- 최신
- 최다 투표
- 가장 많은 댓글
Hi. You can use the thing policy variable iot:Connection.Thing.ThingName
to ensure that devices can only connect if they use a client ID that matches a Thing name. Some policy examples: https://docs.aws.amazon.com/iot/latest/developerguide/connect-policy.html. This would satisfy 1 and is the recommended approach.
However, the iotconsole-<uuid>
client ID is from when you use the MQTT test client in the console. The above policy variable will not apply to those connections. You could use the WHERE
clause of the SQL statement, and the clientId()
and startswith()
SQL functions, to filter those events out.
https://docs.aws.amazon.com/iot/latest/developerguide/iot-sql-functions.html#iot-func-startswith
This solution helped. However, i decided to use a different solution if anyone else has a similar problem.
I used the IoT Events service which was very easy to setup and worked like a charm. Since it already had templates for managing device heartbeat and which is what we were looking for.
관련 콘텐츠
- AWS 공식업데이트됨 일 년 전
- AWS 공식업데이트됨 일 년 전
Thank you Greg for pointing out to the functions in the documentation, that was what i was looking for.
Although the recommended policy approach seems useful. In our scenario, we would need to create adhoc short-lived subscribers on the go, to monitor messages for a short period and it seems like creating a thing for this for a short period might be counter productive.
Would the below policy be appropriate? I hope this will allow all connection requests where clientId = thingname or clientIds where the thingTypeName = either "Devices" or "LOG". is this right? { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/${iot:Connection.Thing.ThingName}", "arn:aws:iot:us-east-1:123456789012:client/${iot:ClientId}" ], "Condition": { "ForAllValues:StringEquals": { "iot:Connection.Thing.ThingTypeName": ["Devices","LOG"] } } } ] }