/* * Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved. * * Licensed under the Apache License, Version 2.0 (the "License"). * You may not use this file except in compliance with the License. * A copy of the License is located at * * http://aws.amazon.com/apache2.0 * * or in the "license" file accompanying this file. This file is distributed * on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either * express or implied. See the License for the specific language governing * permissions and limitations under the License. */ /* * Do not modify this file. This file is generated from the iam-2010-05-08.normal.json service model. */ using System; using System.Collections.Generic; using System.Xml.Serialization; using System.Text; using System.IO; using System.Net; using Amazon.Runtime; using Amazon.Runtime.Internal; namespace Amazon.IdentityManagement.Model { /// /// Container for the parameters to the SimulateCustomPolicy operation. /// Simulate how a set of IAM policies and optionally a resource-based policy works with /// a list of API operations and Amazon Web Services resources to determine the policies' /// effective permissions. The policies are provided as strings. /// /// /// /// The simulation does not perform the API operations; it only checks the authorization /// to determine if the simulated policies allow or deny the operations. You can simulate /// resources that don't exist in your account. /// /// /// /// If you want to simulate existing policies that are attached to an IAM user, group, /// or role, use SimulatePrincipalPolicy instead. /// /// /// /// Context keys are variables that are maintained by Amazon Web Services and its services /// and which provide details about the context of an API query request. You can use the /// Condition element of an IAM policy to evaluate context keys. To get the /// list of context keys that the policies require for correct simulation, use GetContextKeysForCustomPolicy. /// /// /// /// If the output is long, you can use MaxItems and Marker parameters /// to paginate the results. /// /// /// /// The IAM policy simulator evaluates statements in the identity-based policy and the /// inputs that you provide during simulation. The policy simulator results can differ /// from your live Amazon Web Services environment. We recommend that you check your policies /// against your live Amazon Web Services environment after testing using the policy simulator /// to confirm that you have the desired results. For more information about using the /// policy simulator, see Testing /// IAM policies with the IAM policy simulator in the IAM User Guide. /// /// /// public partial class SimulateCustomPolicyRequest : AmazonIdentityManagementServiceRequest { private List _actionNames = new List(); private string _callerArn; private List _contextEntries = new List(); private string _marker; private int? _maxItems; private List _permissionsBoundaryPolicyInputList = new List(); private List _policyInputList = new List(); private List _resourceArns = new List(); private string _resourceHandlingOption; private string _resourceOwner; private string _resourcePolicy; /// /// Gets and sets the property ActionNames. /// /// A list of names of API operations to evaluate in the simulation. Each operation is /// evaluated against each resource. Each operation must include the service identifier, /// such as iam:CreateUser. This operation does not support using wildcards /// (*) in an action name. /// /// [AWSProperty(Required=true)] public List ActionNames { get { return this._actionNames; } set { this._actionNames = value; } } // Check to see if ActionNames property is set internal bool IsSetActionNames() { return this._actionNames != null && this._actionNames.Count > 0; } /// /// Gets and sets the property CallerArn. /// /// The ARN of the IAM user that you want to use as the simulated caller of the API operations. /// CallerArn is required if you include a ResourcePolicy so /// that the policy's Principal element has a value to use in evaluating /// the policy. /// /// /// /// You can specify only the ARN of an IAM user. You cannot specify the ARN of an assumed /// role, federated user, or a service principal. /// /// [AWSProperty(Min=1, Max=2048)] public string CallerArn { get { return this._callerArn; } set { this._callerArn = value; } } // Check to see if CallerArn property is set internal bool IsSetCallerArn() { return this._callerArn != null; } /// /// Gets and sets the property ContextEntries. /// /// A list of context keys and corresponding values for the simulation to use. Whenever /// a context key is evaluated in one of the simulated IAM permissions policies, the corresponding /// value is supplied. /// /// public List ContextEntries { get { return this._contextEntries; } set { this._contextEntries = value; } } // Check to see if ContextEntries property is set internal bool IsSetContextEntries() { return this._contextEntries != null && this._contextEntries.Count > 0; } /// /// Gets and sets the property Marker. /// /// Use this parameter only when paginating results and only after you receive a response /// indicating that the results are truncated. Set it to the value of the Marker /// element in the response that you received to indicate where the next call should start. /// /// [AWSProperty(Min=1, Max=320)] public string Marker { get { return this._marker; } set { this._marker = value; } } // Check to see if Marker property is set internal bool IsSetMarker() { return this._marker != null; } /// /// Gets and sets the property MaxItems. /// /// Use this only when paginating results to indicate the maximum number of items you /// want in the response. If additional items exist beyond the maximum you specify, the /// IsTruncated response element is true. /// /// /// /// If you do not include this parameter, the number of items defaults to 100. Note that /// IAM might return fewer results, even when there are more results available. In that /// case, the IsTruncated response element returns true, and /// Marker contains a value to include in the subsequent call that tells /// the service where to continue from. /// /// [AWSProperty(Min=1, Max=1000)] public int MaxItems { get { return this._maxItems.GetValueOrDefault(); } set { this._maxItems = value; } } // Check to see if MaxItems property is set internal bool IsSetMaxItems() { return this._maxItems.HasValue; } /// /// Gets and sets the property PermissionsBoundaryPolicyInputList. /// /// The IAM permissions boundary policy to simulate. The permissions boundary sets the /// maximum permissions that an IAM entity can have. You can input only one permissions /// boundary when you pass a policy to this operation. For more information about permissions /// boundaries, see Permissions /// boundaries for IAM entities in the IAM User Guide. The policy input is /// specified as a string that contains the complete, valid JSON text of a permissions /// boundary policy. /// /// /// /// The maximum length of the policy document that you can pass in this operation, including /// whitespace, is listed below. To view the maximum character counts of a managed policy /// with no whitespaces, see IAM /// and STS character quotas. /// /// /// /// The regex pattern used to validate this /// parameter is a string of characters consisting of the following: /// ///
  • /// /// Any printable ASCII character ranging from the space character (\u0020) /// through the end of the ASCII character range /// ///
  • /// /// The printable characters in the Basic Latin and Latin-1 Supplement character set (through /// \u00FF) /// ///
  • /// /// The special characters tab (\u0009), line feed (\u000A), /// and carriage return (\u000D) /// ///
/// public List PermissionsBoundaryPolicyInputList { get { return this._permissionsBoundaryPolicyInputList; } set { this._permissionsBoundaryPolicyInputList = value; } } // Check to see if PermissionsBoundaryPolicyInputList property is set internal bool IsSetPermissionsBoundaryPolicyInputList() { return this._permissionsBoundaryPolicyInputList != null && this._permissionsBoundaryPolicyInputList.Count > 0; } /// /// Gets and sets the property PolicyInputList. /// /// A list of policy documents to include in the simulation. Each document is specified /// as a string containing the complete, valid JSON text of an IAM policy. Do not include /// any resource-based policies in this parameter. Any resource-based policy must be submitted /// with the ResourcePolicy parameter. The policies cannot be "scope-down" /// policies, such as you could include in a call to GetFederationToken /// or one of the AssumeRole /// API operations. In other words, do not use policies designed to restrict what a user /// can do while using the temporary credentials. /// /// /// /// The maximum length of the policy document that you can pass in this operation, including /// whitespace, is listed below. To view the maximum character counts of a managed policy /// with no whitespaces, see IAM /// and STS character quotas. /// /// /// /// The regex pattern used to validate this /// parameter is a string of characters consisting of the following: /// ///
  • /// /// Any printable ASCII character ranging from the space character (\u0020) /// through the end of the ASCII character range /// ///
  • /// /// The printable characters in the Basic Latin and Latin-1 Supplement character set (through /// \u00FF) /// ///
  • /// /// The special characters tab (\u0009), line feed (\u000A), /// and carriage return (\u000D) /// ///
/// [AWSProperty(Required=true)] public List PolicyInputList { get { return this._policyInputList; } set { this._policyInputList = value; } } // Check to see if PolicyInputList property is set internal bool IsSetPolicyInputList() { return this._policyInputList != null && this._policyInputList.Count > 0; } /// /// Gets and sets the property ResourceArns. /// /// A list of ARNs of Amazon Web Services resources to include in the simulation. If this /// parameter is not provided, then the value defaults to * (all resources). /// Each API in the ActionNames parameter is evaluated for each resource /// in this list. The simulation determines the access result (allowed or denied) of each /// combination and reports it in the response. You can simulate resources that don't /// exist in your account. /// /// /// /// The simulation does not automatically retrieve policies for the specified resources. /// If you want to include a resource policy in the simulation, then you must include /// the policy as a string in the ResourcePolicy parameter. /// /// /// /// If you include a ResourcePolicy, then it must be applicable to all of /// the resources included in the simulation or you receive an invalid input error. /// /// /// /// For more information about ARNs, see Amazon /// Resource Names (ARNs) in the Amazon Web Services General Reference. /// /// /// /// Simulation of resource-based policies isn't supported for IAM roles. /// /// /// public List ResourceArns { get { return this._resourceArns; } set { this._resourceArns = value; } } // Check to see if ResourceArns property is set internal bool IsSetResourceArns() { return this._resourceArns != null && this._resourceArns.Count > 0; } /// /// Gets and sets the property ResourceHandlingOption. /// /// Specifies the type of simulation to run. Different API operations that support resource-based /// policies require different combinations of resources. By specifying the type of simulation /// to run, you enable the policy simulator to enforce the presence of the required resources /// to ensure reliable simulation results. If your simulation does not match one of the /// following scenarios, then you can omit this parameter. The following list shows each /// of the supported scenario values and the resources that you must define to run the /// simulation. /// /// /// /// Each of the EC2 scenarios requires that you specify instance, image, and security /// group resources. If your scenario includes an EBS volume, then you must specify that /// volume as a resource. If the EC2 scenario includes VPC, then you must supply the network /// interface resource. If it includes an IP subnet, then you must specify the subnet /// resource. For more information on the EC2 scenario options, see Supported /// platforms in the Amazon EC2 User Guide. /// ///
  • /// /// EC2-VPC-InstanceStore /// /// /// /// instance, image, security group, network interface /// ///
  • /// /// EC2-VPC-InstanceStore-Subnet /// /// /// /// instance, image, security group, network interface, subnet /// ///
  • /// /// EC2-VPC-EBS /// /// /// /// instance, image, security group, network interface, volume /// ///
  • /// /// EC2-VPC-EBS-Subnet /// /// /// /// instance, image, security group, network interface, subnet, volume /// ///
/// [AWSProperty(Min=1, Max=64)] public string ResourceHandlingOption { get { return this._resourceHandlingOption; } set { this._resourceHandlingOption = value; } } // Check to see if ResourceHandlingOption property is set internal bool IsSetResourceHandlingOption() { return this._resourceHandlingOption != null; } /// /// Gets and sets the property ResourceOwner. /// /// An ARN representing the Amazon Web Services account ID that specifies the owner of /// any simulated resource that does not identify its owner in the resource ARN. Examples /// of resource ARNs include an S3 bucket or object. If ResourceOwner is /// specified, it is also used as the account owner of any ResourcePolicy /// included in the simulation. If the ResourceOwner parameter is not specified, /// then the owner of the resources and the resource policy defaults to the account of /// the identity provided in CallerArn. This parameter is required only if /// you specify a resource-based policy and account that owns the resource is different /// from the account that owns the simulated calling user CallerArn. /// /// /// /// The ARN for an account uses the following syntax: arn:aws:iam::AWS-account-ID:root. /// For example, to represent the account with the 112233445566 ID, use the following /// ARN: arn:aws:iam::112233445566-ID:root. /// /// [AWSProperty(Min=1, Max=2048)] public string ResourceOwner { get { return this._resourceOwner; } set { this._resourceOwner = value; } } // Check to see if ResourceOwner property is set internal bool IsSetResourceOwner() { return this._resourceOwner != null; } /// /// Gets and sets the property ResourcePolicy. /// /// A resource-based policy to include in the simulation provided as a string. Each resource /// in the simulation is treated as if it had this policy attached. You can include only /// one resource-based policy in a simulation. /// /// /// /// The maximum length of the policy document that you can pass in this operation, including /// whitespace, is listed below. To view the maximum character counts of a managed policy /// with no whitespaces, see IAM /// and STS character quotas. /// /// /// /// The regex pattern used to validate this /// parameter is a string of characters consisting of the following: /// ///
  • /// /// Any printable ASCII character ranging from the space character (\u0020) /// through the end of the ASCII character range /// ///
  • /// /// The printable characters in the Basic Latin and Latin-1 Supplement character set (through /// \u00FF) /// ///
  • /// /// The special characters tab (\u0009), line feed (\u000A), /// and carriage return (\u000D) /// ///
/// /// Simulation of resource-based policies isn't supported for IAM roles. /// /// /// [AWSProperty(Min=1, Max=131072)] public string ResourcePolicy { get { return this._resourcePolicy; } set { this._resourcePolicy = value; } } // Check to see if ResourcePolicy property is set internal bool IsSetResourcePolicy() { return this._resourcePolicy != null; } } }