You are viewing the documentation for an older major version of the AWS CLI (version 1).

AWS CLI version 2, the latest major version of AWS CLI, is now stable and recommended for general use. To view this page for the AWS CLI version 2, click here. For more information see the AWS CLI version 2 installation instructions and migration guide.

[ aws . iotsitewise ]



Creates a portal, which can contain projects and dashboards. IoT SiteWise Monitor uses IAM Identity Center or IAM to authenticate portal users and manage user permissions.


Before you can sign in to a new portal, you must add at least one identity to that portal. For more information, see Adding or removing portal administrators in the IoT SiteWise User Guide .

See also: AWS API Documentation


--portal-name <value>
[--portal-description <value>]
--portal-contact-email <value>
[--client-token <value>]
[--portal-logo-image-file <value>]
--role-arn <value>
[--tags <value>]
[--portal-auth-mode <value>]
[--notification-sender-email <value>]
[--alarms <value>]
[--cli-input-json <value>]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]


--portal-name (string)

A friendly name for the portal.

--portal-description (string)

A description for the portal.

--portal-contact-email (string)

The Amazon Web Services administrator's contact email address.

--client-token (string)

A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

--portal-logo-image-file (structure)

A logo image to display in the portal. Upload a square, high-resolution image. The image is displayed on a dark background.

data -> (blob)

The image file contents, represented as a base64-encoded string. The file size must be less than 1 MB.

type -> (string)

The file type of the image.

Shorthand Syntax:


JSON Syntax:

  "data": blob,
  "type": "PNG"

--role-arn (string)

The ARN of a service role that allows the portal's users to access your IoT SiteWise resources on your behalf. For more information, see Using service roles for IoT SiteWise Monitor in the IoT SiteWise User Guide .

--tags (map)

A list of key-value pairs that contain metadata for the portal. For more information, see Tagging your IoT SiteWise resources in the IoT SiteWise User Guide .

key -> (string)

value -> (string)

Shorthand Syntax:


JSON Syntax:

{"string": "string"

--portal-auth-mode (string)

The service to use to authenticate users to the portal. Choose from the following options:

  • SSO – The portal uses IAM Identity Center to authenticate users and manage user permissions. Before you can create a portal that uses IAM Identity Center, you must enable IAM Identity Center. For more information, see Enabling IAM Identity Center in the IoT SiteWise User Guide . This option is only available in Amazon Web Services Regions other than the China Regions.
  • IAM – The portal uses Identity and Access Management to authenticate users and manage user permissions.

You can't change this value after you create a portal.

Default: SSO

Possible values:

  • IAM
  • SSO

--notification-sender-email (string)

The email address that sends alarm notifications.


If you use the IoT Events managed Lambda function to manage your emails, you must verify the sender email address in Amazon SES .

--alarms (structure)

Contains the configuration information of an alarm created in an IoT SiteWise Monitor portal. You can use the alarm to monitor an asset property and get notified when the asset property value is outside a specified range. For more information, see Monitoring with alarms in the IoT SiteWise Application Guide .

alarmRoleArn -> (string)

The ARN of the IAM role that allows the alarm to perform actions and access Amazon Web Services resources and services, such as IoT Events.

notificationLambdaArn -> (string)

The ARN of the Lambda function that manages alarm notifications. For more information, see Managing alarm notifications in the IoT Events Developer Guide .

Shorthand Syntax:


JSON Syntax:

  "alarmRoleArn": "string",
  "notificationLambdaArn": "string"

--cli-input-json (string) Performs service operation based on the JSON string provided. The JSON string follows the format provided by --generate-cli-skeleton. If other arguments are provided on the command line, the CLI values will override the JSON-provided values. It is not possible to pass arbitrary binary values using a JSON-provided value as the string will be taken literally.

--generate-cli-skeleton (string) Prints a JSON skeleton to standard output without sending an API request. If provided with no value or the value input, prints a sample input JSON that can be used as an argument for --cli-input-json. If provided with the value output, it validates the command inputs and returns a sample output JSON for that command.

Global Options

--debug (boolean)

Turn on debug logging.

--endpoint-url (string)

Override command's default URL with the given URL.

--no-verify-ssl (boolean)

By default, the AWS CLI uses SSL when communicating with AWS services. For each SSL connection, the AWS CLI will verify SSL certificates. This option overrides the default behavior of verifying SSL certificates.

--no-paginate (boolean)

Disable automatic pagination.

--output (string)

The formatting style for command output.

  • json
  • text
  • table

--query (string)

A JMESPath query to use in filtering the response data.

--profile (string)

Use a specific profile from your credential file.

--region (string)

The region to use. Overrides config/env settings.

--version (string)

Display the version of this tool.

--color (string)

Turn on/off color output.

  • on
  • off
  • auto

--no-sign-request (boolean)

Do not sign requests. Credentials will not be loaded if this argument is provided.

--ca-bundle (string)

The CA certificate bundle to use when verifying SSL certificates. Overrides config/env settings.

--cli-read-timeout (int)

The maximum socket read time in seconds. If the value is set to 0, the socket read will be blocking and not timeout. The default value is 60 seconds.

--cli-connect-timeout (int)

The maximum socket connect time in seconds. If the value is set to 0, the socket connect will be blocking and not timeout. The default value is 60 seconds.



To use the following examples, you must have the AWS CLI installed and configured. See the Getting started guide in the AWS CLI User Guide for more information.

Unless otherwise stated, all examples have unix-like quotation rules. These examples will need to be adapted to your terminal's quoting rules. See Using quotation marks with strings in the AWS CLI User Guide .

To create a portal

The following create-portal example creates a web portal for a wind farm company. You can create portals only in the same Region where you enabled AWS Single Sign-On.

aws iotsitewise create-portal \
    --portal-name WindFarmPortal \
    --portal-description "A portal that contains wind farm projects for Example Corp." \
    --portal-contact-email \
    --role-arn arn:aws:iam::123456789012:role/service-role/MySiteWiseMonitorServiceRole


    "portalId": "a1b2c3d4-5678-90ab-cdef-aaaaaEXAMPLE",
    "portalArn": "arn:aws:iotsitewise:us-west-2:123456789012:portal/a1b2c3d4-5678-90ab-cdef-aaaaaEXAMPLE",
    "portalStartUrl": "",
    "portalStatus": {
        "state": "CREATING"
    "ssoApplicationId": "ins-a1b2c3d4-EXAMPLE"

For more information, see Getting started with AWS IoT SiteWise Monitor in the AWS IoT SiteWise User Guide and Enabling AWS SSO in the AWS IoT SiteWise User Guide..


portalId -> (string)

The ID of the created portal.

portalArn -> (string)

The ARN of the portal, which has the following format.


portalStartUrl -> (string)

The URL for the IoT SiteWise Monitor portal. You can use this URL to access portals that use IAM Identity Center for authentication. For portals that use IAM for authentication, you must use the IoT SiteWise console to get a URL that you can use to access the portal.

portalStatus -> (structure)

The status of the portal, which contains a state (CREATING after successfully calling this operation) and any error message.

state -> (string)

The current state of the portal.

error -> (structure)

Contains associated error information, if any.

code -> (string)

The error code.

message -> (string)

The error message.

ssoApplicationId -> (string)

The associated IAM Identity Center application ID, if the portal uses IAM Identity Center.