    'X-Amz-Target': 'TrentService.RevokeGrant'
  };
  await _protocol.send(
    method: 'POST',
    requestUri: '/',
    exceptionFnMap: _exceptionFns,
    // TODO queryParams
    headers: headers,
    payload: {
      'GrantId': grantId,
      'KeyId': keyId,
    },
  );
}