access_policies

Creates, updates, deletes or gets an access_policy resource or lists access_policies in a region

Overview

Name	access_policies
Type	Resource
Description	Resource schema for AWS::IoTSiteWise::AccessPolicy
Id	awscc.iotsitewise.access_policies

Fields

get (all properties)

Name	Datatype	Description
access_policy_id	string	The ID of the access policy.
access_policy_arn	string	The ARN of the access policy.
▶access_policy_identity	object	The identity for this access policy. Choose either a user or a group but not both.
access_policy_permission	string	The permission level for this access policy. Valid values are ADMINISTRATOR or VIEWER.
▶access_policy_resource	object	The AWS IoT SiteWise Monitor resource for this access policy. Choose either portal or project but not both.
region	string	AWS region.

list (identifiers only)

Name	Datatype	Description
access_policy_id	string	The ID of the access policy.
region	string	AWS region.

For more information, see AWS::IoTSiteWise::AccessPolicy.

Methods

Name	Resource	Accessible by	Required Params
create_resource	access_policies	INSERT	AccessPolicyIdentity, AccessPolicyPermission, AccessPolicyResource, region
delete_resource	access_policies	DELETE	Identifier, region
update_resource	access_policies	UPDATE	Identifier, PatchDocument, region
list_resources	access_policies_list_only	SELECT	region
get_resource	access_policies	SELECT	Identifier, region

SELECT examples

get (all properties)

Gets all properties from an individual access_policy.

SELECT
  region,
  access_policy_id,
  access_policy_arn,
  access_policy_identity,
  access_policy_permission,
  access_policy_resource
FROM awscc.iotsitewise.access_policies
WHERE
  region = 'us-east-1' AND
  Identifier = '{{ access_policy_id }}';

list (identifiers only)

Lists all access_policies in a region.

SELECT
  region,
  access_policy_id
FROM awscc.iotsitewise.access_policies_list_only
WHERE
  region = 'us-east-1';

INSERT example

Use the following StackQL query and manifest file to create a new access_policy resource, using stack-deploy.

Required Properties

/*+ create */
INSERT INTO awscc.iotsitewise.access_policies (
  AccessPolicyIdentity,
  AccessPolicyPermission,
  AccessPolicyResource,
  region
)
SELECT
  '{{ access_policy_identity }}',
  '{{ access_policy_permission }}',
  '{{ access_policy_resource }}',
  '{{ region }}';

All Properties

/*+ create */
INSERT INTO awscc.iotsitewise.access_policies (
  AccessPolicyIdentity,
  AccessPolicyPermission,
  AccessPolicyResource,
  region
)
SELECT
  '{{ access_policy_identity }}',
  '{{ access_policy_permission }}',
  '{{ access_policy_resource }}',
  '{{ region }}';

Manifest

version: 1
name: stack name
description: stack description
providers:
  - aws
globals:
  - name: region
    value: '{{ vars.AWS_REGION }}'
resources:
  - name: access_policy
    props:
      - name: access_policy_identity
        value:
          user:
            id: '{{ id }}'
          iam_user:
            arn: '{{ arn }}'
          iam_role:
            arn: '{{ arn }}'
      - name: access_policy_permission
        value: '{{ access_policy_permission }}'
      - name: access_policy_resource
        value:
          portal:
            portal_auth_mode: '{{ portal_auth_mode }}'
            portal_contact_email: '{{ portal_contact_email }}'
            portal_description: '{{ portal_description }}'
            portal_name: '{{ portal_name }}'
            portal_type: '{{ portal_type }}'
            portal_type_configuration: {}
            role_arn: '{{ role_arn }}'
            notification_sender_email: '{{ notification_sender_email }}'
            alarms:
              alarm_role_arn: '{{ alarm_role_arn }}'
              notification_lambda_arn: '{{ notification_lambda_arn }}'
            tags:
              - key: '{{ key }}'
                value: '{{ value }}'
          project:
            portal_id: '{{ portal_id }}'
            project_name: '{{ project_name }}'
            project_description: '{{ project_description }}'
            asset_ids:
              - '{{ asset_ids[0] }}'
            tags:
              - null

UPDATE example

Use the following StackQL query and manifest file to update a access_policy resource, using stack-deploy.

/*+ update */
UPDATE awscc.iotsitewise.access_policies
SET PatchDocument = string('{{ {
    "AccessPolicyIdentity": access_policy_identity,
    "AccessPolicyPermission": access_policy_permission,
    "AccessPolicyResource": access_policy_resource
} | generate_patch_document }}')
WHERE
  region = '{{ region }}' AND
  Identifier = '{{ access_policy_id }}';

DELETE example

/*+ delete */
DELETE FROM awscc.iotsitewise.access_policies
WHERE
  Identifier = '{{ access_policy_id }}' AND
  region = 'us-east-1';

Permissions

To operate on the access_policies resource, the following permissions are required:

Create

iotsitewise:CreateAccessPolicy

Read

iotsitewise:DescribeAccessPolicy

Update

iotsitewise:DescribeAccessPolicy,
iotsitewise:UpdateAccessPolicy

Delete

iotsitewise:DescribeAccessPolicy,
iotsitewise:DeleteAccessPolicy

List

iotsitewise:ListAccessPolicies,
iotsitewise:ListProjects,
iotsitewise:ListPortals