I am creating certificates for IoT devices inside AWS IoT-Core in an automated process.
Each certificate is allowed to publish and subscribe only to specific topics, defined in the policy.
If I use only 3 to 5 topics it works, the certificate is created and allowed to publish or subscribe to these topics.
If I try to create a list of 10 or more topics it doesn't work. In fact it is trowing this error with 10 topics. Because the JSON policy becomes bigger than 2048.
This is the error
Error
The action failed because the input is not valid. Policy cannot be created - size exceeds hard limit (2048)
And this is the policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Connect"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Subscribe"
],
"Resource": [
"arn:aws:iot:us-east-1:xxxx:topicfilter/*/topic1/level2",
"arn:aws:iot:us-east-1:xxxx:topicfilter/*/topic2/level2",
"arn:aws:iot:us-east-1:xxxx:topicfilter/*/topic3/level2",
... 20 more topics
]
},
{
"Effect": "Allow",
"Action": [
"iot:Receive"
],
"Resource": [
"*"
]
},
{
"Effect": "Allow",
"Action": [
"iot:Publish"
],
"Resource": [
"arn:aws:iot:us-east-1:xxxx:topic/*/topic1/level2",
"arn:aws:iot:us-east-1:xxxx:topic/*/topic2/level2",
"arn:aws:iot:us-east-1:xxxx:topic/*/topic3/level2",
... 20 more topics
]
}
]
}
So in my opinion we could have 2 possible solutions here to solve my issue:
- Increase the limit of the policy
- Change the strategy on how to limit devices to publish or subscribe to specific channels
Any idea in how to solve this issue with the previous strategy or other one?
This is the same question in AWS dev-forum with no answer.
question from:
https://stackoverflow.com/questions/65833555/aws-iot-core-policy-cannot-be-created-size-exceeds-hard-limit-2048-how-t 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
