AWS IoT SiteWise

2020/09/21 - AWS IoT SiteWise - 1 new 6 updated api methods

Changes  This release supports IAM mode for SiteWise Monitor portals

CreatePresignedPortalUrl (new) Link ¶

Creates a pre-signed URL to a portal. Use this operation to create URLs to portals that use AWS Identity and Access Management (IAM) to authenticate users. An IAM user with access to a portal can call this API to get a URL to that portal. The URL contains a session token that lets the IAM user access the portal.

See also: AWS API Documentation

Request Syntax

client.create_presigned_portal_url(
    portalId='string',
    sessionDurationSeconds=123
)
type portalId

string

param portalId

[REQUIRED]

The ID of the portal to access.

type sessionDurationSeconds

integer

param sessionDurationSeconds

The duration (in seconds) for which the session at the URL is valid.

Default: 900 seconds (15 minutes)

rtype

dict

returns

Response Syntax

{
    'presignedPortalUrl': 'string'
}

Response Structure

  • (dict) --

    • presignedPortalUrl (string) --

      The pre-signed URL to the portal. The URL contains the portal ID and a session token that lets you access the portal. The URL has the following format.

      https://<portal-id>.app.iotsitewise.aws/auth?token=<encrypted-token>

CreateAccessPolicy (updated) Link ¶
Changes (request)
{'accessPolicyIdentity': {'iamUser': {'arn': 'string'}}}

Creates an access policy that grants the specified identity (AWS SSO user, AWS SSO group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.

See also: AWS API Documentation

Request Syntax

client.create_access_policy(
    accessPolicyIdentity={
        'user': {
            'id': 'string'
        },
        'group': {
            'id': 'string'
        },
        'iamUser': {
            'arn': 'string'
        }
    },
    accessPolicyResource={
        'portal': {
            'id': 'string'
        },
        'project': {
            'id': 'string'
        }
    },
    accessPolicyPermission='ADMINISTRATOR'|'VIEWER',
    clientToken='string',
    tags={
        'string': 'string'
    }
)
type accessPolicyIdentity

dict

param accessPolicyIdentity

[REQUIRED]

The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.

  • user (dict) --

    An AWS SSO user identity.

    • id (string) -- [REQUIRED]

      The AWS SSO ID of the user.

  • group (dict) --

    An AWS SSO group identity.

    • id (string) -- [REQUIRED]

      The AWS SSO ID of the group.

  • iamUser (dict) --

    An IAM user identity.

    • arn (string) -- [REQUIRED]

      The ARN of the IAM user. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. For more information, see IAM ARNs in the IAM User Guide .

      Note

      If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.

type accessPolicyResource

dict

param accessPolicyResource

[REQUIRED]

The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

  • portal (dict) --

    A portal resource.

    • id (string) -- [REQUIRED]

      The ID of the portal.

  • project (dict) --

    A project resource.

    • id (string) -- [REQUIRED]

      The ID of the project.

type accessPolicyPermission

string

param accessPolicyPermission

[REQUIRED]

The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.

type clientToken

string

param clientToken

A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

This field is autopopulated if not provided.

type tags

dict

param tags

A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide .

  • (string) --

    • (string) --

rtype

dict

returns

Response Syntax

{
    'accessPolicyId': 'string',
    'accessPolicyArn': 'string'
}

Response Structure

  • (dict) --

    • accessPolicyId (string) --

      The ID of the access policy.

    • accessPolicyArn (string) --

      The ARN of the access policy, which has the following format.

      arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}

CreatePortal (updated) Link ¶
Changes (request)
{'portalAuthMode': 'IAM | SSO'}

Creates a portal, which can contain projects and dashboards. AWS IoT SiteWise Monitor uses AWS SSO or IAM to authenticate portal users and manage user permissions.

Note

Before you can sign in to a new portal, you must add at least one identity to that portal. For more information, see Adding or removing portal administrators in the AWS IoT SiteWise User Guide .

See also: AWS API Documentation

Request Syntax

client.create_portal(
    portalName='string',
    portalDescription='string',
    portalContactEmail='string',
    clientToken='string',
    portalLogoImageFile={
        'data': b'bytes',
        'type': 'PNG'
    },
    roleArn='string',
    tags={
        'string': 'string'
    },
    portalAuthMode='IAM'|'SSO'
)
type portalName

string

param portalName

[REQUIRED]

A friendly name for the portal.

type portalDescription

string

param portalDescription

A description for the portal.

type portalContactEmail

string

param portalContactEmail

[REQUIRED]

The AWS administrator's contact email address.

type clientToken

string

param clientToken

A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

This field is autopopulated if not provided.

type portalLogoImageFile

dict

param portalLogoImageFile

A logo image to display in the portal. Upload a square, high-resolution image. The image is displayed on a dark background.

  • data (bytes) -- [REQUIRED]

    The image file contents, represented as a base64-encoded string. The file size must be less than 1 MB.

  • type (string) -- [REQUIRED]

    The file type of the image.

type roleArn

string

param roleArn

[REQUIRED]

The ARN of a service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide .

type tags

dict

param tags

A list of key-value pairs that contain metadata for the portal. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide .

  • (string) --

    • (string) --

type portalAuthMode

string

param portalAuthMode

The service to use to authenticate users to the portal. Choose from the following options:

  • SSO – The portal uses AWS Single Sign-On to authenticate users and manage user permissions. Before you can create a portal that uses AWS SSO, you must enable AWS SSO. For more information, see Enabling AWS SSO in the AWS IoT SiteWise User Guide . This option is only available in AWS Regions other than the China Regions.

  • IAM – The portal uses AWS Identity and Access Management (IAM) to authenticate users and manage user permissions. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. This option is only available in the China Regions.

You can't change this value after you create a portal.

Default: SSO

rtype

dict

returns

Response Syntax

{
    'portalId': 'string',
    'portalArn': 'string',
    'portalStartUrl': 'string',
    'portalStatus': {
        'state': 'CREATING'|'UPDATING'|'DELETING'|'ACTIVE'|'FAILED',
        'error': {
            'code': 'INTERNAL_FAILURE'|'VALIDATION_ERROR'|'LIMIT_EXCEEDED',
            'message': 'string'
        }
    },
    'ssoApplicationId': 'string'
}

Response Structure

  • (dict) --

    • portalId (string) --

      The ID of the created portal.

    • portalArn (string) --

      The ARN of the portal, which has the following format.

      arn:${Partition}:iotsitewise:${Region}:${Account}:portal/${PortalId}

    • portalStartUrl (string) --

      The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the CreatePresignedPortalUrl operation to create a URL that you can use to access the portal.

    • portalStatus (dict) --

      The status of the portal, which contains a state (CREATING after successfully calling this operation) and any error message.

      • state (string) --

        The current state of the portal.

      • error (dict) --

        Contains associated error information, if any.

        • code (string) --

          The error code.

        • message (string) --

          The error message.

    • ssoApplicationId (string) --

      The associated AWS SSO application ID, if the portal uses AWS SSO.

DescribeAccessPolicy (updated) Link ¶
Changes (response)
{'accessPolicyIdentity': {'iamUser': {'arn': 'string'}}}

Describes an access policy, which specifies an identity's access to an AWS IoT SiteWise Monitor portal or project.

See also: AWS API Documentation

Request Syntax

client.describe_access_policy(
    accessPolicyId='string'
)
type accessPolicyId

string

param accessPolicyId

[REQUIRED]

The ID of the access policy.

rtype

dict

returns

Response Syntax

{
    'accessPolicyId': 'string',
    'accessPolicyArn': 'string',
    'accessPolicyIdentity': {
        'user': {
            'id': 'string'
        },
        'group': {
            'id': 'string'
        },
        'iamUser': {
            'arn': 'string'
        }
    },
    'accessPolicyResource': {
        'portal': {
            'id': 'string'
        },
        'project': {
            'id': 'string'
        }
    },
    'accessPolicyPermission': 'ADMINISTRATOR'|'VIEWER',
    'accessPolicyCreationDate': datetime(2015, 1, 1),
    'accessPolicyLastUpdateDate': datetime(2015, 1, 1)
}

Response Structure

  • (dict) --

    • accessPolicyId (string) --

      The ID of the access policy.

    • accessPolicyArn (string) --

      The ARN of the access policy, which has the following format.

      arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}

    • accessPolicyIdentity (dict) --

      The identity (AWS SSO user, AWS SSO group, or IAM user) to which this access policy applies.

      • user (dict) --

        An AWS SSO user identity.

        • id (string) --

          The AWS SSO ID of the user.

      • group (dict) --

        An AWS SSO group identity.

        • id (string) --

          The AWS SSO ID of the group.

      • iamUser (dict) --

        An IAM user identity.

        • arn (string) --

          The ARN of the IAM user. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. For more information, see IAM ARNs in the IAM User Guide .

          Note

          If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.

    • accessPolicyResource (dict) --

      The AWS IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.

      • portal (dict) --

        A portal resource.

        • id (string) --

          The ID of the portal.

      • project (dict) --

        A project resource.

        • id (string) --

          The ID of the project.

    • accessPolicyPermission (string) --

      The access policy permission. Note that a project ADMINISTRATOR is also known as a project owner.

    • accessPolicyCreationDate (datetime) --

      The date the access policy was created, in Unix epoch time.

    • accessPolicyLastUpdateDate (datetime) --

      The date the access policy was last updated, in Unix epoch time.

DescribePortal (updated) Link ¶
Changes (response)
{'portalAuthMode': 'IAM | SSO'}

Retrieves information about a portal.

See also: AWS API Documentation

Request Syntax

client.describe_portal(
    portalId='string'
)
type portalId

string

param portalId

[REQUIRED]

The ID of the portal.

rtype

dict

returns

Response Syntax

{
    'portalId': 'string',
    'portalArn': 'string',
    'portalName': 'string',
    'portalDescription': 'string',
    'portalClientId': 'string',
    'portalStartUrl': 'string',
    'portalContactEmail': 'string',
    'portalStatus': {
        'state': 'CREATING'|'UPDATING'|'DELETING'|'ACTIVE'|'FAILED',
        'error': {
            'code': 'INTERNAL_FAILURE'|'VALIDATION_ERROR'|'LIMIT_EXCEEDED',
            'message': 'string'
        }
    },
    'portalCreationDate': datetime(2015, 1, 1),
    'portalLastUpdateDate': datetime(2015, 1, 1),
    'portalLogoImageLocation': {
        'id': 'string',
        'url': 'string'
    },
    'roleArn': 'string',
    'portalAuthMode': 'IAM'|'SSO'
}

Response Structure

  • (dict) --

    • portalId (string) --

      The ID of the portal.

    • portalArn (string) --

      The ARN of the portal, which has the following format.

      arn:${Partition}:iotsitewise:${Region}:${Account}:portal/${PortalId}

    • portalName (string) --

      The name of the portal.

    • portalDescription (string) --

      The portal's description.

    • portalClientId (string) --

      The AWS SSO application generated client ID (used with AWS SSO APIs). AWS IoT SiteWise includes portalClientId for only portals that use AWS SSO to authenticate users.

    • portalStartUrl (string) --

      The URL for the AWS IoT SiteWise Monitor portal. You can use this URL to access portals that use AWS SSO for authentication. For portals that use IAM for authentication, you must use the CreatePresignedPortalUrl operation to create a URL that you can use to access the portal.

    • portalContactEmail (string) --

      The AWS administrator's contact email address.

    • portalStatus (dict) --

      The current status of the portal, which contains a state and any error message.

      • state (string) --

        The current state of the portal.

      • error (dict) --

        Contains associated error information, if any.

        • code (string) --

          The error code.

        • message (string) --

          The error message.

    • portalCreationDate (datetime) --

      The date the portal was created, in Unix epoch time.

    • portalLastUpdateDate (datetime) --

      The date the portal was last updated, in Unix epoch time.

    • portalLogoImageLocation (dict) --

      The portal's logo image, which is available at a URL.

      • id (string) --

        The ID of the image.

      • url (string) --

        The URL where the image is available. The URL is valid for 15 minutes so that you can view and download the image

    • roleArn (string) --

      The ARN of the service role that allows the portal's users to access your AWS IoT SiteWise resources on your behalf. For more information, see Using service roles for AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide .

    • portalAuthMode (string) --

      The service to use to authenticate users to the portal.

ListAccessPolicies (updated) Link ¶
Changes (request, response)
Request
{'iamArn': 'string', 'identityType': {'IAM'}}
Response
{'accessPolicySummaries': {'identity': {'iamUser': {'arn': 'string'}}}}

Retrieves a paginated list of access policies for an identity (an AWS SSO user, an AWS SSO group, or an IAM user) or an AWS IoT SiteWise Monitor resource (a portal or project).

See also: AWS API Documentation

Request Syntax

client.list_access_policies(
    identityType='USER'|'GROUP'|'IAM',
    identityId='string',
    resourceType='PORTAL'|'PROJECT',
    resourceId='string',
    iamArn='string',
    nextToken='string',
    maxResults=123
)
type identityType

string

param identityType

The type of identity (AWS SSO user, AWS SSO group, or IAM user). This parameter is required if you specify identityId .

type identityId

string

param identityId

The ID of the identity. This parameter is required if you specify USER or GROUP for identityType .

type resourceType

string

param resourceType

The type of resource (portal or project). This parameter is required if you specify resourceId .

type resourceId

string

param resourceId

The ID of the resource. This parameter is required if you specify resourceType .

type iamArn

string

param iamArn

The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide . This parameter is required if you specify IAM for identityType .

type nextToken

string

param nextToken

The token to be used for the next set of paginated results.

type maxResults

integer

param maxResults

The maximum number of results to be returned per paginated request.

Default: 50

rtype

dict

returns

Response Syntax

{
    'accessPolicySummaries': [
        {
            'id': 'string',
            'identity': {
                'user': {
                    'id': 'string'
                },
                'group': {
                    'id': 'string'
                },
                'iamUser': {
                    'arn': 'string'
                }
            },
            'resource': {
                'portal': {
                    'id': 'string'
                },
                'project': {
                    'id': 'string'
                }
            },
            'permission': 'ADMINISTRATOR'|'VIEWER',
            'creationDate': datetime(2015, 1, 1),
            'lastUpdateDate': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

  • (dict) --

    • accessPolicySummaries (list) --

      A list that summarizes each access policy.

      • (dict) --

        Contains an access policy that defines an identity's access to an AWS IoT SiteWise Monitor resource.

        • id (string) --

          The ID of the access policy.

        • identity (dict) --

          The identity (an AWS SSO user, an AWS SSO group, or an IAM user).

          • user (dict) --

            An AWS SSO user identity.

            • id (string) --

              The AWS SSO ID of the user.

          • group (dict) --

            An AWS SSO group identity.

            • id (string) --

              The AWS SSO ID of the group.

          • iamUser (dict) --

            An IAM user identity.

            • arn (string) --

              The ARN of the IAM user. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. For more information, see IAM ARNs in the IAM User Guide .

              Note

              If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.

        • resource (dict) --

          The AWS IoT SiteWise Monitor resource (a portal or project).

          • portal (dict) --

            A portal resource.

            • id (string) --

              The ID of the portal.

          • project (dict) --

            A project resource.

            • id (string) --

              The ID of the project.

        • permission (string) --

          The permissions for the access policy. Note that a project ADMINISTRATOR is also known as a project owner.

        • creationDate (datetime) --

          The date the access policy was created, in Unix epoch time.

        • lastUpdateDate (datetime) --

          The date the access policy was last updated, in Unix epoch time.

    • nextToken (string) --

      The token for the next set of results, or null if there are no additional results.

UpdateAccessPolicy (updated) Link ¶
Changes (request)
{'accessPolicyIdentity': {'iamUser': {'arn': 'string'}}}

Updates an existing access policy that specifies an identity's access to an AWS IoT SiteWise Monitor portal or project resource.

See also: AWS API Documentation

Request Syntax

client.update_access_policy(
    accessPolicyId='string',
    accessPolicyIdentity={
        'user': {
            'id': 'string'
        },
        'group': {
            'id': 'string'
        },
        'iamUser': {
            'arn': 'string'
        }
    },
    accessPolicyResource={
        'portal': {
            'id': 'string'
        },
        'project': {
            'id': 'string'
        }
    },
    accessPolicyPermission='ADMINISTRATOR'|'VIEWER',
    clientToken='string'
)
type accessPolicyId

string

param accessPolicyId

[REQUIRED]

The ID of the access policy.

type accessPolicyIdentity

dict

param accessPolicyIdentity

[REQUIRED]

The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.

  • user (dict) --

    An AWS SSO user identity.

    • id (string) -- [REQUIRED]

      The AWS SSO ID of the user.

  • group (dict) --

    An AWS SSO group identity.

    • id (string) -- [REQUIRED]

      The AWS SSO ID of the group.

  • iamUser (dict) --

    An IAM user identity.

    • arn (string) -- [REQUIRED]

      The ARN of the IAM user. IAM users must have the iotsitewise:CreatePresignedPortalUrl permission to sign in to the portal. For more information, see IAM ARNs in the IAM User Guide .

      Note

      If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.

type accessPolicyResource

dict

param accessPolicyResource

[REQUIRED]

The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

  • portal (dict) --

    A portal resource.

    • id (string) -- [REQUIRED]

      The ID of the portal.

  • project (dict) --

    A project resource.

    • id (string) -- [REQUIRED]

      The ID of the project.

type accessPolicyPermission

string

param accessPolicyPermission

[REQUIRED]

The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.

type clientToken

string

param clientToken

A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{}

Response Structure

  • (dict) --