- Navigation GuideYou are on a Command (operation) page with structural examples. Use the navigation breadcrumb if you would like to return to the Client landing page.
ListKeyPoliciesCommand
Gets the names of the key policies that are attached to a KMS key. This operation is designed to get policy names that you can use in a GetKeyPolicy operation. However, the only valid policy name is default.
Cross-account use: No. You cannot perform this operation on a KMS key in a different Amazon Web Services account.
Required permissions: kms:ListKeyPolicies (key policy)
Related operations:
-
GetKeyPolicy
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency .
Example Syntax
Use a bare-bones client and the command you need to make an API call.
import { KMSClient, ListKeyPoliciesCommand } from "@aws-sdk/client-kms"; // ES Modules import
// const { KMSClient, ListKeyPoliciesCommand } = require("@aws-sdk/client-kms"); // CommonJS import
const client = new KMSClient(config);
const input = { // ListKeyPoliciesRequest
KeyId: "STRING_VALUE", // required
Limit: Number("int"),
Marker: "STRING_VALUE",
};
const command = new ListKeyPoliciesCommand(input);
const response = await client.send(command);
// { // ListKeyPoliciesResponse
// PolicyNames: [ // PolicyNameList
// "STRING_VALUE",
// ],
// NextMarker: "STRING_VALUE",
// Truncated: true || false,
// };
Example Usage
ListKeyPoliciesCommand Input
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
KeyIdRequired | string | undefined | Gets the names of key policies for the specified KMS key. Specify the key ID or key ARN of the KMS key. For example:
To get the key ID and key ARN for a KMS key, use ListKeys or DescribeKey. |
Limit | number | undefined | Use this parameter to specify the maximum number of items to return. When this value is present, KMS does not return more than the specified number of items, but it might return fewer. This value is optional. If you include a value, it must be between 1 and 1000, inclusive. If you do not include a value, it defaults to 100. Only one policy can be attached to a key. |
Marker | string | undefined | Use this parameter in a subsequent request after you receive a response with truncated results. Set it to the value of |
ListKeyPoliciesCommand Output
Parameter | Type | Description |
|---|
Parameter | Type | Description |
|---|---|---|
$metadataRequired | ResponseMetadata | Metadata pertaining to this request. |
NextMarker | string | undefined | When |
PolicyNames | string[] | undefined | A list of key policy names. The only valid value is |
Truncated | boolean | undefined | A flag that indicates whether there are more items in the list. When this value is true, the list in this response is truncated. To get more items, pass the value of the |
Throws
Name | Fault | Details |
|---|
Name | Fault | Details |
|---|---|---|
| DependencyTimeoutException | server | The system timed out while trying to fulfill the request. You can retry the request. |
| InvalidArnException | client | The request was rejected because a specified ARN, or an ARN in a key policy, is not valid. |
| KMSInternalException | server | The request was rejected because an internal exception occurred. The request can be retried. |
| KMSInvalidStateException | client | The request was rejected because the state of the specified resource is not valid for this request. This exceptions means one of the following:
|
| NotFoundException | client | The request was rejected because the specified entity or resource could not be found. |
| KMSServiceException | Base exception class for all service exceptions from KMS service. |