# GetAccountAuthorizationDetails Retrieves information about all IAM users, groups, roles, and policies in your AWS account, including their relationships to one another. Use this operation to obtain a snapshot of the configuration of IAM permissions (users, groups, roles, and policies) in your account. **Note** Policies returned by this operation are URL-encoded compliant with [RFC 3986](https://tools.ietf.org/html/rfc3986). You can use a URL decoding method to convert the policy back to plain JSON text. For example, if you use Java, you can use the `decode` method of the `java.net.URLDecoder` utility class in the Java SDK. Other languages and SDKs provide similar functionality, and some SDKs do this decoding automatically. You can optionally filter the results using the `Filter` parameter. You can paginate the results using the `MaxItems` and `Marker` parameters. ## Request Parameters For information about the parameters that are common to all actions, see [Common Parameters](CommonParameters.md). **Filter.member.N** A list of entity types used to filter the results. Only the entities that match the types you specify are included in the output. Use the value `LocalManagedPolicy` to include customer managed policies. The format for this parameter is a comma-separated (if more than one) list of strings. Each string value in the list must be one of the valid values listed below. Type: Array of strings Valid Values: `User | Role | Group | LocalManagedPolicy | AWSManagedPolicy` Required: No ** Marker ** Use this parameter only when paginating results and only after you receive a response indicating that the results are truncated. Set it to the value of the `Marker` element in the response that you received to indicate where the next call should start. Type: String Length Constraints: Minimum length of 1. Pattern: `[\u0020-\u00FF]+` Required: No ** MaxItems ** Use this only when paginating results to indicate the maximum number of items you want in the response. If additional items exist beyond the maximum you specify, the `IsTruncated` response element is `true`. If you do not include this parameter, the number of items defaults to 100. Note that IAM might return fewer results, even when there are more results available. In that case, the `IsTruncated` response element returns `true`, and `Marker` contains a value to include in the subsequent call that tells the service where to continue from. Type: Integer Valid Range: Minimum value of 1. Maximum value of 1000. Required: No ## Response Elements The following elements are returned by the service. **GroupDetailList.member.N** A list containing information about IAM groups. Type: Array of [GroupDetail](API_GroupDetail.md) objects ** IsTruncated ** A flag that indicates whether there are more items to return. If your results were truncated, you can make a subsequent pagination request using the `Marker` request parameter to retrieve more items. Note that IAM might return fewer than the `MaxItems` number of results even when there are more results available. We recommend that you check `IsTruncated` after every call to ensure that you receive all your results. Type: Boolean ** Marker ** When `IsTruncated` is `true`, this element is present and contains the value to use for the `Marker` parameter in a subsequent pagination request. Type: String **Policies.member.N** A list containing information about managed policies. Type: Array of [ManagedPolicyDetail](API_ManagedPolicyDetail.md) objects **RoleDetailList.member.N** A list containing information about IAM roles. Type: Array of [RoleDetail](API_RoleDetail.md) objects **UserDetailList.member.N** A list containing information about IAM users. Type: Array of [UserDetail](API_UserDetail.md) objects ## Errors For information about the errors that are common to all actions, see [Common Error Types](CommonErrors.md). ** ServiceFailure ** The request processing has failed because of an unknown error, exception or failure. HTTP Status Code: 500 ## Examples ### Example This example illustrates one usage of GetAccountAuthorizationDetails. #### Sample Request ``` https://iam.amazonaws.com/?Action=GetAccountAuthorizationDetails &Version=2010-05-08 &AUTHPARAMS ``` #### Sample Response ``` true Admins AIDACKCEVSQ6C2EXAMPLE / Alice arn:aws:iam::123456789012:user/Alice 2013-10-14T18:32:24Z Admins DenyBillingAndIAMPolicy {"Version":"2012-10-17", "Statement":{"Effect":"Deny","Action": ["aws-portal:*","iam:*"],"Resource":"*"}} AIDACKCEVSQ6C3EXAMPLE / Bob arn:aws:iam::123456789012:user/Bob 2013-10-14T18:32:25Z Dev AIDACKCEVSQ6C4EXAMPLE / Charlie arn:aws:iam::123456789012:user/Charlie 2013-10-14T18:33:56Z Dev AIDACKCEVSQ6C5EXAMPLE / Danielle arn:aws:iam::123456789012:user/Danielle 2013-10-14T18:33:56Z Finance AIDACKCEVSQ6C6EXAMPLE / Elaine arn:aws:iam::123456789012:user/Elaine 2013-10-14T18:57:48Z EXAMPLEkakv9BCuUNFDtxWSyfzetYwEx2ADc8dnzfvERF5S6YMvXKx41t6gCl/eeaCX3Jo94/ bKqezEAg8TEVS99EKFLxm3jtbpl25FDWEXAMPLE AIDACKCEVSQ6C7EXAMPLE AdministratorAccess arn:aws:iam::aws:policy/AdministratorAccess Admins / arn:aws:iam::123456789012:group/Admins 2013-10-14T18:32:24Z AIDACKCEVSQ6C8EXAMPLE PowerUserAccess arn:aws:iam::aws:policy/PowerUserAccess Dev / arn:aws:iam::123456789012:group/Dev 2013-10-14T18:33:55Z AIDACKCEVSQ6C9EXAMPLE Finance / arn:aws:iam::123456789012:group/Finance 2013-10-14T18:57:48Z policygen-201310141157 {"Version":"2012-10-17", "Statement":[{"Action":["aws-portal:*"], "Sid":"Stmt1381777017000","Resource":["*"],"Effect":"Allow"}]} AmazonS3FullAccess arn:aws:iam::aws:policy/AmazonS3FullAccess AmazonDynamoDBFullAccess arn:aws:iam::aws:policy/AmazonDynamoDBFullAccess EC2role / arn:aws:iam::123456789012:role/EC2role EC2role {"Version":"2012-10-17", "Statement":[{"Sid":"", "Effect":"Allow","Principal":{"Service":"ec2.amazonaws.com"}, "Action":"sts:AssumeRole"}]} 2014-07-30T17:09:20Z AROAFP4BKI7Y7TEXAMPLE 2019-11-20T17:09:20Z us-east-1 / arn:aws:iam::123456789012:instance-profile/EC2role AIPAFFYRBHWXW2EXAMPLE 2014-07-30T17:09:20Z / arn:aws:iam::123456789012:role/EC2role EC2role {"Version":"2012-10-17", "Statement":[{"Sid":"","Effect":"Allow", "Principal":{"Service":"ec2.amazonaws.com"}, "Action":"sts:AssumeRole"}]} 2014-07-30T17:09:20Z AROAFP4BKI7Y7TEXAMPLE create-update-delete-set-managed-policies v1 ANPAJ2UCCR6DPCEXAMPLE / {"Version":"2012-10-17", "Statement":{"Effect":"Allow", "Action":["iam:CreatePolicy","iam:CreatePolicyVersion", "iam:DeletePolicy","iam:DeletePolicyVersion","iam:GetPolicy", "iam:GetPolicyVersion","iam:ListPolicies", "iam:ListPolicyVersions","iam:SetDefaultPolicyVersion"], "Resource":"*"}} true v1 2015-02-06T19:58:34Z arn:aws:iam::123456789012:policy/create-update-delete-set-managed-policies 1 2015-02-06T19:58:34Z true 2015-02-06T19:58:34Z S3-read-only-specific-bucket v1 ANPAJ4AE5446DAEXAMPLE / {"Version":"2012-10-17", "Statement":[{"Effect":"Allow","Action": ["s3:Get*","s3:List*"],"Resource":["arn:aws:s3:::example-bucket", "arn:aws:s3:::example-bucket/*"]}]} true v1 2015-01-21T21:39:41Z arn:aws:iam::123456789012:policy/S3-read-only-specific-bucket 1 2015-01-21T21:39:41Z true 2015-01-21T23:39:41Z AWSOpsWorksRole v1 ANPAE376NQ77WV6KGJEBE /service-role/ {"Version":"2012-10-17", "Statement":[{"Effect":"Allow","Action": ["cloudwatch:GetMetricStatistics","ec2:DescribeAccountAttributes", "ec2:DescribeAvailabilityZones","ec2:DescribeInstances", "ec2:DescribeKeyPairs","ec2:DescribeSecurityGroups","ec2:DescribeSubnets", "ec2:DescribeVpcs","elasticloadbalancing:DescribeInstanceHealth", "elasticloadbalancing:DescribeLoadBalancers","iam:GetRolePolicy", "iam:ListInstanceProfiles","iam:ListRoles","iam:ListUsers", "iam:PassRole","opsworks:*","rds:*"],"Resource":["*"]}]} true v1 2014-12-10T22:57:47Z arn:aws:iam::aws:policy/service-role/AWSOpsWorksRole 1 2015-02-06T18:41:27Z true 2015-02-06T18:41:27Z AmazonEC2FullAccess v1 ANPAE3QWE5YT46TQ34WLG / {"Version":"2012-10-17", "Statement":[{"Action":"ec2:*", "Effect":"Allow","Resource":"*"},{"Effect":"Allow", "Action":"elasticloadbalancing:*","Resource":"*"},{"Effect":"Allow", "Action":"cloudwatch:*","Resource":"*"},{"Effect":"Allow", "Action":"autoscaling:*","Resource":"*"}]} true v1 2014-10-30T20:59:46Z arn:aws:iam::aws:policy/AmazonEC2FullAccess 1 2015-02-06T18:40:15Z true 2015-02-06T18:40:15Z 92e79ae7-7399-11e4-8c85-4b53eEXAMPLE ``` ## See Also For more information about using this API in one of the language-specific AWS SDKs, see the following: + [AWS Command Line Interface V2](https://docs.aws.amazon.com/goto/cli2/iam-2010-05-08/GetAccountAuthorizationDetails) + [AWS SDK for .NET V4](https://docs.aws.amazon.com/goto/DotNetSDKV4/iam-2010-05-08/GetAccountAuthorizationDetails) + [AWS SDK for C\$1\$1](https://docs.aws.amazon.com/goto/SdkForCpp/iam-2010-05-08/GetAccountAuthorizationDetails) + [AWS SDK for Go v2](https://docs.aws.amazon.com/goto/SdkForGoV2/iam-2010-05-08/GetAccountAuthorizationDetails) + [AWS SDK for Java V2](https://docs.aws.amazon.com/goto/SdkForJavaV2/iam-2010-05-08/GetAccountAuthorizationDetails) + [AWS SDK for JavaScript V3](https://docs.aws.amazon.com/goto/SdkForJavaScriptV3/iam-2010-05-08/GetAccountAuthorizationDetails) + [AWS SDK for Kotlin](https://docs.aws.amazon.com/goto/SdkForKotlin/iam-2010-05-08/GetAccountAuthorizationDetails) + [AWS SDK for PHP V3](https://docs.aws.amazon.com/goto/SdkForPHPV3/iam-2010-05-08/GetAccountAuthorizationDetails) + [AWS SDK for Python](https://docs.aws.amazon.com/goto/boto3/iam-2010-05-08/GetAccountAuthorizationDetails) + [AWS SDK for Ruby V3](https://docs.aws.amazon.com/goto/SdkForRubyV3/iam-2010-05-08/GetAccountAuthorizationDetails)