2021/02/03 - AWS IoT SiteWise - 1 new 4 updated api methods
Changes Update AccessPolicy API input to support IAM role for IAM mode. Iam role is added as part of accessPolicyIdentity.
See also: AWS API Documentation
Request Syntax
client.create_presigned_portal_url( portalId='string', sessionDurationSeconds=123, state='string' )
string
[REQUIRED]
integer
string
dict
Response Syntax
{ 'presignedPortalUrl': 'string' }
Response Structure
(dict) --
presignedPortalUrl (string) --
{'accessPolicyIdentity': {'iamRole': {'arn': 'string'}}}
Creates an access policy that grants the specified identity (AWS SSO user, AWS SSO group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.
See also: AWS API Documentation
Request Syntax
client.create_access_policy( accessPolicyIdentity={ 'user': { 'id': 'string' }, 'group': { 'id': 'string' }, 'iamUser': { 'arn': 'string' }, 'iamRole': { 'arn': 'string' } }, accessPolicyResource={ 'portal': { 'id': 'string' }, 'project': { 'id': 'string' } }, accessPolicyPermission='ADMINISTRATOR'|'VIEWER', clientToken='string', tags={ 'string': 'string' } )
dict
[REQUIRED]
The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.
user (dict) --
An AWS SSO user identity.
id (string) -- [REQUIRED]
The AWS SSO ID of the user.
group (dict) --
An AWS SSO group identity.
id (string) -- [REQUIRED]
The AWS SSO ID of the group.
iamUser (dict) --
An IAM user identity.
arn (string) -- [REQUIRED]
The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
iamRole (dict) --
An IAM role identity.
arn (string) -- [REQUIRED]
The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide .
dict
[REQUIRED]
The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
portal (dict) --
A portal resource.
id (string) -- [REQUIRED]
The ID of the portal.
project (dict) --
A project resource.
id (string) -- [REQUIRED]
The ID of the project.
string
[REQUIRED]
The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.
string
A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.
This field is autopopulated if not provided.
dict
A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide .
(string) --
(string) --
dict
Response Syntax
{ 'accessPolicyId': 'string', 'accessPolicyArn': 'string' }
Response Structure
(dict) --
accessPolicyId (string) --
The ID of the access policy.
accessPolicyArn (string) --
The ARN of the access policy, which has the following format.
arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}
{'accessPolicyIdentity': {'iamRole': {'arn': 'string'}}}
Describes an access policy, which specifies an identity's access to an AWS IoT SiteWise Monitor portal or project.
See also: AWS API Documentation
Request Syntax
client.describe_access_policy( accessPolicyId='string' )
string
[REQUIRED]
The ID of the access policy.
dict
Response Syntax
{ 'accessPolicyId': 'string', 'accessPolicyArn': 'string', 'accessPolicyIdentity': { 'user': { 'id': 'string' }, 'group': { 'id': 'string' }, 'iamUser': { 'arn': 'string' }, 'iamRole': { 'arn': 'string' } }, 'accessPolicyResource': { 'portal': { 'id': 'string' }, 'project': { 'id': 'string' } }, 'accessPolicyPermission': 'ADMINISTRATOR'|'VIEWER', 'accessPolicyCreationDate': datetime(2015, 1, 1), 'accessPolicyLastUpdateDate': datetime(2015, 1, 1) }
Response Structure
(dict) --
accessPolicyId (string) --
The ID of the access policy.
accessPolicyArn (string) --
The ARN of the access policy, which has the following format.
arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}
accessPolicyIdentity (dict) --
The identity (AWS SSO user, AWS SSO group, or IAM user) to which this access policy applies.
user (dict) --
An AWS SSO user identity.
id (string) --
The AWS SSO ID of the user.
group (dict) --
An AWS SSO group identity.
id (string) --
The AWS SSO ID of the group.
iamUser (dict) --
An IAM user identity.
arn (string) --
The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
iamRole (dict) --
An IAM role identity.
arn (string) --
The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide .
accessPolicyResource (dict) --
The AWS IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.
portal (dict) --
A portal resource.
id (string) --
The ID of the portal.
project (dict) --
A project resource.
id (string) --
The ID of the project.
accessPolicyPermission (string) --
The access policy permission. Note that a project ADMINISTRATOR is also known as a project owner.
accessPolicyCreationDate (datetime) --
The date the access policy was created, in Unix epoch time.
accessPolicyLastUpdateDate (datetime) --
The date the access policy was last updated, in Unix epoch time.
{'accessPolicySummaries': {'identity': {'iamRole': {'arn': 'string'}}}}
Retrieves a paginated list of access policies for an identity (an AWS SSO user, an AWS SSO group, or an IAM user) or an AWS IoT SiteWise Monitor resource (a portal or project).
See also: AWS API Documentation
Request Syntax
client.list_access_policies( identityType='USER'|'GROUP'|'IAM', identityId='string', resourceType='PORTAL'|'PROJECT', resourceId='string', iamArn='string', nextToken='string', maxResults=123 )
string
The type of identity (AWS SSO user, AWS SSO group, or IAM user). This parameter is required if you specify identityId .
string
The ID of the identity. This parameter is required if you specify USER or GROUP for identityType .
string
The type of resource (portal or project). This parameter is required if you specify resourceId .
string
The ID of the resource. This parameter is required if you specify resourceType .
string
The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide . This parameter is required if you specify IAM for identityType .
string
The token to be used for the next set of paginated results.
integer
The maximum number of results to be returned per paginated request.
Default: 50
dict
Response Syntax
{ 'accessPolicySummaries': [ { 'id': 'string', 'identity': { 'user': { 'id': 'string' }, 'group': { 'id': 'string' }, 'iamUser': { 'arn': 'string' }, 'iamRole': { 'arn': 'string' } }, 'resource': { 'portal': { 'id': 'string' }, 'project': { 'id': 'string' } }, 'permission': 'ADMINISTRATOR'|'VIEWER', 'creationDate': datetime(2015, 1, 1), 'lastUpdateDate': datetime(2015, 1, 1) }, ], 'nextToken': 'string' }
Response Structure
(dict) --
accessPolicySummaries (list) --
A list that summarizes each access policy.
(dict) --
Contains an access policy that defines an identity's access to an AWS IoT SiteWise Monitor resource.
id (string) --
The ID of the access policy.
identity (dict) --
The identity (an AWS SSO user, an AWS SSO group, or an IAM user).
user (dict) --
An AWS SSO user identity.
id (string) --
The AWS SSO ID of the user.
group (dict) --
An AWS SSO group identity.
id (string) --
The AWS SSO ID of the group.
iamUser (dict) --
An IAM user identity.
arn (string) --
The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
iamRole (dict) --
An IAM role identity.
arn (string) --
The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide .
resource (dict) --
The AWS IoT SiteWise Monitor resource (a portal or project).
portal (dict) --
A portal resource.
id (string) --
The ID of the portal.
project (dict) --
A project resource.
id (string) --
The ID of the project.
permission (string) --
The permissions for the access policy. Note that a project ADMINISTRATOR is also known as a project owner.
creationDate (datetime) --
The date the access policy was created, in Unix epoch time.
lastUpdateDate (datetime) --
The date the access policy was last updated, in Unix epoch time.
nextToken (string) --
The token for the next set of results, or null if there are no additional results.
{'accessPolicyIdentity': {'iamRole': {'arn': 'string'}}}
Updates an existing access policy that specifies an identity's access to an AWS IoT SiteWise Monitor portal or project resource.
See also: AWS API Documentation
Request Syntax
client.update_access_policy( accessPolicyId='string', accessPolicyIdentity={ 'user': { 'id': 'string' }, 'group': { 'id': 'string' }, 'iamUser': { 'arn': 'string' }, 'iamRole': { 'arn': 'string' } }, accessPolicyResource={ 'portal': { 'id': 'string' }, 'project': { 'id': 'string' } }, accessPolicyPermission='ADMINISTRATOR'|'VIEWER', clientToken='string' )
string
[REQUIRED]
The ID of the access policy.
dict
[REQUIRED]
The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.
user (dict) --
An AWS SSO user identity.
id (string) -- [REQUIRED]
The AWS SSO ID of the user.
group (dict) --
An AWS SSO group identity.
id (string) -- [REQUIRED]
The AWS SSO ID of the group.
iamUser (dict) --
An IAM user identity.
arn (string) -- [REQUIRED]
The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
Note
If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
iamRole (dict) --
An IAM role identity.
arn (string) -- [REQUIRED]
The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide .
dict
[REQUIRED]
The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
portal (dict) --
A portal resource.
id (string) -- [REQUIRED]
The ID of the portal.
project (dict) --
A project resource.
id (string) -- [REQUIRED]
The ID of the project.
string
[REQUIRED]
The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.
string
A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.
This field is autopopulated if not provided.
dict
Response Syntax
{}
Response Structure
(dict) --