I have two Accounts running with IoT-Endpoints enabled. My devices connect to the IoT Endpoint on Account A. In Account A I also have a Lambda function running, that is receiving the messages through an IoT Rule. The Lambda determines, if the message has to be forwarded to Account B or not. Since I have other services depending on IoT messages in Account B as well, I just want to republish the MQTT message to the IoT-Endpoint of Account B.

Lambda is configured with NodeJS 12.x.

Let's leave the IAM stuff aside. I have some roles/policies set up for that already, but I do not even get that far to test them.

I use the following snippet in Lambda of Account A to send the message to the IoT-Endpoint of Account B.

  let iotData = new AWS.IotData({
    endpoint: &#39;<endpointOfAccountB>;
  let topic_params = {
    topic: "my/topic/on/other/account",
    payload: JSON.stringify(payload),
    qos: 1

It seems like the endpoint attribute is just ignored, because the message gets published on Account A instead. I also tried without -ats (result of CLI: aws iot describe-endpoint ):
<endpointOfAccountB> -> same result

When I print iotDev.endpoint the correct endpoint is configured.

Is there a way to publish an MQTT message from Account A to Account B with the IoTData sdk?
Am I missing something?
Feel free to ask for more details if necessary.

Encountered this same problem today as well. What I did to over come this was assume a Role in Account B, set the credentials in the AWS.config.credentials with the temp creds, then create the IotData object with the IoT endpoint before you publish the message.

   let credentials = await STS.assumeRole({
      RoleArn: 'arn:aws:iam::123456789:role/iotRole',
      RoleSessionName: 'testRoleSessionName'

   const remoteCredentials = new AWS.Credentials(

    const iotData = new AWS.IotData({
      endpoint: '', // IoTEndpoint of Account B
      credentials: remoteCredentials

    const data = await iotData.publish({
      topic: `topicfilter/data/clientIdHere`,
      payload: JSON.stringify({event: 'whatever'}),
      qos: 1

Be sure to give the lambda's execution role in Account A the permission to STS:AssumeRole and setup the "iotRole" in Account B to trust Account A.

Thank you very much!

Worked as described.

