Posted On: Oct 30, 2015

Today, AWS Identity and Access Management (IAM) updated the IAM policy simulator to help you to test, verify, and understand resource-level permissions in your account. The policy simulator is a tool that lets you examine and validate the permissions your policies set. Now, the policy simulator will automatically provide a list of resources that must be set in order to simulate the action accurately. For example, when you simulate a call to EC2 runInstances in the policy simulator, now you will be prompted for the six resources (e.g. instance, security group, volume, subnet, image, and network interface) required in order for users to successfully perform this action. These enhancements to the simulator can help you verify that your policies work as expected. Using the IAM policy simulator console or APIs you can now simulate the exact scenario in which your users or applications call an AWS action.

To get started, navigate to the IAM policy simulator, select the user, group, or role and then the actions for the permissions that you wish to verify. Next, enter the resources and parameters required for each action in the ‘Actions Settings and Results’ table. To get started using the SimulatePrincipalPolicy or SimulateCustomPolicy API pass in the required resources and parameters for each action you wish to simulate. Visit Testing IAM Policies with the IAM Policy Simulator documentation and AWS security blog to learn more.