Step 1: Create the Amazon IoT policy - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Step 1: Create the Amazon IoT policy

Create an Amazon IoT policy that allows your Raspberry Pi to connect and send messages to Amazon IoT.

  1. In the Amazon IoT console, if a Get started button appears, choose it. Otherwise, in the navigation pane, expand Security, and then choose Policies.

  2. If a You don't have any policies yet dialog box appears, choose Create a policy. Otherwise, choose Create.

  3. Enter a name for the Amazon IoT policy (for example, MoistureSensorPolicy).

  4. In the Add statements section, replace the existing policy with the following JSON. Replace region and account with your Amazon Web Services Region and Amazon Web Services account number.

    {
   "Version": "2012-10-17",
   "Statement": [{
         "Effect": "Allow",
         "Action": "iot:Connect",
         "Resource": "arn:aws:iot:region:account:client/RaspberryPi"
      },
      {
         "Effect": "Allow",
         "Action": "iot:Publish",
         "Resource": [
            "arn:aws:iot:region:account:topic/$aws/things/RaspberryPi/shadow/update",
            "arn:aws:iot:region:account:topic/$aws/things/RaspberryPi/shadow/delete",
            "arn:aws:iot:region:account:topic/$aws/things/RaspberryPi/shadow/get"
         ]
      },
      {
         "Effect": "Allow",
         "Action": "iot:Receive",
         "Resource": [
            "arn:aws:iot:region:account:topic/$aws/things/RaspberryPi/shadow/update/accepted",
            "arn:aws:iot:region:account:topic/$aws/things/RaspberryPi/shadow/delete/accepted",
            "arn:aws:iot:region:account:topic/$aws/things/RaspberryPi/shadow/get/accepted",
            "arn:aws:iot:region:account:topic/$aws/things/RaspberryPi/shadow/update/rejected",
            "arn:aws:iot:region:account:topic/$aws/things/RaspberryPi/shadow/delete/rejected"
         ]
      },
      {
         "Effect": "Allow",
         "Action": "iot:Subscribe",
         "Resource": [
            "arn:aws:iot:region:account:topicfilter/$aws/things/RaspberryPi/shadow/update/accepted",
            "arn:aws:iot:region:account:topicfilter/$aws/things/RaspberryPi/shadow/delete/accepted",
            "arn:aws:iot:region:account:topicfilter/$aws/things/RaspberryPi/shadow/get/accepted",
            "arn:aws:iot:region:account:topicfilter/$aws/things/RaspberryPi/shadow/update/rejected",
            "arn:aws:iot:region:account:topicfilter/$aws/things/RaspberryPi/shadow/delete/rejected"
         ]
      },
      {
         "Effect": "Allow",
         "Action": [
            "iot:GetThingShadow",
            "iot:UpdateThingShadow",
            "iot:DeleteThingShadow"
         ],
         "Resource": "arn:aws:iot:region:account:thing/RaspberryPi"

      }
   ]
}

  5. Choose Create.