Step 1: Create the AWS IoT policy

Create an AWS IoT policy that allows your Raspberry Pi to connect and send messages to AWS IoT.

In the AWS IoT console, if a Get started button appears, choose it. Otherwise, in the navigation pane, expand Security, and then choose Policies.
If a You don't have any policies yet dialog box appears, choose Create a policy. Otherwise, choose Create.
Enter a name for the AWS IoT policy (for example, MoistureSensorPolicy).

In the Add statements section, replace the existing policy with the following JSON. Replace region and account with your AWS Region and AWS account number.

JSON


{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iot:Connect",
            "Resource": "arn:aws:iot:us-east-1:account:client/RaspberryPi"
        },
        {
            "Effect": "Allow",
            "Action": "iot:Publish",
            "Resource": [
                "arn:aws:iot:us-east-1:account:topic/$aws/things/RaspberryPi/shadow/update",
                "arn:aws:iot:us-east-1:account:topic/$aws/things/RaspberryPi/shadow/delete",
                "arn:aws:iot:us-east-1:account:topic/$aws/things/RaspberryPi/shadow/get"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "iot:Receive",
            "Resource": [
                "arn:aws:iot:us-east-1:account:topic/$aws/things/RaspberryPi/shadow/update/accepted",
                "arn:aws:iot:us-east-1:account:topic/$aws/things/RaspberryPi/shadow/delete/accepted",
                "arn:aws:iot:us-east-1:account:topic/$aws/things/RaspberryPi/shadow/get/accepted",
                "arn:aws:iot:us-east-1:account:topic/$aws/things/RaspberryPi/shadow/update/rejected",
                "arn:aws:iot:us-east-1:account:topic/$aws/things/RaspberryPi/shadow/delete/rejected"
            ]
        },
        {
            "Effect": "Allow",
            "Action": "iot:Subscribe",
            "Resource": [
                "arn:aws:iot:us-east-1:account:topicfilter/$aws/things/RaspberryPi/shadow/update/accepted",
                "arn:aws:iot:us-east-1:account:topicfilter/$aws/things/RaspberryPi/shadow/delete/accepted",
                "arn:aws:iot:us-east-1:account:topicfilter/$aws/things/RaspberryPi/shadow/get/accepted",
                "arn:aws:iot:us-east-1:account:topicfilter/$aws/things/RaspberryPi/shadow/update/rejected",
                "arn:aws:iot:us-east-1:account:topicfilter/$aws/things/RaspberryPi/shadow/delete/rejected"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iot:GetThingShadow",
                "iot:UpdateThingShadow",
                "iot:DeleteThingShadow"
            ],
            "Resource": "arn:aws:iot:us-east-1:account:thing/RaspberryPi"
        }
    ]
}

Choose Create.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Setting up AWS IoT

Step 2: Create the AWS IoT thing, certificate, and private key