Amazon Verified Permissions policy validation mode

You can set the policy validation mode in Verified Permissions to control whether policy changes are validated against the schema in your policy store.

Important

When you turn on policy validation, all attempts to create or update a policy or policy template are validated against the schema in the policy store. Verified Permissions rejects the request if validation fails.

AWS Management Console

To set the policy validation mode for a policy store

Open the Verified Permissions console at https://console.aws.amazon.com/verifiedpermissions/. Choose your policy store.
Choose Settings.
In the Policy validation mode section, choose Modify.
Do one of the following:
- To activate policy validation and enforce that all policy changes must be validated against your schema, choose the Strict (recommended) radio button.
- To turn off policy validation for policy changes, choose the Off radio button. Type confirm to confirm that updates to policies will no longer be validated against your schema.
Choose Save changes.

AWS CLI

To set the validation mode for a policy store

You can change the validation mode for a policy store by using the UpdatePolicyStore operation and specifying a different value for the ValidationSettings parameter.


$ aws verifiedpermissions update-policy-store \
    --validation-settings "mode=OFF",
    --policy-store-id PSEXAMPLEabcdefg111111
{
    "createdDate": "2023-05-17T18:36:10.134448+00:00",
    "lastUpdatedDate": "2023-05-17T18:36:10.134448+00:00",
    "policyStoreId": "PSEXAMPLEabcdefg111111",
    "validationSettings": {
        "Mode": "OFF"
    }
}

For more information, see Policy validation in the Cedar policy language Reference Guide.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Deleting a schema

Policies