By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

What can be achieved by AttachThingPrincipal API when used with Cognito Identity?

0

Hi,

It is not quite clear in the documentation what can be achieved by using "AttachThingPrincipal" API with Cognito Identity. I know that by calling "AttachPolicy", I can attach IoT Policy to Cognito Identity to give it access to IoT Core.

Regarding "AttachThingPrincipal" the documentation states that:

You can use the AttachThingPrincipal API to attach certificates and authenticated Amazon Cognito identities to a thing. iot:Connection.Thing.ThingName is a useful thing policy variable to enforce client ID restrictions.

Does this mean that after attaching Cognito Identity to a Thing by using "AttachThingPrincipal" API, the Identity will be mapped to this Thing and ${iot:Connection.Thing.ThingName} set in policy attached to Cognito Identity will be resolved as Thing Name?

Topics
Internet of Things (IoT)Security, Identity, & Compliance
Tags
AWS IoT CoreAmazon Cognito
Language
English
K676
asked a year ago239 views
1 Answer
1
Accepted Answer

Yes, your understanding is correct. In order to be able to use the Thing Policy variables in the AWS IoT Policies, the principal (certificate or Cognito Identity) must have been associated with a Thing.

AWS
EXPERT
MassimilianoAWS
answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content