line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
|
2
|
|
|
|
|
|
|
package Paws::IAM::SimulateCustomPolicy; |
3
|
1
|
|
|
1
|
|
845
|
use Moose; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
12
|
|
4
|
|
|
|
|
|
|
has ActionNames => (is => 'ro', isa => 'ArrayRef[Str|Undef]', required => 1); |
5
|
|
|
|
|
|
|
has CallerArn => (is => 'ro', isa => 'Str'); |
6
|
|
|
|
|
|
|
has ContextEntries => (is => 'ro', isa => 'ArrayRef[Paws::IAM::ContextEntry]'); |
7
|
|
|
|
|
|
|
has Marker => (is => 'ro', isa => 'Str'); |
8
|
|
|
|
|
|
|
has MaxItems => (is => 'ro', isa => 'Int'); |
9
|
|
|
|
|
|
|
has PolicyInputList => (is => 'ro', isa => 'ArrayRef[Str|Undef]', required => 1); |
10
|
|
|
|
|
|
|
has ResourceArns => (is => 'ro', isa => 'ArrayRef[Str|Undef]'); |
11
|
|
|
|
|
|
|
has ResourceHandlingOption => (is => 'ro', isa => 'Str'); |
12
|
|
|
|
|
|
|
has ResourceOwner => (is => 'ro', isa => 'Str'); |
13
|
|
|
|
|
|
|
has ResourcePolicy => (is => 'ro', isa => 'Str'); |
14
|
|
|
|
|
|
|
|
15
|
1
|
|
|
1
|
|
10130
|
use MooseX::ClassAttribute; |
|
1
|
|
|
|
|
3
|
|
|
1
|
|
|
|
|
10
|
|
16
|
|
|
|
|
|
|
|
17
|
|
|
|
|
|
|
class_has _api_call => (isa => 'Str', is => 'ro', default => 'SimulateCustomPolicy'); |
18
|
|
|
|
|
|
|
class_has _returns => (isa => 'Str', is => 'ro', default => 'Paws::IAM::SimulatePolicyResponse'); |
19
|
|
|
|
|
|
|
class_has _result_key => (isa => 'Str', is => 'ro', default => 'SimulateCustomPolicyResult'); |
20
|
|
|
|
|
|
|
1; |
21
|
|
|
|
|
|
|
|
22
|
|
|
|
|
|
|
### main pod documentation begin ### |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
=head1 NAME |
25
|
|
|
|
|
|
|
|
26
|
|
|
|
|
|
|
Paws::IAM::SimulateCustomPolicy - Arguments for method SimulateCustomPolicy on Paws::IAM |
27
|
|
|
|
|
|
|
|
28
|
|
|
|
|
|
|
=head1 DESCRIPTION |
29
|
|
|
|
|
|
|
|
30
|
|
|
|
|
|
|
This class represents the parameters used for calling the method SimulateCustomPolicy on the |
31
|
|
|
|
|
|
|
AWS Identity and Access Management service. Use the attributes of this class |
32
|
|
|
|
|
|
|
as arguments to method SimulateCustomPolicy. |
33
|
|
|
|
|
|
|
|
34
|
|
|
|
|
|
|
You shouldn't make instances of this class. Each attribute should be used as a named argument in the call to SimulateCustomPolicy. |
35
|
|
|
|
|
|
|
|
36
|
|
|
|
|
|
|
As an example: |
37
|
|
|
|
|
|
|
|
38
|
|
|
|
|
|
|
$service_obj->SimulateCustomPolicy(Att1 => $value1, Att2 => $value2, ...); |
39
|
|
|
|
|
|
|
|
40
|
|
|
|
|
|
|
Values for attributes that are native types (Int, String, Float, etc) can passed as-is (scalar values). Values for complex Types (objects) can be passed as a HashRef. The keys and values of the hashref will be used to instance the underlying object. |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
=head1 ATTRIBUTES |
43
|
|
|
|
|
|
|
|
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
=head2 B<REQUIRED> ActionNames => ArrayRef[Str|Undef] |
46
|
|
|
|
|
|
|
|
47
|
|
|
|
|
|
|
A list of names of API actions to evaluate in the simulation. Each |
48
|
|
|
|
|
|
|
action is evaluated against each resource. Each action must include the |
49
|
|
|
|
|
|
|
service identifier, such as C<iam:CreateUser>. |
50
|
|
|
|
|
|
|
|
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
|
53
|
|
|
|
|
|
|
=head2 CallerArn => Str |
54
|
|
|
|
|
|
|
|
55
|
|
|
|
|
|
|
The ARN of the IAM user that you want to use as the simulated caller of |
56
|
|
|
|
|
|
|
the APIs. C<CallerArn> is required if you include a C<ResourcePolicy> |
57
|
|
|
|
|
|
|
so that the policy's C<Principal> element has a value to use in |
58
|
|
|
|
|
|
|
evaluating the policy. |
59
|
|
|
|
|
|
|
|
60
|
|
|
|
|
|
|
You can specify only the ARN of an IAM user. You cannot specify the ARN |
61
|
|
|
|
|
|
|
of an assumed role, federated user, or a service principal. |
62
|
|
|
|
|
|
|
|
63
|
|
|
|
|
|
|
|
64
|
|
|
|
|
|
|
|
65
|
|
|
|
|
|
|
=head2 ContextEntries => ArrayRef[L<Paws::IAM::ContextEntry>] |
66
|
|
|
|
|
|
|
|
67
|
|
|
|
|
|
|
A list of context keys and corresponding values for the simulation to |
68
|
|
|
|
|
|
|
use. Whenever a context key is evaluated in one of the simulated IAM |
69
|
|
|
|
|
|
|
permission policies, the corresponding value is supplied. |
70
|
|
|
|
|
|
|
|
71
|
|
|
|
|
|
|
|
72
|
|
|
|
|
|
|
|
73
|
|
|
|
|
|
|
=head2 Marker => Str |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
Use this parameter only when paginating results and only after you |
76
|
|
|
|
|
|
|
receive a response indicating that the results are truncated. Set it to |
77
|
|
|
|
|
|
|
the value of the C<Marker> element in the response that you received to |
78
|
|
|
|
|
|
|
indicate where the next call should start. |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
|
81
|
|
|
|
|
|
|
|
82
|
|
|
|
|
|
|
=head2 MaxItems => Int |
83
|
|
|
|
|
|
|
|
84
|
|
|
|
|
|
|
(Optional) Use this only when paginating results to indicate the |
85
|
|
|
|
|
|
|
maximum number of items you want in the response. If additional items |
86
|
|
|
|
|
|
|
exist beyond the maximum you specify, the C<IsTruncated> response |
87
|
|
|
|
|
|
|
element is C<true>. |
88
|
|
|
|
|
|
|
|
89
|
|
|
|
|
|
|
If you do not include this parameter, it defaults to 100. Note that IAM |
90
|
|
|
|
|
|
|
might return fewer results, even when there are more results available. |
91
|
|
|
|
|
|
|
In that case, the C<IsTruncated> response element returns C<true> and |
92
|
|
|
|
|
|
|
C<Marker> contains a value to include in the subsequent call that tells |
93
|
|
|
|
|
|
|
the service where to continue from. |
94
|
|
|
|
|
|
|
|
95
|
|
|
|
|
|
|
|
96
|
|
|
|
|
|
|
|
97
|
|
|
|
|
|
|
=head2 B<REQUIRED> PolicyInputList => ArrayRef[Str|Undef] |
98
|
|
|
|
|
|
|
|
99
|
|
|
|
|
|
|
A list of policy documents to include in the simulation. Each document |
100
|
|
|
|
|
|
|
is specified as a string containing the complete, valid JSON text of an |
101
|
|
|
|
|
|
|
IAM policy. Do not include any resource-based policies in this |
102
|
|
|
|
|
|
|
parameter. Any resource-based policy must be submitted with the |
103
|
|
|
|
|
|
|
C<ResourcePolicy> parameter. The policies cannot be "scope-down" |
104
|
|
|
|
|
|
|
policies, such as you could include in a call to GetFederationToken or |
105
|
|
|
|
|
|
|
one of the AssumeRole APIs to restrict what a user can do while using |
106
|
|
|
|
|
|
|
the temporary credentials. |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
The regex pattern used to validate this parameter is a string of |
109
|
|
|
|
|
|
|
characters consisting of any printable ASCII character ranging from the |
110
|
|
|
|
|
|
|
space character (\u0020) through end of the ASCII character range as |
111
|
|
|
|
|
|
|
well as the printable characters in the Basic Latin and Latin-1 |
112
|
|
|
|
|
|
|
Supplement character set (through \u00FF). It also includes the special |
113
|
|
|
|
|
|
|
characters tab (\u0009), line feed (\u000A), and carriage return |
114
|
|
|
|
|
|
|
(\u000D). |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
|
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
=head2 ResourceArns => ArrayRef[Str|Undef] |
119
|
|
|
|
|
|
|
|
120
|
|
|
|
|
|
|
A list of ARNs of AWS resources to include in the simulation. If this |
121
|
|
|
|
|
|
|
parameter is not provided then the value defaults to C<*> (all |
122
|
|
|
|
|
|
|
resources). Each API in the C<ActionNames> parameter is evaluated for |
123
|
|
|
|
|
|
|
each resource in this list. The simulation determines the access result |
124
|
|
|
|
|
|
|
(allowed or denied) of each combination and reports it in the response. |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
The simulation does not automatically retrieve policies for the |
127
|
|
|
|
|
|
|
specified resources. If you want to include a resource policy in the |
128
|
|
|
|
|
|
|
simulation, then you must include the policy as a string in the |
129
|
|
|
|
|
|
|
C<ResourcePolicy> parameter. |
130
|
|
|
|
|
|
|
|
131
|
|
|
|
|
|
|
If you include a C<ResourcePolicy>, then it must be applicable to all |
132
|
|
|
|
|
|
|
of the resources included in the simulation or you receive an invalid |
133
|
|
|
|
|
|
|
input error. |
134
|
|
|
|
|
|
|
|
135
|
|
|
|
|
|
|
For more information about ARNs, see Amazon Resource Names (ARNs) and |
136
|
|
|
|
|
|
|
AWS Service Namespaces in the I<AWS General Reference>. |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
|
139
|
|
|
|
|
|
|
|
140
|
|
|
|
|
|
|
=head2 ResourceHandlingOption => Str |
141
|
|
|
|
|
|
|
|
142
|
|
|
|
|
|
|
Specifies the type of simulation to run. Different APIs that support |
143
|
|
|
|
|
|
|
resource-based policies require different combinations of resources. By |
144
|
|
|
|
|
|
|
specifying the type of simulation to run, you enable the policy |
145
|
|
|
|
|
|
|
simulator to enforce the presence of the required resources to ensure |
146
|
|
|
|
|
|
|
reliable simulation results. If your simulation does not match one of |
147
|
|
|
|
|
|
|
the following scenarios, then you can omit this parameter. The |
148
|
|
|
|
|
|
|
following list shows each of the supported scenario values and the |
149
|
|
|
|
|
|
|
resources that you must define to run the simulation. |
150
|
|
|
|
|
|
|
|
151
|
|
|
|
|
|
|
Each of the EC2 scenarios requires that you specify instance, image, |
152
|
|
|
|
|
|
|
and security-group resources. If your scenario includes an EBS volume, |
153
|
|
|
|
|
|
|
then you must specify that volume as a resource. If the EC2 scenario |
154
|
|
|
|
|
|
|
includes VPC, then you must supply the network-interface resource. If |
155
|
|
|
|
|
|
|
it includes an IP subnet, then you must specify the subnet resource. |
156
|
|
|
|
|
|
|
For more information on the EC2 scenario options, see Supported |
157
|
|
|
|
|
|
|
Platforms in the I<AWS EC2 User Guide>. |
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
=over |
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
=item * |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
B<EC2-Classic-InstanceStore> |
164
|
|
|
|
|
|
|
|
165
|
|
|
|
|
|
|
instance, image, security-group |
166
|
|
|
|
|
|
|
|
167
|
|
|
|
|
|
|
=item * |
168
|
|
|
|
|
|
|
|
169
|
|
|
|
|
|
|
B<EC2-Classic-EBS> |
170
|
|
|
|
|
|
|
|
171
|
|
|
|
|
|
|
instance, image, security-group, volume |
172
|
|
|
|
|
|
|
|
173
|
|
|
|
|
|
|
=item * |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
B<EC2-VPC-InstanceStore> |
176
|
|
|
|
|
|
|
|
177
|
|
|
|
|
|
|
instance, image, security-group, network-interface |
178
|
|
|
|
|
|
|
|
179
|
|
|
|
|
|
|
=item * |
180
|
|
|
|
|
|
|
|
181
|
|
|
|
|
|
|
B<EC2-VPC-InstanceStore-Subnet> |
182
|
|
|
|
|
|
|
|
183
|
|
|
|
|
|
|
instance, image, security-group, network-interface, subnet |
184
|
|
|
|
|
|
|
|
185
|
|
|
|
|
|
|
=item * |
186
|
|
|
|
|
|
|
|
187
|
|
|
|
|
|
|
B<EC2-VPC-EBS> |
188
|
|
|
|
|
|
|
|
189
|
|
|
|
|
|
|
instance, image, security-group, network-interface, volume |
190
|
|
|
|
|
|
|
|
191
|
|
|
|
|
|
|
=item * |
192
|
|
|
|
|
|
|
|
193
|
|
|
|
|
|
|
B<EC2-VPC-EBS-Subnet> |
194
|
|
|
|
|
|
|
|
195
|
|
|
|
|
|
|
instance, image, security-group, network-interface, subnet, volume |
196
|
|
|
|
|
|
|
|
197
|
|
|
|
|
|
|
=back |
198
|
|
|
|
|
|
|
|
199
|
|
|
|
|
|
|
|
200
|
|
|
|
|
|
|
|
201
|
|
|
|
|
|
|
|
202
|
|
|
|
|
|
|
=head2 ResourceOwner => Str |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
An AWS account ID that specifies the owner of any simulated resource |
205
|
|
|
|
|
|
|
that does not identify its owner in the resource ARN, such as an S3 |
206
|
|
|
|
|
|
|
bucket or object. If C<ResourceOwner> is specified, it is also used as |
207
|
|
|
|
|
|
|
the account owner of any C<ResourcePolicy> included in the simulation. |
208
|
|
|
|
|
|
|
If the C<ResourceOwner> parameter is not specified, then the owner of |
209
|
|
|
|
|
|
|
the resources and the resource policy defaults to the account of the |
210
|
|
|
|
|
|
|
identity provided in C<CallerArn>. This parameter is required only if |
211
|
|
|
|
|
|
|
you specify a resource-based policy and account that owns the resource |
212
|
|
|
|
|
|
|
is different from the account that owns the simulated calling user |
213
|
|
|
|
|
|
|
C<CallerArn>. |
214
|
|
|
|
|
|
|
|
215
|
|
|
|
|
|
|
|
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
=head2 ResourcePolicy => Str |
218
|
|
|
|
|
|
|
|
219
|
|
|
|
|
|
|
A resource-based policy to include in the simulation provided as a |
220
|
|
|
|
|
|
|
string. Each resource in the simulation is treated as if it had this |
221
|
|
|
|
|
|
|
policy attached. You can include only one resource-based policy in a |
222
|
|
|
|
|
|
|
simulation. |
223
|
|
|
|
|
|
|
|
224
|
|
|
|
|
|
|
The regex pattern used to validate this parameter is a string of |
225
|
|
|
|
|
|
|
characters consisting of any printable ASCII character ranging from the |
226
|
|
|
|
|
|
|
space character (\u0020) through end of the ASCII character range as |
227
|
|
|
|
|
|
|
well as the printable characters in the Basic Latin and Latin-1 |
228
|
|
|
|
|
|
|
Supplement character set (through \u00FF). It also includes the special |
229
|
|
|
|
|
|
|
characters tab (\u0009), line feed (\u000A), and carriage return |
230
|
|
|
|
|
|
|
(\u000D). |
231
|
|
|
|
|
|
|
|
232
|
|
|
|
|
|
|
|
233
|
|
|
|
|
|
|
|
234
|
|
|
|
|
|
|
|
235
|
|
|
|
|
|
|
=head1 SEE ALSO |
236
|
|
|
|
|
|
|
|
237
|
|
|
|
|
|
|
This class forms part of L<Paws>, documenting arguments for method SimulateCustomPolicy in L<Paws::IAM> |
238
|
|
|
|
|
|
|
|
239
|
|
|
|
|
|
|
=head1 BUGS and CONTRIBUTIONS |
240
|
|
|
|
|
|
|
|
241
|
|
|
|
|
|
|
The source code is located here: https://github.com/pplu/aws-sdk-perl |
242
|
|
|
|
|
|
|
|
243
|
|
|
|
|
|
|
Please report bugs to: https://github.com/pplu/aws-sdk-perl/issues |
244
|
|
|
|
|
|
|
|
245
|
|
|
|
|
|
|
=cut |
246
|
|
|
|
|
|
|
|