Configure IAM Users for AWS IoT
Configure IAM Users for AWS IoT

Introduction #

In this tutorial, I’m going to show you how to configure IAM Users on your Amazon Web Services (AWS) account for AWS IoT to allow you to get connected with your IoT device.

AWS Account Types #

Before we start, I will assume that you have an AWS account already, but if not then please create one using the instructions found here.

It’s important to note that there are two types of AWS user accounts:

  • Root Users
    • These users own the account. When you first create an AWS account, you begin with a root account that has complete access to all AWS services and resources, accessed by signing in with the email address and password that you used to create the account. Amazon recommends not using the root account for everyday tasks, even administrative ones, and instead create an IAM user for yourself and everyone who has access to your AWS account. This allows you to setup different privileges for evert user and also allows you to revoke access at any time.
  • IAM Users
    • These users have access to the AWS account but do not own the account. Their access is limited by the privileges given to them by the root user.

Configure IAM User Permissions #

Login to your AWS Account and go to the IAM console by click on the Services menu at the top of the page:

AWS Services Link

and then selecting IAM from under Security, Identity, & Compliance:

AWS Services > Security Identity, & Compliance > IAM

Once the IAM console has opened, select Users from the nagivation panel on the left. If you need to create a new user, select Add User from the top and follow the instructions, ensuring you select AWS Management Console access when prompted for the access type. Once done, click on the user you want to grant access to AWS IoT:

AWS IAM Console

Under the permissions tab click the Add Permissions button. On the next page, choose Attach existing policies directly:

AWS IAM User - Add Permissions

In the search box search for AWSIoTFullAccess and ensure this is selected:

AWSIoTFullAccess

then search for AmazonFreeRTOSFullAccess and ensure this is also selected – note this doesn’t need to be added if you aren’t using Amazon FreeRTOS:

AmazonFreeRTOSFullAccess

At the bottom of the page click Next: Review and on the next page we can see the permissions we are granting to our user:

IAM User New Permissions

We can then click Add permissions at the bottom of the page.

For more information on AWS policies see IAM Permissions and Policies.

With our IAM user configured with the correct permissions, we can now login with that user. Get your sign in link from the Sign-in credentials section on the Security Credentials tab and use the username and password you setup when you created the IAM user.