Today I’ve spent a lot of time, to get my lambda code to work with an IoT device. After checking out the logs with Amazon Cloudwatch, I’ve found out, that there was a permission problem.
To enable IoT control, from lambda, you need to edit the lambda policy. Just define the allowed actions as followed, to enable all “iot.*” actions:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
{ "Version": "XXXX-XX-XX", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": "iot:*", "Resource": "*" } ] } |
You can also define explicit actions by doing following:
1 2 3 4 |
"Action": [ "iot:updateThingShadow", "iot:getThingShadow" ], |
That’s it! Now you can execute your code from Amazon AWS lambda to control your AWS IoT device.