I am using AWS IoT for a webapp and I need to restrict some topics so that only a specific user (client) can connect to them.
How can I achieve this? My app uses lambda functions with topicRule event listeners to trigger application code. I'm using the beta custom authentication and passing IoT authentication data through the username/password at connect.
I am not using cognito for authentication and again my javascript app sends auth token when connecting to mqtt. The developer guide only shows how to do it when using cognito which I am not (https://docs.aws.amazon.com/iot/latest/developerguide/pub-sub-policy.html).
How could I check the authentication data when a client attempts to subscribe to a certain topic and verify they are authorized to do so?
Thanks!
Edited by: phasetwo on Aug 15, 2020 1:10 AM
