Use ListEntitiesForPolicy with an AWS SDK or CLI

The following code examples show how to use ListEntitiesForPolicy.

CLI

AWS CLI

To list all users, groups, and roles that the specified managed policy is attached to

This example returns a list of IAM groups, roles, and users who have the policy arn:aws:iam::123456789012:policy/TestPolicy attached.

aws iam list-entities-for-policy \
    --policy-arn arn:aws:iam::123456789012:policy/TestPolicy

Output:

{
    "PolicyGroups": [
        {
            "GroupName": "Admins",
            "GroupId": "AGPACKCEVSQ6C2EXAMPLE"
        }
    ],
    "PolicyUsers": [
        {
            "UserName": "Alice",
            "UserId": "AIDACKCEVSQ6C2EXAMPLE"
        }
    ],
    "PolicyRoles": [
        {
            "RoleName": "DevRole",
            "RoleId": "AROADBQP57FF2AEXAMPLE"
        }
    ],
    "IsTruncated": false
}

For more information, see Policies and permissions in IAM in the AWS IAM User Guide.

• For API details, see ListEntitiesForPolicy in AWS CLI Command Reference.

PowerShell

Tools for PowerShell

Example 1: This example returns a list of IAM groups, roles, and users who have the policy arn:aws:iam::123456789012:policy/TestPolicy attached.

Get-IAMEntitiesForPolicy -PolicyArn "arn:aws:iam::123456789012:policy/TestPolicy"

Output:

IsTruncated  : False
Marker       : 
PolicyGroups : {}
PolicyRoles  : {testRole}
PolicyUsers  : {Bob, Theresa}

• For API details, see ListEntitiesForPolicy in AWS Tools for PowerShell Cmdlet Reference.

For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.