IAM Tools
Back to All Operators

BinaryEquals

BinaryEquals

BinaryEquals compares a binary value in a request to a list of base64-encoded string representations in your policy. There are no known binary context keys, but this is put here for completeness.

To match a request, the context key must exist in the request and must match at least one of the base64-encoded string representations in your policy.

You can NOT use policy variables in the value of this operator.

BinaryEquals in an Allow Statement

Given the Policy Condition: 
"BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey: null
Then the result is:
Not Allowed Not Allowed Statement does not apply
Given the Policy Condition: 
"BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
   YmFzZUBjbG91ZGNvcGlsb3QuaW8=
Then the result is:
Allowed Allowed Assuming no explicit Deny elsewhere
Given the Policy Condition: 
"BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey: c2lsbGluZXNz
Then the result is:
Not Allowed Not Allowed Statement does not apply

BinaryEquals in a Deny Statement

Given the Policy Condition: 
"BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey: null
Then the result is:
Not Denied Not Denied May be allowed by another statement
Given the Policy Condition: 
"BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey:
   YmFzZUBjbG91ZGNvcGlsb3QuaW8=
Then the result is:
Denied Denied
Given the Policy Condition: 
"BinaryEquals": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}
When the Request Context has:
aws:BinaryKey: c2lsbGluZXNz
Then the result is:
Not Denied Not Denied May be allowed by another statement