#!/bin/bash
#set -x


for r in $(aws ec2 describe-regions --query "Regions[].{Name:RegionName}" --output text); do

  keyAlias="arn:aws:kms:${r}:533404190593:alias/zdt/amis"
	keyArn=$(aws kms describe-key --region $r --key-id $keyAlias --output json 2>/dev/null | jq -r '.KeyMetadata.Arn')

	if [ -n "$keyArn" ]; then
		aws kms list-grants --region $r --key-id $keyArn --output json | jq '.Grants[]'
  fi
done