/** * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * SPDX-License-Identifier: Apache-2.0. */ #pragma once #include #include #include #include #include #include #include #include #include #include #include namespace Aws { namespace Utils { namespace Xml { class XmlNode; } // namespace Xml } // namespace Utils namespace IAM { namespace Model { /** *

Contains the results of a simulation.

This data type is used by the * return parameter of SimulateCustomPolicy and * SimulatePrincipalPolicy .

See Also:

AWS * API Reference

*/ class EvaluationResult { public: AWS_IAM_API EvaluationResult(); AWS_IAM_API EvaluationResult(const Aws::Utils::Xml::XmlNode& xmlNode); AWS_IAM_API EvaluationResult& operator=(const Aws::Utils::Xml::XmlNode& xmlNode); AWS_IAM_API void OutputToStream(Aws::OStream& ostream, const char* location, unsigned index, const char* locationValue) const; AWS_IAM_API void OutputToStream(Aws::OStream& oStream, const char* location) const; /** *

The name of the API operation tested on the indicated resource.

*/ inline const Aws::String& GetEvalActionName() const{ return m_evalActionName; } /** *

The name of the API operation tested on the indicated resource.

*/ inline bool EvalActionNameHasBeenSet() const { return m_evalActionNameHasBeenSet; } /** *

The name of the API operation tested on the indicated resource.

*/ inline void SetEvalActionName(const Aws::String& value) { m_evalActionNameHasBeenSet = true; m_evalActionName = value; } /** *

The name of the API operation tested on the indicated resource.

*/ inline void SetEvalActionName(Aws::String&& value) { m_evalActionNameHasBeenSet = true; m_evalActionName = std::move(value); } /** *

The name of the API operation tested on the indicated resource.

*/ inline void SetEvalActionName(const char* value) { m_evalActionNameHasBeenSet = true; m_evalActionName.assign(value); } /** *

The name of the API operation tested on the indicated resource.

*/ inline EvaluationResult& WithEvalActionName(const Aws::String& value) { SetEvalActionName(value); return *this;} /** *

The name of the API operation tested on the indicated resource.

*/ inline EvaluationResult& WithEvalActionName(Aws::String&& value) { SetEvalActionName(std::move(value)); return *this;} /** *

The name of the API operation tested on the indicated resource.

*/ inline EvaluationResult& WithEvalActionName(const char* value) { SetEvalActionName(value); return *this;} /** *

The ARN of the resource that the indicated API operation was tested on.

*/ inline const Aws::String& GetEvalResourceName() const{ return m_evalResourceName; } /** *

The ARN of the resource that the indicated API operation was tested on.

*/ inline bool EvalResourceNameHasBeenSet() const { return m_evalResourceNameHasBeenSet; } /** *

The ARN of the resource that the indicated API operation was tested on.

*/ inline void SetEvalResourceName(const Aws::String& value) { m_evalResourceNameHasBeenSet = true; m_evalResourceName = value; } /** *

The ARN of the resource that the indicated API operation was tested on.

*/ inline void SetEvalResourceName(Aws::String&& value) { m_evalResourceNameHasBeenSet = true; m_evalResourceName = std::move(value); } /** *

The ARN of the resource that the indicated API operation was tested on.

*/ inline void SetEvalResourceName(const char* value) { m_evalResourceNameHasBeenSet = true; m_evalResourceName.assign(value); } /** *

The ARN of the resource that the indicated API operation was tested on.

*/ inline EvaluationResult& WithEvalResourceName(const Aws::String& value) { SetEvalResourceName(value); return *this;} /** *

The ARN of the resource that the indicated API operation was tested on.

*/ inline EvaluationResult& WithEvalResourceName(Aws::String&& value) { SetEvalResourceName(std::move(value)); return *this;} /** *

The ARN of the resource that the indicated API operation was tested on.

*/ inline EvaluationResult& WithEvalResourceName(const char* value) { SetEvalResourceName(value); return *this;} /** *

The result of the simulation.

*/ inline const PolicyEvaluationDecisionType& GetEvalDecision() const{ return m_evalDecision; } /** *

The result of the simulation.

*/ inline bool EvalDecisionHasBeenSet() const { return m_evalDecisionHasBeenSet; } /** *

The result of the simulation.

*/ inline void SetEvalDecision(const PolicyEvaluationDecisionType& value) { m_evalDecisionHasBeenSet = true; m_evalDecision = value; } /** *

The result of the simulation.

*/ inline void SetEvalDecision(PolicyEvaluationDecisionType&& value) { m_evalDecisionHasBeenSet = true; m_evalDecision = std::move(value); } /** *

The result of the simulation.

*/ inline EvaluationResult& WithEvalDecision(const PolicyEvaluationDecisionType& value) { SetEvalDecision(value); return *this;} /** *

The result of the simulation.

*/ inline EvaluationResult& WithEvalDecision(PolicyEvaluationDecisionType&& value) { SetEvalDecision(std::move(value)); return *this;} /** *

A list of the statements in the input policies that determine the result for * this scenario. Remember that even if multiple statements allow the operation on * the resource, if only one statement denies that operation, then the explicit * deny overrides any allow. In addition, the deny statement is the only entry * included in the result.

*/ inline const Aws::Vector& GetMatchedStatements() const{ return m_matchedStatements; } /** *

A list of the statements in the input policies that determine the result for * this scenario. Remember that even if multiple statements allow the operation on * the resource, if only one statement denies that operation, then the explicit * deny overrides any allow. In addition, the deny statement is the only entry * included in the result.

*/ inline bool MatchedStatementsHasBeenSet() const { return m_matchedStatementsHasBeenSet; } /** *

A list of the statements in the input policies that determine the result for * this scenario. Remember that even if multiple statements allow the operation on * the resource, if only one statement denies that operation, then the explicit * deny overrides any allow. In addition, the deny statement is the only entry * included in the result.

*/ inline void SetMatchedStatements(const Aws::Vector& value) { m_matchedStatementsHasBeenSet = true; m_matchedStatements = value; } /** *

A list of the statements in the input policies that determine the result for * this scenario. Remember that even if multiple statements allow the operation on * the resource, if only one statement denies that operation, then the explicit * deny overrides any allow. In addition, the deny statement is the only entry * included in the result.

*/ inline void SetMatchedStatements(Aws::Vector&& value) { m_matchedStatementsHasBeenSet = true; m_matchedStatements = std::move(value); } /** *

A list of the statements in the input policies that determine the result for * this scenario. Remember that even if multiple statements allow the operation on * the resource, if only one statement denies that operation, then the explicit * deny overrides any allow. In addition, the deny statement is the only entry * included in the result.

*/ inline EvaluationResult& WithMatchedStatements(const Aws::Vector& value) { SetMatchedStatements(value); return *this;} /** *

A list of the statements in the input policies that determine the result for * this scenario. Remember that even if multiple statements allow the operation on * the resource, if only one statement denies that operation, then the explicit * deny overrides any allow. In addition, the deny statement is the only entry * included in the result.

*/ inline EvaluationResult& WithMatchedStatements(Aws::Vector&& value) { SetMatchedStatements(std::move(value)); return *this;} /** *

A list of the statements in the input policies that determine the result for * this scenario. Remember that even if multiple statements allow the operation on * the resource, if only one statement denies that operation, then the explicit * deny overrides any allow. In addition, the deny statement is the only entry * included in the result.

*/ inline EvaluationResult& AddMatchedStatements(const Statement& value) { m_matchedStatementsHasBeenSet = true; m_matchedStatements.push_back(value); return *this; } /** *

A list of the statements in the input policies that determine the result for * this scenario. Remember that even if multiple statements allow the operation on * the resource, if only one statement denies that operation, then the explicit * deny overrides any allow. In addition, the deny statement is the only entry * included in the result.

*/ inline EvaluationResult& AddMatchedStatements(Statement&& value) { m_matchedStatementsHasBeenSet = true; m_matchedStatements.push_back(std::move(value)); return *this; } /** *

A list of context keys that are required by the included input policies but * that were not provided by one of the input parameters. This list is used when * the resource in a simulation is "*", either explicitly, or when the * ResourceArns parameter blank. If you include a list of resources, * then any missing context values are instead included under the * ResourceSpecificResults section. To discover the context keys used * by a set of policies, you can call GetContextKeysForCustomPolicy or * GetContextKeysForPrincipalPolicy.

*/ inline const Aws::Vector& GetMissingContextValues() const{ return m_missingContextValues; } /** *

A list of context keys that are required by the included input policies but * that were not provided by one of the input parameters. This list is used when * the resource in a simulation is "*", either explicitly, or when the * ResourceArns parameter blank. If you include a list of resources, * then any missing context values are instead included under the * ResourceSpecificResults section. To discover the context keys used * by a set of policies, you can call GetContextKeysForCustomPolicy or * GetContextKeysForPrincipalPolicy.

*/ inline bool MissingContextValuesHasBeenSet() const { return m_missingContextValuesHasBeenSet; } /** *

A list of context keys that are required by the included input policies but * that were not provided by one of the input parameters. This list is used when * the resource in a simulation is "*", either explicitly, or when the * ResourceArns parameter blank. If you include a list of resources, * then any missing context values are instead included under the * ResourceSpecificResults section. To discover the context keys used * by a set of policies, you can call GetContextKeysForCustomPolicy or * GetContextKeysForPrincipalPolicy.

*/ inline void SetMissingContextValues(const Aws::Vector& value) { m_missingContextValuesHasBeenSet = true; m_missingContextValues = value; } /** *

A list of context keys that are required by the included input policies but * that were not provided by one of the input parameters. This list is used when * the resource in a simulation is "*", either explicitly, or when the * ResourceArns parameter blank. If you include a list of resources, * then any missing context values are instead included under the * ResourceSpecificResults section. To discover the context keys used * by a set of policies, you can call GetContextKeysForCustomPolicy or * GetContextKeysForPrincipalPolicy.

*/ inline void SetMissingContextValues(Aws::Vector&& value) { m_missingContextValuesHasBeenSet = true; m_missingContextValues = std::move(value); } /** *

A list of context keys that are required by the included input policies but * that were not provided by one of the input parameters. This list is used when * the resource in a simulation is "*", either explicitly, or when the * ResourceArns parameter blank. If you include a list of resources, * then any missing context values are instead included under the * ResourceSpecificResults section. To discover the context keys used * by a set of policies, you can call GetContextKeysForCustomPolicy or * GetContextKeysForPrincipalPolicy.

*/ inline EvaluationResult& WithMissingContextValues(const Aws::Vector& value) { SetMissingContextValues(value); return *this;} /** *

A list of context keys that are required by the included input policies but * that were not provided by one of the input parameters. This list is used when * the resource in a simulation is "*", either explicitly, or when the * ResourceArns parameter blank. If you include a list of resources, * then any missing context values are instead included under the * ResourceSpecificResults section. To discover the context keys used * by a set of policies, you can call GetContextKeysForCustomPolicy or * GetContextKeysForPrincipalPolicy.

*/ inline EvaluationResult& WithMissingContextValues(Aws::Vector&& value) { SetMissingContextValues(std::move(value)); return *this;} /** *

A list of context keys that are required by the included input policies but * that were not provided by one of the input parameters. This list is used when * the resource in a simulation is "*", either explicitly, or when the * ResourceArns parameter blank. If you include a list of resources, * then any missing context values are instead included under the * ResourceSpecificResults section. To discover the context keys used * by a set of policies, you can call GetContextKeysForCustomPolicy or * GetContextKeysForPrincipalPolicy.

*/ inline EvaluationResult& AddMissingContextValues(const Aws::String& value) { m_missingContextValuesHasBeenSet = true; m_missingContextValues.push_back(value); return *this; } /** *

A list of context keys that are required by the included input policies but * that were not provided by one of the input parameters. This list is used when * the resource in a simulation is "*", either explicitly, or when the * ResourceArns parameter blank. If you include a list of resources, * then any missing context values are instead included under the * ResourceSpecificResults section. To discover the context keys used * by a set of policies, you can call GetContextKeysForCustomPolicy or * GetContextKeysForPrincipalPolicy.

*/ inline EvaluationResult& AddMissingContextValues(Aws::String&& value) { m_missingContextValuesHasBeenSet = true; m_missingContextValues.push_back(std::move(value)); return *this; } /** *

A list of context keys that are required by the included input policies but * that were not provided by one of the input parameters. This list is used when * the resource in a simulation is "*", either explicitly, or when the * ResourceArns parameter blank. If you include a list of resources, * then any missing context values are instead included under the * ResourceSpecificResults section. To discover the context keys used * by a set of policies, you can call GetContextKeysForCustomPolicy or * GetContextKeysForPrincipalPolicy.

*/ inline EvaluationResult& AddMissingContextValues(const char* value) { m_missingContextValuesHasBeenSet = true; m_missingContextValues.push_back(value); return *this; } /** *

A structure that details how Organizations and its service control policies * affect the results of the simulation. Only applies if the simulated user's * account is part of an organization.

*/ inline const OrganizationsDecisionDetail& GetOrganizationsDecisionDetail() const{ return m_organizationsDecisionDetail; } /** *

A structure that details how Organizations and its service control policies * affect the results of the simulation. Only applies if the simulated user's * account is part of an organization.

*/ inline bool OrganizationsDecisionDetailHasBeenSet() const { return m_organizationsDecisionDetailHasBeenSet; } /** *

A structure that details how Organizations and its service control policies * affect the results of the simulation. Only applies if the simulated user's * account is part of an organization.

*/ inline void SetOrganizationsDecisionDetail(const OrganizationsDecisionDetail& value) { m_organizationsDecisionDetailHasBeenSet = true; m_organizationsDecisionDetail = value; } /** *

A structure that details how Organizations and its service control policies * affect the results of the simulation. Only applies if the simulated user's * account is part of an organization.

*/ inline void SetOrganizationsDecisionDetail(OrganizationsDecisionDetail&& value) { m_organizationsDecisionDetailHasBeenSet = true; m_organizationsDecisionDetail = std::move(value); } /** *

A structure that details how Organizations and its service control policies * affect the results of the simulation. Only applies if the simulated user's * account is part of an organization.

*/ inline EvaluationResult& WithOrganizationsDecisionDetail(const OrganizationsDecisionDetail& value) { SetOrganizationsDecisionDetail(value); return *this;} /** *

A structure that details how Organizations and its service control policies * affect the results of the simulation. Only applies if the simulated user's * account is part of an organization.

*/ inline EvaluationResult& WithOrganizationsDecisionDetail(OrganizationsDecisionDetail&& value) { SetOrganizationsDecisionDetail(std::move(value)); return *this;} /** *

Contains information about the effect that a permissions boundary has on a * policy simulation when the boundary is applied to an IAM entity.

*/ inline const PermissionsBoundaryDecisionDetail& GetPermissionsBoundaryDecisionDetail() const{ return m_permissionsBoundaryDecisionDetail; } /** *

Contains information about the effect that a permissions boundary has on a * policy simulation when the boundary is applied to an IAM entity.

*/ inline bool PermissionsBoundaryDecisionDetailHasBeenSet() const { return m_permissionsBoundaryDecisionDetailHasBeenSet; } /** *

Contains information about the effect that a permissions boundary has on a * policy simulation when the boundary is applied to an IAM entity.

*/ inline void SetPermissionsBoundaryDecisionDetail(const PermissionsBoundaryDecisionDetail& value) { m_permissionsBoundaryDecisionDetailHasBeenSet = true; m_permissionsBoundaryDecisionDetail = value; } /** *

Contains information about the effect that a permissions boundary has on a * policy simulation when the boundary is applied to an IAM entity.

*/ inline void SetPermissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail&& value) { m_permissionsBoundaryDecisionDetailHasBeenSet = true; m_permissionsBoundaryDecisionDetail = std::move(value); } /** *

Contains information about the effect that a permissions boundary has on a * policy simulation when the boundary is applied to an IAM entity.

*/ inline EvaluationResult& WithPermissionsBoundaryDecisionDetail(const PermissionsBoundaryDecisionDetail& value) { SetPermissionsBoundaryDecisionDetail(value); return *this;} /** *

Contains information about the effect that a permissions boundary has on a * policy simulation when the boundary is applied to an IAM entity.

*/ inline EvaluationResult& WithPermissionsBoundaryDecisionDetail(PermissionsBoundaryDecisionDetail&& value) { SetPermissionsBoundaryDecisionDetail(std::move(value)); return *this;} /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline const Aws::Map& GetEvalDecisionDetails() const{ return m_evalDecisionDetails; } /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline bool EvalDecisionDetailsHasBeenSet() const { return m_evalDecisionDetailsHasBeenSet; } /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline void SetEvalDecisionDetails(const Aws::Map& value) { m_evalDecisionDetailsHasBeenSet = true; m_evalDecisionDetails = value; } /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline void SetEvalDecisionDetails(Aws::Map&& value) { m_evalDecisionDetailsHasBeenSet = true; m_evalDecisionDetails = std::move(value); } /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline EvaluationResult& WithEvalDecisionDetails(const Aws::Map& value) { SetEvalDecisionDetails(value); return *this;} /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline EvaluationResult& WithEvalDecisionDetails(Aws::Map&& value) { SetEvalDecisionDetails(std::move(value)); return *this;} /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline EvaluationResult& AddEvalDecisionDetails(const Aws::String& key, const PolicyEvaluationDecisionType& value) { m_evalDecisionDetailsHasBeenSet = true; m_evalDecisionDetails.emplace(key, value); return *this; } /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline EvaluationResult& AddEvalDecisionDetails(Aws::String&& key, const PolicyEvaluationDecisionType& value) { m_evalDecisionDetailsHasBeenSet = true; m_evalDecisionDetails.emplace(std::move(key), value); return *this; } /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline EvaluationResult& AddEvalDecisionDetails(const Aws::String& key, PolicyEvaluationDecisionType&& value) { m_evalDecisionDetailsHasBeenSet = true; m_evalDecisionDetails.emplace(key, std::move(value)); return *this; } /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline EvaluationResult& AddEvalDecisionDetails(Aws::String&& key, PolicyEvaluationDecisionType&& value) { m_evalDecisionDetailsHasBeenSet = true; m_evalDecisionDetails.emplace(std::move(key), std::move(value)); return *this; } /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline EvaluationResult& AddEvalDecisionDetails(const char* key, PolicyEvaluationDecisionType&& value) { m_evalDecisionDetailsHasBeenSet = true; m_evalDecisionDetails.emplace(key, std::move(value)); return *this; } /** *

Additional details about the results of the cross-account evaluation * decision. This parameter is populated for only cross-account simulations. It * contains a brief summary of how each policy type contributes to the final * evaluation decision.

If the simulation evaluates policies within the same * account and includes a resource ARN, then the parameter is present but the * response is empty. If the simulation evaluates policies within the same account * and specifies all resources (*), then the parameter is not * returned.

When you make a cross-account request, Amazon Web Services * evaluates the request in the trusting account and the trusted account. The * request is allowed only if both evaluations return true. For more * information about how policies are evaluated, see Evaluating * policies within a single account.

If an Organizations SCP included in * the evaluation denies access, the simulation ends. In this case, policy * evaluation does not proceed any further and this parameter is not returned.

*/ inline EvaluationResult& AddEvalDecisionDetails(const char* key, const PolicyEvaluationDecisionType& value) { m_evalDecisionDetailsHasBeenSet = true; m_evalDecisionDetails.emplace(key, value); return *this; } /** *

The individual results of the simulation of the API operation specified in * EvalActionName on each resource.

*/ inline const Aws::Vector& GetResourceSpecificResults() const{ return m_resourceSpecificResults; } /** *

The individual results of the simulation of the API operation specified in * EvalActionName on each resource.

*/ inline bool ResourceSpecificResultsHasBeenSet() const { return m_resourceSpecificResultsHasBeenSet; } /** *

The individual results of the simulation of the API operation specified in * EvalActionName on each resource.

*/ inline void SetResourceSpecificResults(const Aws::Vector& value) { m_resourceSpecificResultsHasBeenSet = true; m_resourceSpecificResults = value; } /** *

The individual results of the simulation of the API operation specified in * EvalActionName on each resource.

*/ inline void SetResourceSpecificResults(Aws::Vector&& value) { m_resourceSpecificResultsHasBeenSet = true; m_resourceSpecificResults = std::move(value); } /** *

The individual results of the simulation of the API operation specified in * EvalActionName on each resource.

*/ inline EvaluationResult& WithResourceSpecificResults(const Aws::Vector& value) { SetResourceSpecificResults(value); return *this;} /** *

The individual results of the simulation of the API operation specified in * EvalActionName on each resource.

*/ inline EvaluationResult& WithResourceSpecificResults(Aws::Vector&& value) { SetResourceSpecificResults(std::move(value)); return *this;} /** *

The individual results of the simulation of the API operation specified in * EvalActionName on each resource.

*/ inline EvaluationResult& AddResourceSpecificResults(const ResourceSpecificResult& value) { m_resourceSpecificResultsHasBeenSet = true; m_resourceSpecificResults.push_back(value); return *this; } /** *

The individual results of the simulation of the API operation specified in * EvalActionName on each resource.

*/ inline EvaluationResult& AddResourceSpecificResults(ResourceSpecificResult&& value) { m_resourceSpecificResultsHasBeenSet = true; m_resourceSpecificResults.push_back(std::move(value)); return *this; } private: Aws::String m_evalActionName; bool m_evalActionNameHasBeenSet = false; Aws::String m_evalResourceName; bool m_evalResourceNameHasBeenSet = false; PolicyEvaluationDecisionType m_evalDecision; bool m_evalDecisionHasBeenSet = false; Aws::Vector m_matchedStatements; bool m_matchedStatementsHasBeenSet = false; Aws::Vector m_missingContextValues; bool m_missingContextValuesHasBeenSet = false; OrganizationsDecisionDetail m_organizationsDecisionDetail; bool m_organizationsDecisionDetailHasBeenSet = false; PermissionsBoundaryDecisionDetail m_permissionsBoundaryDecisionDetail; bool m_permissionsBoundaryDecisionDetailHasBeenSet = false; Aws::Map m_evalDecisionDetails; bool m_evalDecisionDetailsHasBeenSet = false; Aws::Vector m_resourceSpecificResults; bool m_resourceSpecificResultsHasBeenSet = false; }; } // namespace Model } // namespace IAM } // namespace Aws