AWS Identity and Access Management (IAM) | Policy Simulator Flashcards
What is a policy summary?
Policy Simulator
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
If you are using the IAM console and choose a policy, you will see a policy summary. A policy summary lists the access level, resources, and conditions for each service defined in a policy (see the following screenshot for an example). The access level (View, Read, Write, or Permissions management) is defined by actions granted for each service in the policy. You can view the policy in JSON by choosing the JSON button.
Screenshot of a policy summary
What is the IAM policy simulator?
Policy Simulator
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
The IAM policy simulator is a tool to help you understand, test, and validate the effects of your access control policies.
What can the policy simulator be used for?
Policy Simulator
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
You can use the policy simulator in several ways. You can test policy changes to ensure they have the desired effect before committing them to production. You can validate existing policies attached to users, groups, and roles to verify and troubleshoot permissions. You can also use the policy simulator to understand how IAM policies and resource-based policies work together to grant or deny access to AWS resources.
Who can use the policy simulator?
Policy Simulator
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
The policy simulator is available to all AWS customers.
How much does the policy simulator cost?
Policy Simulator
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
The policy simulator is available at no extra cost.
How do I get started?
Policy Simulator
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
Go to https://policysim.aws.amazon.com, or click the link on the IAM console under “Additional Information.” Specify a new policy or choose an existing set of policies from a user, group, or role that you’d like to evaluate. Then select a set of actions from the list of AWS services, provide any required information to simulate the access request, and run the simulation to determine whether the policy allows or denies permissions to the selected actions and resources. To learn more about the IAM policy simulator, watch our Getting Started video or see the documentation.
What kinds of policies does the IAM policy simulator support?
Policy Simulator
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
The policy simulator supports testing of newly entered policies and existing policies attached to users, groups, or roles. In addition, you can simulate whether resource-level policies grant access to a particular resource for Amazon S3 buckets, Amazon Glacier vaults, Amazon SNS topics, and Amazon SQS queues. These are included in the simulation when an Amazon Resource Name (ARN) is specified in the Resource field in Simulation Settings for a service that supports resource policies.
If I change a policy in the policy simulator, do those changes persist in production?
Policy Simulator
AWS Identity and Access Management (IAM) | Security, Identity & Compliance
No. To apply changes to production, copy the policy that you’ve modified in the policy simulator and attach it to the desired IAM user, group, or role.
