APIs.io Engineering Platform · Capability
APIs.io Engineering Platform AWS Identity and Access Management — #Action=SimulatePrincipalPolicy

APIs.io Engineering Platform AWS Identity and Access Management — #Action=SimulatePrincipalPolicy. 2 operations. Lead operation: #Action=SimulatePrincipalPolicy. Self-contained Naftiko capability covering one Engineering Platform business surface.
Run with Naftiko Engineering Platform#Action=SimulatePrincipalPolicy
What You Can Do

GET
Getsimulateprincipalpolicy —
Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group, or role. If you sp
/v1/action-simulateprincipalpolicy
POST
Postsimulateprincipalpolicy —
/v1/action-simulateprincipalpolicy
MCP Tools

p-simulate-how-set-iam-policies

read-only idempotent
p-simulate-how-set-iam-policies-2

read-only
Capability Spec

naftiko: 1.0.0-alpha2
info:
  label: 'APIs.io Engineering Platform AWS Identity and Access Management — #Action=SimulatePrincipalPolicy'
  description: 'APIs.io Engineering Platform AWS Identity and Access Management — #Action=SimulatePrincipalPolicy. 2 operations.
    Lead operation: #Action=SimulatePrincipalPolicy. Self-contained Naftiko capability covering one Engineering Platform business
    surface.'
  tags:
  - Engineering Platform
  - '#Action=SimulatePrincipalPolicy'
  created: '2026-05-19'
  modified: '2026-05-19'
binds:
- namespace: env
  keys:
    ENGINEERING_PLATFORM_API_KEY: ENGINEERING_PLATFORM_API_KEY
capability:
  consumes:
  - type: http
    namespace: aws-iam-action-simulateprincipalpolicy
    baseUri: https://iam.amazonaws.com
    description: 'APIs.io Engineering Platform AWS Identity and Access Management — #Action=SimulatePrincipalPolicy business
      capability. Self-contained, no shared references.'
    resources:
    - name: '#Action=SimulatePrincipalPolicy'
      path: /#Action=SimulatePrincipalPolicy
      operations:
      - name: getsimulateprincipalpolicy
        method: GET
        description: <p>Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and
          Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group,
          or role. If you sp
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: PolicySourceArn
          in: query
          type: string
          description: <p>The Amazon Resource Name (ARN) of a user, group, or role whose policies you want to include in the
            simulation. If you specify a user, group, or role, the sim
          required: true
        - name: PolicyInputList
          in: query
          type: array
          description: <p>An optional list of additional policy documents to include in the simulation. Each document is specified
            as a string containing the complete, valid JSON text
        - name: PermissionsBoundaryPolicyInputList
          in: query
          type: array
          description: <p>The IAM permissions boundary policy to simulate. The permissions boundary sets the maximum permissions
            that the entity can have. You can input only one permi
        - name: ActionNames
          in: query
          type: array
          description: A list of names of API operations to evaluate in the simulation. Each operation is evaluated for each
            resource. Each operation must include the service identifi
          required: true
        - name: ResourceArns
          in: query
          type: array
          description: <p>A list of ARNs of Amazon Web Services resources to include in the simulation. If this parameter
            is not provided, then the value defaults to <code>*</code> (a
        - name: ResourcePolicy
          in: query
          type: string
          description: '<p>A resource-based policy to include in the simulation provided as a string. Each resource in the
            simulation is treated as if it had this policy attached. You '
        - name: ResourceOwner
          in: query
          type: string
          description: 'An Amazon Web Services account ID that specifies the owner of any simulated resource that does not
            identify its owner in the resource ARN. Examples of resource '
        - name: CallerArn
          in: query
          type: string
          description: <p>The ARN of the IAM user that you want to specify as the simulated caller of the API operations.
            If you do not specify a <code>CallerArn</code>, it defaults t
        - name: ContextEntries
          in: query
          type: array
          description: A list of context keys and corresponding values for the simulation to use. Whenever a context key is
            evaluated in one of the simulated IAM permissions policies,
        - name: ResourceHandlingOption
          in: query
          type: string
          description: <p>Specifies the type of simulation to run. Different API operations that support resource-based policies
            require different combinations of resources. By specif
        - name: MaxItems
          in: query
          type: integer
          description: <p>Use this only when paginating results to indicate the maximum number of items you want in the response.
            If additional items exist beyond the maximum you spec
        - name: Marker
          in: query
          type: string
          description: Use this parameter only when paginating results and only after you receive a response indicating that
            the results are truncated. Set it to the value of the <cod
        - name: Action
          in: query
          type: string
          required: true
        - name: Version
          in: query
          type: string
          required: true
      - name: postsimulateprincipalpolicy
        method: POST
        description: <p>Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and
          Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group,
          or role. If you sp
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
        inputParameters:
        - name: MaxItems
          in: query
          type: string
          description: Pagination limit
        - name: Marker
          in: query
          type: string
          description: Pagination token
        - name: Action
          in: query
          type: string
          required: true
        - name: Version
          in: query
          type: string
          required: true
        - name: body
          in: body
          type: object
          description: Request body (JSON).
          required: false
    authentication:
      type: apikey
      key: Authorization
      value: '{{env.ENGINEERING_PLATFORM_API_KEY}}'
      placement: header
  exposes:
  - type: rest
    namespace: aws-iam-action-simulateprincipalpolicy-rest
    port: 8080
    description: 'REST adapter for APIs.io Engineering Platform AWS Identity and Access Management — #Action=SimulatePrincipalPolicy.
      One Spectral-compliant resource per consumed operation, prefixed with /v1.'
    resources:
    - path: /v1/action-simulateprincipalpolicy
      name: action-simulateprincipalpolicy
      description: 'REST surface for #Action=SimulatePrincipalPolicy.'
      operations:
      - method: GET
        name: getsimulateprincipalpolicy
        description: <p>Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and
          Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group,
          or role. If you sp
        call: aws-iam-action-simulateprincipalpolicy.getsimulateprincipalpolicy
        with:
          PolicySourceArn: rest.PolicySourceArn
          PolicyInputList: rest.PolicyInputList
          PermissionsBoundaryPolicyInputList: rest.PermissionsBoundaryPolicyInputList
          ActionNames: rest.ActionNames
          ResourceArns: rest.ResourceArns
          ResourcePolicy: rest.ResourcePolicy
          ResourceOwner: rest.ResourceOwner
          CallerArn: rest.CallerArn
          ContextEntries: rest.ContextEntries
          ResourceHandlingOption: rest.ResourceHandlingOption
          MaxItems: rest.MaxItems
          Marker: rest.Marker
          Action: rest.Action
          Version: rest.Version
        outputParameters:
        - type: object
          mapping: $.
      - method: POST
        name: postsimulateprincipalpolicy
        description: <p>Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and
          Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group,
          or role. If you sp
        call: aws-iam-action-simulateprincipalpolicy.postsimulateprincipalpolicy
        with:
          MaxItems: rest.MaxItems
          Marker: rest.Marker
          Action: rest.Action
          Version: rest.Version
          body: rest.body
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    namespace: aws-iam-action-simulateprincipalpolicy-mcp
    port: 9090
    transport: http
    description: 'MCP adapter for APIs.io Engineering Platform AWS Identity and Access Management — #Action=SimulatePrincipalPolicy.
      One tool per consumed operation, routed inline through this capability''s consumes block.'
    tools:
    - name: p-simulate-how-set-iam-policies
      description: <p>Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and
        Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group,
        or role. If you sp
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: aws-iam-action-simulateprincipalpolicy.getsimulateprincipalpolicy
      with:
        PolicySourceArn: tools.PolicySourceArn
        PolicyInputList: tools.PolicyInputList
        PermissionsBoundaryPolicyInputList: tools.PermissionsBoundaryPolicyInputList
        ActionNames: tools.ActionNames
        ResourceArns: tools.ResourceArns
        ResourcePolicy: tools.ResourcePolicy
        ResourceOwner: tools.ResourceOwner
        CallerArn: tools.CallerArn
        ContextEntries: tools.ContextEntries
        ResourceHandlingOption: tools.ResourceHandlingOption
        MaxItems: tools.MaxItems
        Marker: tools.Marker
        Action: tools.Action
        Version: tools.Version
      outputParameters:
      - type: object
        mapping: $.
    - name: p-simulate-how-set-iam-policies-2
      description: <p>Simulate how a set of IAM policies attached to an IAM entity works with a list of API operations and
        Amazon Web Services resources to determine the policies' effective permissions. The entity can be an IAM user, group,
        or role. If you sp
      hints:
        readOnly: true
        destructive: false
        idempotent: false
      call: aws-iam-action-simulateprincipalpolicy.postsimulateprincipalpolicy
      with:
        MaxItems: tools.MaxItems
        Marker: tools.Marker
        Action: tools.Action
        Version: tools.Version
        body: tools.body
      outputParameters:
      - type: object
        mapping: $.