AWS CLI Command Reference

[ aws . iotsitewise ]

create-access-policy

Description

Creates an access policy that grants the specified AWS Single Sign-On user or group access to the specified AWS IoT SiteWise Monitor portal or project resource.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  create-access-policy
--access-policy-identity <value>
--access-policy-resource <value>
--access-policy-permission <value>
[--client-token <value>]
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--cli-auto-prompt <value>]

Options

--access-policy-identity (structure)

The identity for this access policy. Choose either a user or a group but not both.

user -> (structure)

A user identity.

id -> (string)

The AWS SSO ID of the user.

group -> (structure)

A group identity.

id -> (string)

The AWS SSO ID of the group.

Shorthand Syntax:

user={id=string},group={id=string}

JSON Syntax:

{
  "user": {
    "id": "string"
  },
  "group": {
    "id": "string"
  }
}

--access-policy-resource (structure)

The AWS IoT SiteWise Monitor resource for this access policy. Choose either portal or project but not both.

portal -> (structure)

A portal resource.

id -> (string)

The ID of the portal.

project -> (structure)

A project resource.

id -> (string)

The ID of the project.

Shorthand Syntax:

portal={id=string},project={id=string}

JSON Syntax:

{
  "portal": {
    "id": "string"
  },
  "project": {
    "id": "string"
  }
}

--access-policy-permission (string)

The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.

Possible values:

  • ADMINISTRATOR

  • VIEWER

--client-token (string)

A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don’t reuse this client token if a new idempotent request is required.

--tags (map)

A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide .

key -> (string)

value -> (string)

Shorthand Syntax:

KeyName1=string,KeyName2=string

JSON Syntax:

{"string": "string"
  ...}

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

--cli-auto-prompt (boolean) Automatically prompt for CLI input parameters.

See ‘aws help’ for descriptions of global parameters.

Examples

Example 1: To grant a user administrative access to a portal

The following create-access-policy example creates an access policy that grants a user administrative access to a web portal for a wind farm company.

aws iotsitewise create-access-policy \
    --cli-input-json file://create-portal-administrator-access-policy.json

Contents of create-portal-administrator-access-policy.json:

{
    "accessPolicyIdentity": {
        "user": {
            "id": "a1b2c3d4e5-a1b2c3d4-5678-90ab-cdef-bbbbbEXAMPLE"
        }
    },
    "accessPolicyPermission": "ADMINISTRATOR",
    "accessPolicyResource": {
        "portal": {
            "id": "a1b2c3d4-5678-90ab-cdef-aaaaaEXAMPLE"
        }
    }
}

Output:

{
    "accessPolicyId": "a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE",
    "accessPolicyArn": "arn:aws:iotsitewise:us-west-2:123456789012:access-policy/a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE"
}

For more information, see Adding or removing portal administrators in the AWS IoT SiteWise User Guide.

Example 2: To grant a user read-only access to a project

The following create-access-policy example creates an access policy that grants a user read-only access to a wind farm project.

aws iotsitewise create-access-policy \
    --cli-input-json file://create-project-viewer-access-policy.json

Contents of create-project-viewer-access-policy.json:

{
    "accessPolicyIdentity": {
        "user": {
            "id": "a1b2c3d4e5-a1b2c3d4-5678-90ab-cdef-bbbbbEXAMPLE"
        }
    },
    "accessPolicyPermission": "VIEWER",
    "accessPolicyResource": {
        "project": {
            "id": "a1b2c3d4-5678-90ab-cdef-eeeeeEXAMPLE"
        }
    }
}

Output:

{
    "accessPolicyId": "a1b2c3d4-5678-90ab-cdef-dddddEXAMPLE",
    "accessPolicyArn": "arn:aws:iotsitewise:us-west-2:123456789012:access-policy/a1b2c3d4-5678-90ab-cdef-dddddEXAMPLE"
}

For more information, see Assigning project viewers in the AWS IoT SiteWise Monitor Application Guide.

Output

accessPolicyId -> (string)

The ID of the access policy.

accessPolicyArn -> (string)

The ARN of the access policy, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}

© Copyright 2018, Amazon Web Services. Created using Sphinx.