- 최신
- 최다 투표
- 가장 많은 댓글
Hi Majh,
you are correct that the disconnect happens when the client breaks the policy. In the specific case, all clients using a clientId
different from the Thing Name will break the first policy when trying to publish to abc/MY_THING_NAME/hello
. This is because the ${iot:Connection.Thing.ThingName}
only resolves to the Thing Name when the the clientId
is the same as the Thing Name.
Assuming you really need to have multiple connections using the same certificate - which should only be the case when all connections are established from the same device - then you can use a certificate policy variable instead.
If you are using AWS IoT Certificates you can use a CSR to populate Subject variables when creating the certificate with CreateCertificateFromCsr.
Your policy would then be:
{
"Effect": "Allow",
"Action": [
"iot:Publish"
],
"Resource": [ "arn:aws:iot:ap-pt:xxxxx:topic/abc/${iot:Certificate.Subject.CommonName}/*" ]
}
Cheers,
Massimiliano
관련 콘텐츠
- AWS 공식업데이트됨 3년 전
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 2년 전
- AWS 공식업데이트됨 일 년 전