我正在自动化过程中为IoT devices
内部创建证书。AWS IoT-Core
每个证书都允许publish
且subscribe
仅适用于策略中定义的特定主题。
如果我只使用 3 到 5 个有效的主题,则会创建证书并允许发布或订阅这些主题。
如果我尝试创建一个包含 10 个或更多主题的列表,它将不起作用。事实上,它在 10 个主题中引发了这个错误。因为 JSON 策略变得比2048
.
这是错误
Error
The action failed because the input is not valid. Policy cannot be created - size exceeds hard limit (2048)
这就是政策
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:xxxx:topicfilter/*/topic1/level2",
"arn:aws:iot:us-east-1:xxxx:topicfilter/*/topic2/level2",
"arn:aws:iot:us-east-1:xxxx:topicfilter/*/topic3/level2",
... 20 more topics
]
},
{
"Effect": "Allow",
"Action": [
"iot:Receive"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish"
],
"Resource": [
"arn:aws:iot:us-east-1:xxxx:topic/*/topic1/level2",
"arn:aws:iot:us-east-1:xxxx:topic/*/topic2/level2",
"arn:aws:iot:us-east-1:xxxx:topic/*/topic3/level2",
... 20 more topics
]
}
]
}
所以在我看来,我们可以在这里有两种可能的解决方案来解决我的问题:
- 增加保单限额
- 更改有关如何限制设备发布或订阅特定频道的策略
关于如何使用以前的策略或其他策略解决此问题的任何想法?
这是AWS 开发论坛中的同一个问题,没有答案。