End of support notice: On December 15, 2025, Amazon will end support for Amazon IoT Analytics. After December 15, 2025, you will no longer be able to access the Amazon IoT Analytics console, or Amazon IoT Analytics resources. For more information, see Amazon IoT Analytics end of support.
DeviceShadowEnrich activity
A deviceShadowEnrich activity adds information from the Amazon IoT Device Shadow
service to a message. For example, given the message:
{ "temp": 50, "hum": 40, "device": { "thingName": "my-thing" } }
and the following deviceShadowEnrich activity:
{ "deviceShadowEnrich": { "name": "MyDeviceShadowEnrichActivity", "attribute": "shadow", "thingName": "device.thingName", "roleArn": "arn:aws:iam::<your-account-number>:role:MyEnrichRole", "next": "MyDatastoreActivity" } }
The result is a message that looks like the following example.
{ "temp": 50, "hum": 40, "device": { "thingName": "my-thing" }, "shadow": { "state": { "desired": { "attributeX": valueX, ... }, "reported": { "attributeX": valueX, ... }, "delta": { "attributeX": valueX, ... } }, "metadata": { "desired": { "attribute1": { "timestamp": timestamp }, ... }, "reported": ": { "attribute1": { "timestamp": timestamp }, ... } }, "timestamp": timestamp, "clientToken": "token", "version": version } }
You must specify a role in the roleArn field of the activity definition that
has the appropriate permissions attached. The role must have a permissions policy that looks like
the following.
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:GetThingShadow" ], "Resource": [ "arn:aws:iot:<region>:<account-id>:thing/<thing-name>" ] } ] }
and a trust policy that looks like:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "", "Effect": "Allow", "Principal": { "Service": "iotanalytics.amazonaws.com" }, "Action": [ "sts:AssumeRole" ] } ] }