AWS CLI Command Reference

[ aws . iotsitewise ]

update-access-policy

Description

Updates an existing access policy that specifies an identity’s access to an AWS IoT SiteWise Monitor portal or project resource.

See also: AWS API Documentation

See ‘aws help’ for descriptions of global parameters.

Synopsis

  update-access-policy
--access-policy-id <value>
--access-policy-identity <value>
--access-policy-resource <value>
--access-policy-permission <value>
[--client-token <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]

Options

--access-policy-id (string)

The ID of the access policy.

--access-policy-identity (structure)

The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.

user -> (structure)

An AWS SSO user identity.

id -> (string)

The AWS SSO ID of the user.

group -> (structure)

An AWS SSO group identity.

id -> (string)

The AWS SSO ID of the group.

iamUser -> (structure)

An IAM user identity.

arn -> (string)

The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .

Note

If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.

iamRole -> (structure)

An IAM role identity.

arn -> (string)

The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide .

Shorthand Syntax:

user={id=string},group={id=string},iamUser={arn=string},iamRole={arn=string}

JSON Syntax:

{
  "user": {
    "id": "string"
  },
  "group": {
    "id": "string"
  },
  "iamUser": {
    "arn": "string"
  },
  "iamRole": {
    "arn": "string"
  }
}

--access-policy-resource (structure)

The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

portal -> (structure)

A portal resource.

id -> (string)

The ID of the portal.

project -> (structure)

A project resource.

id -> (string)

The ID of the project.

Shorthand Syntax:

portal={id=string},project={id=string}

JSON Syntax:

{
  "portal": {
    "id": "string"
  },
  "project": {
    "id": "string"
  }
}

--access-policy-permission (string)

The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.

Possible values:

  • ADMINISTRATOR

  • VIEWER

--client-token (string)

A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don’t reuse this client token if a new idempotent request is required.

--cli-input-json | --cli-input-yaml (string) Reads arguments from the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, those values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally. This may not be specified along with --cli-input-yaml.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. Similarly, if provided yaml-input it will print a sample input YAML that can be used with --cli-input-yaml. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

See ‘aws help’ for descriptions of global parameters.

Examples

To grant a project viewer ownership of a project

The following update-access-policy example updates an access policy that grants a project viewer ownership of a project.

aws iotsitewise update-access-policy \
    --access-policy-id a1b2c3d4-5678-90ab-cdef-dddddEXAMPLE \
    --cli-input-json file://update-project-viewer-access-policy.json

Contents of update-project-viewer-access-policy.json:

{
    "accessPolicyIdentity": {
        "user": {
            "id": "a1b2c3d4e5-a1b2c3d4-5678-90ab-cdef-bbbbbEXAMPLE"
        }
    },
    "accessPolicyPermission": "ADMINISTRATOR",
    "accessPolicyResource": {
        "project": {
            "id": "a1b2c3d4-5678-90ab-cdef-eeeeeEXAMPLE"
        }
    }
}

This command produces no output.

For more information, see Assigning project owners in the AWS IoT SiteWise Monitor Application Guide.

Output

None

© Copyright 2018, Amazon Web Services. Created using Sphinx.