Amazon managed policies for Amazon IoT SiteWise
Simplify adding permissions to users, groups, and roles using Amazon managed policies rather than to writing policies yourself. It takes time and expertise to create IAM customer managed policies that provide your team precise permissions. For a faster setup, consider using our Amazon managed policies for common use cases. Find Amazon managed policies in your Amazon Web Services account. For more information about Amazon managed policies, see Amazon managed policies in the IAM User Guide.
Amazon services take care of updating and maintaining Amazon managed policies, meaning you cannot modify these policies' permissions. Occasionally, Amazon IoT SiteWise may add permissions to accommodate new features, impacting all identities with the policy attached. Such updates are common with the introduction of new services or features. However, permissions are never removed, ensuring your setups remain intact.
Additionally, Amazon supports managed policies for job functions that span multiple services. For example, the ReadOnlyAccess Amazon managed policy provides read-only access to all Amazon services and resources. When a service launches a new feature, Amazon adds read-only permissions for new operations and resources. For a list with descriptions of job function policies, see Amazon managed policies for job functions in the IAM User Guide.
Amazon managed policy: AWSIoTSiteWiseReadOnlyAccess
Use the AWSIoTSiteWiseReadOnlyAccess
Amazon managed policy to allow
read-only access to Amazon IoT SiteWise.
You can attach the AWSIoTSiteWiseReadOnlyAccess
policy to your IAM
identities.
Service-level permissions
This policy provides read-only access to Amazon IoT SiteWise. No other service permissions are included in this policy.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iotsitewise:Describe*", "iotsitewise:List*", "iotsitewise:BatchGet*", "iotsitewise:Get*" ], "Resource": "*" } ] }
Amazon managed policy: AWSServiceRoleForIoTSiteWise
The AWSServiceRoleForIoTSiteWise
role uses the AWSServiceRoleForIoTSiteWise
policy with the
following permissions. This policy:
-
Allows Amazon IoT SiteWise to deploy SiteWise Edge gateways (which run on
Amazon IoT Greengrass
). -
Allows Amazon IoT SiteWise to perform logging.
-
Allows Amazon IoT SiteWise to run a metadata search query, against the Amazon IoT TwinMaker database.
If you are using Amazon IoT SiteWise with a singe user account,the AWSServiceRoleForIoTSiteWise
role
creates the AWSServiceRoleForIoTSiteWise
policy in your IAM account, and attaches it to the
AWSServiceRoleForIoTSiteWise
service-linked roles for
Amazon IoT SiteWise.
{ "Version": "2012-10-17", "Statement": [ { "Sid": "AllowSiteWiseReadGreenGrass", "Effect": "Allow", "Action": [ "greengrass:GetAssociatedRole", "greengrass:GetCoreDefinition", "greengrass:GetCoreDefinitionVersion", "greengrass:GetGroup", "greengrass:GetGroupVersion" ], "Resource": "*" }, { "Sid": "AllowSiteWiseAccessLogGroup", "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:DescribeLogGroups" ], "Resource": "arn:aws-cn:logs:*:*:log-group:/aws/iotsitewise*" }, { "Sid": "AllowSiteWiseAccessLog", "Effect": "Allow", "Action": [ "logs:CreateLogStream", "logs:DescribeLogStreams", "logs:PutLogEvents" ], "Resource": "arn:aws-cn:logs:*:*:log-group:/aws/iotsitewise*:log-stream:*" }, { "Sid": "AllowSiteWiseAccessSiteWiseManagedWorkspaceInTwinMaker", "Effect": "Allow", "Action": [ "iottwinmaker:GetWorkspace", "iottwinmaker:ExecuteQuery" ], "Resource": "arn:aws-cn:iottwinmaker:*:*:workspace/*", "Condition": { "ForAnyValue:StringEquals": { "iottwinmaker:linkedServices": [ "IOTSITEWISE" ] } } } ] }
Amazon IoT SiteWise updates to Amazon managed policies
You can view details about updates to Amazon managed policies for Amazon IoT SiteWise, beginning from when this service began tracking the changes. For automatic alerts about changes to this page, subscribe to the RSS feed on the Amazon IoT SiteWise Document history page.
Change | Description | Date |
---|---|---|
AWSServiceRoleForIoTSiteWise – Update to an existing policy |
Amazon IoT SiteWise now can run a metadata search query, against the Amazon IoT TwinMaker database. |
November 6, 2023 |
AWSIoTSiteWiseReadOnlyAccess – Update to an existing policy |
Amazon IoT SiteWise added a new policy prefix, |
September 16, 2022 |
AWSIoTSiteWiseReadOnlyAccess – New policy |
Amazon IoT SiteWise added a new policy to grant read-only access to Amazon IoT SiteWise. |
November 24, 2021 |
Amazon IoT SiteWise started tracking changes |
Amazon IoT SiteWise started tracking changes for its Amazon managed policies. |
November 24, 2021 |