AWS IoT Core action resources - AWS IoT Core

AWS IoT Core action resources

To specify a resource for an AWS IoT Core policy action, use the Amazon Resource Name (ARN) of the resource. All resource ARNs follow the following format:

arn:partition:iot:region:AWS-account-ID:Resource-type/Resource-name

The following table shows the resource to specify for each action type. The ARN examples are for the account ID 123456789012, in the partition aws, and specific to the region us-east-1. For more information about the formats for ARNs, see Amazon Resource Names (ARNs) from the AWS Identity and Access Management User Guide.

Action Resource type Resource name ARN example
iot:Connect client

The client's client ID

arn:aws:iot:us-east-1:123456789012:client/myClientId
iot:DeleteThingShadow thing

The thing's name, and the shadow's name, if applicable

arn:aws:iot:us-east-1:123456789012:thing/thingOne arn:aws:iot:us-east-1:123456789012:thing/thingOne/shadowOne
iotjobsdata:DescribeJobExecution thing

The thing's name

arn:aws:iot:us-east-1:123456789012:thing/thingOne
iotjobsdata:GetPendingJobExecutions thing

The thing's name

arn:aws:iot:us-east-1:123456789012:thing/thingOne
iot:GetRetainedMessage topic

A retained message topic

arn:aws:iot:us-east-1:123456789012:topic/myTopicName
iot:GetThingShadow thing

The thing's name, and the shadow's name, if applicable

arn:aws:iot:us-east-1:123456789012:thing/thingOne arn:aws:iot:us-east-1:123456789012:thing/thingOne/shadowOne
iot:ListNamedShadowsForThing All All *
iot:ListRetainedMessages All All *
iot:Publish topic

A topic string

arn:aws:iot:us-east-1:123456789012:topic/myTopicName
iot:Receive topic

A topic string

arn:aws:iot:us-east-1:123456789012:topic/myTopicName
iot:RetainPublish topic

A topic to publish with the RETAIN flag set

arn:aws:iot:us-east-1:123456789012:topic/myTopicName
iotjobsdata:StartNextPendingJobExecution thing

The thing's name

arn:aws:iot:us-east-1:123456789012:thing/thingOne
iot:Subscribe topicfilter A topic filter string arn:aws:iot:us-east-1:123456789012:topicfilter/myTopicFilter
iotjobsdata:UpdateJobExecution thing

The thing's name

arn:aws:iot:us-east-1:123456789012:thing/thingOne
iot:UpdateThingShadow thing

The thing's name, and the shadow's name, if applicable

arn:aws:iot:us-east-1:123456789012:thing/thingOne arn:aws:iot:us-east-1:123456789012:thing/thingOne/shadowOne
iot:AssumeRoleWithCertificate rolealias

A role alias that points to a role ARN

arn:aws:iot:us-east-1:123456789012:rolealias/CredentialProviderRole_alias