Amazon IoT Core policy variables - Amazon IoT Core
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Amazon IoT Core policy variables

Amazon IoT Core defines policy variables that can be used in Amazon IoT Core policies in the Resource or Condition block. When a policy is evaluated, the policy variables are replaced by actual values. For example, if a device is connected to the Amazon IoT Core message broker with a client ID of 100-234-3456, the iot:ClientId policy variable is replaced in the policy document by 100-234-3456.

Amazon IoT Core policies can use wildcard characters and follow a similar convention to IAM policies. Inserting an * (asterik) in the string can be treated as a wildcard, matching any characters. For example, you can use * to describe multiple MQTT topic names in the Resource attribute of a policy. The characters + and # are treated as literal strings in a policy. For an example policy that shows how to use wildcards, see Using wildcard characters in MQTT and Amazon IoT Core policies.

You can also use predefined policy variables with fixed values to represent characters that otherwise have special meaning. These special characters include $(*), $(?), and $($). For more information about policy variables and the special characters, see IAM Policy elements: Variables and tags and Creating a condition with multiple keys or values.