@cloud-copilot/iam-simulate/dist/cjs/analysis/analyzeResults.d.ts

Simulate evaluation of AWS IAM policies

import { RequestAnalysis } from '../evaluate.js';
/**
 * Analyze a RequestAnalysis to see if the request was allowed by identity policies.
 *
 * @param requestAnalysis the request analysis
 * @returns true if the request was allowed by identity policies, false otherwise
 */
export declare function isAllowedByIdentityPolicies(requestAnalysis: RequestAnalysis): boolean;
export type DenialPolicyType = 'identity' | 'resource' | 'scp' | 'rcp' | 'permissionBoundary' | 'endpointPolicy';
export type RequestDenial = {
    policyType: DenialPolicyType;
    identifier?: string;
    denialType: 'Implicit';
} | {
    policyType: DenialPolicyType;
    policyIdentifier?: string;
    statementId: string;
    denialType: 'Explicit';
};
/**
 * Find the policy statements that caused a request to be denied.
 * Analyzes the RequestAnalysis and returns the specific reasons why the request was denied.
 *
 * For an implicit denial, it returns:
 * - the policy type (identity, resource, scp, rcp, permission boundary, endpoint policy)
 * - the identifier, if applicable for an Organizational Unit identifier for SCPs.
 *
 * For an explicit denial, it returns:
 * - the policy type (identity, resource, scp, rcp, permission boundary, endpoint policy)
 * - the policy identifier, if applicable for a managed policy or an SCP
 * - the statement ID (or index) of the denying statement.
 *
 * @param requestAnalysis the request analysis
 * @returns a list of RequestDenial objects describing the reasons for denial
 */
export declare function getDenialReasons(requestAnalysis: RequestAnalysis): RequestDenial[];
//# sourceMappingURL=analyzeResults.d.ts.map