You are viewing documentation for version 2 of the AWS SDK for Ruby. Version 3 documentation can be found here.
Class: Aws::IAM::Types::EvaluationResult
- Inherits:
-
Struct
- Object
- Struct
- Aws::IAM::Types::EvaluationResult
- Defined in:
- (unknown)
Overview
Contains the results of a simulation.
This data type is used by the return parameter of SimulateCustomPolicy
and SimulatePrincipalPolicy
.
Instance Attribute Summary collapse
-
#eval_action_name ⇒ String
The name of the API operation tested on the indicated resource.
-
#eval_decision ⇒ String
The result of the simulation.
-
#eval_decision_details ⇒ Hash<String,String>
Additional details about the results of the cross-account evaluation decision.
-
#eval_resource_name ⇒ String
The ARN of the resource that the indicated API operation was tested on.
-
#matched_statements ⇒ Array<Types::Statement>
A list of the statements in the input policies that determine the result for this scenario.
-
#missing_context_values ⇒ Array<String>
A list of context keys that are required by the included input policies but that were not provided by one of the input parameters.
-
#organizations_decision_detail ⇒ Types::OrganizationsDecisionDetail
A structure that details how Organizations and its service control policies affect the results of the simulation.
-
#permissions_boundary_decision_detail ⇒ Types::PermissionsBoundaryDecisionDetail
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
-
#resource_specific_results ⇒ Array<Types::ResourceSpecificResult>
The individual results of the simulation of the API operation specified in EvalActionName on each resource.
Instance Attribute Details
#eval_action_name ⇒ String
The name of the API operation tested on the indicated resource.
#eval_decision ⇒ String
The result of the simulation.
Possible values:
- allowed
- explicitDeny
- implicitDeny
#eval_decision_details ⇒ Hash<String,String>
Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and
includes a resource ARN, then the parameter is present but the response
is empty. If the simulation evaluates policies within the same account
and specifies all resources (*
), then the parameter is not returned.
When you make a cross-account request, AWS evaluates the request in the
trusting account and the trusted account. The request is allowed only if
both evaluations return true
. For more information about how policies
are evaluated, see Evaluating Policies Within a Single Account.
If an AWS Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
#eval_resource_name ⇒ String
The ARN of the resource that the indicated API operation was tested on.
#matched_statements ⇒ Array<Types::Statement>
A list of the statements in the input policies that determine the result for this scenario. Remember that even if multiple statements allow the operation on the resource, if only one statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
#missing_context_values ⇒ Array<String>
A list of context keys that are required by the included input policies
but that were not provided by one of the input parameters. This list is
used when the resource in a simulation is \"*\", either explicitly, or
when the ResourceArns
parameter blank. If you include a list of
resources, then any missing context values are instead included under
the ResourceSpecificResults
section. To discover the context keys used
by a set of policies, you can call GetContextKeysForCustomPolicy
or GetContextKeysForPrincipalPolicy.
#organizations_decision_detail ⇒ Types::OrganizationsDecisionDetail
A structure that details how Organizations and its service control policies affect the results of the simulation. Only applies if the simulated user\'s account is part of an organization.
#permissions_boundary_decision_detail ⇒ Types::PermissionsBoundaryDecisionDetail
Contains information about the effect that a permissions boundary has on a policy simulation when the boundary is applied to an IAM entity.
#resource_specific_results ⇒ Array<Types::ResourceSpecificResult>
The individual results of the simulation of the API operation specified in EvalActionName on each resource.