AWS FOTA, creating a more restrictive aws iot policy.

I'm trying to restrict the policy used to ensure that the AWS FOTA sample is working. The "allow everything" policy that is stated that it can be used for test purposes seems like something that shouldn't be used except for just testing. How can I write a more restrictive policy? What topics and similar are the sample using? (One topic used is "$aws/hings/<thing name>/jobs/$next/get" but that is not the only one)

Regards

Ulf

0 Charlie over 4 years ago
Hi Ulf,

Yes, the sample is only for reference. Developers need to decide the policy for their product. You can find documents and examples about AWS IoT policies from AWS IoT Developer Guide: Basic Policy Variables and AWS IoT Developer Guide: Security Best Practices as mentioned on NCS document.

nrf\subsys\net\lib\aws_jobs\src\aws_jobs.c contains codes for topic construction. It has follwoing topics:

const struct topic_conf TOPIC_NOTIFY_NEXT_CONF = { .msg_id = SUBSCRIBE_NOTIFY_NEXT, .name = "notify-next", .suffix = "", }; const struct topic_conf TOPIC_NOTIFY_CONF = { .msg_id = SUBSCRIBE_NOTIFY, .name = "notify", .suffix = "", }; const struct topic_conf TOPIC_GET_CONF = { .msg_id = SUBSCRIBE_JOB_ID_GET, .name = "get", .suffix = "/#", }; const struct topic_conf TOPIC_UPDATE_CONF = { .msg_id = SUBSCRIBE_JOB_ID_UPDATE, .name = "update", .suffix = "/#", };

Best regards,

charlie
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 Ulf Hedblom over 4 years ago in reply to Charlie

Thank you Charlie

Sorry for the delay, I've been away for a bit.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel