Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AWS IoT Policy: subscribe vs receive actions

Tags:

amazon-web-services

aws-iot

iot

Most of the time I eventually create AWS IoT policies with the same content for Subscribe and Receive actions. If someone is allowed to subscribe one topic, it must be allowed to receive a message published to that topic.

Another approach is to specify the exact topics to subscribe and use everything wildcard (*) for Receive action. If someone is allowed to subscribe a list of topics, it will never receive messages from other topics, so why bother to specify the exact topics in Receive actions too?

The only use case when Receive should be different from Subscribe is when an already connected and subscribed thing/user must be disallowed to receive messages publish to one topic already subscribed. However this is a very particular situation.

like image 743
pozzugno Avatar asked Jul 05 '19 11:07

pozzugno

People also ask

What are AWS IoT policies?

AWS IoT Core policies allow you to control access to the AWS IoT Core data plane. The AWS IoT Core data plane consists of operations that allow you to connect to the AWS IoT Core message broker, send and receive MQTT messages, and get or update a thing's Device Shadow.

What is a publish subscribe pub/sub service that enables the sending and receiving of messages to and from AWS IoT core?

Publish/subscribe (pubsub) messaging enables you to send and receive messages to topics. Components can publish messages to topics to send messages to other components. Then, components that are subscribed to that topic can act on the messages that they receive.

What is action in IoT?

PDF. AWS IoT rule actions specify what to do when a rule is triggered. You can define actions to send data to an Amazon DynamoDB database, send data to Amazon Kinesis Data Streams, invoke an AWS Lambda function, and so on.

Video Answer

1 Answers

This situation you describe is the exactly the situation described in the AWS documentation.

https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html

iot:Receive

Represents the permission to receive a message from AWS IoT. The iot:Receive permission is checked every time a message is delivered to a client. Because this permission is checked on every delivery, it can be used to revoke permissions to clients that are currently subscribed to a topic.

like image 172
cementblocks Avatar answered Sep 20 '22 13:09

cementblocks
Sign in to Comment

Related questions

Multi-Tenant Application on AWS - Multiple SSL Certificate Installation Strategies
How do I set the health-check URL on an Elastic Beanstalk instance in a AWS CloudFormation template?
Terraform with existing production resources
AWS ApiGateway Custom authorization with Firebase
Unable to validate Kubernetes cluster using Kops
AWS Lambda function times out when I require aws-sdk module
Creating a duplicate SQL Server database on the same Amazon RDS
upstream timed out (110: Connection timed out) while reading response header from upstream
Display Image from S3 with AWS Amplify in React-Native
413 Request Entity Too Large in Nginx and Amazon ElasticBeanstalk
AWS ECS task healthcheck always failed
How to get the log from an application deployed using docker on AWS ecs
Cannot set a property of cognito userpool client via cloudformation
Get the ARN for the API gateway resource that the serverless framework creates within my serverless.yml file
Download folder from Amazon S3 bucket using .net SDK
Elasticsearch client on AWS / Lambda / Java - 2.5 seconds client startup time
Virtualenv python with AWS codebuild: why the deactivate command is not found?
AWS SAM: Shared files across Lambda functions
Inject GitLab CI Variables into Terraform Variables
Referencing AWS Parameter Store's Secure String in CloudFormation template

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!