Python AWS物联网：策略中的资源导致AWS物联网发布状态：授权错误_Python_Amazon Web Services_Iot_Aws Iot

Python AWS物联网：策略中的资源导致AWS物联网发布状态：授权错误

python amazon-web-services

Python AWS物联网：策略中的资源导致AWS物联网发布状态：授权错误,python,amazon-web-services,iot,aws-iot,Python,Amazon Web Services,Iot,Aws Iot,我正在使用AWSIoTPythonSDK将温度传感器的信息发布到AWS物联网核心。当我在证书策略中将主题显式指定为资源时，我在Cloudwatch中获得了授权\u错误注意：为了安全起见，PrincipleID（证书名称）已更改 2020-02-22T20:03:48.371-07:00 2020-02-23 03:03:48.371 TRACEID:2a0de6c8-dd28-586e-671f-119de983b5d5 PRINCIPALID:9ec115f5665XXXXXXXXXXXXX

我正在使用AWSIoTPythonSDK将温度传感器的信息发布到AWS物联网核心。当我在证书策略中将主题显式指定为资源时，我在Cloudwatch中获得了授权\u错误

注意：为了安全起见，PrincipleID（证书名称）已更改

2020-02-22T20:03:48.371-07:00
2020-02-23 03:03:48.371 TRACEID:2a0de6c8-dd28-586e-671f-119de983b5d5 PRINCIPALID:9ec115f5665XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0d7d6b7 /ERROR/ EVENT:PublishEvent TOPICNAME:topic/tSensor01/tempmon MESSAGE:PublishIn Status: AUTHORIZATION_ERROR Failure reason:AUTHORIZATION_FAILURE
@ingestionTime
1582427034767
@log
549210374177:AWSIotLogs
@logStream
a2d5c94d-f908-4e76-bd9e-3627976e8b72_549210374177_0
@message
2020-02-23 03:03:48.371 TRACEID:2a0de6c8-dd28-586e-671f-119de983b5d5 PRINCIPALID:9ec115f5665XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0d7d6b7 /ERROR/ EVENT:PublishEvent TOPICNAME:topic/tSensor01/tempmon MESSAGE:PublishIn Status: AUTHORIZATION_ERROR Failure reason:AUTHORIZATION_FAILURE

这是我的证书策略（仅显示iot:Publish），它导致了授权错误

"Statement": [
{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:<region>:<account id>:topic/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:<region>:<account id>:topic/${iot:ClientId}/*",
"arn:aws:iot:<region>:<account id>:topic/tSensor01/*",
"arn:aws:iot:<region>:<account id>:topic/tSensor01/tempmon"
]
},

谢谢

我解决了这个问题。证书策略中没有问题。问题是我传递给AWS设备SDK的参数。我将topic/tSensor01/tempmon传递给SDK时，它解决了问题。主题可以被视为一项服务，不应传递给SDK

您能否共享整个策略以帮助排除其他内容？感谢您的关注，我能够解决此问题。看看我的答案。

{
"Effect": "Allow",
"Action": [
"iot:Publish",
"iot:Receive"
],
"Resource": [
"arn:aws:iot:<region>:<account id>:topic/${iot:Connection.Thing.ThingName}/*",
"arn:aws:iot:<region>:<account id>:topic/${iot:ClientId}/*",
"arn:aws:iot:<region>:<account id>:topic/tSensor01/*",
"arn:aws:iot:<region>:<account id>:topic/tSensor01/tempmon",
"arn:aws:iot:<region>:<account id>:*"
]
},

2020-02-22T20:03:48.314-07:00
2020-02-23 03:03:48.314 TRACEID:f801f2bb-147f-5c94-2e2e-7d63d7cacd26 PRINCIPALID:9ec115f5665XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0d7d6b7 /INFO/ EVENT:MQTT Client Connect MESSAGE:Connect Status: SUCCESS
@ingestionTime
1582427034767
@log
549210374177:AWSIotLogs
@logStream
a2d5c94d-f908-4e76-bd9e-3627976e8b72_549210374177_0
@message
2020-02-23 03:03:48.314 TRACEID:f801f2bb-147f-5c94-2e2e-7d63d7cacd26 PRINCIPALID:9ec115f5665XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX0d7d6b7 /INFO/ EVENT:MQTT Client Connect MESSAGE:Connect Status: SUCCESS