Cloud Security
βοΈ AWS IAM Policy Simulator
Paste an AWS IAM policy JSON, define an action + resource, and simulate whether the request is Allowed or Denied. Supports explicit Deny, wildcards, and condition-less simulation. 100% client-side.
IAM Policy JSON
π― Simulate Request
π Statement Evaluation
π Batch Test
Test multiple action/resource pairs against the loaded policy.
π Parsed Policy Statements
Paste a policy above to see parsed statements.
π IAM Policy Evaluation Logic
| 1. Explicit Deny | If any statement has Effect: Deny matching the action+resource, result is DENY (cannot be overridden) |
| 2. Explicit Allow | If any statement has Effect: Allow matching the action+resource, result is ALLOW |
| 3. Implicit Deny | If no statement matches, result is DENY (default implicit deny) |
| Wildcard * | Matches zero or more characters in action/resource ARNs |
| Wildcard ? | Matches exactly one character |
| Not Action | NotAction allows everything except the listed actions |
| Resource * | Matches any resource ARN |