[ aws . iotsitewise ]
describe-access-policy¶
Description¶
Describes an access policy, which specifies an AWS SSO user or group’s access to an AWS IoT SiteWise Monitor portal or project.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
Synopsis¶
describe-access-policy
--access-policy-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]
Options¶
--access-policy-id (string)
The ID of the access policy.
--cli-input-json | --cli-input-yaml (string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.
--generate-cli-skeleton (string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.
--cli-auto-prompt (boolean)
Automatically prompt for CLI input parameters.
See ‘aws help’ for descriptions of global parameters.
Examples¶
To describe an access policy
The following describe-access-policy example describes an access policy that grants a user administrative access to a web portal for a wind farm company.
aws iotsitewise describe-access-policy \
--access-policy-id a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE
Output:
{
"accessPolicyId": "a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE",
"accessPolicyArn": "arn:aws:iotsitewise:us-west-2:123456789012:access-policy/a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE",
"accessPolicyIdentity": {
"user": {
"id": "a1b2c3d4e5-a1b2c3d4-5678-90ab-cdef-bbbbbEXAMPLE"
}
},
"accessPolicyResource": {
"portal": {
"id": "a1b2c3d4-5678-90ab-cdef-aaaaaEXAMPLE"
}
},
"accessPolicyPermission": "ADMINISTRATOR",
"accessPolicyCreationDate": "2020-02-20T22:35:15.552880124Z",
"accessPolicyLastUpdateDate": "2020-02-20T22:35:15.552880124Z"
}
For more information, see Adding or removing portal administrators in the AWS IoT SiteWise User Guide.
Output¶
accessPolicyId -> (string)
The ID of the access policy.
accessPolicyArn -> (string)
The ARN of the access policy, which has the following format.
arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}
accessPolicyIdentity -> (structure)
The AWS SSO identity (user or group) to which this access policy applies.
user -> (structure)
A user identity.
id -> (string)
The AWS SSO ID of the user.
group -> (structure)
A group identity.
id -> (string)
The AWS SSO ID of the group.
accessPolicyResource -> (structure)
The AWS IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.
portal -> (structure)
A portal resource.
id -> (string)
The ID of the portal.
project -> (structure)
A project resource.
id -> (string)
The ID of the project.
accessPolicyPermission -> (string)
The access policy permission. Note that a project
ADMINISTRATORis also known as a project owner.
accessPolicyCreationDate -> (timestamp)
The date the access policy was created, in Unix epoch time.
accessPolicyLastUpdateDate -> (timestamp)
The date the access policy was last updated, in Unix epoch time.