AWS IoT Policyin Android doesnt work with custom topic
Question
I am using AWS android SDK to connect to AWS IoT. The following policy allow my app to successfully connect to AWS IoT except when i make this change
"Resource": "arn:aws:iot:us-west-2:1234567890xxx:topic/topic1" I have tried almost every possible custom option but the policy works only for "*" wild card that means "any resource and/or any topics".
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": "arn:aws:iot:us-west-2:1234567890xxx:client/mobile-client-master"
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Subscribe",
"iot:Receive"
],
"Resource": "*"
}
]
}
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "iot:Connect",
"Resource": "arn:aws:iot:us-west-2:1234567890xxx:client/mobile-client-master"
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Subscribe",
"iot:Receive"
],
"Resource": "arn:aws:iot:us-west-2:1234567890xxx:topic/topic1"
}
]
}
I have tried almost every possible custom option but the policy works only for "*" wild card that means "any resource and/or any topics".
1 answers
solution1
0 2019-12-13 19:17:52
The reason is Subscribe needs topicfilter Resource and not topic
Here's an Example:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:us-east-1:xxx:topic/$aws/certificates/create/*",
"arn:aws:iot:us-east-1:xxx:topic/$aws/provisioning-templates/test/provision/*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:xxx:topicfilter/$aws/certificates/create/*",
"arn:aws:iot:us-east-1:xxx:topicfilter/$aws/provisioning-templates/test/provision/*"
]
}
]
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.