Select your cookie preferences

We use essential cookies and similar tools that are necessary to provide our site and services. We use performance cookies to collect anonymous statistics, so we can understand how customers use our site and make improvements. Essential cookies cannot be deactivated, but you can choose “Customize” or “Decline” to decline performance cookies.

If you agree, AWS and approved third parties will also use cookies to provide useful site features, remember your preferences, and display relevant content, including relevant advertising. To accept or decline all non-essential cookies, choose “Accept” or “Decline.” To make more detailed choices, choose “Customize.”

Permissions and policies

Focus mode
Permissions and policies - AWS IoT Core

You can use the following tests to determine if the policies attached to your devices’ certificates follow standard best practices.

MQTT over WebSocket is not supported at this time.

"Device certificate attached policies don’t contain wildcards"

Validates if the permission policies associated with a device follow best practices and do not grant the device more permissions than needed.

API test case definition:

Note

EXECUTION_TIMEOUT has a default value of 1 minute. We recommend setting a timeout of at least 30 seconds.

"tests":[ { "name":"my_security_device_policies", "configuration": { // optional: "EXECUTION_TIMEOUT":"60" // in seconds }, "test": { "id": "Security_Device_Policies", "version": "0.0.0" } } ]
PrivacySite termsCookie preferences
© 2025, Amazon Web Services, Inc. or its affiliates. All rights reserved.