BinaryEquals
BinaryEquals
BinaryEquals compares a binary value in a request to a list of base64-encoded string representations in your policy. There are no known binary context keys, but this is put here for completeness.
To match a request, the context key must exist in the request and must match at least one of the base64-encoded string representations in your policy.
You can NOT use policy variables in the value of this operator.
BinaryEquals in an Allow Statement
| Given the Policy Condition: |
"BinaryEquals": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: null |
| Then the result is: |
 Not Allowed Statement does not apply |
| Given the Policy Condition: |
"BinaryEquals": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
 Allowed Assuming no explicit Deny elsewhere |
| Given the Policy Condition: |
"BinaryEquals": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: c2lsbGluZXNz |
| Then the result is: |
| Not Allowed Statement does not apply |
BinaryEquals in a Deny Statement
| Given the Policy Condition: |
"BinaryEquals": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: null |
| Then the result is: |
| Not Denied May be allowed by another statement |
| Given the Policy Condition: |
"BinaryEquals": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
 Denied |
| Given the Policy Condition: |
"BinaryEquals": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: c2lsbGluZXNz |
| Then the result is: |
| Not Denied May be allowed by another statement |