Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Basic job policy example
This sample shows the policy statments required for a job target that's a
single device to receive a job request and communicate job execution status with
Amazon IoT.
Replace us-west-2:57EXAMPLE833 with your
Amazon Web Services Region, a colon character (:), and your 12-digit Amazon Web Services account number, and
then replace uniqueThingName with the name of the
thing resource that represents the device in Amazon IoT.
- JSON
-
-
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-west-2:111122223333:client/uniqueThingName"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish"
],
"Resource": [
"arn:aws:iot:us-west-2:111122223333:topic/test/dc/pubtopic",
"arn:aws:iot:us-west-2:111122223333:topic/$aws/events/job/*",
"arn:aws:iot:us-west-2:111122223333:topic/$aws/events/jobExecution/*",
"arn:aws:iot:us-west-2:111122223333:topic/$aws/things/uniqueThingName/jobs/*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-west-2:111122223333:topicfilter/test/dc/subtopic",
"arn:aws:iot:us-west-2:111122223333:topicfilter/$aws/events/jobExecution/*",
"arn:aws:iot:us-west-2:111122223333:topicfilter/$aws/things/uniqueThingName/jobs/*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-west-2:111122223333:topic/test/dc/subtopic",
"arn:aws:iot:us-west-2:111122223333:topic/$aws/things/uniqueThingName/jobs/*"
]
},
{
"Effect": "Allow",
"Action": [
"iotjobsdata:DescribeJobExecution",
"iotjobsdata:GetPendingJobExecutions",
"iotjobsdata:StartNextPendingJobExecution",
"iotjobsdata:UpdateJobExecution"
],
"Resource": [
"arn:aws:iot:us-west-2:111122223333:topic/$aws/things/uniqueThingName"
]
}
]
}