[ aws . iotsitewise ]
Updates an existing access policy that specifies an identity’s access to an AWS IoT SiteWise Monitor portal or project resource.
See also: AWS API Documentation
See ‘aws help’ for descriptions of global parameters.
update-access-policy
--access-policy-id <value>
--access-policy-identity <value>
--access-policy-resource <value>
--access-policy-permission <value>
[--client-token <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
--access-policy-id
(string)
The ID of the access policy.
--access-policy-identity
(structure)
The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.
user -> (structure)
An AWS SSO user identity.
id -> (string)
The AWS SSO ID of the user.
group -> (structure)
An AWS SSO group identity.
id -> (string)
The AWS SSO ID of the group.
iamUser -> (structure)
An IAM user identity.
arn -> (string)
The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty
arn
. You can delete the access policy for the IAM user that no longer exists.
Shorthand Syntax:
user={id=string},group={id=string},iamUser={arn=string}
JSON Syntax:
{
"user": {
"id": "string"
},
"group": {
"id": "string"
},
"iamUser": {
"arn": "string"
}
}
--access-policy-resource
(structure)
The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
portal -> (structure)
A portal resource.
id -> (string)
The ID of the portal.
project -> (structure)
A project resource.
id -> (string)
The ID of the project.
Shorthand Syntax:
portal={id=string},project={id=string}
JSON Syntax:
{
"portal": {
"id": "string"
},
"project": {
"id": "string"
}
}
--access-policy-permission
(string)
The permission level for this access policy. Note that a project
ADMINISTRATOR
is also known as a project owner.Possible values:
ADMINISTRATOR
VIEWER
--client-token
(string)
A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don’t reuse this client token if a new idempotent request is required.
--cli-input-json
| --cli-input-yaml
(string)
Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton
. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml
.
--generate-cli-skeleton
(string)
Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input
, prints a sample input JSON that can be used as an argument for --cli-input-json
. Similarly, if provided yaml-input
it will print a sample input YAML that can be used with --cli-input-yaml
. If provided with the value output
, it validates the command inputs and returns a sample output JSON for that command.
See ‘aws help’ for descriptions of global parameters.
To grant a project viewer ownership of a project
The following update-access-policy
example updates an access policy that grants a project viewer ownership of a project.
aws iotsitewise update-access-policy \
--access-policy-id a1b2c3d4-5678-90ab-cdef-dddddEXAMPLE \
--cli-input-json file://update-project-viewer-access-policy.json
Contents of update-project-viewer-access-policy.json
:
{
"accessPolicyIdentity": {
"user": {
"id": "a1b2c3d4e5-a1b2c3d4-5678-90ab-cdef-bbbbbEXAMPLE"
}
},
"accessPolicyPermission": "ADMINISTRATOR",
"accessPolicyResource": {
"project": {
"id": "a1b2c3d4-5678-90ab-cdef-eeeeeEXAMPLE"
}
}
}
This command produces no output.
For more information, see Assigning project owners in the AWS IoT SiteWise Monitor Application Guide.
None