Reputation: 11
Print IAM group policy JSON document using Python / Boto3
Objective:
Hi, I'm a newbie trying to write code to pull the inline policy document from an IAM Group and then print the JSON document.
I've found some similar posts but haven't found success referencing them:
Boto3 Documentation:
I'm receiving the following error: TypeError: Object of type function is not JSON serializable
import boto3
import json
iam = boto3.client('iam')
def get_group_policy(group_name, policy_name):
# Define variable:
group_name = 'aws_iam_group_name'
policy_name = 'aws_policy_arn'
# Retrieves inline policy document embedded in IMA group.
# Returns: GroupName, PolicyName, and PolicyDocument
response = iam.get_group_policy(
GroupName = group_name,
PolicyName = policy_name
)
return (json.dumps(group_name, policy_name))
# Calls and prints function
var1 = get_group_policy
print(json.dumps(var1))
I made some updates to the code based on what you said. Here are the changes:
import boto3
import json
iam = boto3.client('iam')
# Define variable:
group_name = 'aws_iam_group_name'
policy_name = 'aws_policy_arn'
def get_group_policy(group_name, policy_name):
# Retrieves inline policy document embedded in IMA group.
# Returns: GroupName, PolicyName, and PolicyDocument
response = iam.get_group_policy(
GroupName = group_name,
PolicyName = policy_name
)
return (json.dumps(response))
# Calls and prints function
var1 = get_group_policy(group_name, policy_name)
#print(json.dumps(var1))
print(var1)
I receive the following error:
WARNING: Running pip as the 'root' user can result in broken permissions and conflicting behaviour with the system package manager. It is recommended to use a virtual environment instead: https://pip.pypa.io/warnings/venv
WARNING: You are using pip version 21.2.4; however, version 21.3 is available.
You should consider upgrading via the '/usr/local/bin/python -m pip install --upgrade pip' command.
Traceback (most recent call last):
File "/sso-iam/sso-iam/create-permission-set.py", line 32, in <module>
var1 = get_group_policy(group_name, policy_name)
File "/sso-iam/sso-iam/create-permission-set.py", line 24, in get_group_policy
response = iam.get_group_policy(
File "/usr/local/lib/python3.10/site-packages/botocore/client.py", line 388, in _api_call
return self._make_api_call(operation_name, kwargs)
File "/usr/local/lib/python3.10/site-packages/botocore/client.py", line 708, in _make_api_call
raise error_class(parsed_response, operation_name)
botocore.exceptions.ClientError: An error occurred (ValidationError) when calling the GetGroupPolicy operation: The specified value for policyName is invalid. It must contain only alphanumeric characters and/or the following: +=,.@_-
I don't understand why it thinks the PolicyName is incorrect. I've tried copying the ARN directly from AWS and also using just the part after arn:aws:iam::#####:policy/itriedusingthispieceasPolicyName
Upvotes: 1
Views: 806
Answers (1)
Reputation: 238131
You are not calling your function. Your var1 is literally function object, not the result of it.
It should be
group_name = 'aws_iam_group_name'
policy_name = 'aws_policy_arn'
var1 = get_group_policy(group_name, policy_name)
Also you don't need the names in your function, as they are arguments of it.
Upvotes: 0
Related Questions
- Python boto function for getting ALL policies associated with a ROLE?
- How to get IAM Policy Document via boto
- MalformedPolicyDocumentException while creating IAM policy using Boto
- Parse the IAM policy document response by boto3
- Trying to create IAM Policy, Role and Users using Python (Boto3)
- How can we fetch IAM users, their groups and policies?
- boto3 iam client: get policy by name
- Parsing boto3 output JSON
- How to parse the policy document response by boto3
- Creating Json Output Boto3