Contains the result of the simulation of a single API operation call on a single resource.
This data type is used by a member of the EvaluationResult data type.
Contents
- EvalResourceDecision
-
The result of the simulation of the simulated API operation on the resource specified in
EvalResourceName.Type: String
Valid Values:
allowed | explicitDeny | implicitDenyRequired: Yes
- EvalResourceName
-
The name of the simulated resource, in Amazon Resource Name (ARN) format.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 2048.
Required: Yes
- EvalDecisionDetails
- EvalDecisionDetails.entry.N.key (key)
- EvalDecisionDetails.entry.N.value (value)
-
Additional details about the results of the evaluation decision on a single resource. This parameter is returned only for cross-account simulations. This parameter explains how each policy type contributes to the resource-specific evaluation decision.
Type: String to string map
Key Length Constraints: Minimum length of 3. Maximum length of 256.
Valid Values:
allowed | explicitDeny | implicitDenyRequired: No
- MatchedStatements.member.N
-
A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the operation on the resource, if any statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.
Type: Array of Statement objects
Required: No
- MissingContextValues.member.N
-
A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the
ResourceArnsparameter instead of "*". If you do not specify individual resources, by settingResourceArnsto "*" or by not including theResourceArnsparameter, then any missing context values are instead included under theEvaluationResultssection. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.Type: Array of strings
Length Constraints: Minimum length of 5. Maximum length of 256.
Required: No
- PermissionsBoundaryDecisionDetail
-
Contains information about the effect that a permissions boundary has on a policy simulation when that boundary is applied to an IAM entity.
Type: PermissionsBoundaryDecisionDetail object
Required: No
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
