本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
連線和發佈政策範例
對於在登 AWS IoT Core 錄中註冊為物件的裝置,下列原則會授 AWS IoT Core 與使用符合物名稱的用戶端 ID 連線的權限,並限制裝置在 Client ID 或物名特定 MQTT 主題上發佈。若要使連線成功,物件名稱必須在登 AWS IoT Core 錄中註冊,並使用附加至物件的識別或主參與者進行驗證:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action":["iot:Publish"], "Resource": ["arn:aws:iot:us-east-1:123456789012:topic/${iot:Connection.Thing.ThingName}"] }, { "Effect": "Allow", "Action": ["iot:Connect"], "Resource": ["arn:aws:iot:us-east-1:123456789012:client/${iot:Connection.Thing.ThingName}"] } ] }
對於未在登 AWS IoT Core 錄中註冊為物件的裝置,下列原則會授予 AWS IoT Core 與用戶端 ID 連線的權限,client1並限制裝置在用戶端特定 MQTT 主題上發佈:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action":["iot:Publish"], "Resource": ["arn:aws:iot:us-east-1:123456789012:topic/${iot:ClientId}"] }, { "Effect": "Allow", "Action": ["iot:Connect"], "Resource": ["arn:aws:iot:us-east-1:123456789012:client/client1"] } ] }
