Nick
There is no need to pass the grant token
It knows based on the access key whether to allow access to the key or not.
This works fine, without using the grant token:
aws kms encrypt –plaintext "hello" –key-id 24ff4e93-a901-4ba5-98e7-a31234567890 –profile dave
i can verify this is indeed true. there is no reason to pass the grant token when performing an action
In that case, it is a permanent grant, not temporary as mentioned in the course.