IIAMSimulatePrincipalPolicyRequest

Interface in AWS.IAM

Interface for SimulatePrincipalPolicy requests.

Ancestors

IIAMPaginatedListRequest

Properties

ActionNames

property ActionNames: TList<string>

Specify a list of API operations to evaluate in the simulation.

Each operation must include the service identifier. For example s3:ListBuckets. Wildcards are not supported in the action names.

CallerArn

property CallerArn: TARN

Optionally, specify the Amazon Resource Name (ARN) of the IAM user that you want to use as the simulated caller of the API operations.

CallerArn is required if you include a ResourcePolicy so that the policy's Principal element has a value to use in evaluation.

ContextEntries

property ContextEntries: TList<IIAMContextEntry>

Type: IIAMContextEntry

Optionally, specify a list of context keys and corresponding values for the simulation.

PermissionsBoundaryPolicyInputList

property PermissionsBoundaryPolicyInputList: TList<string>

Optionally, specify IAM permissions boundary policy to simulate.

PolicyInputList

property PolicyInputList: TList<string>

Specify a list policy documents to include in the simulation.

Each document should be a valid JSON text document containing an IAM policy. Do not include resource-based policies in this parameter. Any resource-based policies must be submitted with the ResourcePolicy parameter.

PolicySourceArn

property PolicySourceArn: TARN

Specify the Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the simulation.

ResourceArns

property ResourceArns: TList<TARN>

Optionally, specify a list of Amazon Resource Names (ARNs) of AWS resources to include in the simulation.

If no ARNs are specified, then the value defaults to * (all resources). Each API operation in ActionNames is evaluated for each resource in this list. The simulation determines the access result (allowed or denied) of each combination. You can simulate resources that don't exist in your account. The simulation does not automatically retrieve policies for the specified resources. If you want to include a resource policy in the simulation, then you must include the policy in the ResourcePolicy parameter.

ResourceHandlingOption

property ResourceHandlingOption: string

Optionally, specify the type of simulation to run.

API operations that support resource-based policies require different combinations of resources. By specifying the type of simulation to run, you enable the policy simulator to enforce the presence of required resources to ensure reliable simulation results. This can be omitted if your scenario does not match one of the following:

For more information, refer to the Amazon EC2 User Guide: <see href="https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html" />

ResourceOwner

property ResourceOwner: TARN

Optionally, specify the Amazon Resource Name (ARN) representing the AWS account ID that specifies the owner of any simulated resource that does not identify its owner in the resource ARN.

ResourcePolicy

property ResourcePolicy: string

Optionally, specify a resource-based policy to include in the simulation.

Methods

AddActionName

function AddActionName(const AActionName: string): NativeInt;

Add an action name to ActionNames.

Parameters

Name	Description
`AActionName`	Specify the name of an action to add to ActionNames.

Returns

Returns the index of the action name added to ActionNames.

AddContextEntry

function AddContextEntry(const AContextKeyName, AContextKeyType: string; const AContextKeyValues: array of string): NativeInt;

Add a context entry to ContextEntries.

Parameters

Name	Description
`AContextKeyName`	Specify the full name of the condition context key including it's service prefix. For example,.
`AContextKeyName`	Specify the data type of the value (or values) specified in AContextKeyValues. Valid values:\|\|\|\|\|\|\|\|\|\|\|.
`AContextKeyValues`	Specify a value (or values if the data type supports multiple values).

Returns

Returns the index of the context entry added to ContextEntries.

AddPermissionsBoundaryPolicyInputListEntry

function AddPermissionsBoundaryPolicyInputListEntry( const APermissionsBoundaryPolicyInputListEntry: string): NativeInt;

Add a permissions boundary policy document to PermissionsBoundaryPolicyInputList.

Parameters

Name	Description
`APermissionsBoundaryPolicyInputListEntry`	Specify an IAM permissions boundary policy document to add to PermissionsBoundaryPolicyInputList.

Returns

Returns the index of the permissions boundary policy document added to PermissionsBoundaryPolicyInputList.

AddPolicyInputListEntry

function AddPolicyInputListEntry(const APolicyInputListEntry: string): NativeInt;

Add an policy document to PolicyInputList.

Parameters

Name	Description
`APolicyInputListEntry`	Specify a policy document to add to PolicyInputList.

Returns

Returns the index of the policy document added to PolicyInputList.

AddResourceArn

function AddResourceArn(const AResourceArn: TARN): NativeInt;

Add an Amazon Resource Name (ARN) for a resource to ResourceArns.

Parameters

Name	Description
`AResourceArn`	Specify an Amazon Resource Name (ARN) a resource to add to ResourceArns.

Returns

Returns the index of the resource ARN added to ResourceArns.

Ancestors​

Properties​

ActionNames​

CallerArn​

ContextEntries​

PermissionsBoundaryPolicyInputList​

PolicyInputList​

PolicySourceArn​

ResourceArns​

ResourceHandlingOption​

ResourceOwner​

ResourcePolicy​

Methods​

AddActionName​

AddContextEntry​

AddPermissionsBoundaryPolicyInputListEntry​

AddPolicyInputListEntry​

AddResourceArn​

Ancestors

Properties

ActionNames

CallerArn

ContextEntries

PermissionsBoundaryPolicyInputList

PolicyInputList

PolicySourceArn

ResourceArns

ResourceHandlingOption

ResourceOwner

ResourcePolicy

Methods

AddActionName

AddContextEntry

AddPermissionsBoundaryPolicyInputListEntry

AddPolicyInputListEntry

AddResourceArn