PV1 ⊧ Zelkovaperforms one of built-in checks on an access policy
A policy analysis tool to reason about the semantics of AWS access control policies.Application domain/field
- Cloud computing
- Access control policies
- Security
Expected input
Two AWS policies to compare or one AWS policy and the name of a built-in Zelkova check.Format:
- AWS policy/policies: AWS policy language, in JSON structure
- Name of Zelkova check: passed as an argument
Expected output
When comparing policies: it returns whether the first policy in the payload is less permissive, more permissive, equivalent or incomparable with respect to the second policy For built-in Zelkova check: returnstrue
or false
based on whether the check is satisfied. It can also return unknown
if it could not handle a construct in the policy or the solver times out.