AWS IoT
Developer Guide

Connect Policy Examples

The following policy allows a set of client IDs to connect:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/clientid1", "arn:aws:iot:us-east-1:123456789012:client/clientid2", "arn:aws:iot:us-east-1:123456789012:client/clientid3" ] }, { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Subscribe", "iot:Receive" ], "Resource": [ "*" ] } ] }

The following policy prevents a set of client IDs from connecting:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/clientid1", "arn:aws:iot:us-east-1:123456789012:client/clientid2" ] }, { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "*" ] } ] }

The following policy allows the certificate holder using any client ID to subscribe to topic filter foo/*:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "*" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:topicfilter/foo/*" ] } ] }