IAM users, groups, and roles - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

IAM users, groups, and roles

IAM users, groups, and roles are the standard mechanisms for managing identity and authentication in Amazon. You can use them to connect to Amazon IoT HTTP interfaces using the Amazon SDK and Amazon CLI.

IAM roles also allow Amazon IoT to access other Amazon resources in your account on your behalf. For example, if you want to have a device publish its state to a DynamoDB table, IAM roles allow Amazon IoT to interact with Amazon DynamoDB. For more information, see IAM Roles.

For message broker connections over HTTP, Amazon IoT authenticates users, groups, and roles using the Signature Version 4 signing process. For information, see Signing Amazon API Requests.

When using Amazon Signature Version 4 with Amazon IoT, clients must support the following in their TLS implementation:

  • TLS 1.2

  • SHA-256 RSA certificate signature validation

  • One of the cipher suites from the TLS cipher suite support section

For information, see Identity and access management for Amazon IoT.