Skip to main content

simulatePermissions()

Runs tests through the AWS Simulator ensuring that all the necessary permissions are set for the authenticated user.

The CLI equivalent is npx remotion lambda policies validate.

The function does not reject with an error if a permission is missing, rather the missing permission is indicated in the return value.

This function does only validate the validity of the user policy, not the role policy.

Example

ts
import { simulatePermissions } from "@remotion/lambda";
 
const { results } = await simulatePermissions({
region: "us-east-1",
});
 
for (const result of results) {
console.log(result.decision); // "allowed"
console.log(result.name); // "iam:SimulatePrincipalPolicy"
}
ts
import { simulatePermissions } from "@remotion/lambda";
 
const { results } = await simulatePermissions({
region: "us-east-1",
});
 
for (const result of results) {
console.log(result.decision); // "allowed"
console.log(result.name); // "iam:SimulatePrincipalPolicy"
}

Arguments

An object with the following properties:

region

The AWS region that you would like to query.

onSimulation

optional

A callback function that gets called every time a new simulation has been executed. This allows you to react to new simulation results coming in much faster than waiting for the return value of the function. Example:

ts
import { simulatePermissions } from "@remotion/lambda";
 
const { results } = await simulatePermissions({
region: "us-east-1",
onSimulation: (result) => {
console.log(result.decision); // "allowed"
console.log(result.name); // "iam:SimulatePrincipalPolicy"
},
});
ts
import { simulatePermissions } from "@remotion/lambda";
 
const { results } = await simulatePermissions({
region: "us-east-1",
onSimulation: (result) => {
console.log(result.decision); // "allowed"
console.log(result.name); // "iam:SimulatePrincipalPolicy"
},
});

Return value

An array of objects containing simulation results of each necessary permission. The objects contain the following keys:

decision

Either "allowed", "implicitDeny" or "explicitDeny".

name

The identifier of the required permission. See the Permissions page to see a list of required permissions.

See also