Best Practices on AWS IoT

0 votes

Just wondering if there actually exist any best practices on AWS IoT regarding the handling of policies.

We could take 2 cases to study this.

Case 1: If we call a lambda(identity-id as param) which creates a policy on the fly and then attach the policy to the identity id. The policy has hardcoded the things name as the following.

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:us-west-2:XXXX:client/hardcodedClient1"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Subscribe",
        "iot:Receive"
      ],
      "Resource": [
        "arn:aws:iot:us-west-2:XXXX:topic/$aws/things/THINGNAME1/*",
        "arn:aws:iot:us-west-2:XXXX:topicfilter/$aws/things/THINGNAME1/*"
      ]
    }
  ]
}

Case 2: If we use policy variables like ${iot:ClientId}, ${iot:ThingName}, we can attach one single policy to all the cognito-identity-users;

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:us-west-2:XXXX:client/${iot:ClientId}"
    },
    {
      "Effect": "Allow",
      "Action": [
        "iot:Publish",
        "iot:Subscribe",
        "iot:Receive"
      ],
      "Resource": [
        "arn:aws:iot:us-west-2:XXXX:topic/$aws/things/${iot:Connection.Thing.ThingName}/*",
        "arn:aws:iot:us-west-2:XXXX:topicfilter/$aws/things/${iot:Connection.Thing.ThingName}/*"
      ]
    }
  ]
}

So, can we infer which is the best practice amongst these?

Dec 26, 2018 in IoT (Internet of Things) by Upasana
• 8,620 points
1,552 views

1 answer to this question.

0 votes
I would recommend you use Case 2 using the policy variables. It reduces the number of policies to deal with and keep them meaningful and re-usable.

Also, it will save you a lot of time and money as you aren't using Lambda. It also prevents you from having to create a policy every time.

And if we're talking about security, rest assured because it has nothing to do with the policy variables.
answered Dec 26, 2018 by Shubham
• 13,490 points

Related Questions In IoT (Internet of Things)

0 votes
1 answer
0 votes
1 answer

USB Mobile Broadband Modem on Windows 10 IoT

I was looking for a solution too, ...READ MORE

answered Jul 9, 2018 in IoT (Internet of Things) by anonymous2
• 4,240 points
2,760 views
0 votes
1 answer

aws iot describe-endpoint::You must specify a region

This fixed the problem: Browse to https://console.aws.amazon.com/iam/home?region=us-west-2#security_credentialand then if ...READ MORE

answered Jul 11, 2018 in IoT (Internet of Things) by anonymous2
• 4,240 points
1,260 views
0 votes
1 answer
0 votes
1 answer

AWS IOT Button Wifi network name

You can read about the complete setup ...READ MORE

answered Oct 12, 2018 in IoT (Internet of Things) by Annie97
• 2,160 points
776 views
0 votes
1 answer

Issue with connection on Watson IoT Out node on Raspberry Pi

The frequent disconnects could be due to ...READ MORE

answered Dec 20, 2018 in IoT (Internet of Things) by Shubham
• 13,490 points
1,043 views
0 votes
1 answer

Windows IoT on Raspberry Pi Unique Identifier

Try getting the MAC address of your network. var ...READ MORE

answered Mar 8, 2019 in IoT (Internet of Things) by Shubham
• 13,490 points
1,099 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP