Glacier / Client / get_vault_access_policy

get_vault_access_policy

Glacier.Client.get_vault_access_policy(**kwargs)

This operation retrieves the access-policy subresource set on the vault; for more information on setting this subresource, see Set Vault Access Policy (PUT access-policy). If there is no access policy set on the vault, the operation returns a 404 Not found error. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.

See also: AWS API Documentation

Request Syntax

response = client.get_vault_access_policy(
    vaultName='string'
)
Parameters:

  • accountId (string) –

    The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single ‘ -’ (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens (‘-’) in the ID.

    Note: this parameter is set to “-” bydefault if no value is not specified.

  • vaultName (string) –

    [REQUIRED]

    The name of the vault.

Return type:

dict

Returns:

Response Syntax

{
    'policy': {
        'Policy': 'string'
    }
}

Response Structure

  • (dict) –

    Output for GetVaultAccessPolicy.

    • policy (dict) –

      Contains the returned vault access policy as a JSON string.

      • Policy (string) –

        The vault access policy.

Exceptions

  • Glacier.Client.exceptions.ResourceNotFoundException

  • Glacier.Client.exceptions.InvalidParameterValueException

  • Glacier.Client.exceptions.MissingParameterValueException

  • Glacier.Client.exceptions.ServiceUnavailableException

  • Glacier.Client.exceptions.NoLongerSupportedException

Examples

The example retrieves the access-policy set on the vault named example-vault.

response = client.get_vault_access_policy(
    accountId='-',
    vaultName='example-vault',
)

print(response)

Expected Output:

{
    'policy': {
        'Policy': '{"Version":"2012-10-17","Statement":[{"Sid":"Define-owner-access-rights","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::999999999999:root"},"Action":"glacier:DeleteArchive","Resource":"arn:aws:glacier:us-west-2:999999999999:vaults/examplevault"}]}',
    },
    'ResponseMetadata': {
        '...': '...',
    },
}