{-# LANGUAGE DeriveGeneric #-} {-# LANGUAGE DuplicateRecordFields #-} {-# LANGUAGE NamedFieldPuns #-} {-# LANGUAGE OverloadedStrings #-} {-# LANGUAGE RecordWildCards #-} {-# LANGUAGE StrictData #-} {-# LANGUAGE TypeFamilies #-} {-# LANGUAGE NoImplicitPrelude #-} {-# OPTIONS_GHC -fno-warn-unused-binds #-} {-# OPTIONS_GHC -fno-warn-unused-imports #-} {-# OPTIONS_GHC -fno-warn-unused-matches #-} -- Derived from AWS service descriptions, licensed under Apache 2.0. -- | -- Module : Amazonka.IAM.SimulateCustomPolicy -- Copyright : (c) 2013-2021 Brendan Hay -- License : Mozilla Public License, v. 2.0. -- Maintainer : Brendan Hay <brendan.g.hay+amazonka@gmail.com> -- Stability : auto-generated -- Portability : non-portable (GHC extensions) -- -- Simulate how a set of IAM policies and optionally a resource-based -- policy works with a list of API operations and Amazon Web Services -- resources to determine the policies\' effective permissions. The -- policies are provided as strings. -- -- The simulation does not perform the API operations; it only checks the -- authorization to determine if the simulated policies allow or deny the -- operations. You can simulate resources that don\'t exist in your -- account. -- -- If you want to simulate existing policies that are attached to an IAM -- user, group, or role, use SimulatePrincipalPolicy instead. -- -- Context keys are variables that are maintained by Amazon Web Services -- and its services and which provide details about the context of an API -- query request. You can use the @Condition@ element of an IAM policy to -- evaluate context keys. To get the list of context keys that the policies -- require for correct simulation, use GetContextKeysForCustomPolicy. -- -- If the output is long, you can use @MaxItems@ and @Marker@ parameters to -- paginate the results. -- -- For more information about using the policy simulator, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_testing-policies.html Testing IAM policies with the IAM policy simulator> -- in the /IAM User Guide/. -- -- This operation returns paginated results. module Amazonka.IAM.SimulateCustomPolicy ( -- * Creating a Request SimulateCustomPolicy (..), newSimulateCustomPolicy, -- * Request Lenses simulateCustomPolicy_resourcePolicy, simulateCustomPolicy_callerArn, simulateCustomPolicy_resourceHandlingOption, simulateCustomPolicy_resourceArns, simulateCustomPolicy_permissionsBoundaryPolicyInputList, simulateCustomPolicy_marker, simulateCustomPolicy_maxItems, simulateCustomPolicy_contextEntries, simulateCustomPolicy_resourceOwner, simulateCustomPolicy_policyInputList, simulateCustomPolicy_actionNames, -- * Destructuring the Response SimulatePolicyResponse (..), newSimulatePolicyResponse, -- * Response Lenses simulatePolicyResponse_evaluationResults, simulatePolicyResponse_marker, simulatePolicyResponse_isTruncated, ) where import qualified Amazonka.Core as Core import Amazonka.IAM.Types import qualified Amazonka.Lens as Lens import qualified Amazonka.Prelude as Prelude import qualified Amazonka.Request as Request import qualified Amazonka.Response as Response -- | /See:/ 'newSimulateCustomPolicy' smart constructor. data SimulateCustomPolicy = SimulateCustomPolicy' { -- | A resource-based policy to include in the simulation provided as a -- string. Each resource in the simulation is treated as if it had this -- policy attached. You can include only one resource-based policy in a -- simulation. -- -- The maximum length of the policy document that you can pass in this -- operation, including whitespace, is listed below. To view the maximum -- character counts of a managed policy with no whitespaces, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length IAM and STS character quotas>. -- -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate -- this parameter is a string of characters consisting of the following: -- -- - Any printable ASCII character ranging from the space character -- (@\\u0020@) through the end of the ASCII character range -- -- - The printable characters in the Basic Latin and Latin-1 Supplement -- character set (through @\\u00FF@) -- -- - The special characters tab (@\\u0009@), line feed (@\\u000A@), and -- carriage return (@\\u000D@) SimulateCustomPolicy -> Maybe Text resourcePolicy :: Prelude.Maybe Prelude.Text, -- | The ARN of the IAM user that you want to use as the simulated caller of -- the API operations. @CallerArn@ is required if you include a -- @ResourcePolicy@ so that the policy\'s @Principal@ element has a value -- to use in evaluating the policy. -- -- You can specify only the ARN of an IAM user. You cannot specify the ARN -- of an assumed role, federated user, or a service principal. SimulateCustomPolicy -> Maybe Text callerArn :: Prelude.Maybe Prelude.Text, -- | Specifies the type of simulation to run. Different API operations that -- support resource-based policies require different combinations of -- resources. By specifying the type of simulation to run, you enable the -- policy simulator to enforce the presence of the required resources to -- ensure reliable simulation results. If your simulation does not match -- one of the following scenarios, then you can omit this parameter. The -- following list shows each of the supported scenario values and the -- resources that you must define to run the simulation. -- -- Each of the EC2 scenarios requires that you specify instance, image, and -- security-group resources. If your scenario includes an EBS volume, then -- you must specify that volume as a resource. If the EC2 scenario includes -- VPC, then you must supply the network-interface resource. If it includes -- an IP subnet, then you must specify the subnet resource. For more -- information on the EC2 scenario options, see -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported platforms> -- in the /Amazon EC2 User Guide/. -- -- - __EC2-Classic-InstanceStore__ -- -- instance, image, security-group -- -- - __EC2-Classic-EBS__ -- -- instance, image, security-group, volume -- -- - __EC2-VPC-InstanceStore__ -- -- instance, image, security-group, network-interface -- -- - __EC2-VPC-InstanceStore-Subnet__ -- -- instance, image, security-group, network-interface, subnet -- -- - __EC2-VPC-EBS__ -- -- instance, image, security-group, network-interface, volume -- -- - __EC2-VPC-EBS-Subnet__ -- -- instance, image, security-group, network-interface, subnet, volume SimulateCustomPolicy -> Maybe Text resourceHandlingOption :: Prelude.Maybe Prelude.Text, -- | A list of ARNs of Amazon Web Services resources to include in the -- simulation. If this parameter is not provided, then the value defaults -- to @*@ (all resources). Each API in the @ActionNames@ parameter is -- evaluated for each resource in this list. The simulation determines the -- access result (allowed or denied) of each combination and reports it in -- the response. You can simulate resources that don\'t exist in your -- account. -- -- The simulation does not automatically retrieve policies for the -- specified resources. If you want to include a resource policy in the -- simulation, then you must include the policy as a string in the -- @ResourcePolicy@ parameter. -- -- If you include a @ResourcePolicy@, then it must be applicable to all of -- the resources included in the simulation or you receive an invalid input -- error. -- -- For more information about ARNs, see -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)> -- in the /Amazon Web Services General Reference/. SimulateCustomPolicy -> Maybe [Text] resourceArns :: Prelude.Maybe [Prelude.Text], -- | The IAM permissions boundary policy to simulate. The permissions -- boundary sets the maximum permissions that an IAM entity can have. You -- can input only one permissions boundary when you pass a policy to this -- operation. For more information about permissions boundaries, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html Permissions boundaries for IAM entities> -- in the /IAM User Guide/. The policy input is specified as a string that -- contains the complete, valid JSON text of a permissions boundary policy. -- -- The maximum length of the policy document that you can pass in this -- operation, including whitespace, is listed below. To view the maximum -- character counts of a managed policy with no whitespaces, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length IAM and STS character quotas>. -- -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate -- this parameter is a string of characters consisting of the following: -- -- - Any printable ASCII character ranging from the space character -- (@\\u0020@) through the end of the ASCII character range -- -- - The printable characters in the Basic Latin and Latin-1 Supplement -- character set (through @\\u00FF@) -- -- - The special characters tab (@\\u0009@), line feed (@\\u000A@), and -- carriage return (@\\u000D@) SimulateCustomPolicy -> Maybe [Text] permissionsBoundaryPolicyInputList :: Prelude.Maybe [Prelude.Text], -- | Use this parameter only when paginating results and only after you -- receive a response indicating that the results are truncated. Set it to -- the value of the @Marker@ element in the response that you received to -- indicate where the next call should start. SimulateCustomPolicy -> Maybe Text marker :: Prelude.Maybe Prelude.Text, -- | Use this only when paginating results to indicate the maximum number of -- items you want in the response. If additional items exist beyond the -- maximum you specify, the @IsTruncated@ response element is @true@. -- -- If you do not include this parameter, the number of items defaults to -- 100. Note that IAM might return fewer results, even when there are more -- results available. In that case, the @IsTruncated@ response element -- returns @true@, and @Marker@ contains a value to include in the -- subsequent call that tells the service where to continue from. SimulateCustomPolicy -> Maybe Natural maxItems :: Prelude.Maybe Prelude.Natural, -- | A list of context keys and corresponding values for the simulation to -- use. Whenever a context key is evaluated in one of the simulated IAM -- permissions policies, the corresponding value is supplied. SimulateCustomPolicy -> Maybe [ContextEntry] contextEntries :: Prelude.Maybe [ContextEntry], -- | An ARN representing the Amazon Web Services account ID that specifies -- the owner of any simulated resource that does not identify its owner in -- the resource ARN. Examples of resource ARNs include an S3 bucket or -- object. If @ResourceOwner@ is specified, it is also used as the account -- owner of any @ResourcePolicy@ included in the simulation. If the -- @ResourceOwner@ parameter is not specified, then the owner of the -- resources and the resource policy defaults to the account of the -- identity provided in @CallerArn@. This parameter is required only if you -- specify a resource-based policy and account that owns the resource is -- different from the account that owns the simulated calling user -- @CallerArn@. -- -- The ARN for an account uses the following syntax: -- @arn:aws:iam::AWS-account-ID:root@. For example, to represent the -- account with the 112233445566 ID, use the following ARN: -- @arn:aws:iam::112233445566-ID:root@. SimulateCustomPolicy -> Maybe Text resourceOwner :: Prelude.Maybe Prelude.Text, -- | A list of policy documents to include in the simulation. Each document -- is specified as a string containing the complete, valid JSON text of an -- IAM policy. Do not include any resource-based policies in this -- parameter. Any resource-based policy must be submitted with the -- @ResourcePolicy@ parameter. The policies cannot be \"scope-down\" -- policies, such as you could include in a call to -- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html GetFederationToken> -- or one of the -- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html AssumeRole> -- API operations. In other words, do not use policies designed to restrict -- what a user can do while using the temporary credentials. -- -- The maximum length of the policy document that you can pass in this -- operation, including whitespace, is listed below. To view the maximum -- character counts of a managed policy with no whitespaces, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length IAM and STS character quotas>. -- -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate -- this parameter is a string of characters consisting of the following: -- -- - Any printable ASCII character ranging from the space character -- (@\\u0020@) through the end of the ASCII character range -- -- - The printable characters in the Basic Latin and Latin-1 Supplement -- character set (through @\\u00FF@) -- -- - The special characters tab (@\\u0009@), line feed (@\\u000A@), and -- carriage return (@\\u000D@) SimulateCustomPolicy -> [Text] policyInputList :: [Prelude.Text], -- | A list of names of API operations to evaluate in the simulation. Each -- operation is evaluated against each resource. Each operation must -- include the service identifier, such as @iam:CreateUser@. This operation -- does not support using wildcards (*) in an action name. SimulateCustomPolicy -> [Text] actionNames :: [Prelude.Text] } deriving (SimulateCustomPolicy -> SimulateCustomPolicy -> Bool (SimulateCustomPolicy -> SimulateCustomPolicy -> Bool) -> (SimulateCustomPolicy -> SimulateCustomPolicy -> Bool) -> Eq SimulateCustomPolicy forall a. (a -> a -> Bool) -> (a -> a -> Bool) -> Eq a /= :: SimulateCustomPolicy -> SimulateCustomPolicy -> Bool $c/= :: SimulateCustomPolicy -> SimulateCustomPolicy -> Bool == :: SimulateCustomPolicy -> SimulateCustomPolicy -> Bool $c== :: SimulateCustomPolicy -> SimulateCustomPolicy -> Bool Prelude.Eq, ReadPrec [SimulateCustomPolicy] ReadPrec SimulateCustomPolicy Int -> ReadS SimulateCustomPolicy ReadS [SimulateCustomPolicy] (Int -> ReadS SimulateCustomPolicy) -> ReadS [SimulateCustomPolicy] -> ReadPrec SimulateCustomPolicy -> ReadPrec [SimulateCustomPolicy] -> Read SimulateCustomPolicy forall a. (Int -> ReadS a) -> ReadS [a] -> ReadPrec a -> ReadPrec [a] -> Read a readListPrec :: ReadPrec [SimulateCustomPolicy] $creadListPrec :: ReadPrec [SimulateCustomPolicy] readPrec :: ReadPrec SimulateCustomPolicy $creadPrec :: ReadPrec SimulateCustomPolicy readList :: ReadS [SimulateCustomPolicy] $creadList :: ReadS [SimulateCustomPolicy] readsPrec :: Int -> ReadS SimulateCustomPolicy $creadsPrec :: Int -> ReadS SimulateCustomPolicy Prelude.Read, Int -> SimulateCustomPolicy -> ShowS [SimulateCustomPolicy] -> ShowS SimulateCustomPolicy -> String (Int -> SimulateCustomPolicy -> ShowS) -> (SimulateCustomPolicy -> String) -> ([SimulateCustomPolicy] -> ShowS) -> Show SimulateCustomPolicy forall a. (Int -> a -> ShowS) -> (a -> String) -> ([a] -> ShowS) -> Show a showList :: [SimulateCustomPolicy] -> ShowS $cshowList :: [SimulateCustomPolicy] -> ShowS show :: SimulateCustomPolicy -> String $cshow :: SimulateCustomPolicy -> String showsPrec :: Int -> SimulateCustomPolicy -> ShowS $cshowsPrec :: Int -> SimulateCustomPolicy -> ShowS Prelude.Show, (forall x. SimulateCustomPolicy -> Rep SimulateCustomPolicy x) -> (forall x. Rep SimulateCustomPolicy x -> SimulateCustomPolicy) -> Generic SimulateCustomPolicy forall x. Rep SimulateCustomPolicy x -> SimulateCustomPolicy forall x. SimulateCustomPolicy -> Rep SimulateCustomPolicy x forall a. (forall x. a -> Rep a x) -> (forall x. Rep a x -> a) -> Generic a $cto :: forall x. Rep SimulateCustomPolicy x -> SimulateCustomPolicy $cfrom :: forall x. SimulateCustomPolicy -> Rep SimulateCustomPolicy x Prelude.Generic) -- | -- Create a value of 'SimulateCustomPolicy' with all optional fields omitted. -- -- Use <https://hackage.haskell.org/package/generic-lens generic-lens> or <https://hackage.haskell.org/package/optics optics> to modify other optional fields. -- -- The following record fields are available, with the corresponding lenses provided -- for backwards compatibility: -- -- 'resourcePolicy', 'simulateCustomPolicy_resourcePolicy' - A resource-based policy to include in the simulation provided as a -- string. Each resource in the simulation is treated as if it had this -- policy attached. You can include only one resource-based policy in a -- simulation. -- -- The maximum length of the policy document that you can pass in this -- operation, including whitespace, is listed below. To view the maximum -- character counts of a managed policy with no whitespaces, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length IAM and STS character quotas>. -- -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate -- this parameter is a string of characters consisting of the following: -- -- - Any printable ASCII character ranging from the space character -- (@\\u0020@) through the end of the ASCII character range -- -- - The printable characters in the Basic Latin and Latin-1 Supplement -- character set (through @\\u00FF@) -- -- - The special characters tab (@\\u0009@), line feed (@\\u000A@), and -- carriage return (@\\u000D@) -- -- 'callerArn', 'simulateCustomPolicy_callerArn' - The ARN of the IAM user that you want to use as the simulated caller of -- the API operations. @CallerArn@ is required if you include a -- @ResourcePolicy@ so that the policy\'s @Principal@ element has a value -- to use in evaluating the policy. -- -- You can specify only the ARN of an IAM user. You cannot specify the ARN -- of an assumed role, federated user, or a service principal. -- -- 'resourceHandlingOption', 'simulateCustomPolicy_resourceHandlingOption' - Specifies the type of simulation to run. Different API operations that -- support resource-based policies require different combinations of -- resources. By specifying the type of simulation to run, you enable the -- policy simulator to enforce the presence of the required resources to -- ensure reliable simulation results. If your simulation does not match -- one of the following scenarios, then you can omit this parameter. The -- following list shows each of the supported scenario values and the -- resources that you must define to run the simulation. -- -- Each of the EC2 scenarios requires that you specify instance, image, and -- security-group resources. If your scenario includes an EBS volume, then -- you must specify that volume as a resource. If the EC2 scenario includes -- VPC, then you must supply the network-interface resource. If it includes -- an IP subnet, then you must specify the subnet resource. For more -- information on the EC2 scenario options, see -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported platforms> -- in the /Amazon EC2 User Guide/. -- -- - __EC2-Classic-InstanceStore__ -- -- instance, image, security-group -- -- - __EC2-Classic-EBS__ -- -- instance, image, security-group, volume -- -- - __EC2-VPC-InstanceStore__ -- -- instance, image, security-group, network-interface -- -- - __EC2-VPC-InstanceStore-Subnet__ -- -- instance, image, security-group, network-interface, subnet -- -- - __EC2-VPC-EBS__ -- -- instance, image, security-group, network-interface, volume -- -- - __EC2-VPC-EBS-Subnet__ -- -- instance, image, security-group, network-interface, subnet, volume -- -- 'resourceArns', 'simulateCustomPolicy_resourceArns' - A list of ARNs of Amazon Web Services resources to include in the -- simulation. If this parameter is not provided, then the value defaults -- to @*@ (all resources). Each API in the @ActionNames@ parameter is -- evaluated for each resource in this list. The simulation determines the -- access result (allowed or denied) of each combination and reports it in -- the response. You can simulate resources that don\'t exist in your -- account. -- -- The simulation does not automatically retrieve policies for the -- specified resources. If you want to include a resource policy in the -- simulation, then you must include the policy as a string in the -- @ResourcePolicy@ parameter. -- -- If you include a @ResourcePolicy@, then it must be applicable to all of -- the resources included in the simulation or you receive an invalid input -- error. -- -- For more information about ARNs, see -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)> -- in the /Amazon Web Services General Reference/. -- -- 'permissionsBoundaryPolicyInputList', 'simulateCustomPolicy_permissionsBoundaryPolicyInputList' - The IAM permissions boundary policy to simulate. The permissions -- boundary sets the maximum permissions that an IAM entity can have. You -- can input only one permissions boundary when you pass a policy to this -- operation. For more information about permissions boundaries, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html Permissions boundaries for IAM entities> -- in the /IAM User Guide/. The policy input is specified as a string that -- contains the complete, valid JSON text of a permissions boundary policy. -- -- The maximum length of the policy document that you can pass in this -- operation, including whitespace, is listed below. To view the maximum -- character counts of a managed policy with no whitespaces, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length IAM and STS character quotas>. -- -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate -- this parameter is a string of characters consisting of the following: -- -- - Any printable ASCII character ranging from the space character -- (@\\u0020@) through the end of the ASCII character range -- -- - The printable characters in the Basic Latin and Latin-1 Supplement -- character set (through @\\u00FF@) -- -- - The special characters tab (@\\u0009@), line feed (@\\u000A@), and -- carriage return (@\\u000D@) -- -- 'marker', 'simulateCustomPolicy_marker' - Use this parameter only when paginating results and only after you -- receive a response indicating that the results are truncated. Set it to -- the value of the @Marker@ element in the response that you received to -- indicate where the next call should start. -- -- 'maxItems', 'simulateCustomPolicy_maxItems' - Use this only when paginating results to indicate the maximum number of -- items you want in the response. If additional items exist beyond the -- maximum you specify, the @IsTruncated@ response element is @true@. -- -- If you do not include this parameter, the number of items defaults to -- 100. Note that IAM might return fewer results, even when there are more -- results available. In that case, the @IsTruncated@ response element -- returns @true@, and @Marker@ contains a value to include in the -- subsequent call that tells the service where to continue from. -- -- 'contextEntries', 'simulateCustomPolicy_contextEntries' - A list of context keys and corresponding values for the simulation to -- use. Whenever a context key is evaluated in one of the simulated IAM -- permissions policies, the corresponding value is supplied. -- -- 'resourceOwner', 'simulateCustomPolicy_resourceOwner' - An ARN representing the Amazon Web Services account ID that specifies -- the owner of any simulated resource that does not identify its owner in -- the resource ARN. Examples of resource ARNs include an S3 bucket or -- object. If @ResourceOwner@ is specified, it is also used as the account -- owner of any @ResourcePolicy@ included in the simulation. If the -- @ResourceOwner@ parameter is not specified, then the owner of the -- resources and the resource policy defaults to the account of the -- identity provided in @CallerArn@. This parameter is required only if you -- specify a resource-based policy and account that owns the resource is -- different from the account that owns the simulated calling user -- @CallerArn@. -- -- The ARN for an account uses the following syntax: -- @arn:aws:iam::AWS-account-ID:root@. For example, to represent the -- account with the 112233445566 ID, use the following ARN: -- @arn:aws:iam::112233445566-ID:root@. -- -- 'policyInputList', 'simulateCustomPolicy_policyInputList' - A list of policy documents to include in the simulation. Each document -- is specified as a string containing the complete, valid JSON text of an -- IAM policy. Do not include any resource-based policies in this -- parameter. Any resource-based policy must be submitted with the -- @ResourcePolicy@ parameter. The policies cannot be \"scope-down\" -- policies, such as you could include in a call to -- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html GetFederationToken> -- or one of the -- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html AssumeRole> -- API operations. In other words, do not use policies designed to restrict -- what a user can do while using the temporary credentials. -- -- The maximum length of the policy document that you can pass in this -- operation, including whitespace, is listed below. To view the maximum -- character counts of a managed policy with no whitespaces, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length IAM and STS character quotas>. -- -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate -- this parameter is a string of characters consisting of the following: -- -- - Any printable ASCII character ranging from the space character -- (@\\u0020@) through the end of the ASCII character range -- -- - The printable characters in the Basic Latin and Latin-1 Supplement -- character set (through @\\u00FF@) -- -- - The special characters tab (@\\u0009@), line feed (@\\u000A@), and -- carriage return (@\\u000D@) -- -- 'actionNames', 'simulateCustomPolicy_actionNames' - A list of names of API operations to evaluate in the simulation. Each -- operation is evaluated against each resource. Each operation must -- include the service identifier, such as @iam:CreateUser@. This operation -- does not support using wildcards (*) in an action name. newSimulateCustomPolicy :: SimulateCustomPolicy newSimulateCustomPolicy :: SimulateCustomPolicy newSimulateCustomPolicy = SimulateCustomPolicy' :: Maybe Text -> Maybe Text -> Maybe Text -> Maybe [Text] -> Maybe [Text] -> Maybe Text -> Maybe Natural -> Maybe [ContextEntry] -> Maybe Text -> [Text] -> [Text] -> SimulateCustomPolicy SimulateCustomPolicy' { $sel:resourcePolicy:SimulateCustomPolicy' :: Maybe Text resourcePolicy = Maybe Text forall a. Maybe a Prelude.Nothing, $sel:callerArn:SimulateCustomPolicy' :: Maybe Text callerArn = Maybe Text forall a. Maybe a Prelude.Nothing, $sel:resourceHandlingOption:SimulateCustomPolicy' :: Maybe Text resourceHandlingOption = Maybe Text forall a. Maybe a Prelude.Nothing, $sel:resourceArns:SimulateCustomPolicy' :: Maybe [Text] resourceArns = Maybe [Text] forall a. Maybe a Prelude.Nothing, $sel:permissionsBoundaryPolicyInputList:SimulateCustomPolicy' :: Maybe [Text] permissionsBoundaryPolicyInputList = Maybe [Text] forall a. Maybe a Prelude.Nothing, $sel:marker:SimulateCustomPolicy' :: Maybe Text marker = Maybe Text forall a. Maybe a Prelude.Nothing, $sel:maxItems:SimulateCustomPolicy' :: Maybe Natural maxItems = Maybe Natural forall a. Maybe a Prelude.Nothing, $sel:contextEntries:SimulateCustomPolicy' :: Maybe [ContextEntry] contextEntries = Maybe [ContextEntry] forall a. Maybe a Prelude.Nothing, $sel:resourceOwner:SimulateCustomPolicy' :: Maybe Text resourceOwner = Maybe Text forall a. Maybe a Prelude.Nothing, $sel:policyInputList:SimulateCustomPolicy' :: [Text] policyInputList = [Text] forall a. Monoid a => a Prelude.mempty, $sel:actionNames:SimulateCustomPolicy' :: [Text] actionNames = [Text] forall a. Monoid a => a Prelude.mempty } -- | A resource-based policy to include in the simulation provided as a -- string. Each resource in the simulation is treated as if it had this -- policy attached. You can include only one resource-based policy in a -- simulation. -- -- The maximum length of the policy document that you can pass in this -- operation, including whitespace, is listed below. To view the maximum -- character counts of a managed policy with no whitespaces, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length IAM and STS character quotas>. -- -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate -- this parameter is a string of characters consisting of the following: -- -- - Any printable ASCII character ranging from the space character -- (@\\u0020@) through the end of the ASCII character range -- -- - The printable characters in the Basic Latin and Latin-1 Supplement -- character set (through @\\u00FF@) -- -- - The special characters tab (@\\u0009@), line feed (@\\u000A@), and -- carriage return (@\\u000D@) simulateCustomPolicy_resourcePolicy :: Lens.Lens' SimulateCustomPolicy (Prelude.Maybe Prelude.Text) simulateCustomPolicy_resourcePolicy :: (Maybe Text -> f (Maybe Text)) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_resourcePolicy = (SimulateCustomPolicy -> Maybe Text) -> (SimulateCustomPolicy -> Maybe Text -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe Text) (Maybe Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {Maybe Text resourcePolicy :: Maybe Text $sel:resourcePolicy:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text resourcePolicy} -> Maybe Text resourcePolicy) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} Maybe Text a -> SimulateCustomPolicy s {$sel:resourcePolicy:SimulateCustomPolicy' :: Maybe Text resourcePolicy = Maybe Text a} :: SimulateCustomPolicy) -- | The ARN of the IAM user that you want to use as the simulated caller of -- the API operations. @CallerArn@ is required if you include a -- @ResourcePolicy@ so that the policy\'s @Principal@ element has a value -- to use in evaluating the policy. -- -- You can specify only the ARN of an IAM user. You cannot specify the ARN -- of an assumed role, federated user, or a service principal. simulateCustomPolicy_callerArn :: Lens.Lens' SimulateCustomPolicy (Prelude.Maybe Prelude.Text) simulateCustomPolicy_callerArn :: (Maybe Text -> f (Maybe Text)) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_callerArn = (SimulateCustomPolicy -> Maybe Text) -> (SimulateCustomPolicy -> Maybe Text -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe Text) (Maybe Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {Maybe Text callerArn :: Maybe Text $sel:callerArn:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text callerArn} -> Maybe Text callerArn) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} Maybe Text a -> SimulateCustomPolicy s {$sel:callerArn:SimulateCustomPolicy' :: Maybe Text callerArn = Maybe Text a} :: SimulateCustomPolicy) -- | Specifies the type of simulation to run. Different API operations that -- support resource-based policies require different combinations of -- resources. By specifying the type of simulation to run, you enable the -- policy simulator to enforce the presence of the required resources to -- ensure reliable simulation results. If your simulation does not match -- one of the following scenarios, then you can omit this parameter. The -- following list shows each of the supported scenario values and the -- resources that you must define to run the simulation. -- -- Each of the EC2 scenarios requires that you specify instance, image, and -- security-group resources. If your scenario includes an EBS volume, then -- you must specify that volume as a resource. If the EC2 scenario includes -- VPC, then you must supply the network-interface resource. If it includes -- an IP subnet, then you must specify the subnet resource. For more -- information on the EC2 scenario options, see -- <https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-supported-platforms.html Supported platforms> -- in the /Amazon EC2 User Guide/. -- -- - __EC2-Classic-InstanceStore__ -- -- instance, image, security-group -- -- - __EC2-Classic-EBS__ -- -- instance, image, security-group, volume -- -- - __EC2-VPC-InstanceStore__ -- -- instance, image, security-group, network-interface -- -- - __EC2-VPC-InstanceStore-Subnet__ -- -- instance, image, security-group, network-interface, subnet -- -- - __EC2-VPC-EBS__ -- -- instance, image, security-group, network-interface, volume -- -- - __EC2-VPC-EBS-Subnet__ -- -- instance, image, security-group, network-interface, subnet, volume simulateCustomPolicy_resourceHandlingOption :: Lens.Lens' SimulateCustomPolicy (Prelude.Maybe Prelude.Text) simulateCustomPolicy_resourceHandlingOption :: (Maybe Text -> f (Maybe Text)) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_resourceHandlingOption = (SimulateCustomPolicy -> Maybe Text) -> (SimulateCustomPolicy -> Maybe Text -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe Text) (Maybe Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {Maybe Text resourceHandlingOption :: Maybe Text $sel:resourceHandlingOption:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text resourceHandlingOption} -> Maybe Text resourceHandlingOption) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} Maybe Text a -> SimulateCustomPolicy s {$sel:resourceHandlingOption:SimulateCustomPolicy' :: Maybe Text resourceHandlingOption = Maybe Text a} :: SimulateCustomPolicy) -- | A list of ARNs of Amazon Web Services resources to include in the -- simulation. If this parameter is not provided, then the value defaults -- to @*@ (all resources). Each API in the @ActionNames@ parameter is -- evaluated for each resource in this list. The simulation determines the -- access result (allowed or denied) of each combination and reports it in -- the response. You can simulate resources that don\'t exist in your -- account. -- -- The simulation does not automatically retrieve policies for the -- specified resources. If you want to include a resource policy in the -- simulation, then you must include the policy as a string in the -- @ResourcePolicy@ parameter. -- -- If you include a @ResourcePolicy@, then it must be applicable to all of -- the resources included in the simulation or you receive an invalid input -- error. -- -- For more information about ARNs, see -- <https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html Amazon Resource Names (ARNs)> -- in the /Amazon Web Services General Reference/. simulateCustomPolicy_resourceArns :: Lens.Lens' SimulateCustomPolicy (Prelude.Maybe [Prelude.Text]) simulateCustomPolicy_resourceArns :: (Maybe [Text] -> f (Maybe [Text])) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_resourceArns = (SimulateCustomPolicy -> Maybe [Text]) -> (SimulateCustomPolicy -> Maybe [Text] -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe [Text]) (Maybe [Text]) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {Maybe [Text] resourceArns :: Maybe [Text] $sel:resourceArns:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe [Text] resourceArns} -> Maybe [Text] resourceArns) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} Maybe [Text] a -> SimulateCustomPolicy s {$sel:resourceArns:SimulateCustomPolicy' :: Maybe [Text] resourceArns = Maybe [Text] a} :: SimulateCustomPolicy) ((Maybe [Text] -> f (Maybe [Text])) -> SimulateCustomPolicy -> f SimulateCustomPolicy) -> ((Maybe [Text] -> f (Maybe [Text])) -> Maybe [Text] -> f (Maybe [Text])) -> (Maybe [Text] -> f (Maybe [Text])) -> SimulateCustomPolicy -> f SimulateCustomPolicy forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. AnIso [Text] [Text] [Text] [Text] -> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) forall (f :: * -> *) (g :: * -> *) s t a b. (Functor f, Functor g) => AnIso s t a b -> Iso (f s) (g t) (f a) (g b) Lens.mapping AnIso [Text] [Text] [Text] [Text] forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced -- | The IAM permissions boundary policy to simulate. The permissions -- boundary sets the maximum permissions that an IAM entity can have. You -- can input only one permissions boundary when you pass a policy to this -- operation. For more information about permissions boundaries, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_boundaries.html Permissions boundaries for IAM entities> -- in the /IAM User Guide/. The policy input is specified as a string that -- contains the complete, valid JSON text of a permissions boundary policy. -- -- The maximum length of the policy document that you can pass in this -- operation, including whitespace, is listed below. To view the maximum -- character counts of a managed policy with no whitespaces, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length IAM and STS character quotas>. -- -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate -- this parameter is a string of characters consisting of the following: -- -- - Any printable ASCII character ranging from the space character -- (@\\u0020@) through the end of the ASCII character range -- -- - The printable characters in the Basic Latin and Latin-1 Supplement -- character set (through @\\u00FF@) -- -- - The special characters tab (@\\u0009@), line feed (@\\u000A@), and -- carriage return (@\\u000D@) simulateCustomPolicy_permissionsBoundaryPolicyInputList :: Lens.Lens' SimulateCustomPolicy (Prelude.Maybe [Prelude.Text]) simulateCustomPolicy_permissionsBoundaryPolicyInputList :: (Maybe [Text] -> f (Maybe [Text])) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_permissionsBoundaryPolicyInputList = (SimulateCustomPolicy -> Maybe [Text]) -> (SimulateCustomPolicy -> Maybe [Text] -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe [Text]) (Maybe [Text]) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {Maybe [Text] permissionsBoundaryPolicyInputList :: Maybe [Text] $sel:permissionsBoundaryPolicyInputList:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe [Text] permissionsBoundaryPolicyInputList} -> Maybe [Text] permissionsBoundaryPolicyInputList) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} Maybe [Text] a -> SimulateCustomPolicy s {$sel:permissionsBoundaryPolicyInputList:SimulateCustomPolicy' :: Maybe [Text] permissionsBoundaryPolicyInputList = Maybe [Text] a} :: SimulateCustomPolicy) ((Maybe [Text] -> f (Maybe [Text])) -> SimulateCustomPolicy -> f SimulateCustomPolicy) -> ((Maybe [Text] -> f (Maybe [Text])) -> Maybe [Text] -> f (Maybe [Text])) -> (Maybe [Text] -> f (Maybe [Text])) -> SimulateCustomPolicy -> f SimulateCustomPolicy forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. AnIso [Text] [Text] [Text] [Text] -> Iso (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) (Maybe [Text]) forall (f :: * -> *) (g :: * -> *) s t a b. (Functor f, Functor g) => AnIso s t a b -> Iso (f s) (g t) (f a) (g b) Lens.mapping AnIso [Text] [Text] [Text] [Text] forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced -- | Use this parameter only when paginating results and only after you -- receive a response indicating that the results are truncated. Set it to -- the value of the @Marker@ element in the response that you received to -- indicate where the next call should start. simulateCustomPolicy_marker :: Lens.Lens' SimulateCustomPolicy (Prelude.Maybe Prelude.Text) simulateCustomPolicy_marker :: (Maybe Text -> f (Maybe Text)) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_marker = (SimulateCustomPolicy -> Maybe Text) -> (SimulateCustomPolicy -> Maybe Text -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe Text) (Maybe Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {Maybe Text marker :: Maybe Text $sel:marker:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text marker} -> Maybe Text marker) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} Maybe Text a -> SimulateCustomPolicy s {$sel:marker:SimulateCustomPolicy' :: Maybe Text marker = Maybe Text a} :: SimulateCustomPolicy) -- | Use this only when paginating results to indicate the maximum number of -- items you want in the response. If additional items exist beyond the -- maximum you specify, the @IsTruncated@ response element is @true@. -- -- If you do not include this parameter, the number of items defaults to -- 100. Note that IAM might return fewer results, even when there are more -- results available. In that case, the @IsTruncated@ response element -- returns @true@, and @Marker@ contains a value to include in the -- subsequent call that tells the service where to continue from. simulateCustomPolicy_maxItems :: Lens.Lens' SimulateCustomPolicy (Prelude.Maybe Prelude.Natural) simulateCustomPolicy_maxItems :: (Maybe Natural -> f (Maybe Natural)) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_maxItems = (SimulateCustomPolicy -> Maybe Natural) -> (SimulateCustomPolicy -> Maybe Natural -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe Natural) (Maybe Natural) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {Maybe Natural maxItems :: Maybe Natural $sel:maxItems:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Natural maxItems} -> Maybe Natural maxItems) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} Maybe Natural a -> SimulateCustomPolicy s {$sel:maxItems:SimulateCustomPolicy' :: Maybe Natural maxItems = Maybe Natural a} :: SimulateCustomPolicy) -- | A list of context keys and corresponding values for the simulation to -- use. Whenever a context key is evaluated in one of the simulated IAM -- permissions policies, the corresponding value is supplied. simulateCustomPolicy_contextEntries :: Lens.Lens' SimulateCustomPolicy (Prelude.Maybe [ContextEntry]) simulateCustomPolicy_contextEntries :: (Maybe [ContextEntry] -> f (Maybe [ContextEntry])) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_contextEntries = (SimulateCustomPolicy -> Maybe [ContextEntry]) -> (SimulateCustomPolicy -> Maybe [ContextEntry] -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe [ContextEntry]) (Maybe [ContextEntry]) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {Maybe [ContextEntry] contextEntries :: Maybe [ContextEntry] $sel:contextEntries:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe [ContextEntry] contextEntries} -> Maybe [ContextEntry] contextEntries) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} Maybe [ContextEntry] a -> SimulateCustomPolicy s {$sel:contextEntries:SimulateCustomPolicy' :: Maybe [ContextEntry] contextEntries = Maybe [ContextEntry] a} :: SimulateCustomPolicy) ((Maybe [ContextEntry] -> f (Maybe [ContextEntry])) -> SimulateCustomPolicy -> f SimulateCustomPolicy) -> ((Maybe [ContextEntry] -> f (Maybe [ContextEntry])) -> Maybe [ContextEntry] -> f (Maybe [ContextEntry])) -> (Maybe [ContextEntry] -> f (Maybe [ContextEntry])) -> SimulateCustomPolicy -> f SimulateCustomPolicy forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. AnIso [ContextEntry] [ContextEntry] [ContextEntry] [ContextEntry] -> Iso (Maybe [ContextEntry]) (Maybe [ContextEntry]) (Maybe [ContextEntry]) (Maybe [ContextEntry]) forall (f :: * -> *) (g :: * -> *) s t a b. (Functor f, Functor g) => AnIso s t a b -> Iso (f s) (g t) (f a) (g b) Lens.mapping AnIso [ContextEntry] [ContextEntry] [ContextEntry] [ContextEntry] forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced -- | An ARN representing the Amazon Web Services account ID that specifies -- the owner of any simulated resource that does not identify its owner in -- the resource ARN. Examples of resource ARNs include an S3 bucket or -- object. If @ResourceOwner@ is specified, it is also used as the account -- owner of any @ResourcePolicy@ included in the simulation. If the -- @ResourceOwner@ parameter is not specified, then the owner of the -- resources and the resource policy defaults to the account of the -- identity provided in @CallerArn@. This parameter is required only if you -- specify a resource-based policy and account that owns the resource is -- different from the account that owns the simulated calling user -- @CallerArn@. -- -- The ARN for an account uses the following syntax: -- @arn:aws:iam::AWS-account-ID:root@. For example, to represent the -- account with the 112233445566 ID, use the following ARN: -- @arn:aws:iam::112233445566-ID:root@. simulateCustomPolicy_resourceOwner :: Lens.Lens' SimulateCustomPolicy (Prelude.Maybe Prelude.Text) simulateCustomPolicy_resourceOwner :: (Maybe Text -> f (Maybe Text)) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_resourceOwner = (SimulateCustomPolicy -> Maybe Text) -> (SimulateCustomPolicy -> Maybe Text -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe Text) (Maybe Text) forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {Maybe Text resourceOwner :: Maybe Text $sel:resourceOwner:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text resourceOwner} -> Maybe Text resourceOwner) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} Maybe Text a -> SimulateCustomPolicy s {$sel:resourceOwner:SimulateCustomPolicy' :: Maybe Text resourceOwner = Maybe Text a} :: SimulateCustomPolicy) -- | A list of policy documents to include in the simulation. Each document -- is specified as a string containing the complete, valid JSON text of an -- IAM policy. Do not include any resource-based policies in this -- parameter. Any resource-based policy must be submitted with the -- @ResourcePolicy@ parameter. The policies cannot be \"scope-down\" -- policies, such as you could include in a call to -- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_GetFederationToken.html GetFederationToken> -- or one of the -- <https://docs.aws.amazon.com/IAM/latest/APIReference/API_AssumeRole.html AssumeRole> -- API operations. In other words, do not use policies designed to restrict -- what a user can do while using the temporary credentials. -- -- The maximum length of the policy document that you can pass in this -- operation, including whitespace, is listed below. To view the maximum -- character counts of a managed policy with no whitespaces, see -- <https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_iam-quotas.html#reference_iam-quotas-entity-length IAM and STS character quotas>. -- -- The <http://wikipedia.org/wiki/regex regex pattern> used to validate -- this parameter is a string of characters consisting of the following: -- -- - Any printable ASCII character ranging from the space character -- (@\\u0020@) through the end of the ASCII character range -- -- - The printable characters in the Basic Latin and Latin-1 Supplement -- character set (through @\\u00FF@) -- -- - The special characters tab (@\\u0009@), line feed (@\\u000A@), and -- carriage return (@\\u000D@) simulateCustomPolicy_policyInputList :: Lens.Lens' SimulateCustomPolicy [Prelude.Text] simulateCustomPolicy_policyInputList :: ([Text] -> f [Text]) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_policyInputList = (SimulateCustomPolicy -> [Text]) -> (SimulateCustomPolicy -> [Text] -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy [Text] [Text] forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {[Text] policyInputList :: [Text] $sel:policyInputList:SimulateCustomPolicy' :: SimulateCustomPolicy -> [Text] policyInputList} -> [Text] policyInputList) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} [Text] a -> SimulateCustomPolicy s {$sel:policyInputList:SimulateCustomPolicy' :: [Text] policyInputList = [Text] a} :: SimulateCustomPolicy) (([Text] -> f [Text]) -> SimulateCustomPolicy -> f SimulateCustomPolicy) -> (([Text] -> f [Text]) -> [Text] -> f [Text]) -> ([Text] -> f [Text]) -> SimulateCustomPolicy -> f SimulateCustomPolicy forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. ([Text] -> f [Text]) -> [Text] -> f [Text] forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced -- | A list of names of API operations to evaluate in the simulation. Each -- operation is evaluated against each resource. Each operation must -- include the service identifier, such as @iam:CreateUser@. This operation -- does not support using wildcards (*) in an action name. simulateCustomPolicy_actionNames :: Lens.Lens' SimulateCustomPolicy [Prelude.Text] simulateCustomPolicy_actionNames :: ([Text] -> f [Text]) -> SimulateCustomPolicy -> f SimulateCustomPolicy simulateCustomPolicy_actionNames = (SimulateCustomPolicy -> [Text]) -> (SimulateCustomPolicy -> [Text] -> SimulateCustomPolicy) -> Lens SimulateCustomPolicy SimulateCustomPolicy [Text] [Text] forall s a b t. (s -> a) -> (s -> b -> t) -> Lens s t a b Lens.lens (\SimulateCustomPolicy' {[Text] actionNames :: [Text] $sel:actionNames:SimulateCustomPolicy' :: SimulateCustomPolicy -> [Text] actionNames} -> [Text] actionNames) (\s :: SimulateCustomPolicy s@SimulateCustomPolicy' {} [Text] a -> SimulateCustomPolicy s {$sel:actionNames:SimulateCustomPolicy' :: [Text] actionNames = [Text] a} :: SimulateCustomPolicy) (([Text] -> f [Text]) -> SimulateCustomPolicy -> f SimulateCustomPolicy) -> (([Text] -> f [Text]) -> [Text] -> f [Text]) -> ([Text] -> f [Text]) -> SimulateCustomPolicy -> f SimulateCustomPolicy forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. ([Text] -> f [Text]) -> [Text] -> f [Text] forall s t a b. (Coercible s a, Coercible t b) => Iso s t a b Lens.coerced instance Core.AWSPager SimulateCustomPolicy where page :: SimulateCustomPolicy -> AWSResponse SimulateCustomPolicy -> Maybe SimulateCustomPolicy page SimulateCustomPolicy rq AWSResponse SimulateCustomPolicy rs | Maybe Bool -> Bool forall a. AWSTruncated a => a -> Bool Core.stop ( AWSResponse SimulateCustomPolicy SimulatePolicyResponse rs SimulatePolicyResponse -> Getting (First Bool) SimulatePolicyResponse Bool -> Maybe Bool forall s a. s -> Getting (First a) s a -> Maybe a Lens.^? (Maybe Bool -> Const (First Bool) (Maybe Bool)) -> SimulatePolicyResponse -> Const (First Bool) SimulatePolicyResponse Lens' SimulatePolicyResponse (Maybe Bool) simulatePolicyResponse_isTruncated ((Maybe Bool -> Const (First Bool) (Maybe Bool)) -> SimulatePolicyResponse -> Const (First Bool) SimulatePolicyResponse) -> ((Bool -> Const (First Bool) Bool) -> Maybe Bool -> Const (First Bool) (Maybe Bool)) -> Getting (First Bool) SimulatePolicyResponse Bool forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. (Bool -> Const (First Bool) Bool) -> Maybe Bool -> Const (First Bool) (Maybe Bool) forall a b. Prism (Maybe a) (Maybe b) a b Lens._Just ) = Maybe SimulateCustomPolicy forall a. Maybe a Prelude.Nothing | Maybe Text -> Bool forall a. Maybe a -> Bool Prelude.isNothing ( AWSResponse SimulateCustomPolicy SimulatePolicyResponse rs SimulatePolicyResponse -> Getting (First Text) SimulatePolicyResponse Text -> Maybe Text forall s a. s -> Getting (First a) s a -> Maybe a Lens.^? (Maybe Text -> Const (First Text) (Maybe Text)) -> SimulatePolicyResponse -> Const (First Text) SimulatePolicyResponse Lens' SimulatePolicyResponse (Maybe Text) simulatePolicyResponse_marker ((Maybe Text -> Const (First Text) (Maybe Text)) -> SimulatePolicyResponse -> Const (First Text) SimulatePolicyResponse) -> ((Text -> Const (First Text) Text) -> Maybe Text -> Const (First Text) (Maybe Text)) -> Getting (First Text) SimulatePolicyResponse Text forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. (Text -> Const (First Text) Text) -> Maybe Text -> Const (First Text) (Maybe Text) forall a b. Prism (Maybe a) (Maybe b) a b Lens._Just ) = Maybe SimulateCustomPolicy forall a. Maybe a Prelude.Nothing | Bool Prelude.otherwise = SimulateCustomPolicy -> Maybe SimulateCustomPolicy forall a. a -> Maybe a Prelude.Just (SimulateCustomPolicy -> Maybe SimulateCustomPolicy) -> SimulateCustomPolicy -> Maybe SimulateCustomPolicy forall a b. (a -> b) -> a -> b Prelude.$ SimulateCustomPolicy rq SimulateCustomPolicy -> (SimulateCustomPolicy -> SimulateCustomPolicy) -> SimulateCustomPolicy forall a b. a -> (a -> b) -> b Prelude.& (Maybe Text -> Identity (Maybe Text)) -> SimulateCustomPolicy -> Identity SimulateCustomPolicy Lens SimulateCustomPolicy SimulateCustomPolicy (Maybe Text) (Maybe Text) simulateCustomPolicy_marker ((Maybe Text -> Identity (Maybe Text)) -> SimulateCustomPolicy -> Identity SimulateCustomPolicy) -> Maybe Text -> SimulateCustomPolicy -> SimulateCustomPolicy forall s t a b. ASetter s t a b -> b -> s -> t Lens..~ AWSResponse SimulateCustomPolicy SimulatePolicyResponse rs SimulatePolicyResponse -> Getting (First Text) SimulatePolicyResponse Text -> Maybe Text forall s a. s -> Getting (First a) s a -> Maybe a Lens.^? (Maybe Text -> Const (First Text) (Maybe Text)) -> SimulatePolicyResponse -> Const (First Text) SimulatePolicyResponse Lens' SimulatePolicyResponse (Maybe Text) simulatePolicyResponse_marker ((Maybe Text -> Const (First Text) (Maybe Text)) -> SimulatePolicyResponse -> Const (First Text) SimulatePolicyResponse) -> ((Text -> Const (First Text) Text) -> Maybe Text -> Const (First Text) (Maybe Text)) -> Getting (First Text) SimulatePolicyResponse Text forall b c a. (b -> c) -> (a -> b) -> a -> c Prelude.. (Text -> Const (First Text) Text) -> Maybe Text -> Const (First Text) (Maybe Text) forall a b. Prism (Maybe a) (Maybe b) a b Lens._Just instance Core.AWSRequest SimulateCustomPolicy where type AWSResponse SimulateCustomPolicy = SimulatePolicyResponse request :: SimulateCustomPolicy -> Request SimulateCustomPolicy request = Service -> SimulateCustomPolicy -> Request SimulateCustomPolicy forall a. ToRequest a => Service -> a -> Request a Request.postQuery Service defaultService response :: Logger -> Service -> Proxy SimulateCustomPolicy -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse SimulateCustomPolicy))) response = Text -> (Int -> ResponseHeaders -> [Node] -> Either String (AWSResponse SimulateCustomPolicy)) -> Logger -> Service -> Proxy SimulateCustomPolicy -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse SimulateCustomPolicy))) forall (m :: * -> *) a. MonadResource m => Text -> (Int -> ResponseHeaders -> [Node] -> Either String (AWSResponse a)) -> Logger -> Service -> Proxy a -> ClientResponse ClientBody -> m (Either Error (ClientResponse (AWSResponse a))) Response.receiveXMLWrapper Text "SimulateCustomPolicyResult" (\Int s ResponseHeaders h [Node] x -> [Node] -> Either String SimulatePolicyResponse forall a. FromXML a => [Node] -> Either String a Core.parseXML [Node] x) instance Prelude.Hashable SimulateCustomPolicy instance Prelude.NFData SimulateCustomPolicy instance Core.ToHeaders SimulateCustomPolicy where toHeaders :: SimulateCustomPolicy -> ResponseHeaders toHeaders = ResponseHeaders -> SimulateCustomPolicy -> ResponseHeaders forall a b. a -> b -> a Prelude.const ResponseHeaders forall a. Monoid a => a Prelude.mempty instance Core.ToPath SimulateCustomPolicy where toPath :: SimulateCustomPolicy -> ByteString toPath = ByteString -> SimulateCustomPolicy -> ByteString forall a b. a -> b -> a Prelude.const ByteString "/" instance Core.ToQuery SimulateCustomPolicy where toQuery :: SimulateCustomPolicy -> QueryString toQuery SimulateCustomPolicy' {[Text] Maybe Natural Maybe [Text] Maybe [ContextEntry] Maybe Text actionNames :: [Text] policyInputList :: [Text] resourceOwner :: Maybe Text contextEntries :: Maybe [ContextEntry] maxItems :: Maybe Natural marker :: Maybe Text permissionsBoundaryPolicyInputList :: Maybe [Text] resourceArns :: Maybe [Text] resourceHandlingOption :: Maybe Text callerArn :: Maybe Text resourcePolicy :: Maybe Text $sel:actionNames:SimulateCustomPolicy' :: SimulateCustomPolicy -> [Text] $sel:policyInputList:SimulateCustomPolicy' :: SimulateCustomPolicy -> [Text] $sel:resourceOwner:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text $sel:contextEntries:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe [ContextEntry] $sel:maxItems:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Natural $sel:marker:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text $sel:permissionsBoundaryPolicyInputList:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe [Text] $sel:resourceArns:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe [Text] $sel:resourceHandlingOption:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text $sel:callerArn:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text $sel:resourcePolicy:SimulateCustomPolicy' :: SimulateCustomPolicy -> Maybe Text ..} = [QueryString] -> QueryString forall a. Monoid a => [a] -> a Prelude.mconcat [ ByteString "Action" ByteString -> ByteString -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: (ByteString "SimulateCustomPolicy" :: Prelude.ByteString), ByteString "Version" ByteString -> ByteString -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: (ByteString "2010-05-08" :: Prelude.ByteString), ByteString "ResourcePolicy" ByteString -> Maybe Text -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: Maybe Text resourcePolicy, ByteString "CallerArn" ByteString -> Maybe Text -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: Maybe Text callerArn, ByteString "ResourceHandlingOption" ByteString -> Maybe Text -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: Maybe Text resourceHandlingOption, ByteString "ResourceArns" ByteString -> QueryString -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: Maybe QueryString -> QueryString forall a. ToQuery a => a -> QueryString Core.toQuery (ByteString -> [Text] -> QueryString forall a. (IsList a, ToQuery (Item a)) => ByteString -> a -> QueryString Core.toQueryList ByteString "member" ([Text] -> QueryString) -> Maybe [Text] -> Maybe QueryString forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe [Text] resourceArns), ByteString "PermissionsBoundaryPolicyInputList" ByteString -> QueryString -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: Maybe QueryString -> QueryString forall a. ToQuery a => a -> QueryString Core.toQuery ( ByteString -> [Text] -> QueryString forall a. (IsList a, ToQuery (Item a)) => ByteString -> a -> QueryString Core.toQueryList ByteString "member" ([Text] -> QueryString) -> Maybe [Text] -> Maybe QueryString forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe [Text] permissionsBoundaryPolicyInputList ), ByteString "Marker" ByteString -> Maybe Text -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: Maybe Text marker, ByteString "MaxItems" ByteString -> Maybe Natural -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: Maybe Natural maxItems, ByteString "ContextEntries" ByteString -> QueryString -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: Maybe QueryString -> QueryString forall a. ToQuery a => a -> QueryString Core.toQuery ( ByteString -> [ContextEntry] -> QueryString forall a. (IsList a, ToQuery (Item a)) => ByteString -> a -> QueryString Core.toQueryList ByteString "member" ([ContextEntry] -> QueryString) -> Maybe [ContextEntry] -> Maybe QueryString forall (f :: * -> *) a b. Functor f => (a -> b) -> f a -> f b Prelude.<$> Maybe [ContextEntry] contextEntries ), ByteString "ResourceOwner" ByteString -> Maybe Text -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: Maybe Text resourceOwner, ByteString "PolicyInputList" ByteString -> QueryString -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: ByteString -> [Text] -> QueryString forall a. (IsList a, ToQuery (Item a)) => ByteString -> a -> QueryString Core.toQueryList ByteString "member" [Text] policyInputList, ByteString "ActionNames" ByteString -> QueryString -> QueryString forall a. ToQuery a => ByteString -> a -> QueryString Core.=: ByteString -> [Text] -> QueryString forall a. (IsList a, ToQuery (Item a)) => ByteString -> a -> QueryString Core.toQueryList ByteString "member" [Text] actionNames ]