文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
文章/答案/技术大牛
发布
首页
学习
活动
专区
圈层
工具
返回腾讯云官网
社区首页 >问答首页 >用于阴影和作业的AWS IoT策略

用于阴影和作业的AWS IoT策略
EN

Stack Overflow用户
提问于 2022-11-18 05:58:02
回答 1查看 18关注 0票数 0

我正在尝试创建一个策略,允许我的东西读取和更新阴影,接受和运行作业,并且通常允许在它们的命名空间中运行。我已经经历了无数次的迭代,如果我将策略锁定为"*“以外的任何内容,我就无法手动更新控制台中的阴影,并让我的设备接受MQTT上的更改。我的政见如下:

代码语言:javascript
运行
复制
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:us-east-1:ACCOUNT:client/${iot:Connection.Thing.ThingName}"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": [
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/events/job/*",
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/events/jobExecution/*",
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/*",
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": [
        "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/*",
        "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*",
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/events/jobExecution/*",
        "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": [
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:DescribeJobExecution",
        "iot:GetPendingJobExecutions",
        "iot:StartNextPendingJobExecution",
        "iot:UpdateJobExecution"
      ],
      "Resource": "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}"
    }
  ]
}

我意识到这里有些多余的地方,但我还是没有成功。我也尝试过硬编码${iot:Connection.Thing.ThingName}到一个东西的名字,但也没有成功。如能提供任何帮助,我们将不胜感激。

amazon-web-services
amazon-iam
iot
EN

回答 1

Stack Overflow用户

发布于 2022-11-18 09:33:59

这是对我有用的。确保您的证书没有附加任何其他策略来覆盖某些权限。

代码语言:javascript
运行
复制
 {
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:us-east-1:ACCOUNT:client/${iot:Connection.Thing.ThingName}"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": [
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update",
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete",
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/get",
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/events/job/*",
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/events/jobExecution/*",
        "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": [
          "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/accepted",
          "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/rejected",
          "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/delta",
          "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete/accepted",
          "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete/rejected",
          "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/events/jobExecution/*",
          "arn:aws:iot:us-east-1:ACCOUNT:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": [
          "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/accepted",
          "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/rejected",
          "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/update/delta",
          "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete/accepted",
          "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/shadow/delete/rejected",
          "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}/jobs/*"
      ]
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:DescribeJobExecution",
        "iot:GetPendingJobExecutions",
        "iot:StartNextPendingJobExecution",
        "iot:UpdateJobExecution"
      ],
      "Resource": "arn:aws:iot:us-east-1:ACCOUNT:topic/$aws/things/${iot:Connection.Thing.ThingName}"
    }
  ]
}
票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/74485453

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2025 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 深公网安备号 44030502008569

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号 | 京公网安备号11010802020287

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档