Tests if a specified principal is authorized to perform an IoT action on a specified resource. Use this to test and debug the authorization behavior of devices that connect to the IoT device gateway.
Requires permission to access the TestAuthorization action.
See also: AWS API Documentation
Request Syntax
response = client.test_authorization(
principal='string',
cognitoIdentityPoolId='string',
authInfos=[
{
'actionType': 'PUBLISH'|'SUBSCRIBE'|'RECEIVE'|'CONNECT',
'resources': [
'string',
]
},
],
clientId='string',
policyNamesToAdd=[
'string',
],
policyNamesToSkip=[
'string',
]
)
[REQUIRED]
A list of authorization info objects. Simulating authorization will create a response for each authInfo object in the list.
A collection of authorization information.
The type of action for which the principal is being authorized.
The resources for which the principal is being authorized to perform the specified action.
When testing custom authorization, the policies specified here are treated as if they are attached to the principal being authorized.
When testing custom authorization, the policies specified here are treated as if they are not attached to the principal being authorized.
dict
Response Syntax
{
'authResults': [
{
'authInfo': {
'actionType': 'PUBLISH'|'SUBSCRIBE'|'RECEIVE'|'CONNECT',
'resources': [
'string',
]
},
'allowed': {
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
]
},
'denied': {
'implicitDeny': {
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
]
},
'explicitDeny': {
'policies': [
{
'policyName': 'string',
'policyArn': 'string'
},
]
}
},
'authDecision': 'ALLOWED'|'EXPLICIT_DENY'|'IMPLICIT_DENY',
'missingContextValues': [
'string',
]
},
]
}
Response Structure
(dict) --
authResults (list) --
The authentication results.
(dict) --
The authorizer result.
authInfo (dict) --
Authorization information.
actionType (string) --
The type of action for which the principal is being authorized.
resources (list) --
The resources for which the principal is being authorized to perform the specified action.
allowed (dict) --
The policies and statements that allowed the specified action.
policies (list) --
A list of policies that allowed the authentication.
(dict) --
Describes an IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
denied (dict) --
The policies and statements that denied the specified action.
implicitDeny (dict) --
Information that implicitly denies the authorization. When a policy doesn't explicitly deny or allow an action on a resource it is considered an implicit deny.
policies (list) --
Policies that don't contain a matching allow or deny statement for the specified action on the specified resource.
(dict) --
Describes an IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
explicitDeny (dict) --
Information that explicitly denies the authorization.
policies (list) --
The policies that denied the authorization.
(dict) --
Describes an IoT policy.
policyName (string) --
The policy name.
policyArn (string) --
The policy ARN.
authDecision (string) --
The final authorization decision of this scenario. Multiple statements are taken into account when determining the authorization decision. An explicit deny statement can override multiple allow statements.
missingContextValues (list) --
Contains any missing context values found while evaluating policy.
Exceptions
IoT.Client.exceptions.ResourceNotFoundExceptionIoT.Client.exceptions.InvalidRequestExceptionIoT.Client.exceptions.ThrottlingExceptionIoT.Client.exceptions.UnauthorizedExceptionIoT.Client.exceptions.ServiceUnavailableExceptionIoT.Client.exceptions.InternalFailureExceptionIoT.Client.exceptions.LimitExceededException