AWSIoTSiteWiseReadOnlyAccess AWSServiceRoleForIoTSiteWise Policy updates

Amazon managed policies for Amazon IoT SiteWise

Simplify adding permissions to users, groups, and roles using Amazon managed policies rather than to writing policies yourself. It takes time and expertise to create IAM customer managed policies that provide your team precise permissions. For a faster setup, consider using our Amazon managed policies for common use cases. Find Amazon managed policies in your Amazon account. For more information about Amazon managed policies, see Amazon managed policies in the IAM User Guide.

Amazon services take care of updating and maintaining Amazon managed policies, meaning you cannot modify these policies' permissions. Occasionally, Amazon IoT SiteWise may add permissions to accommodate new features, impacting all identities with the policy attached. Such updates are common with the introduction of new services or features. However, permissions are never removed, ensuring your setups remain intact.

Additionally, Amazon supports managed policies for job functions that span multiple services. For example, the ReadOnlyAccess Amazon managed policy provides read-only access to all Amazon services and resources. When a service launches a new feature, Amazon adds read-only permissions for new operations and resources. For a list with descriptions of job function policies, see Amazon managed policies for job functions in the IAM User Guide.

Amazon managed policy: AWSIoTSiteWiseReadOnlyAccess

Use the AWSIoTSiteWiseReadOnlyAccess Amazon managed policy to allow read-only access to Amazon IoT SiteWise.

You can attach the AWSIoTSiteWiseReadOnlyAccess policy to your IAM identities.

Service-level permissions

This policy provides read-only access to Amazon IoT SiteWise, including permissions to execute read-only SQL queries. No other service permissions are included in this policy.

JSON


{
    "Version":"2012-10-17",		 	 	 
    "Statement": [
        {
        "Effect": "Allow",
        "Action": [
                "iotsitewise:BatchGetAssetPropertyAggregates",
                "iotsitewise:BatchGetAssetPropertyValue",
                "iotsitewise:BatchGetAssetPropertyValueHistory",
                "iotsitewise:DescribeAccessPolicy",
                "iotsitewise:DescribeAction",
                "iotsitewise:DescribeAsset",
                "iotsitewise:DescribeAssetCompositeModel",
                "iotsitewise:DescribeAssetModel",
                "iotsitewise:DescribeAssetModelCompositeModel",
                "iotsitewise:DescribeAssetModelInterfaceRelationship",
                "iotsitewise:DescribeAssetProperty",
                "iotsitewise:DescribeBulkImportJob",
                "iotsitewise:DescribeComputationModel",
                "iotsitewise:DescribeComputationModelExecutionSummary",
                "iotsitewise:DescribeDashboard",
                "iotsitewise:DescribeDataset",
                "iotsitewise:DescribeDefaultEncryptionConfiguration",
                "iotsitewise:DescribeExecution",
                "iotsitewise:DescribeGateway",
                "iotsitewise:DescribeGatewayCapabilityConfiguration",
                "iotsitewise:DescribeLoggingOptions",
                "iotsitewise:DescribePortal",
                "iotsitewise:DescribeProject",
                "iotsitewise:DescribeStorageConfiguration",
                "iotsitewise:DescribeTimeSeries",
                "iotsitewise:GetAssetPropertyAggregates",
                "iotsitewise:GetAssetPropertyValue",
                "iotsitewise:GetAssetPropertyValueHistory",
                "iotsitewise:GetInterpolatedAssetPropertyValues",
                "iotsitewise:ListAccessPolicies",
                "iotsitewise:ListActions",
                "iotsitewise:ListAssetModelCompositeModels",
                "iotsitewise:ListAssetModelProperties",
                "iotsitewise:ListAssetModels",
                "iotsitewise:ListAssetProperties",
                "iotsitewise:ListAssetRelationships",
                "iotsitewise:ListAssets",
                "iotsitewise:ListAssociatedAssets",
                "iotsitewise:ListBulkImportJobs",
                "iotsitewise:ListCompositionRelationships",
                "iotsitewise:ListComputationModelDataBindingUsages",
                "iotsitewise:ListComputationModelResolveToResources",
                "iotsitewise:ListComputationModels",
                "iotsitewise:ListDashboards",
                "iotsitewise:ListDatasets",
                "iotsitewise:ListExecutions",
                "iotsitewise:ListGateways",
                "iotsitewise:ListInterfaceRelationships",
                "iotsitewise:ListPortals",
                "iotsitewise:ListProjectAssets",
                "iotsitewise:ListProjects",
                "iotsitewise:ListTagsForResource",
                "iotsitewise:ListTimeSeries"
            ],
            "Resource": "*"
        }
    ]
}

Amazon managed policy: AWSServiceRoleForIoTSiteWise

The AWSServiceRoleForIoTSiteWise role uses the AWSServiceRoleForIoTSiteWise policy with the following permissions. This policy:

Allows Amazon IoT SiteWise to deploy SiteWise Edge gateways (which run on Amazon IoT Greengrass).
Allows Amazon IoT SiteWise to perform logging.
Allows Amazon IoT SiteWise to run a metadata search query, against the Amazon IoT TwinMaker database.

If you are using Amazon IoT SiteWise with a singe user account,the AWSServiceRoleForIoTSiteWise role creates the AWSServiceRoleForIoTSiteWise policy in your IAM account, and attaches it to the AWSServiceRoleForIoTSiteWise Service-linked roles for Amazon IoT SiteWise.

Amazon IoT SiteWise updates to Amazon managed policies

You can view details about updates to Amazon managed policies for Amazon IoT SiteWise, beginning from when this service began tracking the changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Amazon IoT SiteWise Document history page.

Change	Description	Date
AWSServiceRoleForIoTSiteWise – Update to an existing policy	Amazon IoT SiteWise now can run a metadata search query, against the Amazon IoT TwinMaker database.	November 6, 2023
AWSIoTSiteWiseReadOnlyAccess – Update to an existing policy	Amazon IoT SiteWise added a new policy prefix, `BatchGet*`, that enables you to do batch read operations.	September 16, 2022
AWSIoTSiteWiseReadOnlyAccess – New policy	Amazon IoT SiteWise added a new policy to grant read-only access to Amazon IoT SiteWise.	November 24, 2021
Amazon IoT SiteWise started tracking changes	Amazon IoT SiteWise started tracking changes for its Amazon managed policies.	November 24, 2021

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Manage access using policies in Amazon IoT SiteWise

Service-linked roles