aws iot thing policy variable is not working in IAM role

[ffoysal]

trying to connection mqtt over websocket. using golang paho mqtt library.
The following policy in IAM role not working

        {
            "Effect": "Allow",
            "Action": [
                "iot:Publish"
            ],
            "Resource": [
                "arn:aws:iot:<REGION>:*******:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/start-next",
                "arn:aws:iot:<REGION>:*******:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*/update"
            ]
        }

but this policy works

        {
            "Effect": "Allow",
            "Action": [
                "iot:Publish"
            ],
            "Resource": [
                "arn:aws:iot:<REGION>:*******:topic/$aws/things/${iot:ClientId}/jobs/start-next",
                "arn:aws:iot:<REGION>:*******:topic/$aws/things/${iot:ClientId}/jobs/*/update"
            ]
        }

Those are not Iot core policy, those are IAM policy. these policies are attached to a role which has trusted relationship with credentials.iot.amazonaws.com to assume role.
Help is very much appreciated.

[tivaliy]

Not sure that this is the exact place for such type of Issues/Questions.

But anyway can you double check that client IDs are registered thing's name in the AWS IoT Core service. Because iot:Connection.Thing.ThingName is a useful thing policy variable to enforce client ID restrictions require a registered thing's name to be used as the client ID for MQTT connections to the AWS IoT message broker.

[gausekha]

Closing this issue as it doesn't look like there is action needed from the documentation side.