AWS IoT Managed Integrations (iotmanagedintegrations)

2025-06-28

25 new actions, 1 new resource, 3 new conditions | 20 updated actions, 4 updated resources

Additions

    Actions
  • CreateAccountAssociation
    • Description:  Grants permission to create a new account association
    • Access:  Write
    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:TagKeys
  • CreateCloudConnector
    • Description:  Grants permission to create a new cloud connector
    • Access:  Write
  • CreateConnectorDestination
    • Description:  Grants permission to create a new connector destination
    • Access:  Write
  • DeleteAccountAssociation
    • Description:  Grants permission to delete an account association
    • Access:  Write
    • Resources: 

      Name: account-association

      Required: Yes

  • DeleteCloudConnector
    • Description:  Grants permission to delete a cloud connector
    • Access:  Write
  • DeleteConnectorDestination
    • Description:  Grants permission to delete a connector destination
    • Access:  Write
  • DeregisterAccountAssociation
    • Description:  Grants permission to deregister account association
    • Access:  Write
    • Resources: 

      Name: account-association

      Required: Yes

      Name: managed-thing

      Required: Yes

  • GetAccountAssociation
    • Description:  Grants permission to get information about an account association
    • Access:  Read
    • Resources: 

      Name: account-association

      Required: Yes

  • GetCloudConnector
    • Description:  Grants permission to get information about a cloud connector
    • Access:  Read
  • GetConnectorDestination
    • Description:  Grants permission to get information about a cloud destination
    • Access:  Read
  • ListAccountAssociations
    • Description:  Grants permission to list information for account associations
    • Access:  List
  • ListCloudConnectors
    • Description:  Grants permission to list information for cloud connectors
    • Access:  List
  • ListConnectorDestinations
    • Description:  Grants permission to list information for connector destinations
    • Access:  List
  • ListDeviceDiscoveries
    • Description:  Grants permission to list information for device discoveries
    • Access:  List
  • ListDiscoveredDevices
    • Description:  Grants permission to list information for device discovered in a device discoveries
    • Access:  Read
  • ListManagedThingAccountAssociations
    • Description:  Grants permission to list information for associations between managed thing and account associations
    • Access:  List
  • ListTagsForResource
    • Description:  Grants permission to list tags for the specified resource
    • Access:  Read
    • Resources: 

      Name: account-association

      Required: No

      Name: credential-locker

      Required: No

      Name: managed-thing

      Required: No

      Name: ota-task

      Required: No

      Name: provisioning-profile

      Required: No

    • Conditions: 

      aws:ResourceTag/${TagKey}
  • RegisterAccountAssociation
    • Description:  Grants permission to register an account association to a managed thing
    • Access:  Write
    • Resources: 

      Name: account-association

      Required: Yes

      Name: managed-thing

      Required: Yes

  • SendConnectorEvent
    • Description:  Grants permission to send a connector event
    • Access:  Write
  • StartAccountAssociationRefresh
    • Description:  Grants permission to start a refresh of access tokens associated with an account association
    • Access:  Write
    • Resources: 

      Name: account-association

      Required: Yes

  • TagResource
    • Description:  Grants permission to add tags for the specified resource
    • Access:  Tagging
    • Resources: 

      Name: account-association

      Required: No

      Name: credential-locker

      Required: No

      Name: managed-thing

      Required: No

      Name: ota-task

      Required: No

      Name: provisioning-profile

      Required: No

    • Conditions: 

      aws:RequestTag/${TagKey}

      aws:ResourceTag/${TagKey}

      aws:TagKeys
  • UntagResource
    • Description:  Grants permission to remove tags for the specified resource
    • Access:  Tagging
    • Resources: 

      Name: account-association

      Required: No

      Name: credential-locker

      Required: No

      Name: managed-thing

      Required: No

      Name: ota-task

      Required: No

      Name: provisioning-profile

      Required: No

    • Conditions: 

      aws:ResourceTag/${TagKey}

      aws:TagKeys
  • UpdateAccountAssociation
    • Description:  Grants permission to update an account association
    • Access:  Write
    • Resources: 

      Name: account-association

      Required: Yes

  • UpdateCloudConnector
    • Description:  Grants permission to update a cloud connector
    • Access:  Write
  • UpdateConnectorDestination
    • Description:  Grants permission to update a connector destination
    • Access:  Write
    Resources
  • provisioning-profile
    • Arn:  arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:provisioning-profile/${Identifier}
    • Conditions: 

      aws:ResourceTag/${TagKey}
    Conditions
  • aws:RequestTag/${TagKey}
    • Description:  Filters access by a tag key and value pair that is allowed in the request
    • Type:  String
  • aws:ResourceTag/${TagKey}
    • Description:  Filters access by a tag key and value pair of a resource
    • Type:  String
  • aws:TagKeys
    • Description:  Filters access by tag keys that are passed in the request
    • Type:  ArrayOfString

Updates

    Actions
  • StartDeviceDiscovery
      Access
    • List  ⟶  Read
  • UpdateNotificationConfiguration
      Access
    • List  ⟶  Read
  • UpdateOtaTask
      Access
    • List  ⟶  Read
  • ListOtaTaskExecutions
      Resources
    • + {'name': 'provisioning-profile', 'is_required': True}
    • - {'name': 'ProvisioningProfileResource', 'is_required': True}
  • GetManagedThingMetaData
      Resources
    • + {'name': 'credential-locker', 'is_required': True}
    • - {'name': 'CredentialLockerResource', 'is_required': True}
  • ListDestinations
      Resources
    • + {'name': 'managed-thing', 'is_required': True}
    • - {'name': 'ManagedThingResource', 'is_required': True}
  • GetEventLogConfiguration
      Resources
    • + {'name': 'provisioning-profile', 'is_required': True}
    • - {'name': 'ProvisioningProfileResource', 'is_required': True}
  • ListNotificationConfigurations
      Resources
    • + {'name': 'ota-task', 'is_required': True}
    • - {'name': 'OtaTaskResource', 'is_required': True}
  • ListEventLogConfigurations
      Resources
    • + {'name': 'managed-thing', 'is_required': True}
    • - {'name': 'ManagedThingResource', 'is_required': True}
  • GetSchemaVersion
      Resources
    • + {'name': 'managed-thing', 'is_required': True}
    • - {'name': 'ManagedThingResource', 'is_required': True}
  • GetDestination
      Resources
    • + {'name': 'ota-task', 'is_required': True}
    • - {'name': 'OtaTaskResource', 'is_required': True}
  • ListCredentialLockers
      Resources
    • + {'name': 'managed-thing', 'is_required': True}
    • - {'name': 'ManagedThingResource', 'is_required': True}
  • DeleteOtaTaskConfiguration
      Resources
    • + {'name': 'credential-locker', 'is_required': True}
    • - {'name': 'CredentialLockerResource', 'is_required': True}
  • GetCustomEndpoint
      Resources
    • + {'name': 'managed-thing', 'is_required': True}
    • - {'name': 'ManagedThingResource', 'is_required': True}
  • ListManagedThingSchemas
      Resources
    • + {'name': 'managed-thing', 'is_required': True}
    • - {'name': 'ManagedThingResource', 'is_required': True}
  • UpdateEventLogConfiguration
      Resources
    • + {'name': 'managed-thing', 'is_required': True}
    • - {'name': 'ManagedThingResource', 'is_required': True}
  • CreateManagedThing
      Conditions
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
  • CreateOtaTaskConfiguration
      Resources
    • + credential-locker
      Conditions
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
  • DeleteCredentialLocker
      Conditions
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
  • DeleteEventLogConfiguration
      Conditions
    • + aws:RequestTag/${TagKey}
    • + aws:TagKeys
    Resources
  • ota-task
      Arn
    • Old: arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:provisioning-profile/${Identifier}
      New: arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:ota-task/${Identifier}
      Conditions

    • New_value: ['aws:ResourceTag/${TagKey}']

      Old_value: []

  • managed-thing
      Arn
    • Old: arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:ota-task/${Identifier}
      New: arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:managed-thing/${Identifier}
      Conditions

    • New_value: ['aws:ResourceTag/${TagKey}']

      Old_value: []

  • account-association
      Arn
    • Old: arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:credential-locker/${Identifier}
      New: arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:account-association/${AccountAssociationId}
      Conditions

    • New_value: ['aws:ResourceTag/${TagKey}']

      Old_value: []

  • credential-locker
      Arn
    • Old: arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:managed-thing/${Identifier}
      New: arn:${Partition}:iotmanagedintegrations:${Region}:${Account}:credential-locker/${Identifier}
      Conditions

    • New_value: ['aws:ResourceTag/${TagKey}']

      Old_value: []