Amazon cloudformation 为多个物联网设备使用无服务器框架设置AWS物联网
我的目标是在AWS上创建一个系统,使用for multi-IoT设备将JSON有效负载发送到AWS-IoT,然后将其保存到DynamoDB 在创建EC2服务器之外,我对使用AWS非常陌生,这是我第一个使用的项目 参考后,我提出的修改版本发布在下面 问题:这个例子似乎只针对一台连接到AWS物联网的设备,我从正在使用的硬编码物联网证书得出结论,例如Amazon cloudformation 为多个物联网设备使用无服务器框架设置AWS物联网,amazon-cloudformation,iot,serverless-framework,serverless,aws-iot,Amazon Cloudformation,Iot,Serverless Framework,Serverless,Aws Iot,我的目标是在AWS上创建一个系统,使用for multi-IoT设备将JSON有效负载发送到AWS-IoT,然后将其保存到DynamoDB 在创建EC2服务器之外,我对使用AWS非常陌生,这是我第一个使用的项目 参考后,我提出的修改版本发布在下面 问题:这个例子似乎只针对一台连接到AWS物联网的设备,我从正在使用的硬编码物联网证书得出结论,例如 SensorPolicyPrincipalAttachmentCert: Type: AWS::IoT::PolicyPrincipalAttach
SensorPolicyPrincipalAttachmentCert:
Type: AWS::IoT::PolicyPrincipalAttachment
Properties:
PolicyName: { Ref: SensorThingPolicy }
Principal: ${{custom.iotCertificateArn}}
SensorThingPrincipalAttachmentCert:
Type: "AWS::IoT::ThingPrincipalAttachment"
Properties:
ThingName: { Ref: SensorThing }
Principal: ${self:custom.iotCertificateArn}
如果这个结论是正确的,即serverless.yml
只配置了一个东西,那么我们可以做哪些修改,以便使用多个东西
也许可以在serverless.yaml
之外设置所有内容?这意味着只删除SensorPolicyPrincipalAttachmentCert
和SensorThingPrincipalAttachmentCert
另外,我们应该如何将资源
属性设置为inSensorThingPolicy
?它们当前被设置为“*”
,这是否太夸张了?或者,有没有一种方法可以将其局限于某些事情
serverless.yml
service: garden-iot
provider:
name: aws
runtime: nodejs6.10
region: us-east-1
# load custom variables from a file
custom: ${file(./vars-dev.yml)}
resources:
Resources:
LocationData:
Type: AWS::DynamoDB::Table
Properties:
TableName: location-data-${opt:stage}
AttributeDefinitions:
-
AttributeName: ClientId
AttributeType: S
-
AttributeName: Timestamp
AttributeType: S
KeySchema:
-
AttributeName: ClientId
KeyType: HASH
-
AttributeName: Timestamp
KeyType: RANGE
ProvisionedThroughput:
ReadCapacityUnits: 1
WriteCapacityUnits: 1
SensorThing:
Type: AWS::IoT::Thing
Properties:
AttributePayload:
Attributes:
SensorType: soil
SensorThingPolicy:
Type: AWS::IoT::Policy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: ["iot:Connect"]
Resource: ["${self:custom.sensorThingClientResource}"]
- Effect: "Allow"
Action: ["iot:Publish"]
Resource: ["${self:custom.sensorThingSoilTopicResource}"]
SensorPolicyPrincipalAttachmentCert:
Type: AWS::IoT::PolicyPrincipalAttachment
Properties:
PolicyName: { Ref: SensorThingPolicy }
Principal: ${{custom.iotCertificateArn}}
SensorThingPrincipalAttachmentCert:
Type: "AWS::IoT::ThingPrincipalAttachment"
Properties:
ThingName: { Ref: SensorThing }
Principal: ${self:custom.iotCertificateArn}
IoTRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: Allow
Principal:
Service:
- iot.amazonaws.com
Action:
- sts:AssumeRole
IoTRolePolicies:
Type: AWS::IAM::Policy
Properties:
PolicyName: IoTRole_Policy
PolicyDocument:
Version: "2012-10-17"
Statement:
-
Effect: Allow
Action:
- dynamodb:PutItem
Resource: "*"
-
Effect: Allow
Action:
- lambda:InvokeFunction
Resource: "*"
Roles: [{ Ref: IoTRole }]
编辑2018年9月5日:我找到了这篇博客文章,它很好地描述了我的方法: -- 您可以查看或基于此构建自己的解决方案 我已经多次讨论过这个话题,并且必须意识到它在很大程度上取决于用例,这更有意义。此外,安全也是需要关注的一个方面。您不希望有一个负责JIT设备注册的公共API可供整个Internet访问 一个简单的基于编程的资源调配场景可能是这样的:您构建一个东西(可能是一个传感器),它应该能够连接到AWS IoT并具有内部资源调配过程 简单的资源调配流程:
{
"Parameters": {
"ThingName": {
"Type": "String"
},
"SerialNumber": {
"Type": "String"
},
"CertificateId": {
"Type": "String"
}
},
"Resources": {
"thing": {
"Type": "AWS::IoT::Thing",
"Properties": {
"ThingName": {
"Ref": "ThingName"
},
"AttributePayload": {
"serialNumber": {
"Ref": "SerialNumber"
}
},
"ThingTypeName": "NewDevice",
"ThingGroups": ["NewDevices"]
}
},
"certificate": {
"Type": "AWS::IoT::Certificate",
"Properties": {
"CertificateId": {
"Ref": "CertificateId"
}
}
},
"policy": {
"Type": "AWS::IoT::Policy",
"Properties": {
"PolicyName": "DefaultNewDevicePolicy"
}
}
}
}
确保所有的“新设备”类型、组和策略都准备就绪。还要记住ThingName=SerialNumber(对于取消注册很重要)
{
"Parameters": {
"ThingName": {
"Type": "String"
},
"SerialNumber": {
"Type": "String"
},
"CertificateId": {
"Type": "String"
}
},
"Resources": {
"thing": {
"Type": "AWS::IoT::Thing",
"Properties": {
"ThingName": {
"Ref": "ThingName"
},
"AttributePayload": {
"serialNumber": {
"Ref": "SerialNumber"
}
},
"ThingTypeName": "NewDevice",
"ThingGroups": ["NewDevices"]
}
},
"certificate": {
"Type": "AWS::IoT::Certificate",
"Properties": {
"CertificateId": {
"Ref": "CertificateId"
}
}
},
"policy": {
"Type": "AWS::IoT::Policy",
"Properties": {
"PolicyName": "DefaultNewDevicePolicy"
}
}
}
}