{ "typeName" : "AWS::IoTSiteWise::AccessPolicy", "description" : "Resource schema for AWS::IoTSiteWise::AccessPolicy", "sourceUrl" : "https://github.com/aws-cloudformation/aws-cloudformation-resource-providers-IoTSiteWise.git", "definitions" : { "User" : { "description" : "Contains information for a user identity in an access policy.", "type" : "object", "additionalProperties" : false, "properties" : { "id" : { "description" : "The AWS SSO ID of the user.", "type" : "string" } } }, "IamUser" : { "description" : "Contains information for an IAM user identity in an access policy.", "type" : "object", "additionalProperties" : false, "properties" : { "arn" : { "description" : "The ARN of the IAM user.", "type" : "string" } } }, "IamRole" : { "description" : "Contains information for an IAM role identity in an access policy.", "type" : "object", "additionalProperties" : false, "properties" : { "arn" : { "description" : "The ARN of the IAM role.", "type" : "string" } } }, "Portal" : { "description" : "A portal resource.", "type" : "object", "additionalProperties" : false, "properties" : { "id" : { "description" : "The ID of the portal.", "type" : "string" } } }, "Project" : { "description" : "A project resource.", "type" : "object", "additionalProperties" : false, "properties" : { "id" : { "description" : "The ID of the project.", "type" : "string" } } }, "AccessPolicyIdentity" : { "description" : "The identity for this access policy. Choose either an SSO user or group or an IAM user or role.", "type" : "object", "additionalProperties" : false, "properties" : { "User" : { "$ref" : "#/definitions/User" }, "IamUser" : { "$ref" : "#/definitions/IamUser" }, "IamRole" : { "$ref" : "#/definitions/IamRole" } } }, "AccessPolicyResource" : { "description" : "The AWS IoT SiteWise Monitor resource for this access policy. Choose either portal or project but not both.", "type" : "object", "additionalProperties" : false, "properties" : { "Portal" : { "$ref" : "#/definitions/Portal" }, "Project" : { "$ref" : "#/definitions/Project" } } } }, "properties" : { "AccessPolicyId" : { "description" : "The ID of the access policy.", "type" : "string" }, "AccessPolicyArn" : { "description" : "The ARN of the access policy.", "type" : "string" }, "AccessPolicyIdentity" : { "description" : "The identity for this access policy. Choose either a user or a group but not both.", "$ref" : "#/definitions/AccessPolicyIdentity" }, "AccessPolicyPermission" : { "description" : "The permission level for this access policy. Valid values are ADMINISTRATOR or VIEWER.", "type" : "string" }, "AccessPolicyResource" : { "description" : "The AWS IoT SiteWise Monitor resource for this access policy. Choose either portal or project but not both.", "$ref" : "#/definitions/AccessPolicyResource" } }, "additionalProperties" : false, "taggable" : false, "required" : [ "AccessPolicyIdentity", "AccessPolicyPermission", "AccessPolicyResource" ], "readOnlyProperties" : [ "/properties/AccessPolicyArn", "/properties/AccessPolicyId" ], "primaryIdentifier" : [ "/properties/AccessPolicyId" ], "handlers" : { "create" : { "permissions" : [ "iotsitewise:CreateAccessPolicy" ] }, "read" : { "permissions" : [ "iotsitewise:DescribeAccessPolicy" ] }, "update" : { "permissions" : [ "iotsitewise:DescribeAccessPolicy", "iotsitewise:UpdateAccessPolicy" ] }, "delete" : { "permissions" : [ "iotsitewise:DeleteAccessPolicy" ] }, "list" : { "permissions" : [ "iotsitewise:ListAccessPolicies" ] } } }