Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/cmake/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Amazon cloudformation 为多个物联网设备使用无服务器框架设置AWS物联网_Amazon Cloudformation_Iot_Serverless Framework_Serverless_Aws Iot - Fatal编程技术网

Amazon cloudformation 为多个物联网设备使用无服务器框架设置AWS物联网

Amazon cloudformation 为多个物联网设备使用无服务器框架设置AWS物联网,amazon-cloudformation,iot,serverless-framework,serverless,aws-iot,Amazon Cloudformation,Iot,Serverless Framework,Serverless,Aws Iot,我的目标是在AWS上创建一个系统,使用for multi-IoT设备将JSON有效负载发送到AWS-IoT,然后将其保存到DynamoDB 在创建EC2服务器之外,我对使用AWS非常陌生,这是我第一个使用的项目 参考后,我提出的修改版本发布在下面 问题:这个例子似乎只针对一台连接到AWS物联网的设备,我从正在使用的硬编码物联网证书得出结论,例如 SensorPolicyPrincipalAttachmentCert: Type: AWS::IoT::PolicyPrincipalAttach

我的目标是在AWS上创建一个系统,使用for multi-IoT设备将JSON有效负载发送到AWS-IoT,然后将其保存到DynamoDB

在创建EC2服务器之外,我对使用AWS非常陌生,这是我第一个使用的项目

参考后,我提出的修改版本发布在下面

问题:这个例子似乎只针对一台连接到AWS物联网的设备,我从正在使用的硬编码物联网证书得出结论,例如

SensorPolicyPrincipalAttachmentCert:
  Type: AWS::IoT::PolicyPrincipalAttachment
  Properties:
    PolicyName: { Ref: SensorThingPolicy }
    Principal: ${{custom.iotCertificateArn}}

SensorThingPrincipalAttachmentCert:
  Type: "AWS::IoT::ThingPrincipalAttachment"
  Properties:
    ThingName: { Ref: SensorThing }
    Principal: ${self:custom.iotCertificateArn}
如果这个结论是正确的,即
serverless.yml
只配置了一个东西,那么我们可以做哪些修改,以便使用多个东西

也许可以在
serverless.yaml
之外设置所有内容?这意味着只删除
SensorPolicyPrincipalAttachmentCert
SensorThingPrincipalAttachmentCert

另外,我们应该如何将
资源
属性设置为in
SensorThingPolicy
?它们当前被设置为
“*”
,这是否太夸张了?或者,有没有一种方法可以将其局限于某些事情

serverless.yml

service: garden-iot

provider:
name: aws
runtime: nodejs6.10
region: us-east-1

# load custom variables from a file
custom: ${file(./vars-dev.yml)}

resources:
Resources:
    LocationData:
    Type: AWS::DynamoDB::Table
    Properties:
        TableName: location-data-${opt:stage}
        AttributeDefinitions:
        - 
            AttributeName: ClientId
            AttributeType: S
        - 
            AttributeName: Timestamp
            AttributeType: S
        KeySchema:
        - 
            AttributeName: ClientId
            KeyType: HASH
        - 
            AttributeName: Timestamp
            KeyType: RANGE
        ProvisionedThroughput:
        ReadCapacityUnits: 1
        WriteCapacityUnits: 1

    SensorThing:
    Type: AWS::IoT::Thing
    Properties:
        AttributePayload:
        Attributes:
            SensorType: soil

    SensorThingPolicy:
    Type: AWS::IoT::Policy
    Properties:
        PolicyDocument:
        Version: "2012-10-17"
        Statement:
            - Effect: Allow
            Action: ["iot:Connect"]
            Resource: ["${self:custom.sensorThingClientResource}"]
            - Effect: "Allow"
            Action: ["iot:Publish"]
            Resource: ["${self:custom.sensorThingSoilTopicResource}"]

    SensorPolicyPrincipalAttachmentCert:
    Type: AWS::IoT::PolicyPrincipalAttachment
    Properties:
        PolicyName: { Ref: SensorThingPolicy }
        Principal: ${{custom.iotCertificateArn}}

    SensorThingPrincipalAttachmentCert:
    Type: "AWS::IoT::ThingPrincipalAttachment"
    Properties:
        ThingName: { Ref: SensorThing }
        Principal: ${self:custom.iotCertificateArn}

IoTRole:
Type: AWS::IAM::Role
Properties:
    AssumeRolePolicyDocument:
    Version: "2012-10-17"
    Statement:
        -
        Effect: Allow
        Principal:
            Service:
            - iot.amazonaws.com
        Action:
            - sts:AssumeRole

IoTRolePolicies:
Type: AWS::IAM::Policy
Properties:
    PolicyName: IoTRole_Policy
    PolicyDocument:
    Version: "2012-10-17"
    Statement:
        -
        Effect: Allow
        Action:
            - dynamodb:PutItem
        Resource: "*"
        -
        Effect: Allow
        Action:
            - lambda:InvokeFunction
        Resource: "*"
    Roles: [{ Ref: IoTRole }]

编辑2018年9月5日:我找到了这篇博客文章,它很好地描述了我的方法:

--

您可以查看或基于此构建自己的解决方案

我已经多次讨论过这个话题,并且必须意识到它在很大程度上取决于用例,这更有意义。此外,安全也是需要关注的一个方面。您不希望有一个负责JIT设备注册的公共API可供整个Internet访问

一个简单的基于编程的资源调配场景可能是这样的:您构建一个东西(可能是一个传感器),它应该能够连接到AWS IoT并具有内部资源调配过程

简单的资源调配流程:

  • 建造的东西
  • 东西有序列号
  • 东西通过内部服务器注册自身
  • 服务器上运行的注册代码可能如下所示(JS+AWS JS SDK):

    注册东西模板主体。json:

    {
      "Parameters": {
         "ThingName": {
           "Type": "String"
         },
         "SerialNumber": {
           "Type": "String"
         },
         "CertificateId": {
           "Type": "String"
         }
      },
      "Resources": {
        "thing": {
          "Type": "AWS::IoT::Thing",
          "Properties": {
            "ThingName": {
              "Ref": "ThingName"
            },
            "AttributePayload": {
              "serialNumber": {
                "Ref": "SerialNumber"
              }
            },
            "ThingTypeName": "NewDevice",
            "ThingGroups": ["NewDevices"]
          }
        },
        "certificate": {
          "Type": "AWS::IoT::Certificate",
          "Properties": {
            "CertificateId": {
              "Ref": "CertificateId"
            }
          }
        },
        "policy": {
          "Type": "AWS::IoT::Policy",
          "Properties": {
            "PolicyName": "DefaultNewDevicePolicy"
          }
        }
      }
    }
    
    确保所有的“新设备”类型、组和策略都准备就绪。还要记住ThingName=SerialNumber(对于取消注册很重要)

    {
      "Parameters": {
         "ThingName": {
           "Type": "String"
         },
         "SerialNumber": {
           "Type": "String"
         },
         "CertificateId": {
           "Type": "String"
         }
      },
      "Resources": {
        "thing": {
          "Type": "AWS::IoT::Thing",
          "Properties": {
            "ThingName": {
              "Ref": "ThingName"
            },
            "AttributePayload": {
              "serialNumber": {
                "Ref": "SerialNumber"
              }
            },
            "ThingTypeName": "NewDevice",
            "ThingGroups": ["NewDevices"]
          }
        },
        "certificate": {
          "Type": "AWS::IoT::Certificate",
          "Properties": {
            "CertificateId": {
              "Ref": "CertificateId"
            }
          }
        },
        "policy": {
          "Type": "AWS::IoT::Policy",
          "Properties": {
            "PolicyName": "DefaultNewDevicePolicy"
          }
        }
      }
    }