- Newest
- Most votes
- Most comments
Hi Majh,
you are correct that the disconnect happens when the client breaks the policy. In the specific case, all clients using a clientId
different from the Thing Name will break the first policy when trying to publish to abc/MY_THING_NAME/hello
. This is because the ${iot:Connection.Thing.ThingName}
only resolves to the Thing Name when the the clientId
is the same as the Thing Name.
Assuming you really need to have multiple connections using the same certificate - which should only be the case when all connections are established from the same device - then you can use a certificate policy variable instead.
If you are using AWS IoT Certificates you can use a CSR to populate Subject variables when creating the certificate with CreateCertificateFromCsr.
Your policy would then be:
{
"Effect": "Allow",
"Action": [
"iot:Publish"
],
"Resource": [ "arn:aws:iot:ap-pt:xxxxx:topic/abc/${iot:Certificate.Subject.CommonName}/*" ]
}
Cheers,
Massimiliano
Relevant content
- Accepted Answerasked 3 years ago
- Accepted Answerasked 2 months ago
- asked 3 years ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 5 months ago