Action permissions for Amazon IoT Events - Amazon IoT Events
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

End of support notice: On May 20, 2026, Amazon will end support for Amazon IoT Events. After May 20, 2026, you will no longer be able to access the Amazon IoT Events console or Amazon IoT Events resources. For more information, see Amazon IoT Events end of support.

Action permissions for Amazon IoT Events

Amazon IoT Events enables you to trigger actions which use other Amazon services. To do so, you must grant Amazon IoT Events permission to perform these actions on your behalf. This section contains a list of the actions and an example policy which grants permission to perform all these actions on your resources. Change the region and account-id references as required. When possible, you should also change the wildcards (*) to refer to specific resources that will be accessed. You can use the IAM console to grant permission to Amazon IoT Events to send an Amazon SNS alert that you have defined. .

Amazon IoT Events supports the following actions that let you use a timer or set a variable:

Amazon IoT Events supports the following actions that let you work with Amazon services:

  • iotTopicPublish to publish a message on an MQTT topic.

  • iotEvents to send data to Amazon IoT Events as an input value.

  • iotSiteWise to send data to an asset property in Amazon IoT SiteWise.

  • dynamoDB to send data to an Amazon DynamoDB table.

  • dynamoDBv2 to send data to an Amazon DynamoDB table.

  • firehose to send data to an Amazon Data Firehose stream.

  • lambda to invoke an Amazon Lambda function.

  • sns to send data as a push notification.

  • sqs to send data to an Amazon SQS queue.

Example Policy
{
   "Version": "2012-10-17",
   "Statement": [
     {
       "Effect": "Allow",
       "Action": "iot:Publish",
       "Resource": "arn:aws-cn:iot:<region>:<account_id>:topic/*"
     },
     {
       "Effect": "Allow",
       "Action": "iotevents:BatchPutMessage",
       "Resource": "arn:aws-cn:iotevents:<region>:<account_id>:input/*"
     },
     {
       "Effect": "Allow",
       "Action": "iotsitewise:BatchPutAssetPropertyValue",
       "Resource": "*"
     },
     {
       "Effect": "Allow",
       "Action": "dynamodb:PutItem",
       "Resource": "arn:aws-cn:dynamodb:<region>:<account_id>:table/*"
     },
     {
       "Effect": "Allow",
       "Action": [
         "firehose:PutRecord",
         "firehose:PutRecordBatch"
       ],
       "Resource": "arn:aws-cn:firehose:<region>:<account_id>:deliverystream/*"
     },
     {
       "Effect": "Allow",
       "Action": "lambda:InvokeFunction",
       "Resource": "arn:aws-cn:lambda:<region>:<account_id>:function:*"
     },
     {
       "Effect": "Allow",
       "Action": "sns:Publish",
       "Resource": "arn:aws-cn:sns:<region>:<account_id>:*"
     },
     {
       "Effect": "Allow",
       "Action": "sqs:SendMessage",
       "Resource": "arn:aws-cn:sqs:<region>:<account_id>:*"
     }
   ]
}