Skip to content

Policy_Simulation_Authorization_Engine.md

Latest commit

 

History

History
49 lines (28 loc) · 3.48 KB

Policy_Simulation_Authorization_Engine.md

File metadata and controls

49 lines (28 loc) · 3.48 KB
graph LR
    Policy_Data_Models["Policy Data Models"]
    Policy_Evaluation_Engine["Policy Evaluation Engine"]
    Policy_Simulation_Interface["Policy Simulation Interface"]
    Policy_Data_Models -- "provides data to" --> Policy_Evaluation_Engine
    Policy_Data_Models -- "provides data to" --> Policy_Simulation_Interface
    Policy_Evaluation_Engine -- "consumes data from" --> Policy_Data_Models
    Policy_Simulation_Interface -- "calls" --> Policy_Evaluation_Engine
    Policy_Simulation_Interface -- "consumes data from" --> Policy_Data_Models
    Policy_Evaluation_Engine -- "returns decision to" --> Policy_Simulation_Interface
Loading

CodeBoardingDemoContact

Details

This subsystem is the analytical core of PMapper, responsible for accurately simulating AWS IAM policy evaluation to determine authorization decisions. It provides the foundational capability for security analysis by interpreting and applying IAM policy logic.

Policy Data Models

This component defines the foundational data structures and models for representing AWS IAM policies, statements, principals, actions, resources, and conditions. It ensures consistency and type safety for all policy-related data consumed and processed throughout the simulation engine. Its fundamental importance lies in providing a standardized, robust schema for all policy-related information.

Related Classes/Methods:

Policy Evaluation Engine

This is the granular core of the policy simulation. It contains the detailed logic for evaluating individual AWS IAM policy statements against a given principal, action, resource, and conditions. It handles complex aspects like condition key matching, pattern expansion for actions and resources, and determining the final authorization decision (allow/deny). Its importance stems from its direct implementation of the complex IAM policy evaluation rules.

Related Classes/Methods:

Policy Simulation Interface

This component serves as the public API or facade for interacting with the policy simulation engine. It prepares the necessary context for policy evaluation (e.g., inferring condition keys, handling MFA-aware checks) and orchestrates calls to the Policy Evaluation Engine. It provides high-level functions for initiating authorization queries, abstracting the underlying complexity. Its importance lies in providing a clean, accessible entry point to the simulation capabilities for other parts of the system.

Related Classes/Methods:

FAQ