Posted On: Oct 23, 2015

Today, AWS Identity and Access Management (IAM) made it easier to verify permissions using the policy simulator by adding support for resource-based policies, such as Amazon S3 bucket policies. This new feature extends the capabilities of the policy simulator to help you understand, test, and validate how your resource-based policies and IAM policies work together to grant or deny access to your IAM entities (users, groups, and roles). Using the IAM policy simulator or APIs you can include resource-based policies for Amazon S3 buckets, Amazon Glacier vaults, Amazon SNS topics, and Amazon SQS queues in your simulations.

To get started navigate directly to the IAM Policy Simulator, choose the user, group, or role you wish to verify access to, and specify an Amazon Resource Name (ARN) in the ‘Simulations Settings’. To get started using the SimulatePrincipalPolicy or SimulateCustomPolicy API pass in the resource-based policy when invoking the API. You can learn more about resource-based policies in the IAM policy simulator by visiting the AWS security blog.