I want the communication to be done with publish and subcribe methods over mqtt. I don't want to use Shadow services.
With the JITR method, devices can easily authentication with the AWS IoT by using device certificate that was signed by my unique CA. Each device has a unique certificate and a unique policy associated with that certificate.
The following policy has only been added to a device's certificate.
Device's client id is = edb656635694fb25f2e6d50f361c37d64aa31e72118224df19f151ee70cc2923
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": "arn:aws:iot:<REGION>:<USER-ID>:client/edb656635694fb25f2e6d50f361c37d64aa31e72118224df19f151ee70cc2923"
},
..........
.........
]
}
The user who buys the IOT device performs the following steps during registration with the iot device:
- Sign up the AWS Cognito Service.
- Policy name and client id info are sent from the iot device to the phone via Bluettoth.
- It registers the Cognito identity with Policy using AttachPolicy.
https://imgur.com/a/hfWqjkD
I found out that it only accepts a single connection with the client id. That's why the above didn't work.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": [
"arn:aws:iot:<REGION>:<USER-ID>:client/edb656635694fb25f2e6d50f361c37d64aa31e72118224df19f151ee70cc2923",
"arn:aws:iot:<REGION>:<USER-ID>:client/mobileUser1"
]
},
When I changed the identity as above, the system worked. With this method, I was able to restrict the resources of both iot devices and phone users.
But I did the above process manually(adding a new line to policy), What should I do for mass production?
At the same time, another iot device will have its own policy. How can the user communicate with iot devices? At the same time, more than one client can be paired to an iot device. I think I'm on the wrong way please guide me.