我的AWSIotTopic类中具有onmessage函数,该函数在创建AWS IoT作业时启动AWS作业(侦听主题$ aws / things /%s / jobs / notify-next)。我无法从本地Java应用程序更改作业状态。当我以所有权限将策略附加到我的注册证书时,即:
"action": "*","Resource": "*"
我的应用程序可以工作,并且我可以更改工作状态。我必须添加哪些权限才能更改工作状态?
"Effect": "Allow","action": [
"iot:UpdateJobExecution","iot:StartNextPendingJobExecution"
],"Resource": "arn:aws:iot:eu-west-2:125960935295:thing/thingID"
}
以上权限不允许启动和更新作业
我解决了。必须将iot:Receive之外的iot:Subscribe添加到主题notify-next下。在设备上执行作业的所有权限:
{
"Version": "2012-10-17","Statement": [
{
"Effect": "Allow","Action": "iot:Subscribe","Resource": "arn:aws:iot:<region>:<awsID>:topicfilter/$aws/things/<deviceID>/jobs/notify-next"
},{
"Effect": "Allow","Action": "iot:Receive","Resource": "arn:aws:iot:<region>:<awsID>:topic/$aws/things/<deviceID>/jobs/notify-next"
},"Action": "iot:Publish","Resource": "arn:aws:iot:<region>:<awsID>:topic/some"
},"Action": "iot:Connect","Resource": "arn:aws:iot:<region>:<awsID>:client/<deviceID>"
},"Action": [
"iot:UpdateJobExecution","iot:StartNextPendingJobExecution"
],"Resource": "arn:aws:iot:<region>:<awsID>:thing/<deviceID>"
}
]
}