1 回答
- 最新
- 投票最多
- 评论最多
0
Nailed it. This policy grants access to my application logic (ThingName/) and the jobs in the form that aws-iot-device-sdk-js/examples/jobs-agent.js wants them ($aws/things/ThingName/jobs/).
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-1:MYACCOUNTID:client/${iot:Connection.Thing.ThingName}"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:MYACCOUNTID:topicfilter/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:us-east-1:MYACCOUNTID:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-1:MYACCOUNTID:topic/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:us-east-1:MYACCOUNTID:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish"
],
"Resource": [
"arn:aws:iot:us-east-1:MYACCOUNTID:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*"
]
}
]
}
已回答 5 年前