End of support notice: On May 20, 2026, Amazon will end support for Amazon IoT Events. After May 20, 2026, you will no longer be able to access the Amazon IoT Events console or Amazon IoT Events resources. For more information, see [Amazon IoT Events end of support](https://docs.amazonaws.cn/iotevents/latest/developerguide/iotevents-end-of-support.html).
# Action permissions for Amazon IoT Events
Amazon IoT Events enables you to trigger actions which use other Amazon services. To do so, you must grant Amazon IoT Events permission to perform these actions on your behalf. This section contains a list of the actions and an example policy which grants permission to perform all these actions on your resources. Change the {{region}} and {{account-id}} references as required. When possible, you should also change the wildcards (\*) to refer to specific resources that will be accessed. You can use the IAM console to grant permission to Amazon IoT Events to send an Amazon SNS alert that you have defined. .
Amazon IoT Events supports the following actions that let you use a timer or set a variable:
+ [`setTimer`](built-in-actions.md#iotevents-set-timer) to create a timer.
+ [`resetTimer`](built-in-actions.md#iotevents-reset-timer) to reset the timer.
+ [`clearTimer`](built-in-actions.md#iotevents-clear-timer) to delete the timer.
+ [`setVariable`](built-in-actions.md#iotevents-set-variable) to create a variable.
Amazon IoT Events supports the following actions that let you work with Amazon services:
+ [`iotTopicPublish`](iotevents-other-aws-services.md#iotevents-iotcore) to publish a message on an MQTT topic.
+ [`iotEvents`](iotevents-other-aws-services.md#iotevents-iteinput) to send data to Amazon IoT Events as an input value.
+ [`iotSiteWise`](iotevents-other-aws-services.md#iotevents-iotsitewise) to send data to an asset property in Amazon IoT SiteWise.
+ [`dynamoDB`](iotevents-other-aws-services.md#iotevents-dynamodb) to send data to an Amazon DynamoDB table.
+ [`dynamoDBv2`](iotevents-other-aws-services.md#iotevents-dynamodbv2) to send data to an Amazon DynamoDB table.
+ [`firehose`](iotevents-other-aws-services.md#iotevents-firehose) to send data to an Amazon Data Firehose stream.
+ [`lambda`](iotevents-other-aws-services.md#iotevents-lambda) to invoke an Amazon Lambda function.
+ [`sns`](iotevents-other-aws-services.md#iotevents-sns) to send data as a push notification.
+ [`sqs`](iotevents-other-aws-services.md#iotevents-sqs) to send data to an Amazon SQS queue.
**Example Policy**
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:Publish",
"Resource": "arn:aws-cn:iot:{{us-east-1}}:{{123456789012}}:topic/*"
},
{
"Effect": "Allow",
"Action": "iotevents:BatchPutMessage",
"Resource": "arn:aws-cn:iotevents:{{us-east-1}}:{{123456789012}}:input/*"
},
{
"Effect": "Allow",
"Action": "iotsitewise:BatchPutAssetPropertyValue",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "dynamodb:PutItem",
"Resource": "arn:aws-cn:dynamodb:{{us-east-1}}:{{123456789012}}:table/*"
},
{
"Effect": "Allow",
"Action": [
"firehose:PutRecord",
"firehose:PutRecordBatch"
],
"Resource": "arn:aws-cn:firehose:{{us-east-1}}:{{123456789012}}:deliverystream/*"
},
{
"Effect": "Allow",
"Action": "lambda:InvokeFunction",
"Resource": "arn:aws-cn:lambda:{{us-east-1}}:{{123456789012}}:function:*"
},
{
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "arn:aws-cn:sns:{{us-east-1}}:{{123456789012}}:*"
},
{
"Effect": "Allow",
"Action": "sqs:SendMessage",
"Resource": "arn:aws-cn:sqs:{{us-east-1}}:{{123456789012}}:*"
}
]
}
```