GetRolePolicy
Retrieves the specified inline policy document that is embedded with the specified IAM role.
Note
Policies returned by this operation are URL-encoded compliant
with RFC 3986decode
method of the java.net.URLDecoder
utility class in
the Java SDK. Other languages and SDKs provide similar functionality.
An IAM role can also have managed policies attached to it. To retrieve a managed policy document that is attached to a role, use GetPolicy to determine the policy's default version, then use GetPolicyVersion to retrieve the policy document.
For more information about policies, see Managed policies and inline policies in the IAM User Guide.
For more information about roles, see IAM roles in the IAM User Guide.
Request Parameters
For information about the parameters that are common to all actions, see Common Parameters.
- PolicyName
-
The name of the policy document to get.
This parameter allows (through its regex pattern
) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\w+=,.@-]+
Required: Yes
- RoleName
-
The name of the role associated with the policy.
This parameter allows (through its regex pattern
) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[\w+=,.@-]+
Required: Yes
Response Elements
The following elements are returned by the service.
- PolicyDocument
-
The policy document.
IAM stores policies in JSON format. However, resources that were created using AWS CloudFormation templates can be formatted in YAML. AWS CloudFormation always converts a YAML policy to JSON format before submitting it to IAM.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 131072.
Pattern:
[\u0009\u000A\u000D\u0020-\u00FF]+
- PolicyName
-
The name of the policy.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 128.
Pattern:
[\w+=,.@-]+
- RoleName
-
The role the policy is associated with.
Type: String
Length Constraints: Minimum length of 1. Maximum length of 64.
Pattern:
[\w+=,.@-]+
Errors
For information about the errors that are common to all actions, see Common Errors.
- NoSuchEntity
-
The request was rejected because it referenced a resource entity that does not exist. The error message describes the resource.
HTTP Status Code: 404
- ServiceFailure
-
The request processing has failed because of an unknown error, exception or failure.
HTTP Status Code: 500
Examples
Example
This example illustrates one usage of GetRolePolicy.
Sample Request
https://iam.amazonaws.com/?Action=GetRolePolicy
&PolicyName=S3AccessPolicy
&RoleName=S3Access
&Version=2010-05-08
&AUTHPARAMS
Sample Response
<GetRolePolicyResponse xmlns="https://iam.amazonaws.com/doc/2010-05-08/">
<GetRolePolicyResult>
<PolicyName>S3AccessPolicy</PolicyName>
<RoleName>S3Access</RoleName>
<PolicyDocument>
{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Action":["s3:*"],"Resource":["*"]}]}
</PolicyDocument>
</GetRolePolicyResult>
<ResponseMetadata>
<RequestId>7e7cd8bc-99ef-11e1-a4c3-27EXAMPLE804</RequestId>
</ResponseMetadata>
</GetRolePolicyResponse>
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following: