AWS Identity and Access Management
API Reference (API Version 2010-05-08)

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

GetRolePolicy

Retrieves the specified inline policy document that is embedded with the specified IAM role.

Note

Policies returned by this API are URL-encoded compliant with RFC 3986. You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the decode method of the java.net.URLDecoder utility class in the Java SDK. Other languages and SDKs provide similar functionality.

An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.

For more information about policies, see Managed Policies and Inline Policies in the IAM User Guide.

For more information about roles, see Using Roles to Delegate Permissions and Federate Identities.

Request Parameters

For information about the parameters that are common to all actions, see Common Parameters.

PolicyName

The name of the policy document to get.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

Required: Yes

RoleName

The name of the role associated with the policy.

This parameter allows (through its regex pattern) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Required: Yes

Response Elements

The following elements are returned by the service.

PolicyDocument

The policy document.

IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 131072.

Pattern: [\u0009\u000A\u000D\u0020-\u00FF]+

PolicyName

The name of the policy.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [\w+=,.@-]+

RoleName

The role the policy is associated with.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 64.

Pattern: [\w+=,.@-]+

Errors

For information about the errors that are common to all actions, see Common Errors.

NoSuchEntity

The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.

HTTP Status Code: 404

ServiceFailure

The request processing has failed because of an unknown error, exception or failure.

HTTP Status Code: 500

Example

Sample Request

https://iam.amazonaws.com/?Action=GetRolePolicy &PolicyName=S3AccessPolicy &RoleName=S3Access &Version=2010-05-08 &AUTHPARAMS

Sample Response

<GetRolePolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/"> <GetRolePolicyResult> <PolicyName>S3AccessPolicy</PolicyName> <RoleName>S3Access</RoleName> <PolicyDocument> {"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:*"],"Resource":["*"]}]} </PolicyDocument> </GetRolePolicyResult> <ResponseMetadata> <RequestId>7e7cd8bc-99ef-11e1-a4c3-27EXAMPLE804</RequestId> </ResponseMetadata> </GetRolePolicyResponse>

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: