Retires a grant. To clean up, you can retire a grant when you're done using it. You should revoke a grant when you intend to actively deny operations that depend on it. The following are permitted to call this API:
-
The AWS account (root user) under which the grant was created
-
The RetiringPrincipal, if present in the grant
-
The GranteePrincipal, if RetireGrant is an operation specified in the grant
You must identify the grant to retire by its grant token or by a combination of the grant ID and the Amazon Resource Name (ARN) of the customer master key (CMK). A grant token is a unique variable-length base64-encoded string. A grant ID is a 64 character unique identifier of a grant. The CreateGrant operation returns both.
/// The system timed out while trying to fulfill the request. The request can be retried.
///
/// The request was rejected because the specified
GrantId is not valid.
///
/// The request was rejected because the specified grant token is not valid.
///
/// The request was rejected because an internal exception occurred. The request can be
/// retried.
///
/// The request was rejected because the state of the specified resource is not valid
/// for this request.
///
///
///
/// For more information about how key state affects the use of a CMK, see How
/// Key State Affects Use of a Customer Master Key in the AWS Key Management Service
/// Developer Guide.
///
///
/// The request was rejected because the specified entity or resource could not be found.
///