:doc:`BedrockAgentCoreControl <../../bedrock-agentcore-control>` / Client / get_policy

**********
get_policy
**********



.. py:method:: BedrockAgentCoreControl.Client.get_policy(**kwargs)

  

  Retrieves detailed information about a specific policy within the AgentCore Policy system. This operation returns the complete policy definition, metadata, and current status, allowing administrators to review and manage policy configurations.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/bedrock-agentcore-control-2023-06-05/GetPolicy>`_  


  **Request Syntax**
  ::

    response = client.get_policy(
        policyEngineId='string',
        policyId='string'
    )
    
  :type policyEngineId: string
  :param policyEngineId: **[REQUIRED]** 

    The identifier of the policy engine that manages the policy to be retrieved.

    

  
  :type policyId: string
  :param policyId: **[REQUIRED]** 

    The unique identifier of the policy to be retrieved. This must be a valid policy ID that exists within the specified policy engine.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'policyId': 'string',
          'name': 'string',
          'policyEngineId': 'string',
          'definition': {
              'cedar': {
                  'statement': 'string'
              }
          },
          'description': 'string',
          'createdAt': datetime(2015, 1, 1),
          'updatedAt': datetime(2015, 1, 1),
          'policyArn': 'string',
          'status': 'CREATING'|'ACTIVE'|'UPDATING'|'DELETING'|'CREATE_FAILED'|'UPDATE_FAILED'|'DELETE_FAILED',
          'statusReasons': [
              'string',
          ]
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **policyId** *(string) --* 

        The unique identifier of the retrieved policy. This matches the policy ID provided in the request and serves as the system identifier for the policy.

        
      

      - **name** *(string) --* 

        The customer-assigned name of the policy. This is the human-readable identifier that was specified when the policy was created.

        
      

      - **policyEngineId** *(string) --* 

        The identifier of the policy engine that manages this policy. This confirms the policy engine context for the retrieved policy.

        
      

      - **definition** *(dict) --* 

        The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.

        .. note::    This is a Tagged Union structure. Only one of the     following top level keys will be set: ``cedar``.     If a client receives an unknown member it will     set ``SDK_UNKNOWN_MEMBER`` as the top level key,     which maps to the name or tag of the unknown     member. The structure of ``SDK_UNKNOWN_MEMBER`` is     as follows::

                'SDK_UNKNOWN_MEMBER': {'name': 'UnknownMemberName'}


      
        

        - **cedar** *(dict) --* 

          The Cedar policy definition within the policy definition structure. This contains the Cedar policy statement that defines the authorization logic using Cedar's human-readable, analyzable policy language. Cedar policies specify principals (who can access), actions (what operations are allowed), resources (what can be accessed), and optional conditions for fine-grained control. Cedar provides a formal policy language designed for authorization with deterministic evaluation, making policies testable, reviewable, and auditable. All Cedar policies follow a default-deny model where actions are denied unless explicitly permitted, and forbid policies always override permit policies.

          
          

          - **statement** *(string) --* 

            The Cedar policy statement that defines the authorization logic. This statement follows Cedar syntax and specifies principals, actions, resources, and conditions that determine when access should be allowed or denied.

            
      
    
      

      - **description** *(string) --* 

        The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.

        
      

      - **createdAt** *(datetime) --* 

        The timestamp when the policy was originally created.

        
      

      - **updatedAt** *(datetime) --* 

        The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration.

        
      

      - **policyArn** *(string) --* 

        The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.

        
      

      - **status** *(string) --* 

        The current status of the policy.

        
      

      - **statusReasons** *(list) --* 

        Additional information about the policy status. This provides details about any failures or the current state of the policy.

        
        

        - *(string) --* 
    
  
  **Exceptions**
  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.AccessDeniedException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ValidationException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.ThrottlingException`

  
  *   :py:class:`BedrockAgentCoreControl.Client.exceptions.InternalServerException`

  