CreateAccessPolicy
Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.
Request Syntax
POST /access-policies HTTP/1.1
Content-type: application/json
{
"accessPolicyIdentity": {
"group": {
"id": "string"
},
"iamRole": {
"arn": "string"
},
"iamUser": {
"arn": "string"
},
"user": {
"id": "string"
}
},
"accessPolicyPermission": "string",
"accessPolicyResource": {
"portal": {
"id": "string"
},
"project": {
"id": "string"
}
},
"clientToken": "string",
"tags": {
"string" : "string"
}
}URI Request Parameters
The request does not use any URI parameters.
Request Body
The request accepts the following data in JSON format.
- accessPolicyIdentity
-
The identity for this access policy. Choose an IAM Identity Center user, an IAM Identity Center group, or an IAM user.
Type: Identity object
Required: Yes
- accessPolicyPermission
-
The permission level for this access policy. Note that a project
ADMINISTRATORis also known as a project owner.Type: String
Valid Values:
ADMINISTRATOR | VIEWERRequired: Yes
- accessPolicyResource
-
The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.
Type: Resource object
Required: Yes
- clientToken
-
A unique case-sensitive identifier that you can provide to ensure the idempotency of the request. Don't reuse this client token if a new idempotent request is required.
Type: String
Length Constraints: Minimum length of 36. Maximum length of 64.
Pattern:
\S{36,64}Required: No
-
A list of key-value pairs that contain metadata for the access policy. For more information, see Tagging your AWS IoT SiteWise resources in the AWS IoT SiteWise User Guide.
Type: String to string map
Map Entries: Maximum number of 50 items.
Key Length Constraints: Minimum length of 1. Maximum length of 128.
Value Length Constraints: Minimum length of 0. Maximum length of 256.
Required: No
Response Syntax
HTTP/1.1 201
Content-type: application/json
{
"accessPolicyArn": "string",
"accessPolicyId": "string"
}Response Elements
If the action is successful, the service sends back an HTTP 201 response.
The following data is returned in JSON format by the service.
- accessPolicyArn
-
The ARN of the access policy, which has the following format.
arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}Type: String
Length Constraints: Minimum length of 1. Maximum length of 1600.
Pattern:
^arn:aws(-cn|-us-gov)?:[a-zA-Z0-9-:\/_\.]+$ - accessPolicyId
-
The ID of the access policy.
Type: String
Length Constraints: Fixed length of 36.
Pattern:
^[0-9a-f]{8}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{4}-[0-9a-f]{12}$
Errors
For information about the errors that are common to all actions, see Common Errors.
- InternalFailureException
-
AWS IoT SiteWise can't process your request right now. Try again later.
HTTP Status Code: 500
- InvalidRequestException
-
The request isn't valid. This can occur if your request contains malformed JSON or unsupported characters. Check your request and try again.
HTTP Status Code: 400
- LimitExceededException
-
You've reached the limit for a resource. For example, this can occur if you're trying to associate more than the allowed number of child assets or attempting to create more than the allowed number of properties for an asset model.
For more information, see Quotas in the AWS IoT SiteWise User Guide.
HTTP Status Code: 410
- ResourceNotFoundException
-
The requested resource can't be found.
HTTP Status Code: 404
- ThrottlingException
-
Your request exceeded a rate limit. For example, you might have exceeded the number of AWS IoT SiteWise assets that can be created per second, the allowed number of messages per second, and so on.
For more information, see Quotas in the AWS IoT SiteWise User Guide.
HTTP Status Code: 429
See Also
For more information about using this API in one of the language-specific AWS SDKs, see the following:
