我使用AWSIotClient.createPolicy()创建了一个策略,我的策略中包含客户端ID的一个变量如下所示:
{ “效果”:“允许”, “行动”:[ “物联网:连接” ] “资源”:“arn:aws:iot:us-east-1:095750864911:client / ClientId ” }
现在我的方案与另一个请求相似,我希望找到属于此客户端ID的策略,如果存在则停用。
如何使用AWS Java IOT执行此操作?有没有办法通过变量找到政策?
答案 0 :(得分:0)
有多种方法可以检索Aws IOT策略信息并查明它们是否附加到目标(主体/证书)。我在这里使用CLI,但所有这些调用都可以在适用于Java的AWS IOT服务SDK中获得。
列出附加到证书的政策
我假设您每个证书有1个政策。如果您拥有证书ARN,则可以使用list-attached-policies调用查找附加到此证书的策略。
aws iot list-attached-policies --target arn:aws:iot:eu-central-1:xxxx:cert/xxxx {
"policies": [
{
"policyName": "Policy_Thing1",
"policyArn": "arn:aws:iot:eu-central-1:xxx:policy/Policy_Thing1"
}
] }
然后使用get-policy调用
aws iot get-policy --policy-name "Policy_Thing1"
{
"policyName": "Policy_Thing1",
"policyArn": "arn:aws:iot:eu-central-1:xxx:policy/Policy_Thing",
"policyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"iot:Connect\"],\"Resource\":\"arn:aws:iot:eu-central-1:xxxx:client/Thing2\"},{\"Effect\":\"Allow\",\"Action\":[\"iot:Publish\",\"iot:Receive\"],\"Resource\":\"arn:aws:iot:eu-central-1:xxxx:topic/testing123/Thing2/*\"},{\"Effect\":\"Allow\",\"Action\":[\"iot:Subscribe\"],\"Resource\":\"arn:aws:iot:eu-central-1:xxxx:topicfilter/testing123/Thing2/*\"}]}",
"defaultVersionId": "1"
}
列出所有政策
如果您的政策尚未附加到证书,您可以列出所有政策并在内存中过滤这些政策以搜索您的特定政策。
aws iot list-policies
{
"policies": [
{
"policyName": "Policy_thing3",
"policyArn": "arn:aws:iot:eu-central-1:xxxx:policy/Policy_thing1"
},
{
"policyName": "Policy_Thing1",
"policyArn": "arn:aws:iot:eu-central-1:xxxx:policy/Policy_Thing1"
}
]
}
要确定策略是否附加到目标,请执行list-targets-for-policy调用:
aws iot list-targets-for-policy --policy-name "Policy_Thing2"
{
"targets": [
"arn:aws:iot:eu-central-1:xxxx:cert/xxxxx"
]
}