:doc:`Glacier <../../glacier>` / Client / get_vault_access_policy

***********************
get_vault_access_policy
***********************



.. py:method:: Glacier.Client.get_vault_access_policy(**kwargs)

  

  This operation retrieves the ``access-policy`` subresource set on the vault; for more information on setting this subresource, see `Set Vault Access Policy (PUT access-policy) <https://docs.aws.amazon.com/amazonglacier/latest/dev/api-SetVaultAccessPolicy.html>`__. If there is no access policy set on the vault, the operation returns a ``404 Not found`` error. For more information about vault access policies, see `Amazon Glacier Access Control with Vault Access Policies <https://docs.aws.amazon.com/amazonglacier/latest/dev/vault-access-policy.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/glacier-2012-06-01/GetVaultAccessPolicy>`_  


  **Request Syntax**
  ::

    response = client.get_vault_access_policy(
        vaultName='string'
    )
    
  :type accountId: string
  :param accountId: 

    The ``AccountId`` value is the AWS account ID of the account that owns the vault. You can either specify an AWS account ID or optionally a single ' ``-``' (hyphen), in which case Amazon Glacier uses the AWS account ID associated with the credentials used to sign the request. If you use an account ID, do not include any hyphens ('-') in the ID.

        Note: this parameter is set to "-" bydefault if no value is not specified.


  
  :type vaultName: string
  :param vaultName: **[REQUIRED]** 

    The name of the vault.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'policy': {
              'Policy': 'string'
          }
      }
      
    **Response Structure**

    

    - *(dict) --* 

      Output for GetVaultAccessPolicy.

      
      

      - **policy** *(dict) --* 

        Contains the returned vault access policy as a JSON string.

        
        

        - **Policy** *(string) --* 

          The vault access policy.

          
    
  
  **Exceptions**
  
  *   :py:class:`Glacier.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`Glacier.Client.exceptions.InvalidParameterValueException`

  
  *   :py:class:`Glacier.Client.exceptions.MissingParameterValueException`

  
  *   :py:class:`Glacier.Client.exceptions.ServiceUnavailableException`

  
  *   :py:class:`Glacier.Client.exceptions.NoLongerSupportedException`

  

  **Examples**

  The example retrieves the access-policy set on the vault named example-vault.
  ::

    response = client.get_vault_access_policy(
        accountId='-',
        vaultName='example-vault',
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'policy': {
            'Policy': '{"Version":"2012-10-17","Statement":[{"Sid":"Define-owner-access-rights","Effect":"Allow","Principal":{"AWS":"arn:aws:iam::999999999999:root"},"Action":"glacier:DeleteArchive","Resource":"arn:aws:glacier:us-west-2:999999999999:vaults/examplevault"}]}',
        },
        'ResponseMetadata': {
            '...': '...',
        },
    }

  