- Newest
- Most votes
- Most comments
https://docs.aws.amazon.com/iot/latest/developerguide/thing-policy-variables.html
The thing name is obtained from the client ID in the MQTT Connect message sent when a thing connects to AWS IoT Core.
And:
When you're replacing thing names with thing policy variables, the value of clientId in the MQTT connect message or the TLS connection must exactly match the thing name.
Could you clarify on this? For instance if client_id of a connection is "my_thingname__shadow" then "iot:Connection.Thing.ThingName" will evaluate to "my_thingname__shadow" or "my_thingname" ?
Aren't the following two statements from the docs contradictory ?
- "The thing name is obtained from the client ID in the MQTT Connect message sent when a thing connects to AWS IoT Core"
- "iot:Connection.Thing.ThingName: This resolves to the name of the thing in the AWS IoT Core registry for which the policy is being evaluated."
One is saying thing_name = client_id and the other says thing_name = name of the thing in registry.
Wouldn't that be a security issue if thing name was obtained from client_id? I can then connect with whatever client_id I want and claim access to other things by using their thing_name as my client_id.
Relevant content
- asked 2 years ago
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago
I have the same problem. Did you find a solution?
Hello, I'm facing the same issue. Has anyone been able to solve it? I know there's the option of creating another Thing with the second Thing name. but i wanted to avoid having two things for every device