Validate Policy
accessanalyzer_validate_policy | R Documentation |
Requests the validation of a policy and returns a list of findings¶
Description¶
Requests the validation of a policy and returns a list of findings. The findings help you identify issues and provide actionable recommendations to resolve the issue and enable you to author functional policies that meet security best practices.
Usage¶
accessanalyzer_validate_policy(locale, maxResults, nextToken,
policyDocument, policyType, validatePolicyResourceType)
Arguments¶
locale
The locale to use for localizing the findings.
maxResults
The maximum number of results to return in the response.
nextToken
A token used for pagination of results returned.
policyDocument
[required] The JSON policy document to use as the content for the policy.
policyType
[required] The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
Service control policies (SCPs) are a type of organization policy attached to an Amazon Web Services organization, organizational unit (OU), or an account.
validatePolicyResourceType
The type of resource to attach to your resource policy. Specify a value for the policy validation resource type only if the policy type is
RESOURCE_POLICY
. For example, to validate a resource policy to attach to an Amazon S3 bucket, you can chooseAWS::S3::Bucket
for the policy validation resource type.For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.
Value¶
A list with the following syntax:
list(
findings = list(
list(
findingDetails = "string",
findingType = "ERROR"|"SECURITY_WARNING"|"SUGGESTION"|"WARNING",
issueCode = "string",
learnMoreLink = "string",
locations = list(
list(
path = list(
list(
index = 123,
key = "string",
substring = list(
start = 123,
length = 123
),
value = "string"
)
),
span = list(
start = list(
line = 123,
column = 123,
offset = 123
),
end = list(
line = 123,
column = 123,
offset = 123
)
)
)
)
)
),
nextToken = "string"
)
Request syntax¶
svc$validate_policy(
locale = "DE"|"EN"|"ES"|"FR"|"IT"|"JA"|"KO"|"PT_BR"|"ZH_CN"|"ZH_TW",
maxResults = 123,
nextToken = "string",
policyDocument = "string",
policyType = "IDENTITY_POLICY"|"RESOURCE_POLICY"|"SERVICE_CONTROL_POLICY",
validatePolicyResourceType = "AWS::S3::Bucket"|"AWS::S3::AccessPoint"|"AWS::S3::MultiRegionAccessPoint"|"AWS::S3ObjectLambda::AccessPoint"|"AWS::IAM::AssumeRolePolicyDocument"|"AWS::DynamoDB::Table"
)