Table Of Contents

Feedback

User Guide

First time using the AWS CLI? See the User Guide for help getting started.

[ aws . iot ]

test-authorization

Description

Test custom authorization.

See also: AWS API Documentation

See 'aws help' for descriptions of global parameters.

Synopsis

  test-authorization
[--principal <value>]
[--cognito-identity-pool-id <value>]
--auth-infos <value>
[--client-id <value>]
[--policy-names-to-add <value>]
[--policy-names-to-skip <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]

Options

--principal (string)

The principal.

--cognito-identity-pool-id (string)

The Cognito identity pool ID.

--auth-infos (list)

A list of authorization info objects. Simulating authorization will create a response for each authInfo object in the list.

Shorthand Syntax:

actionType=string,resources=string,string ...

JSON Syntax:

[
  {
    "actionType": "PUBLISH"|"SUBSCRIBE"|"RECEIVE"|"CONNECT",
    "resources": ["string", ...]
  }
  ...
]

--client-id (string)

The MQTT client ID.

--policy-names-to-add (list)

When testing custom authorization, the policies specified here are treated as if they are attached to the principal being authorized.

Syntax:

"string" "string" ...

--policy-names-to-skip (list)

When testing custom authorization, the policies specified here are treated as if they are not attached to the principal being authorized.

Syntax:

"string" "string" ...

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See 'aws help' for descriptions of global parameters.

Output

authResults -> (list)

The authentication results.

(structure)

The authorizer result.

authInfo -> (structure)

Authorization information.

actionType -> (string)

The type of action for which the principal is being authorized.

resources -> (list)

The resources for which the principal is being authorized to perform the specified action.

(string)

allowed -> (structure)

The policies and statements that allowed the specified action.

policies -> (list)

A list of policies that allowed the authentication.

(structure)

Describes an AWS IoT policy.

policyName -> (string)

The policy name.

policyArn -> (string)

The policy ARN.

denied -> (structure)

The policies and statements that denied the specified action.

implicitDeny -> (structure)

Information that implicitly denies the authorization. When a policy doesn't explicitly deny or allow an action on a resource it is considered an implicit deny.

policies -> (list)

Policies that don't contain a matching allow or deny statement for the specified action on the specified resource.

(structure)

Describes an AWS IoT policy.

policyName -> (string)

The policy name.

policyArn -> (string)

The policy ARN.

explicitDeny -> (structure)

Information that explicitly denies the authorization.

policies -> (list)

The policies that denied the authorization.

(structure)

Describes an AWS IoT policy.

policyName -> (string)

The policy name.

policyArn -> (string)

The policy ARN.

authDecision -> (string)

The final authorization decision of this scenario. Multiple statements are taken into account when determining the authorization decision. An explicit deny statement can override multiple allow statements.

missingContextValues -> (list)

Contains any missing context values found while evaluating policy.

(string)