evalDecisionDetails property
Additional details about the results of the cross-account evaluation decision. This parameter is populated for only cross-account simulations. It contains a brief summary of how each policy type contributes to the final evaluation decision.
If the simulation evaluates policies within the same account and includes a
resource ARN, then the parameter is present but the response is empty. If
the simulation evaluates policies within the same account and specifies all
resources (*
), then the parameter is not returned.
When you make a cross-account request, AWS evaluates the request in the
trusting account and the trusted account. The request is allowed only if
both evaluations return true
. For more information about how
policies are evaluated, see Evaluating
Policies Within a Single Account.
If an AWS Organizations SCP included in the evaluation denies access, the simulation ends. In this case, policy evaluation does not proceed any further and this parameter is not returned.
Implementation
final Map<String, PolicyEvaluationDecisionType>? evalDecisionDetails;