GetPolicy - Amazon Bedrock AgentCore Control Plane
Request SyntaxURI Request ParametersRequest BodyResponse SyntaxResponse ElementsErrorsSee Also

GetPolicy

Retrieves detailed information about a specific policy within the AgentCore Policy system. This operation returns the complete policy definition, metadata, and current status, allowing administrators to review and manage policy configurations.

Request Syntax

GET /policy-engines/policyEngineId/policies/policyId HTTP/1.1

URI Request Parameters

The request uses the following URI parameters.

policyEngineId

The identifier of the policy engine that manages the policy to be retrieved.

Length Constraints: Minimum length of 12. Maximum length of 59.

Pattern: [A-Za-z][A-Za-z0-9_]*-[a-z0-9_]{10}

Required: Yes

policyId

The unique identifier of the policy to be retrieved. This must be a valid policy ID that exists within the specified policy engine.

Length Constraints: Minimum length of 12. Maximum length of 59.

Pattern: [A-Za-z][A-Za-z0-9_]*-[a-z0-9_]{10}

Required: Yes

Request Body

The request does not have a request body.

Response Syntax

HTTP/1.1 200
Content-type: application/json

{
   "createdAt": "string",
   "definition": { ... },
   "description": "string",
   "name": "string",
   "policyArn": "string",
   "policyEngineId": "string",
   "policyId": "string",
   "status": "string",
   "statusReasons": [ "string" ],
   "updatedAt": "string"
}

Response Elements

If the action is successful, the service sends back an HTTP 200 response.

The following data is returned in JSON format by the service.

createdAt

The timestamp when the policy was originally created.

Type: Timestamp

definition

The Cedar policy statement that defines the access control rules. This contains the actual policy logic used for agent behavior control and access decisions.

Type: PolicyDefinition object

Note: This object is a Union. Only one member of this object can be specified or returned.

description

The human-readable description of the policy's purpose and functionality. This helps administrators understand and manage the policy.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 4096.

name

The customer-assigned name of the policy. This is the human-readable identifier that was specified when the policy was created.

Type: String

Length Constraints: Minimum length of 1. Maximum length of 48.

Pattern: [A-Za-z][A-Za-z0-9_]*

policyArn

The Amazon Resource Name (ARN) of the policy. This globally unique identifier can be used for cross-service references and IAM policy statements.

Type: String

Length Constraints: Minimum length of 96. Maximum length of 203.

Pattern: arn:aws[-a-z]{0,7}:bedrock-agentcore:[a-z0-9-]{9,15}:[0-9]{12}:policy-engine/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}/policy/[a-zA-Z][a-zA-Z0-9-_]{0,47}-[a-zA-Z0-9_]{10}

policyEngineId

The identifier of the policy engine that manages this policy. This confirms the policy engine context for the retrieved policy.

Type: String

Length Constraints: Minimum length of 12. Maximum length of 59.

Pattern: [A-Za-z][A-Za-z0-9_]*-[a-z0-9_]{10}

policyId

The unique identifier of the retrieved policy. This matches the policy ID provided in the request and serves as the system identifier for the policy.

Type: String

Length Constraints: Minimum length of 12. Maximum length of 59.

Pattern: [A-Za-z][A-Za-z0-9_]*-[a-z0-9_]{10}

status

The current status of the policy.

Type: String

Valid Values: CREATING | ACTIVE | UPDATING | DELETING | CREATE_FAILED | UPDATE_FAILED | DELETE_FAILED

statusReasons

Additional information about the policy status. This provides details about any failures or the current state of the policy.

Type: Array of strings

updatedAt

The timestamp when the policy was last modified. This tracks the most recent changes to the policy configuration.

Type: Timestamp

Errors

For information about the errors that are common to all actions, see Common Errors.

AccessDeniedException

This exception is thrown when a request is denied per access permissions

HTTP Status Code: 403

InternalServerException

This exception is thrown if there was an unexpected error during processing of request

HTTP Status Code: 500

ResourceNotFoundException

This exception is thrown when a resource referenced by the operation does not exist

HTTP Status Code: 404

ThrottlingException

This exception is thrown when the number of requests exceeds the limit

HTTP Status Code: 429

ValidationException

The input fails to satisfy the constraints specified by the service.

HTTP Status Code: 400

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: