Search (SHIFT+S)
ECS Management API
ECS Object Service API
-
Amazon S3
- S3 Bucket
- S3 Bucket ACL
- S3 Bucket Cors
- S3 Bucket Empty Status Operations
- S3 Bucket Is Stale Allowed
- S3 Bucket Lifecycle
- S3 Bucket List Fanout (Cloud DVR)
- S3 Bucket List Uploads
- S3 Bucket Location
- S3 Bucket Lock Configuration Operations
- S3 Bucket Object Lock Operations
- S3 Bucket Policy
- S3 Bucket Versioning
- S3 Bucket Versions
- S3 Data Node
- S3 Metadata Key List
- S3 Metadata Key System List
- S3 Metadata Search
- S3 Multi Object Delete
- S3 Object
- S3 Object ACL
- S3 Object Detailed Replication Status Operations
- S3 Object Init Uploads
- S3 Object Legal Hold Operations
- S3 Object Replication Info Operations
- S3 Object Retention Operations
- S3 Object Tagging Operations
- S3 Object Uploads
- S3 Options
- S3 Ping
- S3 Retention Update Operation
- S3 Select Operations
- EMC Atmos
- OpenStack Swift
ECS API Changes
Simulate Custom Policy
POST /iam?Action=SimulateCustomPolicy
Simulate a set of policies with a list of API operations and resources to determine the policies' effective permissions. If you specify a user, then the simulation also includes all of the policies that are attached to groups that the user belongs to.
Query Parameters
| CallerArn | The ARN of the IAM user that you want to specify as the simulated caller of the API operations. |
| ActionNames | A list of names of API operations to evaluate in the simulation. |
| PolicyInputList | An optional list of additional policy documents to include in the simulation. |
| PermissionsBoundaryPolicyInputList | An optional list of additional PermissionBoundaryPolicy documents to include in the simulation. Only 1 is allowed. |
| ContextEntries | A list of context keys and corresponding values for the simulation to use. |
| Marker | Marker is obtained from paginated response from the previous query. Use this only if the response indicates it is truncated. |
| MaxItems | Indicates the maximum number of elements to be returned in the response. |
Required Roles
This call has no restrictions.
Request Payload
No Request Payload
Response Body
No Response Body
Examples
Request
NOTE: Policy must be encoded
https://192.168.0.0::4443/iam?Action=SimulateCustomPolicy
&ActionNames.member.1=s3:ListBucket
&ResourceArns.member.1="arn:aws:s3:::teambucket"
&PolicyInputList.member.1='{
"Version":"2012-10-17",
"Statement":{
"Effect":"Allow",
"Action":"s3:*",
"Resource":"*"
}
}'
&CallerArn=urn:ecs:iam::s3:user/test
&ResourcePolicy='{
"Version":"2012-10-17",
"Statement":{
"Principal":"*",
"Effect":"Allow",
"Action":"s3:ListBucket",
"Resource":"arn:aws:s3:::teambucket"
}
}
Accept: appliction/json
X-SDS-AUTH-TOKEN: <AUTH_TOKEN>
x-emc-namespace: <namespace>
Response
HTTP/1.1 200 OK
Content-Type: application/json
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<SimulateCustomPolicyResponse>
<SimulateCustomPolicyResult>
<IsTruncated>false</IsTruncated>
<EvaluationResults>
<member>
<MatchedStatements>
<member>
<SourcePolicyId>p1</SourcePolicyId>
</member>
<member>
<SourcePolicyId>Resource Policy</SourcePolicyId>
</member>
</MatchedStatements>
<MissingContextValues/>
<EvalResourceName>arn:aws:s3:::teambucket</EvalResourceName>
<EvalDecision>allowed</EvalDecision>
<EvalActionName>s3:ListBucket</EvalActionName>
<ResourceSpecificResults>
<member>
<MatchedStatements>
<member>
<SourcePolicyId>p1</SourcePolicyId>
</member>
<member>
<SourcePolicyId>Resource Policy</SourcePolicyId>
</member>
</MatchedStatements>
<MissingContextValues/>
<EvalResourceName>arn:aws:s3:::teambucket</EvalResourceName>
<EvalResourceDecision>allowed</EvalResourceDecision>
</member>
</ResourceSpecificResults>
</member>
</EvaluationResults>
</SimulateCustomPolicyResult>
<ResponseMetadata>
<RequestId>0af9f5b8:17178fe9282:1086d:0</RequestId>
</ResponseMetadata>
</SimulateCustomPolicyResponse>