事物策略示例 - Amazon IoT Core
Amazon Web Services 文档中描述的 Amazon Web Services 服务或功能可能因区域而异。要查看适用于中国区域的差异,请参阅中国的 Amazon Web Services 服务入门

事物策略示例

如果用于在 Amazon IoT Core 中进行身份验证的证书附加到要评估策略的事物,则以下策略允许设备进行连接:

{ "Version":"2012-10-17", "Statement":[ { "Effect":"Allow", "Action":["iot:Connect"], "Resource":[ "*" ], "Condition": { "Bool": { "iot:Connection.Thing.IsAttached": ["true"] } } } ] }

如果证书附加到具有特定事物类型的事物,并且该事物具有值为 attributeValueattributeName 属性,则以下策略允许设备进行发布。有关事物策略变量的更多信息,请参阅事物策略变量

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish" ], "Resource": "arn:aws:iot:us-east-1:123456789012:topic/device/stats", "Condition": { "StringEquals": { "iot:Connection.Thing.Attributes[attributeName]": "attributeValue", "iot:Connection.Thing.ThingTypeName": "Thing_Type_Name" }, "Bool": { "iot:Connection.Thing.IsAttached": "true" } } } ] }

以下策略允许设备发布到以事物的属性开头的主题。如果设备证书与事物不关联,则将无法解析此变量,并将导致访问被拒绝错误。有关事物策略变量的更多信息,请参阅事物策略变量

{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Publish" ], "Resource": "arn:aws:iot:us-east-1:123456789012:topic/${iot:Connection.Thing.Attributes[attributeName]}/*" } ] }