AWS IoT
开发人员指南
AWS 文档中描述的 AWS 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 AWS 服务入门

连接策略示例

以下策略授予使用客户端 ID“client1”连接到 AWS IoT 的权限:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/client1" ] } ] }

以下策略拒绝授予使用客户端 ID“client1”和“client2”连接到 AWS IoT 的权限,但允许设备使用与 AWS IoT Registry 中注册的事物名称匹配的客户端 ID 进行连接:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Deny", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/client1", "arn:aws:iot:us-east-1:123456789012:client/client2" ] }, { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/${iot:Connection.Thing.ThingName}" ] } ] }
registered devices (3)unregistered devices (3)
registered devices (3)

对于在 AWS IoT Registry 中注册为事物并具有与指定事物关联的证书的设备,以下策略授予使用事物名称作为客户端 ID 进行连接和订阅主题筛选条件 foo/bar 的权限:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/${iot:Connection.Thing.ThingName}" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:topicfilter/foo/bar" ] } ] }
unregistered devices (3)

对于未在 AWS IoT Registry 中注册为事物的设备,以下策略授予使用客户端 ID“client1”进行连接和订阅主题筛选条件 foo/bar 的权限:

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:client/client1" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:us-east-1:123456789012:topicfilter/foo/bar" ] } ] }