Required IAM Managed Policies

The AnyNet Cellular Connectivity for AWS IoT service and AnyNet IRIS app require the following AWS Managed Policies.

When you attach these policies to the IAM user, you will also create an inline policy to deny all user and organization related actions. For more information, see Attaching IAM policies to an existing user.

Ensure that enabling access to these policies does not breach your IT security procedures.


Permits Eseye to determine which AWS Regions you have enabled, using some EC2 read-only commands.

AWS requires its customers to opt in to any of the AWS Regions launched after 20 March 2019. For more information, see: Setting permissions to enable accounts for upcoming AWS Regions.

  Enables AnyNet IRIS to use Amazon EventBridge to notify the Activation service when AWS IoT things are created or deleted.
  Enables CloudFormation template retrieval and CloudTrail S3 bucket creation.
  Required for both the Foundation stack and the resource stacks that are created in the AWS Regions you specify using AnyNet IRIS.
  Enables delivery of AWS API Call via CloudTrail. AWS API Call notifies AnyNet IRIS of specific AWS IoT events.
  Enables AnyNet IRIS to access multiple required resources within AWS IoT Core.
  Allows creation of Amazon CloudWatch Log groups and streaming logs to the groups.

Enables AnyNet IRIS to invoke the policy simulator API to determine whether the user has sufficient permissions to use the AnyNet IRIS app and AnyNet Cellular Connectivity for AWS IoT service. Additionally, it enables IAM role creation and policy attachment. For more information, see: Testing IAM policies with the IAM policy simulator.