ForAnyValue:BinaryEqualsIfExists
Warning:
As far as we know ForAnyValue: BinaryEqualsIfExists can never be used because there are no
context keys available that are an array of base64-encoded string representations. This is here as an example of
how it could work, but if you see this in the wild, it's probably a mistake.
It's totally possible this is a mistake on our part, if you think we got this wrong please send an email to wroooong
at cloudcopilot.io and we'll get it fixed up.
ForAnyValue: BinaryEqualsIfExists
ForAnyValue: BinaryEqualsIfExists compares a list of binary values in a request to a list of base64-encoded string representations in your policy. There are no known binary context keys, but this is put here for completeness.
To match a request, the context key must exist in the request and at least one binary value in the request must match one of the base64-encoded string representations in your policy.
You can NOT use policy variables in the value of this operator.
ForAnyValue: BinaryEqualsIfExists in an Allow Statement
Click into any of these polices and change them test how they change the result.
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: null |
| Then the result is: |
 Not Allowed Statement does not apply |
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
| Not Allowed Statement does not apply |
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
 Allowed Assuming no explicit Deny elsewhere |
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
| Allowed Assuming no explicit Deny elsewhere |
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
| Allowed Assuming no explicit Deny elsewhere |
ForAnyValue: BinaryEqualsIfExists in a Deny Statement
Click into any of these polices and change them test how they change the result.
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: null |
| Then the result is: |
| Not Denied May be allowed by another statement |
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
| Not Denied May be allowed by another statement |
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
 Denied |
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
| Denied |
| Given the Policy Condition: |
"ForAnyValue:BinaryEqualsIfExists": {
"aws:BinaryKey": [
"YmFzZUBjbG91ZGNvcGlsb3QuaW8=",
"NjRAY2xvdWRjb3BpbG90Lmlv"
]
} |
| When the Request Context has: |
aws:BinaryKey: |
| Then the result is: |
| Denied |