AWS API Changes

2021/02/03 - AWS IoT SiteWise - 1 new 4 updated api methods

Changes Update AccessPolicy API input to support IAM role for IAM mode. Iam role is added as part of accessPolicyIdentity.

CreatePresignedPortalUrl (new)

Link ¶

See also: AWS API Documentation

Request Syntax

client.create_presigned_portal_url(
    portalId='string',
    sessionDurationSeconds=123,
    state='string'
)

type portalId

string

param portalId

[REQUIRED]

type sessionDurationSeconds

integer

param sessionDurationSeconds

type state

string

param state

rtype

dict

returns

Response Syntax

{
    'presignedPortalUrl': 'string'
}

Response Structure

(dict) --
- presignedPortalUrl (string) --

CreateAccessPolicy (updated)

Link ¶
Changes (request)

{'accessPolicyIdentity': {'iamRole': {'arn': 'string'}}}

Creates an access policy that grants the specified identity (AWS SSO user, AWS SSO group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.

See also: AWS API Documentation

Request Syntax

client.create_access_policy(
    accessPolicyIdentity={
        'user': {
            'id': 'string'
        },
        'group': {
            'id': 'string'
        },
        'iamUser': {
            'arn': 'string'
        },
        'iamRole': {
            'arn': 'string'
        }
    },
    accessPolicyResource={
        'portal': {
            'id': 'string'
        },
        'project': {
            'id': 'string'
        }
    },
    accessPolicyPermission='ADMINISTRATOR'|'VIEWER',
    clientToken='string',
    tags={
        'string': 'string'
    }
)

type accessPolicyIdentity

dict

param accessPolicyIdentity

[REQUIRED]

The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.

user (dict) --

An AWS SSO user identity.
- id (string) -- [REQUIRED]
  
  The AWS SSO ID of the user.
group (dict) --

An AWS SSO group identity.
- id (string) -- [REQUIRED]
  
  The AWS SSO ID of the group.
iamUser (dict) --

An IAM user identity.
- arn (string) -- [REQUIRED]
  
  The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
  
  Note
  
  If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
iamRole (dict) --

An IAM role identity.
- arn (string) -- [REQUIRED]
  
  The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide .

type accessPolicyResource

dict

param accessPolicyResource

[REQUIRED]

The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

portal (dict) --

A portal resource.
- id (string) -- [REQUIRED]
  
  The ID of the portal.
project (dict) --

A project resource.
- id (string) -- [REQUIRED]
  
  The ID of the project.

type accessPolicyPermission

string

param accessPolicyPermission

[REQUIRED]

The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.

type clientToken

string

param clientToken

A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

This field is autopopulated if not provided.

type tags

dict

param tags

A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide .

(string) --
- (string) --

rtype

dict

returns

Response Syntax

{
    'accessPolicyId': 'string',
    'accessPolicyArn': 'string'
}

Response Structure

(dict) --
- accessPolicyId (string) --
  
  The ID of the access policy.
- accessPolicyArn (string) --
  
  The ARN of the access policy, which has the following format.
  
  arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}

DescribeAccessPolicy (updated)

Link ¶
Changes (response)

{'accessPolicyIdentity': {'iamRole': {'arn': 'string'}}}

Describes an access policy, which specifies an identity's access to an AWS IoT SiteWise Monitor portal or project.

See also: AWS API Documentation

Request Syntax

client.describe_access_policy(
    accessPolicyId='string'
)

type accessPolicyId

string

param accessPolicyId

[REQUIRED]

The ID of the access policy.

rtype

dict

returns

Response Syntax

{
    'accessPolicyId': 'string',
    'accessPolicyArn': 'string',
    'accessPolicyIdentity': {
        'user': {
            'id': 'string'
        },
        'group': {
            'id': 'string'
        },
        'iamUser': {
            'arn': 'string'
        },
        'iamRole': {
            'arn': 'string'
        }
    },
    'accessPolicyResource': {
        'portal': {
            'id': 'string'
        },
        'project': {
            'id': 'string'
        }
    },
    'accessPolicyPermission': 'ADMINISTRATOR'|'VIEWER',
    'accessPolicyCreationDate': datetime(2015, 1, 1),
    'accessPolicyLastUpdateDate': datetime(2015, 1, 1)
}

Response Structure

(dict) --
- accessPolicyId (string) --
  
  The ID of the access policy.
- accessPolicyArn (string) --
  
  The ARN of the access policy, which has the following format.
  
  arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}
- accessPolicyIdentity (dict) --
  
  The identity (AWS SSO user, AWS SSO group, or IAM user) to which this access policy applies.
  - user (dict) --
    
    An AWS SSO user identity.
    - id (string) --
      
      The AWS SSO ID of the user.
  - group (dict) --
    
    An AWS SSO group identity.
    - id (string) --
      
      The AWS SSO ID of the group.
  - iamUser (dict) --
    
    An IAM user identity.
    - arn (string) --
      
      The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
      
      Note
      
      If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
  - iamRole (dict) --
    
    An IAM role identity.
    - arn (string) --
      
      The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide .
- accessPolicyResource (dict) --
  
  The AWS IoT SiteWise Monitor resource (portal or project) to which this access policy provides access.
  - portal (dict) --
    
    A portal resource.
    - id (string) --
      
      The ID of the portal.
  - project (dict) --
    
    A project resource.
    - id (string) --
      
      The ID of the project.
- accessPolicyPermission (string) --
  
  The access policy permission. Note that a project ADMINISTRATOR is also known as a project owner.
- accessPolicyCreationDate (datetime) --
  
  The date the access policy was created, in Unix epoch time.
- accessPolicyLastUpdateDate (datetime) --
  
  The date the access policy was last updated, in Unix epoch time.

ListAccessPolicies (updated)

Link ¶
Changes (response)

{'accessPolicySummaries': {'identity': {'iamRole': {'arn': 'string'}}}}

Retrieves a paginated list of access policies for an identity (an AWS SSO user, an AWS SSO group, or an IAM user) or an AWS IoT SiteWise Monitor resource (a portal or project).

See also: AWS API Documentation

Request Syntax

client.list_access_policies(
    identityType='USER'|'GROUP'|'IAM',
    identityId='string',
    resourceType='PORTAL'|'PROJECT',
    resourceId='string',
    iamArn='string',
    nextToken='string',
    maxResults=123
)

type identityType

string

param identityType

The type of identity (AWS SSO user, AWS SSO group, or IAM user). This parameter is required if you specify identityId .

type identityId

string

param identityId

The ID of the identity. This parameter is required if you specify USER or GROUP for identityType .

type resourceType

string

param resourceType

The type of resource (portal or project). This parameter is required if you specify resourceId .

type resourceId

string

param resourceId

The ID of the resource. This parameter is required if you specify resourceType .

type iamArn

string

param iamArn

The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide . This parameter is required if you specify IAM for identityType .

type nextToken

string

param nextToken

The token to be used for the next set of paginated results.

type maxResults

integer

param maxResults

The maximum number of results to be returned per paginated request.

Default: 50

rtype

dict

returns

Response Syntax

{
    'accessPolicySummaries': [
        {
            'id': 'string',
            'identity': {
                'user': {
                    'id': 'string'
                },
                'group': {
                    'id': 'string'
                },
                'iamUser': {
                    'arn': 'string'
                },
                'iamRole': {
                    'arn': 'string'
                }
            },
            'resource': {
                'portal': {
                    'id': 'string'
                },
                'project': {
                    'id': 'string'
                }
            },
            'permission': 'ADMINISTRATOR'|'VIEWER',
            'creationDate': datetime(2015, 1, 1),
            'lastUpdateDate': datetime(2015, 1, 1)
        },
    ],
    'nextToken': 'string'
}

Response Structure

(dict) --
- accessPolicySummaries (list) --
  
  A list that summarizes each access policy.
  - (dict) --
    
    Contains an access policy that defines an identity's access to an AWS IoT SiteWise Monitor resource.
    - id (string) --
      
      The ID of the access policy.
    - identity (dict) --
      
      The identity (an AWS SSO user, an AWS SSO group, or an IAM user).
      - user (dict) --
        
        An AWS SSO user identity.
        
        id (string) --
        
        The AWS SSO ID of the user.
      - group (dict) --
        
        An AWS SSO group identity.
        
        id (string) --
        
        The AWS SSO ID of the group.
      - iamUser (dict) --
        
        An IAM user identity.
        
        arn (string) --
        
        The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
        
        Note
        
        If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
      - iamRole (dict) --
        
        An IAM role identity.
        
        arn (string) --
        
        The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide .
    - resource (dict) --
      
      The AWS IoT SiteWise Monitor resource (a portal or project).
      - portal (dict) --
        
        A portal resource.
        
        id (string) --
        
        The ID of the portal.
      - project (dict) --
        
        A project resource.
        
        id (string) --
        
        The ID of the project.
    - permission (string) --
      
      The permissions for the access policy. Note that a project ADMINISTRATOR is also known as a project owner.
    - creationDate (datetime) --
      
      The date the access policy was created, in Unix epoch time.
    - lastUpdateDate (datetime) --
      
      The date the access policy was last updated, in Unix epoch time.
- nextToken (string) --
  
  The token for the next set of results, or null if there are no additional results.

UpdateAccessPolicy (updated)

Link ¶
Changes (request)

{'accessPolicyIdentity': {'iamRole': {'arn': 'string'}}}

Updates an existing access policy that specifies an identity's access to an AWS IoT SiteWise Monitor portal or project resource.

See also: AWS API Documentation

Request Syntax

client.update_access_policy(
    accessPolicyId='string',
    accessPolicyIdentity={
        'user': {
            'id': 'string'
        },
        'group': {
            'id': 'string'
        },
        'iamUser': {
            'arn': 'string'
        },
        'iamRole': {
            'arn': 'string'
        }
    },
    accessPolicyResource={
        'portal': {
            'id': 'string'
        },
        'project': {
            'id': 'string'
        }
    },
    accessPolicyPermission='ADMINISTRATOR'|'VIEWER',
    clientToken='string'
)

type accessPolicyId

string

param accessPolicyId

[REQUIRED]

The ID of the access policy.

type accessPolicyIdentity

dict

param accessPolicyIdentity

[REQUIRED]

The identity for this access policy. Choose an AWS SSO user, an AWS SSO group, or an IAM user.

user (dict) --

An AWS SSO user identity.
- id (string) -- [REQUIRED]
  
  The AWS SSO ID of the user.
group (dict) --

An AWS SSO group identity.
- id (string) -- [REQUIRED]
  
  The AWS SSO ID of the group.
iamUser (dict) --

An IAM user identity.
- arn (string) -- [REQUIRED]
  
  The ARN of the IAM user. For more information, see IAM ARNs in the IAM User Guide .
  
  Note
  
  If you delete the IAM user, access policies that contain this identity include an empty arn . You can delete the access policy for the IAM user that no longer exists.
iamRole (dict) --

An IAM role identity.
- arn (string) -- [REQUIRED]
  
  The ARN of the IAM role. For more information, see IAM ARNs in the IAM User Guide .

type accessPolicyResource

dict

param accessPolicyResource

[REQUIRED]

The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

portal (dict) --

A portal resource.
- id (string) -- [REQUIRED]
  
  The ID of the portal.
project (dict) --

A project resource.
- id (string) -- [REQUIRED]
  
  The ID of the project.

type accessPolicyPermission

string

param accessPolicyPermission

[REQUIRED]

The permission level for this access policy. Note that a project ADMINISTRATOR is also known as a project owner.

type clientToken

string

param clientToken

A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.

This field is autopopulated if not provided.

rtype

dict

returns

Response Syntax

{}

Response Structure

(dict) --