GetResourcePolicyCommand

Suggest an Edit

Returns the resource-based policy document attached to the resource, which can be a table or stream, in JSON format.

GetResourcePolicy follows an eventually consistent   model. The following list describes the outcomes when you issue the GetResourcePolicy request immediately after issuing another request:

  • If you issue a GetResourcePolicy request immediately after a PutResourcePolicy request, DynamoDB might return a PolicyNotFoundException.

  • If you issue a GetResourcePolicyrequest immediately after a DeleteResourcePolicy request, DynamoDB might return the policy that was present before the deletion request.

  • If you issue a GetResourcePolicy request immediately after a CreateTable request, which includes a resource-based policy, DynamoDB might return a ResourceNotFoundException or a PolicyNotFoundException.

Because GetResourcePolicy uses an eventually consistent query, the metadata for your policy or table might not be available at that moment. Wait for a few seconds, and then retry the GetResourcePolicy request.

After a GetResourcePolicy request returns a policy created using the PutResourcePolicy request, the policy will be applied in the authorization of requests to the resource. Because this process is eventually consistent, it will take some time to apply the policy to all requests to a resource. Policies that you attach while creating a table using the CreateTable request will always be applied to all requests for that table.

Example Syntax

Use a bare-bones client and the command you need to make an API call.

import { DynamoDBClient, GetResourcePolicyCommand } from "@aws-sdk/client-dynamodb"; // ES Modules import
// const { DynamoDBClient, GetResourcePolicyCommand } = require("@aws-sdk/client-dynamodb"); // CommonJS import
const client = new DynamoDBClient(config);
const input = { // GetResourcePolicyInput
  ResourceArn: "STRING_VALUE", // required
};
const command = new GetResourcePolicyCommand(input);
const response = await client.send(command);
// { // GetResourcePolicyOutput
//   Policy: "STRING_VALUE",
//   RevisionId: "STRING_VALUE",
// };

GetResourcePolicyCommand Input

See GetResourcePolicyCommandInput for more details

Parameter
Type
Description
ResourceArn
Required
string | undefined

The Amazon Resource Name (ARN) of the DynamoDB resource to which the policy is attached. The resources you can specify include tables and streams.

GetResourcePolicyCommand Output

See GetResourcePolicyCommandOutput for details

Parameter
Type
Description
$metadata
Required
ResponseMetadata
Metadata pertaining to this request.
Policy
string | undefined

The resource-based policy document attached to the resource, which can be a table or stream, in JSON format.

RevisionId
string | undefined

A unique string that represents the revision ID of the policy. If you're comparing revision IDs, make sure to always use string comparison logic.

Throws

Name
Fault
Details
InternalServerError
server

An error occurred on the server side.

InvalidEndpointException
client
PolicyNotFoundException
client

The operation tried to access a nonexistent resource-based policy.

If you specified an ExpectedRevisionId, it's possible that a policy is present for the resource but its revision ID didn't match the expected value.

ResourceNotFoundException
client

The operation tried to access a nonexistent table or index. The resource might not be specified correctly, or its status might not be ACTIVE.

DynamoDBServiceException
Base exception class for all service exceptions from DynamoDB service.