ForAllValues:BinaryEqualsIfExists

Warning:

As far as we know ForAllValues: BinaryEqualsIfExists can never be used because there are no context keys available that are an array of base64-encoded string representations. This is here as an example of how it could work, but if you see this in the wild, it's probably a mistake.

It's totally possible this is a mistake on our part, if you think we got this wrong please send an email to wroooong at cloudcopilot.io and we'll get it fixed up.

ForAllValues: BinaryEqualsIfExists

ForAllValues: BinaryEqualsIfExists compares a list of binary values in a request to a list of base64-encoded string representations in your policy. There are no known binary context keys, but this is put here for completeness.

To match a request, the context key can be absent, but if it is present, all of the binary values in the request must match at least one of the base64-encoded string representations in your policy.

You can NOT use policy variables in the value of this operator.

ForAllValues: BinaryEqualsIfExists in an Allow Statement

Click into any of these polices and change them test how they change the result.

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: null

Then the result is:

Allowed Assuming no explicit Deny elsewhere

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - c2lsbGluZXNz
 - c2hlbmFuaWdhbnM=

Then the result is:

Not Allowed Statement does not apply

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - c2lsbGluZXNz

Then the result is:

Not Allowed Statement does not apply

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=

Then the result is:

Allowed Assuming no explicit Deny elsewhere

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - NjRAY2xvdWRjb3BpbG90Lmlv

Then the result is:

Allowed Assuming no explicit Deny elsewhere

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - NjRAY2xvdWRjb3BpbG90Lmlv
 - c2lsbGluZXNz

Then the result is:

Not Allowed Statement does not apply

ForAllValues: BinaryEqualsIfExists in a Deny Statement

Click into any of these polices and change them test how they change the result.

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: null

Then the result is:

Denied

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - c2lsbGluZXNz
 - c2hlbmFuaWdhbnM=

Then the result is:

Not Denied May be allowed by another statement

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - c2lsbGluZXNz

Then the result is:

Not Denied May be allowed by another statement

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=

Then the result is:

Denied

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - NjRAY2xvdWRjb3BpbG90Lmlv

Then the result is:

Denied

Given the Policy Condition:

"ForAllValues:BinaryEqualsIfExists": {
  "aws:BinaryKey": [
    "YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
    "NjRAY2xvdWRjb3BpbG90Lmlv"
  ]
}

When the Request Context has:

aws:BinaryKey: 
 - YmFzZUBjbG91ZGNvcGlsb3QuaW8=
 - NjRAY2xvdWRjb3BpbG90Lmlv
 - c2lsbGluZXNz

Then the result is:

Not Denied May be allowed by another statement