1 Antwort
- Neueste
- Die meisten Stimmen
- Die meisten Kommentare
0
Something like this would work to allow for the device to subscribe to a specific topic
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:client/clientId1",
"arn:aws:iot:us-east-1:123456789012:client/clientId2",
"arn:aws:iot:us-east-1:123456789012:client/clientId3"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topicfilter/some_specific_topic"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topic/some_specific_topic"
]
}
]
}
beantwortet vor 3 Jahren
Thanks. Yes this is what I was thinking. So IoTcore's own policy and IoTcore policy for cognito both seems to be having similar info.
For Cognito principals, it's best practice to attach an AWS IoT Policy. When the principals connects using the IAM authenticated policy (which can have
iot:connect), the attached IoT Policy is the one that is actually applied (connect, publish, subscribe, etc.).
Relevanter Inhalt
- AWS OFFICIALAktualisiert vor 2 Monaten
- AWS OFFICIALAktualisiert vor 3 Monaten
Try the link here: https://docs.aws.amazon.com/iot/latest/developerguide/iam-users-groups-roles.html