LookupPolicy - Amazon Cloud Directory

LookupPolicy

Lists all policies from the root of the Directory to the object specified. If there are no policies present, an empty list is returned. If policies are present, and if some objects don't have the policies attached, it returns the ObjectIdentifier for such objects. If policies are present, it returns ObjectIdentifier, policyId, and policyType. Paths that don't lead to the root from the target object are ignored. For more information, see Policies.

Request Syntax

POST /amazonclouddirectory/2017-01-11/policy/lookup HTTP/1.1 x-amz-data-partition: DirectoryArn Content-type: application/json { "MaxResults": number, "NextToken": "string", "ObjectReference": { "Selector": "string" } }

URI Request Parameters

The request uses the following URI parameters.

DirectoryArn

The Amazon Resource Name (ARN) that is associated with the Directory. For more information, see Arn Examples.

Required: Yes

Request Body

The request accepts the following data in JSON format.

MaxResults

The maximum number of items to be retrieved in a single call. This is an approximate number.

Type: Integer

Valid Range: Minimum value of 1.

Required: No

NextToken

The token to request the next page of results.

Type: String

Required: No

ObjectReference

Reference that identifies the object whose policies will be looked up.

Type: ObjectReference object

Required: Yes

Response Syntax

HTTP/1.1 200 Content-type: application/json { "NextToken": "string", "PolicyToPathList": [ { "Path": "string", "Policies": [ { "ObjectIdentifier": "string", "PolicyId": "string", "PolicyType": "string" } ] } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

NextToken

The pagination token.

Type: String

PolicyToPathList

Provides list of path to policies. Policies contain PolicyId, ObjectIdentifier, and PolicyType. For more information, see Policies.

Type: Array of PolicyToPath objects

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

Access denied or directory not found. Either you don't have permissions for this directory or the directory does not exist. Try calling ListDirectories and check your permissions.

HTTP Status Code: 403

DirectoryNotEnabledException

Operations are only permitted on enabled directories.

HTTP Status Code: 400

InternalServiceException

Indicates a problem that must be resolved by Amazon Web Services. This might be a transient error in which case you can retry your request until it succeeds. Otherwise, go to the AWS Service Health Dashboard site to see if there are any operational issues with the service.

HTTP Status Code: 500

InvalidArnException

Indicates that the provided ARN value is not valid.

HTTP Status Code: 400

InvalidNextTokenException

Indicates that the NextToken value is not valid.

HTTP Status Code: 400

LimitExceededException

Indicates that limits are exceeded. See Limits for more information.

HTTP Status Code: 400

ResourceNotFoundException

The specified resource could not be found.

HTTP Status Code: 404

RetryableConflictException

Occurs when a conflict with a previous successful write is detected. For example, if a write operation occurs on an object and then an attempt is made to read the object using “SERIALIZABLE” consistency, this exception may result. This generally occurs when the previous write did not have time to propagate to the host serving the current request. A retry (with appropriate backoff logic) is the recommended response to this exception.

HTTP Status Code: 409

ValidationException

Indicates that your request is malformed in some manner. See the exception message.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: