Organizations / Client / describe_policy

describe_policy#

Organizations.Client.describe_policy(**kwargs)#

Retrieves information about a policy.

This operation can be called only from the organization’s management account or by a member account that is a delegated administrator for an Amazon Web Services service.

See also: AWS API Documentation

Request Syntax

response = client.describe_policy(
    PolicyId='string'
)
Parameters:

PolicyId (string) –

[REQUIRED]

The unique identifier (ID) of the policy that you want details about. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.

The regex pattern for a policy ID string requires “p-” followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

Return type:

dict

Returns:

Response Syntax

{
    'Policy': {
        'PolicySummary': {
            'Id': 'string',
            'Arn': 'string',
            'Name': 'string',
            'Description': 'string',
            'Type': 'SERVICE_CONTROL_POLICY'|'TAG_POLICY'|'BACKUP_POLICY'|'AISERVICES_OPT_OUT_POLICY',
            'AwsManaged': True|False
        },
        'Content': 'string'
    }
}

Response Structure

  • (dict) –

    • Policy (dict) –

      A structure that contains details about the specified policy.

      • PolicySummary (dict) –

        A structure that contains additional details about the policy.

        • Id (string) –

          The unique identifier (ID) of the policy.

          The regex pattern for a policy ID string requires “p-” followed by from 8 to 128 lowercase or uppercase letters, digits, or the underscore character (_).

        • Arn (string) –

          The Amazon Resource Name (ARN) of the policy.

          For more information about ARNs in Organizations, see ARN Formats Supported by Organizations in the Amazon Web Services Service Authorization Reference.

        • Name (string) –

          The friendly name of the policy.

          The regex pattern that is used to validate this parameter is a string of any of the characters in the ASCII character range.

        • Description (string) –

          The description of the policy.

        • Type (string) –

          The type of policy.

        • AwsManaged (boolean) –

          A boolean value that indicates whether the specified policy is an Amazon Web Services managed policy. If true, then you can attach the policy to roots, OUs, or accounts, but you cannot edit it.

      • Content (string) –

        The text content of the policy.

Exceptions

  • Organizations.Client.exceptions.AccessDeniedException

  • Organizations.Client.exceptions.AWSOrganizationsNotInUseException

  • Organizations.Client.exceptions.InvalidInputException

  • Organizations.Client.exceptions.PolicyNotFoundException

  • Organizations.Client.exceptions.ServiceException

  • Organizations.Client.exceptions.TooManyRequestsException

  • Organizations.Client.exceptions.UnsupportedAPIEndpointException

Examples

The following example shows how to request information about a policy:/n/n

response = client.describe_policy(
    PolicyId='p-examplepolicyid111',
)

print(response)

Expected Output:

{
    'Policy': {
        'Content': '{\n  \"Version\": \"2012-10-17\",\n  \"Statement\": [\n    {\n      \"Effect\": \"Allow\",\n      \"Action\": \"*\",\n      \"Resource\": \"*\"\n    }\n  ]\n}',
        'PolicySummary': {
            'Arn': 'arn:aws:organizations::111111111111:policy/o-exampleorgid/service_control_policy/p-examplepolicyid111',
            'AwsManaged': False,
            'Description': 'Enables admins to delegate S3 permissions',
            'Id': 'p-examplepolicyid111',
            'Name': 'AllowAllS3Actions',
            'Type': 'SERVICE_CONTROL_POLICY',
        },
    },
    'ResponseMetadata': {
        '...': '...',
    },
}