GetContextKeysForCustomPolicy
Gets a list of all of the context keys referenced in the input policies. The policies are supplied as a list of one or more strings. To get the context keys from policies associated with an IAM user, group, or role, use GetContextKeysForPrincipalPolicy.
Context keys are variables maintained by AWS and its services that provide details
about the context of an API query request. Context keys can be evaluated by testing
against a value specified in an IAM policy. Use
GetContextKeysForCustomPolicy
to understand what key names and values
you must supply when you call SimulateCustomPolicy. Note that all
parameters are shown in unencoded form here for clarity but must be URL encoded to be
included as a part of a real HTML request.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- PolicyInputList.member.N
-
A list of policies for which you want the list of context keys referenced in those policies. Each document is specified as a string containing the complete, valid JSON text of an IAM policy.
The regex pattern
used to validate this parameter is a string of characters consisting of the following: -
Any printable ASCII character ranging from the space character (
\u0020
) through the end of the ASCII character range -
The printable characters in the Basic Latin and Latin-1 Supplement character set (through
\u00FF
) -
The special characters tab (
\u0009
), line feed (\u000A
), and carriage return (\u000D
)
Type: Array of strings
Length Constraints: Minimum length of 1. Maximum length of 131072.
Pattern:
[\u0009\u000A\u000D\u0020-\u00FF]+
Required: Yes
-
Response Elements
The following element is returned by the service.
- ContextKeyNames.member.N
-
The list of context keys that are referenced in the input policies.
Type: Array of strings
Length Constraints: Minimum length of 5. Maximum length of 256.
Errors
For information about the errors that are common to all actions, see Common Errors.
- InvalidInput
-
The request was rejected because an invalid or out-of-range value was supplied for an input parameter.
HTTP Status Code: 400
Examples
Example 1
In the following example, the request includes a policy as a string. The
response shows that the policies use both aws:CurrentTime
and
aws:username
.
Sample Request
https://iam.amazonaws.com/?Action=GetContextKeysForCustomPolicy
&PolicyInputList.member.1='{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Action": "dynamodb:*",
"Resource": "arn:aws:dynamodb:us-east-2:ACCOUNT-ID-WITHOUT-HYPHENS:table/${aws:username}",
"Condition":{"DateGreaterThan":{"aws:CurrentTime":"2015-08-16T12:00:00Z"}}
}
}'
&Version=2010-05-08
&AUTHPARAMS
Sample Response
<GetContextKeysForCustomPolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<GetContextKeysForCustomPolicyResult>
<ContextKeyNames>
<member>aws:username</member>
<member>aws:CurrentTime</member>
</ContextKeyNames>
</GetContextKeysForCustomPolicyResult>
<ResponseMetadata>
<RequestId>d6808605-4c06-11e5-b121-bd8c7EXAMPLE</RequestId>
</ResponseMetadata>
</GetContextKeysForCustomPolicyResponse>
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: