LookupPolicy
Lists all policies from the root of the Directory to the object
specified. If there are no policies present, an empty list is returned. If policies are
present, and if some objects don't have the policies attached, it returns the ObjectIdentifier
for such objects. If policies are present, it returns ObjectIdentifier, policyId, and
policyType. Paths that don't lead to the root from the target object are ignored. For more
information, see Policies.
Request Syntax
POST /amazonclouddirectory/2017-01-11/policy/lookup HTTP/1.1
x-amz-data-partition: DirectoryArn
Content-type: application/json
{
"MaxResults": number,
"NextToken": "string",
"ObjectReference": {
"Selector": "string"
}
}URI Request Parameters
The request uses the following URI parameters.
- DirectoryArn
-
The Amazon Resource Name (ARN) that is associated with the Directory. For more information, see Arn Examples.
Required: Yes
Request Body
The request accepts the following data in JSON format.
- MaxResults
-
The maximum number of items to be retrieved in a single call. This is an approximate number.
Type: Integer
Valid Range: Minimum value of 1.
Required: No
- NextToken
-
The token to request the next page of results.
Type: String
Required: No
- ObjectReference
-
Reference that identifies the object whose policies will be looked up.
Type: ObjectReference object
Required: Yes
Response Syntax
HTTP/1.1 200
Content-type: application/json
{
"NextToken": "string",
"PolicyToPathList": [
{
"Path": "string",
"Policies": [
{
"ObjectIdentifier": "string",
"PolicyId": "string",
"PolicyType": "string"
}
]
}
]
}Response Elements
If the action is successful, the service sends back an HTTP 200 response.
The following data is returned in JSON format by the service.
- NextToken
-
The pagination token.
Type: String
- PolicyToPathList
-
Provides list of path to policies. Policies contain
PolicyId,ObjectIdentifier, andPolicyType. For more information, see Policies.Type: Array of PolicyToPath objects
Errors
For information about the errors that are common to all actions, see Common Errors.
- AccessDeniedException
-
Access denied or directory not found. Either you don't have permissions for this directory or the directory does not exist. Try calling ListDirectories and check your permissions.
HTTP Status Code: 403
- DirectoryNotEnabledException
-
Operations are only permitted on enabled directories.
HTTP Status Code: 400
- InternalServiceException
-
Indicates a problem that must be resolved by Amazon Web Services. This might be a transient error in which case you can retry your request until it succeeds. Otherwise, go to the AWS Service Health Dashboard
site to see if there are any operational issues with the service. HTTP Status Code: 500
- InvalidArnException
-
Indicates that the provided ARN value is not valid.
HTTP Status Code: 400
- InvalidNextTokenException
-
Indicates that the
NextTokenvalue is not valid.HTTP Status Code: 400
- LimitExceededException
-
Indicates that limits are exceeded. See Limits for more information.
HTTP Status Code: 400
- ResourceNotFoundException
-
The specified resource could not be found.
HTTP Status Code: 404
- RetryableConflictException
-
Occurs when a conflict with a previous successful write is detected. For example, if a write operation occurs on an object and then an attempt is made to read the object using “SERIALIZABLE” consistency, this exception may result. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.
HTTP Status Code: 409
- ValidationException
-
Indicates that your request is malformed in some manner. See the exception message.
HTTP Status Code: 400
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
