Reputation: 826
AWS IoT Policy: subscribe vs receive actions
Most of the time I eventually create AWS IoT policies with the same content for Subscribe and Receive actions. If someone is allowed to subscribe one topic, it must be allowed to receive a message published to that topic.
Another approach is to specify the exact topics to subscribe and use everything wildcard (*) for Receive action. If someone is allowed to subscribe a list of topics, it will never receive messages from other topics, so why bother to specify the exact topics in Receive actions too?
The only use case when Receive should be different from Subscribe is when an already connected and subscribed thing/user must be disallowed to receive messages publish to one topic already subscribed. However this is a very particular situation.
Upvotes: 10
Views: 2628
Answers (1)
Reputation: 4606
This situation you describe is the exactly the situation described in the AWS documentation.
https://docs.aws.amazon.com/iot/latest/developerguide/policy-actions.html
iot:Receive
Represents the permission to receive a message from AWS IoT. The iot:Receive permission is checked every time a message is delivered to a client. Because this permission is checked on every delivery, it can be used to revoke permissions to clients that are currently subscribed to a topic.
Upvotes: 11
Related Questions
- How do I publish/Subscribe AWS IoT - server side using Java SDK
- AWS Managed Policy Vs Policy
- Why do we have AWS IoT Events when AWS IoT core rules offers similar service
- Create IoT Policy with AWS Lambda
- AWS IOT policy document
- Understanding AWS IoT from an Application perspective
- AWS IoT and Lambda Rule
- How to handle AWS IoT Thing events
- AWS, Shared subscription behaviour capability of AWS MQTT broker
- Use of AWS IOT for indirectly connected devices