LISTPOLICIESFORTARGET()`¶

About ListPoliciesForTarget¶

Lists the policies that are directly attached to the specified target root, organizational unit (OU), or account. You must specify the policy type that you want included in the returned list.

When calling List* operations, always check the NextToken response parameter value, even if you receive an empty result set. These operations can occasionally return an empty set of results even when more results are available. Continue making requests until NextToken returns null. A null NextToken value indicates that you have retrieved all available results.

You can only call this operation from the management account or a member account that is a delegated administrator.

Method Signature¶

METHODS /AWS1/IF_ORG~LISTPOLICIESFORTARGET
  IMPORTING
    !IV_TARGETID TYPE /AWS1/ORGPOLICYTARGETID OPTIONAL
    !IV_FILTER TYPE /AWS1/ORGPOLICYTYPE OPTIONAL
    !IV_NEXTTOKEN TYPE /AWS1/ORGNEXTTOKEN OPTIONAL
    !IV_MAXRESULTS TYPE /AWS1/ORGMAXRESULTS OPTIONAL
  RETURNING
    VALUE(OO_OUTPUT) TYPE REF TO /aws1/cl_orglistpolfortgtrsp
  RAISING
    /AWS1/CX_ORGACCESSDENIEDEX
    /AWS1/CX_ORGAWSORGSNOTINUSEEX
    /AWS1/CX_ORGINVALIDINPUTEX
    /AWS1/CX_ORGSERVICEEXCEPTION
    /AWS1/CX_ORGTARGETNOTFOUNDEX
    /AWS1/CX_ORGTOOMANYREQUESTSEX
    /AWS1/CX_ORGUNSUPPEDAPIENDPTEX
    /AWS1/CX_ORGCLIENTEXC
    /AWS1/CX_ORGSERVEREXC
    /AWS1/CX_RT_TECHNICAL_GENERIC
    /AWS1/CX_RT_SERVICE_GENERIC.

IMPORTING¶

Required arguments:¶

`iv_targetid` `TYPE /AWS1/ORGPOLICYTARGETID` `/AWS1/ORGPOLICYTARGETID`¶

ID for the root, organizational unit, or account whose policies you want to list.

The regex pattern for a target ID string requires one of the following:

Root - A string that begins with "r-" followed by from 4 to 32 lowercase letters or digits.

Account - A string that consists of exactly 12 digits.

Organizational unit (OU) - A string that begins with "ou-" followed by from 4 to 32 lowercase letters or digits (the ID of the root that the OU is in). This string is followed by a second "-" dash and from 8 to 32 additional lowercase letters or digits.

`iv_filter` `TYPE /AWS1/ORGPOLICYTYPE` `/AWS1/ORGPOLICYTYPE`¶

The type of policy that you want to include in the returned list. You must specify one of the following values:

SERVICE_CONTROL_POLICY

RESOURCE_CONTROL_POLICY

DECLARATIVE_POLICY_EC2

BACKUP_POLICY

TAG_POLICY

CHATBOT_POLICY

AISERVICES_OPT_OUT_POLICY

SECURITYHUB_POLICY

UPGRADE_ROLLOUT_POLICY

INSPECTOR_POLICY

BEDROCK_POLICY

S3_POLICY

NETWORK_SECURITY_DIRECTOR_POLICY

Optional arguments:¶

`iv_nexttoken` `TYPE /AWS1/ORGNEXTTOKEN` `/AWS1/ORGNEXTTOKEN`¶

The parameter for receiving additional results if you receive a NextToken response in a previous request. A NextToken response indicates that more output is available. Set this parameter to the value of the previous call's NextToken response to indicate where the output should continue from.

`iv_maxresults` `TYPE /AWS1/ORGMAXRESULTS` `/AWS1/ORGMAXRESULTS`¶

The maximum number of items to return in the response. If more results exist than the specified MaxResults value, a token is included in the response so that you can retrieve the remaining results.

RETURNING¶

`oo_output` `TYPE REF TO /aws1/cl_orglistpolfortgtrsp` `/AWS1/CL_ORGLISTPOLFORTGTRSP`¶

Domain /AWS1/RT_ACCOUNT_ID

Primitive Type NUMC

Examples¶

Syntax Example¶

This is an example of the syntax for calling the method. It includes every possible argument and initializes every possible value. The data provided is not necessarily semantically accurate (for example the value "string" may be provided for something that is intended to be an instance ID, or in some cases two arguments may be mutually exclusive). The syntax shows the ABAP syntax for creating the various data structures.

DATA(lo_result) = lo_client->listpoliciesfortarget(
  iv_filter = |string|
  iv_maxresults = 123
  iv_nexttoken = |string|
  iv_targetid = |string|
).

This is an example of reading all possible response values

lo_result = lo_result.
IF lo_result IS NOT INITIAL.
  LOOP AT lo_result->get_policies( ) into lo_row.
    lo_row_1 = lo_row.
    IF lo_row_1 IS NOT INITIAL.
      lv_policyid = lo_row_1->get_id( ).
      lv_policyarn = lo_row_1->get_arn( ).
      lv_policyname = lo_row_1->get_name( ).
      lv_policydescription = lo_row_1->get_description( ).
      lv_policytype = lo_row_1->get_type( ).
      lv_awsmanagedpolicy = lo_row_1->get_awsmanaged( ).
    ENDIF.
  ENDLOOP.
  lv_nexttoken = lo_result->get_nexttoken( ).
ENDIF.

To retrieve a list policies attached to a root, OU, or account¶

The following example shows how to get a list of all service control policies (SCPs) of the type specified by the Filter parameter, that are directly attached to an account. The returned list does not include policies that apply to the account because of inheritance from its location in an OU hierarchy:/n/n

DATA(lo_result) = lo_client->listpoliciesfortarget(
  iv_filter = |SERVICE_CONTROL_POLICY|
  iv_targetid = |444444444444|
).

/AWS1/IF_ORG=>LISTPOLICIESFORTARGET()¶