From bb3a06741411de80aabd5b849a37ec7fec6ac034 Mon Sep 17 00:00:00 2001
From: Jeremy Poulter <jpoulter@webgains.com>
Date: Wed, 16 Aug 2023 20:41:05 +0100
Subject: [PATCH] Added a note with the policy needed to allow OpenEVSE to work
 with AWS IoT core.

---
 docs/mqtt.md | 33 +++++++++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)

diff --git a/docs/mqtt.md b/docs/mqtt.md
index 472221ce..a6f07fc4 100644
--- a/docs/mqtt.md
+++ b/docs/mqtt.md
@@ -68,3 +68,36 @@ MQTT setup is pre-populated with OpenEnergyMonitor [emonPi default MQTT server c
 * After a few seconds `Connected: No` should change to `Connected: Yes` if connection is successful. Re-connection will be attempted every 10s. A refresh of the page may be needed.
 
 *Note: `emon/xxxx` should be used as the base-topic if posting to emonPi MQTT server if you want the data to appear in emonPi Emoncms. See [emonPi MQTT docs](https://guide.openenergymonitor.org/technical/mqtt/).*
+
+## Connecting to Cloud IoT services
+
+### AWS IoT Core
+
+Policy for AWS IoT Core:
+
+```json
+{
+  "Version": "2012-10-17",
+  "Statement": [
+    {
+      "Effect": "Allow",
+      "Action": "iot:Connect",
+      "Resource": "arn:aws:iot:eu-west-2:489072314047:client/openevse-*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": "iot:Subscribe",
+      "Resource": "arn:aws:iot:eu-west-2:489072314047:topicfilter/openevse/*"
+    },
+    {
+      "Effect": "Allow",
+      "Action": [
+        "iot:Receive",
+        "iot:Publish",
+        "iot:RetainPublish"
+      ],
+      "Resource": "arn:aws:iot:eu-west-2:489072314047:topic/openevse/*"
+    }
+  ]
+}
+```