Use GetContextKeysForPrincipalPolicy with an Amazon SDK or CLI

To list the context keys referenced by all policies associated with an IAM principal

The following get-context-keys-for-principal-policy command retrieves all policies that are attached to the user saanvi and any groups she is a member of. It then parses each and lists the context keys used by those policies. Use this command to identify which context key values you must supply to successfully use the simulate-custom-policy and simulate-principal-policy commands. You can also retrieve the list of context keys used by an arbitrary JSON policy by using the get-context-keys-for-custom-policy command.

aws iam get-context-keys-for-principal-policy \
   --policy-source-arn arn:aws:iam::123456789012:user/saanvi

Output:

{
    "ContextKeyNames": [
        "aws:username",
        "aws:CurrentTime"
    ]
}

For more information, see Using the IAM Policy Simulator (Amazon CLI and Amazon API) in the Amazon IAM User Guide.

Example 1: This example fetches all the context keys present in the provided policy json and the policies attached to IAM entity(user/role etc.). For -PolicyInputList you can provide multiple values list as comma separated values.

$policy1 = '{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"dynamodb:*","Resource":"arn:aws:dynamodb:us-west-2:123456789012:table/","Condition":{"DateGreaterThan":{"aws:CurrentTime":"2015-08-16T12:00:00Z"}}}}'
$policy2 = '{"Version":"2012-10-17","Statement":{"Effect":"Allow","Action":"dynamodb:*","Resource":"arn:aws:dynamodb:us-west-2:123456789012:table/"}}'
Get-IAMContextKeysForPrincipalPolicy -PolicyInputList $policy1,$policy2 -PolicySourceArn arn:aws:iam::852640994763:user/TestUser