:doc:`SecretsManager <../../secretsmanager>` / Client / get_resource_policy

*******************
get_resource_policy
*******************



.. py:method:: SecretsManager.Client.get_resource_policy(**kwargs)

  

  Retrieves the JSON text of the resource-based policy document attached to the secret. For more information about permissions policies attached to a secret, see `Permissions policies attached to a secret <https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access_resource-policies.html>`__.

   

  Secrets Manager generates a CloudTrail log entry when you call this action. Do not include sensitive information in request parameters because it might be logged. For more information, see `Logging Secrets Manager events with CloudTrail <https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieve-ct-entries.html>`__.

   

  **Required permissions:** ``secretsmanager:GetResourcePolicy``. For more information, see `IAM policy actions for Secrets Manager <https://docs.aws.amazon.com/secretsmanager/latest/userguide/reference_iam-permissions.html#reference_iam-permissions_actions>`__ and `Authentication and access control in Secrets Manager <https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html>`__.

  

  See also: `AWS API Documentation <https://docs.aws.amazon.com/goto/WebAPI/secretsmanager-2017-10-17/GetResourcePolicy>`_  


  **Request Syntax**
  ::

    response = client.get_resource_policy(
        SecretId='string'
    )
    
  :type SecretId: string
  :param SecretId: **[REQUIRED]** 

    The ARN or name of the secret to retrieve the attached resource-based policy for.

     

    For an ARN, we recommend that you specify a complete ARN rather than a partial ARN. See `Finding a secret from a partial ARN <https://docs.aws.amazon.com/secretsmanager/latest/userguide/troubleshoot.html#ARN_secretnamehyphen>`__.

    

  
  
  :rtype: dict
  :returns: 
    
    **Response Syntax**

    
    ::

      {
          'ARN': 'string',
          'Name': 'string',
          'ResourcePolicy': 'string'
      }
      
    **Response Structure**

    

    - *(dict) --* 
      

      - **ARN** *(string) --* 

        The ARN of the secret that the resource-based policy was retrieved for.

        
      

      - **Name** *(string) --* 

        The name of the secret that the resource-based policy was retrieved for.

        
      

      - **ResourcePolicy** *(string) --* 

        A JSON-formatted string that contains the permissions policy attached to the secret. For more information about permissions policies, see `Authentication and access control for Secrets Manager <https://docs.aws.amazon.com/secretsmanager/latest/userguide/auth-and-access.html>`__.

        
  
  **Exceptions**
  
  *   :py:class:`SecretsManager.Client.exceptions.ResourceNotFoundException`

  
  *   :py:class:`SecretsManager.Client.exceptions.InternalServiceError`

  
  *   :py:class:`SecretsManager.Client.exceptions.InvalidRequestException`

  
  *   :py:class:`SecretsManager.Client.exceptions.InvalidParameterException`

  

  **Examples**

  The following example shows how to retrieve the resource-based policy that is attached to a secret.
  ::

    response = client.get_resource_policy(
        SecretId='MyTestDatabaseSecret',
    )
    
    print(response)

  
  Expected Output:
  ::

    {
        'ARN': 'arn:aws:secretsmanager:us-west-2:123456789012:secret:MyTestDatabaseSecret-a1b2c3',
        'Name': 'MyTestDatabaseSecret',
        'ResourcePolicy': '{\n"Version":"2012-10-17",\n"Statement":[{\n"Effect":"Allow",\n"Principal":{\n"AWS":"arn:aws:iam::123456789012:root"\n},\n"Action":"secretsmanager:GetSecretValue",\n"Resource":"*"\n}]\n}',
        'ResponseMetadata': {
            '...': '...',
        },
    }

  