By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

aws iot core policy

0

There's AWS IoT Policy. { "version": "2012-10-17", "name": [ { "effect": "allow", "action": "iot:connection", "resources": "arn:aws:iot:ap-northeast-2:170111111111:client/${iot:Connection.Thing.ThingName}" }, { "effect": "allow", "action": "iot:publish", "resources": "arn:aws:iot:ap-northeast-2:170111111111:topic/test1/test2/test3" } ] } There was something registered in testDevice. When hosting on an MQTT device, set the ID to testDevice and connect No connection.

{ "version": "2012-10-17", "name": [ { "effect": "allow", "action": "iot:connection", "resource": "arn:aws:iot:ap-northeast-2:170111111111:client/testDevice" }, { "effect": "allow", "action": "iot:publish", "resources": "arn:aws:iot:ap-northeast-2:170111111111:topic/test1/test2/test3" } ] } Once you set the path, you will be connected. An owner with special registered credentials in AWS IoT Core. Every time an ingenious device is created in one piece. "resources": "arn:aws:iot:ap-northeast-2:170111111111:client/testDevice2" "resources": "arn:aws:iot:ap-northeast-2:170111111111:client/testDevice3"

Please add more. Is there an owner who can own a particular property that is registered?

Topics
Internet of Things (IoT)
Tags
AWS IoT Core
Language
English
rePost-User-1228067
asked 5 months ago148 views
1 Answer
0

Hello,

I understand that, your device/client is unable to connect with AWS IoT Core when the IoT policy constitutes policy variable ‘iot:Connection.Thing.ThingName’. However, when setting the resource path, the devices were able to get connected.

Please be informed that when thing policy variables are introduced in AWS IoT policy, the clientId in the MQTT request need to exactly match with the thing name(registered in AWS IoT) to which such policy is associated. For example, if the first policy is attached to AWS IoT Thing named as ‘abc’ then only MQTT Connect request whose clientId=abc will be accepted by AWS IoT service.

To learn more about Thing Policy variables take a look at the below document:

[+] Thing policy variables - https://docs.aws.amazon.com/iot/latest/developerguide/thing-policy-variables.html

Alternatively, to be able to open/send multiple MQTT Connect request using same set of credentials(AWS IoT Policy here as auth mechanism) you can specify a generic pattern(a prefix/suffix) for a clientId.

I see that you provided the IoT Policy to us however, to assist you further, we need to understand the detailed use case and configurations of your IoT resources, specially more insights on the “special registered credentials” pertaining to your use. Thus, to discuss and further assist you in best possible way, I suggest you to open a technical case from AWS Support console and confirm the following:

1.) If you are using any device provisioning mechanism to register devices in AWS IoT Core. If yes, can you please specify which approach are you implementing at your end?

[+] Device provisioning - https://docs.aws.amazon.com/iot/latest/developerguide/iot-provision.html

2.) Can you please elaborate your use-case along with what do you mean by an owner who can own a specific property. Is it AWS IoT Thing attributes/tags/thing types/groups etc?

AWS_User_1999
answered 5 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content