Amazon IoT Core policy variables

Amazon IoT Core defines policy variables that can be used in Amazon IoT Core policies in the Resource or Condition block. When a policy is evaluated, the policy variables are replaced by actual values. For example, if a device is connected to the Amazon IoT Core message broker with a client ID of 100-234-3456, the iot:ClientId policy variable is replaced in the policy document by 100-234-3456.

Amazon IoT Core policies can use wildcard characters and follow a similar convention to IAM policies. Inserting an * (asterik) in the string can be treated as a wildcard, matching any characters. For example, you can use * to describe multiple MQTT topic names in the Resource attribute of a policy. The characters + and # are treated as literal strings in a policy. For an example policy that shows how to use wildcards, see Using wildcard characters in MQTT and Amazon IoT Core policies.

You can also use predefined policy variables with fixed values to represent characters that otherwise have special meaning. These special characters include $(*), $(?), and $($). For more information about policy variables and the special characters, see IAM Policy elements: Variables and tags and Creating a condition with multiple keys or values.

Topics

Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Amazon IoT Core action resources

Basic Amazon IoT Core policy variables