Action permissions for AWS IoT Events

AWS IoT Events enables you to trigger actions which use other AWS services. To do so, you must grant AWS IoT Events permission to perform these actions on your behalf. This section contains a list of the actions and an example policy which grants permission to perform all these actions on your resources. Change the region and account-id references as required. When possible, you should also change the wildcards (*) to refer to specific resources that will be accessed. You can use the IAM console to grant permission to AWS IoT Events to send an Amazon SNS alert that you have defined. .

AWS IoT Events supports the following actions that let you use a timer or set a variable:

setTimer to create a timer.
resetTimer to reset the timer.
clearTimer to delete the timer.
setVariable to create a variable.

AWS IoT Events supports the following actions that let you work with AWS services:

iotTopicPublish to publish a message on an MQTT topic.
iotEvents to send data to AWS IoT Events as an input value.
iotSiteWise to send data to an asset property in AWS IoT SiteWise.
dynamoDB to send data to an Amazon DynamoDB table.
dynamoDBv2 to send data to an Amazon DynamoDB table.
firehose to send data to an Amazon Data Firehose stream.
lambda to invoke an AWS Lambda function.
sns to send data as a push notification.
sqs to send data to an Amazon SQS queue.

Example Policy


{
   "Version": "2012-10-17",
   "Statement": [
     {
       "Effect": "Allow",
       "Action": "iot:Publish",
       "Resource": "arn:aws:iot:<region>:<account_id>:topic/*"
     },
     {
       "Effect": "Allow",
       "Action": "iotevents:BatchPutMessage",
       "Resource": "arn:aws:iotevents:<region>:<account_id>:input/*"
     },
     {
       "Effect": "Allow",
       "Action": "iotsitewise:BatchPutAssetPropertyValue",
       "Resource": "*"
     },
     {
       "Effect": "Allow",
       "Action": "dynamodb:PutItem",
       "Resource": "arn:aws:dynamodb:<region>:<account_id>:table/*"
     },
     {
       "Effect": "Allow",
       "Action": [
         "firehose:PutRecord",
         "firehose:PutRecordBatch"
       ],
       "Resource": "arn:aws:firehose:<region>:<account_id>:deliverystream/*"
     },
     {
       "Effect": "Allow",
       "Action": "lambda:InvokeFunction",
       "Resource": "arn:aws:lambda:<region>:<account_id>:function:*"
     },
     {
       "Effect": "Allow",
       "Action": "sns:Publish",
       "Resource": "arn:aws:sns:<region>:<account_id>:*"
     },
     {
       "Effect": "Allow",
       "Action": "sqs:SendMessage",
       "Resource": "arn:aws:sqs:<region>:<account_id>:*"
     }
   ]
}

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Setting up permissions for AWS IoT Events

Securing input data