Use ListKeyPolicies
with an AWS SDK or CLI
The following code examples show how to use ListKeyPolicies
.
- CLI
-
- AWS CLI
-
To get the names of key policies for a KMS key
The following
list-key-policies
example gets the names of the key policies for a customer managed key in the example account and Region. You can use this command to find the names of key policies for AWS managed keys and customer managed keys.Because the only valid key policy name is
default
, this command is not useful.To specify the KMS key, use the
key-id
parameter. This example uses a key ID value, but you can use a key ID or key ARN in this command.aws kms list-key-policies \ --key-id
1234abcd-12ab-34cd-56ef-1234567890ab
Output:
{ "PolicyNames": [ "default" ] }
For more information about AWS KMS key policies, see Using Key Policies in AWS KMS in the AWS Key Management Service Developer Guide.
-
For API details, see ListKeyPolicies
in AWS CLI Command Reference.
-
- Java
-
- SDK for Java 2.x
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. /** * Asynchronously retrieves the key policy for the specified key ID and policy name. * * @param keyId the ID of the AWS KMS key for which to retrieve the policy * @param policyName the name of the key policy to retrieve * @return a {@link CompletableFuture} that, when completed, contains the key policy as a {@link String} */ public CompletableFuture<String> getKeyPolicyAsync(String keyId, String policyName) { GetKeyPolicyRequest policyRequest = GetKeyPolicyRequest.builder() .keyId(keyId) .policyName(policyName) .build(); return getAsyncClient().getKeyPolicy(policyRequest) .thenApply(response -> { String policy = response.policy(); logger.info("The response is: " + policy); return policy; }) .exceptionally(ex -> { throw new RuntimeException("Failed to get key policy", ex); }); }
-
For API details, see ListKeyPolicies in AWS SDK for Java 2.x API Reference.
-
- Python
-
- SDK for Python (Boto3)
-
Note
There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository
. class KeyPolicy: def __init__(self, kms_client): self.kms_client = kms_client @classmethod def from_client(cls) -> "KeyPolicy": """ Creates a KeyPolicy instance with a default KMS client. :return: An instance of KeyPolicy initialized with the default KMS client. """ kms_client = boto3.client("kms") return cls(kms_client) def list_policies(self, key_id): """ Lists the names of the policies for a key. :param key_id: The ARN or ID of the key to query. """ try: policy_names = self.kms_client.list_key_policies(KeyId=key_id)[ "PolicyNames" ] except ClientError as err: logging.error( "Couldn't list your policies. Here's why: %s", err.response["Error"]["Message"], ) raise else: print(f"The policies for key {key_id} are:") pprint(policy_names)
-
For API details, see ListKeyPolicies in AWS SDK for Python (Boto3) API Reference.
-
For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.