Create a VPC endpoint policy for Amazon IoT SiteWise

You can attach an endpoint policy to your VPC endpoint that controls access to Amazon IoT SiteWise. The policy specifies the following information:

The principal that can perform operations.
The operations that can be performed.
The resources on which operations can be performed.

For more information, see Control access to VPC endpoints using endpoint policies in the Amazon VPC User Guide.

Example: VPC endpoint policy for Amazon IoT SiteWise actions

The following is an example of an endpoint policy for Amazon IoT SiteWise. When attached to an endpoint, this policy grants access to the listed Amazon IoT SiteWise actions for the user iotsitewiseadmin in Amazon account 123456789012 on the specified asset.


{
    "Statement": [
        {
            "Action": [
                "iotsitewise:CreateAsset",
                "iotsitewise:ListGateways",
                "iotsitewise:ListTagsForResource"
            ],
            "Effect": "Allow",
            "Resource": "arn:aws-cn:iotsitewise:cn-north-1:123456789012:asset/a1b2c3d4-5678-90ab-cdef-33333EXAMPLE",
            "Principal": {
                "AWS": [
                    "123456789012:user/iotsitewiseadmin"
                ]
            }
        }
    ]
}

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Access Amazon IoT SiteWise through an interface VPC endpoint

Security best practices