I am using AWS android SDK to connect to AWS IoT. The following policy allow my app to successfully connect to AWS IoT except when i make this change
"Resource": "arn:aws:iot:us-west-2:1234567890xxx:topic/topic1" I have tried almost every possible custom option but the policy works only for "*" wild card that means "any resource and/or any topics".
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:Connect", "Resource": "arn:aws:iot:us-west-2:1234567890xxx:client/mobile-client-master" }, { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Subscribe", "iot:Receive" ], "Resource": "*" } ] }
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "iot:Connect", "Resource": "arn:aws:iot:us-west-2:1234567890xxx:client/mobile-client-master" }, { "Effect": "Allow", "Action": [ "iot:Publish", "iot:Subscribe", "iot:Receive" ], "Resource": "arn:aws:iot:us-west-2:1234567890xxx:topic/topic1" } ] }
I have tried almost every possible custom option but the policy works only for "*" wild card that means "any resource and/or any topics".
The reason is Subscribe needs topicfilter Resource and not topic
Here's an Example:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-1:xxx:topic/$aws/certificates/create/*",
"arn:aws:iot:us-east-1:xxx:topic/$aws/provisioning-templates/test/provision/*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:xxx:topicfilter/$aws/certificates/create/*",
"arn:aws:iot:us-east-1:xxx:topicfilter/$aws/provisioning-templates/test/provision/*"
]
}
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.