1개 답변
- 최신
- 최다 투표
- 가장 많은 댓글
0
Something like this would work to allow for the device to subscribe to a specific topic
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:client/clientId1",
"arn:aws:iot:us-east-1:123456789012:client/clientId2",
"arn:aws:iot:us-east-1:123456789012:client/clientId3"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topicfilter/some_specific_topic"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topic/some_specific_topic"
]
}
]
}
답변함 3년 전
Thanks. Yes this is what I was thinking. So IoTcore's own policy and IoTcore policy for cognito both seems to be having similar info.
For Cognito principals, it's best practice to attach an AWS IoT Policy. When the principals connects using the IAM authenticated policy (which can have
iot:connect), the attached IoT Policy is the one that is actually applied (connect, publish, subscribe, etc.).
관련 콘텐츠
- 질문됨 2년 전
- 질문됨 일 년 전
Try the link here: https://docs.aws.amazon.com/iot/latest/developerguide/iam-users-groups-roles.html