Guides

VERIFIEDPERMISSIONS

Suggest Edits
docs.aws.amazon.com
AWS documentation

BatchGetPolicy

valid {
    input.Body.requests[_].policyStoreId == STRING
    input.Body.requests[_].policyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchIsAuthorized

valid {
    input.Body.policyStoreId == STRING
    input.Body.entities.entityList[_].identifier.entityType == STRING
    input.Body.entities.entityList[_].identifier.entityId == STRING
    input.Body.entities.entityList[_].attributes.STRING.boolean == BOOLEAN
    input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityType == STRING
    input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityId == STRING
    input.Body.entities.entityList[_].attributes.STRING.long == LONG
    input.Body.entities.entityList[_].attributes.STRING.string == STRING
    input.Body.entities.entityList[_].attributes.STRING.set[_] == NESTED
    input.Body.entities.entityList[_].attributes.STRING.record.STRING == NESTED
    input.Body.entities.entityList[_].attributes.STRING.ipaddr == STRING
    input.Body.entities.entityList[_].attributes.STRING.decimal == STRING
    input.Body.entities.entityList[_].parents[_].entityType == STRING
    input.Body.entities.entityList[_].parents[_].entityId == STRING
    input.Body.requests[_].principal.entityType == STRING
    input.Body.requests[_].principal.entityId == STRING
    input.Body.requests[_].action.actionType == STRING
    input.Body.requests[_].action.actionId == STRING
    input.Body.requests[_].resource.entityType == STRING
    input.Body.requests[_].resource.entityId == STRING
    input.Body.requests[_].context.contextMap.STRING.boolean == BOOLEAN
    input.Body.requests[_].context.contextMap.STRING.entityIdentifier.entityType == STRING
    input.Body.requests[_].context.contextMap.STRING.entityIdentifier.entityId == STRING
    input.Body.requests[_].context.contextMap.STRING.long == LONG
    input.Body.requests[_].context.contextMap.STRING.string == STRING
    input.Body.requests[_].context.contextMap.STRING.set[_] == NESTED
    input.Body.requests[_].context.contextMap.STRING.record.STRING == NESTED
    input.Body.requests[_].context.contextMap.STRING.ipaddr == STRING
    input.Body.requests[_].context.contextMap.STRING.decimal == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

BatchIsAuthorizedWithToken

valid {
    input.Body.policyStoreId == STRING
    input.Body.identityToken == STRING
    input.Body.accessToken == STRING
    input.Body.entities.entityList[_].identifier.entityType == STRING
    input.Body.entities.entityList[_].identifier.entityId == STRING
    input.Body.entities.entityList[_].attributes.STRING.boolean == BOOLEAN
    input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityType == STRING
    input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityId == STRING
    input.Body.entities.entityList[_].attributes.STRING.long == LONG
    input.Body.entities.entityList[_].attributes.STRING.string == STRING
    input.Body.entities.entityList[_].attributes.STRING.set[_] == NESTED
    input.Body.entities.entityList[_].attributes.STRING.record.STRING == NESTED
    input.Body.entities.entityList[_].attributes.STRING.ipaddr == STRING
    input.Body.entities.entityList[_].attributes.STRING.decimal == STRING
    input.Body.entities.entityList[_].parents[_].entityType == STRING
    input.Body.entities.entityList[_].parents[_].entityId == STRING
    input.Body.requests[_].action.actionType == STRING
    input.Body.requests[_].action.actionId == STRING
    input.Body.requests[_].resource.entityType == STRING
    input.Body.requests[_].resource.entityId == STRING
    input.Body.requests[_].context.contextMap.STRING.boolean == BOOLEAN
    input.Body.requests[_].context.contextMap.STRING.entityIdentifier.entityType == STRING
    input.Body.requests[_].context.contextMap.STRING.entityIdentifier.entityId == STRING
    input.Body.requests[_].context.contextMap.STRING.long == LONG
    input.Body.requests[_].context.contextMap.STRING.string == STRING
    input.Body.requests[_].context.contextMap.STRING.set[_] == NESTED
    input.Body.requests[_].context.contextMap.STRING.record.STRING == NESTED
    input.Body.requests[_].context.contextMap.STRING.ipaddr == STRING
    input.Body.requests[_].context.contextMap.STRING.decimal == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreateIdentitySource

valid {
    input.Body.clientToken == STRING
    input.Body.policyStoreId == STRING
    input.Body.configuration.cognitoUserPoolConfiguration.userPoolArn == STRING
    input.Body.configuration.cognitoUserPoolConfiguration.clientIds[_] == STRING
    input.Body.configuration.cognitoUserPoolConfiguration.groupConfiguration.groupEntityType == STRING
    input.Body.configuration.openIdConnectConfiguration.issuer == STRING
    input.Body.configuration.openIdConnectConfiguration.entityIdPrefix == STRING
    input.Body.configuration.openIdConnectConfiguration.groupConfiguration.groupClaim == STRING
    input.Body.configuration.openIdConnectConfiguration.groupConfiguration.groupEntityType == STRING
    input.Body.configuration.openIdConnectConfiguration.tokenSelection.accessTokenOnly.principalIdClaim == STRING
    input.Body.configuration.openIdConnectConfiguration.tokenSelection.accessTokenOnly.audiences[_] == STRING
    input.Body.configuration.openIdConnectConfiguration.tokenSelection.identityTokenOnly.principalIdClaim == STRING
    input.Body.configuration.openIdConnectConfiguration.tokenSelection.identityTokenOnly.clientIds[_] == STRING
    input.Body.principalEntityType == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePolicy

valid {
    input.Body.clientToken == STRING
    input.Body.policyStoreId == STRING
    input.Body.definition.static.description == STRING
    input.Body.definition.static.statement == STRING
    input.Body.definition.templateLinked.policyTemplateId == STRING
    input.Body.definition.templateLinked.principal.entityType == STRING
    input.Body.definition.templateLinked.principal.entityId == STRING
    input.Body.definition.templateLinked.resource.entityType == STRING
    input.Body.definition.templateLinked.resource.entityId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePolicyStore

enum_ValidationMode := [ "OFF", "STRICT" ]

valid {
    input.Body.clientToken == STRING
    input.Body.validationSettings.mode == enum_ValidationMode[_]
    input.Body.description == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

CreatePolicyTemplate

valid {
    input.Body.clientToken == STRING
    input.Body.policyStoreId == STRING
    input.Body.description == STRING
    input.Body.statement == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeleteIdentitySource

valid {
    input.Body.policyStoreId == STRING
    input.Body.identitySourceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePolicy

valid {
    input.Body.policyStoreId == STRING
    input.Body.policyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePolicyStore

valid {
    input.Body.policyStoreId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

DeletePolicyTemplate

valid {
    input.Body.policyStoreId == STRING
    input.Body.policyTemplateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetIdentitySource

valid {
    input.Body.policyStoreId == STRING
    input.Body.identitySourceId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPolicy

valid {
    input.Body.policyStoreId == STRING
    input.Body.policyId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPolicyStore

valid {
    input.Body.policyStoreId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetPolicyTemplate

valid {
    input.Body.policyStoreId == STRING
    input.Body.policyTemplateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

GetSchema

valid {
    input.Body.policyStoreId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

IsAuthorized

valid {
    input.Body.policyStoreId == STRING
    input.Body.principal.entityType == STRING
    input.Body.principal.entityId == STRING
    input.Body.action.actionType == STRING
    input.Body.action.actionId == STRING
    input.Body.resource.entityType == STRING
    input.Body.resource.entityId == STRING
    input.Body.context.contextMap.STRING.boolean == BOOLEAN
    input.Body.context.contextMap.STRING.entityIdentifier.entityType == STRING
    input.Body.context.contextMap.STRING.entityIdentifier.entityId == STRING
    input.Body.context.contextMap.STRING.long == LONG
    input.Body.context.contextMap.STRING.string == STRING
    input.Body.context.contextMap.STRING.set[_] == NESTED
    input.Body.context.contextMap.STRING.record.STRING == NESTED
    input.Body.context.contextMap.STRING.ipaddr == STRING
    input.Body.context.contextMap.STRING.decimal == STRING
    input.Body.entities.entityList[_].identifier.entityType == STRING
    input.Body.entities.entityList[_].identifier.entityId == STRING
    input.Body.entities.entityList[_].attributes.STRING.boolean == BOOLEAN
    input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityType == STRING
    input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityId == STRING
    input.Body.entities.entityList[_].attributes.STRING.long == LONG
    input.Body.entities.entityList[_].attributes.STRING.string == STRING
    input.Body.entities.entityList[_].attributes.STRING.set[_] == NESTED
    input.Body.entities.entityList[_].attributes.STRING.record.STRING == NESTED
    input.Body.entities.entityList[_].attributes.STRING.ipaddr == STRING
    input.Body.entities.entityList[_].attributes.STRING.decimal == STRING
    input.Body.entities.entityList[_].parents[_].entityType == STRING
    input.Body.entities.entityList[_].parents[_].entityId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

IsAuthorizedWithToken

valid {
    input.Body.policyStoreId == STRING
    input.Body.identityToken == STRING
    input.Body.accessToken == STRING
    input.Body.action.actionType == STRING
    input.Body.action.actionId == STRING
    input.Body.resource.entityType == STRING
    input.Body.resource.entityId == STRING
    input.Body.context.contextMap.STRING.boolean == BOOLEAN
    input.Body.context.contextMap.STRING.entityIdentifier.entityType == STRING
    input.Body.context.contextMap.STRING.entityIdentifier.entityId == STRING
    input.Body.context.contextMap.STRING.long == LONG
    input.Body.context.contextMap.STRING.string == STRING
    input.Body.context.contextMap.STRING.set[_] == NESTED
    input.Body.context.contextMap.STRING.record.STRING == NESTED
    input.Body.context.contextMap.STRING.ipaddr == STRING
    input.Body.context.contextMap.STRING.decimal == STRING
    input.Body.entities.entityList[_].identifier.entityType == STRING
    input.Body.entities.entityList[_].identifier.entityId == STRING
    input.Body.entities.entityList[_].attributes.STRING.boolean == BOOLEAN
    input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityType == STRING
    input.Body.entities.entityList[_].attributes.STRING.entityIdentifier.entityId == STRING
    input.Body.entities.entityList[_].attributes.STRING.long == LONG
    input.Body.entities.entityList[_].attributes.STRING.string == STRING
    input.Body.entities.entityList[_].attributes.STRING.set[_] == NESTED
    input.Body.entities.entityList[_].attributes.STRING.record.STRING == NESTED
    input.Body.entities.entityList[_].attributes.STRING.ipaddr == STRING
    input.Body.entities.entityList[_].attributes.STRING.decimal == STRING
    input.Body.entities.entityList[_].parents[_].entityType == STRING
    input.Body.entities.entityList[_].parents[_].entityId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListIdentitySources

valid {
    input.Body.policyStoreId == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.Body.filters[_].principalEntityType == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicies

enum_PolicyType := [ "STATIC", "TEMPLATE_LINKED" ]

valid {
    input.Body.policyStoreId == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.Body.filter.principal.unspecified == BOOLEAN
    input.Body.filter.principal.identifier.entityType == STRING
    input.Body.filter.principal.identifier.entityId == STRING
    input.Body.filter.resource.unspecified == BOOLEAN
    input.Body.filter.resource.identifier.entityType == STRING
    input.Body.filter.resource.identifier.entityId == STRING
    input.Body.filter.policyType == enum_PolicyType[_]
    input.Body.filter.policyTemplateId == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicyStores

valid {
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

ListPolicyTemplates

valid {
    input.Body.policyStoreId == STRING
    input.Body.nextToken == STRING
    input.Body.maxResults == INTEGER
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

PutSchema

valid {
    input.Body.policyStoreId == STRING
    input.Body.definition.cedarJson == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdateIdentitySource

valid {
    input.Body.policyStoreId == STRING
    input.Body.identitySourceId == STRING
    input.Body.updateConfiguration.cognitoUserPoolConfiguration.userPoolArn == STRING
    input.Body.updateConfiguration.cognitoUserPoolConfiguration.clientIds[_] == STRING
    input.Body.updateConfiguration.cognitoUserPoolConfiguration.groupConfiguration.groupEntityType == STRING
    input.Body.updateConfiguration.openIdConnectConfiguration.issuer == STRING
    input.Body.updateConfiguration.openIdConnectConfiguration.entityIdPrefix == STRING
    input.Body.updateConfiguration.openIdConnectConfiguration.groupConfiguration.groupClaim == STRING
    input.Body.updateConfiguration.openIdConnectConfiguration.groupConfiguration.groupEntityType == STRING
    input.Body.updateConfiguration.openIdConnectConfiguration.tokenSelection.accessTokenOnly.principalIdClaim == STRING
    input.Body.updateConfiguration.openIdConnectConfiguration.tokenSelection.accessTokenOnly.audiences[_] == STRING
    input.Body.updateConfiguration.openIdConnectConfiguration.tokenSelection.identityTokenOnly.principalIdClaim == STRING
    input.Body.updateConfiguration.openIdConnectConfiguration.tokenSelection.identityTokenOnly.clientIds[_] == STRING
    input.Body.principalEntityType == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePolicy

valid {
    input.Body.policyStoreId == STRING
    input.Body.policyId == STRING
    input.Body.definition.static.description == STRING
    input.Body.definition.static.statement == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePolicyStore

enum_ValidationMode := [ "OFF", "STRICT" ]

valid {
    input.Body.policyStoreId == STRING
    input.Body.validationSettings.mode == enum_ValidationMode[_]
    input.Body.description == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

UpdatePolicyTemplate

valid {
    input.Body.policyStoreId == STRING
    input.Body.policyTemplateId == STRING
    input.Body.description == STRING
    input.Body.statement == STRING
    input.ProviderMetadata.Account == STRING
    input.ProviderMetadata.AccessKeyId == STRING
    input.ProviderMetadata.Region == STRING
}

Updated 14 days ago