Documentation

Contains the result of the simulation of a single API operation call on a single resource.

This data type is used by a member of the EvaluationResult data type.

See: newResourceSpecificResult smart constructor.

Create a value of ResourceSpecificResult with all optional fields omitted.

Use generic-lens or optics to modify other optional fields.

The following record fields are available, with the corresponding lenses provided for backwards compatibility:

$sel:evalDecisionDetails:ResourceSpecificResult', resourceSpecificResult_evalDecisionDetails - Additional details about the results of the evaluation decision on a single resource. This parameter is returned only for cross-account simulations. This parameter explains how each policy type contributes to the resource-specific evaluation decision.

$sel:matchedStatements:ResourceSpecificResult', resourceSpecificResult_matchedStatements - A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the operation on the resource, if any statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.

$sel:missingContextValues:ResourceSpecificResult', resourceSpecificResult_missingContextValues - A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter instead of "*". If you do not specify individual resources, by setting ResourceArns to "*" or by not including the ResourceArns parameter, then any missing context values are instead included under the EvaluationResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

$sel:permissionsBoundaryDecisionDetail:ResourceSpecificResult', resourceSpecificResult_permissionsBoundaryDecisionDetail - Contains information about the effect that a permissions boundary has on a policy simulation when that boundary is applied to an IAM entity.

$sel:evalResourceName:ResourceSpecificResult', resourceSpecificResult_evalResourceName - The name of the simulated resource, in Amazon Resource Name (ARN) format.

$sel:evalResourceDecision:ResourceSpecificResult', resourceSpecificResult_evalResourceDecision - The result of the simulation of the simulated API operation on the resource specified in EvalResourceName.

Additional details about the results of the evaluation decision on a single resource. This parameter is returned only for cross-account simulations. This parameter explains how each policy type contributes to the resource-specific evaluation decision.

A list of the statements in the input policies that determine the result for this part of the simulation. Remember that even if multiple statements allow the operation on the resource, if any statement denies that operation, then the explicit deny overrides any allow. In addition, the deny statement is the only entry included in the result.

A list of context keys that are required by the included input policies but that were not provided by one of the input parameters. This list is used when a list of ARNs is included in the ResourceArns parameter instead of "*". If you do not specify individual resources, by setting ResourceArns to "*" or by not including the ResourceArns parameter, then any missing context values are instead included under the EvaluationResults section. To discover the context keys used by a set of policies, you can call GetContextKeysForCustomPolicy or GetContextKeysForPrincipalPolicy.

Contains information about the effect that a permissions boundary has on a policy simulation when that boundary is applied to an IAM entity.

The name of the simulated resource, in Amazon Resource Name (ARN) format.

The result of the simulation of the simulated API operation on the resource specified in EvalResourceName.