Attach a thing or policy to a client certificate - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Attach a thing or policy to a client certificate

When you create and register a certificate separate from an Amazon IoT thing, it will not have any policies that authorize any Amazon IoT operations, nor will it be associated with any Amazon IoT thing object. This section describes how to add these relationships to a registered certificate.

Important

To complete these procedures, you must have already created the thing or policy that you want to attach to the certificate.

The certificate authenticates a device with Amazon IoT so that it can connect. Attaching the certificate to a thing resource establishes the relationship between the device (by way of the certificate) and the thing resource. To authorize the device to perform Amazon IoT actions, such as to allow the device to connect and publish messages, an appropriate policy must be attached to the device's certificate.

Attach a thing to a client certificate (console)

You will need the name of the thing object to complete this procedure.

To attach a thing object to a registered certificate
  1. Sign in to the Amazon Management Console and open the Amazon IoT console.

  2. In the left navigation pane, choose Secure, choose Certificates.

  3. In the list of certificates, locate the certificate to which you want to attach a policy, open the certificate's option menu by choosing the ellipsis icon, and choose Attach thing.

  4. In the pop-up, locate the name of the thing you want to attach to the certificate, choose its check box, and choose Attach.

The thing object should now appear in the list of things on the certificate's details page.

Attach a policy to a client certificate (console)

You will need the name of the policy object to complete this procedure.

To attach a policy object to a registered certificate
  1. Sign in to the Amazon Management Console and open the Amazon IoT console.

  2. In the left navigation pane, choose Secure, choose Certificates.

  3. In the list of certificates, locate the certificate to which you want to attach a policy, open the certificate's option menu by choosing the ellipsis icon, and choose Attach policy.

  4. In the pop-up, locate the name of the policy you want to attach to the certificate, choose its check box, and choose Attach.

The policy object should now appear in the list of policies on the certificate's details page.

Attach a thing to a client certificate (CLI)

The Amazon CLI provides the attach-thing-principal command to attach a thing object to a certificate.

aws iot attach-thing-principal \ --principal certificateArn \ --thing-name thingName

Attach a policy to a client certificate (CLI)

The Amazon CLI provides the attach-policy command to attach a policy object to a certificate.

aws iot attach-policy \ --target certificateArn \ --policy-name policyName