simulatePermissions()
Runs tests through the AWS Simulator ensuring that all the necessary permissions are set for the authenticated user.
The CLI equivalent is npx remotion lambda policies validate
.
The function does not reject with an error if a permission is missing, rather the missing permission is indicated in the return value.
This function does only validate the validity of the user policy, not the role policy.
Example
ts
import {simulatePermissions } from "@remotion/lambda";const {results } = awaitsimulatePermissions ({region : "us-east-1",});for (constresult ofresults ) {console .log (result .decision ); // "allowed"console .log (result .name ); // "iam:SimulatePrincipalPolicy"}
ts
import {simulatePermissions } from "@remotion/lambda";const {results } = awaitsimulatePermissions ({region : "us-east-1",});for (constresult ofresults ) {console .log (result .decision ); // "allowed"console .log (result .name ); // "iam:SimulatePrincipalPolicy"}
Arguments
An object with the following properties:
region
The AWS region that you would like to query.
onSimulation
optional
A callback function that gets called every time a new simulation has been executed. This allows you to react to new simulation results coming in much faster than waiting for the return value of the function. Example:
ts
import {simulatePermissions } from "@remotion/lambda";const {results } = awaitsimulatePermissions ({region : "us-east-1",onSimulation : (result ) => {console .log (result .decision ); // "allowed"console .log (result .name ); // "iam:SimulatePrincipalPolicy"},});
ts
import {simulatePermissions } from "@remotion/lambda";const {results } = awaitsimulatePermissions ({region : "us-east-1",onSimulation : (result ) => {console .log (result .decision ); // "allowed"console .log (result .name ); // "iam:SimulatePrincipalPolicy"},});
Return value
An array of objects containing simulation results of each necessary permission. The objects contain the following keys:
decision
Either "allowed"
, "implicitDeny"
or "explicitDeny"
.
name
The identifier of the required permission. See the Permissions page to see a list of required permissions.