This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::IoT::Policy Use the `AWS::IoT::Policy` resource to declare an AWS IoT policy. For more information about working with AWS IoT policies, see [Authorization](https://docs.aws.amazon.com/iot/latest/developerguide/authorization.html) in the *AWS IoT Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::IoT::Policy", "Properties" : { "[PolicyDocument](#cfn-iot-policy-policydocument)" : Json, "[PolicyName](#cfn-iot-policy-policyname)" : String, "[Tags](#cfn-iot-policy-tags)" : [ Tag, ... ] } } ``` ### YAML ``` Type: AWS::IoT::Policy Properties: [PolicyDocument](#cfn-iot-policy-policydocument): Json [PolicyName](#cfn-iot-policy-policyname): String [Tags](#cfn-iot-policy-tags): - Tag ``` ## Properties `PolicyDocument` The JSON document that describes the policy. *Required*: Yes *Type*: Json *Minimum*: `1` *Maximum*: `404600` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `PolicyName` The policy name. *Required*: No *Type*: String *Pattern*: `[\w+=,.@-]+` *Minimum*: `1` *Maximum*: `128` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) `Tags` Property description not available. *Required*: No *Type*: Array of [Tag](aws-properties-iot-policy-tag.md) *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) ## Return values ### Ref When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the policy name. For example: `{ "Ref": "MyPolicy" }` For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ### Fn::GetAtt The `Fn::GetAtt` intrinsic function returns a value for a specified attribute of this type. The following are the available attributes and sample return values. For more information about using the `Fn::GetAtt` intrinsic function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-getatt.html). #### `Arn` The Amazon Resource Name (ARN) of the AWS IoT policy, such as `arn:aws:iot:us-east-2:123456789012:policy/MyPolicy`. `Id` The name of this policy. ## Examples ### The following example declares an AWS IoT policy. This example grants permission to connect to AWS IoT with client ID client1. #### JSON ``` { "AWSTemplateFormatVersion": "2010-09-09", "Resources": { "MyIoTPolicy": { "Type": "AWS::IoT::Policy", "Properties": { "PolicyDocument": { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/client1" ] } ] }, "PolicyName": "PolicyName" } } } } ``` #### YAML ``` AWSTemplateFormatVersion: '2010-09-09' Resources: MyIoTPolicy: Type: AWS::IoT::Policy Properties: PolicyDocument: Version: '2012-10-17 ' Statement: - Effect: Allow Action: - iot:Connect Resource: - arn:aws:iot:us-east-1:123456789012:client/client1 PolicyName: PolicyName ```