Authentication and authorization

You have learned how to set up identity and secure communication for IoT devices. When an IoT device with its identity accesses AWS IoT, this IoT device will be challenged to verify its access rights.

To verify access rights for an IoT device, we can apply for authentication and authorization. Authentication is the process of verifying who you are. Authorization is the process of verifying that you have access to something. 

Because we have applied an identity to our IoT device and registered it to AWS IoT, we are done with authentication. We will know the IoT device's identity, that accesses AWS IoT. When IoT device accesses AWS IoT resources without identity registration to AWS IoT, it will be rejected by AWS IoT.

Authorization in AWS IoT can be done through the AWS IoT policy. We can apply a policy to each IoT device. When you register a new IoT device, this will generate a security certificate and its policy. You can find a list of AWS IoT policies in the left-hand menu; go to SecurePolicies, as shown in the following screenshot:

Technically, it is in JSON format that consists of access rights from its policy. For instance, you can see the following policy example. To see the policy setting, you can edit your policy on the AWS IoT policies dashboard. You can see a list of access rights in the Statement[] for each resource. For AWS IoT, an access right can be iot:Publish, iot:Subscribe, iot:Connect, and iot:Receive:

{
   "Version": "2012-10-17",
   "Statement": [
    {
     "Effect": "Allow",
     "Action": "iot:Publish",
     "Resource": "arn:aws:iot:<aws-iot-host>:topic/replaceWithATopic"
    },
    {
     "Effect": "Allow",
     "Action": "iot:Subscribe",
     "Resource": "arn:aws:iot:<aws-iot-host>:topicfilter/replaceWithATopicFilter"
    },
    {
      "Effect": "Allow",
      "Action": "iot:Connect",
      "Resource": "arn:aws:iot:<aws-iot-    host>:client/replaceWithAClientId"
    },
    {
     "Effect": "Allow",
     "Action": "iot:Receive",
     "Resource": "arn:aws:iot:<aws-iot-host>:topic/replaceWithATopic"
    }
 ]
}

When you add a new policy, you will be asked for some actions, shown in the following screenshot. You can type any action depending on your needs. You should minimize security access for the IoT device. This is important for addressing security issues:

Finally, you should investigate your all IoT devices and their needs. Configuring less access from IoT devices can harden your system security.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.30.62