Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Securing users and devices with Amazon IoT Jobs

To authorize users to use Amazon IoT Jobs with their devices, you must grant them permissions by using IAM policies. The devices must then be authorized by using Amazon IoT Core policies to connect securely to Amazon IoT, receive job executions, and update the execution status.

Required policy type for Amazon IoT Jobs

The following table shows the different types of policies that you must use for authorization. For more information about the required policy to use, see Authorization.

To authorize Amazon IoT Jobs operations that can be performed both on the control plane and data plane, you must use IAM policies. The identities must have been authenticated with Amazon IoT to perform these operations, which must be Amazon Cognito identities or IAM users, groups, and roles. For more information about authentication, see Authentication.

The devices must now be authorized on the data plane by using Amazon IoT Core policies to connect securely to the device gateway. The device gateway enables devices to securely communicate with Amazon IoT, receive job executions, and update the job execution status. Device communication is secured by using secure MQTT or HTTPS communication protocols. These protocols use X.509 client certificates that are provided by Amazon IoT to authenticate the device connections.

The following shows how you authorize your users, cloud services, and devices to use Amazon IoT Jobs. For information about control plane and data plane API operations, see Amazon IoT jobs API operations.