Glacier / Client / get_vault_access_policy
get_vault_access_policy#
- Glacier.Client.get_vault_access_policy(**kwargs)#
This operation retrieves the
access-policy
subresource set on the vault; for more information on setting this subresource, see Set Vault Access Policy (PUT access-policy). If there is no access policy set on the vault, the operation returns a404 Not found
error. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.See also: AWS API Documentation
Request Syntax
response = client.get_vault_access_policy( vaultName='string' )
- Parameters:
accountId (string) –
The
AccountId
value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single ‘-
’ (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens (‘-’) in the ID.Note: this parameter is set to “-” bydefault if no value is not specified.
vaultName (string) –
[REQUIRED]
The name of the vault.
- Return type:
dict
- Returns:
Response Syntax
{ 'policy': { 'Policy': 'string' } }
Response Structure
(dict) –
Output for GetVaultAccessPolicy.
policy (dict) –
Contains the returned vault access policy as a JSON string.
Policy (string) –
The vault access policy.
Exceptions
Examples
The example retrieves the access-policy set on the vault named example-vault.
response = client.get_vault_access_policy( accountId='-', vaultName='example-vault', ) print(response)
Expected Output:
{ 'policy': { 'Policy': '{"Version":"2012-10-17","Statement":[{"Sid":"Define-owner-access-rights","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::999999999999:root"},"Action":"glacier:DeleteArchive","Resource":"arn:aws:glacier:us-west-2:999999999999:vaults/examplevault"}]}', }, 'ResponseMetadata': { '...': '...', }, }