AWS Policy Simulator

  • Can evaluate the policy, permissions and actions
  • Does not make the actual changes in the resources
  • Since it does not make any actual request, it only response if the action is allowed or denied
  • Any changes in the policy emulator does not change the actual policy
  • In AWS Organizations, the SCP can be simulated
  • To use in cli
  • Need the context keys
  • Use iam simulate-custom-policy command