Updated on 2022-04-14 GMT+08:00

Request Conditions

Request conditions are useful in determining when a custom policy takes effect. A request condition consists of a condition key and operator. Condition keys are either global or service-level and are used in the Condition element of a policy statement. Global condition keys (starting with g:) are available for operations of all services, while service-level condition keys (starting with a service name such as ges) are available only for operations of a specific service. An operator is used together with a condition key to form a complete condition statement.

GES has a group of predefined condition keys that can be used in IAM. For example, to define an allow permission, you can use the condition key hw:SourceIp to match requesters by IP address. The following table shows the request conditions that are used with GES.

Table 1 Request conditions

Condition Key

Type

Description

g:CurrentTime

Date and time

Time when an authentication request is received

NOTE:

The time is in ISO 8601 format, for example, 2012-11-11T23:59:59Z.

g:MFAPresent

Boolean

Whether multi-factor authentication is used for user login

g:UserId

String

User ID used for current login

g:UserName

String

Username used for current login

g:ProjectName

String

Project of the current login

g:DomainName

String

Domain of the current login