Use ListKeyPolicies with an AWS SDK or CLI - AWS Key Management Service

Use ListKeyPolicies with an AWS SDK or CLI

The following code examples show how to use ListKeyPolicies.

CLI
AWS CLI

To get the names of key policies for a KMS key

The following list-key-policies example gets the names of the key policies for a customer managed key in the example account and Region. You can use this command to find the names of key policies for AWS managed keys and customer managed keys.

Because the only valid key policy name is default, this command is not useful.

To specify the KMS key, use the key-id parameter. This example uses a key ID value, but you can use a key ID or key ARN in this command.

aws kms list-key-policies \
    --key-id 1234abcd-12ab-34cd-56ef-1234567890ab

Output:

{
    "PolicyNames": [
    "default"
    ]
}

For more information about AWS KMS key policies, see Using Key Policies in AWS KMS in the AWS Key Management Service Developer Guide.

Java
SDK for Java 2.x
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository. 

    /**
     * Asynchronously retrieves the key policy for the specified key ID and policy name.
     *
     * @param keyId       the ID of the AWS KMS key for which to retrieve the policy
     * @param policyName the name of the key policy to retrieve
     * @return a {@link CompletableFuture} that, when completed, contains the key policy as a {@link String}
     */
    public CompletableFuture<String> getKeyPolicyAsync(String keyId, String policyName) {
        GetKeyPolicyRequest policyRequest = GetKeyPolicyRequest.builder()
            .keyId(keyId)
            .policyName(policyName)
            .build();

        return getAsyncClient().getKeyPolicy(policyRequest)
            .thenApply(response -> {
                String policy = response.policy();
                logger.info("The response is: " + policy);
                return policy;
            })
            .exceptionally(ex -> {
                throw new RuntimeException("Failed to get key policy", ex);
            });
    }

  • For API details, see ListKeyPolicies in AWS SDK for Java 2.x API Reference.

Python
SDK for Python (Boto3)
Note

There's more on GitHub. Find the complete example and learn how to set up and run in the AWS Code Examples Repository. 

class KeyPolicy:
    def __init__(self, kms_client):
        self.kms_client = kms_client


    def list_policies(self, key_id):
        """
        Lists the names of the policies for a key.

        :param key_id: The ARN or ID of the key to query.
        """
        try:
            policy_names = self.kms_client.list_key_policies(KeyId=key_id)[
                "PolicyNames"
            ]
        except ClientError as err:
            logging.error(
                "Couldn't list your policies. Here's why: %s",
                err.response["Error"]["Message"],
            )
        else:
            print(f"The policies for key {key_id} are:")
            pprint(policy_names)

  • For API details, see ListKeyPolicies in AWS SDK for Python (Boto3) API Reference.

For a complete list of AWS SDK developer guides and code examples, see Using this service with an AWS SDK. This topic also includes information about getting started and details about previous SDK versions.