Glacier / Client / get_vault_access_policy

get_vault_access_policy#

Glacier.Client.get_vault_access_policy(**kwargs)#

This operation retrieves the access-policy subresource set on the vault; for more information on setting this subresource, see Set Vault Access Policy (PUT access-policy). If there is no access policy set on the vault, the operation returns a 404 Not found error. For more information about vault access policies, see Amazon Glacier Access Control with Vault Access Policies.

See also: AWS API Documentation

Request Syntax

response = client.get_vault_access_policy(
    vaultName='string'
)
Parameters:
  • accountId (string) –

    The AccountId value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single ‘ -’ (hyphen), in which case Amazon S3 Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens (‘-’) in the ID.

    Note: this parameter is set to “-” bydefault if no value is not specified.

  • vaultName (string) –

    [REQUIRED]

    The name of the vault.

Return type:

dict

Returns:

Response Syntax

{
    'policy': {
        'Policy': 'string'
    }
}

Response Structure

  • (dict) –

    Output for GetVaultAccessPolicy.

    • policy (dict) –

      Contains the returned vault access policy as a JSON string.

      • Policy (string) –

        The vault access policy.

Exceptions

  • Glacier.Client.exceptions.ResourceNotFoundException

  • Glacier.Client.exceptions.InvalidParameterValueException

  • Glacier.Client.exceptions.MissingParameterValueException

  • Glacier.Client.exceptions.ServiceUnavailableException

Examples

The example retrieves the access-policy set on the vault named example-vault.

response = client.get_vault_access_policy(
    accountId='-',
    vaultName='example-vault',
)

print(response)

Expected Output:

{
    'policy': {
        'Policy': '{"Version":"2012-10-17","Statement":[{"Sid":"Define-owner-access-rights","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::999999999999:root"},"Action":"glacier:DeleteArchive","Resource":"arn:aws:glacier:us-west-2:999999999999:vaults/examplevault"}]}',
    },
    'ResponseMetadata': {
        '...': '...',
    },
}