Use GetGroupPolicy with a CLI - AWS SDK Code Examples

There are more AWS SDK examples available in the AWS Doc SDK Examples GitHub repo.

Use GetGroupPolicy with a CLI

The following code examples show how to use GetGroupPolicy.

CLI
AWS CLI

To get information about a policy attached to an IAM group

The following get-group-policy command gets information about the specified policy attached to the group named Test-Group.

aws iam get-group-policy \
    --group-name Test-Group \
    --policy-name S3-ReadOnly-Policy

Output:

{
    "GroupName": "Test-Group",
    "PolicyDocument": {
        "Statement": [
            {
                "Action": [
                    "s3:Get*",
                    "s3:List*"
                ],
                "Resource": "*",
                "Effect": "Allow"
            }
        ]
    },
    "PolicyName": "S3-ReadOnly-Policy"
}

For more information, see Managing IAM policies in the AWS IAM User Guide.

PowerShell
Tools for PowerShell

Example 1: This example returns details about the embedded inline policy named PowerUserAccess-Testers for the group Testers. The PolicyDocument property is URL encoded. It is decoded in this example with the UrlDecode .NET method.

$results = Get-IAMGroupPolicy -GroupName Testers -PolicyName PowerUserAccess-Testers
$results

Output:

GroupName     PolicyDocument                                              PolicyName
---------     --------------                                              ----------
Testers       %7B%0A%20%20%22Version%22%3A%20%222012-10-17%22%2C%0A%20... PowerUserAccess-Testers

[System.Reflection.Assembly]::LoadWithPartialName("System.Web.HttpUtility")
[System.Web.HttpUtility]::UrlDecode($results.PolicyDocument)
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "NotAction": "iam:*",
      "Resource": "*"
    }
  ]
}

  • For API details, see GetGroupPolicy in AWS Tools for PowerShell Cmdlet Reference.