get_vault_access_policy
(**kwargs)¶This operation retrieves the access-policy
subresource set on the vault; for more information on setting this subresource, see Set Vault Access Policy (PUT access-policy). If there is no access policy set on the vault, the operation returns a 404 Not found
error. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.
See also: AWS API Documentation
Request Syntax
response = client.get_vault_access_policy(
vaultName='string'
)
The AccountId
value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single ' -
' (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.
Note: this parameter is set to "-" bydefault if no value is not specified.
[REQUIRED]
The name of the vault.
dict
Response Syntax
{
'policy': {
'Policy': 'string'
}
}
Response Structure
(dict) --
Output for GetVaultAccessPolicy.
policy (dict) --
Contains the returned vault access policy as a JSON string.
Policy (string) --
The vault access policy.
Exceptions
Glacier.Client.exceptions.ResourceNotFoundException
Glacier.Client.exceptions.InvalidParameterValueException
Glacier.Client.exceptions.MissingParameterValueException
Glacier.Client.exceptions.ServiceUnavailableException
Examples
The example retrieves the access-policy set on the vault named example-vault.
response = client.get_vault_access_policy(
accountId='-',
vaultName='example-vault',
)
print(response)
Expected Output:
{
'policy': {
'Policy': '{"Version":"2012-10-17","Statement":[{"Sid":"Define-owner-access-rights","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::999999999999:root"},"Action":"glacier:DeleteArchive","Resource":"arn:aws:glacier:us-west-2:999999999999:vaults/examplevault"}]}',
},
'ResponseMetadata': {
'...': '...',
},
}