Tagging your rules - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Tagging your rules

To add another layer of specificity to your new or existing rules, you can apply tagging. Tagging leverages key-value pairs in your rules to provide you with greater control over how and where your rules are applied to your Amazon IoT resources and services. For example, you can limit the scope of your rule to only apply in your beta environment for pre release testing (Key=environment, Value=beta) or capturing all messages sent to the iot/test topic from a specific endpoint only and storing them in an Amazon S3 bucket.

For an example that shows how to grant tagging permissions for a rule, consider a user that runs the following command to create a rule and tag it to apply only to their beta environment.

In the example, replace:

  • MyTopicRuleName with the name of the rule.

  • myrule.json with the name of the policy document.

aws iot create-topic-rule --rule-name MyTopicRuleName --topic-rule-payload file://myrule.json --tags "environment=beta"

For this example, you must use the following IAM policy:

{ "Version": "2012-10-17", "Statement": { "Action": [ "iot:CreateTopicRule", "iot:TagResource" ], "Effect": "Allow", "Resource": [ "arn:aws:iot:us-east-1:123456789012:rule/MyTopicRuleName" ] } }

The above example shows a newly created rule called MyTopicRuleName that applies only to your beta environment. The iot:TagResource in the policy statement with MyTopicRuleName specifically called out allows tagging when creating or updating MyTopicRuleName. The parameter --tags "environment=beta" used when creating the rule limits the scope of MyTopicRuleName to only your beta environment. If you remove the parameter --tags "environment=beta", then MyTopicRuleName will apply to all environments.

For more information on creating IAM roles and policies specific to an Amazon IoT rule, see Granting an Amazon IoT rule the access it requires

For general information about tagging your resources, see Tagging your Amazon IoT resources.