GetEffectivePolicies - Amazon IoT
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).


Gets a list of the policies that have an effect on the authorization behavior of the specified device when it connects to the Amazon IoT device gateway.

Requires permission to access the GetEffectivePolicies action.

Request Syntax

POST /effective-policies?thingName=thingName HTTP/1.1 Content-type: application/json { "cognitoIdentityPoolId": "string", "principal": "string" }

URI Request Parameters

The request uses the following URI parameters.


The thing name.

Length Constraints: Minimum length of 1. Maximum length of 128.

Pattern: [a-zA-Z0-9:_-]+

Request Body

The request accepts the following data in JSON format.


The Cognito identity pool ID.

Type: String

Required: No


The principal. Valid principals are CertificateArn (arn:aws:iot:region:accountId:cert/certificateId), thingGroupArn (arn:aws:iot:region:accountId:thinggroup/groupName) and CognitoId (region:id).

Type: String

Required: No

Response Syntax

HTTP/1.1 200 Content-type: application/json { "effectivePolicies": [ { "policyArn": "string", "policyDocument": "string", "policyName": "string" } ] }

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.


The effective policies.

Type: Array of EffectivePolicy objects



An unexpected error has occurred.

HTTP Status Code: 500


The request is not valid.

HTTP Status Code: 400


A limit has been exceeded.

HTTP Status Code: 410


The specified resource does not exist.

HTTP Status Code: 404


The service is temporarily unavailable.

HTTP Status Code: 503


The rate exceeds the limit.

HTTP Status Code: 400


You are not authorized to perform this operation.

HTTP Status Code: 401

See Also

For more information about using this API in one of the language-specific Amazon SDKs, see the following: