This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html).

# AWS::IoTSiteWise::AccessPolicy
<a name="aws-resource-iotsitewise-accesspolicy"></a>

**Important**  
The AWS IoT SiteWise Monitor feature will no longer be open to new customers starting November 7, 2025 . If you would like to use the AWS IoT SiteWise Monitor feature, sign up prior to that date. Existing customers can continue to use the service as normal. For more information, see [AWS IoT SiteWise Monitor availability change](https://docs.aws.amazon.com/iot-sitewise/latest/appguide/iotsitewise-monitor-availability-change.html).

Creates an access policy that grants the specified identity (IAM Identity Center user, IAM Identity Center group, or IAM user) access to the specified AWS IoT SiteWise Monitor portal or project resource.

**Note**  
Support for access policies that use an SSO Group as the identity is not supported at this time.

## Syntax
<a name="aws-resource-iotsitewise-accesspolicy-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-resource-iotsitewise-accesspolicy-syntax.json"></a>

```
{
  "Type" : "AWS::IoTSiteWise::AccessPolicy",
  "Properties" : {
      "[AccessPolicyIdentity](#cfn-iotsitewise-accesspolicy-accesspolicyidentity)" : AccessPolicyIdentity,
      "[AccessPolicyPermission](#cfn-iotsitewise-accesspolicy-accesspolicypermission)" : String,
      "[AccessPolicyResource](#cfn-iotsitewise-accesspolicy-accesspolicyresource)" : AccessPolicyResource
    }
}
```

### YAML
<a name="aws-resource-iotsitewise-accesspolicy-syntax.yaml"></a>

```
Type: AWS::IoTSiteWise::AccessPolicy
Properties:
  [AccessPolicyIdentity](#cfn-iotsitewise-accesspolicy-accesspolicyidentity): 
    AccessPolicyIdentity
  [AccessPolicyPermission](#cfn-iotsitewise-accesspolicy-accesspolicypermission): String
  [AccessPolicyResource](#cfn-iotsitewise-accesspolicy-accesspolicyresource): 
    AccessPolicyResource
```

## Properties
<a name="aws-resource-iotsitewise-accesspolicy-properties"></a>

`AccessPolicyIdentity`  <a name="cfn-iotsitewise-accesspolicy-accesspolicyidentity"></a>
The identity for this access policy. Choose an IAM Identity Center user, an IAM Identity Center group, or an IAM user.  
*Required*: Yes  
*Type*: [AccessPolicyIdentity](aws-properties-iotsitewise-accesspolicy-accesspolicyidentity.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`AccessPolicyPermission`  <a name="cfn-iotsitewise-accesspolicy-accesspolicypermission"></a>
The permission level for this access policy. Note that a project `ADMINISTRATOR` is also known as a project owner.  
*Required*: Yes  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`AccessPolicyResource`  <a name="cfn-iotsitewise-accesspolicy-accesspolicyresource"></a>
The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.  
*Required*: Yes  
*Type*: [AccessPolicyResource](aws-properties-iotsitewise-accesspolicy-accesspolicyresource.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

## Return values
<a name="aws-resource-iotsitewise-accesspolicy-return-values"></a>

### Ref
<a name="aws-resource-iotsitewise-accesspolicy-return-values-ref"></a>

When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the `AccessPolicyId`.

### Fn::GetAtt
<a name="aws-resource-iotsitewise-accesspolicy-return-values-fn--getatt"></a>

The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values.

For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html).

#### 
<a name="aws-resource-iotsitewise-accesspolicy-return-values-fn--getatt-fn--getatt"></a>

`AccessPolicyArn`  <a name="AccessPolicyArn-fn::getatt"></a>
The [ARN](https://docs.aws.amazon.com/general/latest/gr/aws-arns-and-namespaces.html) of the access policy, which has the following format.  
 `arn:${Partition}:iotsitewise:${Region}:${Account}:access-policy/${AccessPolicyId}`   
For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html).

`AccessPolicyId`  <a name="AccessPolicyId-fn::getatt"></a>
The ID of the access policy.  
For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html).

# AWS::IoTSiteWise::AccessPolicy AccessPolicyIdentity
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyidentity"></a>

The identity (IAM Identity Center user, IAM Identity Center group, or IAM user) to which this access policy applies.

## Syntax
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyidentity-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyidentity-syntax.json"></a>

```
{
  "[IamRole](#cfn-iotsitewise-accesspolicy-accesspolicyidentity-iamrole)" : IamRole,
  "[IamUser](#cfn-iotsitewise-accesspolicy-accesspolicyidentity-iamuser)" : IamUser,
  "[User](#cfn-iotsitewise-accesspolicy-accesspolicyidentity-user)" : User
}
```

### YAML
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyidentity-syntax.yaml"></a>

```
  [IamRole](#cfn-iotsitewise-accesspolicy-accesspolicyidentity-iamrole): 
    IamRole
  [IamUser](#cfn-iotsitewise-accesspolicy-accesspolicyidentity-iamuser): 
    IamUser
  [User](#cfn-iotsitewise-accesspolicy-accesspolicyidentity-user): 
    User
```

## Properties
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyidentity-properties"></a>

`IamRole`  <a name="cfn-iotsitewise-accesspolicy-accesspolicyidentity-iamrole"></a>
An IAM role identity.  
*Required*: No  
*Type*: [IamRole](aws-properties-iotsitewise-accesspolicy-iamrole.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`IamUser`  <a name="cfn-iotsitewise-accesspolicy-accesspolicyidentity-iamuser"></a>
An IAM user identity.  
*Required*: No  
*Type*: [IamUser](aws-properties-iotsitewise-accesspolicy-iamuser.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`User`  <a name="cfn-iotsitewise-accesspolicy-accesspolicyidentity-user"></a>
An IAM Identity Center user identity.  
*Required*: No  
*Type*: [User](aws-properties-iotsitewise-accesspolicy-user.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoTSiteWise::AccessPolicy AccessPolicyResource
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyresource"></a>

The AWS IoT SiteWise Monitor resource for this access policy. Choose either a portal or a project.

## Syntax
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyresource-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyresource-syntax.json"></a>

```
{
  "[Portal](#cfn-iotsitewise-accesspolicy-accesspolicyresource-portal)" : Portal,
  "[Project](#cfn-iotsitewise-accesspolicy-accesspolicyresource-project)" : Project
}
```

### YAML
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyresource-syntax.yaml"></a>

```
  [Portal](#cfn-iotsitewise-accesspolicy-accesspolicyresource-portal): 
    Portal
  [Project](#cfn-iotsitewise-accesspolicy-accesspolicyresource-project): 
    Project
```

## Properties
<a name="aws-properties-iotsitewise-accesspolicy-accesspolicyresource-properties"></a>

`Portal`  <a name="cfn-iotsitewise-accesspolicy-accesspolicyresource-portal"></a>
Identifies an AWS IoT SiteWise Monitor portal.  
*Required*: No  
*Type*: [Portal](aws-properties-iotsitewise-accesspolicy-portal.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

`Project`  <a name="cfn-iotsitewise-accesspolicy-accesspolicyresource-project"></a>
Identifies a specific AWS IoT SiteWise Monitor project.  
*Required*: No  
*Type*: [Project](aws-properties-iotsitewise-accesspolicy-project.md)  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoTSiteWise::AccessPolicy IamRole
<a name="aws-properties-iotsitewise-accesspolicy-iamrole"></a>

Contains information about an AWS Identity and Access Management role. For more information, see [IAM roles](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles.html) in the *IAM User Guide*.

## Syntax
<a name="aws-properties-iotsitewise-accesspolicy-iamrole-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iotsitewise-accesspolicy-iamrole-syntax.json"></a>

```
{
  "[arn](#cfn-iotsitewise-accesspolicy-iamrole-arn)" : String
}
```

### YAML
<a name="aws-properties-iotsitewise-accesspolicy-iamrole-syntax.yaml"></a>

```
  [arn](#cfn-iotsitewise-accesspolicy-iamrole-arn): String
```

## Properties
<a name="aws-properties-iotsitewise-accesspolicy-iamrole-properties"></a>

`arn`  <a name="cfn-iotsitewise-accesspolicy-iamrole-arn"></a>
The ARN of the IAM role. For more information, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide*.  
*Required*: No  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoTSiteWise::AccessPolicy IamUser
<a name="aws-properties-iotsitewise-accesspolicy-iamuser"></a>

Contains information about an AWS Identity and Access Management user.

## Syntax
<a name="aws-properties-iotsitewise-accesspolicy-iamuser-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iotsitewise-accesspolicy-iamuser-syntax.json"></a>

```
{
  "[arn](#cfn-iotsitewise-accesspolicy-iamuser-arn)" : String
}
```

### YAML
<a name="aws-properties-iotsitewise-accesspolicy-iamuser-syntax.yaml"></a>

```
  [arn](#cfn-iotsitewise-accesspolicy-iamuser-arn): String
```

## Properties
<a name="aws-properties-iotsitewise-accesspolicy-iamuser-properties"></a>

`arn`  <a name="cfn-iotsitewise-accesspolicy-iamuser-arn"></a>
The ARN of the IAM user. For more information, see [IAM ARNs](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_identifiers.html) in the *IAM User Guide*.  
If you delete the IAM user, access policies that contain this identity include an empty `arn`. You can delete the access policy for the IAM user that no longer exists.
*Required*: No  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoTSiteWise::AccessPolicy Portal
<a name="aws-properties-iotsitewise-accesspolicy-portal"></a>

Identifies an AWS IoT SiteWise Monitor portal.

## Syntax
<a name="aws-properties-iotsitewise-accesspolicy-portal-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iotsitewise-accesspolicy-portal-syntax.json"></a>

```
{
  "[id](#cfn-iotsitewise-accesspolicy-portal-id)" : String
}
```

### YAML
<a name="aws-properties-iotsitewise-accesspolicy-portal-syntax.yaml"></a>

```
  [id](#cfn-iotsitewise-accesspolicy-portal-id): String
```

## Properties
<a name="aws-properties-iotsitewise-accesspolicy-portal-properties"></a>

`id`  <a name="cfn-iotsitewise-accesspolicy-portal-id"></a>
The ID of the portal.  
*Required*: No  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoTSiteWise::AccessPolicy Project
<a name="aws-properties-iotsitewise-accesspolicy-project"></a>

Identifies a specific AWS IoT SiteWise Monitor project.

## Syntax
<a name="aws-properties-iotsitewise-accesspolicy-project-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iotsitewise-accesspolicy-project-syntax.json"></a>

```
{
  "[id](#cfn-iotsitewise-accesspolicy-project-id)" : String
}
```

### YAML
<a name="aws-properties-iotsitewise-accesspolicy-project-syntax.yaml"></a>

```
  [id](#cfn-iotsitewise-accesspolicy-project-id): String
```

## Properties
<a name="aws-properties-iotsitewise-accesspolicy-project-properties"></a>

`id`  <a name="cfn-iotsitewise-accesspolicy-project-id"></a>
The ID of the project.  
*Required*: No  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)

# AWS::IoTSiteWise::AccessPolicy User
<a name="aws-properties-iotsitewise-accesspolicy-user"></a>

Contains information for a user identity in an access policy.

## Syntax
<a name="aws-properties-iotsitewise-accesspolicy-user-syntax"></a>

To declare this entity in your CloudFormation template, use the following syntax:

### JSON
<a name="aws-properties-iotsitewise-accesspolicy-user-syntax.json"></a>

```
{
  "[id](#cfn-iotsitewise-accesspolicy-user-id)" : String
}
```

### YAML
<a name="aws-properties-iotsitewise-accesspolicy-user-syntax.yaml"></a>

```
  [id](#cfn-iotsitewise-accesspolicy-user-id): String
```

## Properties
<a name="aws-properties-iotsitewise-accesspolicy-user-properties"></a>

`id`  <a name="cfn-iotsitewise-accesspolicy-user-id"></a>
The IAM Identity Center ID of the user.  
*Required*: No  
*Type*: String  
*Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt)