Example: Secure access to an Amazon IoT Events detector model - Amazon IoT Events
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

End of support notice: On May 20, 2026, Amazon end support for Amazon IoT Events. After May 20, 2026, you will no longer be able to access the Amazon IoT Events console or Amazon IoT Events resources. For more information, visit this Amazon IoT Events end of support.

Example: Secure access to an Amazon IoT Events detector model

This example demonstrates how to create an IAM policy that securely grants access to a specific detector model in Amazon IoT Events. The policy uses conditions to ensure that only the specified Amazon account and Amazon IoT Events service can assume the role, adding an extra layer of security. In this example, the role can only access the detector model named WindTurbine01.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": [
          "iotevents.amazonaws.com"
        ]
      },
      "Action": "sts:AssumeRole",
      "Condition": {
        "StringEquals": {
          "aws:SourceAccount": "account_id"
        },
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:iotevents:region:account_id:detectorModel/WindTurbine01"
        }
      }
    }
  ]
 }