# Jobs [**Return to main sample list**](./README.md) This sample uses the AWS IoT [Jobs](https://docs.aws.amazon.com/iot/latest/developerguide/iot-jobs.html) Service to describe jobs to execute. [Jobs](https://docs.aws.amazon.com/iot/latest/developerguide/iot-jobs.html) is a service that allows you to define and respond to remote operation requests defined through the AWS IoT Core website or via any other device (or CLI command) that can access the [Jobs](https://docs.aws.amazon.com/iot/latest/developerguide/iot-jobs.html) service. Note: This sample requires you to create jobs for your device to execute. See [instructions here](https://docs.aws.amazon.com/iot/latest/developerguide/create-manage-jobs.html) for how to make jobs. On startup, the sample describes the jobs that are pending execution and pretends to process them, marking each job as complete as it does so. Your IoT Core Thing's [Policy](https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html) must provide privileges for this sample to connect, subscribe, publish, and receive. Below is a sample policy that can be used on your IoT Core Thing that will allow this sample to run as intended.

Sample Policy

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": [
        "arn:aws:iot:region:account:topic/$aws/things/thingname/jobs/start-next",
        "arn:aws:iot:region:account:topic/$aws/things/thingname/jobs/*/update",
        "arn:aws:iot:region:account:topic/$aws/things/thingname/jobs/*/get",
        "arn:aws:iot:region:account:topic/$aws/things/thingname/jobs/get"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": [
        "arn:aws:iot:region:account:topic/$aws/things/thingname/jobs/notify-next",
        "arn:aws:iot:region:account:topic/$aws/things/thingname/jobs/start-next/*",
        "arn:aws:iot:region:account:topic/$aws/things/thingname/jobs/*/update/*",
        "arn:aws:iot:region:account:topic/$aws/things/thingname/jobs/get/*",
        "arn:aws:iot:region:account:topic/$aws/things/thingname/jobs/*/get/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": [
        "arn:aws:iot:region:account:topicfilter/$aws/things/thingname/jobs/notify-next",
        "arn:aws:iot:region:account:topicfilter/$aws/things/thingname/jobs/start-next/*",
        "arn:aws:iot:region:account:topicfilter/$aws/things/thingname/jobs/*/update/*",
        "arn:aws:iot:region:account:topicfilter/$aws/things/thingname/jobs/get/*",
        "arn:aws:iot:region:account:topicfilter/$aws/things/thingname/jobs/*/get/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:region:account:client/test-*"
    }
  ]
}

Replace with the following with the data from your AWS account: * ``: The AWS IoT Core region where you created your AWS IoT Core thing you wish to use with this sample. For example `us-east-1`. * ``: Your AWS IoT Core account ID. This is the set of numbers in the top right next to your AWS account name when using the AWS IoT Core website. * ``: The name of your AWS IoT Core thing you want the device connection to be associated with Note that in a real application, you may want to avoid the use of wildcards in your ClientID or use them selectively. Please follow best practices when working with AWS on production applications using the SDK. Also, for the purposes of this sample, please make sure your policy allows a client ID of `test-*` to connect or use `--client_id ` to send the client ID your policy supports.

## How to run Use the following command to run the Jobs sample from the `samples` folder: ``` sh # For Windows: replace 'python3' with 'python' and '/' with '\' python3 jobs.py --endpoint --cert --key --thing_name ``` You can also pass a Certificate Authority file (CA) if your certificate and key combination requires it: ``` sh # For Windows: replace 'python3' with 'python' and '/' with '\' python3 jobs.py --endpoint --cert --key --thing_name --ca_file ```