Configure permissions and settings
Data streams are automatically created in Amazon IoT SiteWise when the first time series data is received. If the data ingested is not associated with an asset property, Amazon IoT SiteWise creates a new disassociated data stream which is configurable to be associated with an asset property. Configure the access control of the gateway sending data to Amazon IoT SiteWise, using IAM policies to specify the type of data to be ingested.
The following IAM policy disables disassociated data ingestion from the gateway, while still allowing data ingestion to data streams associated with an asset property:
Example IAM user policy that disables disassociated data ingestion from the gateway
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowPutAssetPropertyValuesUsingAssetIdAndPropertyId", "Effect": "Allow", "Action": "iotsitewise:BatchPutAssetPropertyValue", "Resource": "arn:aws:iotsitewise:*:*:asset/*" }, { "Sid": "AllowPutAssetPropertyValuesUsingAliasWithAssociatedAssetProperty", "Effect": "Allow", "Action": "iotsitewise:BatchPutAssetPropertyValue", "Resource": "arn:aws:iotsitewise:*:*:time-series/*", "Condition": { "StringLikeIfExists": { "iotsitewise:isAssociatedWithAssetProperty": "true" } } }, { "Sid": "DenyPutAssetPropertyValuesUsingAliasWithNoAssociatedAssetProperty", "Effect": "Deny", "Action": "iotsitewise:BatchPutAssetPropertyValue", "Resource": "arn:aws:iotsitewise:*:*:time-series/*", "Condition": { "StringLikeIfExists": { "iotsitewise:isAssociatedWithAssetProperty": "false" } } } ] }
Example IAM user policy that disables all data ingestion from the gateway
{ "Version": "2012-10-17", "Statement": [ { "Sid": "DenyPutAssetPropertyValues", "Effect": "Deny", "Action": "iotsitewise:BatchPutAssetPropertyValue", "Resource": { "arn:aws:iotsitewise:*:*:asset/*", "arn:aws:iotsitewise:*:*:time-series/*" } } ] }