2020/09/21 - AWS IoT SiteWise - 1 new 6 updated api methods
Changes This release supports IAM mode for SiteWise Monitor portals
Creates a pre-signed URL to a portal. Use this operation to create URLs to portals that use AWS Identity and Access Management (IAM) to authenticate users. An IAM user with access to a portal can call this API to get a URL to that portal. The URL contains a session token that lets the IAM user access the portal.
See also: AWS API Documentation
Request Syntax
client.create_presigned_portal_url( portalId='string', sessionDurationSeconds=123 )
string
[REQUIRED]
The ID of the portal to access.
integer
The duration (in seconds) for which the session at the URL is valid.
Default: 900 seconds (15 minutes)
dict
Response Syntax
{ 'presignedPortalUrl': 'string' }
Response Structure
(dict) --
presignedPortalUrl (string) --
The pre-signed URL to the portal. The URL contains the portal ID and a session token that lets you access the portal. The URL has the following format.
https://<portal-id>.app.iotsitewise.aws/auth?token=<encrypted-token>
{'accessPolicyIdentity': {'iamUser': {'arn': 'string'}}}
Creates an access policy that grants the specified identity (AWS SSO user, AWS SSO group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.
See also: AWS API Documentation
Request Syntax
client.create_access_policy( accessPolicyIdentity={ 'user': { 'id': 'string' }, 'group': { 'id': 'string' }, 'iamUser': { 'arn': 'string' } }, accessPolicyResource={ 'portal': { 'id': 'string' }, 'project': { 'id': 'string' } }, accessPolicyPermission='ADMINISTRATOR'|'VIEWER', clientToken='string', tags={ 'string': 'string' } )
dict
[REQUIRED]
The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.
user (dict) --
An AWS SSO user identity.
id (string) -- [REQUIRED]
The AWS SSO ID of the user.
group (dict) --
An AWS SSO group identity.
id (string) -- [REQUIRED]
The AWS SSO ID of the group.
iamUser (dict) --
An IAM user identity.
arn (string) -- [REQUIRED]
The ARN of the IAM user. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
dict
[REQUIRED]
The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
portal (dict) --
A portal resource.
id (string) -- [REQUIRED]
The ID of the portal.
project (dict) --
A project resource.
id (string) -- [REQUIRED]
The ID of the project.
string
[REQUIRED]
The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.
string
A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.
This field is autopopulated if not provided.
dict
A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide .
(string) --
(string) --
dict
Response Syntax
{ 'accessPolicyId': 'string', 'accessPolicyArn': 'string' }
Response Structure
(dict) --
accessPolicyId (string) --
The ID of the access policy.
accessPolicyArn (string) --
The ARN of the access policy, which has the following format.
arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}
{'portalAuthMode': 'IAM | SSO'}
Creates a portal, which can contain projects and dashboards. AWS IoT SiteWise Monitor uses AWS SSO or IAM to authenticate portal users and manage user permissions.
Note
Before you can sign in to a new portal, you must add at least one identity to that portal. For more information, see Adding or removing portal administrators in the AWS IoT SiteWise User Guide .
See also: AWS API Documentation
Request Syntax
client.create_portal( portalName='string', portalDescription='string', portalContactEmail='string', clientToken='string', portalLogoImageFile={ 'data': b'bytes', 'type': 'PNG' }, roleArn='string', tags={ 'string': 'string' }, portalAuthMode='IAM'|'SSO' )
string
[REQUIRED]
A friendly name for the portal.
string
A description for the portal.
string
[REQUIRED]
The AWS administrator's contact email address.
string
A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.
This field is autopopulated if not provided.
dict
A logo image to display in the portal. Upload a square, high-resolution image. The image is displayed on a dark background.
data (bytes) -- [REQUIRED]
The image file contents, represented as a base64-encoded string. The file size must be less than 1 MB.
type (string) -- [REQUIRED]
The file type of the image.
string
[REQUIRED]
The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide .
dict
A list of key-value pairs that contain metadata for the portal. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide .
(string) --
(string) --
string
The service to use to authenticate users to the portal. Choose from the following options:
SSO – The portal uses AWS Single Sign-On to authenticate users and manage user permissions. Before you can create a portal that uses AWS SSO, you must enable AWS SSO. For more information, see Enabling AWS SSO in the AWS IoT SiteWise User Guide . This option is only available in AWS Regions other than the China Regions.
IAM – The portal uses AWS Identity and Access Management (IAM) to authenticate users and manage user permissions. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. This option is only available in the China Regions.
You can't change this value after you create a portal.
Default: SSO
dict
Response Syntax
{ 'portalId': 'string', 'portalArn': 'string', 'portalStartUrl': 'string', 'portalStatus': { 'state': 'CREATING'|'UPDATING'|'DELETING'|'ACTIVE'|'FAILED', 'error': { 'code': 'INTERNAL_FAILURE'|'VALIDATION_ERROR'|'LIMIT_EXCEEDED', 'message': 'string' } }, 'ssoApplicationId': 'string' }
Response Structure
(dict) --
portalId (string) --
The ID of the created portal.
portalArn (string) --
The ARN of the portal, which has the following format.
arn:${Partition}:iotsitewise:${Region}:${Account}:portal/${PortalId}
portalStartUrl (string) --
The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the CreatePresignedPortalUrl operation to create a URL that you can use to access the portal.
portalStatus (dict) --
The status of the portal, which contains a state (CREATING after successfully calling this operation) and any error message.
state (string) --
The current state of the portal.
error (dict) --
Contains associated error information, if any.
code (string) --
The error code.
message (string) --
The error message.
ssoApplicationId (string) --
The associated AWS SSO application ID, if the portal uses AWS SSO.
{'accessPolicyIdentity': {'iamUser': {'arn': 'string'}}}
Describes an access policy, which specifies an identity's access to an AWS IoT SiteWise Monitor portal or project.
See also: AWS API Documentation
Request Syntax
client.describe_access_policy( accessPolicyId='string' )
string
[REQUIRED]
The ID of the access policy.
dict
Response Syntax
{ 'accessPolicyId': 'string', 'accessPolicyArn': 'string', 'accessPolicyIdentity': { 'user': { 'id': 'string' }, 'group': { 'id': 'string' }, 'iamUser': { 'arn': 'string' } }, 'accessPolicyResource': { 'portal': { 'id': 'string' }, 'project': { 'id': 'string' } }, 'accessPolicyPermission': 'ADMINISTRATOR'|'VIEWER', 'accessPolicyCreationDate': datetime(2015, 1, 1), 'accessPolicyLastUpdateDate': datetime(2015, 1, 1) }
Response Structure
(dict) --
accessPolicyId (string) --
The ID of the access policy.
accessPolicyArn (string) --
The ARN of the access policy, which has the following format.
arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}
accessPolicyIdentity (dict) --
The identity (AWS SSO user, AWS SSO group, or IAM user) to which this access policy applies.
user (dict) --
An AWS SSO user identity.
id (string) --
The AWS SSO ID of the user.
group (dict) --
An AWS SSO group identity.
id (string) --
The AWS SSO ID of the group.
iamUser (dict) --
An IAM user identity.
arn (string) --
The ARN of the IAM user. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
accessPolicyResource (dict) --
The AWS IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.
portal (dict) --
A portal resource.
id (string) --
The ID of the portal.
project (dict) --
A project resource.
id (string) --
The ID of the project.
accessPolicyPermission (string) --
The access policy permission. Note that a project ADMINISTRATOR is also known as a project owner.
accessPolicyCreationDate (datetime) --
The date the access policy was created, in Unix epoch time.
accessPolicyLastUpdateDate (datetime) --
The date the access policy was last updated, in Unix epoch time.
{'portalAuthMode': 'IAM | SSO'}
Retrieves information about a portal.
See also: AWS API Documentation
Request Syntax
client.describe_portal( portalId='string' )
string
[REQUIRED]
The ID of the portal.
dict
Response Syntax
{ 'portalId': 'string', 'portalArn': 'string', 'portalName': 'string', 'portalDescription': 'string', 'portalClientId': 'string', 'portalStartUrl': 'string', 'portalContactEmail': 'string', 'portalStatus': { 'state': 'CREATING'|'UPDATING'|'DELETING'|'ACTIVE'|'FAILED', 'error': { 'code': 'INTERNAL_FAILURE'|'VALIDATION_ERROR'|'LIMIT_EXCEEDED', 'message': 'string' } }, 'portalCreationDate': datetime(2015, 1, 1), 'portalLastUpdateDate': datetime(2015, 1, 1), 'portalLogoImageLocation': { 'id': 'string', 'url': 'string' }, 'roleArn': 'string', 'portalAuthMode': 'IAM'|'SSO' }
Response Structure
(dict) --
portalId (string) --
The ID of the portal.
portalArn (string) --
The ARN of the portal, which has the following format.
arn:${Partition}:iotsitewise:${Region}:${Account}:portal/${PortalId}
portalName (string) --
The name of the portal.
portalDescription (string) --
The portal's description.
portalClientId (string) --
The AWS SSO application generated client ID (used with AWS SSO APIs). AWS IoT SiteWise includes portalClientId for only portals that use AWS SSO to authenticate users.
portalStartUrl (string) --
The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the CreatePresignedPortalUrl operation to create a URL that you can use to access the portal.
portalContactEmail (string) --
The AWS administrator's contact email address.
portalStatus (dict) --
The current status of the portal, which contains a state and any error message.
state (string) --
The current state of the portal.
error (dict) --
Contains associated error information, if any.
code (string) --
The error code.
message (string) --
The error message.
portalCreationDate (datetime) --
The date the portal was created, in Unix epoch time.
portalLastUpdateDate (datetime) --
The date the portal was last updated, in Unix epoch time.
portalLogoImageLocation (dict) --
The portal's logo image, which is available at a URL.
id (string) --
The ID of the image.
url (string) --
The URL where the image is available. The URL is valid for 15 minutes so that you can view and download the image
roleArn (string) --
The ARN of the service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide .
portalAuthMode (string) --
The service to use to authenticate users to the portal.
{'iamArn': 'string', 'identityType': {'IAM'}}Response
{'accessPolicySummaries': {'identity': {'iamUser': {'arn': 'string'}}}}
Retrieves a paginated list of access policies for an identity (an AWS SSO user, an AWS SSO group, or an IAM user) or an AWS IoT SiteWise Monitor resource (a portal or project).
See also: AWS API Documentation
Request Syntax
client.list_access_policies( identityType='USER'|'GROUP'|'IAM', identityId='string', resourceType='PORTAL'|'PROJECT', resourceId='string', iamArn='string', nextToken='string', maxResults=123 )
string
The type of identity (AWS SSO user, AWS SSO group, or IAM user). This parameter is required if you specify identityId .
string
The ID of the identity. This parameter is required if you specify USER or GROUP for identityType .
string
The type of resource (portal or project). This parameter is required if you specify resourceId .
string
The ID of the resource. This parameter is required if you specify resourceType .
string
The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide . This parameter is required if you specify IAM for identityType .
string
The token to be used for the next set of paginated results.
integer
The maximum number of results to be returned per paginated request.
Default: 50
dict
Response Syntax
{ 'accessPolicySummaries': [ { 'id': 'string', 'identity': { 'user': { 'id': 'string' }, 'group': { 'id': 'string' }, 'iamUser': { 'arn': 'string' } }, 'resource': { 'portal': { 'id': 'string' }, 'project': { 'id': 'string' } }, 'permission': 'ADMINISTRATOR'|'VIEWER', 'creationDate': datetime(2015, 1, 1), 'lastUpdateDate': datetime(2015, 1, 1) }, ], 'nextToken': 'string' }
Response Structure
(dict) --
accessPolicySummaries (list) --
A list that summarizes each access policy.
(dict) --
Contains an access policy that defines an identity's access to an AWS IoT SiteWise Monitor resource.
id (string) --
The ID of the access policy.
identity (dict) --
The identity (an AWS SSO user, an AWS SSO group, or an IAM user).
user (dict) --
An AWS SSO user identity.
id (string) --
The AWS SSO ID of the user.
group (dict) --
An AWS SSO group identity.
id (string) --
The AWS SSO ID of the group.
iamUser (dict) --
An IAM user identity.
arn (string) --
The ARN of the IAM user. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
resource (dict) --
The AWS IoT SiteWise Monitor resource (a portal or project).
portal (dict) --
A portal resource.
id (string) --
The ID of the portal.
project (dict) --
A project resource.
id (string) --
The ID of the project.
permission (string) --
The permissions for the access policy. Note that a project ADMINISTRATOR is also known as a project owner.
creationDate (datetime) --
The date the access policy was created, in Unix epoch time.
lastUpdateDate (datetime) --
The date the access policy was last updated, in Unix epoch time.
nextToken (string) --
The token for the next set of results, or null if there are no additional results.
{'accessPolicyIdentity': {'iamUser': {'arn': 'string'}}}
Updates an existing access policy that specifies an identity's access to an AWS IoT SiteWise Monitor portal or project resource.
See also: AWS API Documentation
Request Syntax
client.update_access_policy( accessPolicyId='string', accessPolicyIdentity={ 'user': { 'id': 'string' }, 'group': { 'id': 'string' }, 'iamUser': { 'arn': 'string' } }, accessPolicyResource={ 'portal': { 'id': 'string' }, 'project': { 'id': 'string' } }, accessPolicyPermission='ADMINISTRATOR'|'VIEWER', clientToken='string' )
string
[REQUIRED]
The ID of the access policy.
dict
[REQUIRED]
The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.
user (dict) --
An AWS SSO user identity.
id (string) -- [REQUIRED]
The AWS SSO ID of the user.
group (dict) --
An AWS SSO group identity.
id (string) -- [REQUIRED]
The AWS SSO ID of the group.
iamUser (dict) --
An IAM user identity.
arn (string) -- [REQUIRED]
The ARN of the IAM user. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
dict
[REQUIRED]
The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
portal (dict) --
A portal resource.
id (string) -- [REQUIRED]
The ID of the portal.
project (dict) --
A project resource.
id (string) -- [REQUIRED]
The ID of the project.
string
[REQUIRED]
The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.
string
A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.
This field is autopopulated if not provided.
dict
Response Syntax
{}
Response Structure
(dict) --