[ aws . iotsitewise ]

describe-access-policy

Description

Describes an access policy, which specifies an identity’s access to an AWS IoT SiteWise Monitor portal or project.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  describe-access-policy
--access-policy-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--access-policy-id (string)

The ID of the access policy.

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To describe an access policy

The following describe-access-policy example describes an access policy that grants a user administrative access to a web portal for a wind farm company.

aws iotsitewise describe-access-policy \
    --access-policy-id a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE

Output:

{
    "accessPolicyId": "a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE",
    "accessPolicyArn": "arn:aws:iotsitewise:us-west-2:123456789012:access-policy/a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE",
    "accessPolicyIdentity": {
        "user": {
            "id": "a1b2c3d4e5-a1b2c3d4-5678-90ab-cdef-bbbbbEXAMPLE"
        }
    },
    "accessPolicyResource": {
        "portal": {
            "id": "a1b2c3d4-5678-90ab-cdef-aaaaaEXAMPLE"
        }
    },
    "accessPolicyPermission": "ADMINISTRATOR",
    "accessPolicyCreationDate": "2020-02-20T22:35:15.552880124Z",
    "accessPolicyLastUpdateDate": "2020-02-20T22:35:15.552880124Z"
}

For more information, see Adding or removing portal administrators in the AWS IoT SiteWise User Guide.

Output

accessPolicyId -> (string)

The ID of the access policy.

accessPolicyArn -> (string)

The ARN of the access policy, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}

accessPolicyIdentity -> (structure)

The identity (AWS SSO user, AWS SSO group, or IAM user) to which this access policy applies.

user -> (structure)

An AWS SSO user identity.

id -> (string)

The AWS SSO ID of the user.

group -> (structure)

An AWS SSO group identity.

id -> (string)

The AWS SSO ID of the group.

iamUser -> (structure)

An IAM user identity.

arn -> (string)

The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .

Note

If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.

accessPolicyResource -> (structure)

The AWS IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.

portal -> (structure)

A portal resource.

id -> (string)

The ID of the portal.

project -> (structure)

A project resource.

id -> (string)

The ID of the project.

accessPolicyPermission -> (string)

The access policy permission. Note that a project ADMINISTRATOR is also known as a project owner.

accessPolicyCreationDate -> (timestamp)

The date the access policy was created, in Unix epoch time.

accessPolicyLastUpdateDate -> (timestamp)

The date the access policy was last updated, in Unix epoch time.