srprash
commented
3 months ago Hi @amitdwivedi-broadcom I think you're issue is related to the AWS SDK for Python, and it should be reported in the https://github.com/boto/boto3 GitHub repo. I will close this one here. Feel free to reopen if I'm wrong.
Simulate policy API which helps us to check the effective permission for role is not working if the policy associated with role has regex like arn:aws::s3:* for resource or any such regex. It still gives that the permission is denied for actions which has resources associated with.
Problem in Python AWS SDK
API: https://boto3.amazonaws.com/v1/documentation/api/latest/reference/services/iam/paginator/SimulatePrincipalPolicy.html
example:: { "Version": "2012-10-17", "Statement": [ { "Action": [ "iam:GetContextKeysForCustomPolicy", "iam:GetContextKeysForPrincipalPolicy", "iam:SimulateCustomPolicy", "iam:SimulatePrincipalPolicy" ], "Effect": "Allow", "Resource": "arn:aws::s3:*" } ] }