[ aws . organizations ]

describe-policy

Description

Retrieves information about a policy.

This operation can be called only from the organization’s management account or by a member account that is a delegated administrator for an AWS service.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  describe-policy
--policy-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--policy-id (string)

The unique identifier (ID) of the policy that you want details about. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.

The regex pattern for a policy ID string requires “p-” followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To get information about a policy

The following example shows how to request information about a policy:

aws organizations describe-policy --policy-id p-examplepolicyid111

The output includes a policy object that contains details about the policy:

{
        "Policy": {
                "Content": "{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": \"*\",\n      \"Resource\": \"*\"\n    }\n  ]\n}",
                "PolicySummary": {
                        "Arn": "arn:aws:organizations::111111111111:policy/o-exampleorgid/service_control_policy/p-examplepolicyid111",
                        "Type": "SERVICE_CONTROL_POLICY",
                        "Id": "p-examplepolicyid111",
                        "AwsManaged": false,
                        "Name": "AllowAllS3Actions",
                        "Description": "Enables admins to delegate S3 permissions"
                }
        }
}

Output

Policy -> (structure)

A structure that contains details about the specified policy.

PolicySummary -> (structure)

A structure that contains additional details about the policy.

Id -> (string)

The unique identifier (ID) of the policy.

The regex pattern for a policy ID string requires “p-” followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

Arn -> (string)

The Amazon Resource Name (ARN) of the policy.

For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the AWS Service Authorization Reference .

Name -> (string)

The friendly name of the policy.

The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.

Description -> (string)

The description of the policy.

Type -> (string)

The type of policy.

AwsManaged -> (boolean)

A boolean value that indicates whether the specified policy is an AWS managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.

Content -> (string)

The text content of the policy.