Cheat Sheet logoCheat Sheet Today
AWS CLI IAM and STS Cheat Sheet/Simulate effective permissions

Test whether a principal can perform an action on a resource.

Back to sheetBrowse commands
Sign in to save
Section: IAM Policies

Simulate effective permissions

bash
bash
aws iam simulate-principal-policy --policy-source-arn arn:aws:iam::123456789012:role/AppRole --action-names s3:GetObject --resource-arns arn:aws:s3:::my-bucket/*
Explanation

Very useful when debugging access denied errors.

View in sheet →

Learn the surrounding workflow

Compare similar commands or jump into common fixes when this command is part of a bigger troubleshooting path.

Compare commandsView fixes

Related commands

Same sheet · prioritizing IAM Policies
List managed policies
Show AWS-managed and customer-managed policies.
OpenIn sheetbashsame section
Get policy metadata
Read high-level metadata for a managed policy.
OpenIn sheetbashsame section
Get policy document version
Read the JSON document for a specific policy version.
OpenIn sheetbashsame section
Create a managed policy
Create a new customer-managed policy from JSON.
OpenIn sheetbashsame section
Attach a managed policy to a role
Grant a role the permissions from a managed policy.
OpenIn sheetbashsame section
Detach a managed policy from a role
Remove a managed policy from a role.
OpenIn sheetbashsame section