| iam:PassRole | Admin |
| iot:AcceptCertificateTransfer | Admin |
| iot:AddThingToBillingGroup | Admin |
| iot:AttachPolicy | Admin |
| iot:AttachSecurityProfile | Admin |
| iot:CancelAuditMitigationActionsTask | Admin |
| iot:CancelAuditTask | Admin |
| iot:CancelCertificateTransfer | Admin |
| iot:CancelJobExecution | Admin |
| iot:ClearDefaultAuthorizer | Admin |
| iot:ConfirmTopicRuleDestination | Admin |
| iot:Connect | Admin |
| iot:CreateAuthorizer | Admin |
| iot:CreateBillingGroup | Admin |
| iot:CreateCertificateFromCsr | Admin |
| iot:CreateDomainConfiguration | Admin |
| iot:CreateDynamicThingGroup | Admin |
| iot:CreateKeysAndCertificate | Admin |
| iot:CreateMitigationAction | Admin |
| iot:CreateOTAUpdate | Admin |
| iot:CreateParticipantConnection | Admin |
| iot:CreatePolicy | Admin |
| iot:CreatePolicyVersion | Admin |
| iot:CreateProvisioningClaim | Admin |
| iot:CreateProvisioningTemplate | Admin |
| iot:CreateProvisioningTemplateVersion | Admin |
| iot:CreateRoleAlias | Admin |
| iot:CreateScheduledAudit | Admin |
| iot:CreateSecurityProfile | Admin |
| iot:CreateStream | Admin |
| iot:CreateThing | Admin |
| iot:CreateThingGroup | Admin |
| iot:CreateThingType | Admin |
| iot:CreateTopicRule | Admin |
| iot:CreateTopicRuleDestination | Admin |
| iot:DeleteAccountAuditConfiguration | Admin |
| iot:DeleteAuthorizer | Admin |
| iot:DeleteBillingGroup | Admin |
| iot:DeleteCACertificate | Admin |
| iot:DeleteCertificate | Admin |
| iot:DeleteConnection | Admin |
| iot:DeleteDomainConfiguration | Admin |
| iot:DeleteDynamicThingGroup | Admin |
| iot:DeleteJobExecution | Admin |
| iot:DeleteMitigationAction | Admin |
| iot:DeleteOTAUpdate | Admin |
| iot:DeletePolicy | Admin |
| iot:DeletePolicyVersion | Admin |
| iot:DeleteProvisioningTemplate | Admin |
| iot:DeleteProvisioningTemplateVersion | Admin |
| iot:DeleteRegistrationCode | Admin |
| iot:DeleteRoleAlias | Admin |
| iot:DeleteScheduledAudit | Admin |
| iot:DeleteSecurityProfile | Admin |
| iot:DeleteStream | Admin |
| iot:DeleteThing | Admin |
| iot:DeleteThingGroup | Admin |
| iot:DeleteThingShadow | Admin |
| iot:DeleteThingType | Admin |
| iot:DeleteTopicRule | Admin |
| iot:DeleteTopicRuleDestination | Admin |
| iot:DeleteV2LoggingLevel | Admin |
| iot:DeprecateThingType | Admin |
| iot:DetachPolicy | Admin |
| iot:DetachPrincipalPolicy | Admin |
| iot:DetachSecurityProfile | Admin |
| iot:DisconnectParticipant | Admin |
| iot:GetThingShadow | Admin |
| iot:PostToConnection | Admin |
| iot:Publish | Admin |
| iot:Receive | Admin |
| iot:RegisterCACertificate | Admin |
| iot:RegisterCertificate | Admin |
| iot:RegisterThing | Admin |
| iot:RejectCertificateTransfer | Admin |
| iot:RemoveThingFromBillingGroup | Admin |
| iot:RemoveThingFromThingGroup | Admin |
| iot:ReplaceTopicRule | Admin |
| iot:SetDefaultAuthorizer | Admin |
| iot:SetDefaultPolicyVersion | Admin |
| iot:SetLoggingOptions | Admin |
| iot:SetV2LoggingLevel | Admin |
| iot:SetV2LoggingOptions | Admin |
| iot:Subscribe | Admin |
| iot:TransferCertificate | Admin |
| iot:UpdateAccountAuditConfiguration | Admin |
| iot:UpdateAuthorizer | Admin |
| iot:UpdateBillingGroup | Admin |
| iot:UpdateCACertificate | Admin |
| iot:UpdateCertificate | Admin |
| iot:UpdateDomainConfiguration | Admin |
| iot:UpdateDynamicThingGroup | Admin |
| iot:UpdateEventConfigurations | Admin |
| iot:UpdateIndexingConfiguration | Admin |
| iot:UpdateJobExecution | Admin |
| iot:UpdateMitigationAction | Admin |
| iot:UpdateProvisioningTemplate | Admin |
| iot:UpdateRoleAlias | Admin |
| iot:UpdateScheduledAudit | Admin |
| iot:UpdateSecurityProfile | Admin |
| iot:UpdateStream | Admin |
| iot:UpdateThing | Admin |
| iot:UpdateThingGroup | Admin |
| iot:UpdateThingGroupsForThing | Admin |
| iot:UpdateThingShadow | Admin |
| iot:UpdateTopicRuleDestination | Admin |
| iot:ValidateSecurityProfileBehaviors | Admin |
| iotdata:DeleteThingShadow | Admin |
| iotdata:GetThingShadow | Admin |
| iotdata:Publish | Admin |
| iotdata:UpdateThingShadow | Admin |
| iot-jobs-data:StartNextPendingJobExecution | Operator |
| iot-jobs-data:UpdateJobExecution | Operator |
| iot:AddThingToThingGroup | Operator |
| iot:AssociateTargetsWithJob | Operator |
| iot:AttachPrincipalPolicy | Operator |
| iot:AttachThingPrincipal | Operator |
| iot:CancelJob | Operator |
| iot:CloseTunnel | Operator |
| iot:CreateJob | Operator |
| iot:DeleteJob | Operator |
| iot:DetachThingPrincipal | Operator |
| iot:DisableTopicRule | Operator |
| iot:EnableTopicRule | Operator |
| iot:GetTopicRule | Operator |
| iot:OpenTunnel | Operator |
| iot:SearchIndex | Operator |
| iot:SendEvent | Operator |
| iot:SendMessage | Operator |
| iot:StartAuditMitigationActionsTask | Operator |
| iot:StartNextPendingJobExecution | Operator |
| iot:StartOnDemandAuditTask | Operator |
| iot:StartThingRegistrationTask | Operator |
| iot:StopThingRegistrationTask | Operator |
| iot:TagResource | Operator |
| iot:TestAuthorization | Operator |
| iot:TestInvokeAuthorizer | Operator |
| iot:UntagResource | Operator |
| iot:UpdateJob | Operator |
| cloudwatch:GetMetricStatistics | Metadata |
| iot-jobs-data:DescribeJobExecution | Metadata |
| iot-jobs-data:GetPendingJobExecutions | Metadata |
| iot:DescribeAccountAuditConfiguration | Metadata |
| iot:DescribeAuditFinding | Metadata |
| iot:DescribeAuditMitigationActionsTask | Metadata |
| iot:DescribeAuditTask | Metadata |
| iot:DescribeAuthorizer | Metadata |
| iot:DescribeBillingGroup | Metadata |
| iot:DescribeCACertificate | Metadata |
| iot:DescribeCertificate | Metadata |
| iot:DescribeDefaultAuthorizer | Metadata |
| iot:DescribeDomainConfiguration | Metadata |
| iot:DescribeEndpoint | Metadata |
| iot:DescribeEventConfigurations | Metadata |
| iot:DescribeIndex | Metadata |
| iot:DescribeJob | Metadata |
| iot:DescribeJobExecution | Metadata |
| iot:DescribeMitigationAction | Metadata |
| iot:DescribeProvisioningTemplate | Metadata |
| iot:DescribeProvisioningTemplateVersion | Metadata |
| iot:DescribeRoleAlias | Metadata |
| iot:DescribeScheduledAudit | Metadata |
| iot:DescribeSecurityProfile | Metadata |
| iot:DescribeStream | Metadata |
| iot:DescribeThing | Metadata |
| iot:DescribeThingGroup | Metadata |
| iot:DescribeThingRegistrationTask | Metadata |
| iot:DescribeThingType | Metadata |
| iot:DescribeTunnel | Metadata |
| iot:GetCardinality | Metadata |
| iot:GetConnection | Metadata |
| iot:GetEffectivePolicies | Metadata |
| iot:GetIndexingConfiguration | Metadata |
| iot:GetJobDocument | Metadata |
| iot:GetLoggingOptions | Metadata |
| iot:GetOTAUpdate | Metadata |
| iot:GetPendingJobExecutions | Metadata |
| iot:GetPercentiles | Metadata |
| iot:GetPolicy | Metadata |
| iot:GetPolicyVersion | Metadata |
| iot:GetRegistrationCode | Metadata |
| iot:GetStatistics | Metadata |
| iot:GetTopicRuleDestination | Metadata |
| iot:GetTranscript | Metadata |
| iot:GetV2LoggingOptions | Metadata |
| iot:ListActiveViolations | Metadata |
| iot:ListAttachedPolicies | Metadata |
| iot:ListAuditFindings | Metadata |
| iot:ListAuditMitigationActionsExecutions | Metadata |
| iot:ListAuditMitigationActionsTasks | Metadata |
| iot:ListAuditTasks | Metadata |
| iot:ListAuthorizers | Metadata |
| iot:ListBillingGroups | Metadata |
| iot:ListCACertificates | Metadata |
| iot:ListCertificates | Metadata |
| iot:ListCertificatesByCA | Metadata |
| iot:ListDomainConfigurations | Metadata |
| iot:ListIndices | Metadata |
| iot:ListJobExecutionsForJob | Metadata |
| iot:ListJobExecutionsForThing | Metadata |
| iot:ListJobs | Metadata |
| iot:ListMitigationActions | Metadata |
| iot:ListOTAUpdates | Metadata |
| iot:ListOutgoingCertificates | Metadata |
| iot:ListPolicies | Metadata |
| iot:ListPolicyPrincipals | Metadata |
| iot:ListPolicyVersions | Metadata |
| iot:ListPrincipalPolicies | Metadata |
| iot:ListPrincipalThings | Metadata |
| iot:ListProvisioningTemplateVersions | Metadata |
| iot:ListProvisioningTemplates | Metadata |
| iot:ListRoleAliases | Metadata |
| iot:ListScheduledAudits | Metadata |
| iot:ListSecurityProfiles | Metadata |
| iot:ListSecurityProfilesForTarget | Metadata |
| iot:ListStreams | Metadata |
| iot:ListTagsForResource | Metadata |
| iot:ListTargetsForPolicy | Metadata |
| iot:ListTargetsForSecurityProfile | Metadata |
| iot:ListThingGroups | Metadata |
| iot:ListThingGroupsForThing | Metadata |
| iot:ListThingPrincipals | Metadata |
| iot:ListThingRegistrationTaskReports | Metadata |
| iot:ListThingRegistrationTasks | Metadata |
| iot:ListThingTypes | Metadata |
| iot:ListThings | Metadata |
| iot:ListThingsInBillingGroup | Metadata |
| iot:ListThingsInThingGroup | Metadata |
| iot:ListTopicRuleDestinations | Metadata |
| iot:ListTopicRules | Metadata |
| iot:ListTunnels | Metadata |
| iot:ListV2LoggingLevels | Metadata |
| iot:ListViolationEvents | Metadata |
