What is IAM Policy Simulator?
The IAM policy simulator evaluates whether a given principal would be allowed or denied a specific action, without making a real request.
The simulator applies the same evaluation logic AWS uses at runtime — identity-based policies, resource-based policies, permissions boundaries, and SCPs — and reports the decision plus which statement was decisive. It is useful for testing a policy change before it ships.
Because it models effective permissions rather than just listing grants, it helps answer the question that matters for least privilege: not what a policy says, but what a principal can actually do once every policy type is combined.
Common mistake
Reading a single policy document and assuming it reflects effective access. Permissions boundaries, SCPs, and resource policies all combine, so simulate the real decision instead of eyeballing one document.
Related terms
Analyze a real policy free
Shieldly's AI-Powered analyzer explains why an IAM policy is risky and returns the fix in seconds. No signup, no AWS credentials. Also ships as CLI, VS Code extension, GitHub Action, and CDK Guard.
Amazon Web Services (AWS) is a trademark of Amazon.com, Inc. Shieldly is not affiliated with, endorsed by, or sponsored by Amazon Web Services.