AWS IoT
开发人员指南
AWS 服务或AWS文档中描述的功能,可能因地区/位置而异。请点击 Amazon AWS 入门,可查看中国地区的具体差异

证书策略示例

以下策略允许设备在名称与设备用于自我身份验证的证书的 certificateId 相同的主题上发布:

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action":["iot:Publish"], "Resource": ["arn:aws:iot:us-east-1:123456789012:topic/${iot:CertificateId}"] }, { "Effect": "Allow", "Action": ["iot:Connect"], "Resource": ["*"] }] }

以下策略允许设备在主题上发布,其中主题名称与设备用于自我身份验证的证书的主题常用名字段相同:

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action":["iot:Publish"], "Resource": ["arn:aws:iot:us-east-1:123456789012:topic/${iot:Certificate.Issuer.CommonName}"] }, { "Effect": "Allow", "Action": ["iot:Connect"], "Resource": ["*"] }] }

当用于对设备进行身份验证的证书的 Subject.CommonName.2 字段设置为“Administrator”时,以下策略允许设备在前缀为“admin/”的主题上发布:

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["iot:Connect"], "Resource": ["*"] }, { "Effect": "Allow", "Action": ["iot:Publish"], "Resource": ["arn:aws:iot:us-east-1:123456789012:topic/admin/*"], "Condition": { "StringEquals": { "iot:Certificate.Subject.CommonName.2": "Administrator" } } }] }

当用于对设备进行身份验证的证书的任意一个 Subject.Common 字段设置为“Administrator”时,以下策略允许设备在前缀为“admin/”的主题上发布:

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": ["iot:Connect"], "Resource": ["*"] }, { "Effect": "Allow", "Action": ["iot:Publish"], "Resource": ["arn:aws:iot:us-east-1:123456789012:topic/admin/*"], "Condition": { "ForAnyValue:StringEquals": { "iot:Certificate.Subject.CommonName.List": "Administrator" } } }] }