Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Use GetGroupPolicy
with an Amazon SDK or command line tool
The following code examples show how to use GetGroupPolicy
.
- CLI
-
- Amazon CLI
-
To get information about a policy attached to an IAM group
The following get-group-policy
command gets information about the specified policy attached to the group named Test-Group
.
aws iam get-group-policy \
--group-name Test-Group \
--policy-name S3-ReadOnly-Policy
Output:
{
"GroupName": "Test-Group",
"PolicyDocument": {
"Statement": [
{
"Action": [
"s3:Get*",
"s3:List*"
],
"Resource": "*",
"Effect": "Allow"
}
]
},
"PolicyName": "S3-ReadOnly-Policy"
}
For more information, see Managing IAM policies in the Amazon IAM User Guide.
- PowerShell
-
- Tools for PowerShell
-
Example 1: This example returns details about the embedded inline policy named PowerUserAccess-Testers
for the group Testers
. The PolicyDocument
property is URL encoded. It is decoded in this example with the UrlDecode
.NET method.
$results = Get-IAMGroupPolicy -GroupName Testers -PolicyName PowerUserAccess-Testers
$results
Output:
GroupName PolicyDocument PolicyName
--------- -------------- ----------
Testers %7B%0A%20%20%22Version%22%3A%20%222012-10-17%22%2C%0A%20... PowerUserAccess-Testers
[System.Reflection.Assembly]::LoadWithPartialName("System.Web.HttpUtility")
[System.Web.HttpUtility]::UrlDecode($results.PolicyDocument)
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"NotAction": "iam:*",
"Resource": "*"
}
]
}
For a complete list of Amazon SDK developer guides and code examples, see
Using IAM with an Amazon SDK.
This topic also includes information about getting started and details about previous SDK versions.