# Actions, resources, and condition keys for AWS IoT
AWS IoT (service prefix: `iot`) provides the following service-specific resources, actions, and condition context keys for use in IAM permission policies.
References:
+ Learn how to [configure this service](https://docs.aws.amazon.com/iot/latest/developerguide/what-is-aws-iot.html).
+ View a list of the [API operations available for this service](https://docs.aws.amazon.com/iot/latest/apireference/).
+ Learn how to secure this service and its resources by [using IAM](https://docs.aws.amazon.com/iot/latest/developerguide/authorization.html) permission policies.
**Topics**
+ [Actions defined by AWS IoT](#awsiot-actions-as-permissions)
+ [Resource types defined by AWS IoT](#awsiot-resources-for-iam-policies)
+ [Condition keys for AWS IoT](#awsiot-policy-keys)
## Actions defined by AWS IoT
You can specify the following actions in the `Action` element of an IAM policy statement. Use policies to grant permissions to perform an operation in AWS. When you use an action in a policy, you usually allow or deny access to the API operation or CLI command with the same name. However, in some cases, a single action controls access to more than one operation. Alternatively, some operations require several different actions.
The **Access level** column of the Actions table describes how the action is classified (List, Read, Permissions management, or Tagging). This classification can help you understand the level of access that an action grants when you use it in a policy. For more information about access levels, see [Access levels in policy summaries](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_understand-policy-summary-access-level-summaries.html).
The **Resource types** column of the Actions table indicates whether each action supports resource-level permissions. If there is no value for this column, you must specify all resources ("\*") to which the policy applies in the `Resource` element of your policy statement. If the column includes a resource type, then you can specify an ARN of that type in a statement with that action. If the action has one or more required resources, the caller must have permission to use the action with those resources. Required resources are indicated in the table with an asterisk (\*). If you limit resource access with the `Resource` element in an IAM policy, you must include an ARN or pattern for each required resource type. Some actions support multiple resource types. If the resource type is optional (not indicated as required), then you can choose to use one of the optional resource types.
The **Condition keys** column of the Actions table includes keys that you can specify in a policy statement's `Condition` element. For more information on the condition keys that are associated with resources for the service, see the **Condition keys** column of the Resource types table.
The **Dependent actions** column of the Actions table shows additional permissions that may be required to successfully call an action. These permissions may be needed in addition to the permission for the action itself. When an action specifies dependent actions, those dependencies may apply to additional resources defined for that action, not only the first resource listed in the table.
**Note**
Resource condition keys are listed in the [Resource types](#awsiot-resources-for-iam-policies) table. You can find a link to the resource type that applies to an action in the **Resource types (\*required)** column of the Actions table. The resource type in the Resource types table includes the **Condition keys** column, which are the resource condition keys that apply to an action in the Actions table.
For details about the columns in the following table, see [Actions table](reference_policies_actions-resources-contextkeys.html#actions_table).
****
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_AcceptCertificateTransfer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_AcceptCertificateTransfer.html) **
- **Description:** Grants permission to accept a pending certificate transfer
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_AddThingToBillingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_AddThingToBillingGroup.html) **
- **Description:** Grants permission to add a thing to the specified billing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_AddThingToThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_AddThingToThingGroup.html) **
- **Description:** Grants permission to add a thing to the specified thing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_AssociateSbomWithPackageVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_AssociateSbomWithPackageVersion.html) **
- **Description:** Grants permission to associate SBOM files to a package version
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion)
- **Condition keys:**
- **Dependent actions:** iot:GetIndexingConfiguration
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_AssociateTargetsWithJob.html](https://docs.aws.amazon.com/iot/latest/apireference/API_AssociateTargetsWithJob.html) **
- **Description:** Grants permission to associate a group with a continuous job
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-job](#awsiot-job) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_AttachPolicy.html](https://docs.aws.amazon.com/iot/latest/apireference/API_AttachPolicy.html) **
- **Description:** Grants permission to attach a policy to the specified target
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_AttachPrincipalPolicy.html](https://docs.aws.amazon.com/iot/latest/apireference/API_AttachPrincipalPolicy.html) **
- **Description:** Grants permission to attach the specified policy to the specified principal (certificate or other credential)
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_AttachSecurityProfile.html](https://docs.aws.amazon.com/iot/latest/apireference/API_AttachSecurityProfile.html) **
- **Description:** Grants permission to associate a Device Defender security profile with a thing group or with this account
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_AttachThingPrincipal.html](https://docs.aws.amazon.com/iot/latest/apireference/API_AttachThingPrincipal.html) **
- **Description:** Grants permission to attach the specified principal to the specified thing
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-iot_thingArn](#awsiot-iot_thingArn) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CancelAuditMitigationActionsTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CancelAuditMitigationActionsTask.html) **
- **Description:** Grants permission to cancel a mitigation action task that is in progress
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CancelAuditTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CancelAuditTask.html) **
- **Description:** Grants permission to cancel an audit that is in progress. The audit can be either scheduled or on-demand
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CancelCertificateTransfer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CancelCertificateTransfer.html) **
- **Description:** Grants permission to cancel a pending transfer for the specified certificate
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CancelDetectMitigationActionsTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CancelDetectMitigationActionsTask.html) **
- **Description:** Grants permission to cancel a Device Defender ML Detect mitigation action
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CancelJob.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CancelJob.html) **
- **Description:** Grants permission to cancel a job
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-job](#awsiot-job)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CancelJobExecution.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CancelJobExecution.html) **
- **Description:** Grants permission to cancel a job execution on a particular device
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-job](#awsiot-job) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ClearDefaultAuthorizer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ClearDefaultAuthorizer.html) **
- **Description:** Grants permission to clear the default authorizer
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_CloseTunnel.html](https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_CloseTunnel.html) **
- **Description:** Grants permission to close a tunnel
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-tunnel](#awsiot-tunnel) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-iot_Delete](#awsiot-iot_Delete) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ConfirmTopicRuleDestination.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ConfirmTopicRuleDestination.html) **
- **Description:** Grants permission to confirm a http url TopicRuleDestinationDestination
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-destination](#awsiot-destination)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to connect as the specified client
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-client](#awsiot-client)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateAuditSuppression.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateAuditSuppression.html) **
- **Description:** Grants permission to create a Device Defender audit suppression
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateAuthorizer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateAuthorizer.html) **
- **Description:** Grants permission to create an authorizer
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-authorizer](#awsiot-authorizer) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateBillingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateBillingGroup.html) **
- **Description:** Grants permission to create a billing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCertificateFromCsr.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCertificateFromCsr.html) **
- **Description:** Grants permission to create an X.509 certificate using the specified certificate signing request
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCertificateProvider.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCertificateProvider.html) **
- **Description:** Grants permission to create a certificate provider
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-certificateprovider](#awsiot-certificateprovider) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCommand.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCommand.html) **
- **Description:** Grants permission to create a command that can be used to start new executions against a device
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-command](#awsiot-command) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCustomMetric.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateCustomMetric.html) **
- **Description:** Grants permission to create a custom metric for device side metric reporting and monitoring
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDimension.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDimension.html) **
- **Description:** Grants permission to define a dimension that can be used to to limit the scope of a metric used in a security profile
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDomainConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDomainConfiguration.html) **
- **Description:** Grants permission to create a domain configuration
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-domainconfiguration](#awsiot-domainconfiguration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys)
[#awsiot-iot_DomainName](#awsiot-iot_DomainName) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDynamicThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateDynamicThingGroup.html) **
- **Description:** Grants permission to create a Dynamic Thing Group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-dynamicthinggroup](#awsiot-dynamicthinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateFleetMetric.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateFleetMetric.html) **
- **Description:** Grants permission to create a fleet metric
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-fleetmetric](#awsiot-fleetmetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-index](#awsiot-index) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateJob.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateJob.html) **
- **Description:** Grants permission to create a job
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-job](#awsiot-job) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-jobtemplate](#awsiot-jobtemplate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-package](#awsiot-package) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateJobTemplate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateJobTemplate.html) **
- **Description:** Grants permission to create a job template
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-jobtemplate](#awsiot-jobtemplate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-job](#awsiot-job) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-package](#awsiot-package) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateKeysAndCertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateKeysAndCertificate.html) **
- **Description:** Grants permission to create a 2048 bit RSA key pair and issues an X.509 certificate using the issued public key
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateMitigationAction.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateMitigationAction.html) **
- **Description:** Grants permission to define an action that can be applied to audit findings by using StartAuditMitigationActionsTask
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-mitigationaction](#awsiot-mitigationaction) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateOTAUpdate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateOTAUpdate.html) **
- **Description:** Grants permission to create an OTA update job
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-otaupdate](#awsiot-otaupdate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePackage.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePackage.html) **
- **Description:** Grants permission to create a software package that you can deploy to your devices
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-package](#awsiot-package) / **Condition keys:** / **Dependent actions:** iot:GetIndexingConfiguration
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePackageVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePackageVersion.html) **
- **Description:** Grants permission to create a version under the specified package
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-package](#awsiot-package) / **Condition keys:** / **Dependent actions:** iot:GetIndexingConfiguration
s3:GetObjectVersion
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePolicy.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePolicy.html) **
- **Description:** Grants permission to create an AWS IoT policy
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePolicyVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreatePolicyVersion.html) **
- **Description:** Grants permission to create a new version of the specified AWS IoT policy
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateProvisioningClaim.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateProvisioningClaim.html) **
- **Description:** Grants permission to create a provisioning claim
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateProvisioningTemplate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateProvisioningTemplate.html) **
- **Description:** Grants permission to create a fleet provisioning template
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate) / **Condition keys:** / **Dependent actions:** iam:PassRole
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateProvisioningTemplateVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateProvisioningTemplateVersion.html) **
- **Description:** Grants permission to create a new version of a fleet provisioning template
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateRoleAlias.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateRoleAlias.html) **
- **Description:** Grants permission to create a role alias
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-rolealias](#awsiot-rolealias) / **Condition keys:** / **Dependent actions:** iam:PassRole
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateScheduledAudit.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateScheduledAudit.html) **
- **Description:** Grants permission to create a scheduled audit that is run at a specified time interval
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-scheduledaudit](#awsiot-scheduledaudit) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateSecurityProfile.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateSecurityProfile.html) **
- **Description:** Grants permission to create a Device Defender security profile
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateStream.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateStream.html) **
- **Description:** Grants permission to create a new AWS IoT stream
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-stream](#awsiot-stream) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateThing.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateThing.html) **
- **Description:** Grants permission to create a thing in the thing registry
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateThingGroup.html) **
- **Description:** Grants permission to create a thing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateThingType.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateThingType.html) **
- **Description:** Grants permission to create a new thing type
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thingtype](#awsiot-thingtype) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateTopicRule.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateTopicRule.html) **
- **Description:** Grants permission to create a rule
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-rule](#awsiot-rule) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_CreateTopicRuleDestination.html](https://docs.aws.amazon.com/iot/latest/apireference/API_CreateTopicRuleDestination.html) **
- **Description:** Grants permission to create a TopicRuleDestination
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteAccountAuditConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteAccountAuditConfiguration.html) **
- **Description:** Grants permission to delete the audit configuration associated with the account
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteAuditSuppression.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteAuditSuppression.html) **
- **Description:** Grants permission to delete a Device Defender audit suppression
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteAuthorizer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteAuthorizer.html) **
- **Description:** Grants permission to delete the specified authorizer
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-authorizer](#awsiot-authorizer)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteBillingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteBillingGroup.html) **
- **Description:** Grants permission to delete the specified billing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCACertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCACertificate.html) **
- **Description:** Grants permission to delete a registered CA certificate
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cacert](#awsiot-cacert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCertificate.html) **
- **Description:** Grants permission to delete the specified certificate
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCertificateProvider.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCertificateProvider.html) **
- **Description:** Grants permission to delete a certificate provider
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-certificateprovider](#awsiot-certificateprovider)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCommand.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCommand.html) **
- **Description:** Grants permission to delete a command
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-command](#awsiot-command)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCommandExecution.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCommandExecution.html) **
- **Description:** Grants permission to delete a command execution
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-client](#awsiot-client) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to disconnect the specified connection
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-client](#awsiot-client)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCustomMetric.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteCustomMetric.html) **
- **Description:** Grants permission to deletes the specified custom metric from your AWS account
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteDimension.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteDimension.html) **
- **Description:** Grants permission to remove the specified dimension from your AWS account
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteDomainConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteDomainConfiguration.html) **
- **Description:** Grants permission to delete a domain configuration
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-domainconfiguration](#awsiot-domainconfiguration)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteDynamicThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteDynamicThingGroup.html) **
- **Description:** Grants permission to delete the specified Dynamic Thing Group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-dynamicthinggroup](#awsiot-dynamicthinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteFleetMetric.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteFleetMetric.html) **
- **Description:** Grants permission to delete the specified fleet metric
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-fleetmetric](#awsiot-fleetmetric)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteJob.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteJob.html) **
- **Description:** Grants permission to delete a job and its related job executions
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-job](#awsiot-job)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteJobExecution.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteJobExecution.html) **
- **Description:** Grants permission to delete a job execution
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-job](#awsiot-job) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteJobTemplate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteJobTemplate.html) **
- **Description:** Grants permission to delete a job template
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-jobtemplate](#awsiot-jobtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteMitigationAction.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteMitigationAction.html) **
- **Description:** Grants permission to delete a defined mitigation action from your AWS account
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-mitigationaction](#awsiot-mitigationaction)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteOTAUpdate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteOTAUpdate.html) **
- **Description:** Grants permission to delete an OTA update job
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-otaupdate](#awsiot-otaupdate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePackage.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePackage.html) **
- **Description:** Grants permission to delete a package
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-package](#awsiot-package)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePackageVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePackageVersion.html) **
- **Description:** Grants permission to delete a version of the specified package
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-package](#awsiot-package) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePolicy.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePolicy.html) **
- **Description:** Grants permission to delete the specified policy
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePolicyVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeletePolicyVersion.html) **
- **Description:** Grants permission to Delete the specified version of the specified policy
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteProvisioningTemplate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteProvisioningTemplate.html) **
- **Description:** Grants permission to delete a fleet provisioning template
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteProvisioningTemplateVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteProvisioningTemplateVersion.html) **
- **Description:** Grants permission to delete a fleet provisioning template version
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteRegistrationCode.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteRegistrationCode.html) **
- **Description:** Grants permission to delete a CA certificate registration code
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteRoleAlias.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteRoleAlias.html) **
- **Description:** Grants permission to delete the specified role alias
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-rolealias](#awsiot-rolealias)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteScheduledAudit.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteScheduledAudit.html) **
- **Description:** Grants permission to delete a scheduled audit
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-scheduledaudit](#awsiot-scheduledaudit)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteSecurityProfile.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteSecurityProfile.html) **
- **Description:** Grants permission to delete a Device Defender security profile
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteStream.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteStream.html) **
- **Description:** Grants permission to delete a specified stream
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-stream](#awsiot-stream)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteThing.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteThing.html) **
- **Description:** Grants permission to delete the specified thing
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteThingGroup.html) **
- **Description:** Grants permission to delete the specified thing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to delete the specified thing shadow
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteThingType.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteThingType.html) **
- **Description:** Grants permission to delete the specified thing type
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thingtype](#awsiot-thingtype)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteTopicRule.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteTopicRule.html) **
- **Description:** Grants permission to delete the specified rule
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-rule](#awsiot-rule)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteTopicRuleDestination.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteTopicRuleDestination.html) **
- **Description:** Grants permission to delete a TopicRuleDestination
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-destination](#awsiot-destination)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteV2LoggingLevel.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeleteV2LoggingLevel.html) **
- **Description:** Grants permission to delete the specified v2 logging level
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DeprecateThingType.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DeprecateThingType.html) **
- **Description:** Grants permission to deprecate the specified thing type
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thingtype](#awsiot-thingtype)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAccountAuditConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAccountAuditConfiguration.html) **
- **Description:** Grants permission to get information about audit configurations for the account
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditFinding.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditFinding.html) **
- **Description:** Grants permission to get information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and when the audit that returned the finding was started
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditMitigationActionsTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditMitigationActionsTask.html) **
- **Description:** Grants permission to get information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditSuppression.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditSuppression.html) **
- **Description:** Grants permission to get information about a Device Defender audit suppression
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuditTask.html) **
- **Description:** Grants permission to get information about a Device Defender audit
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuthorizer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeAuthorizer.html) **
- **Description:** Grants permission to describe an authorizer
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-authorizer](#awsiot-authorizer)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeBillingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeBillingGroup.html) **
- **Description:** Grants permission to get information about the specified billing group
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCACertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCACertificate.html) **
- **Description:** Grants permission to describe a registered CA certificate
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-cacert](#awsiot-cacert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCertificate.html) **
- **Description:** Grants permission to get information about the specified certificate
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCertificateProvider.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCertificateProvider.html) **
- **Description:** Grants permission to describe a certificate provider
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-certificateprovider](#awsiot-certificateprovider)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCustomMetric.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeCustomMetric.html) **
- **Description:** Grants permission to describe a custom metric that is defined in your AWS account
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDefaultAuthorizer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDefaultAuthorizer.html) **
- **Description:** Grants permission to describe the default authorizer
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDetectMitigationActionsTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDetectMitigationActionsTask.html) **
- **Description:** Grants permission to describe a Device Defender ML Detect mitigation action
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDimension.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDimension.html) **
- **Description:** Grants permission to get details about a dimension that is defined in your AWS account
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDomainConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeDomainConfiguration.html) **
- **Description:** Grants permission to get information about the domain configuration
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-domainconfiguration](#awsiot-domainconfiguration)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEncryptionConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEncryptionConfiguration.html) **
- **Description:** Grants permission to describe the encryption configuration for the account
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEndpoint.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEndpoint.html) **
- **Description:** Grants permission to get a unique endpoint specific to the AWS account making the call
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEventConfigurations.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeEventConfigurations.html) **
- **Description:** Grants permission to get account event configurations
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeFleetMetric.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeFleetMetric.html) **
- **Description:** Grants permission to get information about the specified fleet metric
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-fleetmetric](#awsiot-fleetmetric)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeIndex.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeIndex.html) **
- **Description:** Grants permission to get information about the specified index
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-index](#awsiot-index)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeJob.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeJob.html) **
- **Description:** Grants permission to describe a job
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-job](#awsiot-job)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeJobExecution.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeJobExecution.html) **
- **Description:** Grants permission to describe a job execution
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-job](#awsiot-job) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeJobTemplate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeJobTemplate.html) **
- **Description:** Grants permission to describe a job template
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-jobtemplate](#awsiot-jobtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeManagedJobTemplate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeManagedJobTemplate.html) **
- **Description:** Grants permission to describe a managed job template
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-jobtemplate](#awsiot-jobtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeMitigationAction.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeMitigationAction.html) **
- **Description:** Grants permission to get information about a mitigation action
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-mitigationaction](#awsiot-mitigationaction)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeProvisioningTemplate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeProvisioningTemplate.html) **
- **Description:** Grants permission to get information about a fleet provisioning template
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeProvisioningTemplateVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeProvisioningTemplateVersion.html) **
- **Description:** Grants permission to get information about a fleet provisioning template version
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeRoleAlias.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeRoleAlias.html) **
- **Description:** Grants permission to describe a role alias
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-rolealias](#awsiot-rolealias)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeScheduledAudit.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeScheduledAudit.html) **
- **Description:** Grants permission to get information about a scheduled audit
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-scheduledaudit](#awsiot-scheduledaudit)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeSecurityProfile.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeSecurityProfile.html) **
- **Description:** Grants permission to get information about a Device Defender security profile
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeStream.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeStream.html) **
- **Description:** Grants permission to get information about the specified stream
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-stream](#awsiot-stream)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThing.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThing.html) **
- **Description:** Grants permission to get information about the specified thing
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThingGroup.html) **
- **Description:** Grants permission to get information about the specified thing group
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThingRegistrationTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThingRegistrationTask.html) **
- **Description:** Grants permission to get information about the bulk thing registration task
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThingType.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DescribeThingType.html) **
- **Description:** Grants permission to get information about the specified thing type
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-thingtype](#awsiot-thingtype)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_DescribeTunnel.html](https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_DescribeTunnel.html) **
- **Description:** Grants permission to describe a tunnel
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-tunnel](#awsiot-tunnel)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DetachPolicy.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DetachPolicy.html) **
- **Description:** Grants permission to detach a policy from the specified target
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DetachPrincipalPolicy.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DetachPrincipalPolicy.html) **
- **Description:** Grants permission to remove the specified policy from the specified certificate
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DetachSecurityProfile.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DetachSecurityProfile.html) **
- **Description:** Grants permission to disassociate a Device Defender security profile from a thing group or from this account
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DetachThingPrincipal.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DetachThingPrincipal.html) **
- **Description:** Grants permission to detach the specified principal from the specified thing
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-iot_thingArn](#awsiot-iot_thingArn) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DisableTopicRule.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DisableTopicRule.html) **
- **Description:** Grants permission to disable the specified rule
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-rule](#awsiot-rule)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_DisassociateSbomFromPackageVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_DisassociateSbomFromPackageVersion.html) **
- **Description:** Grants permission to disassociate SBOM files from a package version
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_EnableTopicRule.html](https://docs.aws.amazon.com/iot/latest/apireference/API_EnableTopicRule.html) **
- **Description:** Grants permission to enable the specified rule
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-rule](#awsiot-rule)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetBehaviorModelTrainingSummaries.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetBehaviorModelTrainingSummaries.html) **
- **Description:** Grants permission to fetch a Device Defender's ML Detect Security Profile training model's status
- **Access level:** List
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetBucketsAggregation.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetBucketsAggregation.html) **
- **Description:** Grants permission to get buckets aggregation for IoT fleet index
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-index](#awsiot-index)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetCardinality.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetCardinality.html) **
- **Description:** Grants permission to get cardinality for IoT fleet index
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-index](#awsiot-index)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetCommand.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetCommand.html) **
- **Description:** Grants permission to get the information about the command
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-command](#awsiot-command)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetCommandExecution.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetCommandExecution.html) **
- **Description:** Grants permission to get the information of a command execution
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-client](#awsiot-client) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetEffectivePolicies.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetEffectivePolicies.html) **
- **Description:** Grants permission to get effective policies
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetIndexingConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetIndexingConfiguration.html) **
- **Description:** Grants permission to get current fleet indexing configuration
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetJobDocument.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetJobDocument.html) **
- **Description:** Grants permission to get a job document
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-job](#awsiot-job)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetLoggingOptions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetLoggingOptions.html) **
- **Description:** Grants permission to get the logging options
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetOTAUpdate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetOTAUpdate.html) **
- **Description:** Grants permission to get the information about the OTA update job
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-otaupdate](#awsiot-otaupdate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetPackage.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetPackage.html) **
- **Description:** Grants permission to get the information about the package
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-package](#awsiot-package)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetPackageConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetPackageConfiguration.html) **
- **Description:** Grants permission to get the package configuration of the account
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetPackageVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetPackageVersion.html) **
- **Description:** Grants permission to get the version of the package
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-package](#awsiot-package) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetPercentiles.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetPercentiles.html) **
- **Description:** Grants permission to get percentiles for IoT fleet index
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-index](#awsiot-index)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetPolicy.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetPolicy.html) **
- **Description:** Grants permission to get information about the specified policy with the policy document of the default version
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetPolicyVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetPolicyVersion.html) **
- **Description:** Grants permission to get information about the specified policy version
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetRegistrationCode.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetRegistrationCode.html) **
- **Description:** Grants permission to get a registration code used to register a CA certificate with AWS IoT
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to get the retained message on the specified topic
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-topic](#awsiot-topic)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetStatistics.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetStatistics.html) **
- **Description:** Grants permission to get statistics for IoT fleet index
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-index](#awsiot-index)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetThingConnectivityData.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetThingConnectivityData.html) **
- **Description:** Grants permission to get the thing's connectivity data
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to get the thing shadow
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetTopicRule.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetTopicRule.html) **
- **Description:** Grants permission to get information about the specified rule
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-rule](#awsiot-rule)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetTopicRuleDestination.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetTopicRuleDestination.html) **
- **Description:** Grants permission to get a TopicRuleDestination
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-destination](#awsiot-destination)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_GetV2LoggingOptions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_GetV2LoggingOptions.html) **
- **Description:** Grants permission to get v2 logging options
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListActiveViolations.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListActiveViolations.html) **
- **Description:** Grants permission to list the active violations for a given Device Defender security profile or Thing
- **Access level:** List
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListAttachedPolicies.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListAttachedPolicies.html) **
- **Description:** Grants permission to list the policies attached to the specified thing group
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditFindings.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditFindings.html) **
- **Description:** Grants permission to list the findings (results) of a Device Defender audit or of the audits performed during a specified time period
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditMitigationActionsExecutions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditMitigationActionsExecutions.html) **
- **Description:** Grants permission to get the status of audit mitigation action tasks that were executed
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditMitigationActionsTasks.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditMitigationActionsTasks.html) **
- **Description:** Grants permission to get a list of audit mitigation action tasks that match the specified filters
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditSuppressions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditSuppressions.html) **
- **Description:** Grants permission to list your Device Defender audit suppressions
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditTasks.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuditTasks.html) **
- **Description:** Grants permission to list the Device Defender audits that have been performed during a given time period
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuthorizers.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListAuthorizers.html) **
- **Description:** Grants permission to list the authorizers registered in your account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListBillingGroups.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListBillingGroups.html) **
- **Description:** Grants permission to list all billing groups
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListCACertificates.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListCACertificates.html) **
- **Description:** Grants permission to list the CA certificates registered for your AWS account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListCertificateProviders.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListCertificateProviders.html) **
- **Description:** Grants permission to list certificate providers in the account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListCertificates.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListCertificates.html) **
- **Description:** Grants permission to list your certificates
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListCertificatesByCA.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListCertificatesByCA.html) **
- **Description:** Grants permission to list the device certificates signed by the specified CA certificate
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListCommandExecutions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListCommandExecutions.html) **
- **Description:** Grants permission to list commands executions in the account
- **Access level:** List
- **Resource types (\*required):** [#awsiot-client](#awsiot-client) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-command](#awsiot-command) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListCommands.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListCommands.html) **
- **Description:** Grants permission to list commands in the account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListCustomMetrics.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListCustomMetrics.html) **
- **Description:** Grants permission to list the custom metrics in your AWS account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListDetectMitigationActionsExecutions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListDetectMitigationActionsExecutions.html) **
- **Description:** Grants permission to lists mitigation actions executions for a Device Defender ML Detect Security Profile
- **Access level:** List
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListDetectMitigationActionsTasks.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListDetectMitigationActionsTasks.html) **
- **Description:** Grants permission to list Device Defender ML Detect mitigation actions tasks
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListDimensions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListDimensions.html) **
- **Description:** Grants permission to list the dimensions that are defined for your AWS account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListDomainConfigurations.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListDomainConfigurations.html) **
- **Description:** Grants permission to list the domain configuration created by your AWS account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListFleetMetrics.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListFleetMetrics.html) **
- **Description:** Grants permission to list the fleet metrics in your account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListIndices.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListIndices.html) **
- **Description:** Grants permission to list all indices for fleet index
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobExecutionsForJob.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobExecutionsForJob.html) **
- **Description:** Grants permission to list the job executions for a job
- **Access level:** List
- **Resource types (\*required):** [#awsiot-job](#awsiot-job)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobExecutionsForThing.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobExecutionsForThing.html) **
- **Description:** Grants permission to list the job executions for the specified thing
- **Access level:** List
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobTemplates.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobTemplates.html) **
- **Description:** Grants permission to list job templates
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobs.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListJobs.html) **
- **Description:** Grants permission to list jobs
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListManagedJobTemplates.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListManagedJobTemplates.html) **
- **Description:** Grants permission to list managed job templates
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListMetricValues.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListMetricValues.html) **
- **Description:** Grants permissions to list the metric values for a thing based on the metricName, and dimension if specified
- **Access level:** List
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListMitigationActions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListMitigationActions.html) **
- **Description:** Grants permission to get a list of all mitigation actions that match the specified filter criteria
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListNamedShadowsForThing.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListNamedShadowsForThing.html) **
- **Description:** Grants permission to list all named shadows for a given thing
- **Access level:** List
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListOTAUpdates.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListOTAUpdates.html) **
- **Description:** Grants permission to list OTA update jobs in the account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListOutgoingCertificates.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListOutgoingCertificates.html) **
- **Description:** Grants permission to list certificates that are being transfered but not yet accepted
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListPackageVersions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListPackageVersions.html) **
- **Description:** Grants permission to list versions for a package in the account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListPackages.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListPackages.html) **
- **Description:** Grants permission to list packages in the account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListPolicies.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListPolicies.html) **
- **Description:** Grants permission to list your policies
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListPolicyPrincipals.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListPolicyPrincipals.html) **
- **Description:** Grants permission to list the principals associated with the specified policy
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListPolicyVersions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListPolicyVersions.html) **
- **Description:** Grants permission to list the versions of the specified policy, and identifies the default version
- **Access level:** List
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListPrincipalPolicies.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListPrincipalPolicies.html) **
- **Description:** Grants permission to list the policies attached to the specified principal. If you use an Amazon Cognito identity, the ID needs to be in Amazon Cognito Identity format
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListPrincipalThings.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListPrincipalThings.html) **
- **Description:** Grants permission to list the things associated with the specified principal
- **Access level:** List
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListPrincipalThingsV2.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListPrincipalThingsV2.html) **
- **Description:** Grants permission to list the things associated with the specified principal
- **Access level:** List
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListProvisioningTemplateVersions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListProvisioningTemplateVersions.html) **
- **Description:** Grants permission to get a list of fleet provisioning template versions
- **Access level:** List
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListProvisioningTemplates.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListProvisioningTemplates.html) **
- **Description:** Grants permission to list the fleet provisioning templates in your AWS account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListRelatedResourcesForAuditFinding.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListRelatedResourcesForAuditFinding.html) **
- **Description:** Grants permission to list related resources for a single audit finding
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to list the retained messages for your account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListRoleAliases.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListRoleAliases.html) **
- **Description:** Grants permission to list role aliases
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListSbomValidationResults.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListSbomValidationResults.html) **
- **Description:** Grants permission to list SBOM validation results of a package version
- **Access level:** List
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListScheduledAudits.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListScheduledAudits.html) **
- **Description:** Grants permission to list all of your scheduled audits
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfiles.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfiles.html) **
- **Description:** Grants permission to list the Device Defender security profiles you have created
- **Access level:** List
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfilesForTarget.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListSecurityProfilesForTarget.html) **
- **Description:** Grants permission to list the Device Defender security profiles attached to a target
- **Access level:** List
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListStreams.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListStreams.html) **
- **Description:** Grants permission to list the streams in your account
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListTagsForResource.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListTagsForResource.html) **
- **Description:** Grants permission to list all tags for a given resource
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-authorizer](#awsiot-authorizer) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-cacert](#awsiot-cacert) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-certificateprovider](#awsiot-certificateprovider) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-command](#awsiot-command) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-domainconfiguration](#awsiot-domainconfiguration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dynamicthinggroup](#awsiot-dynamicthinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-fleetmetric](#awsiot-fleetmetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-job](#awsiot-job) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-jobtemplate](#awsiot-jobtemplate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-mitigationaction](#awsiot-mitigationaction) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-otaupdate](#awsiot-otaupdate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-rolealias](#awsiot-rolealias) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-rule](#awsiot-rule) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-scheduledaudit](#awsiot-scheduledaudit) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-stream](#awsiot-stream) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thingtype](#awsiot-thingtype) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListTargetsForPolicy.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListTargetsForPolicy.html) **
- **Description:** Grants permission to list targets for the specified policy
- **Access level:** List
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListTargetsForSecurityProfile.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListTargetsForSecurityProfile.html) **
- **Description:** Grants permission to list the targets associated with a given Device Defender security profile
- **Access level:** List
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingGroups.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingGroups.html) **
- **Description:** Grants permission to list all thing groups
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingGroupsForThing.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingGroupsForThing.html) **
- **Description:** Grants permission to list thing groups to which the specified thing belongs
- **Access level:** List
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingPrincipals.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingPrincipals.html) **
- **Description:** Grants permission to list the principals associated with the specified thing
- **Access level:** List
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingPrincipalsV2.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingPrincipalsV2.html) **
- **Description:** Grants permission to list the principals associated with the specified thing
- **Access level:** List
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingRegistrationTaskReports.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingRegistrationTaskReports.html) **
- **Description:** Grants permission to list information about bulk thing registration tasks
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingRegistrationTasks.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingRegistrationTasks.html) **
- **Description:** Grants permission to list bulk thing registration tasks
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingTypes.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingTypes.html) **
- **Description:** Grants permission to list all thing types
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThings.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThings.html) **
- **Description:** Grants permission to list all things
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingsInBillingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingsInBillingGroup.html) **
- **Description:** Grants permission to list all things in the specified billing group
- **Access level:** List
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingsInThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListThingsInThingGroup.html) **
- **Description:** Grants permission to list all things in the specified thing group
- **Access level:** List
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListTopicRuleDestinations.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListTopicRuleDestinations.html) **
- **Description:** Grants permission to list all TopicRuleDestinations
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListTopicRules.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListTopicRules.html) **
- **Description:** Grants permission to list the rules for the specific topic
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_ListTunnels.html](https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_ListTunnels.html) **
- **Description:** Grants permission to list tunnels
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListV2LoggingLevels.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListV2LoggingLevels.html) **
- **Description:** Grants permission to list the v2 logging levels
- **Access level:** List
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ListViolationEvents.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ListViolationEvents.html) **
- **Description:** Grants permission to list the Device Defender security profile violations discovered during the given time period
- **Access level:** List
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_OpenTunnel.html](https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_OpenTunnel.html) **
- **Description:** Grants permission to open a tunnel
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys)
[#awsiot-iot_ThingGroupArn](#awsiot-iot_ThingGroupArn)
[#awsiot-iot_TunnelDestinationService](#awsiot-iot_TunnelDestinationService)
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to publish to the specified topic
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-topic](#awsiot-topic)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_PutVerificationStateOnViolation.html](https://docs.aws.amazon.com/iot/latest/apireference/API_PutVerificationStateOnViolation.html) **
- **Description:** Grants permission to put verification state on a violation
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to receive from the specified topic
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-topic](#awsiot-topic)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterCACertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterCACertificate.html) **
- **Description:** Grants permission to register a CA certificate with AWS IoT
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys)
[#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_)
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterCertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterCertificate.html) **
- **Description:** Grants permission to register a device certificate with AWS IoT
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterCertificateWithoutCA.html](https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterCertificateWithoutCA.html) **
- **Description:** Grants permission to register a device certificate with AWS IoT without a registered CA (certificate authority)
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterThing.html](https://docs.aws.amazon.com/iot/latest/apireference/API_RegisterThing.html) **
- **Description:** Grants permission to register your thing
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_RejectCertificateTransfer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_RejectCertificateTransfer.html) **
- **Description:** Grants permission to reject a pending certificate transfer
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_RemoveThingFromBillingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_RemoveThingFromBillingGroup.html) **
- **Description:** Grants permission to remove thing from the specified billing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_RemoveThingFromThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_RemoveThingFromThingGroup.html) **
- **Description:** Grants permission to remove thing from the specified thing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ReplaceTopicRule.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ReplaceTopicRule.html) **
- **Description:** Grants permission to replace the specified rule
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-rule](#awsiot-rule)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to publish a retained message to the specified topic
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-topic](#awsiot-topic)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_RotateTunnelAccessToken.html](https://docs.aws.amazon.com/iot/latest/apireference/API_iot-secure-tunneling_RotateTunnelAccessToken.html) **
- **Description:** Grants permission to rotate the access token of a tunnel
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-tunnel](#awsiot-tunnel) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-iot_ThingGroupArn](#awsiot-iot_ThingGroupArn)
[#awsiot-iot_TunnelDestinationService](#awsiot-iot_TunnelDestinationService)
[#awsiot-iot_ClientMode](#awsiot-iot_ClientMode) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_SearchIndex.html](https://docs.aws.amazon.com/iot/latest/apireference/API_SearchIndex.html) **
- **Description:** Grants permission to search IoT fleet index
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-index](#awsiot-index)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_SetDefaultAuthorizer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_SetDefaultAuthorizer.html) **
- **Description:** Grants permission to set the default authorizer. This will be used if a websocket connection is made without specifying an authorizer
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-authorizer](#awsiot-authorizer)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_SetDefaultPolicyVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_SetDefaultPolicyVersion.html) **
- **Description:** Grants permission to set the specified version of the specified policy as the policy's default (operative) version
- **Access level:** Permissions management
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_SetLoggingOptions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_SetLoggingOptions.html) **
- **Description:** Grants permission to set the logging options
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_SetV2LoggingLevel.html](https://docs.aws.amazon.com/iot/latest/apireference/API_SetV2LoggingLevel.html) **
- **Description:** Grants permission to set the v2 logging level
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_SetV2LoggingOptions.html](https://docs.aws.amazon.com/iot/latest/apireference/API_SetV2LoggingOptions.html) **
- **Description:** Grants permission to set the v2 logging options
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_StartAuditMitigationActionsTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_StartAuditMitigationActionsTask.html) **
- **Description:** Grants permission to start a task that applies a set of mitigation actions to the specified target
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_iot-jobs-data_StartCommandExecution.html](https://docs.aws.amazon.com/iot/latest/apireference/API_iot-jobs-data_StartCommandExecution.html) **
- **Description:** Grants permission to start a new command execution
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-command](#awsiot-command) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-client](#awsiot-client) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-iot_CommandExecutionParameterString___CommandParameterName_](#awsiot-iot_CommandExecutionParameterString___CommandParameterName_)
[#awsiot-iot_CommandExecutionParameterBoolean___CommandParameterName_](#awsiot-iot_CommandExecutionParameterBoolean___CommandParameterName_)
[#awsiot-iot_CommandExecutionParameterNumber___CommandParameterName_](#awsiot-iot_CommandExecutionParameterNumber___CommandParameterName_) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_StartDetectMitigationActionsTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_StartDetectMitigationActionsTask.html) **
- **Description:** Grants permission to start a Device Defender ML Detect mitigation actions task
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_StartOnDemandAuditTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_StartOnDemandAuditTask.html) **
- **Description:** Grants permission to start an on-demand Device Defender audit
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_StartThingRegistrationTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_StartThingRegistrationTask.html) **
- **Description:** Grants permission to start a bulk thing registration task
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_StopThingRegistrationTask.html](https://docs.aws.amazon.com/iot/latest/apireference/API_StopThingRegistrationTask.html) **
- **Description:** Grants permission to stop a bulk thing registration task
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to subscribe to the specified TopicFilter
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-topicfilter](#awsiot-topicfilter)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_TagResource.html](https://docs.aws.amazon.com/iot/latest/apireference/API_TagResource.html) **
- **Description:** Grants permission to tag a specified resource
- **Access level:** Tagging
- **Resource types (\*required):** [#awsiot-authorizer](#awsiot-authorizer) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-cacert](#awsiot-cacert) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-certificateprovider](#awsiot-certificateprovider) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-command](#awsiot-command) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-domainconfiguration](#awsiot-domainconfiguration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dynamicthinggroup](#awsiot-dynamicthinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-fleetmetric](#awsiot-fleetmetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-job](#awsiot-job) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-jobtemplate](#awsiot-jobtemplate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-mitigationaction](#awsiot-mitigationaction) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-otaupdate](#awsiot-otaupdate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-package](#awsiot-package) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-rolealias](#awsiot-rolealias) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-rule](#awsiot-rule) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-scheduledaudit](#awsiot-scheduledaudit) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-stream](#awsiot-stream) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thingtype](#awsiot-thingtype) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_RequestTag___TagKey_](#awsiot-aws_RequestTag___TagKey_)
[#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_TestAuthorization.html](https://docs.aws.amazon.com/iot/latest/apireference/API_TestAuthorization.html) **
- **Description:** Grants permission to test the policies evaluation for group policies
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_TestInvokeAuthorizer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_TestInvokeAuthorizer.html) **
- **Description:** Grants permission to test invoke the specified custom authorizer for testing purposes
- **Access level:** Read
- **Resource types (\*required):** [#awsiot-authorizer](#awsiot-authorizer)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_TransferCertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_TransferCertificate.html) **
- **Description:** Grants permission to transfer the specified certificate to the specified AWS account
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UntagResource.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UntagResource.html) **
- **Description:** Grants permission to untag a specified resource
- **Access level:** Tagging
- **Resource types (\*required):** [#awsiot-authorizer](#awsiot-authorizer) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-cacert](#awsiot-cacert) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-certificateprovider](#awsiot-certificateprovider) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-command](#awsiot-command) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-domainconfiguration](#awsiot-domainconfiguration) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dynamicthinggroup](#awsiot-dynamicthinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-fleetmetric](#awsiot-fleetmetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-job](#awsiot-job) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-jobtemplate](#awsiot-jobtemplate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-mitigationaction](#awsiot-mitigationaction) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-otaupdate](#awsiot-otaupdate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-package](#awsiot-package) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-policy](#awsiot-policy) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-rolealias](#awsiot-rolealias) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-rule](#awsiot-rule) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-scheduledaudit](#awsiot-scheduledaudit) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-stream](#awsiot-stream) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thingtype](#awsiot-thingtype) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** / **Condition keys:** [#awsiot-aws_TagKeys](#awsiot-aws_TagKeys) / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAccountAuditConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAccountAuditConfiguration.html) **
- **Description:** Grants permission to configure or reconfigure the Device Defender audit settings for this account
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAuditSuppression.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAuditSuppression.html) **
- **Description:** Grants permission to update a Device Defender audit suppression
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAuthorizer.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateAuthorizer.html) **
- **Description:** Grants permission to update an authorizer
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-authorizer](#awsiot-authorizer)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateBillingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateBillingGroup.html) **
- **Description:** Grants permission to update information associated with the specified billing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-billinggroup](#awsiot-billinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCACertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCACertificate.html) **
- **Description:** Grants permission to update a registered CA certificate
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cacert](#awsiot-cacert)
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCertificate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCertificate.html) **
- **Description:** Grants permission to update the status of the specified certificate. This operation is idempotent
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-cert](#awsiot-cert)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCertificateProvider.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCertificateProvider.html) **
- **Description:** Grants permission to update a certificate provider
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-certificateprovider](#awsiot-certificateprovider)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCommand.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCommand.html) **
- **Description:** Grants permission to update a command
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-command](#awsiot-command)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCustomMetric.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateCustomMetric.html) **
- **Description:** Grants permission to update the specified custom metric
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateDimension.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateDimension.html) **
- **Description:** Grants permission to update the definition for a dimension
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateDomainConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateDomainConfiguration.html) **
- **Description:** Grants permission to update a domain configuration
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-domainconfiguration](#awsiot-domainconfiguration)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateDynamicThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateDynamicThingGroup.html) **
- **Description:** Grants permission to update a Dynamic Thing Group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-dynamicthinggroup](#awsiot-dynamicthinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateEncryptionConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateEncryptionConfiguration.html) **
- **Description:** Grants permission to update the encryption configuration for the account
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateEventConfigurations.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateEventConfigurations.html) **
- **Description:** Grants permission to update event configurations
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateFleetMetric.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateFleetMetric.html) **
- **Description:** Grants permission to update a fleet metric
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-fleetmetric](#awsiot-fleetmetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-index](#awsiot-index) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateIndexingConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateIndexingConfiguration.html) **
- **Description:** Grants permission to update fleet indexing configuration
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateJob.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateJob.html) **
- **Description:** Grants permission to update a job
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-job](#awsiot-job)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateMitigationAction.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateMitigationAction.html) **
- **Description:** Grants permission to update the definition for the specified mitigation action
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-mitigationaction](#awsiot-mitigationaction)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackage.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackage.html) **
- **Description:** Grants permission to update a package
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-package](#awsiot-package)
- **Condition keys:**
- **Dependent actions:** iot:GetIndexingConfiguration
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackageConfiguration.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackageConfiguration.html) **
- **Description:** Grants permission to update the package configuration of the account
- **Access level:** Write
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackageVersion.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdatePackageVersion.html) **
- **Description:** Grants permission to update the version of the specified package
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-package](#awsiot-package) / **Condition keys:** / **Dependent actions:** iot:GetIndexingConfiguration
s3:GetObjectVersion
- **Resource types (\*required):** [#awsiot-packageversion](#awsiot-packageversion) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateProvisioningTemplate.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateProvisioningTemplate.html) **
- **Description:** Grants permission to update a fleet provisioning template
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-provisioningtemplate](#awsiot-provisioningtemplate)
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateRoleAlias.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateRoleAlias.html) **
- **Description:** Grants permission to update the role alias
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-rolealias](#awsiot-rolealias)
- **Condition keys:**
- **Dependent actions:** iam:PassRole
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateScheduledAudit.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateScheduledAudit.html) **
- **Description:** Grants permission to update a scheduled audit, including what checks are performed and how often the audit takes place
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-scheduledaudit](#awsiot-scheduledaudit)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateSecurityProfile.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateSecurityProfile.html) **
- **Description:** Grants permission to update a Device Defender security profile
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-securityprofile](#awsiot-securityprofile) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-custommetric](#awsiot-custommetric) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-dimension](#awsiot-dimension) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateStream.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateStream.html) **
- **Description:** Grants permission to update the data for a stream
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-stream](#awsiot-stream)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThing.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThing.html) **
- **Description:** Grants permission to update information associated with the specified thing
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThingGroup.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThingGroup.html) **
- **Description:** Grants permission to update information associated with the specified thing group
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThingGroupsForThing.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThingGroupsForThing.html) **
- **Description:** Grants permission to update the thing groups to which the thing belongs
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing) / **Condition keys:** / **Dependent actions:**
- **Resource types (\*required):** [#awsiot-thinggroup](#awsiot-thinggroup) / **Condition keys:** / **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html) **
- **Description:** Grants permission to update the thing shadow
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thing](#awsiot-thing)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThingType.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateThingType.html) **
- **Description:** Grants permission to update information associated with the specified thing type
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-thingtype](#awsiot-thingtype)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateTopicRuleDestination.html](https://docs.aws.amazon.com/iot/latest/apireference/API_UpdateTopicRuleDestination.html) **
- **Description:** Grants permission to update a TopicRuleDestination
- **Access level:** Write
- **Resource types (\*required):** [#awsiot-destination](#awsiot-destination)
- **Condition keys:**
- **Dependent actions:**
- ** [https://docs.aws.amazon.com/iot/latest/apireference/API_ValidateSecurityProfileBehaviors.html](https://docs.aws.amazon.com/iot/latest/apireference/API_ValidateSecurityProfileBehaviors.html) **
- **Description:** Grants permission to validate a Device Defender security profile behaviors specification
- **Access level:** Read
- **Resource types (\*required):**
- **Condition keys:**
- **Dependent actions:**
## Resource types defined by AWS IoT
The following resource types are defined by this service and can be used in the `Resource` element of IAM permission policy statements. Each action in the [Actions table](#awsiot-actions-as-permissions) identifies the resource types that can be specified with that action. A resource type can also define which condition keys you can include in a policy. These keys are displayed in the last column of the table. For details about the columns in the following table, see [Resource types table](reference_policies_actions-resources-contextkeys.html#resources_table).
****
| Resource types | ARN | Condition keys |
| --- | --- | --- |
| [https://docs.aws.amazon.com/iot/latest/developerguide/iot-message-broker.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-message-broker.html) | arn:${Partition}:iot:${Region}:${Account}:client/${ClientId} | |
| [https://docs.aws.amazon.com/iot/latest/developerguide/iot-indexing.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-indexing.html) | arn:${Partition}:iot:${Region}:${Account}:index/${IndexName} | |
| [https://docs.aws.amazon.com/iot/latest/developerguide/iot-indexing.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-indexing.html) | arn:${Partition}:iot:${Region}:${Account}:fleetmetric/${FleetMetricName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/iot-jobs.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-jobs.html) | arn:${Partition}:iot:${Region}:${Account}:job/${JobId} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/job-templates.html](https://docs.aws.amazon.com/iot/latest/developerguide/job-templates.html) | arn:${Partition}:iot:${Region}:${Account}:jobtemplate/${JobTemplateId} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/iot-tunnels.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-tunnels.html) | arn:${Partition}:iot:${Region}:${Account}:tunnel/${TunnelId} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/thing-registry.html](https://docs.aws.amazon.com/iot/latest/developerguide/thing-registry.html) | arn:${Partition}:iot:${Region}:${Account}:thing/${ThingName} | |
| [https://docs.aws.amazon.com/iot/latest/developerguide/thing-groups.html](https://docs.aws.amazon.com/iot/latest/developerguide/thing-groups.html) | arn:${Partition}:iot:${Region}:${Account}:thinggroup/${ThingGroupName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/billing-groups.html](https://docs.aws.amazon.com/iot/latest/developerguide/billing-groups.html) | arn:${Partition}:iot:${Region}:${Account}:billinggroup/${BillingGroupName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/dynamic-thing-groups.html](https://docs.aws.amazon.com/iot/latest/developerguide/dynamic-thing-groups.html) | arn:${Partition}:iot:${Region}:${Account}:thinggroup/${ThingGroupName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/thing-types.html](https://docs.aws.amazon.com/iot/latest/developerguide/thing-types.html) | arn:${Partition}:iot:${Region}:${Account}:thingtype/${ThingTypeName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/iot-message-broker.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-message-broker.html) | arn:${Partition}:iot:${Region}:${Account}:topic/${TopicName} | |
| [https://docs.aws.amazon.com/iot/latest/developerguide/topics.html](https://docs.aws.amazon.com/iot/latest/developerguide/topics.html) | arn:${Partition}:iot:${Region}:${Account}:topicfilter/${TopicFilter} | |
| [https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html](https://docs.aws.amazon.com/iot/latest/developerguide/authorizing-direct-aws.html) | arn:${Partition}:iot:${Region}:${Account}:rolealias/${RoleAlias} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/custom-authorizer.html](https://docs.aws.amazon.com/iot/latest/developerguide/custom-authorizer.html) | arn:${Partition}:iot:${Region}:${Account}:authorizer/${AuthorizerName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) | arn:${Partition}:iot:${Region}:${Account}:policy/${PolicyName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/x509-certs.html](https://docs.aws.amazon.com/iot/latest/developerguide/x509-certs.html) | arn:${Partition}:iot:${Region}:${Account}:cert/${Certificate} | |
| [https://docs.aws.amazon.com/iot/latest/developerguide/x509-certs.html](https://docs.aws.amazon.com/iot/latest/developerguide/x509-certs.html) | arn:${Partition}:iot:${Region}:${Account}:cacert/${CACertificate} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/freertos/latest/userguide/freertos-ota-dev.html](https://docs.aws.amazon.com/freertos/latest/userguide/freertos-ota-dev.html) | arn:${Partition}:iot:${Region}:${Account}:stream/${StreamId} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/freertos/latest/userguide/freertos-ota-dev.html](https://docs.aws.amazon.com/freertos/latest/userguide/freertos-ota-dev.html) | arn:${Partition}:iot:${Region}:${Account}:otaupdate/${OtaUpdateId} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit.html](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-audit.html) | arn:${Partition}:iot:${Region}:${Account}:scheduledaudit/${ScheduleName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-mitigation-actions.html](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-mitigation-actions.html) | arn:${Partition}:iot:${Region}:${Account}:mitigationaction/${MitigationActionName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html) | arn:${Partition}:iot:${Region}:${Account}:securityprofile/${SecurityProfileName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html) | arn:${Partition}:iot:${Region}:${Account}:custommetric/${MetricName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html](https://docs.aws.amazon.com/iot/latest/developerguide/device-defender-detect.html) | arn:${Partition}:iot:${Region}:${Account}:dimension/${DimensionName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-rules.html) | arn:${Partition}:iot:${Region}:${Account}:rule/${RuleName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/rule-destination.html](https://docs.aws.amazon.com/iot/latest/developerguide/rule-destination.html) | arn:${Partition}:iot:${Region}:${Account}:ruledestination/${DestinationType}/${Uuid} | |
| [https://docs.aws.amazon.com/iot/latest/developerguide/provision-template.html](https://docs.aws.amazon.com/iot/latest/developerguide/provision-template.html) | arn:${Partition}:iot:${Region}:${Account}:provisioningtemplate/${ProvisioningTemplate} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/domain-configuration.html](https://docs.aws.amazon.com/iot/latest/developerguide/domain-configuration.html) | arn:${Partition}:iot:${Region}:${Account}:domainconfiguration/${DomainConfigurationName}/${Id} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/software-package-catalog.html](https://docs.aws.amazon.com/iot/latest/developerguide/software-package-catalog.html) | arn:${Partition}:iot:${Region}:${Account}:package/${PackageName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/software-package-catalog.html](https://docs.aws.amazon.com/iot/latest/developerguide/software-package-catalog.html) | arn:${Partition}:iot:${Region}:${Account}:package/${PackageName}/version/${VersionName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/provisioning-cert-provider.html](https://docs.aws.amazon.com/iot/latest/developerguide/provisioning-cert-provider.html) | arn:${Partition}:iot:${Region}:${Account}:certificateprovider/${CertificateProviderName} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
| [https://docs.aws.amazon.com/iot/latest/developerguide/iot-remote-command.html](https://docs.aws.amazon.com/iot/latest/developerguide/iot-remote-command.html) | arn:${Partition}:iot:${Region}:${Account}:command/${CommandId} | [#awsiot-aws_ResourceTag___TagKey_](#awsiot-aws_ResourceTag___TagKey_) |
## Condition keys for AWS IoT
AWS IoT defines the following condition keys that can be used in the `Condition` element of an IAM policy. You can use these keys to further refine the conditions under which the policy statement applies. For details about the columns in the following table, see [Condition keys table](reference_policies_actions-resources-contextkeys.html#context_keys_table).
To view the global condition keys that are available to all services, see [AWS global condition context keys](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html).
****
| Condition keys | Description | Type |
| --- | --- | --- |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) | Filters access by a tag key that is present in the request | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) | Filters access by a tag key component of a tag associated to the IoT resource in the request | String |
| [https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_condition-keys.html) | Filters access by a list of tag keys associated to the IoT resource in the request | ArrayOfString |
| [https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | Filters access by the mode of the client for IoT Tunnel | String |
| [https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | Filters access by the command parameter name and boolean value | Bool |
| [https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | Filters access by the command parameter name and numeric value | Numeric |
| [https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | Filters access by the command parameter name and string value | String |
| [https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | Filters access by a flag indicating whether or not to also delete an IoT Tunnel immediately when making iot:CloseTunnel request | Bool |
| [https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | Filters access by based on the domain name of an IoT DomainConfiguration | String |
| [https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | Filters access by a list of IoT Thing Group ARNs that the destination IoT Thing belongs to for an IoT Tunnel | ArrayOfARN |
| [https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | Filters access by a list of destination services for an IoT Tunnel | ArrayOfString |
| [https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html](https://docs.aws.amazon.com/service-authorization/latest/reference/list_awsiot.html) | Filters access by the ARN of an IoT Thing | ARN |