Use GetGroupPolicy with a CLI - Amazon Identity and Access Management
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Use GetGroupPolicy with a CLI

The following code examples show how to use GetGroupPolicy.

CLI
Amazon CLI

To get information about a policy attached to an IAM group

The following get-group-policy command gets information about the specified policy attached to the group named Test-Group.

aws iam get-group-policy \
    --group-name Test-Group \
    --policy-name S3-ReadOnly-Policy

Output:

{
    "GroupName": "Test-Group",
    "PolicyDocument": {
        "Statement": [
            {
                "Action": [
                    "s3:Get*",
                    "s3:List*"
                ],
                "Resource": "*",
                "Effect": "Allow"
            }
        ]
    },
    "PolicyName": "S3-ReadOnly-Policy"
}

For more information, see Managing IAM policies in the Amazon IAM User Guide.

  • For API details, see GetGroupPolicy in Amazon CLI Command Reference.

PowerShell
Tools for PowerShell V4

Example 1: This example returns details about the embedded inline policy named PowerUserAccess-Testers for the group Testers. The PolicyDocument property is URL encoded. It is decoded in this example with the UrlDecode .NET method.

$results = Get-IAMGroupPolicy -GroupName Testers -PolicyName PowerUserAccess-Testers
$results

Output:

GroupName     PolicyDocument                                              PolicyName
---------     --------------                                              ----------
Testers       %7B%0A%20%20%22Version%22%3A%20%222012-10-17%22%2C%0A%20... PowerUserAccess-Testers

[System.Reflection.Assembly]::LoadWithPartialName("System.Web.HttpUtility")
[System.Web.HttpUtility]::UrlDecode($results.PolicyDocument)
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "NotAction": "iam:*",
      "Resource": "*"
    }
  ]
}

  • For API details, see GetGroupPolicy in Amazon Tools for PowerShell Cmdlet Reference (V4).

Tools for PowerShell V5

Example 1: This example returns details about the embedded inline policy named PowerUserAccess-Testers for the group Testers. The PolicyDocument property is URL encoded. It is decoded in this example with the UrlDecode .NET method.

$results = Get-IAMGroupPolicy -GroupName Testers -PolicyName PowerUserAccess-Testers
$results

Output:

GroupName     PolicyDocument                                              PolicyName
---------     --------------                                              ----------
Testers       %7B%0A%20%20%22Version%22%3A%20%222012-10-17%22%2C%0A%20... PowerUserAccess-Testers

[System.Reflection.Assembly]::LoadWithPartialName("System.Web.HttpUtility")
[System.Web.HttpUtility]::UrlDecode($results.PolicyDocument)
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "NotAction": "iam:*",
      "Resource": "*"
    }
  ]
}

  • For API details, see GetGroupPolicy in Amazon Tools for PowerShell Cmdlet Reference (V5).

For a complete list of Amazon SDK developer guides and code examples, see Using this service with an Amazon SDK. This topic also includes information about getting started and details about previous SDK versions.