get-effective-policies¶
Description¶
Gets a list of the policies that have an effect on the authorization behavior of the specified device when it connects to the AWS IoT device gateway.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
Synopsis¶
get-effective-policies
[--principal <value>]
[--cognito-identity-pool-id <value>]
[--thing-name <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
Options¶
--principal (string)
The principal. Valid principals are CertificateArn (arn:aws:iot:region :accountId :cert/certificateId ), thingGroupArn (arn:aws:iot:region :accountId :thinggroup/groupName ) and CognitoId (region :id ).
--cognito-identity-pool-id (string)
The Cognito identity pool ID.
--thing-name (string)
The thing name.
--cli-input-json | --cli-input-yaml (string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.
--generate-cli-skeleton (string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
Examples¶
To list the policies that effect a thing
The following get-effective-policies example lists the policies that effect the specified thing, including policies attached to any groups to which it belongs.
aws iot get-effective-policies \
--thing-name TemperatureSensor-001 \
--principal arn:aws:iot:us-west-2:123456789012:cert/488b6a7f2acdeb00a77384e63c4e40b18b1b3caaae57b7272ba44c45e3448142
Output:
{
"effectivePolicies": [
{
"policyName": "TemperatureSensorPolicy",
"policyArn": "arn:aws:iot:us-west-2:123456789012:policy/TemperatureSensorPolicy",
"policyDocument": "{
\"Version\": \"2012-10-17\",
\"Statement\": [
{
\"Effect\": \"Allow\",
\"Action\": [
\"iot:Publish\",
\"iot:Receive\"
],
\"Resource\": [
\"arn:aws:iot:us-west-2:123456789012:topic/topic_1\",
\"arn:aws:iot:us-west-2:123456789012:topic/topic_2\"
]
},
{
\"Effect\": \"Allow\",
\"Action\": [
\"iot:Subscribe\"
],
\"Resource\": [
\"arn:aws:iot:us-west-2:123456789012:topicfilter/topic_1\",
\"arn:aws:iot:us-west-2:123456789012:topicfilter/topic_2\"
]
},
{
\"Effect\": \"Allow\",
\"Action\": [
\"iot:Connect\"
],
\"Resource\": [
\"arn:aws:iot:us-west-2:123456789012:client/basicPubSub\"
]
}
]
}"
}
]
}
For more information, see Get Effective Policies for a Thing in the AWS IoT Developers Guide.
Output¶
effectivePolicies -> (list)
The effective policies.
(structure)
The policy that has the effect on the authorization results.
policyName -> (string)
The policy name.
policyArn -> (string)
The policy ARN.
policyDocument -> (string)
The IAM policy document.