CreateAccessPolicy - AWS IoT SiteWise

CreateAccessPolicy

Creates an access policy that grants the specified identity (AWS SSO user, AWS SSO group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.

Request Syntax

POST /access-policies HTTP/1.1 Content-type: application/json { "accessPolicyIdentity": { "group": { "id": "string" }, "iamUser": { "arn": "string" }, "user": { "id": "string" } }, "accessPolicyPermission": "string", "accessPolicyResource": { "portal": { "id": "string" }, "project": { "id": "string" } }, "clientToken": "string", "tags": { "string" : "string" } }

URI Request Parameters

The request does not use any URI parameters.

Request Body

The request accepts the following data in JSON format.

accessPolicyIdentity

The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.

Type: Identity object

Required: Yes

accessPolicyPermission

The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.

Type: String

Valid Values: ADMINISTRATOR | VIEWER

Required: Yes

accessPolicyResource

The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

Type: Resource object

Required: Yes

clientToken

A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

Type: String

Length Constraints: Minimum length of 36. Maximum length of 64.

Pattern: \S{36,64}

Required: No

tags

A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.

Type: String to string map

Map Entries: Maximum number of 50 items.

Key Length Constraints: Minimum length of 1. Maximum length of 128.

Value Length Constraints: Minimum length of 0. Maximum length of 256.

Required: No

Response Syntax

HTTP/1.1 201 Content-type: application/json { "accessPolicyArn": "string", "accessPolicyId": "string" }

Response Elements

If the action is successful, the service sends back an HTTP 201 response.

The following data is returned in JSON format by the service.

accessPolicyArn

The ARN of the access policy, which has the following format.

arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}

Type: String

Length Constraints: Minimum length of 1. Maximum length of 1600.

Pattern: .*

accessPolicyId

The ID of the access policy.

Type: String

Length Constraints: Fixed length of 36.

Pattern: ^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$

Errors

For information about the errors that are common to all actions, see Common Errors.

InternalFailureException

AWS IoT SiteWise can't process your request right now. Try again later.

HTTP Status Code: 500

InvalidRequestException

The request isn't valid. This can occur if your request contains malformed JSON or unsupported characters. Check your request and try again.

HTTP Status Code: 400

LimitExceededException

You've reached the limit for a resource. For example, this can occur if you're trying to associate more than the allowed number of child assets or attempting to create more than the allowed number of properties for an asset model.

For more information, see Quotas in the AWS IoT SiteWise User Guide.

HTTP Status Code: 410

ResourceNotFoundException

The requested resource can't be found.

HTTP Status Code: 404

ThrottlingException

Your request exceeded a rate limit. For example, you might have exceeded the number of AWS IoT SiteWise assets that can be created per second, the allowed number of messages per second, and so on.

For more information, see Quotas in the AWS IoT SiteWise User Guide.

HTTP Status Code: 429

See Also

For more information about using this API in one of the language-specific AWS SDKs, see the following: