Securing users and devices with AWS IoT Jobs

To authorize users to use AWS IoT Jobs with their devices, you must grant them permissions by using IAM policies. The devices must then be authorized by using AWS IoT Core policies to connect securely to AWS IoT, receive job executions, and update the execution status.

Required policy type for AWS IoT Jobs

The following table shows the different types of policies that you must use for authorization. For more information about the required policy to use, see Authorization.

To authorize AWS IoT Jobs operations that can be performed both on the control plane and data plane, you must use IAM policies. The identities must have been authenticated with AWS IoT to perform these operations, which must be Amazon Cognito identities or IAM users, groups, and roles. For more information about authentication, see Authentication.

The devices must now be authorized on the data plane by using AWS IoT Core policies to connect securely to the device gateway. The device gateway enables devices to securely communicate with AWS IoT, receive job executions, and update the job execution status. Device communication is secured by using secure MQTT or HTTPS communication protocols. These protocols use X.509 client certificates that are provided by AWS IoT to authenticate the device connections.

The following shows how you authorize your users, cloud services, and devices to use AWS IoT Jobs. For information about control plane and data plane API operations, see AWS IoT jobs API operations.