AWS re:Postを使用することにより、以下に同意したことになります AWS re:Post 利用規約
AWS re:Postre:Post

Policy Thing Problem

0

Dear all, I am facing an issue with the thing policies, I need to have a restriction in the publish and subscribe resources such that the thing name must be included and to have the resources of the action IoT:Connect to be a , the problem is that if I use the policy version 2 s mentioned nothing would be published unless the client_ID that I am using matches the Thing name which is not my intentions, I need to have a a flexible client_ID not restricted to thing name while restricting the topics to publish and subscribe from them to the thing name since I am interested in having two codes or two clients that publish on to the same topic and can read data from each other. If i leave everything without restriction as policy3 it works but I need to have certain restrictions how can I solve this issue: Policy Version 1: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:Connect", "Resource": "arn:aws:iot:eu-central-1:624671744366:client/${iot:Connection.Thing.ThingName}" }, { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Receive" ], "Resource": [ "arn:aws:iot:eu-central-1:624671744366:topic/${iot:Connection.Thing.ThingName}/" ] }, { "Effect": "Allow", "Action": "iot:Subscribe", "Resource": [ "arn:aws:iot:eu-central-1:624671744366:topicfilter/${iot:Connection.Thing.ThingName}/" ] } ] } Policy Version 2: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:Connect", "Resource": "" }, { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Receive" ], "Resource": "arn:aws:iot:eu-central-1:624671744366:topic/${iot:Connection.Thing.ThingName}/" }, { "Effect": "Allow", "Action": "iot:Subscribe", "Resource": "arn:aws:iot:eu-central-1:624671744366:topicfilter/${iot:Connection.Thing.ThingName}/" } ] } Policy Version 3: { "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:Connect", "Resource": "" }, { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Receive" ], "Resource": "" }, { "Effect": "Allow", "Action": "iot:Subscribe", "Resource": "*" } ] }

トピック
モノのインターネット (IoT)
タグ
AWS IoT Core
言語
English
Mohamed Smaili
質問済み 1ヶ月前103ビュー
2回答
1

Please Check once below policy,

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "iot:Connect",
            "Resource": ""
        },
        {
            "Effect": "Allow",
            "Action": [
                "iot:Publish",
                "iot:Receive"
            ],
            "Resource": "arn:aws:iot:eu-central-1:624671744366:topic/${iot:Connection.Thing.ThingName}/"
        },
        {
            "Effect": "Allow",
            "Action": "iot:Subscribe",
            "Resource": "arn:aws:iot:eu-central-1:624671744366:topicfilter/${iot:Connection.Thing.ThingName}/"
        }
    ],
    "Condition": {
        "StringEquals": {
            "iot:ClientId": "${iot:Connection.Thing.ThingName}"
        }
    }
}
Thanniru Anil Kumar
回答済み 1ヶ月前
0

Hi. Please see here in regards to the thing name policy variable: https://docs.aws.amazon.com/iot/latest/developerguide/thing-policy-variables.html

The thing name is obtained from the client ID in the MQTT Connect message sent when a thing connects to AWS IoT Core.

When you're replacing thing names with thing policy variables, the value of clientId in the MQTT connect message or the TLS connection must exactly match the thing name.

So it's currently not possible to use that policy variable and "have a flexible client_ID not restricted to thing name".

profile pictureAWS
エキスパート
Greg_B
回答済み 1ヶ月前

ログインしていません。 ログイン 回答を投稿する。

優れた回答とは、質問に明確に答え、建設的なフィードバックを提供し、質問者の専門分野におけるスキルの向上を促すものです。

質問に答えるためのガイドライン

関連するコンテンツ