Values.CheckNoNewAccessRequestSourceChecks whether new access is allowed for an updated policy when compared to the existing policy. You can find examples for reference policies and learn how to set up and run a custom policy check for new access in the IAM Access Analyzer custom policy checks samples repository on GitHub. The reference policies in this repository are meant to be passed to the existingPolicyDocument request parameter.
type nonrec t = {newPolicyDocument : AccessCheckPolicyDocument.t;The JSON policy document to use as the content for the updated policy.
*)existingPolicyDocument : AccessCheckPolicyDocument.t;The JSON policy document to use as the content for the existing policy.
*)policyType : AccessCheckPolicyType.t;The type of policy to compare. Identity policies grant permissions to IAM principals. Identity policies include managed and inline policies for IAM roles, users, and groups. Resource policies grant permissions on Amazon Web Services resources. Resource policies include trust policies for IAM roles and bucket policies for Amazon S3 buckets. You can provide a generic input such as identity policy or resource policy or a specific input such as managed policy or Amazon S3 bucket policy.
*)}val make :
newPolicyDocument:AccessCheckPolicyDocument.t ->
existingPolicyDocument:AccessCheckPolicyDocument.t ->
policyType:AccessCheckPolicyType.t ->
unit ->
tval to_value :
t ->
[> `Structure of
(string * [> `Enum of string | `String of AccessCheckPolicyDocument.t ])
list ]