本文属于机器翻译版本。若本译文内容与英语原文存在差异,则一律以英文原文为准。
# 保留的消息策略示例
使用[保留的消息](mqtt.md#mqtt-retain)需要具体策略。保留的消息是在设置了 RETAIN 标志并由 AWS IoT Core存储的情况下发布的 MQTT 消息。本节介绍了允许常见使用保留消息的策略示例。
**Topics**
+ [连接和发布保留消息的策略](#retained-message-policy-examples-publish)
+ [连接和发布保留的 Will 消息的策略](#retained-message-policy-examples-publish-lwt)
+ [列出和获取保留消息的策略](#retained-message-policy-examples-list-get)
## 连接和发布保留消息的策略
对于要发布保留消息的设备,设备必须能够连接、发布(任何 MQTT 消息)和发布 MQTT 保留的消息。以下策略为主题授予了这些权限:`device/sample/configuration` 到客户端 **device1**。有关授予连接权限的另一个示例,请参阅 [连接和发布策略示例](connect-and-pub.md)。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:client/device1"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:RetainPublish"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topic/device/sample/configuration"
]
}
]
}
```
## 连接和发布保留的 Will 消息的策略
客户端可以配置一条消息,该消息 AWS IoT Core 将在客户端意外断开连接时发布。MQTT 称这样的消息为 [*Will*消息](http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/errata01/os/mqtt-v3.1.1-errata01-os-complete.html#_Will_Flag)。客户端必须在连接权限中添加附加条件才能包含这些条件。
以下策略文档授予所有客户端连接和发布由主题、`will` 标识的 Will 消息的权限, AWS IoT Core 也将保留。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:client/device1"
],
"Condition": {
"ForAllValues:StringEquals": {
"iot:ConnectAttributes": [
"LastWill"
]
}
}
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:RetainPublish"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topic/will"
]
}
]
}
```
## 列出和获取保留消息的策略
服务和应用程序可以通过调用 [https://docs.aws.amazon.com//iot/latest/apireference/API_iotdata_ListRetainedMessages.html](https://docs.aws.amazon.com//iot/latest/apireference/API_iotdata_ListRetainedMessages.html) 和 [https://docs.aws.amazon.com//iot/latest/apireference/API_iotdata_GetRetainedMessage.html](https://docs.aws.amazon.com//iot/latest/apireference/API_iotdata_GetRetainedMessage.html) 来访问保留的消息,而无需支持 MQTT 客户端。调用这些操作的服务和应用程序必须使用如下示例的策略进行授权。
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:ListRetainedMessages"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:client/device1"
]
},
{
"Effect": "Allow",
"Action": [
"iot:GetRetainedMessage"
],
"Resource": [
"arn:aws:iot:us-east-1:123456789012:topic/foo"
]
}
]
}
```