[ aws . iotsitewise ]
Describes an access policy, which specifies an identity’s access to an AWS IoT SiteWise Monitor portal or project.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
describe-access-policy
--access-policy-id <value>
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--access-policy-id
(string)
The ID of the access policy.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To describe an access policy
The following describe-access-policy
example describes an access policy that grants a user administrative access to a web portal for a wind farm company.
aws iotsitewise describe-access-policy \
--access-policy-id a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE
Output:
{
"accessPolicyId": "a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE",
"accessPolicyArn": "arn:aws:iotsitewise:us-west-2:123456789012:access-policy/a1b2c3d4-5678-90ab-cdef-cccccEXAMPLE",
"accessPolicyIdentity": {
"user": {
"id": "a1b2c3d4e5-a1b2c3d4-5678-90ab-cdef-bbbbbEXAMPLE"
}
},
"accessPolicyResource": {
"portal": {
"id": "a1b2c3d4-5678-90ab-cdef-aaaaaEXAMPLE"
}
},
"accessPolicyPermission": "ADMINISTRATOR",
"accessPolicyCreationDate": "2020-02-20T22:35:15.552880124Z",
"accessPolicyLastUpdateDate": "2020-02-20T22:35:15.552880124Z"
}
For more information, see Adding or removing portal administrators in the AWS IoT SiteWise User Guide.
accessPolicyId -> (string)
The ID of the access policy.
accessPolicyArn -> (string)
The ARN of the access policy, which has the following format.
arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}
accessPolicyIdentity -> (structure)
The identity (AWS SSO user, AWS SSO group, or IAM user) to which this access policy applies.
user -> (structure)
An AWS SSO user identity.
id -> (string)
The AWS SSO ID of the user.
group -> (structure)
An AWS SSO group identity.
id -> (string)
The AWS SSO ID of the group.
iamUser -> (structure)
An IAM user identity.
arn -> (string)
The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty
arn
. You can delete the access policy for the IAM user that no longer exists.
accessPolicyResource -> (structure)
The AWS IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.
portal -> (structure)
A portal resource.
id -> (string)
The ID of the portal.
project -> (structure)
A project resource.
id -> (string)
The ID of the project.
accessPolicyPermission -> (string)
The access policy permission. Note that a project
ADMINISTRATOR
is also known as a project owner.
accessPolicyCreationDate -> (timestamp)
The date the access policy was created, in Unix epoch time.
accessPolicyLastUpdateDate -> (timestamp)
The date the access policy was last updated, in Unix epoch time.