I am trying to use AWS CLI to describe my AWS policy. However, AWS does not seem to be recognizing the policy-id.
I have executed this:
aws iam get-policy --policy-arn arn:aws:iam::160936793253:policy/MyAWSPolicy
and got the following returned:
{
"Policy": {
"PolicyName": "MyAWSPolicy",
"PolicyId": "ANPAIIJNOIYOWCAK6KH7I",
"Arn": "arn:aws:iam::160936796653:policy/MyAWSPolicy",
"Path": "/",
"DefaultVersionId": "v8",
"AttachmentCount": 2,
"IsAttachable": true,
"CreateDate": "2019-03-20T20:20:26Z",
"UpdateDate": "2019-04-01T18:19:08Z"
}
}
However when I enter in this command:
aws organizations describe-policy --policy-id ANPAIIJNOIYOWCAK6KH7I
I get an InvalidInputException because according to AWS documentation (https://docs.aws.amazon.com/cli/latest/reference/organizations/describe-policy.html#examples):
The unique identifier (ID) of the policy that you want details about. You can get the ID from the ListPolicies or ListPoliciesForTarget operations.
The regex pattern for a policy ID string requires "p-" followed by from 8 to 128 lower-case letters or digits.
However when I add p- to ANPAIIJNOIYOWCAK6KH7I AWS does not recognize this policy.
Any idea what is going on?
The documentation you reference suggests that you get the policy id from ListPolicies or ListPoliciesForTarget operations, which is likely referencing the operations on the organizations service. The ID you took is from an IAM policy.
I am not completely familiar with the interactions between IAM and orgnaizations, but I imagine they are using different policy objects with different identifiers.