By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Assigning more than 10 IoT policies on identity

0

We are using AWS IoT things to represent our IoT devices. Our users are getting temp credentials using the AWS Cognito Identity Pool. We mapped the group id claim from the ID Token to the Principal, and we need a way to connect this group ID to the things in this group in the IoT policy. Based on the current solution 1 thing has 1 certificate, and the IoT policy is attached to the certificate and to the identity. With this, the thing and the identity are connected, but there is no way to check that in the IoT policy. This solution suggests a thing prefix with the group Id, or a custom policy manager that will have permissions for multiple things, is there any other way for doing this?

Topics
Internet of Things (IoT)Security, Identity, & Compliance
Tags
AWS IoT CoreAmazon CognitoAmazon Cognito Federated IdentitiesIAM Policies
Language
English
rePost-User-9213320
asked a year ago197 views
1 Answer
0

I recommend using AWS IoT custom authorizer to manage more complex and dynamic authorization schemas.

The authorizer lambda function can receive the JWT token, extract the necessary claims and craft an on-demand policy with the required resources whose names depends on the claims.

You can refer to this repo for an example on how to implement a custom authorizer to validate JWT tokens.

AWS
EXPERT
MassimilianoAWS
answered a year ago
  • rePost-User-9213320
    a year ago

    Thank you, but with this solution there are still the 10 policies per identity and 2048 characters per policy limits.

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content