ꦫꦣꦺꦤ꧀ꦄꦤ꧀ꦠꦱꦺꦤ

PATH: usr / local / jetapps / var / lib / aws / lib / python2.7 / site-packages / awscli / examples / iam

**To simulate the effects of all IAM policies associated with an IAM user or role**

The following ``simulate-custom-policy`` shows how to provide both the policy and define variable values and simulate an API call to see if it is allowed or denied. The following example shows a policy that enables database access only after a specified date and time. The simulation succeeds because the simulated actions and the specified ``aws:CurrentTime`` variable all match the requirements of the policy. ::

aws iam simulate-custom-policy \
        --policy-input-list '{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"dynamodb:*","Resource":"*","Condition":{"DateGreaterThan":{"aws:CurrentTime":"2018-08-16T12:00:00Z"}}}}' \
        --action-names dynamodb:CreateBackup \
        --context-entries "ContextKeyName='aws:CurrentTime',ContextKeyValues='2019-04-25T11:00:00Z',ContextKeyType=date"

Output::

{
        "EvaluationResults": [
            {
                "EvalActionName": "dynamodb:CreateBackup",
                "EvalResourceName": "*",
                "EvalDecision": "allowed",
                "MatchedStatements": [
                    {
                        "SourcePolicyId": "PolicyInputList.1",
                        "StartPosition": {
                            "Line": 1,
                            "Column": 38
                        },
                        "EndPosition": {
                            "Line": 1,
                            "Column": 167
                        }
                    }
                ],
                "MissingContextValues": []
            }
        ]
    }

The following ``simulate-custom-policy`` example shows the results of simulating a command that is prohibited by the policy. In this example, the provided date is before that required by the policy's condition. ::

Output::

{
        "EvaluationResults": [
            {
                "EvalActionName": "dynamodb:CreateBackup",
                "EvalResourceName": "*",
                "EvalDecision": "implicitDeny",
                "MatchedStatements": [],
                "MissingContextValues": []
            }
        ]
    }

For more information, see `Testing IAM Policies with the IAM Policy Simulator`_ in the *AWS IAM User Guide*

.. _`Testing IAM Policies with the IAM Policy Simulator`: https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html

[+] ..
[-] delete-login-profile.rst [edit]
[-] create-virtual-mfa-device.rst [edit]
[-] get-user-policy.rst [edit]
[-] create-policy.rst [edit]
[-] enable-mfa-device.rst [edit]
[-] get-role-policy.rst [edit]
[-] delete-group.rst [edit]
[-] detach-user-policy.rst [edit]
[-] update-role.rst [edit]
[-] delete-account-alias.rst [edit]
[-] attach-role-policy.rst [edit]
[-] list-policy-versions.rst [edit]
[-] upload-ssh-public-key.rst [edit]
[-] get-account-authorization-details.rst [edit]
[-] create-policy-version.rst [edit]
[-] delete-saml-provider.rst [edit]
[-] resync-mfa-device.rst [edit]
[-] get-service-linked-role-deletion-status.rst [edit]
[-] list-user-policies.rst [edit]
[-] delete-policy.rst [edit]
[-] create-saml-provider.rst [edit]
[-] attach-group-policy.rst [edit]
[-] get-context-keys-for-custom-policy.rst [edit]
[-] list-access-keys.rst [edit]
[-] delete-ssh-public-key.rst [edit]
[-] create-user.rst [edit]
[-] set-default-policy-version.rst [edit]
[-] delete-instance-profile.rst [edit]
[-] list-ssh-public-keys.rst [edit]
[-] update-user.rst [edit]
[-] list-attached-group-policies.rst [edit]
[-] get-server-certificate.rst [edit]
[-] change-password.rst [edit]
[-] get-group.rst [edit]
[-] list-policies-granting-service-access.rst [edit]
[-] list-virtual-mfa-devices.rst [edit]
[-] simulate-custom-policy.rst [edit]
[-] tag-role.rst [edit]
[-] untag-user.rst [edit]
[-] get-policy-version.rst [edit]
[-] untag-role.rst [edit]
[-] update-saml-provider.rst [edit]
[-] put-group-policy.rst [edit]
[-] create-service-linked-role.rst [edit]
[-] create-role.rst [edit]
[-] get-context-keys-for-principal-policy.rst [edit]
[-] update-group.rst [edit]
[-] create-open-id-connect-provider.rst [edit]
[-] create-group.rst [edit]
[-] delete-virtual-mfa-device.rst [edit]
[+] wait
[-] list-roles.rst [edit]
[-] delete-role-policy.rst [edit]
[-] list-signing-certificates.rst [edit]
[-] delete-service-linked-role.rst [edit]
[-] list-users.rst [edit]
[-] reset-service-specific-credential.rst [edit]
[-] list-group-policies.rst [edit]
[-] update-server-certificate.rst [edit]
[-] simulate-principal-policy.rst [edit]
[-] list-account-aliases.rst [edit]
[-] list-entities-for-policy.rst [edit]
[-] detach-role-policy.rst [edit]
[-] attach-user-policy.rst [edit]
[-] delete-account-password-policy.rst [edit]
[-] delete-user-policy.rst [edit]
[-] get-access-key-last-used.rst [edit]
[-] put-user-policy.rst [edit]
[-] get-credential-report.rst [edit]
[-] delete-role.rst [edit]
[-] get-instance-profile.rst [edit]
[-] get-account-password-policy.rst [edit]
[-] delete-access-key.rst [edit]
[-] add-role-to-instance-profile.rst [edit]
[-] add-client-id-to-open-id-connect-provider.rst [edit]
[-] delete-open-id-connect-provider.rst [edit]
[-] list-instance-profiles.rst [edit]
[-] delete-policy-version.rst [edit]
[-] list-role-tags.rst [edit]
[-] delete-user.rst [edit]
[-] list-role-policies.rst [edit]
[-] put-role-policy.rst [edit]
[-] create-account-alias.rst [edit]
[-] update-signing-certificate.rst [edit]
[-] remove-client-id-from-open-id-connect-provider.rst [edit]
[-] get-saml-provider.rst [edit]
[-] update-account-password-policy.rst [edit]
[-] update-ssh-public-key.rst [edit]
[-] create-login-profile.rst [edit]
[-] get-role.rst [edit]
[-] generate-credential-report.rst [edit]
[-] detach-group-policy.rst [edit]
[-] delete-service-specific-credential.rst [edit]
[-] get-login-profile.rst [edit]
[-] delete-server-certificate.rst [edit]
[-] upload-server-certificate.rst [edit]
[-] list-groups-for-user.rst [edit]
[-] update-service-specific-credential.rst [edit]
[-] list-groups.rst [edit]
[-] add-user-to-group.rst [edit]
[-] list-mfa-devices.rst [edit]
[-] list-open-id-connect-providers.rst [edit]
[-] remove-role-from-instance-profile.rst [edit]
[-] list-saml-providers.rst [edit]
[-] get-policy.rst [edit]
[-] get-account-summary.rst [edit]
[-] list-service-specific-credential.rst [edit]
[-] remove-user-from-group.rst [edit]
[-] get-user.rst [edit]
[-] get-open-id-connect-provider.rst [edit]
[-] create-service-specific-credential.rst [edit]
[-] update-open-id-connect-provider-thumbprint.rst [edit]
[-] upload-signing-certificate.rst [edit]
[-] create-access-key.rst [edit]
[-] delete-group-policy.rst [edit]
[-] create-instance-profile.rst [edit]
[-] get-group-policy.rst [edit]
[-] update-assume-role-policy.rst [edit]
[-] deactivate-mfa-device.rst [edit]
[-] tag-user.rst [edit]
[-] get-ssh-public-key.rst [edit]
[-] delete-signing-certificate.rst [edit]
[-] list-instance-profiles-for-role.rst [edit]
[-] list-server-certificates.rst [edit]
[-] update-login-profile.rst [edit]
[-] update-access-key.rst [edit]
[-] update-role-description.rst [edit]
[-] list-attached-role-policies.rst [edit]
[-] list-policies.rst [edit]
[-] list-user-tags.rst [edit]
[-] list-attached-user-policies.rst [edit]