Accepts a pending certificate transfer.

The default state of the certificate is INACTIVE.

Associates a group with a continuous job.

The following criteria must be met:

• The job must have been created with the targetSelection field set to "CONTINUOUS".

• The job status must currently be "IN_PROGRESS".

• The total number of targets associated with a job must not exceed 100.

Attaches the specified policy to the specified principal (certificate or other credential).

Associates a Device Defender security profile with a thing group or this account.

Attaches the specified principal to the specified thing.

Cancels a mitigation action task that is in progress.

Cancels an audit that is in progress.

Cancels a pending transfer for the specified certificate.

Note Only the transfer source account can use this operation to cancel a transfer. (Transfer destinations can use RejectCertificateTransfer instead.) After transfer, AWS IoT returns the certificate to the source account in the INACTIVE state. After the destination account has accepted the transfer, the transfer cannot be cancelled.

Confirms a topic rule destination.

Creates an X.509 certificate using the specified certificate signing request.

Note: The CSR must include a public key that is either an RSA key with a length of at least 2048 bits or an ECC key from NIST P-256 or NIST P-384 curves.

Note: Reusing the same certificate signing request (CSR) results in a distinct certificate.

You can create multiple certificates in a batch by creating a directory, copying multiple .csr files into that directory, and then specifying that directory on the command line. The following commands show how to create a batch of certificates given a batch of CSRs.

Assuming a set of CSRs are located inside of the directory my-csr-directory:

On Linux and OS X, the command is:

$ ls my-csr-directory/ | xargs -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}

This command lists all of the CSRs in my-csr-directory and pipes each CSR file name to the aws iot create-certificate-from-csr AWS CLI command to create a certificate for the corresponding CSR.

The aws iot create-certificate-from-csr part of the command can also be run in parallel to speed up the certificate creation process:

$ ls my-csr-directory/ | xargs -P 10 -I {} aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/{}

On Windows PowerShell, the command to create certificates for all CSRs in my-csr-directory is:

> ls -Name my-csr-directory | %{aws iot create-certificate-from-csr --certificate-signing-request file://my-csr-directory/$_}

On a Windows command prompt, the command to create certificates for all CSRs in my-csr-directory is:

Create a dimension that you can use to limit the scope of a metric used in a security profile for AWS IoT Device Defender.

Creates a domain configuration.

Creates a 2048-bit RSA key pair and issues an X.509 certificate using the issued public key.

You can also call CreateKeysAndCertificate over MQTT from a device, for more information, see Provisioning MQTT API.

Defines an action that can be applied to audit findings by using StartAuditMitigationActionsTask.

Creates an AWS IoT policy.

Creates a new version of the specified AWS IoT policy.

To update a policy, create a new policy version. A managed policy can have up to five versions. If the policy has five versions, you must use DeletePolicyVersion to delete an existing version before you create a new one.

Creates a stream for delivering one or more large files in chunks over MQTT.

Creates a thing record in the registry.

If this call is made multiple times using the same thing name and configuration, the call will succeed. If this call is made with the same thing name but different configuration a ResourceAlreadyExistsException is thrown.

Create a thing group.

Creates a rule.

Creates a topic rule destination.

Restores the default settings for Device Defender audits for this account.

Deletes the specified certificate.

Before you can delete a custom metric, you must first remove the custom metric from all security profiles it's a part of.

The security profile associated with the custom metric can be found using the ListSecurityProfiles API with metricName set to your custom metric name.

Deletes the specified domain configuration.

Deletes a job and its related job executions.

Deleting a job may take time, depending on the number of job executions created for the job and various other factors. While the job is being deleted, the status of the job will be shown as "DELETION_IN_PROGRESS". Attempting to delete or cancel a job whose status is already "DELETION_IN_PROGRESS" will result in an error.

Deletes the specified policy.

A policy cannot be deleted if it has non-default versions or it is attached to any certificate.

To delete a policy, use the DeletePolicyVersion API to delete all non-default versions of the policy; use the DetachPrincipalPolicy API to detach the policy from any certificate; and then use the DeletePolicy API to delete the policy.

Deletes the specified version of the specified policy.

Deletes the specified thing.

Deletes the specified thing type.

Deprecates a thing type.

Gets information about the Device Defender audit settings for this account.

Gets information about a single audit finding.

Gets information about an audit mitigation task that is used to apply mitigation actions to a set of audit findings.

Gets summary information about a domain configuration.

Removes the specified policy from the specified certificate.

Detaches the specified principal from the specified thing.

A principal can be X.509 certificates, IAM users, groups, and roles, Amazon Cognito identities or federated identities.

Gets the logging options.

Groups the aggregated values that match the query into percentile groupings.

Returns the count, average, sum, minimum, maximum, sum of squares, variance, and standard deviation for the specified aggregated field.

Lists the findings (results) of a Device Defender audit or of the audits performed during a specified time period.

Lists the CA certificates registered for your AWS account.

Lists the certificates registered in your AWS account.

Gets a list of domain configurations for the user.

This list is sorted alphabetically by domain configuration name.

Lists the principals associated with the specified policy.

Lists the policies attached to the specified principal.

If you use an Cognito identity, the ID must be in AmazonCognito Identity format.

Lists the things associated with the specified principal.

Lists the Device Defender security profiles you've created.

You can filter security profiles by dimension or custom metric.

Lists the principals associated with the specified thing.

Lists your things.

Use the attributeName and attributeValue parameters to filter your things. For example, calling ListThings with attributeName=Color and attributeValue=Red retrieves all things in the registry that contain an attribute Color with the value Red.

Lists the Device Defender security profile violations discovered during the given time period.

Registers a CA certificate with AWS IoT.

Registers a device certificate with AWS IoT.

Provisions a thing in the device registry.

Rejects a pending certificate transfer.

After AWS IoT rejects a certificate transfer, the certificate status changes from PENDING_TRANSFER to INACTIVE.

To check for pending certificate transfers, call ListCertificates to enumerate your certificates.

Remove the specified thing from the specified group.

Replaces the rule.

Sets the default authorizer.

Sets the specified version of the specified policy as the policy's default (operative) version.

Sets the logging options.

Adds to or modifies the tags of the given resource.

Tests if a specified principal is authorized to perform an AWS IoT action on a specified resource.

Tests a custom authorization behavior by invoking a specified custom authorizer.

Transfers the specified certificate to the specified AWS account.

You can cancel the transfer until it is acknowledged by the recipient.

No notification is sent to the transfer destination's account. It is up to the caller to notify the transfer target.

The certificate being transferred must not be in the ACTIVE state. You can use the UpdateCertificate API to deactivate it.

Configures or reconfigures the Device Defender audit settings for this account.

Updates the status of the specified certificate.

This operation is idempotent.

Certificates must be in the ACTIVE state to authenticate devices that use a certificate to connect to AWS IoT.

Updates the definition for a dimension.

Updates values stored in the domain configuration.

Domain configurations for default endpoints can't be updated.

Updates an existing stream.

Updates a topic rule destination.