我希望后端能够直接将消息发送给经过身份验证的用户。这意味着我需要限制用户只订阅他们自己的标识符下的主题。理想情况下,以我目前有限的理解,我将有一个将用户 sub 作为变量的策略:
I want my backend to be able to directly send messages to authenticated users. Which means I need to limit the users to only subscribe on topics under their own identifiers. Ideally, to my currently limited understanding, I would have a policy that has the user sub as a variable:
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "iot:Connect", "iot:Publish", "iot:Receive", "iot:GetThingShadow", "iot:UpdateThingShadow", "iot:DeleteThingShadow" ], "Resource": "*" }, { "Effect": "Allow", "Action": [ "iot:Subscribe" ], "Resource": "arn:aws:iot:us-east-1:949960872797:topicfilter/user/${cognitoUserSub}/someTopic" } ] }如果最终认知识别码不是该政策的选择,请告知我我还将提供什么其他识别码。无论是哪种方式,我都需要能够基于用户的认知标识符( sub )以某种方式获取它。
If ultimately the cognito identifier is not an option for this policy, please advise me of what other identifier i would provide. Whichever it is, i need to be able to somehow obtain it based on the user's cognito identifier (the sub).
请注意,我在这方面的知识非常有限,因此我了解到我可能会有所偏离。
Note that my knowledge in this regard is very limited, so I understand that I might be off by quite a bit.
推荐答案已在AWS论坛上回答 forums.aws.amazon/thread .jspa?threadID = 268115
Answered on AWS forum forums.aws.amazon/thread.jspa?threadID=268115
有关如何在AWS IoT中使用认知模式的详细信息,请同时查看 forums.aws.amazon/thread.jspa?threadID=224268
For details on how to use cognito with AWS IoT also check forums.aws.amazon/thread.jspa?threadID=224268
更多推荐
如何仅允许AWS IoT订阅Cognito用户ID(sub)下的主题?
发布评论