When I look at a 'Request Context' in Cloudtrail, I see record contents listed here.
Is there a mapping between the 'Request Context' record contents and the Condition keys?
Or is it correct to say that it is not mandatory for a condition to be present in the 'Request Context' but a Condition Key corresponding to the condition may still be available (AWS magic) to be used in a policy to evaluate this request? Are AWS‐wide keys that use prefix aws: available in all Request Contexts?
When I use a Condition Key in a policy, how can I be sure that the Condition key is present in the Request Context?
Of course, I can add an "ifexists" clause to check for the availability of a Condition key but that is a 'catch all' mechanism. How can I be certain that I need not use "Ifexists" clause when checking a Condition in a policy?
I have posted a different but related question here as well.
I think you are confusing content of CT log event data:
with IAM condition keys for CloudTrial:
Also to check if policy key exist using ...IfExists or Null check.
If the key that you specify in a policy condition is not present in the request context, the values do not match.
The first one contains information about API calls in your CT trial, while the second is used in IAM policies to grant conditional permissions.