checkNoNewAccess method
Checks whether new access is allowed for an updated policy when compared to the existing policy.
You can find examples for reference policies and learn how to set up and
run a custom policy check for new access in the IAM
Access Analyzer custom policy checks samples repository on GitHub. The
reference policies in this repository are meant to be passed to the
existingPolicyDocument request parameter.
May throw AccessDeniedException.
May throw InternalServerException.
May throw InvalidParameterException.
May throw ThrottlingException.
May throw UnprocessableEntityException.
May throw ValidationException.
Parameter existingPolicyDocument :
The JSON policy document to use as the content for the existing policy.
Parameter newPolicyDocument :
The JSON policy document to use as the content for the updated policy.
Parameter policyType :
The type of policy to compare. Identity policies grant permissions to IAM
principals. Identity policies include managed and inline policies for IAM
roles, users, and groups.
Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
Implementation
Future<CheckNoNewAccessResponse> checkNoNewAccess({
required String existingPolicyDocument,
required String newPolicyDocument,
required AccessCheckPolicyType policyType,
}) async {
final $payload = <String, dynamic>{
'existingPolicyDocument': existingPolicyDocument,
'newPolicyDocument': newPolicyDocument,
'policyType': policyType.value,
};
final response = await _protocol.send(
payload: $payload,
method: 'POST',
requestUri: '/policy/check-no-new-access',
exceptionFnMap: _exceptionFns,
);
return CheckNoNewAccessResponse.fromJson(response);
}