IoTSiteWise / Client / create_access_policy

create_access_policy#

IoTSiteWise.Client.create_access_policy(**kwargs)#

Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified IoT SiteWise Monitor portal or project resource.

See also: AWS API Documentation

Request Syntax

response = client.create_access_policy(
    accessPolicyIdentity={
        'user': {
            'id': 'string'
        },
        'group': {
            'id': 'string'
        },
        'iamUser': {
            'arn': 'string'
        },
        'iamRole': {
            'arn': 'string'
        }
    },
    accessPolicyResource={
        'portal': {
            'id': 'string'
        },
        'project': {
            'id': 'string'
        }
    },
    accessPolicyPermission='ADMINISTRATOR'|'VIEWER',
    clientToken='string',
    tags={
        'string': 'string'
    }
)
Parameters:

  • accessPolicyIdentity (dict) –

    [REQUIRED]

    The identity for this access policy. Choose an IAM Identity Center user, an IAM Identity Center group, or an IAM user.

    • user (dict) –

      An IAM Identity Center user identity.

      • id (string) – [REQUIRED]

        The IAM Identity Center ID of the user.

    • group (dict) –

      An IAM Identity Center group identity.

      • id (string) – [REQUIRED]

        The IAM Identity Center ID of the group.

    • iamUser (dict) –

      An IAM user identity.

      • arn (string) – [REQUIRED]

        The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide.

        Note

        If you delete the IAM user, access policies that contain this identity include an empty arn. You can delete the access policy for the IAM user that no longer exists.

    • iamRole (dict) –

      An IAM role identity.

      • arn (string) – [REQUIRED]

        The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide.

  • accessPolicyResource (dict) –

    [REQUIRED]

    The IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

    • portal (dict) –

      A portal resource.

      • id (string) – [REQUIRED]

        The ID of the portal.

    • project (dict) –

      A project resource.

      • id (string) – [REQUIRED]

        The ID of the project.

  • accessPolicyPermission (string) –

    [REQUIRED]

    The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.

  • clientToken (string) –

    A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don’t reuse this client token if a new idempotent request is required.

    This field is autopopulated if not provided.

  • tags (dict) –

    A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide.

    • (string) –

      • (string) –

Return type:

dict

Returns:

Response Syntax

{
    'accessPolicyId': 'string',
    'accessPolicyArn': 'string'
}

Response Structure

  • (dict) –

    • accessPolicyId (string) –

      The ID of the access policy.

    • accessPolicyArn (string) –

      The ARN of the access policy, which has the following format.

      arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}

Exceptions