0

I have created a policy by using AWSIotClient.createPolicy() and one variable containing the client ID in my policy looks like:

{ "Effect": "Allow", "Action": [ "iot:Connect" ], "Resource": "arn:aws:iot:us-east-1:095750864911:client/ClientId" }

Now my scenario like in another request, I would like to find the policies belongs to this client ID and deactivate if any exist.

How I can do this by using AWS Java IOT? Is there any way to find a policy by its variables?

Improve this question

1 Answer 1

Reset to default
0

There are multiple ways of retrieving Aws IOT policy information and find out if they are attached to targets (principals / certificates). I'm using the CLI here but all of these calls are available in the AWS IOT service SDKs for Java.

List policies attached to a certificate

I assume you have 1 policy per certificate. If you have the certificate ARN, you can lookup the policy attached to this certificate using the list-attached-policies call.

aws iot list-attached-policies --target arn:aws:iot:eu-central-1:xxxx:cert/xxxx {
    "policies": [
        {
            "policyName": "Policy_Thing1", 
            "policyArn": "arn:aws:iot:eu-central-1:xxx:policy/Policy_Thing1"
        }
    ] }

Then you retrieve the details of the policy using the get-policy call 

aws iot get-policy --policy-name "Policy_Thing1"
{
    "policyName": "Policy_Thing1", 
    "policyArn": "arn:aws:iot:eu-central-1:xxx:policy/Policy_Thing", 
    "policyDocument": "{\"Version\":\"2012-10-17\",\"Statement\":[{\"Effect\":\"Allow\",\"Action\":[\"iot:Connect\"],\"Resource\":\"arn:aws:iot:eu-central-1:xxxx:client/Thing2\"},{\"Effect\":\"Allow\",\"Action\":[\"iot:Publish\",\"iot:Receive\"],\"Resource\":\"arn:aws:iot:eu-central-1:xxxx:topic/testing123/Thing2/*\"},{\"Effect\":\"Allow\",\"Action\":[\"iot:Subscribe\"],\"Resource\":\"arn:aws:iot:eu-central-1:xxxx:topicfilter/testing123/Thing2/*\"}]}", 
    "defaultVersionId": "1"
}

List all policies

If your policies aren't attached to a certificate yet, you can list all policies and filter them in memory to search for your particular policy.

aws iot list-policies
{
    "policies": [
        {
            "policyName": "Policy_thing3", 
            "policyArn": "arn:aws:iot:eu-central-1:xxxx:policy/Policy_thing1"
        }, 
        {
            "policyName": "Policy_Thing1", 
            "policyArn": "arn:aws:iot:eu-central-1:xxxx:policy/Policy_Thing1"
        }
    ]
}

To find out if the policy is attached to a target, execute the list-targets-for-policy call :

aws iot list-targets-for-policy --policy-name "Policy_Thing2"
{
    "targets": [
        "arn:aws:iot:eu-central-1:xxxx:cert/xxxxx"
    ]
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.