Toggle the scenario; the diagram and verdict update live. Press Run request to send a
request through the gates and watch where it stops. Nested boxes are policy scopes — SCP/RCP wrap the
account, the boundary and identity/resource policies wrap the principal and resource.
Can't see a policy (SCP, RCP, boundary)? Set it to “?” and the evaluator turns
detective, ranking which hidden gate is the likely suspect.
▶The cast — what are these parties?New to AWS permissions? Start here — click any card to expand it, or click a box in the diagram below.
▶Example scenariosClick one to load a worked situation into the controls and diagram below.