View a markdown version of this page

View Amazon IoT Events inputs based on tags - Amazon IoT Events
Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

End of support notice: On May 20, 2026, Amazon will end support for Amazon IoT Events. After May 20, 2026, you will no longer be able to access the Amazon IoT Events console or Amazon IoT Events resources. For more information, see Amazon IoT Events end of support.

View Amazon IoT Events inputs based on tags

Tags help you organize Amazon IoT Events resources. You can use conditions in your identity-based policy to control access to Amazon IoT Events resources based on tags. This example shows how you might create a policy that allows viewing an input. However, permission is granted only if the input tag Owner has the value of that user's user name. This policy also grants the permissions necessary to complete this action on the console.

JSON
{
    "Version":"2012-10-17",
    "Statement": [
        {
            "Sid": "ListInputsInConsole",
            "Effect": "Allow",
            "Action": "iotevents:ListInputs",
            "Resource": "*"
        },
        {
            "Sid": "ViewInputsIfOwner",
            "Effect": "Allow",
            "Action": "iotevents:ListInputs",
            "Resource": "arn:aws-cn:iotevents:*:*:input/*",
            "Condition": {
                "StringEquals": {"aws:ResourceTag/Owner": "${aws:username}"}
            }
        }
    ]
}

You can attach this policy to the users in your account. If a user named richard-roe attempts to view an Amazon IoT Events input, the input must be tagged Owner=richard-roe or owner=richard-roe. Otherwise he is denied access. The condition tag key Owner matches both Owner and owner because condition key names are not case-sensitive. For more information, see IAM JSON policy elements: Condition in the IAM User Guide.