0

我在下面创建了以下策略,以限制 MQTT 客户端允许的 ClientID 连接。它应该限制为一个硬编码的 ClientID“测试”和一个作为 AWS 事物名称的 CLientID。使用 AWS Thing 的名称有效,但我的硬编码“测试”ClientId 不起作用?

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "*",
      "Condition": {
        "Bool": {
          "iot:Connection.Thing.IsAttached": [
            "true"
          ]
        },
        "ForAnyValue:StringEquals": {
          "iot:ClientId": [
            "test",
            "${iot:Connection.Thing.ThingName}"
          ]
        }
      }
    },
    {
      "Effect": "Allow",
      "Action": "iot:Publish",
      "Resource": "arn:aws:iot:us-east-1:xxx:topic/$aws/things/${iot:Connection.Thing.ThingName}/*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Subscribe",
      "Resource": "arn:aws:iot:us-east-1:xxx:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/*"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Receive",
      "Resource": "arn:aws:iot:us-east-1:xxx:topic/$aws/things/${iot:Connection.Thing.ThingName}/*"
    }
  ]
}
4

1 回答 1

0

既然你有这个"iot:Connection.Thing.IsAttached": ["true"]集合,我相信一个名为 的事物test需要在事物注册表中注册,并附有主体。

于 2021-02-09T01:01:00.430 回答