Hello Sriramatluri,

I am not 100% sure about your first question regarding the provisioning method. Can you describe it again, please.

Regarding the iot policy: You can build it up by yourself. The following documentation might be helpful for you:

https://docs.aws.amazon.com/iot/latest/developerguide/iot-policies.html

https://docs.aws.amazon.com/iot/latest/developerguide/example-iot-policies.html

It always depends on what you actually want to allow your device to do on the cloud. So a "connect" is mandatory to have your device connected. But then it really depends. In our case we use shadow updates that is the reason why we allow all the shadow updates, ...

Also note that it is important that you use iot:ClientId for this approach instead of iot:Connection.Thing.ThingName.