group_policy
Gets an individual group_policy resource
Overview
| Name | group_policy |
| Type | Resource |
| Description | group_policy |
| Id | awscc.iam.group_policy |
Fields
| Name | Datatype | Description |
|---|---|---|
policy_document | object | The policy document.<br/> You must provide policies in JSON format in IAM. However, for CFN templates formatted in YAML, you can provide the policy in JSON or YAML format. CFN always converts a YAML policy to JSON format before submitting it to IAM.<br/> The [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex) used to validate this parameter is a string of characters consisting of the following:<br/> + Any printable ASCII character ranging from the space character (``\u0020``) through the end of the ASCII character range<br/> + The printable characters in the Basic Latin and Latin-1 Supplement character set (through ``\u00FF``)<br/> + The special characters tab (``\u0009``), line feed (``\u000A``), and carriage return (``\u000D``) |
policy_name | string | The name of the policy document.<br/> This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@- |
group_name | string | The name of the group to associate the policy with.<br/> This parameter allows (through its [regex pattern](https://docs.aws.amazon.com/http://wikipedia.org/wiki/regex)) a string of characters consisting of upper and lowercase alphanumeric characters with no spaces. You can also include any of the following characters: _+=,.@-. |
region | string | AWS region. |
Methods
Currently only SELECT is supported for this resource resource.
Example
SELECT
region,
policy_document,
policy_name,
group_name
FROM awscc.iam.group_policy
WHERE data__Identifier = '<PolicyName>|<GroupName>';
Permissions
To operate on the group_policy resource, the following permissions are required:
Read
iam:GetGroupPolicy
Update
iam:PutGroupPolicy,
iam:GetGroupPolicy
Delete
iam:DeleteGroupPolicy,
iam:GetGroupPolicy