How AWS IoT SiteWise works with IAM

Before you use AWS Identity and Access Management (IAM) to manage access to AWS IoT SiteWise, you should understand what IAM features are available to use with AWS IoT SiteWise.

IAM feature	Supported by AWS IoT SiteWise?
Identity-based policies with resource-level permissions	Yes
Policy actions	Yes
Policy resources	Yes
Policy condition keys	Yes
Resource-based policies	No
Access control lists (ACLs)	No
Tags-based authorization (ABAC)	Yes
Temporary credentials	Yes
Forward access sessions (FAS)	Yes
Service-linked roles	Yes
Service roles	Yes

To get a high-level view of how AWS IoT SiteWise and other AWS services work with IAM, see AWS services that work with IAM in the IAM User Guide.

Contents

• AWS IoT SiteWise IAM roles
  • Using temporary credentials with AWS IoT SiteWise
  • Forward access sessions (FAS) for AWS IoT SiteWise
  • Service-linked roles
  • Service roles
  • Choosing an IAM role in AWS IoT SiteWise
• Authorization based on AWS IoT SiteWise tags
• AWS IoT SiteWise identity-based policies
  • Policy actions
    • BatchPutAssetPropertyValue authorization
  • Policy resources
  • Policy condition keys
  • Examples
• AWS IoT SiteWise identity-based policy examples
  • Policy best practices
  • Using the AWS IoT SiteWise console
  • Allowing users to view their own permissions
  • Allowing users to ingest data to assets in one hierarchy
  • Viewing AWS IoT SiteWise assets based on tags
• Managing access using policies
  • Identity-based policies
  • Resource-based policies
  • Access control lists (ACLs)
  • Other policy types
  • Multiple policy types