Device Shadow MQTT topics
The Device Shadow service uses reserved MQTT topics to enable devices and apps to get, update, or delete the state information for a device (shadow).
Publishing and subscribing on shadow topics requires topic-based authorization. AWS IoT
reserves the right to add new topics to the existing topic structure. For this reason,
we recommend that you avoid wild card subscriptions to shadow topics. For example, avoid
subscribing to topic filters like $aws/things/thingName/shadow/#
because
the number of topics that match this topic filter might increase as AWS IoT introduces new
shadow topics. For examples of the messages published on these topics see Interacting with shadows.
Shadows can be named or unnamed (classic). The topics used by each differ only in the topic prefix. This table shows the topic prefix used by each shadow type.
ShadowTopicPrefix value |
Shadow type |
---|---|
$aws/things/ |
Unnamed (classic) shadow |
$aws/things/ |
Named shadow |
To create a complete topic, select the
for the type of shadow
to which you want to refer, replace ShadowTopicPrefix
,
and thingName
if applicable, with their
corresponding values, and then append that with the topic stub as shown in the following
sections.shadowName
The following are the MQTT topics used for interacting with shadows.
Topics
/get
Publish an empty message to this topic to get the device's shadow:
ShadowTopicPrefix
/get
AWS IoT responds by publishing to either /get/accepted or /get/rejected.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish" ], "Resource": [ "arn:aws:iot:
region
:account
:topic/$aws/things/thingName
/shadow/get" ] } ] }
/get/accepted
AWS IoT publishes a response shadow document to this topic when returning the device's shadow:
ShadowTopicPrefix
/get/accepted
For more information, see Response state documents.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:
region
:account
:topicfilter/$aws/things/thingName
/shadow/get/accepted" ] }, { "Effect": "Allow", "Action": [ "iot:Receive" ], "Resource": [ "arn:aws:iot:region
:account
:topic/$aws/things/thingName
/shadow/get/accepted" ] } ] }
/get/rejected
AWS IoT publishes an error response document to this topic when it can't return the device's shadow:
ShadowTopicPrefix
/get/rejected
For more information, see Error response document.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:
region
:account
:topicfilter/$aws/things/thingName
/shadow/get/rejected" ] }, { "Action": [ "iot:Receive" ], "Resource": [ "arn:aws:iot:region
:account
:topic/$aws/things/thingName
/shadow/get/rejected" ] } ] }
/update
Publish a request state document to this topic to update the device's shadow:
ShadowTopicPrefix
/update
The message body contains a partial request state document.
A client attempting to update the state of a device would send a JSON request
state document with the desired
property such as this:
{ "state": { "desired": { "color": "red", "power": "on" } } }
A device updating its shadow would send a JSON request state document with the
reported
property, such as this:
{ "state": { "reported": { "color": "red", "power": "on" } } }
AWS IoT responds by publishing to either /update/accepted or /update/rejected.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish" ], "Resource": [ "arn:aws:iot:
region
:account
:topic/$aws/things/thingName
/shadow/update" ] } ] }
/update/delta
AWS IoT publishes a response state document to this topic when it accepts a change
for the device's shadow, and the request state document contains different values
for desired
and reported
states:
ShadowTopicPrefix
/update/delta
The message buffer contains a /delta response state document.
Message body details
-
A message published on
update/delta
includes only the desired attributes that differ between thedesired
andreported
sections. It contains all of these attributes, regardless of whether these attributes were contained in the current update message or were already stored in AWS IoT. Attributes that do not differ between thedesired
andreported
sections are not included. -
If an attribute is in the
reported
section but has no equivalent in thedesired
section, it is not included. -
If an attribute is in the
desired
section but has no equivalent in thereported
section, it is included. -
If an attribute is deleted from the
reported
section but still exists in thedesired
section, it is included.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:
region
:account
:topicfilter/$aws/things/thingName
/shadow/update/delta" ] }, { "Effect": "Allow", "Action": [ "iot:Receive" ], "Resource": [ "arn:aws:iot:region
:account
:topic/$aws/things/thingName
/shadow/update/delta" ] } ] }
/update/accepted
AWS IoT publishes a response state document to this topic when it accepts a change for the device's shadow:
ShadowTopicPrefix
/update/accepted
The message buffer contains a /accepted response state document.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:
region
:account
:topicfilter/$aws/things/thingName
/shadow/update/accepted" ] }, { "Effect": "Allow", "Action": [ "iot:Receive" ], "Resource": [ "arn:aws:iot:region
:account
:topic/$aws/things/thingName
/shadow/update/accepted" ] } ] }
/update/documents
AWS IoT publishes a state document to this topic whenever an update to the shadow is successfully performed:
ShadowTopicPrefix
/update/documents
The message body contains a /documents response state document.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:
region
:account
:topicfilter/$aws/things/thingName
/shadow/update/documents" ] }, { "Effect": "Allow", "Action": [ "iot:Receive" ], "Resource": [ "arn:aws:iot:region
:account
:topic/$aws/things/thingName
/shadow/update/documents" ] } ] }
/update/rejected
AWS IoT publishes an error response document to this topic when it rejects a change for the device's shadow:
ShadowTopicPrefix
/update/rejected
The message body contains an Error response document.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:
region
:account
:topicfilter/$aws/things/thingName
/shadow/update/rejected" ] }, { "Effect": "Allow", "Action": [ "iot:Receive" ], "Resource": [ "arn:aws:iot:region
:account
:topic/$aws/things/thingName
/shadow/update/rejected" ] } ] }
/delete
To delete a device's shadow, publish an empty message to the delete topic:
ShadowTopicPrefix
/delete
The content of the message is ignored.
Note that deleting a shadow does not reset its version number to 0.
AWS IoT responds by publishing to either /delete/accepted or /delete/rejected.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish" ], "Resource": [ "arn:aws:iot:
region
:account
:topic/$aws/things/thingName
/shadow/delete" ] } ] }
/delete/accepted
AWS IoT publishes a message to this topic when a device's shadow is deleted:
ShadowTopicPrefix
/delete/accepted
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:
region
:account
:topicfilter/$aws/things/thingName
/shadow/delete/accepted" ] }, { "Effect": "Allow", "Action": [ "iot:Receive" ], "Resource": [ "arn:aws:iot:region
:account
:topic/$aws/things/thingName
/shadow/delete/accepted" ] } ] }
/delete/rejected
AWS IoT publishes an error response document to this topic when it can't delete the device's shadow:
ShadowTopicPrefix
/delete/rejected
The message body contains an Error response document.
Example policy
The following is an example of the required policy:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:
region
:account
:topicfilter/$aws/things/thingName
/shadow/delete/rejected" ] }, { "Effect": "Allow", "Action": [ "iot:Receive" ], "Resource": [ "arn:aws:iot:region
:account
:topic/$aws/things/thingName
/shadow/delete/rejected" ] } ] }