我有以下政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:eu-west-2:672904080113:topic/x/a/b"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:eu-west-2:672904080113:topicfilter/x/a/b"
]
}
]
}
这已分配给证书以及认知用户ID和池。通过物理设备和蚊子客户端,我可以订阅并发布到主题x/a/b。
问题是,我无法从WebSocket客户端订阅同一主题。发布随处可见。
如果我将iot:Subscribe的资源设置为*,那么我也可以从WebSocket客户端订阅主题,并且它开始获取消息。为什么会这样?