• State Not Answered
  • Replies 2 replies
  • Subscribers 87 subscribers
  • Views 667 views
  • Users 0 members are here
Attachments (0)
Nordic Case Info
  • Case ID: 277859
Options

AWS FOTA, creating a more restrictive aws iot policy.

Ulf Hedblom

I'm trying to restrict the policy used to ensure that the AWS FOTA sample is working. The "allow everything" policy that is stated that it can be used for test purposes seems like something that shouldn't be used except for just testing. How can I write a more restrictive policy? What topics and similar are the sample using? (One topic used is "$aws/hings/<thing name>/jobs/$next/get" but that is not the only one)

Regards

Ulf

Parents
  • 0

    Hi Ulf,

    Yes, the sample is only for reference. Developers need to decide the policy for their product. You can find documents and examples about AWS IoT policies from AWS IoT Developer Guide: Basic Policy Variables and AWS IoT Developer Guide: Security Best Practices as mentioned on NCS document.

    nrf\subsys\net\lib\aws_jobs\src\aws_jobs.c contains codes for topic construction. It has follwoing topics:

    const struct topic_conf TOPIC_NOTIFY_NEXT_CONF = {
	.msg_id = SUBSCRIBE_NOTIFY_NEXT,
	.name = "notify-next",
	.suffix = "",
};

const struct topic_conf TOPIC_NOTIFY_CONF = {
	.msg_id = SUBSCRIBE_NOTIFY,
	.name = "notify",
	.suffix = "",
};

const struct topic_conf TOPIC_GET_CONF = {
	.msg_id = SUBSCRIBE_JOB_ID_GET,
	.name = "get",
	.suffix = "/#",
};

const struct topic_conf TOPIC_UPDATE_CONF = {
	.msg_id = SUBSCRIBE_JOB_ID_UPDATE,
	.name = "update",
	.suffix = "/#",
};

    Best regards,

    charlie

Reply
  • 0

    Hi Ulf,

    Yes, the sample is only for reference. Developers need to decide the policy for their product. You can find documents and examples about AWS IoT policies from AWS IoT Developer Guide: Basic Policy Variables and AWS IoT Developer Guide: Security Best Practices as mentioned on NCS document.

    nrf\subsys\net\lib\aws_jobs\src\aws_jobs.c contains codes for topic construction. It has follwoing topics:

    const struct topic_conf TOPIC_NOTIFY_NEXT_CONF = {
	.msg_id = SUBSCRIBE_NOTIFY_NEXT,
	.name = "notify-next",
	.suffix = "",
};

const struct topic_conf TOPIC_NOTIFY_CONF = {
	.msg_id = SUBSCRIBE_NOTIFY,
	.name = "notify",
	.suffix = "",
};

const struct topic_conf TOPIC_GET_CONF = {
	.msg_id = SUBSCRIBE_JOB_ID_GET,
	.name = "get",
	.suffix = "/#",
};

const struct topic_conf TOPIC_UPDATE_CONF = {
	.msg_id = SUBSCRIBE_JOB_ID_UPDATE,
	.name = "update",
	.suffix = "/#",
};

    Best regards,

    charlie

Children
Related
Terms of service