Action Description Resources Conditions
Accepts a pending certificate transfer.
  • ???
Attaches the specified policy to the specified principal (certificate or other credential).
  • ???
Attaches the specified principal to the specified thing.
  • ???
Cancels a pending transfer for the specified certificate.
  • ???
The Connect permission is checked every time a connect request is sent to the broker. The message broker does not allow two clients with the same client ID to stay connected at the same time. After the second client connects, the broker detects this case and disconnects one of the clients. The Connect permission can be used to ensure only authorized clients can connect using a specific client ID.
  • arn:aws:iot:$region:$account:client/${iot:ClientId}
  • arn:aws:iot:$region:$account:client/$client-id
Creates an X.
  • ???
Creates a 2048-bit RSA key pair and issues an X.
  • ???
Creates an AWS IoT policy.
  • ???
Creates a new version of the specified AWS IoT policy.
  • ???
Creates a thing record in the thing registry.
  • ???
Creates a rule.
  • ???
Deletes the specified certificate.
  • ???
Deletes the specified policy.
  • ???
Deletes the specified version of the specified policy.
  • ???
Deletes the specified thing.
  • ???
The DeleteThingShadow permission is checked every time a request is made to delete the thing shadow document.
  • arn:aws:iot:$region:$account:thing/$thing-name
Deletes the specified rule.
  • ???
Gets information about the specified certificate.
  • ???
Returns a unique endpoint specific to the AWS account making the call.
  • ???
Gets information about the specified thing.
  • ???
Removes the specified policy from the specified certificate.
  • ???
Detaches the specified principal from the specified thing.
  • ???
Gets the logging options.
  • ???
Gets information about the specified policy with the policy document of the default version.
  • ???
Gets information about the specified policy version.
  • ???
The GetThingShadow permission is checked every time a request is made to get the state of a thing shadow document.
  • arn:aws:iot:$region:$account:thing/$thing-name
Gets information about the specified rule.
  • ???
Lists the certificates registered in your AWS account.
  • ???
Lists your policies.
  • ???
Lists the versions of the specified policy and identifies the default version.
  • ???
Lists the policies attached to the specified principal.
  • ???
Lists the things associated with the specified principal.
  • ???
Lists the principals associated with the specified thing.
  • ???
Lists your things.
  • ???
Lists the rules for the specific topic.
  • ???
The Publish permission is checked every time a publish request is sent to the broker. The Publish action is used to allow clients to publish to specific topic patterns.
  • arn:aws:iot:$region:$account:topic/$topic-name
The Receive permission is checked every time a message is delivered to a client. Because the Receive permission is checked on every delivery, it can be used to revoke permissions to clients that are currently subscribed to a topic.
  • arn:aws:iot:$region:$account:topic/$topic-name
Rejects a pending certificate transfer.
  • ???
Replaces the specified rule.
  • ???
Sets the specified version of the specified policy as the policy's default (operative) version.
  • ???
Sets the logging options.
  • ???
The Subscribe permission is checked every time a subscribe request is sent to the broker. The Subscribe action is used to allow clients to subscribe to topics that match specific topic patterns.
  • arn:aws:iot:$region:$account:topicfilter/$topic-filter
Transfers the specified certificate to the specified AWS account.
  • ???
Updates the status of the specified certificate.
  • ???
Updates the data for a thing.
  • ???
The UpdateThingShadow permission is checked every time a request is made to update the state of a thing shadow document.
  • arn:aws:iot:$region:$account:thing/$thing-name