- Le plus récent
- Le plus de votes
- La plupart des commentaires
Hi hai. I agree that it seems like it maybe could be redundant, but it's not. You can try it yourself. If the actions are not specified for the authenticated role as well, it will fail.
https://docs.aws.amazon.com/iot/latest/developerguide/cog-iot-policies.html
When your app supports authenticated Amazon Cognito identities, in order to authenticate users, you need to specify a policy in two places. Attach an IAM policy to the authenticated Amazon Cognito Identity pool and attach an AWS IoT Core policy to the Amazon Cognito Identity.
https://aws.amazon.com/blogs/iot/configuring-cognito-user-pools-to-communicate-with-aws-iot-core/
An Amazon Cognito authenticated user needs two policies to access AWS IoT. The first policy is attached to the role of the authenticated pool to authenticate and authorize the Cognito user to communicate with AWS IoT. The second policy is attached to the authenticated Cognito user ID principal for fine-grained permissions.
Contenus pertinents
- demandé il y a un an
- demandé il y a un an
- demandé il y a 2 mois
AWS OFFICIELA mis à jour il y a un an- AWS OFFICIELA mis à jour il y a un an
- AWS OFFICIELA mis à jour il y a 2 ans
- AWS OFFICIELA mis à jour il y a un an
Thank you! but what risk if only one policy is required? why should be two?