AWS IoT
开发人员指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

连接策略示例

以下策略授予权限以使用客户端 ID client1 连接到 AWS IoT:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/client1" ] } ] }

以下策略拒绝使用客户端 ID client1client2 连接到 AWS IoT 的权限,但允许设备使用与 AWS IoT 注册表中注册的事物名称匹配的客户端 ID 进行连接:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/client1", "arn:aws:iot:us-east-1:123456789012:client/client2" ] }, { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/${iot:Connection.Thing.ThingName}" ] } ] }
Registered devices (3)Unregistered devices (3)
Registered devices (3)

以下策略授予设备使用其事物名称作为客户端 ID 进行连接和订阅主题筛选条件 my/topic/filter 的权限。设备必须向 AWS IoT 注册。在连接到 AWS IoT 时,设备必须提供与 AWS IoT 注册表中的事物关联的证书:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/${iot:Connection.Thing.ThingName}" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:topicfilter/my/topic/filter" ] } ] }
Unregistered devices (3)

对于未在 AWS IoT 注册表中注册为事物的设备,以下策略授予权限以使用客户端 ID client1 进行连接以及订阅主题筛选条件 my/topic

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/client1" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:topicfilter/my/topic" ] } ] }