aws Verified current stable Not installed? Security

Aws / List Policies

List Policies

Lists all IAM policies available in the account.

Terminal

aws iam list-policies

aws iam list-policies

#!/bin/bash

# List Policies
aws iam list-policies

import subprocess

# List Policies
# Make sure to replace <placeholders> with actual values
def run_command():
    cmd = [
        "aws",
        "iam",
        "list-policies"
    ]
    
    try:
        print(f"Executing: {' '.join(cmd)}")
        subprocess.run(cmd, check=True)
    except subprocess.CalledProcessError as e:
        print(f"Error: {e}")
    except FileNotFoundError:
        print("Error: aws not found. Please install it first.")

if __name__ == "__main__":
    run_command()

When To Use

When assessing the IAM policies for security reviews or compliance monitoring.

Pro Tip

Utilize `--scope` to limit results to only AWS managed policies or customer managed policies.

Terminal Output

Expected runtime feedback

Simulated preview

Output

| PolicyName                  | PolicyId                       | DefaultVersionId | AttachmentCount | CreateDate                  |
|-----------------------------|--------------------------------|------------------|-----------------|-----------------------------|
| AdministratorAccess         | ANPAJ3EXAMPLE                  | v1               | 0               | 2020-06-01T00:00:00Z      |
| ReadOnlyAccess              | ANQB3EXAMPLE                  | v1               | 0               | 2021-01-01T00:00:00Z      |
| PowerUserAccess             | ANRC3EXAMPLE                  | v1               | 0               | 2022-03-15T00:00:00Z      |

Anatomy of Output

Understanding the result

PolicyId: p-EXAMPLEID Policy Identifier

Unique identifier for the IAM policy.

PolicyName: ExamplePolicy Policy Name

The display name of the IAM policy.

CreateDate: 2023-02-20T10:00:00Z Creation Date

When the policy was created.

Power User Variants

Optimized versions

aws iam list-policies --scope AWS

Limits results to only AWS managed policies.

aws iam list-policies --max-items 10

Restricts results to the first 10 policies.

aws iam list-policies --only-active

Filters to return only active policies.

Troubleshooting

Common pitfalls

An error occurred (NoSuchEntity) when calling the ListPolicies operation: Policy does not exist.

Solution: Check the policy name to confirm its existence.

An error occurred (AccessDenied) when calling the ListPolicies operation: User is not authorized to perform this operation.

Solution: Review IAM role permissions for listing policies.

An error occurred (ServiceFailure) when calling the ListPolicies operation: Service is currently unavailable.

Solution: Retry the command; this might be a temporary AWS issue.

Command Breakdown

What each part is doing

aws: Base Command; The executable that performs this operation. Here it runs Aws before the shell applies any redirect operators.

How To Run

Execution path

Step 1
Run the command: `aws iam list-policies` to retrieve the policies list.
Step 2
Check the output to ensure all policies are listed and correctly formatted.

Alternative Approaches

Comparable commands in other tools

Alternative security tools for the same job.

John / Crack Password Hashes Custom Wordlist john --wordlist=<path/to/wordlist.txt> <path/to/hashes.txt> Show / Show User Authorities show grants for <username>; John / List Available Hash Formats john --list=formats Olevba / Analyze File Show Macro Code And Results olevba <path/to/file>