AWS IAM – How to show describe policy statements using the CLI?


How can I use the AWS CLI to show an IAM policy’s full body including the Effect, Action and Resource statements?

“aws iam list-policies” command lists all the policies but not the actual JSON E,A,R statements contained within the policy.

I could use the “aws iam get-policy-version” command but this does not show the policy name in its output. When I am running this command via a script to obtain information for dozens of policies, there is no way to know which policy the output will belong to.

Is there another way of doing this?


The only to do this as you’ve said is the following:

  • Get all IAM Policies via the list-policies verb.
  • Loop over the output, taking the “PolicyId” and “DefaultVersionId”.
  • Pass these into the get-policy-version verb.
  • Map the PolicyName from the iteration to the PolicyVersion.Document value in the second request.

Leave a Reply