# Integrate Amazon IoT SiteWise and Amazon IoT TwinMaker
<a name="integrate-tm"></a>

Integrating with Amazon IoT TwinMaker grants access to robust functionality in Amazon IoT SiteWise, such as Amazon IoT SiteWise data retrieval `ExecuteQuery` API and advanced asset search in the Amazon IoT SiteWise console. To integrate the services and use these features, you must first enable the integration.

**Topics**
+ [Enabling the integration](#it-enable)
+ [Integrating Amazon IoT SiteWise and Amazon IoT TwinMaker](#it-integrate)

## Enabling the integration
<a name="it-enable"></a>

Administrators can use Amazon JSON policies to specify who has access to what. That is, which *principal* can perform *actions* on what *resources*, and under what *conditions*. The `Action` element of a JSON policy describes the actions that you can use to allow or deny access in a policy. For more information about Amazon IoT SiteWise supported actions, see [Actions defined by Amazon IoT SiteWise](https://docs.amazonaws.cn/service-authorization/latest/reference/list_awsiotsitewise.html#awsiotsitewise-actions-as-permissions) in the *Service Authorization Reference*.

For more information about Amazon IoT TwinMaker service-linked role, see [Service-linked roles for Amazon IoT TwinMaker](https://docs.amazonaws.cn/iot-twinmaker/latest/guide/security_iam_service-with-iam.html#security_iam_service-with-iam-roles-service-linked) in the *Amazon IoT TwinMaker User Guide*.

Before you can integrate Amazon IoT SiteWise and Amazon IoT TwinMaker, you must grant the following permissions that allow Amazon IoT SiteWise to integrate with an Amazon IoT TwinMaker linked workspace:
+ `iotsitewise:EnableSiteWiseIntegration` – Allows Amazon IoT SiteWise to integrate with a linked Amazon IoT TwinMaker workspace. This integration allows Amazon IoT TwinMaker to read all your modeling information in Amazon IoT SiteWise through an Amazon IoT TwinMaker service-linked role. To enable this permission, add the following policy to your IAM role:

------
#### [ JSON ]

****  

  ```
  {
    "Version":"2012-10-17",		 	 	 
    "Statement": [
      {
        "Effect": "Allow",
        "Action": [
          "iotsitewise:EnableSiteWiseIntegration"
        ],
        "Resource": "*"
      }
    ]
  }
  ```

------

## Integrating Amazon IoT SiteWise and Amazon IoT TwinMaker
<a name="it-integrate"></a>

To integrate Amazon IoT SiteWise and Amazon IoT TwinMaker, you must have the following:
+ Amazon IoT SiteWise service-linked role set up in your account
+ Amazon IoT TwinMaker service-linked role set up in your account
+ Amazon IoT TwinMaker workspace with ID `IoTSiteWiseDefaultWorkspace` in your account in the Region.

### To integrate by using the Amazon IoT SiteWise console
<a name="it-integrate-console"></a>

When you see the **Integration with Amazon IoT TwinMaker** banner in the console, choose **Grant permission**. The prerequisites are created in your account.

### To integrate by using the Amazon CLI
<a name="it-integrate-cli"></a>

To integrate Amazon IoT SiteWise and Amazon IoT TwinMaker by using the Amazon CLI, enter the following commands:

1. Call `CreateServiceLinkedRole` with an `AWSServiceName` of `iotsitewise.amazonaws.com`.

   ```
   aws iam create-service-linked-role --aws-service-name iotsitewise.amazonaws.com
   ```

1. Call `CreateServiceLinkedRole` with an `AWSServiceName` of ` iottwinmaker.amazonaws.com`.

   ```
   aws iam create-service-linked-role --aws-service-name iottwinmaker.amazonaws.com
   ```

1. Call `CreateWorkspace` with an `ID` of `IoTSiteWiseDefaultWorkspace`.

   ```
    aws iottwinmaker create-workspace --workspace-id IoTSiteWiseDefaultWorkspace
   ```