integrations.sh
← all integrations

amazonaws.com – iot

OpenAPI apis-guru cloud

IoT

IoT provides secure, bi-directional communication between Internet-connected devices (such as sensors, actuators, embedded devices, or smart appliances) and the Amazon Web Services cloud. You can discover your custom IoT-Data endpoint to communicate with, configure rules for data processing and integration with other services, organize resources associated with each device (Registry), configure logging, and create and manage policies and credentials to authenticate devices.

The service endpoints that expose this API are listed in . You must use the endpoint for the region that has the resources you want to access.

The service name used by to sign the request is: execute-api.

For more information about how IoT works, see the .

For information about how to use the credentials provider for IoT, see .

Homepage
https://api.apis.guru/v2/specs/amazonaws.com:iot/2015-05-28.json
Provider
amazonaws.com:iot / iot
OpenAPI version
3.0.0
Spec (JSON)
https://api.apis.guru/v2/specs/amazonaws.com/iot/2015-05-28/openapi.json
Spec (YAML)
https://api.apis.guru/v2/specs/amazonaws.com/iot/2015-05-28/openapi.yaml

Tools (240)

Extracted live via the executor SDK.

  • acceptCertificateTransfer.patchOperation

    Accepts a pending certificate transfer. The default state of the certificate is INACTIVE.

    To check for pending certificate transfers, call ListCertificates [blocked] to enumerate your certificates.

    Requires permission to access the action.

  • activeViolations.listActiveViolations

    Lists the active violations for a given Device Defender security profile.

    Requires permission to access the action.

  • attachedPolicies.listAttachedPolicies

    Lists the policies attached to the specified thing group.

    Requires permission to access the action.

  • audit.cancelAuditMitigationActionsTask

    Cancels a mitigation action task that is in progress. If the task is not in progress, an InvalidRequestException occurs.

    Requires permission to access the action.

  • audit.cancelAuditTask

    Cancels an audit that is in progress. The audit can be either scheduled or on demand. If the audit isn't in progress, an "InvalidRequestException" occurs.

    Requires permission to access the action.

  • audit.createAuditSuppression

    Creates a Device Defender audit suppression.

    Requires permission to access the action.

  • audit.createScheduledAudit

    Creates a scheduled audit that is run at a specified time interval.

    Requires permission to access the action.

  • audit.deleteAccountAuditConfiguration

    Restores the default settings for Device Defender audits for this account. Any configuration data you entered is deleted and all audit checks are reset to disabled.

    Requires permission to access the action.

  • audit.deleteAuditSuppression

    Deletes a Device Defender audit suppression.

    Requires permission to access the action.

  • audit.deleteScheduledAudit

    Deletes a scheduled audit.

    Requires permission to access the action.

  • audit.describeAccountAuditConfiguration

    Gets information about the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.

    Requires permission to access the action.

  • audit.describeAuditFinding

    Gets information about a single audit finding. Properties include the reason for noncompliance, the severity of the issue, and the start time when the audit that returned the finding.

    Requires permission to access the action.

  • audit.describeAuditMitigationActionsTask

    Gets information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings. Properties include the actions being applied, the audit checks to which they're being applied, the task status, and aggregated task statistics.

  • audit.describeAuditSuppression

    Gets information about a Device Defender audit suppression.

  • audit.describeAuditTask

    Gets information about a Device Defender audit.

    Requires permission to access the action.

  • audit.describeScheduledAudit

    Gets information about a scheduled audit.

    Requires permission to access the action.

  • audit.listAuditFindings

    Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period. (Findings are retained for 90 days.)

    Requires permission to access the action.

  • audit.listAuditMitigationActionsExecutions

    Gets the status of audit mitigation action tasks that were executed.

    Requires permission to access the action.

  • audit.listAuditMitigationActionsTasks

    Gets a list of audit mitigation action tasks that match the specified filters.

    Requires permission to access the action.

  • audit.listAuditSuppressions

    Lists your Device Defender audit listings.

    Requires permission to access the action.

  • audit.listAuditTasks

    Lists the Device Defender audits that have been performed during a given time period.

    Requires permission to access the action.

  • audit.listRelatedResourcesForAuditFinding

    The related resources of an Audit finding. The following resources can be returned from calling this API:

    • DEVICE_CERTIFICATE

    • CA_CERTIFICATE

    • IOT_POLICY

    • COGNITO_IDENTITY_POOL

    • CLIENT_ID

    • ACCOUNT_SETTINGS

    • ROLE_ALIAS

    • IAM_ROLE

    • ISSUER_CERTIFICATE

    This API is similar to DescribeAuditFinding's but provides pagination and is not limited to 10 resources. When calling for the intermediate CA revoked for active device certificates check, RelatedResources will not be populated. You must use this API, ListRelatedResourcesForAuditFinding, to list the certificates.

  • audit.listScheduledAudits

    Lists all of your scheduled audits.

    Requires permission to access the action.

  • audit.startAuditMitigationActionsTask

    Starts a task that applies a set of mitigation actions to the specified target.

    Requires permission to access the action.

  • audit.startOnDemandAuditTask

    Starts an on-demand Device Defender audit.

    Requires permission to access the action.

  • audit.updateAccountAuditConfiguration

    Configures or reconfigures the Device Defender audit settings for this account. Settings include how audit notifications are sent and which audit checks are enabled or disabled.

    Requires permission to access the action.

  • audit.updateAuditSuppression

    Updates a Device Defender audit suppression.

  • audit.updateScheduledAudit

    Updates a scheduled audit, including which checks are performed and how often the audit takes place.

    Requires permission to access the action.

  • authorizer.createAuthorizer

    Creates an authorizer.

    Requires permission to access the action.

  • authorizer.deleteAuthorizer

    Deletes an authorizer.

    Requires permission to access the action.

  • authorizer.describeAuthorizer

    Describes an authorizer.

    Requires permission to access the action.

  • authorizer.testInvokeAuthorizer

    Tests a custom authorization behavior by invoking a specified custom authorizer. Use this to test and debug the custom authorization behavior of devices that connect to the IoT device gateway.

    Requires permission to access the action.

  • authorizer.updateAuthorizer

    Updates an authorizer.

    Requires permission to access the action.

  • authorizers.listAuthorizers

    Lists the authorizers registered in your account.

    Requires permission to access the action.

  • behaviorModelTraining.getBehaviorModelTrainingSummaries

    Returns a Device Defender's ML Detect Security Profile training model's status.

    Requires permission to access the action.

  • billingGroups.addThingToBillingGroup

    Adds a thing to a billing group.

    Requires permission to access the action.

  • billingGroups.createBillingGroup

    Creates a billing group.

    Requires permission to access the action.

  • billingGroups.deleteBillingGroup

    Deletes the billing group.

    Requires permission to access the action.

  • billingGroups.describeBillingGroup

    Returns information about a billing group.

    Requires permission to access the action.

  • billingGroups.listBillingGroups

    Lists the billing groups you have created.

    Requires permission to access the action.

  • billingGroups.listThingsInBillingGroup

    Lists the things you have added to the given billing group.

    Requires permission to access the action.

  • billingGroups.removeThingFromBillingGroup

    Removes the given thing from the billing group.

    Requires permission to access the action.

    This call is asynchronous. It might take several seconds for the detachment to propagate.

  • billingGroups.updateBillingGroup

    Updates information about the billing group.

    Requires permission to access the action.

  • cacertificate.deleteCaCertificate

    Deletes a registered CA certificate.

    Requires permission to access the action.

  • cacertificate.describeCaCertificate

    Describes a registered CA certificate.

    Requires permission to access the action.

  • cacertificate.registerCaCertificate

    Registers a CA certificate with Amazon Web Services IoT Core. There is no limit to the number of CA certificates you can register in your Amazon Web Services account. You can register up to 10 CA certificates with the same CA subject field per Amazon Web Services account.

    Requires permission to access the action.

  • cacertificate.updateCaCertificate

    Updates a registered CA certificate.

    Requires permission to access the action.

  • cacertificates.listCaCertificates

    Lists the CA certificates registered for your Amazon Web Services account.

    The results are paginated with a default page size of 25. You can use the returned marker to retrieve additional results.

    Requires permission to access the action.

  • cancelCertificateTransfer.patchOperation

    Cancels a pending transfer for the specified certificate.

    Note Only the transfer source account can use this operation to cancel a transfer. (Transfer destinations can use RejectCertificateTransfer [blocked] instead.) After transfer, IoT returns the certificate to the source account in the INACTIVE state. After the destination account has accepted the transfer, the transfer cannot be cancelled.

    After a certificate transfer is cancelled, the status of the certificate changes from PENDING_TRANSFER to INACTIVE.

    Requires permission to access the action.

  • certificate.registerCertificate

    Registers a device certificate with IoT in the same as the signing CA. If you have more than one CA certificate that has the same subject field, you must specify the CA certificate that was used to sign the device certificate being registered.

    Requires permission to access the action.

  • certificate.registerCertificateWithoutCa

    Register a certificate that does not have a certificate authority (CA). For supported certificates, consult .

  • certificates.createCertificateFromCsr

    Creates an X.509 certificate using the specified certificate signing request.

    Requires permission to access the action.

    The CSR must include a public key that is either an RSA key with a length of at least 2048 bits or an ECC key from NIST P-25 or NIST P-384 curves. For supported certificates, consult .

    Reusing the same certificate signing request (CSR) results in a distinct certificate.

    You can create multiple certificates in a batch by creating a directory, copying multiple .csr files into that directory, and then specifying that directory on the command line. The following commands show how to create a batch of certificates given a batch of CSRs. In the following commands, we assume that a set of CSRs are located inside of the directory my-csr-directory:

    On Linux and OS X, the command is:

    $ ls my-csr-directory/ | xargs -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}

    This command lists all of the CSRs in my-csr-directory and pipes each CSR file name to the aws iot create-certificate-from-csr Amazon Web Services CLI command to create a certificate for the corresponding CSR.

    You can also run the aws iot create-certificate-from-csr part of the command in parallel to speed up the certificate creation process:

    $ ls my-csr-directory/ | xargs -P 10 -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}

    On Windows PowerShell, the command to create certificates for all CSRs in my-csr-directory is:

    > ls -Name my-csr-directory | %{aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/$_}

    On a Windows command prompt, the command to create certificates for all CSRs in my-csr-directory is:

    > forfiles /p my-csr-directory /c "cmd /c aws iot create-certificate-from-csr --certificate-signing-request file://@path"

  • certificates.deleteCertificate

    Deletes the specified certificate.

    A certificate cannot be deleted if it has a policy or IoT thing attached to it or if its status is set to ACTIVE. To delete a certificate, first use the DetachPolicy [blocked] action to detach all policies. Next, use the UpdateCertificate [blocked] action to set the certificate to the INACTIVE status.

    Requires permission to access the action.

  • certificates.describeCertificate

    Gets information about the specified certificate.

    Requires permission to access the action.

  • certificates.listCertificates

    Lists the certificates registered in your Amazon Web Services account.

    The results are paginated with a default page size of 25. You can use the returned marker to retrieve additional results.

    Requires permission to access the action.

  • certificates.updateCertificate

    Updates the status of the specified certificate. This operation is idempotent.

    Requires permission to access the action.

    Certificates must be in the ACTIVE state to authenticate devices that use a certificate to connect to IoT.

    Within a few minutes of updating a certificate from the ACTIVE state to any other state, IoT disconnects all devices that used that certificate to connect. Devices cannot use a certificate that is not in the ACTIVE state to reconnect.

  • certificatesByCa.listCertificatesByCa

    List the device certificates signed by the specified CA certificate.

    Requires permission to access the action.

  • certificatesOutGoing.listOutgoingCertificates

    Lists certificates that are being transferred but not yet accepted.

    Requires permission to access the action.

  • confirmdestination.confirmTopicRuleDestination

    Confirms a topic rule destination. When you create a rule requiring a destination, IoT sends a confirmation message to the endpoint or base address you specify. The message includes a token which you pass back when calling ConfirmTopicRuleDestination to confirm that you own or have access to the endpoint.

    Requires permission to access the action.

  • customMetric.createCustomMetric

    Use this API to define a Custom Metric published by your devices to Device Defender.

    Requires permission to access the action.

  • customMetric.deleteCustomMetric

    Deletes a Device Defender detect custom metric.

    Requires permission to access the action.

    Before you can delete a custom metric, you must first remove the custom metric from all security profiles it's a part of. The security profile associated with the custom metric can be found using the API with metricName set to your custom metric name.

  • customMetric.describeCustomMetric

    Gets information about a Device Defender detect custom metric.

    Requires permission to access the action.

  • customMetric.updateCustomMetric

    Updates a Device Defender detect custom metric.

    Requires permission to access the action.

  • customMetrics.listCustomMetrics

    Lists your Device Defender detect custom metrics.

    Requires permission to access the action.

  • defaultAuthorizer.clearDefaultAuthorizer

    Clears the default authorizer.

    Requires permission to access the action.

  • defaultAuthorizer.describeDefaultAuthorizer

    Describes the default authorizer.

    Requires permission to access the action.

  • defaultAuthorizer.setDefaultAuthorizer

    Sets the default authorizer. This will be used if a websocket connection is made without specifying an authorizer.

    Requires permission to access the action.

  • destinations.createTopicRuleDestination

    Creates a topic rule destination. The destination must be confirmed prior to use.

    Requires permission to access the action.

  • destinations.deleteTopicRuleDestination

    Deletes a topic rule destination.

    Requires permission to access the action.

  • destinations.getTopicRuleDestination

    Gets information about a topic rule destination.

    Requires permission to access the action.

  • destinations.listTopicRuleDestinations

    Lists all the topic rule destinations in your Amazon Web Services account.

    Requires permission to access the action.

  • destinations.updateTopicRuleDestination

    Updates a topic rule destination. You use this to change the status, endpoint URL, or confirmation URL of the destination.

    Requires permission to access the action.

  • detect.cancelDetectMitigationActionsTask

    Cancels a Device Defender ML Detect mitigation action.

    Requires permission to access the action.

  • detect.describeDetectMitigationActionsTask

    Gets information about a Device Defender ML Detect mitigation action.

    Requires permission to access the action.

  • detect.listDetectMitigationActionsExecutions

    Lists mitigation actions executions for a Device Defender ML Detect Security Profile.

    Requires permission to access the action.

  • detect.listDetectMitigationActionsTasks

    List of Device Defender ML Detect mitigation actions tasks.

    Requires permission to access the action.

  • detect.startDetectMitigationActionsTask

    Starts a Device Defender ML Detect mitigation actions task.

    Requires permission to access the action.

  • dimensions.createDimension

    Create a dimension that you can use to limit the scope of a metric used in a security profile for IoT Device Defender. For example, using a TOPIC_FILTER dimension, you can narrow down the scope of the metric only to MQTT topics whose name match the pattern specified in the dimension.

    Requires permission to access the action.

  • dimensions.deleteDimension

    Removes the specified dimension from your Amazon Web Services accounts.

    Requires permission to access the action.

  • dimensions.describeDimension

    Provides details about a dimension that is defined in your Amazon Web Services accounts.

    Requires permission to access the action.

  • dimensions.listDimensions

    List the set of dimensions that are defined for your Amazon Web Services accounts.

    Requires permission to access the action.

  • dimensions.updateDimension

    Updates the definition for a dimension. You cannot change the type of a dimension after it is created (you can delete it and recreate it).

    Requires permission to access the action.

  • domainConfigurations.createDomainConfiguration

    Creates a domain configuration.

    Requires permission to access the action.

  • domainConfigurations.deleteDomainConfiguration

    Deletes the specified domain configuration.

    Requires permission to access the action.

  • domainConfigurations.describeDomainConfiguration

    Gets summary information about a domain configuration.

    Requires permission to access the action.

  • domainConfigurations.listDomainConfigurations

    Gets a list of domain configurations for the user. This list is sorted alphabetically by domain configuration name.

    Requires permission to access the action.

  • domainConfigurations.updateDomainConfiguration

    Updates values stored in the domain configuration. Domain configurations for default endpoints can't be updated.

    Requires permission to access the action.

  • dynamicThingGroups.createDynamicThingGroup

    Creates a dynamic thing group.

    Requires permission to access the action.

  • dynamicThingGroups.deleteDynamicThingGroup

    Deletes a dynamic thing group.

    Requires permission to access the action.

  • dynamicThingGroups.updateDynamicThingGroup

    Updates a dynamic thing group.

    Requires permission to access the action.

  • effectivePolicies.getEffectivePolicies

    Gets a list of the policies that have an effect on the authorization behavior of the specified device when it connects to the IoT device gateway.

    Requires permission to access the action.

  • endpoint.describeEndpoint

    Returns a unique endpoint specific to the Amazon Web Services account making the call.

    Requires permission to access the action.

  • eventConfigurations.describeEventConfigurations

    Describes event configurations.

    Requires permission to access the action.

  • eventConfigurations.updateEventConfigurations

    Updates the event configurations.

    Requires permission to access the action.

  • fleetMetric.createFleetMetric

    Creates a fleet metric.

    Requires permission to access the action.

  • fleetMetric.deleteFleetMetric

    Deletes the specified fleet metric. Returns successfully with no error if the deletion is successful or you specify a fleet metric that doesn't exist.

    Requires permission to access the action.

  • fleetMetric.describeFleetMetric

    Gets information about the specified fleet metric.

    Requires permission to access the action.

  • fleetMetric.updateFleetMetric

    Updates the data for a fleet metric.

    Requires permission to access the action.

  • fleetMetrics.listFleetMetrics

    Lists all your fleet metrics.

    Requires permission to access the action.

  • indexing.getIndexingConfiguration

    Gets the indexing configuration.

    Requires permission to access the action.

  • indexing.updateIndexingConfiguration

    Updates the search configuration.

    Requires permission to access the action.

  • indices.describeIndex

    Describes a search index.

    Requires permission to access the action.

  • indices.getBucketsAggregation

    Aggregates on indexed data with search queries pertaining to particular fields.

    Requires permission to access the action.

  • indices.getCardinality

    Returns the approximate count of unique values that match the query.

    Requires permission to access the action.

  • indices.getPercentiles

    Groups the aggregated values that match the query into percentile groupings. The default percentile groupings are: 1,5,25,50,75,95,99, although you can specify your own when you call GetPercentiles. This function returns a value for each percentile group specified (or the default percentile groupings). The percentile group "1" contains the aggregated field value that occurs in approximately one percent of the values that match the query. The percentile group "5" contains the aggregated field value that occurs in approximately five percent of the values that match the query, and so on. The result is an approximation, the more values that match the query, the more accurate the percentile values.

    Requires permission to access the action.

  • indices.getStatistics

    Returns the count, average, sum, minimum, maximum, sum of squares, variance, and standard deviation for the specified aggregated field. If the aggregation field is of type String, only the count statistic is returned.

    Requires permission to access the action.

  • indices.listIndices

    Lists the search indices.

    Requires permission to access the action.

  • indices.searchIndex

    The query search index.

    Requires permission to access the action.

  • jobs.associateTargetsWithJob

    Associates a group with a continuous job. The following criteria must be met:

    • The job must have been created with the targetSelection field set to "CONTINUOUS".

    • The job status must currently be "IN_PROGRESS".

    • The total number of targets associated with a job must not exceed 100.

    Requires permission to access the action.

  • jobs.cancelJob

    Cancels a job.

    Requires permission to access the action.

  • jobs.createJob

    Creates a job.

    Requires permission to access the action.

  • jobs.deleteJob

    Deletes a job and its related job executions.

    Deleting a job may take time, depending on the number of job executions created for the job and various other factors. While the job is being deleted, the status of the job will be shown as "DELETION_IN_PROGRESS". Attempting to delete or cancel a job whose status is already "DELETION_IN_PROGRESS" will result in an error.

    Only 10 jobs may have status "DELETION_IN_PROGRESS" at the same time, or a LimitExceededException will occur.

    Requires permission to access the action.

  • jobs.describeJob

    Describes a job.

    Requires permission to access the action.

  • jobs.getJobDocument

    Gets a job document.

    Requires permission to access the action.

  • jobs.listJobExecutionsForJob

    Lists the job executions for a job.

    Requires permission to access the action.

  • jobs.listJobs

    Lists jobs.

    Requires permission to access the action.

  • jobs.updateJob

    Updates supported fields of the specified job.

    Requires permission to access the action.

  • jobTemplates.createJobTemplate

    Creates a job template.

    Requires permission to access the action.

  • jobTemplates.deleteJobTemplate

    Deletes the specified job template.

  • jobTemplates.describeJobTemplate

    Returns information about a job template.

  • jobTemplates.listJobTemplates

    Returns a list of job templates.

    Requires permission to access the action.

  • keysAndCertificate.createKeysAndCertificate

    Creates a 2048-bit RSA key pair and issues an X.509 certificate using the issued public key. You can also call CreateKeysAndCertificate over MQTT from a device, for more information, see .

    Note This is the only time IoT issues the private key for this certificate, so it is important to keep it in a secure location.

    Requires permission to access the action.

  • loggingOptions.getLoggingOptions

    Gets the logging options.

    NOTE: use of this command is not recommended. Use GetV2LoggingOptions instead.

    Requires permission to access the action.

  • loggingOptions.setLoggingOptions

    Sets the logging options.

    NOTE: use of this command is not recommended. Use SetV2LoggingOptions instead.

    Requires permission to access the action.

  • managedJobTemplates.describeManagedJobTemplate

    View details of a managed job template.

  • managedJobTemplates.listManagedJobTemplates

    Returns a list of managed job templates.

  • metricValuesThingNameMetricNameStartTimeEndTime.listMetricValues

    Lists the values reported for an IoT Device Defender metric (device-side metric, cloud-side metric, or custom metric) by the given thing during the specified time period.

  • mitigationactions.createMitigationAction

    Defines an action that can be applied to audit findings by using StartAuditMitigationActionsTask. Only certain types of mitigation actions can be applied to specific check names. For more information, see . Each mitigation action can apply only one type of change.

    Requires permission to access the action.

  • mitigationactions.deleteMitigationAction

    Deletes a defined mitigation action from your Amazon Web Services accounts.

    Requires permission to access the action.

  • mitigationactions.describeMitigationAction

    Gets information about a mitigation action.

    Requires permission to access the action.

  • mitigationactions.listMitigationActions

    Gets a list of all mitigation actions that match the specified filter criteria.

    Requires permission to access the action.

  • mitigationactions.updateMitigationAction

    Updates the definition for the specified mitigation action.

    Requires permission to access the action.

  • otaUpdates.createOtaUpdate

    Creates an IoT OTA update on a target group of things or groups.

    Requires permission to access the action.

  • otaUpdates.deleteOtaUpdate

    Delete an OTA update.

    Requires permission to access the action.

  • otaUpdates.getOtaUpdate

    Gets an OTA update.

    Requires permission to access the action.

  • otaUpdates.listOtaUpdates

    Lists OTA updates.

    Requires permission to access the action.

  • policies.createPolicy

    Creates an IoT policy.

    The created policy is the default version for the policy. This operation creates a policy version with a version identifier of 1 and sets 1 as the policy's default version.

    Requires permission to access the action.

  • policies.createPolicyVersion

    Creates a new version of the specified IoT policy. To update a policy, create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must use DeletePolicyVersion [blocked] to delete an existing version before you create a new one.

    Optionally, you can set the new version as the policy's default version. The default version is the operative version (that is, the version that is in effect for the certificates to which the policy is attached).

    Requires permission to access the action.

  • policies.deletePolicy

    Deletes the specified policy.

    A policy cannot be deleted if it has non-default versions or it is attached to any certificate.

    To delete a policy, use the DeletePolicyVersion [blocked] action to delete all non-default versions of the policy; use the DetachPolicy [blocked] action to detach the policy from any certificate; and then use the DeletePolicy action to delete the policy.

    When a policy is deleted using DeletePolicy, its default version is deleted with it.

    Because of the distributed nature of Amazon Web Services, it can take up to five minutes after a policy is detached before it's ready to be deleted.

    Requires permission to access the action.

  • policies.deletePolicyVersion

    Deletes the specified version of the specified policy. You cannot delete the default version of a policy using this action. To delete the default version of a policy, use DeletePolicy [blocked]. To find out which version of a policy is marked as the default version, use ListPolicyVersions.

    Requires permission to access the action.

  • policies.getPolicy

    Gets information about the specified policy with the policy document of the default version.

    Requires permission to access the action.

  • policies.getPolicyVersion

    Gets information about the specified policy version.

    Requires permission to access the action.

  • policies.listPolicies

    Lists your policies.

    Requires permission to access the action.

  • policies.listPolicyVersions

    Lists the versions of the specified policy and identifies the default version.

    Requires permission to access the action.

  • policies.setDefaultPolicyVersion

    Sets the specified version of the specified policy as the policy's default (operative) version. This action affects all certificates to which the policy is attached. To list the principals the policy is attached to, use the ListPrincipalPolicies [blocked] action.

    Requires permission to access the action.

  • policyPrincipalsXAmznIotPolicy.listPolicyPrincipals

    Lists the principals associated with the specified policy.

    Note: This action is deprecated and works as expected for backward compatibility, but we won't add enhancements. Use ListTargetsForPolicy [blocked] instead.

    Requires permission to access the action.

  • policyTargets.listTargetsForPolicy

    List targets for the specified policy.

    Requires permission to access the action.

  • principalPolicies.attachPrincipalPolicy

    Attaches the specified policy to the specified principal (certificate or other credential).

    Note: This action is deprecated and works as expected for backward compatibility, but we won't add enhancements. Use AttachPolicy [blocked] instead.

    Requires permission to access the action.

  • principalPolicies.detachPrincipalPolicy

    Removes the specified policy from the specified certificate.

    Note: This action is deprecated and works as expected for backward compatibility, but we won't add enhancements. Use DetachPolicy [blocked] instead.

    Requires permission to access the action.

  • principalPoliciesXAmznIotPrincipal.listPrincipalPolicies

    Lists the policies attached to the specified principal. If you use an Cognito identity, the ID must be in .

    Note: This action is deprecated and works as expected for backward compatibility, but we won't add enhancements. Use ListAttachedPolicies [blocked] instead.

    Requires permission to access the action.

  • principals.listPrincipalThings

    Lists the things associated with the specified principal. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.

    Requires permission to access the action.

  • provisioningTemplates.createProvisioningClaim

    Creates a provisioning claim.

    Requires permission to access the action.

  • provisioningTemplates.createProvisioningTemplate

    Creates a provisioning template.

    Requires permission to access the action.

  • provisioningTemplates.createProvisioningTemplateVersion

    Creates a new version of a provisioning template.

    Requires permission to access the action.

  • provisioningTemplates.deleteProvisioningTemplate

    Deletes a provisioning template.

    Requires permission to access the action.

  • provisioningTemplates.deleteProvisioningTemplateVersion

    Deletes a provisioning template version.

    Requires permission to access the action.

  • provisioningTemplates.describeProvisioningTemplate

    Returns information about a provisioning template.

    Requires permission to access the action.

  • provisioningTemplates.describeProvisioningTemplateVersion

    Returns information about a provisioning template version.

    Requires permission to access the action.

  • provisioningTemplates.listProvisioningTemplates

    Lists the provisioning templates in your Amazon Web Services account.

    Requires permission to access the action.

  • provisioningTemplates.listProvisioningTemplateVersions

    A list of provisioning template versions.

    Requires permission to access the action.

  • provisioningTemplates.updateProvisioningTemplate

    Updates a provisioning template.

    Requires permission to access the action.

  • registrationcode.deleteRegistrationCode

    Deletes a CA certificate registration code.

    Requires permission to access the action.

  • registrationcode.getRegistrationCode

    Gets a registration code used to register a CA certificate with IoT.

    Requires permission to access the action.

  • rejectCertificateTransfer.patchOperation

    Rejects a pending certificate transfer. After IoT rejects a certificate transfer, the certificate status changes from PENDING_TRANSFER to INACTIVE.

    To check for pending certificate transfers, call ListCertificates [blocked] to enumerate your certificates.

    This operation can only be called by the transfer destination. After it is called, the certificate will be returned to the source's account in the INACTIVE state.

    Requires permission to access the action.

  • roleAliases.createRoleAlias

    Creates a role alias.

    Requires permission to access the action.

  • roleAliases.deleteRoleAlias

    Deletes a role alias

    Requires permission to access the action.

  • roleAliases.describeRoleAlias

    Describes a role alias.

    Requires permission to access the action.

  • roleAliases.listRoleAliases

    Lists the role aliases registered in your account.

    Requires permission to access the action.

  • roleAliases.updateRoleAlias

    Updates a role alias.

    Requires permission to access the action.

  • rules.createTopicRule

    Creates a rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.

    Requires permission to access the action.

  • rules.deleteTopicRule

    Deletes the rule.

    Requires permission to access the action.

  • rules.disableTopicRule

    Disables the rule.

    Requires permission to access the action.

  • rules.enableTopicRule

    Enables the rule.

    Requires permission to access the action.

  • rules.getTopicRule

    Gets information about the rule.

    Requires permission to access the action.

  • rules.listTopicRules

    Lists the rules for the specific topic.

    Requires permission to access the action.

  • rules.replaceTopicRule

    Replaces the rule. You must specify all parameters for the new rule. Creating rules is an administrator-level action. Any user who has permission to create rules will be able to access data processed by the rule.

    Requires permission to access the action.

  • securityProfileBehaviors.validateSecurityProfileBehaviors

    Validates a Device Defender security profile behaviors specification.

    Requires permission to access the action.

  • securityProfiles.attachSecurityProfile

    Associates a Device Defender security profile with a thing group or this account. Each thing group or account can have up to five security profiles associated with it.

    Requires permission to access the action.

  • securityProfiles.createSecurityProfile

    Creates a Device Defender security profile.

    Requires permission to access the action.

  • securityProfiles.deleteSecurityProfile

    Deletes a Device Defender security profile.

    Requires permission to access the action.

  • securityProfiles.describeSecurityProfile

    Gets information about a Device Defender security profile.

    Requires permission to access the action.

  • securityProfiles.detachSecurityProfile

    Disassociates a Device Defender security profile from a thing group or from this account.

    Requires permission to access the action.

  • securityProfiles.listSecurityProfiles

    Lists the Device Defender security profiles you've created. You can filter security profiles by dimension or custom metric.

    Requires permission to access the action.

    dimensionName and metricName cannot be used in the same request.

  • securityProfiles.listTargetsForSecurityProfile

    Lists the targets (thing groups) associated with a given Device Defender security profile.

    Requires permission to access the action.

  • securityProfiles.updateSecurityProfile

    Updates a Device Defender security profile.

    Requires permission to access the action.

  • securityProfilesForTargetSecurityProfileTargetArn.listSecurityProfilesForTarget

    Lists the Device Defender security profiles attached to a target (thing group).

    Requires permission to access the action.

  • streams.createStream

    Creates a stream for delivering one or more large files in chunks over MQTT. A stream transports data bytes in chunks or blocks packaged as MQTT messages from a source like S3. You can have one or more files associated with a stream.

    Requires permission to access the action.

  • streams.deleteStream

    Deletes a stream.

    Requires permission to access the action.

  • streams.describeStream

    Gets information about a stream.

    Requires permission to access the action.

  • streams.listStreams

    Lists all of the streams in your Amazon Web Services account.

    Requires permission to access the action.

  • streams.updateStream

    Updates an existing stream. The stream version will be incremented by one.

    Requires permission to access the action.

  • tags.tagResource

    Adds to or modifies the tags of the given resource. Tags are metadata which can be used to manage a resource.

    Requires permission to access the action.

  • tagsResourceArn.listTagsForResource

    Lists the tags (metadata) you have assigned to the resource.

    Requires permission to access the action.

  • targetPolicies.attachPolicy

    Attaches the specified policy to the specified principal (certificate or other credential).

    Requires permission to access the action.

  • targetPolicies.detachPolicy

    Detaches a policy from the specified target.

    Because of the distributed nature of Amazon Web Services, it can take up to five minutes after a policy is detached before it's ready to be deleted.

    Requires permission to access the action.

  • testAuthorization.postOperation

    Tests if a specified principal is authorized to perform an IoT action on a specified resource. Use this to test and debug the authorization behavior of devices that connect to the IoT device gateway.

    Requires permission to access the action.

  • thingGroups.addThingToThingGroup

    Adds a thing to a thing group.

    Requires permission to access the action.

  • thingGroups.createThingGroup

    Create a thing group.

    This is a control plane operation. See for information about authorizing control plane actions.

    Requires permission to access the action.

  • thingGroups.deleteThingGroup

    Deletes a thing group.

    Requires permission to access the action.

  • thingGroups.describeThingGroup

    Describe a thing group.

    Requires permission to access the action.

  • thingGroups.listThingGroups

    List the thing groups in your account.

    Requires permission to access the action.

  • thingGroups.listThingsInThingGroup

    Lists the things in the specified group.

    Requires permission to access the action.

  • thingGroups.removeThingFromThingGroup

    Remove the specified thing from the specified group.

    You must specify either a thingGroupArn or a thingGroupName to identify the thing group and either a thingArn or a thingName to identify the thing to remove from the thing group.

    Requires permission to access the action.

  • thingGroups.updateThingGroup

    Update a thing group.

    Requires permission to access the action.

  • thingGroups.updateThingGroupsForThing

    Updates the groups to which the thing belongs.

    Requires permission to access the action.

  • thingRegistrationTasks.describeThingRegistrationTask

    Describes a bulk thing provisioning task.

    Requires permission to access the action.

  • thingRegistrationTasks.listThingRegistrationTaskReports

    Information about the thing registration tasks.

  • thingRegistrationTasks.listThingRegistrationTasks

    List bulk thing provisioning tasks.

    Requires permission to access the action.

  • thingRegistrationTasks.startThingRegistrationTask

    Creates a bulk thing provisioning task.

    Requires permission to access the action.

  • thingRegistrationTasks.stopThingRegistrationTask

    Cancels a bulk thing provisioning task.

    Requires permission to access the action.

  • things.attachThingPrincipal

    Attaches the specified principal to the specified thing. A principal can be X.509 certificates, Amazon Cognito identities or federated identities.

    Requires permission to access the action.

  • things.cancelJobExecution

    Cancels the execution of a job for a given thing.

    Requires permission to access the action.

  • things.createThing

    Creates a thing record in the registry. If this call is made multiple times using the same thing name and configuration, the call will succeed. If this call is made with the same thing name but different configuration a ResourceAlreadyExistsException is thrown.

    This is a control plane operation. See for information about authorizing control plane actions.

    Requires permission to access the action.

  • things.deleteJobExecution

    Deletes a job execution.

    Requires permission to access the action.

  • things.deleteThing

    Deletes the specified thing. Returns successfully with no error if the deletion is successful or you specify a thing that doesn't exist.

    Requires permission to access the action.

  • things.describeJobExecution

    Describes a job execution.

    Requires permission to access the action.

  • things.describeThing

    Gets information about the specified thing.

    Requires permission to access the action.

  • things.detachThingPrincipal

    Detaches the specified principal from the specified thing. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.

    This call is asynchronous. It might take several seconds for the detachment to propagate.

    Requires permission to access the action.

  • things.listJobExecutionsForThing

    Lists the job executions for the specified thing.

    Requires permission to access the action.

  • things.listThingGroupsForThing

    List the thing groups to which the specified thing belongs.

    Requires permission to access the action.

  • things.listThingPrincipals

    Lists the principals associated with the specified thing. A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.

    Requires permission to access the action.

  • things.listThings

    Lists your things. Use the attributeName and attributeValue parameters to filter your things. For example, calling ListThings with attributeName=Color and attributeValue=Red retrieves all things in the registry that contain an attribute Color with the value Red. For more information, see from the Amazon Web Services IoT Core Developer Guide.

    Requires permission to access the action.

    You will not be charged for calling this API if an Access denied error is returned. You will also not be charged if no attributes or pagination token was provided in request and no pagination token and no results were returned.

  • things.registerThing

    Provisions a thing in the device registry. RegisterThing calls other IoT control plane APIs. These calls might exceed your account level and cause throttle errors. Please contact to raise your throttling limits if necessary.

    Requires permission to access the action.

  • things.updateThing

    Updates the data for a thing.

    Requires permission to access the action.

  • thingTypes.createThingType

    Creates a new thing type.

    Requires permission to access the action.

  • thingTypes.deleteThingType

    Deletes the specified thing type. You cannot delete a thing type if it has things associated with it. To delete a thing type, first mark it as deprecated by calling DeprecateThingType [blocked], then remove any associated things by calling UpdateThing [blocked] to change the thing type on any associated thing, and finally use DeleteThingType [blocked] to delete the thing type.

    Requires permission to access the action.

  • thingTypes.deprecateThingType

    Deprecates a thing type. You can not associate new things with deprecated thing type.

    Requires permission to access the action.

  • thingTypes.describeThingType

    Gets information about the specified thing type.

    Requires permission to access the action.

  • thingTypes.listThingTypes

    Lists the existing thing types.

    Requires permission to access the action.

  • transferCertificate.patchCertificateIdTargetAwsAccount

    Transfers the specified certificate to the specified Amazon Web Services account.

    Requires permission to access the action.

    You can cancel the transfer until it is acknowledged by the recipient.

    No notification is sent to the transfer destination's account. It is up to the caller to notify the transfer target.

    The certificate being transferred must not be in the ACTIVE state. You can use the UpdateCertificate [blocked] action to deactivate it.

    The certificate must not have any policies attached to it. You can use the DetachPolicy [blocked] action to detach them.

  • untag.untagResource

    Removes the given tags (metadata) from the resource.

    Requires permission to access the action.

  • v2LoggingLevel.listV2LoggingLevels

    Lists logging levels.

    Requires permission to access the action.

  • v2LoggingLevel.setV2LoggingLevel

    Sets the logging level.

    Requires permission to access the action.

  • v2LoggingLevelTargetTypeTargetName.deleteV2LoggingLevel

    Deletes a logging level.

    Requires permission to access the action.

  • v2LoggingOptions.getV2LoggingOptions

    Gets the fine grained logging options.

    Requires permission to access the action.

  • v2LoggingOptions.setV2LoggingOptions

    Sets the logging options for the V2 logging service.

    Requires permission to access the action.

  • violationEventsStartTimeEndTime.listViolationEvents

    Lists the Device Defender security profile violations discovered during the given time period. You can use filters to limit the results to those alerts issued for a particular security profile, behavior, or thing (device).

    Requires permission to access the action.

  • violations.putVerificationStateOnViolation

    Set a verification state and provide a description of that verification state on a violation (detect alarm).

  • openapi.previewSpec

    Preview an OpenAPI document before adding it as a source

  • openapi.addSource

    Add an OpenAPI source and register its operations as tools