describe_effective_policy

describe_effective_policy(**kwargs)

Returns the contents of the effective policy for specified policy type and account. The effective policy is the aggregation of any policies of the specified type that the account inherits, plus any policy of that type that is directly attached to the account.

This operation applies only to policy types other than service control policies (SCPs).

For more information about policy inheritance, see How Policy Inheritance Works in the Organizations User Guide .

This operation can be called only from the organization's management account or by a member account that is a delegated administrator for an Amazon Web Services service.

See also: AWS API Documentation

Request Syntax

response = client.describe_effective_policy(
    PolicyType='TAG_POLICY'|'BACKUP_POLICY'|'AISERVICES_OPT_OUT_POLICY',
    TargetId='string'
)
Parameters
  • PolicyType (string) --

    [REQUIRED]

    The type of policy that you want information about. You can specify one of the following values:

  • TargetId (string) -- When you're signed in as the management account, specify the ID of the account that you want details about. Specifying an organization root or organizational unit (OU) as the target is not supported.
Return type

dict

Returns

Response Syntax

{
    'EffectivePolicy': {
        'PolicyContent': 'string',
        'LastUpdatedTimestamp': datetime(2015, 1, 1),
        'TargetId': 'string',
        'PolicyType': 'TAG_POLICY'|'BACKUP_POLICY'|'AISERVICES_OPT_OUT_POLICY'
    }
}

Response Structure

  • (dict) --

    • EffectivePolicy (dict) --

      The contents of the effective policy.

      • PolicyContent (string) --

        The text content of the policy.

      • LastUpdatedTimestamp (datetime) --

        The time of the last update to this policy.

      • TargetId (string) --

        The account ID of the policy target.

      • PolicyType (string) --

        The policy type.

Exceptions

  • Organizations.Client.exceptions.AccessDeniedException
  • Organizations.Client.exceptions.AWSOrganizationsNotInUseException
  • Organizations.Client.exceptions.ConstraintViolationException
  • Organizations.Client.exceptions.ServiceException
  • Organizations.Client.exceptions.TooManyRequestsException
  • Organizations.Client.exceptions.TargetNotFoundException
  • Organizations.Client.exceptions.EffectivePolicyNotFoundException
  • Organizations.Client.exceptions.InvalidInputException
  • Organizations.Client.exceptions.UnsupportedAPIEndpointException