1回答
- 新しい順
- 投票が多い順
- コメントが多い順
0
Something like this would work to allow for the device to subscribe to a specific topic
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:client/clientId1",
"arn:aws:iot:us-east-1:123456789012:client/clientId2",
"arn:aws:iot:us-east-1:123456789012:client/clientId3"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topicfilter/some_specific_topic"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topic/some_specific_topic"
]
}
]
}
回答済み 3年前
Thanks. Yes this is what I was thinking. So IoTcore's own policy and IoTcore policy for cognito both seems to be having similar info.
For Cognito principals, it's best practice to attach an AWS IoT Policy. When the principals connects using the IAM authenticated policy (which can have
iot:connect), the attached IoT Policy is the one that is actually applied (connect, publish, subscribe, etc.).
Try the link here: https://docs.aws.amazon.com/iot/latest/developerguide/iam-users-groups-roles.html