access_policies
Creates, updates, deletes or gets an access_policy resource or lists access_policies in a region
Overview
| Name | access_policies |
| Type | Resource |
| Description | Resource schema for AWS::IoTSiteWise::AccessPolicy |
| Id | aws.iotsitewise.access_policies |
Fields
| Name | Datatype | Description |
|---|---|---|
access_policy_id | string | The ID of the access policy. |
access_policy_arn | string | The ARN of the access policy. |
access_policy_identity | object | The identity for this access policy. Choose either a user or a group but not both. |
access_policy_permission | string | The permission level for this access policy. Valid values are ADMINISTRATOR or VIEWER. |
access_policy_resource | object | The AWS IoT SiteWise Monitor resource for this access policy. Choose either portal or project but not both. |
region | string | AWS region. |
Methods
| Name | Accessible by | Required Params |
|---|---|---|
create_resource | INSERT | AccessPolicyIdentity, AccessPolicyPermission, AccessPolicyResource, region |
delete_resource | DELETE | data__Identifier, region |
update_resource | UPDATE | data__Identifier, data__PatchDocument, region |
list_resources | SELECT | region |
get_resource | SELECT | data__Identifier, region |
SELECT examples
Gets all access_policies in a region.
SELECT
region,
access_policy_id,
access_policy_arn,
access_policy_identity,
access_policy_permission,
access_policy_resource
FROM aws.iotsitewise.access_policies
WHERE region = 'us-east-1';
Gets all properties from an individual access_policy.
SELECT
region,
access_policy_id,
access_policy_arn,
access_policy_identity,
access_policy_permission,
access_policy_resource
FROM aws.iotsitewise.access_policies
WHERE region = 'us-east-1' AND data__Identifier = '<AccessPolicyId>';
INSERT example
Use the following StackQL query and manifest file to create a new access_policy resource, using stack-deploy.
- Required Properties
- All Properties
- Manifest
/*+ create */
INSERT INTO aws.iotsitewise.access_policies (
AccessPolicyIdentity,
AccessPolicyPermission,
AccessPolicyResource,
region
)
SELECT
'{{ AccessPolicyIdentity }}',
'{{ AccessPolicyPermission }}',
'{{ AccessPolicyResource }}',
'{{ region }}';
/*+ create */
INSERT INTO aws.iotsitewise.access_policies (
AccessPolicyIdentity,
AccessPolicyPermission,
AccessPolicyResource,
region
)
SELECT
'{{ AccessPolicyIdentity }}',
'{{ AccessPolicyPermission }}',
'{{ AccessPolicyResource }}',
'{{ region }}';
version: 1
name: stack name
description: stack description
providers:
- aws
globals:
- name: region
value: '{{ vars.AWS_REGION }}'
resources:
- name: access_policy
props:
- name: AccessPolicyIdentity
value:
User:
id: '{{ id }}'
IamUser:
arn: '{{ arn }}'
IamRole:
arn: '{{ arn }}'
- name: AccessPolicyPermission
value: '{{ AccessPolicyPermission }}'
- name: AccessPolicyResource
value:
Portal:
PortalAuthMode: '{{ PortalAuthMode }}'
PortalContactEmail: '{{ PortalContactEmail }}'
PortalDescription: '{{ PortalDescription }}'
PortalName: '{{ PortalName }}'
RoleArn: '{{ RoleArn }}'
NotificationSenderEmail: '{{ NotificationSenderEmail }}'
Alarms:
AlarmRoleArn: '{{ AlarmRoleArn }}'
NotificationLambdaArn: '{{ NotificationLambdaArn }}'
Tags:
- Key: '{{ Key }}'
Value: '{{ Value }}'
Project:
PortalId: '{{ PortalId }}'
ProjectName: '{{ ProjectName }}'
ProjectDescription: '{{ ProjectDescription }}'
AssetIds:
- '{{ AssetIds[0] }}'
Tags:
- null
DELETE example
/*+ delete */
DELETE FROM aws.iotsitewise.access_policies
WHERE data__Identifier = '<AccessPolicyId>'
AND region = 'us-east-1';
Permissions
To operate on the access_policies resource, the following permissions are required:
Create
iotsitewise:CreateAccessPolicy
Read
iotsitewise:DescribeAccessPolicy
Update
iotsitewise:DescribeAccessPolicy,
iotsitewise:UpdateAccessPolicy
Delete
iotsitewise:DescribeAccessPolicy,
iotsitewise:DeleteAccessPolicy
List
iotsitewise:ListAccessPolicies