Menu
AWS Identity and Access Management
API Reference (API Version 2010-05-08)

GetRolePolicy

Retrieves the specified inline policy document that is embedded with the specified IAM role.

Note

Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.

For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.

For more information about roles, see Using Roles to Delegate Permissions and Federate Identities.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

PolicyName

The name of the policy document to get.

This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: =,.@-+

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: Yes

RoleName

The name of the role associated with the policy.

This parameter allows (per its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: Yes

Response Elements

The following elements are returned by the service.

PolicyDocument

The policy document.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 131072.

Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+

PolicyName

The name of the policy.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

RoleName

The role the policy is associated with.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Errors

For information about the errors that are common to all actions, see Common Errors.

NoSuchEntity

The request was rejected because it referenced an entity that does not exist. The error message describes the entity.

HTTP Status Code: 404

ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Example

Sample Request

Copy
https://iam.amazonaws.com/?Action=GetRolePolicy &PolicyName=S3AccessPolicy &RoleName=S3Access &Version=2010-05-08 &AUTHPARAMS

Sample Response

Copy
<GetRolePolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> <GetRolePolicyResult> <PolicyName>S3AccessPolicy</PolicyName> <RoleName>S3Access</RoleName> <PolicyDocument> {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:*"],"Resource":["*"]}]} </PolicyDocument> </GetRolePolicyResult> <ResponseMetadata> <RequestId>7e7cd8bc-99ef-11e1-a4c3-27EXAMPLE804</RequestId> </ResponseMetadata> </GetRolePolicyResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: