AWS IoT Core policy variables - AWS IoT Core

AWS IoT Core policy variables

AWS IoT Core defines policy variables that can be used in AWS IoT Core policies in the Resource or Condition block. When a policy is evaluated, the policy variables are replaced by actual values. For example, if a device is connected to the AWS IoT Core message broker with a client ID of 100-234-3456, the iot:ClientId policy variable is replaced in the policy document by 100-234-3456.

AWS IoT Core policies can use wildcard characters and follow a similar convention to IAM policies. Inserting an * (asterik) in the string can be treated as a wildcard, matching any characters. For example, you can use * to describe multiple MQTT topic names in the Resource attribute of a policy. The characters + and # are treated as literal strings in a policy. For an example policy that shows how to use wildcards, see Using wildcard characters in MQTT and AWS IoT Core policies.

You can also use predefined policy variables with fixed values to represent characters that otherwise have special meaning. These special characters include $(*), $(?), and $($). For more information about policy variables and the special characters, see IAM Policy elements: Variables and tags and Creating a condition with multiple keys or values.