About the required AWS IAM user for AnyNet IRIS

The AnyNet Cellular Connectivity for AWS IoT service integrates with the IoT resources within your AWS account to perform essential functions, such as updating an AWSthing Shadow document. You enable access to these functions by setting up a dedicated IAM user with specific permissions within your AWS account. You will use this IAM user to configure AnyNet IRIS.

Do not use the AWS account root to set up the required IAM permissions. For more information, see AWS account root user.

The IAM permissions also enable the service to create a Foundation CloudFormation stack that is used to distribute required resources to the AWS regions you select using AnyNet IRIS. The Foundation stack creates an IAM role – AnyNetSecureTrustRole – that is responsible for establishing required cross-account access. For information about cross-account access, see:

Providing access to AWS accounts owned by third parties

Recommended reading

For information aboutAWS security best practices, see: Security best practices in IAM

To learn how to create customer managed policies, see: IAM Tutorial: Create and attach your first customer managed policy