Policy Simulator tests using IAM IAM strategy

Others 2019-10-04 00:00:49 views: null

Use IAM Policy Simulator, you can test and troubleshoot the following ways of IAM and resource-based strategy:

  • Additional tests to your AWS IAM user account, group, or role-based policies. If multiple policies are attached to the user, group, or role, you can test all policies, you can choose a single policy for testing. You can test the operation which allow or reject a particular resource selected strategy.

  • Additional tests to AWS resources (such as Amazon S3 buckets, Amazon SQS queue, Amazon SNS topic or Amazon S3 Glacier file library) strategy.

  • If your account is AWS  AWS Organizations  members of the organization, you can test the service control policies (SCP) impact on your IAM strategy and resource strategy.

  • By not yet attached to the user, the new policy group or role type or copy into the simulator, to test these new strategies. These are only used in the simulation, it will not be saved. Note: You can not type a resource-based strategy or copied to the emulator. Strategies to be used in the simulator resource policy based, you must be related resources included in the simulation, and select the check box of the resources contained in the simulation.

  • Using selected services, operations and resource testing strategies. For example, you can pass the test to ensure that policy allows an entity to perform a specific bucket in the Amazon S3 service  ListAllMyBuckets, CreateBucket and  DeleteBucket operations.

  • By providing a key context (such as IP address or date, the policy contained in the test  Condition element) simulating real program.

  • Identify strategies lead to specific statements to allow or deny access to specific resources or operations.

  • IAM Policy Simulator works

    Simulator assessment strategies you choose, you specify for each operation to determine effective permissions. The same strategy used during the evaluation engine simulator uses real AWS service requests. Only in the following areas with different real AWS environment:

    • The emulator does not send out real AWS service requests, so you can safely test would not need to request changes in the real AWS environment.

    • Because the simulator does not simulate operation of the selected operation, it can not report any analog response request. The only result returned is requested operation is allowed or denied.

    • If you edit the policy within the simulator, the changes affect only the simulator. The appropriate policy for your AWS account remains unchanged.

    Use IAM Policy Simulator (AWS CLI and AWS API)

    Policy Simulator command usually need to call the API operation to do two things:

    1. Assess policy and return policy to reference the context of the key list. You need to know what the context of key references, in order to provide their values in the next step.

    2. Simulation strategy to provide operational, resource lists and context keys during the simulation.

    For security reasons, API operation has been divided into two groups:

    In both cases, API operations will simulate the effects of one or more policies on a list of actions and resources. Each operation paired with each resource, the resource strategy simulation will determine whether to allow or deny the operation. You can also key in any context of your policy provides a reference value. By first calling GetContextKeysForCustomPolicy or  GetContextKeysForPrincipalPolicy, you can get a list of key policy reference context. If you do not provide context keys, simulation will run. But the results may not be reliable, since the simulator can not be included in the assessment of the context key.

    Get context-sensitive keys list (AWS CLI, AWS API)

    Use the following command to evaluate the policy list, returns a list of key strategies in the context of use.

Guess you like

Origin www.cnblogs.com/cloudrivers/p/11620790.html
IAM
Recommended
The number of MaxKB GitHub Stars, an open source knowledge base question and answer system based on large language models, exceeded 5,000!
Ranking
Getting the basic concepts of ROS + catkin Profile
Spring Learning (2) --- Assembling Beans in the IoC Container
js to get the src attribute of the image regularly
STM32 is based on CubeIDE and HAL library basics entry study notes: Bluetooth WIFI STM32 connects to Alibaba Cloud
Short video learning - 3, pandas simple use of pivot_table
Print directory of project configuration log, output log
Understand the difference between vi and vim in Linux in 3 minutes
1 + x certificate Web front-end development HTML5 special exercises
mangodb save and insert the difference
7-1 Family tree processing (50 points) (binary tree solution)
Daily
More
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)

Code World

© 2018 codetd.com