:doc:`CloudWatchLogs <../../logs>` / Client / describe_account_policies

*************************
describe_account_policies
*************************



.. py:method:: CloudWatchLogs.Client.describe_account_policies(**kwargs)

  

  Returns a list of all CloudWatch Logs account policies in the account.

   

  To use this operation, you must be signed on with the correct permissions depending on the type of policy that you are retrieving information for.

   

  
  * To see data protection policies, you must have the ``logs:GetDataProtectionPolicy`` and ``logs:DescribeAccountPolicies`` permissions.
   
  * To see subscription filter policies, you must have the ``logs:DescribeSubscriptionFilters`` and ``logs:DescribeAccountPolicies`` permissions.
   
  * To see transformer policies, you must have the ``logs:GetTransformer`` and ``logs:DescribeAccountPolicies`` permissions.
   
  * To see field index policies, you must have the ``logs:DescribeIndexPolicies`` and ``logs:DescribeAccountPolicies`` permissions.
  

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/logs-2014-03-28/DescribeAccountPolicies>`_  


  **Request Syntax**
  ::

    response = client.describe_account_policies(
        policyType='DATA_PROTECTION_POLICY'|'SUBSCRIPTION_FILTER_POLICY'|'FIELD_INDEX_POLICY'|'TRANSFORMER_POLICY'|'METRIC_EXTRACTION_POLICY',
        policyName='string',
        accountIdentifiers=[
            'string',
        ],
        nextToken='string'
    )
    
  :type policyType: string
  :param policyType: **[REQUIRED]** 

    Use this parameter to limit the returned policies to only the policies that match the policy type that you specify.

    

  
  :type policyName: string
  :param policyName: 

    Use this parameter to limit the returned policies to only the policy with the name that you specify.

    

  
  :type accountIdentifiers: list
  :param accountIdentifiers: 

    If you are using an account that is set up as a monitoring account for CloudWatch unified cross-account observability, you can use this to specify the account ID of a source account. If you do, the operation returns the account policy for the specified account. Currently, you can specify only one account ID in this parameter.

     

    If you omit this parameter, only the policy in the current account is returned.

    

  
    - *(string) --* 

    

  :type nextToken: string
  :param nextToken: 

    The token for the next set of items to return. (You received this token from a previous call.)

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'accountPolicies': [
              {
                  'policyName': 'string',
                  'policyDocument': 'string',
                  'lastUpdatedTime': 123,
                  'policyType': 'DATA_PROTECTION_POLICY'|'SUBSCRIPTION_FILTER_POLICY'|'FIELD_INDEX_POLICY'|'TRANSFORMER_POLICY'|'METRIC_EXTRACTION_POLICY',
                  'scope': 'ALL',
                  'selectionCriteria': 'string',
                  'accountId': 'string'
              },
          ],
          'nextToken': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **accountPolicies** *(list) --* 

        An array of structures that contain information about the CloudWatch Logs account policies that match the specified filters.

        
        

        - *(dict) --* 

          A structure that contains information about one CloudWatch Logs account policy.

          
          

          - **policyName** *(string) --* 

            The name of the account policy.

            
          

          - **policyDocument** *(string) --* 

            The policy document for this account policy.

             

            The JSON specified in ``policyDocument`` can be up to 30,720 characters.

            
          

          - **lastUpdatedTime** *(integer) --* 

            The date and time that this policy was most recently updated.

            
          

          - **policyType** *(string) --* 

            The type of policy for this account policy.

            
          

          - **scope** *(string) --* 

            The scope of the account policy.

            
          

          - **selectionCriteria** *(string) --* 

            The log group selection criteria that is used for this policy.

            
          

          - **accountId** *(string) --* 

            The Amazon Web Services account ID that the policy applies to.

            
      
    
      

      - **nextToken** *(string) --* 

        The token to use when requesting the next set of items. The token expires after 24 hours.

        
  
  **Exceptions**
  
  *   :py:class:`CloudWatchLogs.Client.exceptions.InvalidParameterException`

  
  *   :py:class:`CloudWatchLogs.Client.exceptions.OperationAbortedException`

  
  *   :py:class:`CloudWatchLogs.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`CloudWatchLogs.Client.exceptions.ServiceUnavailableException`

  