Amazon cloudformation 为多个物联网设备使用无服务器框架设置AWS物联网_Amazon Cloudformation_Iot_Serverless Framework_Serverless_Aws Iot

Amazon cloudformation 为多个物联网设备使用无服务器框架设置AWS物联网

amazon-cloudformation

Amazon cloudformation 为多个物联网设备使用无服务器框架设置AWS物联网,amazon-cloudformation,iot,serverless-framework,serverless,aws-iot,Amazon Cloudformation,Iot,Serverless Framework,Serverless,Aws Iot,我的目标是在AWS上创建一个系统，使用for multi-IoT设备将JSON有效负载发送到AWS-IoT，然后将其保存到DynamoDB 在创建EC2服务器之外，我对使用AWS非常陌生，这是我第一个使用的项目参考后，我提出的修改版本发布在下面问题：这个例子似乎只针对一台连接到AWS物联网的设备，我从正在使用的硬编码物联网证书得出结论，例如 SensorPolicyPrincipalAttachmentCert: Type: AWS::IoT::PolicyPrincipalAttach

我的目标是在AWS上创建一个系统，使用for multi-IoT设备将JSON有效负载发送到AWS-IoT，然后将其保存到DynamoDB

在创建EC2服务器之外，我对使用AWS非常陌生，这是我第一个使用的项目

参考后，我提出的修改版本发布在下面

问题：这个例子似乎只针对一台连接到AWS物联网的设备，我从正在使用的硬编码物联网证书得出结论，例如

SensorPolicyPrincipalAttachmentCert:
  Type: AWS::IoT::PolicyPrincipalAttachment
  Properties:
    PolicyName: { Ref: SensorThingPolicy }
    Principal: ${{custom.iotCertificateArn}}

SensorThingPrincipalAttachmentCert:
  Type: "AWS::IoT::ThingPrincipalAttachment"
  Properties:
    ThingName: { Ref: SensorThing }
    Principal: ${self:custom.iotCertificateArn}

如果这个结论是正确的，即

serverless.yml

只配置了一个东西，那么我们可以做哪些修改，以便使用多个东西

也许可以在

serverless.yaml

之外设置所有内容？这意味着只删除

SensorPolicyPrincipalAttachmentCert

和

SensorThingPrincipalAttachmentCert

另外，我们应该如何将

资源

属性设置为in

SensorThingPolicy

？它们当前被设置为

“*”

，这是否太夸张了？或者，有没有一种方法可以将其局限于某些事情

serverless.yml

service: garden-iot

provider:
name: aws
runtime: nodejs6.10
region: us-east-1

# load custom variables from a file
custom: ${file(./vars-dev.yml)}

resources:
Resources:
    LocationData:
    Type: AWS::DynamoDB::Table
    Properties:
        TableName: location-data-${opt:stage}
        AttributeDefinitions:
        - 
            AttributeName: ClientId
            AttributeType: S
        - 
            AttributeName: Timestamp
            AttributeType: S
        KeySchema:
        - 
            AttributeName: ClientId
            KeyType: HASH
        - 
            AttributeName: Timestamp
            KeyType: RANGE
        ProvisionedThroughput:
        ReadCapacityUnits: 1
        WriteCapacityUnits: 1

    SensorThing:
    Type: AWS::IoT::Thing
    Properties:
        AttributePayload:
        Attributes:
            SensorType: soil

    SensorThingPolicy:
    Type: AWS::IoT::Policy
    Properties:
        PolicyDocument:
        Version: "2012-10-17"
        Statement:
            - Effect: Allow
            Action: ["iot:Connect"]
            Resource: ["${self:custom.sensorThingClientResource}"]
            - Effect: "Allow"
            Action: ["iot:Publish"]
            Resource: ["${self:custom.sensorThingSoilTopicResource}"]

    SensorPolicyPrincipalAttachmentCert:
    Type: AWS::IoT::PolicyPrincipalAttachment
    Properties:
        PolicyName: { Ref: SensorThingPolicy }
        Principal: ${{custom.iotCertificateArn}}

    SensorThingPrincipalAttachmentCert:
    Type: "AWS::IoT::ThingPrincipalAttachment"
    Properties:
        ThingName: { Ref: SensorThing }
        Principal: ${self:custom.iotCertificateArn}

IoTRole:
Type: AWS::IAM::Role
Properties:
    AssumeRolePolicyDocument:
    Version: "2012-10-17"
    Statement:
        -
        Effect: Allow
        Principal:
            Service:
            - iot.amazonaws.com
        Action:
            - sts:AssumeRole

IoTRolePolicies:
Type: AWS::IAM::Policy
Properties:
    PolicyName: IoTRole_Policy
    PolicyDocument:
    Version: "2012-10-17"
    Statement:
        -
        Effect: Allow
        Action:
            - dynamodb:PutItem
        Resource: "*"
        -
        Effect: Allow
        Action:
            - lambda:InvokeFunction
        Resource: "*"
    Roles: [{ Ref: IoTRole }]

编辑2018年9月5日：我找到了这篇博客文章，它很好地描述了我的方法：

您可以查看或基于此构建自己的解决方案

我已经多次讨论过这个话题，并且必须意识到它在很大程度上取决于用例，这更有意义。此外，安全也是需要关注的一个方面。您不希望有一个负责JIT设备注册的公共API可供整个Internet访问

一个简单的基于编程的资源调配场景可能是这样的：您构建一个东西（可能是一个传感器），它应该能够连接到AWS IoT并具有内部资源调配过程

简单的资源调配流程：

建造的东西

东西有序列号

东西通过内部服务器注册自身

服务器上运行的注册代码可能如下所示（JS+AWS JS SDK）：

注册东西模板主体。json:

{
  "Parameters": {
     "ThingName": {
       "Type": "String"
     },
     "SerialNumber": {
       "Type": "String"
     },
     "CertificateId": {
       "Type": "String"
     }
  },
  "Resources": {
    "thing": {
      "Type": "AWS::IoT::Thing",
      "Properties": {
        "ThingName": {
          "Ref": "ThingName"
        },
        "AttributePayload": {
          "serialNumber": {
            "Ref": "SerialNumber"
          }
        },
        "ThingTypeName": "NewDevice",
        "ThingGroups": ["NewDevices"]
      }
    },
    "certificate": {
      "Type": "AWS::IoT::Certificate",
      "Properties": {
        "CertificateId": {
          "Ref": "CertificateId"
        }
      }
    },
    "policy": {
      "Type": "AWS::IoT::Policy",
      "Properties": {
        "PolicyName": "DefaultNewDevicePolicy"
      }
    }
  }
}

确保所有的“新设备”类型、组和策略都准备就绪。还要记住ThingName=SerialNumber（对于取消注册很重要）

{
  "Parameters": {
     "ThingName": {
       "Type": "String"
     },
     "SerialNumber": {
       "Type": "String"
     },
     "CertificateId": {
       "Type": "String"
     }
  },
  "Resources": {
    "thing": {
      "Type": "AWS::IoT::Thing",
      "Properties": {
        "ThingName": {
          "Ref": "ThingName"
        },
        "AttributePayload": {
          "serialNumber": {
            "Ref": "SerialNumber"
          }
        },
        "ThingTypeName": "NewDevice",
        "ThingGroups": ["NewDevices"]
      }
    },
    "certificate": {
      "Type": "AWS::IoT::Certificate",
      "Properties": {
        "CertificateId": {
          "Ref": "CertificateId"
        }
      }
    },
    "policy": {
      "Type": "AWS::IoT::Policy",
      "Properties": {
        "PolicyName": "DefaultNewDevicePolicy"
      }
    }
  }
}