BedrockAgentCoreControl / Client / get_policy_generation_summary

get_policy_generation_summary

BedrockAgentCoreControl.Client.get_policy_generation_summary(**kwargs)

Retrieves a metadata-only summary of a specific policy generation request without decrypting customer content. This lightweight read operation returns resource identifiers, status, timestamps, and findings, but does not include status reasons. Because this operation does not require access to the customer’s KMS key, it is suitable for resource discovery, inventory, and integration scenarios where only metadata is needed.

See also: AWS API Documentation

Request Syntax

response = client.get_policy_generation_summary(
    policyGenerationId='string',
    policyEngineId='string'
)
Parameters:

  • policyGenerationId (string) –

    [REQUIRED]

    The unique identifier of the policy generation request to retrieve the summary for.

  • policyEngineId (string) –

    [REQUIRED]

    The identifier of the policy engine associated with the policy generation request.

Return type:

dict

Returns:

Response Syntax

{
    'policyEngineId': 'string',
    'policyGenerationId': 'string',
    'name': 'string',
    'policyGenerationArn': 'string',
    'resource': {
        'arn': 'string'
    },
    'createdAt': datetime(2015, 1, 1),
    'updatedAt': datetime(2015, 1, 1),
    'status': 'GENERATING'|'GENERATED'|'GENERATE_FAILED'|'DELETE_FAILED',
    'findings': 'string'
}

Response Structure

  • (dict) –

    • policyEngineId (string) –

      The identifier of the policy engine associated with this policy generation.

    • policyGenerationId (string) –

      The unique identifier of the policy generation request.

    • name (string) –

      The customer-assigned name for the policy generation request.

    • policyGenerationArn (string) –

      The Amazon Resource Name (ARN) of the policy generation request.

    • resource (dict) –

      The resource information associated with the policy generation.

      Note

      This is a Tagged Union structure. Only one of the following top level keys will be set: arn. If a client receives an unknown member it will set SDK_UNKNOWN_MEMBER as the top level key, which maps to the name or tag of the unknown member. The structure of SDK_UNKNOWN_MEMBER is as follows:

      'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}

      • arn (string) –

        The Amazon Resource Name (ARN) of the resource. This globally unique identifier specifies the exact resource that policies will be evaluated against for access control decisions.

    • createdAt (datetime) –

      The timestamp when the policy generation request was created.

    • updatedAt (datetime) –

      The timestamp when the policy generation was last updated.

    • status (string) –

      The current status of the policy generation request.

    • findings (string) –

      The findings from the policy generation process, if available.

Exceptions

  • BedrockAgentCoreControl.Client.exceptions.AccessDeniedException

  • BedrockAgentCoreControl.Client.exceptions.ValidationException

  • BedrockAgentCoreControl.Client.exceptions.ThrottlingException

  • BedrockAgentCoreControl.Client.exceptions.ResourceNotFoundException

  • BedrockAgentCoreControl.Client.exceptions.InternalServerException