1 Answer
- Newest
- Most votes
- Most comments
0
Nailed it. This policy grants access to my application logic (ThingName/) and the jobs in the form that aws-iot-device-sdk-js/examples/jobs-agent.js wants them ($aws/things/ThingName/jobs/).
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-1:MYACCOUNTID:client/${iot:Connection.Thing.ThingName}"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:MYACCOUNTID:topicfilter/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:us-east-1:MYACCOUNTID:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-1:MYACCOUNTID:topic/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:us-east-1:MYACCOUNTID:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish"
],
"Resource": [
"arn:aws:iot:us-east-1:MYACCOUNTID:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*"
]
}
]
}
answered 5 years ago
Relevant content
- Accepted Answerasked 7 months ago
- asked 2 years ago
- Accepted Answerasked 10 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 4 months ago