跳至內容
使用 AWS re:Post 即表示您同意 AWS re:Post 使用條款
AWS re:Postre:Post
關於 re:Post

IAM policy for authenticated user for IoT

0

Following AWS doc link talks about IAM policy for authenticated role for publisher.

https://docs.aws.amazon.com/iot/latest/developerguide/cog-iot-policies.html

But what will the authenticated IAM policy for subscriber? This is not given in the docs.

主題
物聯網 (IoT)安全性、身分識別與合規
標籤
Amazon CognitoAWS IoT Core
語言
English
已提問 3 年前檢視次數 605 次
1 個回答
0

Something like this would work to allow for the device to subscribe to a specific topic

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "iot:Connect"
            ],
            "Resource": [
                "arn:aws:iot:us-east-1:123456789012:client/clientId1",
                "arn:aws:iot:us-east-1:123456789012:client/clientId2",
                "arn:aws:iot:us-east-1:123456789012:client/clientId3"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iot:Subscribe"
            ],
            "Resource": [
                "arn:aws:iot:us-east-1:123456789012:topicfilter/some_specific_topic"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "iot:Receive"
            ],
            "Resource": [
                "arn:aws:iot:us-east-1:123456789012:topic/some_specific_topic"
            ]
        }
    ]
}
AWS
已回答 3 年前
  • rePost-User-7094053
    3 年前

    Thanks. Yes this is what I was thinking. So IoTcore's own policy and IoTcore policy for cognito both seems to be having similar info.

  • Gavin_A
    3 年前

    For Cognito principals, it's best practice to attach an AWS IoT Policy. When the principals connects using the IAM authenticated policy (which can have iot:connect), the attached IoT Policy is the one that is actually applied (connect, publish, subscribe, etc.).

您尚未登入。 登入 去張貼答案。

一個好的回答可以清楚地回答問題並提供建設性的意見回饋,同時有助於提問者的專業成長。

相關內容