【问题标题】:Permissions to start, update AWS IOT job启动、更新 AWS IOT 作业的权限
【发布时间】:2019-12-25 14:36:01
【问题描述】:

我的 AWSIotTopic 类中有 onMessage 函数,它在创建 AWS IoT 作业时启动 AWS 作业(监听主题 $aws/things/%s/jobs/notify-next)。我无法从本地 Java 应用程序更改作业状态。当我将策略附加到具有所有权限的注册证书时,即:

"Action": "*",
"Resource": "*"

我的申请有效,我可以更改工作状态。我必须添加哪些权限才能更改工作状态?

"Effect": "Allow",
  "Action": [
    "iot:UpdateJobExecution",
    "iot:StartNextPendingJobExecution"
    ],
  "Resource": "arn:aws:iot:eu-west-2:125960935295:thing/thingID"
}

以上权限不允许启动和更新作业

【问题讨论】:

    标签: java amazon-web-services aws-sdk aws-iot


    【解决方案1】:

    我解决了。除了iot:Subscribe之外,还需要在主题notify-next中添加iot:Receive。在设备上执行作业的所有权限:

        {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Effect": "Allow",
          "Action": "iot:Subscribe",
          "Resource": "arn:aws:iot:<region>:<awsID>:topicfilter/$aws/things/<deviceID>/jobs/notify-next"
        },
        {
          "Effect": "Allow",
          "Action": "iot:Receive",
          "Resource": "arn:aws:iot:<region>:<awsID>:topic/$aws/things/<deviceID>/jobs/notify-next"
        },
        {
          "Effect": "Allow",
          "Action": "iot:Publish",
          "Resource": "arn:aws:iot:<region>:<awsID>:topic/some"
        },
        {
          "Effect": "Allow",
          "Action": "iot:Connect",
          "Resource": "arn:aws:iot:<region>:<awsID>:client/<deviceID>"
        },
        {
          "Effect": "Allow",
          "Action": [
            "iot:UpdateJobExecution",
            "iot:StartNextPendingJobExecution"
            ],
          "Resource": "arn:aws:iot:<region>:<awsID>:thing/<deviceID>"
        }
      ]
    }
    

    【讨论】:

      猜你喜欢
      • 2018-10-13
      • 2022-01-26
      • 1970-01-01
      • 2013-08-10
      • 2022-06-10
      • 1970-01-01
      • 2019-01-20
      • 2019-01-09
      • 2014-11-09
      相关资源
      最近更新 更多