Amazon IAM Access Analyzer · JSON Structure

Iam Access Analyzer Validate Policy Request Structure

ValidatePolicyRequest schema from AWS IAM Access Analyzer API

Type: object Properties: 4 Required: 2
Access ControlComplianceIAMPolicy ManagementSecurity

ValidatePolicyRequest is a JSON Structure definition published by Amazon IAM Access Analyzer, describing 4 properties, of which 2 are required. It conforms to the https://json-structure.org/meta/core/v0/# meta-schema.

Properties

locale policyDocument policyType validatePolicyResourceType

Meta-schema: https://json-structure.org/meta/core/v0/#

JSON Structure

Raw ↑ 
{
  "$schema": "https://json-structure.org/meta/core/v0/#",
  "$id": "https://raw.githubusercontent.com/api-evangelist/amazon-iam-access-analyzer/refs/heads/main/json-structure/iam-access-analyzer-validate-policy-request-structure.json",
  "name": "ValidatePolicyRequest",
  "description": "ValidatePolicyRequest schema from AWS IAM Access Analyzer API",
  "type": "object",
  "properties": {
    "locale": {
      "allOf": [
        {
          "$ref": "#/components/schemas/Locale"
        },
        {
          "description": "The locale to use for localizing the findings."
        }
      ]
    },
    "policyDocument": {
      "allOf": [
        {
          "$ref": "#/components/schemas/PolicyDocument"
        },
        {
          "description": "The JSON policy document to use as the content for the policy."
        }
      ]
    },
    "policyType": {
      "allOf": [
        {
          "$ref": "#/components/schemas/PolicyType"
        },
        {
          "description": "<p>The type of policy to validate. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups. They also include service-control policies (SCPs) that are attached to an Amazon Web Services organization, organizational unit (OU), or an account.</p> <p>Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy. </p>"
        }
      ]
    },
    "validatePolicyResourceType": {
      "allOf": [
        {
          "$ref": "#/components/schemas/ValidatePolicyResourceType"
        },
        {
          "description": "<p>The type of resource to attach to your resource policy. Specify a value for the policy validation resource type only if the policy type is <code>RESOURCE_POLICY</code>. For example, to validate a resource policy to attach to an Amazon S3 bucket, you can choose <code>AWS::S3::Bucket</code> for the policy validation resource type.</p> <p>For resource types not supported as valid values, IAM Access Analyzer runs policy checks that apply to all resource policies. For example, to validate a resource policy to attach to a KMS key, do not specify a value for the policy validation resource type and IAM Access Analyzer will run policy checks that apply to all resource policies.</p>"
        }
      ]
    }
  },
  "required": [
    "policyDocument",
    "policyType"
  ]
}