How Amplify PubSub granted access to AWS IoT Core?
As my understanding, there are two required steps. I think only 1) is ok. Is this redundancy?
1) From AWS IoT core policies, grant access to cognito_identity_id
aws iot attach-policy --policy-name 'myIoTPolicy' --target '<YOUR_COGNITO_IDENTITY_ID>'
2) From Cognito side, attach AWSIoTDataAccess and AWSIoTConfigAccess to Cognito Authenticated Role
Hi hai. I agree that it seems like it maybe could be redundant, but it's not. You can try it yourself. If the actions are not specified for the authenticated role as well, it will fail.
When your app supports authenticated Amazon Cognito identities, in order to authenticate users, you need to specify a policy in two places. Attach an IAM policy to the authenticated Amazon Cognito Identity pool and attach an AWS IoT Core policy to the Amazon Cognito Identity.
An Amazon Cognito authenticated user needs two policies to access AWS IoT. The first policy is attached to the role of the authenticated pool to authenticate and authorize the Cognito user to communicate with AWS IoT. The second policy is attached to the authenticated Cognito user ID principal for fine-grained permissions.
Thank you! but what risk if only one policy is required? why should be two?
How to grant users read only permission to AthenaAccepted Answerasked 2 years ago
When should I use IoT Core?asked 3 months ago
How Amplify PubSub granted access to AWS IoT Core?Accepted Answerasked 15 days ago
IoT Core pricing of basic ingest and QoS 1 combinationAccepted Answerasked a year ago
How to dynamically update the policy of user(Cognito identity) from backend/lambda?asked 2 months ago
AWS IoT test-authorization missing context valuesasked 3 months ago
Amplify PubSub without cognitoasked 3 months ago
unable to Sub scribing with Mqtt data in AWS IoT core with greengrass deploymentasked 23 days ago
Ghost Lambdas responding to IoT Cloud subscriptionsasked 3 years ago
Get the name of the greengrass core through the APIAccepted Answerasked a year ago