AWS IoT applies security to protect our system. To allow a device to send data, we need to attach the following statements to the device—iot:Connect, iot:Subscribe, iot:Publish, and iot:Receive.
We do this by creating a policy in AWS that includes these statements, as follows:
- From the IoT console at https://console.aws.amazon.com/iot/, we can click on Secure, and then Policies, and register a new policy by clicking on the Create a policy button as shown in the following screenshot:
Creating a policy to enforce security
- Then, we can provide the iiot-book-policy-4-mqtt name and add the iot:Connect, iot:Subscribe, and iot:Publish or iot:* statements, which is strongly discouraged for security reasons. We need to allow the statement and click on the Create button to build the policy:
Defining the statements of a policy
Otherwise, we can copy and paste the following code into the Advanced mode tab:
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"iot:Publish",
"iot:Subscribe",
"iot:Connect",
"iot:Receive"
],
"Effect": "Allow",
"Resource": [
"*"
]
}
]
}