IAM users, groups, and roles
IAM users, groups, and roles are the standard mechanisms for managing identity and authentication in Amazon. You can use them to connect to Amazon IoT HTTP interfaces using the Amazon SDK and Amazon CLI.
IAM roles also allow Amazon IoT to access other Amazon resources in your account on your behalf. For example, if you want to have a device publish its state to a DynamoDB table, IAM roles allow Amazon IoT to interact with Amazon DynamoDB. For more information, see IAM Roles.
For message broker connections over HTTP, Amazon IoT authenticates users, groups, and roles using the Signature Version 4 signing process. For information, see Signing Amazon API Requests.
When using Amazon Signature Version 4 with Amazon IoT, clients must support the following in their TLS implementation:
-
TLS 1.2
-
SHA-256 RSA certificate signature validation
-
One of the cipher suites from the TLS cipher suite support section
For information, see Identity and access management for Amazon IoT.