Developer Guide

The AWS Documentation website is getting a new look!
Try it now and let us know what you think. Switch to the new look >>

You can return to the original look by selecting English in the language selector above.

Example Policies

AWS IoT policies are specified in a JSON document. These are the components of an AWS IoT policy:


Must be set to "2012-10-17".


Must be set to "Allow" or "Deny".


Must be set to "iot:operation-name" where operation-name is one of the following:

"iot:Connect": Connect to AWS IoT.

"iot:Receive": Receive messages from AWS IoT.

"iot:Publish": MQTT publish.

"iot:Subscribe": MQTT subscribe.

"iot:UpdateThingShadow": Update a device's shadow.

"iot:GetThingShadow": Retrieve a device's shadow.

"iot:DeleteThingShadow": Delete a device's shadow.


Must be set to one of the following:

Client: arn:aws:iot:region:account-id:client/client-id

Topic ARN: arn:aws:iot:region:account-id:topic/topic-name

Topic filter ARN: arn:aws:iot:region:account-id:topicfilter/topic-filter