Enforce IOT policy with Thing attributes - client disconnects

Question

I have a thing connected to AWS IoT and sending messages with no problems, my policy looks like this

```
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "iot:Connect",
        "iot:Subscribe"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Receive",
        "iot:Publish"
      ],
      "Resource": [
        "arn:aws:iot:eu-central-1:574787835894:topic/FOO/*"
      ]
    }
  ]
}
```

My thing is using a type with a searchable attribute called "prefix"  
Type is properly attached to the thing  
Attribute key is properly filled with "prefix" and its value with "FOO"  
However, when I update the policy to use searchable attributes in this way client disconnects with AUTH failure:

```
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": [
            "iot:Connect",
            "iot:Subscribe"
          ],
          "Resource": "*"
        },
        {
          "Effect": "Allow",
          "Action": [
            "iot:Receive",
            "iot:Publish"
          ],
          "Resource": [
            "arn:aws:iot:eu-central-1:574787835894:topic/${iot:Connection.Thing.Attributes[prefix]}/*"
          ]
        }
      ]
    }
```

I have spent a lot of hours to debug this problem without success, please, any idea?

Answer

Hi,   
  
Note that to use thing policy variables, the value of the client id must match with thing name. Also, the device certificate must have an association with the respective thing. Please check these two and let us know if the problem still persists.   
  
Hope it helps

Answer

you were right, the name was different because in AWS I had replaced the dots by dashes, once the name is the same on both sides it works properly. Thank you !

Enforce IOT policy with Thing attributes - client disconnects

Relevant content