Built-in operators for Verified Access policies
When creating the context of an AWS Verified Access policy using various conditions, as discussed in
Verified Access policy statement
structure, you can use the
&&
operator to add additional conditions. There are also many other
built-in operators that you can use to add additional expressive power to your policy
conditions. The following table contains all the built-in operators for reference.
Operator | Types and overloads | Description |
---|---|---|
! |
Boolean → Boolean |
Logical not. |
== |
any → any |
Equality. Works on arguments of any type, even if the types don't match. Values of different types are never equal to each other. |
!= | any → any |
Inequality; the exact inverse of equality (see above). |
< |
(long, long) → Boolean |
Long integer less-than. |
<= |
(long, long) → Boolean |
Long integer less-than-or-equal-to. |
> |
(long, long) → Boolean |
Long integer greater-than. |
>= |
(long, long) → Boolean |
Long integer greater-than-or-equal-to. |
in | (entity, entity) → Boolean | Hierarchy membership (reflexive: A in A is always true). |
(entity, set(entity)) → Boolean | Hierarchy membership: A in [B, C, ...] is true if (A and B) || (A in C) || … error if the set contains a non-entity. | |
&& | (Boolean, Boolean) → Boolean |
Logical and (short-circuiting). |
|| | (Boolean, Boolean) → Boolean |
Logical or (short-circuiting). |
.exists() | entity → Boolean | Entity existence. |
has | (entity, attribute) → Boolean | Infix operator. e has f tests if the record or entity e
has a binding for the attribute f . Returns false if
e does not exist or if e does exist but doesn't have the
attribute f . Attributes can be expressed as identifiers or string
literals. |
like | (string, string) → Boolean | Infix operator. t like p checks if the text t matches
the pattern p , which may include wildcard characters * that
match 0 or more of any character. In order to match a literal star character in
t , you can use the special escaped character sequence \*
in p . |
.contains() | (set, any) → Boolean | Set membership (is B an element of A). |
.containsAll() | (set, set) → Boolean | Tests if set A contains all of the elements in set B. |
.containsAny() | (set, set) → Boolean | Tests if set A contains any of the elements in set B. |