基本任务策略示例
此示例说明了任务目标所需的策略状态,任务目标是接收任务请求并与 AWS IoT 通信任务执行状态的单个设备。
将 us-west-2:57EXAMPLE833 替换为您的 AWS 区域、冒号字符 (:) 和 12 位数字 AWS 账户 编号,然后将 uniqueThingName 替换为表示 AWS IoT 中设备的事物资源名称。
- JSON
-
-
{ "Version":"2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": [ "arn:aws:iot:us-west-2:111122223333:client/uniqueThingName" ] }, { "Effect": "Allow", "Action": [ "iot:Publish" ], "Resource": [ "arn:aws:iot:us-west-2:111122223333:topic/test/dc/pubtopic", "arn:aws:iot:us-west-2:111122223333:topic/$aws/events/job/*", "arn:aws:iot:us-west-2:111122223333:topic/$aws/events/jobExecution/*", "arn:aws:iot:us-west-2:111122223333:topic/$aws/things/uniqueThingName/jobs/*" ] }, { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": [ "arn:aws:iot:us-west-2:111122223333:topicfilter/test/dc/subtopic", "arn:aws:iot:us-west-2:111122223333:topicfilter/$aws/events/jobExecution/*", "arn:aws:iot:us-west-2:111122223333:topicfilter/$aws/things/uniqueThingName/jobs/*" ] }, { "Effect": "Allow", "Action": [ "iot:Receive" ], "Resource": [ "arn:aws:iot:us-west-2:111122223333:topic/test/dc/subtopic", "arn:aws:iot:us-west-2:111122223333:topic/$aws/things/uniqueThingName/jobs/*" ] }, { "Effect": "Allow", "Action": [ "iotjobsdata:DescribeJobExecution", "iotjobsdata:GetPendingJobExecutions", "iotjobsdata:StartNextPendingJobExecution", "iotjobsdata:UpdateJobExecution" ], "Resource": [ "arn:aws:iot:us-west-2:111122223333:topic/$aws/things/uniqueThingName" ] } ] }
事物策略示例
使用 Amazon Cognito Identity 的授权