1 Resposta
- Mais recentes
- Mais votos
- Mais comentários
0
Something like this would work to allow for the device to subscribe to a specific topic
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:client/clientId1",
"arn:aws:iot:us-east-1:123456789012:client/clientId2",
"arn:aws:iot:us-east-1:123456789012:client/clientId3"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topicfilter/some_specific_topic"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topic/some_specific_topic"
]
}
]
}
respondido há 3 anos
Thanks. Yes this is what I was thinking. So IoTcore's own policy and IoTcore policy for cognito both seems to be having similar info.
For Cognito principals, it's best practice to attach an AWS IoT Policy. When the principals connects using the IAM authenticated policy (which can have
iot:connect), the attached IoT Policy is the one that is actually applied (connect, publish, subscribe, etc.).
Conteúdo relevante
- feita há 4 meses
Try the link here: https://docs.aws.amazon.com/iot/latest/developerguide/iam-users-groups-roles.html