ResourceSpecificResult - AWS Identity and Access Management

ResourceSpecificResult

Contains the result of the simulation of a single API operation call on a single resource.

This data type is used by a member of the EvaluationResult data type.

Contents

EvalDecisionDetails
EvalDecisionDetails.entry.N.key (key)
EvalDecisionDetails.entry.N.value (value)

Additional details about the results of the evaluation decision on a single resource. This parameter is returned only for cross-account simulations. This parameter explains how each policy type contributes to the resource-specific evaluation decision.

Type: String to string map

Key Length Constraints: Minimum length of 3. Maximum length of 256.

Valid Values: allowed | explicitDeny | implicitDeny

Required: No

EvalResourceDecision

The result of the simulation of the simulated API operation on the resource specified in EvalResourceName.

Type: String

Valid Values: allowed | explicitDeny | implicitDeny

Required: Yes

EvalResourceName

The name of the simulated resource, in Amazon Resource Name (ARN) format.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 2048.

Required: Yes

MatchedStatements.member.N

A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the operation on the resource, if any statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.

Type: Array of Statement objects

Required: No

MissingContextValues.member.N

A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter instead of "*". If you do not specify individual resources, by setting ResourceArns to "*" or by not including the ResourceArns parameter, then any missing context values are instead included under the EvaluationResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

Type: Array of strings

Length Constraints: Minimum length of 5. Maximum length of 256.

Required: No

PermissionsBoundaryDecisionDetail

Contains information about the effect that a permissions boundary has on a policy simulation when that boundary is applied to an IAM entity.

Type: PermissionsBoundaryDecisionDetail object

Required: No

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: