1 Answer
- Newest
- Most votes
- Most comments
1
Hi Frank. I would guess the Resource
fields are wildcards. In general, you should try to use policy variables to make least privilege Resource definitions. Some guidance here: https://docs.aws.amazon.com/iot/latest/developerguide/audit-chk-iot-policy-permissive.html#audit-chk-iot-policy-permissive-how-to-fix
Relevant content
- asked 7 months ago
- asked 4 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 6 months ago
Yes, the resource ends in a wildcard but I don't know why it would not. Perhaps I am not understanding what 'resources' the wildcard is selecting in this context. I can't think of any resource related to IoT that my devices should not be able to access.
The policy resource for each item says arn:aws:iot:us-east-1:[number]:*
Please check the examples in the link. You need to make resource specifiers that are more specific than what you currently have.