- Newest
- Most votes
- Most comments
Hi Balu,
For questions 1 and 2 I would recommend contacting your account team and provide feedback. They can ensure that is provided to the service team.
As for enforcing partition key isolation, if your devices (things) can support publishing to specific topics, you can derive the thingName (clientId) and use that as the partition key. Assuming you have thing1
and thing2
, create a IoT Policy that allows them to publish to unique topics using an Arn such as arn:aws:iot:us-east-1:123456789012:topic/foo/${iot:Connection.Thing.ThingName}
. That will allow thing1
to publish only on foo/thing1
, and similar for thing2, etc.
Then create a rule action that triggers on foo/+
, and derive the partition key by using the topic function. Something like this:
{ "topicRulePayload": { "sql": "SELECT * FROM 'foo/+'", "ruleDisabled": false, "awsIotSqlVersion": "2016-03-23", "actions": [ { "kinesis": { "streamName": "my_kinesis_stream", "partitionKey": "${topic(2)}", "roleArn": "arn:aws:iam::123456789012:role/aws_iot_kinesis" } } ] } }
The rule will enforce the second level namespace as the partition key, and the IoT policy will only allow a thing to publish on a specific topic aligned with it's ThingName.
Hope this helps!
Relevant content
- asked a year ago
- Accepted Answerasked 4 years ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 9 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago